OK, maybe I'm missing something here, as I did a search and I did not see anyone else really complaining about it.
I just did a b1 to b8 upgrade and got everything running. I am now dealing with the syntax changes and new way that actions work.
I like the new actions, it should really allow me to reduce the number of entries there.
BUT
host group doesn't seem to work?
example:
I have 2 actions configured
1st with conditions: host = Ix
2nd with conditions: host group = Mail Gateways, Trigger Severity <> Information
Both actions are enabled
Ix is not a member of Mail Gateways and I has 1 item/trigger defined that chksums inetd.conf with a severity of average.
NOW, when I change inetd.conf I get 4 alerts, 2 on 2 off.
This shouldn't happen because the second action should be ignored (Ix is not a member of Mail Gateways) but it isn't. This led me to believe that the conditions list was performing a logical OR instead of an AND, so I added a third condition
after adding this and rerunning the test I get 3 mail messages, an on and an off from alert 1, and a single on from alert 2.
This just doesn't make sense! if the conditions were an OR then I would still get 4 alerts (because of the trigger severity condition), I don't understand how the action conditions effect the executions of actions (unless it's a bug)
can anybody shed a little light on this scenario or run a test themselves? please?
I just did a b1 to b8 upgrade and got everything running. I am now dealing with the syntax changes and new way that actions work.
I like the new actions, it should really allow me to reduce the number of entries there.
BUT
host group doesn't seem to work?
example:
I have 2 actions configured
1st with conditions: host = Ix
2nd with conditions: host group = Mail Gateways, Trigger Severity <> Information
Both actions are enabled
Ix is not a member of Mail Gateways and I has 1 item/trigger defined that chksums inetd.conf with a severity of average.
NOW, when I change inetd.conf I get 4 alerts, 2 on 2 off.
This shouldn't happen because the second action should be ignored (Ix is not a member of Mail Gateways) but it isn't. This led me to believe that the conditions list was performing a logical OR instead of an AND, so I added a third condition
trigger value = ON
after adding this and rerunning the test I get 3 mail messages, an on and an off from alert 1, and a single on from alert 2.
This just doesn't make sense! if the conditions were an OR then I would still get 4 alerts (because of the trigger severity condition), I don't understand how the action conditions effect the executions of actions (unless it's a bug)
can anybody shed a little light on this scenario or run a test themselves? please?
) for every alert that is configured to fire based on host group membership. 
Comment