We want to add the name/path of the Log file and the match hit string to the email notification subject line (4352151)

We want to add the name/path of the Log file and the match hit string to the email notification subject line (mail.subject). The body of the email (mail.message) has this information - how to add this to the mail.subject?

Admin Console | Administration | Rules & Notifications | edit LogFilter rule | Conditions & Actions tab | expand 'Fire' severity | Action tab | edit Email Action | Severity Level Variables tab |

There are 3 existing (out-of-the-box) variables here:

- Subject2 - by default, used for the mail.subject on the 'Action' parameters tab. By default, lists the RuleName fired and its that the Rule fired with 'Fire' Severity (the only severity level available for a Simple Rule)

- Text - by default, used for the mail.message (body of email) on the 'Action' parameters tab. By default, this is a built query which grabs the name/path of the LogFile, the match hit string, and the alarm url.

- var1 - by default, used for the mail.recipient on the 'Action' parameters tab. By default, this is set to the SYSADMIN registry variable.

1. Create a new Severity Level Variable called 'logName' as Expression type. Paste the following query into the Expression/Message box:

objs = server["QueryService"].queryObservations(

'LogFilter_ErrorVerbose from LogFilter_ErrorVerbose for 1 minutes')

for (obj in objs.getTopologyObjects()) {

for (observedData in objs.values(obj)) {

obsVal = observedData.getValue();

collName = obsVal.LogName;

}

}

return collName;

2. Create a second new Severity Level Variable called 'hittingString' as Expression type. Paste the following query into its Expression/Message box:

objs = server["QueryService"].queryObservations(

'LogFilter_ErrorVerbose from LogFilter_ErrorVerbose for 1 minutes')

for (obj in objs.getTopologyObjects()) {

for (observedData in objs.values(obj)) {

obsVal = observedData.getValue();

hittingStr= obsVal.Error_Message;

}

}

return hittingStr;

3. Save your changes.

4. For the 'Subject2' Severity Level Variable, append the following to the Message type:

@logName @hittingString

So, when you are done, it will look like this:

Rule @foglight_rule_name fired with @foglight_severity_level_name severity. @logName @hittingString

5. Save your changes. Test fire the rule by writting a match hit string in your log (you may want to clear all existing LogFilter alarms first). Check the email notification that is sent - the email subject should now contain the LogFile Path\Name and the MatchString text. It should look something like this:

-----Original Message-----
From: myFoglightServer@myDomain.com [mailto:fog5_fog5_myFoglightServer@myDomain.com]
Sent: Monday, June 13, 2011 8:05 AM
To: Wayne Pruski
Subject: Rule LogFilter fired with Fire severity. [c:\logfile.log] [matchHitStringText ]

Enhancement Request filed to add this feature into the product: OS-1084

Also see: SOL82899 - "LogFilter rule does not include hostname in email notification. Add hostname to email notification for LogFilter rule".