Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Log & Event Manager (LEM) > LEM email alerts or rules are firing excessively

LEM email alerts or rules are firing excessively

Created by Jason Dee, last modified by Jason Dee on Jun 21, 2017

Views: 235 Votes: 3 Revisions: 7

Overview

A configured rule is sending an excessive number of email alerts or is firing too often.

Environment

All LEM versions

Cause 

This occurs when the rule is configured with broad conditions or a need to adjust the Correlation Time.

Resolution

  1. Disable the rule that is sending the alerts until it has been refined.
    Note: If you do not know which rule it is, check the Rule Activity filter under Monitor.
  2. After disabling the rule and clicking the Activate Rules button, edit it to view the current configuration.
  3. Duplicate the conditions that are in the Correlations section in Explore > nDepth and search for that event(s) in the database. You will be able to see how many events are coming in that are triggering the rule.
  4. Refine the rule by narrowing the scope. Check the different fields of these events and the information contained to see what else you can use in the rule. Any additional info you can include or exclude in the rule will help it fire less frequently and more precisely.
  5. Alternatively, if there's no way to narrow the focus further, you can go to the rule and increase the number of events required before the rule fires.

 

Last modified
16:47, 21 Jun 2017

Tags

Classifications

Public