3 Replies Latest reply: Apr 27, 2012 6:23 PM by phil3 RSS

    Alert Failures

    mcoupe

      So I have a rule which sends an email based on user logon failures above a certain threshold.  I'm running into an issue where the emails stop arriving though if i disable and re-enable the run it begins to work again for a period.  I haven't yet figured out for how long it works before it stops.

       

      Has anyone else seen similar behavior?

       

      Regards,

      -Mark

        • Re: Alert Failures
          phil3

          Hi, Mark.

           

          Did you do anything with the Re-Infer TOT checkbox on the Set Advanced Thresholds window in Rule Creation?

           

          SetAdvancedThresholds.png

           

          Thanks in advance for the clarification.

           

          Phil

            • Re: Alert Failures
              mcoupe

              No, I didn't.

                • Re: Alert Failures
                  phil3

                  OK. Thanks.

                   

                  For general troubleshooting steps for this sort of issue, try this KB article: Troubleshooting LEM Rules and Email Responses.

                   

                  Since your rule works intermittently, these are the most immediate things that come to mind:

                  • Check whether or not the rule correlations include a Time of Day Set.
                  • Check the time settings on your appliance and clients/agents.
                  • Check the SolarWinds Alerts filter to see if the rule is firing. If the rule is firing but you're not getting the emails, it might be an issue with your email server.

                   

                  Hope this helps.

                   

                  Phil