2 Replies Latest reply on Jul 26, 2018 5:54 AM by Radoslaw Dembinski

    Event notification via email

    Alvaro Paronuzzi
      Share This:

      Hello everyone,

       

      I need to send an email with event details after a defined time window if, in the meantime, a slot value hasn't changed.

       

      Example:

      I received an event with $E.msg = 'Server is CRITICAL'

      As this event message may be updated, after 10 minutes I want to check if the $E.msg slot still contains 'Server is CRITICAL' and, if so, send an email.

       

      I think a timeout rule is involved here, but how don't know how to send an email after the timeout expiration (and the related check on the $E.msg slot value)

      I already tested the basic email notification using the ootb "Send EVENT as SMTP E-mail" remote action and it's working fine.

       

      Product: TSIM 10.7 (OS: Windows)

       

      Thank you in advance for any help you can provide!

       

      Alvaro Paronuzzi

        • 1. Re: Event notification via email
          Alvaro Paronuzzi

          Hi,

           

          here's a first version of the rules I wrote.

          From the logs I can see that the first one is executed while the second one is not. (Why? )

          Thank you in advance for any help you can provide.

           

          Al

           

           

           

          #-------------------------------------------------------------------------------------------------

          # Rule : SklTimeoutIncidentEv

          # Description : The rule sets a timer on the CI_INCIDENT_INFO event at its arrival.

          #-------------------------------------------------------------------------------------------------

           

          execute SklTimeoutIncidentEv: CI_INCIDENT_INFO ($IncidentEv)

             where [$IncidentEv.status == OPEN AND $IncidentEv.msg contains 'Infrastructure Incident']

             when $IncidentEv.status != CLOSED

             {

                   #Delete existing timers on IncidentEv

                   delete_timers($IncidentEv,EventTimeout);

                  

                   #Set timer to 1 minute

                   set_timer($IncidentEv,60,EventTimeout);

             }

          END

           

          #-------------------------------------------------------------------------------------------------

          # Rule : SklTimeoutIncidentTimer

          # Description : Sending an email about the creation of an (unexpected) infrastructure incident if after X minutes the event message still contains Infrastructure Incident

          #-------------------------------------------------------------------------------------------------

           

          timer SklTimeoutIncidentTimer: CI_INCIDENT_INFO($IncidentEv) where [$IncidentEv.status == OPEN]

          timer_info: == EventTimeout

          {

             if $IncidentEv.msg contains 'Infrastructure Incident' then

             {

                #send email

               

                $LOC = action_locale();

               

                  execute($IncidentEv,mc_sendmail,[

                  '-mp','Yes',

                  '-ft',localize(kb,$LOC,[MAIL_To]),'<myemail>',

                  '-ff',localize(kb,$LOC,[MAIL_From]),'<truesightemail>',

                  '-fd',localize(kb,$LOC,[MAIL_Date]),$IncidentEv.date_reception,

                  '-fs',localize(kb,$LOC,[MAIL_Subject]),'Infrastructure Incident created',

                  '-fm',localize(kb,$LOC,[MAIL_Msg]),$IncidentEv.msg,

                  '-fr',localize(kb,$LOC,['ENUM.SEVERITY']),$IncidentEv.severity,

                  '-fa',localize(kb,$LOC,['ENUM.STATUS']),$IncidentEv.status,

                  '-fc',localize(kb,$LOC,['SLOT.CORE_EVENT.CLASS']),$IncidentEv.CLASS]

                  ,YES,NO);

             }

             else

             {

                #don't send email

                $TMPVAR = 'Email not needed';

             };

          }

          END

          • 2. Re: Event notification via email
            Radoslaw Dembinski

            Hello,

             

            I have alternative propose

            I propose to create a new mrl rule in  ...\pw\server\etc\pncell_CELLNAME\kb\rules  whith name for example resend_email_critical.mrl.

             

            ########################################################################################################

            #resend_email_critical.mrl in ...\pw\server\etc\pncell_CELLNAME\kb\rules

            #

            # For new OPEN and CRITICAL event we set timer on 10 minutes (600 seconds)

            new set_timer_for_critical:

            EVENT($EV) where [ $EV.status == OPEN AND $EV.severity == CRITICAL]

            triggers

            {

              set_timer($EV,600,tm);

              ntadd($EV,concat(['Set timer on seconds ',' 600']));

            }

            END

             

            # After 600 seconds we set a value 'STILL_Critical' for a chosen event slot p_diary_text (it may be another unused event slot and any text)

            timer resend_email_after_tm :

            EVENT($EV) where [ status: equals OPEN AND $EV.msg hassubstring 'Server is CRITICAL']

            timer_info : equals tm

            {

              ntadd($EV,"Resend email because msg still eq Server is CRITICAL");

              $EV.p_diary_text = STILL_Critical; 

            }

            END

             

            ##########################################################################################################

             

            Next add the name of Our new rule resend_email_critical at the bottom of .load file.

             

            After that - in Administration Console GUI - using gui wizards - you should create Selector/s and Notification Rules for email's for appriopriate receivers, based on selector:

            EVENT($EV) where [$EV.severity equals CRITICAL AND $EV.status equals OPEN AND $EV.p_diary_text contains 'STILL_Critical']

             

            It will trigger an email based on caught text 'STILL_Critical' in $EV.p_diary_text slot.

             

            Regards,

            Rafal

            1 of 1 people found this helpful