Sending Emails from Log Manager for Orion using PowerShell

Hi all,

As you may have seen in Introducing Log Manager for Orion not all alert actions are available in V1. Orion Alert Integration is something we are busy working on, however by utilising the "execute an external program" option, we can execute a PowerShell script that can take some of variables from the logs, and then forward that info via email.

First, from the "Log Viewer" dashboard click on "Configure Rules"

pastedImage_0.png

Then, under "processing rules" select the policy you wish to work with, and under that  "My Custom Rules". In this example I'm creating a rule for Syslogs, and then click on "Create New Rule"

pastedImage_3.png

Follow the steps to create  the rule name, and filter the conditions. Then, under "Log Entry Actions"  add the option to add "execute an external program".

pastedImage_4.png

Then, under the options to "edit action" enter in the following options.

"Program to Run"

c:\windows\syswow64\WindowsPowerShell\v1.0\powershell.exe

"Command line arguments" (obviously change the file path as needed)

-ExecutionPolicy Unrestricted -NoProfile  -File C:\temp\alerting.ps1 "${IpAddress} ${DateTime} ${Message}"

And then, just update the relevant fields in the script as needed, such as the to, from and smtp server addresses.

The script itself uses the send-mailmessage cmdlet, and I've included some HTML example to just highlight the message itself in red. The script can be adapted as needed, and depending on your own environment you may need additional configuration options for SMTP.

pastedImage_0.png

alerting.ps1
  • micheal100 I am seeing very odd behavior when trying to use powershell.

    TrapService.log:

    2019-12-03 16:31:56,647 [46] ERROR SolarWinds.Orion.LogMgmt.RuleProcessing.Actions.ExecuteExternalProgramAction - Failed to execute external command: 'E:\Program Files (x86)\SolarWinds\Orion\powershell.exe -file "E:\Program Files (x86)\trap-to-sn\src\trap-to-sn.ps1" -e "test" -a "DPA" -i "GA - DPA SolarWinds" -o "${Message}"'

    System.ComponentModel.Win32Exception (0x80004005): The system cannot find the file specified

       at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)

       at SolarWinds.Orion.LogMgmt.RuleProcessing.Actions.ExecuteExternalProgramAction.Execute(ILogEntryOrchestratorData logEntryData)

    2019-12-03 16:31:56,647 [46] ERROR SolarWinds.Orion.LogMgmt.RuleProcessing.LogRule - Unknown actionResult in ExecuteActions: Failed

    Trigger Action in LA

         pastedImage_0.png

    Looks like the directory is getting changed to E:\, which is my Orion install directory.