Skip to main content
Skip table of contents

Create New Email Alarm Notification Policies

To create a new, private email notification policy:

  1. Do one of the following to access the Notification Policy Manager:
    • Administrators. On the main toolbar, click Deployment Manager. On the Tools menu, click Distribution, click Notifications and Collaboration, and then click Notification Policy Manager from the main menu.
    • Non-Administrators. On the My LogRhythm menu, click My Notification Policies.
  2. In the Policy Name field, enter a name for your policy.
  3. (Optional) On the Additional Info tab, enter a Brief Description and more details or notes.
  4. Enter a Notification Email Subject Prefix. The default is "LogRhythm Alarm - ".

  5. In the Notification Period in Minutes and Maximum Notifications Per Period settings, set the amount of notifications to be sent in a specific amount of time.

    Setting Notification Period in Minutes to 0 results in all alarms being sent in individual notifications as shown in this example:

    WHEN

    Notification Period in Minutes = 60

    Maximum Notifications Per Period = 10

    15 alarms are received in 60 minutes

    RESULT

    The first 10 alarms notify individually.

    The last 5 alarms are sent in a batch notification at the end of 60 minutes.

  6. Decide whether to include N/A fields. If Include N/A Fields is selected, the email includes headers for all selected items, even if they are blank. If Include N/A Fields is cleared, selected items that are blank are omitted completely.

  7. Select a Notification Format. The default is HTML.

    The AIE Drill Down Cache feature must be enabled for HTML notifications. Note that this feature should only be enabled if you have an average of 10,000 daily alarms or fewer. If your deployment processes more than 10,000 alarms per day, AIE Drilldown Cache performance, as well as overall deployment performance, could be degraded. For XMs and single node Linux clusters, the maximum alarm rate should be 5,000. You can check your alarm rate in the Client Console's Deployment Monitor. If your alarm rate exceeds 10,000 per day, it is recommended that you disable the AIE Drill Down Cache API in the LogRhythm Configuration Manager or reduce your alarm volume by adjusting your AIE rules.

  8. In the Information Included in Email section, select the items to include in the notification. You can right-click anywhere in the list to display a menu that allows you to Select All or Unselect All.
    The selected items appear in the email in the same order that they appear in this list.
  9. To reorder them, select an item and use the Field Order arrows at the top of the list. Arrows with lines above or below move an item to the top or bottom of the list. The other arrows move an item up or down one line at a time. In HTML notifications, the Rule Block Section and Origin/Impacted Section fields are not affected by reordering.
  10. Click OK.

A new private policy is created. To create a group policy that can be used by others, see Create Group Notifications for Alarms.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close