Same Email Alert notifications triggering repeatedly
Any one faced below issue - in e-mail notification alert.
I'm getting e-mail alert whenever rules fires perfectly.
actually I installed my console on one of windows servers where i installed connectors as well.
The issue is - today this server got restart for 2 to 3 times due to power cable issue.
during that time , the user got e-mail alert of last correlated events - Lets assume = 4th april alert for 2 to 3 times whenever that server got restarted.
Even I checked in notification tab in console, yes it is appeared and alert populated. I checked in active channel for that rule - no correlated events triggered that time. The last correlated event triggered as per the rule is 4th april
Only notification/e-mail alerts were firing whenever the server restarts.
Re: Same Email Alert notifications triggering repeatedly
For notification there are 2 files.
2. Your custom created file based on different type of rule. eg:FirewallDeny.vm
- This is the file which has logic to help decide which template to use when sending notification.By default it has only 1 option.
- It makes decision based on a particular field. This field should be set by you while defining Rule action.
- The Email.vm will work from top to bottom, so make sure any entries which you have defined is above the default one.
- You have to add entry for each individual template like below in the Email.vm
#if($introspector.getDisplayValue($event, "flexString1") == "FirewallDeny")
- Where "flexString1") == "FirewallDeny" has to be defined in the Rule action.
- #parse will use the custom template.
Custom Template(here FirewallDeny.vm)
- Here is the body of the Email, add which ever field is required for your investigation.
YourfieldName: $introspector.getDisplayValue($event,"Field Name in ArcSight")
Location of Email.vm : $ARCSIGHT_HOME/config/notification