Hi, what's the exact alert condition you're using?
Kindly include some example messages, too. Cheers, Jochen On Wednesday, 21 September 2016 18:29:00 UTC+2, Nathan Mace wrote: > > Recently upgraded to 2.1 and just noticed this behavior. > > I have a stream that matches against two rules: > > EventID = 4625 > AND > TargetUserName NOT EXACTLY "XXXXXX" > > If a log matches both of those, send an email. The emails are not being > sent. Looking into it, if I force a failed login attempt it generates a > message that should match the stream. I go manually find the message and > in the details off to the side it does say it was routed into the stream. > Additionally, if I copy the message ID and load it into the stream it > gives two green lines and says it should match. Also, I can click on the > title of the stream that takes me to the search screen with the rules of > the stream applied, and the message shows up there as well. I tried > deleting and re-creating the stream, that did not help either. > > Sending a test email from the stream is successful. > > Any ideas? These are Windows event logs, but I don't think that matters. > Thanks. > > Nathan > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b508a65d-1c0d-4848-b65b-bd24a040d8ff%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
