Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Commodore Commodore
Commodore
476 views

I have one rule which for reasons unknown sends 2 notifications when triggered.

Jump to solution

Anyone able to help me find out why?

The rule in question is "Privileged Group Modified".

Details:

I created a filter looking for 4 specific event ids within Windows Events. Verified said filter with an open channel for entries. I then created a rule that matches this filter and filters even further for specific entries. If a specific entry is found the action is to send a notification to me. Pretty simple but for some reason I always get 2.

All my other rules/notifications work without issue so I'm baffled why this one is acting this way. Any help would be greatly appreciated.

Thanks,

Mark

Labels (1)
0 Likes
13 Replies
Commodore Commodore
Commodore

Leprechauns!!!!! it has to be.

I hadn't received a notification for quite some time. And after going through a bajillion things and verifying every known setting, even the kitchen sink, I decided to give the rule another test. Would you believe I'm now receiving just a single email.

I got nothing. Maybe it fixed itself. Maybe something wasn't committed/applied and now is. ?!?!?!

But since it's working this case is now closed.

View solution in original post

0 Likes
Absent Member.
Absent Member.

My 2c:

We had similar situation in the past. Usually it happens when a rule is modified and it was triggered shortly after it.

The ESM keeps the cached original rule and the new version of the rule  for sometime, HP support confirmed it. The old version of rule will be collected by a "garbage collector" later.

Solutions are pretty simple (sorted in order of increased complexity):

1. Disable/enable rule OR

2. Remove rule from the "real-time" folder and then redeploy as real-time rule OR

3. Completely delete and re-create it (you can use a package to simplify your life) OR

4. Shut down the ESM Manager, clear rules' cache (documented procedure) and start the ESM Manager, it will recreate real-time rules.

Regards,

Alex.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.