Recently I've been playing around with streams and email alerts in Graylog 2.0, but can't seem to configure the email alerts to fire when I want them to. I am looking to receive an email alert whenever someone fails to log on to certain servers- EventID 4625. I can successfully forward logs to my "Logon audit" stream but haven't been able to trigger an email alert using the configuration "Field Content Value Condition- Trigger alert when message has field EventID set to 4625" with the grace period and last messages both set to 1.
I have an email callback configured and the test emails work as well, just can't trigger the email alert for some reason, Any advice would be greatly appreciated. Thank you -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/e3482282-16f8-41cc-84a4-c4730eac988a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
