Recently upgraded to 2.1 and just noticed this behavior. I have a stream that matches against two rules:
EventID = 4625 AND TargetUserName NOT EXACTLY "XXXXXX" If a log matches both of those, send an email. The emails are not being sent. Looking into it, if I force a failed login attempt it generates a message that should match the stream. I go manually find the message and in the details off to the side it does say it was routed into the stream. Additionally, if I copy the message ID and load it into the stream it gives two green lines and says it should match. Also, I can click on the title of the stream that takes me to the search screen with the rules of the stream applied, and the message shows up there as well. I tried deleting and re-creating the stream, that did not help either. Sending a test email from the stream is successful. Any ideas? These are Windows event logs, but I don't think that matters. Thanks. Nathan -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a5f172c1-b6ed-471e-9625-6d8ea33e2d21%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
