Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Log & Event Manager (LEM) > Troubleshoot LEM rules that are not sending emails or not firing

Troubleshoot LEM rules that are not sending emails or not firing

Table of contents
Created by Randall Harwood, last modified by Kevin.Kessler on Mar 23, 2017

Views: 236 Votes: 5 Revisions: 19

Overview

This article describes how to troubleshoot the following issues:

  • A LEM rule that you cloned and modified to fit different event correlations is not sending email alerts.
  • One or more LEM rules that you created are showing in nDepth, but are not showing in the monitor or sending email alerts.

Environment

All LEM versions

Steps

  1. Check if the event exists in nDepth by using the same correlation as in the rule.
  2. Check the Insertion Time and Detection Time.
    1. If these do not match, one of three things could be happening:
      1. Time on the LEM is inaccurate - See step 8.
      2. Time on the Node is inaccurate - Update the time or configure the node to get the correct time from an NTP server.
      3. The LEM is queuing data - See LEM is queueing and dropping event data.
  3. Make sure the rule matches the events pulled in nDepth.
  4. Make sure the rule has been saved and you clicked Activate Rules.
  5. Make sure the rule is enabled.
  6. Make sure the rule is not using AnyAlert.
  7. Make sure the rule does not have conditions that contain only symbols such as $ or ~.
  8. Make sure the date, time, and time zone is accurate on the LEM:
    1. Open the CMC console and at the prompt go to appliance. Run dateconfig and tzconfig if necessary.
    2. If the response window for the rule is set to 5 mins and the time on the LEM is 6 mins off, the rule will not fire.
    3. Use an SSH client to connect to your LEM Appliance.
  9. Restart LEM.

 

 

Last modified
16:11, 23 Mar 2017

Tags

Classifications

Public