Submit a ticketCall us

WebinarUpcoming Webinar: How Help Desk and Remote Support Pays for Itself

Learn how help desk software can simplify ticketing management, allow you to track hardware and software assets, and accelerate the speed of IT support and service delivery. Gain insights on how remote support tools allow your IT team to maximize their efficiency and ticket resolution by expediting desktop troubleshooting, ultimately helping keep end-users happy and productive.

Register here.

Home > Success Center > Log & Event Manager (LEM) > Troubleshoot LEM rules that are not sending emails or not firing

Troubleshoot LEM rules that are not sending emails or not firing

Table of contents
Created by Randall Harwood, last modified by Abdul.Aziz on Jul 11, 2018

Views: 2,155 Votes: 5 Revisions: 22

Updated 11 July 2018

Overview

This article describes how to troubleshoot the following issues:

  • A LEM rule that you cloned and modified to fit different event correlations is not sending email alerts.
  • One or more LEM rules that you created are showing in nDepth, but are not showing in the monitor or sending email alerts.

Environment

  • All LEM versions

Steps

Rules Not Firing Quick fix:  If you or any of your colleagues have not made any changes to LEM or any of the rules that are not firing then:

  1. Restart LEM manager service via putty or LEM CLI console in VMware/hyper-v cmc->manager->restart
  2. If the issue is still not resolved, reboot LEM via cmc->appliance->reboot

 

If the rules still not firing follow the troubleshooting steps in the next section below:

 

Detailed Troubleshooting for all/some Rules not firing in LEM

  1. Check if the event exists in nDepth by using the same correlation as in the rule.
  2. Check the Insertion Time and Detection Time.
    1. If these do not match, one of three things could be happening:
      1. Time on the LEM is inaccurate - See step 8.
      2. Time on the Node is inaccurate - Update the time or configure the node to get the correct time from an NTP server.
      3. The LEM is queuing data - See LEM is queueing and dropping event data.
  3. Make sure the rule matches the events pulled in nDepth.
  4. Make sure the rule has been saved and you clicked Activate Rules.
  5. Make sure the rule is enabled.
  6. Perform Ndepth search for InternalRuleFired events and try to find the rule you are troubleshooting. If the rule is not there means, the Condition / Logs.
  7. Make sure the rule is not using AnyAlert.
  8. Make sure the rule does not have conditions that contain only symbols such as $ or ~.
  9. Make sure the date, time, and time zone is accurate on the LEM:
    1. Open the CMC console and at the prompt go to the appliance. Run dateconfig and tzconfig if necessary.
    2. If the response window for the rule is set to 5 mins and the time on the LEM is 6 mins off, the rule will not fire.
    3. Use an SSH client to connect to your LEM Appliance.
  10. Restart LEM.

 

 

Last modified

Tags

Classifications

Public