I created simple rule. I would like the rule to send an email to me when it triggers. I have configured the email Connector (Email Active Response) to communicate with our SMTP server via TCP Port 25. As per standard practice, the SMTP servers sit in a DMZ.
While monitoring the LEM Console All Events Filter, I can see the following Event Name/EventInfo when the rule I created triggers:
Event Name EventInfo
InternalCommands Successfully Completed Send Email Message Action
InternalCommands Initiated Action: Send Email Message
InternalRuleFired The “SendEmail” rule fired
Only once did I see the appropriate rule on the firewall increment. I have triggered the rule (SendEmail) MANY times. So, does LEM generate a SMTP request on TCP 25 to the SMTP server each time a rule triggers and has email notification set?
That's correct, unless you have the "re-infer (TOT)" interval defined for the rule