Mail Notification Troubleshooting

Introduction

This article provides information on the steps to be taken in case of issues with email notifications for triggered alarms in Logsign.

Email Notification

When an alarm is triggered in Logsign and an action model is configured for email notification, the architecture works as follows:

After Logsign-alarmflow-worker triggers the alarm, it writes the action model for email notification to a list (action_queue) in the Redis database.

The Logsign-action-rule-worker service constantly monitors this list in Redis. If there is a task in the list, it performs it.

First, let's check the logs of this service.

journalctl -u logsign-action-rule-worker -f

1.png

There should be no error logs in the output of this service log.

Another checkpoint is the Redis list. If there is a lot of congestion in this list, it may indicate that the Logsign-action-rule-worker service is inadequate.

redis-cli -h localhost hgetall "action_queue" | wc -l

2.png

If there are six tasks waiting to be performed in the list, and you see the same number or more after two minutes, it means that the action-rule-worker service cannot keep up. You can increase the Logsign-action-rule-worker service to keep up with this number again.

Was this article helpful?
1 out of 1 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.