Wednesday, December 10, 2008
I got asked the question the other day, if it was possible only to receive an email, when Incidents were of the RED Severity.
Now if you think about it, its an option to get an email when an Incident is created, but you cannot be selective if this was RED, AMBER or GREEN.
Now if you think about it, its an option to get an email when an Incident is created, but you cannot be selective if this was RED, AMBER or GREEN.
Now there is a noddy way to achieve this, if you want to go the trouble, and this would be based on duplicating rules...
Consider this RULE below...
Consider this RULE below...
If fires based on events received in the Info/UncommonTraffic/Chat and Info/UncommonTraffic/Chat/Proxy groups, but for ANY severity. There is no "Action" defined for this Rule.
If we duplicate the Rule in question, then edit the Severity to be RED Only, then we can apply an Action of email.
If you leave the default rule, to ANY, then you will probably get 2 Incidents Fired, but only 1 email.So it may be worth changing the default rule, or duplicating again, to set GREEN or YELLOW Severity Events. (You may want to create a second offset, with an OR operation).
You would need to proceed with caution with this method, as the example choosen has only 1 condition to be met. If you select a more complex rule, then you may get in hot water, and render the rule useless!!!
0 Comments:
Subscribe to:
Post Comments (Atom)