Forum Discussion

Kevin_Ford's avatar
Kevin_Ford
Icon for Employee rankEmployee
5 years ago

Ingestion of Alerts via Email

There have been a few different variations of EventSources for ingesting alerts via email over the years. I recently had need for some additional functionality, such as dynamic property replacement in the subject line, so created a new variation that I'm sharing here in case it's useful to others.

At its most basic, the EventSource checks an IMAP inbox for unseen messages that have specific text in the subject line. If a match is found, it captures the body of the email in a new alert associated to the host/resource in LogicMonitor where the properties are defined. By default, processed emails are marked as read but can optionally be flagged for deletion.

Because the EventSource supports dynamic replacement of a property value in the subject line, it allows the potential of having the module associate to multiple LogicMonitor resources and alert based on matching hostnames in incoming email subjects. For example, if you have the 'email.subject' property set to "Email Alert on ##system.hostname##" and an email is received with the subject line "Email Alert on host1", it would appear as an alert on the 'host1' resource in LogicMonitor.

LM Exchange locator code: AHDXND

 

Required properties:

  • imap.host: The address of the IMAP server.
  • email.user: Username the module will to login & check for new emails.
  • email.pass: Password for the email user.

Optional properties:

  • email.subject: The email subject to search for. This can include a property name (example: "##system.hostname##") for dynamic replacement. Default: "Email Alert".
  • imap.type: IMAP security type (SSL or TLS).
  • email.deleteProcessed: Whether to attempt to delete processed email (versus just marking them as read). Default: false. NOTE: auto-deleting processed email may not work on Gmail due to Google's non-standard handling of IMAP.
  • email.folder: Inbox sub-folder to monitor (example: "Inbox/Errors"). Default: "Inbox".

 

Below is an example email regarding a specific host...

This is how the resulting alert displays on that host in LogicMonitor...

  • Nelson_Cardenas's avatar
    Nelson_Cardenas
    3 years ago

    Dear Kevin

    Thanks do much for your contribution, this seems very useful, I added this module to our LM account, but I am having an issue and I hope you can help here.

    I created a test email account on hotmail (also tried a shared mailbox on the tenant) and added these properties to one of ouur devices

    - imap.host: outlook.office365.com
    - email.user: LogicMonitorSTA@hotmail.com
    - email.pass: Password for the email

    After that I did test sending emails to that address but the alrerts didn´t show up- Also if I test the EventSource Script it tells me this:

    "There would not be script events for the selected device"

    Could you guide me on what else I can do for this to work?

    Thanks so much

  • Egis's avatar
    Egis
    10 months ago

    Hi All,

    I’m bringing this topic to the daylight as we would also like to use this event source, however, it seems javax.mail library no longer comes with Java - unable to resolve classes. I tried to import the library to the collector (dir - C:\Program Files\LogicMonitor\Agent\lib), but no luck.

    Has anyone successfully imported and used additional Java libraries?

    Error:

    The embed groovy script syntax is illegal - org.codehaus.groovy.control.MultipleCompilationErrorsException: startup failed:
    Script20.groovy: 171: unable to resolve class SubjectTerm 

  • Anonymous's avatar
    Anonymous
    10 months ago

    I’m thinking I’ll just stand up a lambda function to receive a call and log something to lm logs with a pipeline looking for any/all logs coming from that function. 

  • Lim's avatar
    Lim
    Icon for LM Champion rankLM Champion
    6 months ago

    Hi Kevin_Ford , if the user have 10 different email subjects how would they set these up?

    Do they need to have 10 different eventsources with this script but hard code the subject in the code itself for each of them? Or they can combine the subjects using delimiter?

    • Kevin_Ford's avatar
      Kevin_Ford
      Icon for Employee rankEmployee
      5 months ago

      Apologies for taking a while to respond. In its current form the script doesn't support multiple subjects since it passes the subject line as part of the query to the mail server. It wouldn't be difficult to add support for delimited subjects but I won't have a chance to do so myself for a while due to competing priorities. If someone wants to take a stab at that I'm happy to update the posting here with your changes & provide proper attribution.