I find some difference between as Graylog 3.1.2-1 and older version 3.0.2-1. Most important thing is alert mail comes without deep informations. I created a stream and notification for “EventID: 4625”. It works and sends mail to admin account. But it shows only stream name and alert name as you can see below.
In older versions we could see more information about log. Like hostname, ip address etc. I tried to edit email body from web interface, but i couldn’t get any proceed about issue.
Also i can see all detail about issue inside of streams. Just i couldn’t get this detail on mail notification.
Can someone share if there is a solution for get more information about logs on mail?
Hello,
try to check in Alerts - Event definitions in tab Notification, that you correctly setup parameter Message Backlog to 1 (or more if you need), which is Number of messages to be included in Notifications. If you don’t setup this parameter, backlog in e-mail message body will be empty.
If you want to show for example some custom fields use this snippet:
