Hi Vignesh,
A little additional information that builds on the previous responses.
If indeed your notifications are being quenched because too many emails are being sent to a single destination per day, then you will see a message like this in the server log:
[2015-12-14 17:07:01,135][INFO ][default.com.arcsight.notification.d] Security team has 101 notifications
[2015-12-14 17:07:01,135][WARN ][default.com.arcsight.notification.PendingAlert] Security team is overflowing! Discarding notification
This example is for the destination "Security team". A restart of the manager will clear this. As mentioned by a previous contributor, it is possible to adjust the properties that affect this behaviour as per document https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetsearch/document/KM1270032.
Another possible issue is if you are using the bundled internal mail server provided with ESM (referred to as the "builtin"). There is a potential issue with the builtin where sometimes it can stop forwarding emails for an unknown reason. Again a manager restart will reset it.
If you are using the builtin then the following will be set to true in /opt/arcsight/manager/config/server.properties (or maybe server.defaults.properties if someone edited it there):
email.use.builtin.mailserver=true
If you are using the builtin server and continue to see the issue, then you could consider sending directly to an available external email server or if one is not available, to consider setting up an email relay on another server (using for example Postfix). You might want to investigate the issue through a support case before taking this route since there is some email debug which could shed some light on anything else that might be affecting mail delivery.
I hope that this helps Vignesh,
Best regards,
Darren
ArcSight Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
