Created on 09-30-2016 08:44 AM Edited on 06-08-2022 02:19 PM By Anonymous
Description
This article will explain how we can verify whether or not AO has sent an email notification out after an incident was created. Here are two ways to check to see if an email was sucessfully sent. One from the logs, or this can be looked up on the GUI.
Option 1 - Raw Logs
1. From the GUI look up the Incident Id from the example Incident that the customer says an Email Notifcation was not sent.
2. Check to make sure the Email Notifcation Policy is set up correctly.
3. Search /opt/glassfish/domains/domain1/logs/phoenix.log for the Incident Id number obtained from step 1.
You should see two entries like in the following example.
Example:
[root@Accelops-VA-lg1-137 logs]# grep 3215 phoenix.log
2013-11-19 14:33:39,234 INFO [p: thread-pool-1; w: 16117] com.ph.phoenix.service.notify.email.EmailNotification - [PH_GENERIC_INFO]:[phEventCategory]=3,[phCustId]=1,[procName]=AppServer,[eventSeverity]=PHL_INFO,[phLogDetail]=Sending email '[New] WIN2008R264: Server Disk space Warning_case64902 (Super)' to robert.bristow@accelops.com for incident ID 3215
2013-11-19 14:33:40,082 INFO [p: thread-pool-1; w: 16117] com.ph.phoenix.service.notify.NotificationHelper - [PH_INCIDENT_ACTION_STATUS]:[incidentId]=3215,[incidentSrc]=,[phEventCategory]=3,[phCustId]=3,[actionName]=Email:robert.bristow@accelops.com,[customer]=Super,[actionTime]=Tue Nov 19 14:33:40 EST 2013,[incidentTarget]=hostIpAddr:192.168.67.73; hostName:WIN2008R264,[actionResult]=Successful,[policyId]=3004650,[procName]=AppServer,[ruleName]=Server Disk space Warning_case64902,[ruleId]=3004300,[incidentDetail]=diskName:C:\; diskUtil:42.81; freeDiskMB:35078,[eventSeverity]=PHL_INFO,[actionId]=3004700,[phLogDetail]=Record incident notification action result
[root@Accelops-VA-lg1-137 logs]#
Option 2 - Run a report to verify
1. From the GUI look up the Incident Id from the example Incident that the customer says an Email Notifcation was not sent.
2. Check to make sure the Email Notifcation Policy is set up correctly.
3. Note that every log entry in /opt/glassfish/domains/domain1/logs/phoenix.log creates system events that we can do Historical Reporting on. So we should find the same two log entries as in Option 1.
4. Run a Historical Report, for the time period involved, with the following filters:
System Event Category = 3
Raw Event Log CONTAINS <incident Id number>
Screenshots
N/A
3.6.X+
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.