haywhai
December 20, 2017, 11:47am
1
Hello, I have configured my Graylog alerts to work fine. But it sends only Test messages. I have configured under “Manage Conditions” to set windows event id =4624 for successful logon.
I also created a notification below but when i click on test; it sends me a dummy message.
Ever since i created the conditions and notifications, i have got a lot of successful logons on graylog but i havent rcvd any notification about it in my mailbox. Is it that there’s a place to join the conditions to the particular notification?
jan
December 20, 2017, 11:58am
2
is the condition and the notification mount to the same Stream?
jan
December 20, 2017, 12:04pm
5
did you notice if the condition is become true (means is triggered)?
Because the notification will only send out if the condition is triggered.
haywhai
December 20, 2017, 12:10pm
6
Yes, i just did a search on my stream now and i got logs for successful logon. but i didnt get any alert.
haywhai
December 20, 2017, 12:42pm
7
@jan , are you there? i still aint getting alerts and events are dropping
haywhai
December 20, 2017, 1:30pm
8
@jochen , could u help please?
jan
December 20, 2017, 1:34pm
9
and again you think that this is a privat support channel. If you want to have SLA like responses, pay for professional support!
You did not answer my question, that is why i’ll not answer here or make wild guessing what your problem is.
haywhai
December 20, 2017, 2:44pm
10
sorry i didnt see ur question.
How do i notice if it becomes true?
jan
December 21, 2017, 9:40am
11
Hej @haywhai
if you go to Alerts in your Web page, did you see the alert as “unresolved” or if you go to “show alerts” did you see any alert?
system
January 4, 2018, 9:40am
12
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
