Recently upgraded to 2.1 and just noticed this behavior.

I have a stream that matches against two rules:

EventID = 4625
AND
TargetUserName NOT EXACTLY "XXXXXX"

If a log matches both of those, send an email.  The emails are not being 
sent.  Looking into it, if I force a failed login attempt it generates a 
message that should match the stream.  I go manually find the message and 
in the details off to the side it does say it was routed into the stream. 
 Additionally, if I copy the message ID and load it into the stream it 
gives two green lines and says it should match.  Also, I can click on the 
title of the stream that takes me to the search screen with the rules of 
the stream applied, and the message shows up there as well.  I tried 
deleting and re-creating the stream, that did not help either.

Sending a test email from the stream is successful.

Any ideas?  These are Windows event logs, but I don't think that matters. 
 Thanks.

Nathan

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a5f172c1-b6ed-471e-9625-6d8ea33e2d21%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to