cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Netsight email alert for core device not populating device name or IP

Netsight email alert for core device not populating device name or IP

Sarah_Seidl
New Contributor III
Hello,
We are running netsight 6.3 to monitor our extreme summit stacks. We have various alarms setup, including invalid login attempt. This is the example I would like to use for my post.
TRAP (ExtremeNetworks extremeInvalidLoginAttempt .1.3.6.1.4.1.1916.0.9 Notice ).

This alarm for our IDF stacks (L2 devices), seems to work pretty well. But for our core stacks (L3 devices), this alert generates in the netsight console; it even sends out an email, but doesn't populate the device name nor IP address in that email. I notice in the Netsight Console, in the bottom part of the screen, I do see the error output, the source (displays as an IP address) and information (shows invalid login attempt). I'm stumped as to how to get this to populate in the email. When for idf stacks it shows up as expected (IP and device name), but for core stacks the information in the email is missing any info that would help identify the stack (IP / name)

(examples below).

As a test for our core devices, I added both the WAN interface and management interface IPs both to netsight to see if that would help. It didn't seem to make a difference in getting the email to populate properly. It shows nothing for IP and nothing for device name.

In the console:
Interestingly enough, for the emails that populate properly (showing IP and name) the source for them shows up the device *name*

But for the emails that don't populate properly, the alerts that aren't populating properly (do not show name nor ip for the email alert) the source for them shows up as the WAN IP interface (not the name). Correlation?

=============
Example of IDF Email Alert: shows the device name just dandy.
============
Device: (IP address shows here - good)

Severity: Error

Message: Invalid Login Attempt sysUpTime.0 = Timeticks: (2245960000) 259 days, 22:46:40.00 sysDescr.0 = STRING: ExtremeXOS (Stack) version 15.3.1.4 v1531b4-patch1-44 by release-manager on Fri Sep 5 16:29:36 EDT 2014

Device Name: IDF1_MainOffice

Nickname: IDF1_MainOffice

===================
Example of Core stack Email Alert: - see how the device name is missing and it has no IP Address.
==================
Device: (no IP shows here at all)Severity: Error

Message: Invalid Login Attempt sysUpTime.0 = Timeticks: (2210800500) 255 days, 21:06:45.00 sysDescr.0 = STRING: ExtremeXOS (Stack) version 15.3.1.4 v1531b4-patch1-44 by release-manager on Fri Sep 5 16:29:36 EDT 2014

Device Name: (no name shows here at all)

Nickname: (no name here either)

I guess I can correlate getting an email then looking in the console, but I'm wondering is there a way to get this information to actually populate in the email itself?

Thanks in advance,
Sarah

6 REPLIES 6

Ronald_Dvorak
Honored Contributor
Hi Sarah,

have you tried to edit the email content...
In Netsight Console go to Alarms Manager > select the alarm > go to Actions > checkmark "Override Content" > Edit Content

Here you'd add/delete fields that are included in the mail per alarm.
Click on "Show Keywords" to get to the help which show all available options.

I've changed mine to...

Subject:
Unify - NetSight $severity Alarm: $alarmName - $deviceNickName

Body:
Device: $deviceIp
Severity: $severity
Source: $alarmSource
NickName: $deviceNickName
DateTime: $time
Message: $message

-Ron

5a7ba774376c4b44a7408a6f5e0f37f9_RackMultipart20150922-27849-1wba9sn-Netsight_AlarmManager_EMail_inline.png


Thanks Ron, here's what we have setup, I will try adding the alarm source to our list too and see if that would show us.

54defff2127b4b8baac9e3325132f7ec_RackMultipart20150923-20346-bg5szd-netsight_cap_inline.png



GTM-P2G8KFN