Configuring Email Notifications

Email notifications will inform recipients about monitored nodes being down or out of communications.

Before configuring email notifications, ensure that values are specified for your SMTP settings under Administration > System Admin > System > SMTP. For more information on SMTP settings, see SMTP.

Once configured, email notifications must be configured for each of the notification rules you wish to trigger an alert.

To configure email notifications:

1. In a text editor, open the file .../userdata/arcmc/logger.properties. (If the file does not exist, you can create it in a text editor. When creating the file, ensure that it is owned by the non-root user.)

2. Add a new line with the new property named monitoring.notification.emails and a value equal to a comma-separated list of email addresses of all administrators you intend to receive notifications. For example, this value would send email alerts to address1@example.com and address2@example.com:

   monitoring.notification.emails=address1@example.com,
   address2@example.com

3. Save the modified logger.properties file.

4. Restart the ArcMC web process.

5. In the rules editor, open the notification rule you wish to trigger an email alert, and under Notify Me, select Email.

Example Email Notification

An example of the email sent to recipients is shown here.

<URI> refers to the URI of a problematic node.

NodeN is the hostname of a problematic node.

This information is found on the Hosts tab under Node Management.

Subject: <Email title>
The following nodes are either down or not reachable from ArcSight Management Center:

//Default/<URI>/<Node1>

//Default/<URI>/<Node2>

Defining Email Notification Lists Using a CSV File

Email notifications lists can be enabled using a CSV file to create a customized notification broadcast.

To enable notifications using a CSV file:

1. In a text editor, open the file .../userdata/arcmc/logger.properties.

2. Add a new line with the new property named monitoring.notification.emails.file and a value equal to your intended CSV's fully qualified path and file name. This CSV file must reside in the directory <ArcMC_INSTALL_DIR>/userdata/arcmc. For example:

   monitoring.notification.emails.file=/opt/arcmc/userdat/arcmc/notifications/notification_emails.csv

   monitoring.notification.emails.file=/opt/arcmc/userdat/arcmc/notifications/section_1/notification_emails.csv

3. Create the CSV file at the location you specified in Step 2. When creating the file, ensure that it is owned by the non-root user, or the non-root user has at least read access.

4. Use the CSV file to define the notification rules and the email addresses. The email list can be configured by device type, location name, and monitoring rule name.

   • The CSV file must be separated by commas (,), and the first line must correspond to the header:

Device Type, Location Name, Rule Name, Emails.

• Each line of the file is considered a notification rule. It can be configured by device type, location, and monitoring rule.

Connector, Location-1, EPS_OUT_Connector, address1@example.com

• If the notification rule applies for any Device Type, Location, or Rule the value must be (ANY).

Connector,(ANY),(ANY),address1@example.com / This email list is for the Connector device type, 
no matter the location or monitoring rule.

• When sending a notification, ArcMC checks that there is an email address assigned to the Device Type, Location, or Rule. If not, ArcMC will use the value of monitoring.notification.emails as the default email address. For example:

monitoring.notification.emails=admin@email.com

monitoring.notification.emails.file=/opt/arcmc/userdat/arcmc/notifications/notification_emails.csv

The possible device type values for managed products are: ArcMC, Connector, Collector, Logger, Transformation Hub.

• For the devices (Unmanaged products), the device type corresponds to the Device Product Name. For example: ArcSight, JUNOS.

• For the devices (Unmanaged product), the location name must be empty, since these devices do not belong to any location.

ArcSight, (ANY),address1@example.com / This email list is for the ArcSight devices, 
no matter the monitoring rule.

• The email value could be equal to list of semi-colon delimited email addresses, for example:

Connector, (ANY), (ANY), address1@example.com; address2@example.com

• Each notification rule (line) is evaluated independently, regardless of the order in the file. For example:

(ANY),(ANY),(ANY), all@mycompany.com / All alerts are sent to this email address.

Logger,(ANY), (ANY), logger@mycompany.com / All alerts for any Logger are sent to this email address.

Logger, Loc-a, (ANY), logger.loca@mycompany.com / All alerts for any Logger in location Loc-a are sent to 
this email address.

Logger, Loc-b, Rule Name 1, logger.locb.rule@mycompany.com / All alerts for any Logger in location Loc-b for 
Rule Name 1 are sent to this email.

Connector, (ANY), (ANY), connector@mycompany.com / All alerts for any connector are sent to this email address.

Connector, Loc-a, (ANY), connector.loca@mycompany.com / All alerts for any connector in location Loc-a are 
sent to this email address.

Connector, Loc-b, Rule Name 1, connector.locb.rule@mycompany.com / All alerts for any connector in location 
Loc-b for Rule Name 1 are sent to this email address.

• ArcMC issues an alert when nodes are down or unreachable. To route these emails, a notification rule should be created, the reserved word (NODE) must be used instead of device type, and the rule name must be blank.

(NODE), location-a, node.location.a@email.com / If a node in the location-a is down, an alert is sent to 
this email address.
 
(NODE), location-b, node.location.b@email.com / If a node in the location-b is down, an alert.

• If there is no email list assigned to the device type, location or monitoring rule, the monitoring.notification.emails property is used as default.

5. Save the changes in the CSV file.

6. Restart the ArcMC web process.

7. In the rule editor, open the notification rule you wish to trigger an email alert, and under Notify Me, select Email.