3 Replies Latest reply: Apr 27, 2012 6:23 PM by phil3 RSS

Alert Failures

mcoupe

So I have a rule which sends an email based on user logon failures above a certain threshold.  I'm running into an issue where the emails stop arriving though if i disable and re-enable the run it begins to work again for a period.  I haven't yet figured out for how long it works before it stops.

 

Has anyone else seen similar behavior?

 

Regards,

-Mark

 
  • Re: Alert Failures
    phil3

    Hi, Mark.

     

    Did you do anything with the Re-Infer TOT checkbox on the Set Advanced Thresholds window in Rule Creation?

     

    SetAdvancedThresholds.png

     

    Thanks in advance for the clarification.

     

    Phil

    • Re: Alert Failures
      mcoupe

      No, I didn't.

      • Re: Alert Failures
        phil3

        OK. Thanks.

         

        For general troubleshooting steps for this sort of issue, try this KB article: Troubleshooting LEM Rules and Email Responses.

         

        Since your rule works intermittently, these are the most immediate things that come to mind:

        • Check whether or not the rule correlations include a Time of Day Set.
        • Check the time settings on your appliance and clients/agents.
        • Check the SolarWinds Alerts filter to see if the rule is firing. If the rule is firing but you're not getting the emails, it might be an issue with your email server.

         

        Hope this helps.

         

        Phil