Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 8

Email Alerting stopped


My email alerting stopped for my rules.  I checked the diskusage and the EPIC rules queue is backed up.  How do clear this?

cmc::acm# diskusage

Checking Disk Usage (this could take a moment)... ....oo.oo.oo.oo.oo.oo.oo.

Partition Disk Usage:

        LEM:             70% (2.0G/3.0G)

        OS:              38% (1.1G/3.0G)

        Logs/Data:       52% (976G/2.0T)

        Temp:            12% (680M/5.9G)

Database Queue(s): 4.0K (No alerts queued, 459 alerts waiting in memory)

Rules Queue: 2.1M (0 alerts queued, 0 alerts waiting in memory)

Alert Errors: 21M

Console Queue: 2.1M (0 alerts queued, 0 alerts waiting in memory)

DataCenter Queue: 2.1M (0 alerts queued, 0 alerts waiting in memory)

EPIC Rules Queue: 503M (1300000 alerts queued, 1200000 alerts waiting in memory)

Forensic Database Queue: 2.1M (0 data queued, 0 data items waiting in memory)

Logs: 801M

Tool Profiles Message Queue: 2.1M (0 alerts queued, 0 alerts waiting in memory)

Labels (1)
Tags (2)
0 Kudos
7 Replies
Level 8

I am still seeing this issue too.  I there a resource modification I can do to alleviate the problem?

0 Kudos

If your diskusage looks anything like the OP then you've most likely got a rule configuration issue.

Especially if the Rules Queue or Epic Rules Queue is maxed out like the OP then you have a few things:

  1. If you remember the last rule(s) you worked on disable it.
  2. If you don't, you can check for InternalRuleFired or InternalTestRule events to see what is triggering the most.
  3. If the issue's been going on for a while you can restart the manager service and then check step 2 to see what rule is running off with the LEM.

If you need any help with these steps Support will be able to assist you. Most likely it's a rule configuration/correlation causing the rule to fire too frequently and fill up the Queue.

0 Kudos
Level 14

I have had the same problem repeatedly over the past year or so... cases 693580 and 739367... I always end up having to reboot the appliance because I can't leave it down waiting for a response to the ticket. Sometimes restarting the manager helps but there doesn't appear to be an actual fix. Past suggestions have been rule issues, but these have been modified or disabled so I'm not sure what else to try. Email Active Response connector is turned on.

any solutions?

0 Kudos

None have been provided, and consider the date of the post. Just recently had it happen too.

0 Kudos
Level 9

Just as a precaution check your Email Active Response connector configuration settings to see if there is anything wrong.

I know there is a command in cmc to operate the configurations of the appliance logs.I hope somebody will stop by with an answer to this.

0 Kudos

The Email Active Response connector was turned on.  I had to restart the manager service to get it working again.

0 Kudos