Emailing of Specific Events Using Entuity Rule

Emailing of Specific Events Using Entuity Rule

Emailing of Specific Events Using Entuity Rule

Purpose:

The purpose of this Application note is to provide a short procedure to enable email event forwarding for a specific event type. This procedure will use an Event Management System (EMS) rule to forward a specific event type via email.

The procedure will also add an EMS rule that will prepend the device’s IP address to the details field of each event. This rule will apply to device-level and port level events.

This procedure assumes that a connection to an SMTP server has previously been created and tested.

Procedure to Add Management IP Address to Event Details:

The procedure below will add the Management IP address to any device or port-related event. This uses an EMS rule to add the Management IP address to the reason (event details) field of the event.

  1. From the web UI, select Administration -> Events -> Event Administration. Click the Rules tab to display the EMS rules page.
  1. Single click on Pre-Storage in the upper left part of the window. Next, click the Add Processing Stage button to add new processing stage.

  1. Assign the name Email Events to the processing stage. Keep the default settings of Enabled and Process All for the rules. Click OK to save the processing stage.

  1. Click the plus sign to the left of the Pre-Storage stage to expand it. Single click on the Email Events stage to select it. Next, click on the Add Rule button to add a new rule.

  1. Leave the rule type as Generic. Add a name and description for the rule. This example will use ‘Prepend Management IP Address to reason field’ for the name and description.

  1. Leave the Condition field to its default setting of None. In the Action Steps section, click Add to add an action. From the Type pull-down menu, select Set Attribute. From the Set Attribute pull-down menu, select reason. Copy/paste the text below into the Value field. It should look like the screenshot below. Click OK to save the Action. Click OK again to save the rule.

source.isOfType("device")?(source.devPolledIpAddr + ": " + reason):(source.isOfType("port")?(source.device.devPolledIpAddr + ": " + reason):reason)

  1. From the main EMS page, click the disk icon with the arrow. This will save and deploy the project. Assign a name to the project and click OK to deploy it.

Testing the Prepend IP Address Functionality:

Once the project is deployed, either wait for a new event to be received or force an event to occur in the network (example: lower a threshold setting to force a threshold-related event). Once the new event is received, verify that the management IP address is contained in the details field of the event. NOTE: If the system name can be resolved via DNS or the system name is used to manage the device, this will only be displayed in the Source field of the event. The details field will always display the management IP address.

  1. After an event is generated, log into the system and go to the Events tab. From the pull-down menu, change from Incidents to Events.
  1. Observe that the details field will display the management IP address of the network device. If the device is managed by name or sysName, the name will be displayed in the Source field of the event but not in the details (See highlighted entry below).

Procedure to Configure EMS Rule for Emailing Event:

This section of the Application Note will provide a procedure to configure an email rule. The rule used in this procedure uses one condition to match for emailing. The device must be contained within a specific view. Additional conditions to match on specific event types can be added so that only specific event types are forwarded. However, this is beyond the scope of this Application Note.

  1. From the web UI, select Administration ->Events -> Event Administration. Click the Rules tab to display the rules page. Expand the Pre-Storage rule stage. Expand the Email Event stage and single click on Email Events. Click the Add Rule button to add a new rule.
  1. Add a name and description to the rule. In the Condition section, select All tests must succeed from the pull-down menu. In the Tests section, click Add to add a test. Select View Membership from the pull-down. Select a view that will be used for emailing events. Click OK to save the test.
  1. In the Action Steps section, click the Add button to add an action. Select Send e-mail from the pull-down list.
  1. In the Parameters section, click the recipients row. Click the Set button to set the recipients. Enter the recipient. If multiple recipients are required, separate each email address by a comma. Enclose the entire string in single quotation marks. Click OK to save the parameter.

Example: ‘’

  1. Click the subject row next. Click Set to set the Subject Field. Enclose the subject field text in single quotes. This example uses Entuity Event as the subject field. Click OK to save the parameter.
  1. Click the body row next. Click Set to set the body field. Copy/paste the text below:

'EventType='+name+'\nseverity='+severity+'\nsourceType='+source.type+'\nsourceName='+sourceName+ '\nReason=' + reason + '\nLocation='+(source.isOfType("port") ? source.device.sysLocation : source.sysLocation)

The above string will display the following in the body of the email:

Event name

Event severity

Event Source type

Event Source name

Event Details

System Location (only if sysLocation value is populated; otherwise set to null)

Click OK to save the parameter.

  1. Click the throttle row next. Click Set to set the throttle field. Set the value to false. Click OK to save the parameter. Click OK to save the action. Finally, click OK to save the rule.
  1. From the main EMS page, click the disk icon with the arrow. This will save and deploy the project. Assign a name to the project and click OK to deploy it.

Testing the Email Rule:

Once the project is deployed, either wait for a new event to be received or force an event to occur in the network (example: lower a threshold setting to force a threshold-related event). Once the new event is received, verify that the email message has been received. Verify that the management IP address is contained in the details field of the event in the body of the email. NOTE: If the system name can be resolved via DNS or the system name is used to manage the device, this will only be displayed in the Source field of the event. The details field will always display the management IP address.

  1. After an event is generated, log into the system and go to the Events tab. From the pull-down menu, change from Incidents to Events.
  1. Verify that the event is displayed in the Event Viewer.
  1. The last step is to verify that the email has been received. The device name (or IP address if the name cannot be resolved) will be displayed in the source field. The device’s IP address will be displayed in the Reason field.

Page 1

Top View