Hi all,
As you may have seen in Introducing Log Manager for Orion not all alert actions are available in V1. Orion Alert Integration is something we are busy working on, however by utilising the "execute an external program" option, we can execute a PowerShell script that can take some of variables from the logs, and then forward that info via email.
First, from the "Log Viewer" dashboard click on "Configure Rules"
Then, under "processing rules" select the policy you wish to work with, and under that "My Custom Rules". In this example I'm creating a rule for Syslogs, and then click on "Create New Rule"
Follow the steps to create the rule name, and filter the conditions. Then, under "Log Entry Actions" add the option to add "execute an external program".
Then, under the options to "edit action" enter in the following options.
"Program to Run"
c:\windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
"Command line arguments" (obviously change the file path as needed)
-ExecutionPolicy Unrestricted -NoProfile -File C:\temp\alerting.ps1 "${IpAddress} ${DateTime} ${Message}"
And then, just update the relevant fields in the script as needed, such as the to, from and smtp server addresses.
The script itself uses the send-mailmessage cmdlet, and I've included some HTML example to just highlight the message itself in red. The script can be adapted as needed, and depending on your own environment you may need additional configuration options for SMTP.