NetIQ Documentation: Sentinel Log Manager 1.0.0.5 Administration Guide - Configuring E-Mail Notification of Auto-Created Event Sources without a Time Zone

7.3 Configuring E-Mail Notification of Auto-Created Event Sources without a Time Zone

When event sources are auto-created without a time zone, it is recommended that an administrator receives a notification so that a time zone can be manually assigned to the event sources, if necessary.

By default, Sentinel Log Manager is installed with a rule that sends an e-mail message when an event source is auto-created without a timezone. The rule is called Event Source Created With Unspecified Timezone. It is triggered by the following conditions:

EventName = CreateEventSource AND
Message match regex .*EMPTYTZ$

The Event Name is CreateEventSource. The Event Message indicates the name and universally unique identifier (UUID) of the newly created event source. If a new event source group or a new Collector is also created, their respective names and UUIDs are also indicated in the message. The message also indicates if any timezone was assigned to the event source when it was created. If the event source was created without a time zone, it shows the text EMPTYTZ at the end of the message.

When the defined conditions are met, an e-mail is sent to the e-mail address that is configured for the Send an email action.

7.3.1 Activating the Event Source Created with Unspecified Timezone Rule

By default, the Event Source Created With Unspecified Timezone rule is installed with Sentinel Log Manager, but it is in the inactive (off) state. To send an e-mail, the rule must be activated, and the e-mail notification settings for the Send an email action must be configured.

Use the following procedure to activate the rule:

Log in to the Sentinel Log Manager as an administrator.
Click rules in the upper left corner of the page.
The Rules tab is displayed on the right pane of the page.

The Event Source Created With Unspecified Timezone rule is displayed under the Rules tab.
To activate the Event Source Created With Unspecified Timezone rule, click the check box next to the rule.

If the rule is activated a Successfully activated the rule message is displayed.

7.3.2 Configuring Settings for Sending E-Mail

In addition to activating the Event Source Created With Unspecified Timezone rule, you should also configure the settings to receive the e-mail notifications for event sources that are auto-created without a time zone.

Log in to the Sentinel Log Manager as an administrator.
Click rules in the upper left corner of the page.
The Rules tab is displayed on the right pane of the page.
Select the Actions tab.
Click the Add Action link on the right side of the screen.
Select the Send an Email action type.

The Email screen appears.

Use the following table to specify the field values:

Fields	Description
Action name	Specify an action name. The action name should be unique.
SMTP Server	Specify the hostname or IP address of the SMTP server.
Port	Specify the port of the SMTP server. The default port value is 25. NOTE:Do not change the port value unless your SMTP server uses a different port.
Test	Click Test to validate the SMTP server and port.
Username	Specify a username to log in to the SMTP server.
Password	Specify a password to log in to the SMTP server.
From	Specify an e-mail address that the e-mail messages comes from.
Send To	Specify an e-mail address to receive the e-mail notifications for event sources that are auto-created without a time zone. NOTE:Specify multiple e-mail addresses by separating them with commas.

Click Save.