Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > How to create a LEM email template to match an incoming rule so that all of the meaningful data in the event can be captured in the email

How to create a LEM email template to match an incoming rule so that all of the meaningful data in the event can be captured in the email

Updated 08/22/2018

Overview

Complete the following steps to create an email template in LEM to match an incoming rule so that all of the meaningful data in the event can be captured in the email.

Environment

  • LEM, all supported versions

Steps

Generic Rule Email Template Setup

  1. Review the event that the rule is based on using the EventName search in nDepth.
  2. Take a screenshot of an example of the event data in the Result Details so that it can be referenced later.
  3. Go to BUILD>Groups in the LEM WebConsole/AirConsole and click the plus (+) sign in the top right corner of that page. Then, from the drop-down menu, select Email Template.
  4. In the bottom left Name field type RuleName and click the plus (+) sign to the right.
    clipboard_e3ec8c7b0d12bc99555ba5ee061bb9ba3.png
     
  5. Type Rule Name: $RuleName into the Name field in the top right.
  6. Populate the From field in the top right with the name you want to associate with LEM in the email.
  7. Type Rule Name: $RuleName into the Subject field in the top right.
  8. Type Rule Name: $RuleName into the Message field in the lower right.

Specific Rule Email Template Setup

  1. Pull up the screenshot of the event that was captured during step 2 of the last section.
  2. Identify the bolded fields in the event by using the Result Details screenshot and add them to the template just as you did with RuleName in the last section.

    IMPORTANT NOTE: These fields may be different based on the event. Identifying the meaningful fields based on the incoming data is important here. You will need to do some of the legwork to look over the incoming event associated with the rule.
     

    Example Meaningful Fields:
    EventInfo

    InsertionIP

    InsertionTime

    DetectionIP

    DetectionTime

    ToolAlias

    ProviderSID

    SourceAccount

    SourceMachine

    DestinationAccount

    DestinationMachine

    ExtraneousInfo

    (etc...)

  3. Add these fields to the Email Template after they have been added to the Parameters section


    For our Example Meaningful Fields above, we would see something similar to the the following in the message section of the email template:

    $EventInfoclipboard_ec8654238cd82b71ffb51721fc5023a54.png

    $InsertionIP

    $InsertionTime

    $DetectionIP

    $DetectionTime

    $ToolAlias

    $ProviderSID

    $SourceAccount

    $SourceMachine

    $DestinationAccount

    $DestinationMachine

    $ExtraneousInfo
     

  4. The end result in the Message field should look something like this (with fields identified for the email recipient):

    Name:<Email Template Name>(Usually named after the Rule)
    From: LEM (or what ever you decide)
    Subject: Rule Name: $RuleName
    Rule Name: $RuleName
    ---------------------------------------------------------EmailTemplate.png

    Event Info: $EventInfo

    Insertion IP Address: $InsertionIP

    Insertion Time/Date: $InsertionTime

    Detection IP Address: $DetectionIP

    Detection Time/Date: $DetectionTime

    Connector Name: $ToolAlias

    Event ID: $ProviderSID

    Source Account: $SourceAccount

    Source Machine: $SourceMachine

    Destination Account: $DestinationAccount

    Destination machine: $DestinationMachine

    Extra Information: $ExtraneousInfo

 

 

Last modified

Tags

Classifications

Public