Submit a ticketCall us

Bridging the ITSM Divide
Integrated help desk and remote support software for faster resolution

Join us on Wednesday, November 29, 2017 at 11 a.m. CT, as we discuss the benefits of effectively integrating your help desk software with remote support solutions to help increase the efficiency of IT administration, improve communication, and decrease mean time to resolution (MTTR) for IT issues of all sizes. This directly impacts end-user satisfaction and your business’ bottom line. Register Now.

Home > Success Center > Log & Event Manager (LEM) > Troubleshoot LEM rules that are not sending emails or not firing

Troubleshoot LEM rules that are not sending emails or not firing

Table of contents
Created by Randall Harwood, last modified by Kevin.Kessler on Mar 23, 2017

Views: 378 Votes: 5 Revisions: 19

Overview

This article describes how to troubleshoot the following issues:

  • A LEM rule that you cloned and modified to fit different event correlations is not sending email alerts.
  • One or more LEM rules that you created are showing in nDepth, but are not showing in the monitor or sending email alerts.

Environment

All LEM versions

Steps

  1. Check if the event exists in nDepth by using the same correlation as in the rule.
  2. Check the Insertion Time and Detection Time.
    1. If these do not match, one of three things could be happening:
      1. Time on the LEM is inaccurate - See step 8.
      2. Time on the Node is inaccurate - Update the time or configure the node to get the correct time from an NTP server.
      3. The LEM is queuing data - See LEM is queueing and dropping event data.
  3. Make sure the rule matches the events pulled in nDepth.
  4. Make sure the rule has been saved and you clicked Activate Rules.
  5. Make sure the rule is enabled.
  6. Make sure the rule is not using AnyAlert.
  7. Make sure the rule does not have conditions that contain only symbols such as $ or ~.
  8. Make sure the date, time, and time zone is accurate on the LEM:
    1. Open the CMC console and at the prompt go to appliance. Run dateconfig and tzconfig if necessary.
    2. If the response window for the rule is set to 5 mins and the time on the LEM is 6 mins off, the rule will not fire.
    3. Use an SSH client to connect to your LEM Appliance.
  9. Restart LEM.

 

 

Last modified

Tags

Classifications

Public