pratikp Absent Member.
Absent Member.
684 views

Email Notification Issue

Jump to solution

Dear All,

I am facing challenges in email notifications for alerts configured in Arcsight Express.

When I test , I get success but alert notification is not being delivered to destination email ID.

Is there any specific checks I can perform to rectify the issue ?

Request you to assist in the same.

Thanks & Regards,

Pratik

Labels (1)
0 Likes
1 Solution

Accepted Solutions
pratikp Absent Member.
Absent Member.

Re: Email Notification Issue

Jump to solution

Dear All,

Issue of email notification was due to Bug in the Arcsight .

Kindly note that Notification group name should not contain "&" .

Thanks for assistance.

Regards,

Pratik

0 Likes
9 Replies
Established Member.. anwarrhce1
Established Member..

Re: Email Notification Issue

Jump to solution

Does you Express appliance is allowed to relay mails ? Please check with your email server admin.

Do you have a mailbox configured on mail server ? it is not mandatory to have a mailbox just to send emails.

Can you reach to your email server ? Should there be any firewall in between your email server and express appliance ?

What happens when you configure notification when running manager setup, did you get any error there ?

I hope these questions will help you resolve your issue.

0 Likes
rkent1 Acclaimed Contributor.
Acclaimed Contributor.

Re: Email Notification Issue

Jump to solution

Set up a couple active channels for ArcSight Internal Audit Events related to notifications with the following filters:

DeviceEventClassId StartsWith "notification:"

DeviceEventClassId = "notification:112"

The first will show you all notification events and the second should show you specifically ones that were sent.

Secondly, log into the Express terminal/shell and do a TCPDUMP on port 25. If you see the email actually leave your appliance, chances are the problem is with the mail delivery.

For more info on internal audit events see here ->

0 Likes
pratikp Absent Member.
Absent Member.

Re: Email Notification Issue

Jump to solution

Dear Richard & Anwar,

Thank you for your response.

As checked on notification audit events. I can see only purged notifications that also one per day. There are no other notification audit events I can see.

When I have done tcpdump, most of the events were dropped by kernel, How I can verify whether emails are being sent out from express ?

Please assist.

Thanks & Regards,

Pratik

0 Likes
pratikp Absent Member.
Absent Member.

Re: Email Notification Issue

Jump to solution

Dear All,

Issue of email notification was due to Bug in the Arcsight .

Kindly note that Notification group name should not contain "&" .

Thanks for assistance.

Regards,

Pratik

0 Likes
Established Member.. anwarrhce1
Established Member..

Re: Email Notification Issue

Jump to solution

ampersand sign "&" should not exists anywhere in naming within console and it will give you hardtime in all resources.

Glad you resolved it.

Please mark the question is Helpful or Answered if this is resolved.

0 Likes
rkent1 Acclaimed Contributor.
Acclaimed Contributor.

Re: Email Notification Issue

Jump to solution

Lol. reads your comment, marks his own answer as helpful. Like a boss Pratik

0 Likes
pratikp Absent Member.
Absent Member.

Re: Email Notification Issue

Jump to solution

Haha..

0 Likes
paparthi1 Trusted Contributor.
Trusted Contributor.

Re: Email Notification Issue

Jump to solution

Hi ,

Run managersetup , check the external smtp server , edit from address , error notification address

Console : goto notification add a group and email address and test

Let me know the status ..

Parthiban

Papu.parthi@gmail.com

0 Likes
Highlighted
pratikp Absent Member.
Absent Member.

Re: Email Notification Issue

Jump to solution

Hi,

Issue has already been resolved.

Issue due to "&" used in Notification group name which is not accepted by ArcSight.

Regards,

Pratik

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.