Ingestion of Alerts via Email

Question

There have been a few different variations of EventSources for ingesting alerts via email over the years. I recently had need for some additional functionality, such as dynamic property replacement in the subject line, so created a new variation that I'm&nbsp;sharing&nbsp;here in case it's useful to others.

At its most basic, the EventSource checks an IMAP inbox for unseen messages that have specific text in the subject line. If a match is found, it captures the body of the email in a new alert associated to the host/resource in LogicMonitor where the properties are defined. By default, processed emails are marked as read but can optionally be flagged for deletion.

Because the EventSource supports dynamic replacement of a property value in the subject line, it allows the potential of&nbsp;having the&nbsp;module associate&nbsp;to multiple LogicMonitor resources and alert based on matching hostnames in incoming email subjects. For example, if you have the 'email.subject' property set to "Email Alert on ##system.hostname##"&nbsp;and an email is received with the subject line "Email Alert on host1", it would appear as an alert on the 'host1' resource in LogicMonitor.

LM Exchange locator code: AHDXND

&nbsp;

Required properties:

imap.host: The address of the IMAP server.

email.user: Username the module will to login &amp; check for new emails.

email.pass: Password for the email user.

Optional properties:

email.subject: The email subject to search for. This can include a property name (example: "##system.hostname##") for dynamic replacement. Default: "Email Alert".

imap.type: IMAP security type (SSL or TLS).

email.deleteProcessed: Whether to attempt to delete processed email (versus just marking them as read). Default: false. NOTE: auto-deleting processed email may not work on Gmail due to Google's non-standard handling of IMAP.

email.folder: Inbox sub-folder to monitor (example: "Inbox/Errors"). Default: "Inbox".

&nbsp;

Below is an example email regarding a specific host...

This is how the resulting alert displays on that host in LogicMonitor...

nelson_cardenas · Answer

Dear Kevin

Thanks do much for your contribution, this seems very useful, I added this module to our LM account, but I am having an issue and I hope you can help here.

I created a test email account on hotmail (also tried a shared mailbox on the tenant) and added these properties to one of ouur devices

- imap.host:&nbsp;outlook.office365.com
	- email.user: LogicMonitorSTA@hotmail.com
	- email.pass: Password for the email

After that I did test sending emails to that address but the alrerts didn´t show up- Also if I test the EventSource Script it tells me this:

"There would not be script events for the selected device"

Could you guide me on what else I can do for this to work?

Thanks so much

egis · Answer

Hi All,I’m bringing this topic to the daylight as we would also like to use this event source, however, it seems&nbsp;javax.mail library no longer comes with Java - unable to resolve classes. I tried to import the library to the collector (dir - C:\Program Files\LogicMonitor\Agent\lib), but no luck.Has anyone successfully imported and used&nbsp;additional Java libraries?Error:The embed groovy script syntax is illegal - org.codehaus.groovy.control.MultipleCompilationErrorsException: startup failed:Script20.groovy: 171: unable to resolve class SubjectTerm&nbsp;

stuart_weenig · Answer

I’m thinking I’ll just stand up a lambda function to receive a call and log something to lm logs with a pipeline looking for any/all logs coming from that function.&nbsp;

Forum Discussion

Ingestion of Alerts via Email

3 Replies

Related Content

Email Ingestion

Okta log ingestion for non AWS customers

Email notifications missing logos

Programmatic Ping Alert

Alert Suppress

Recent Discussions

Issues with Set-LMWebsiteGroup

ESX Host Services?

What not to do when developing code

REST API 503 errors

Anyone else have issues logging into these new forums with Firefox?