Skip to main content
Skip table of contents

Create Email Notification Policies

The Alarm Notification Policy is used to specify the information that is included in a notification, as well as throttle the number of notifications sent in an allotted time. The Notification Policy Manager is used to view and work with alarm notification policies. You can access the Notification Policy Manager through the My LogRhythm menu. The Notification Policy Manager limits the visible notification policies to those privately belonging to the currently logged in user. For more information, see Alarm Notification Policies.

You must have TLS 1.2 enabled on the SMTP server to receive email alarm notifications for AI Engine rules.

To create a new, private email notification policy

  1. On the My LogRhythm menu, click My Notification Policies.
  2. Click File, and then click either New SMTP Policy or New SNMP Policy. SMTP is used for most email notifications. 
    For information specific to SNMP Policy settings, see Create a New SNMP Alarm Notification Policy.
    The Email Notification Policy window appears.
  3. In the Policy Name field, type a name for your policy.
  4. Enter Notification Period in Minutes and Maximum Notifications Per Period settings to establish how many notifications will be sent in a specified time period.
    For example, if the Notification Period in Minutes is set to 60 minutes and the Maximum Notifications Per Period is set to 10 and you receive 15 alarms in 60 minutes, the first 10 alarms will notify individually, the last 5 will be sent in a batch notification at the end of the Notification Period in Minutes.

    Setting the Notification Period in Minutes to 0 disables batch notifications, which results in all alarms being sent in individual notifications.

  5. Decide whether to include N/A fields. If Include N/A Fields is selected, the email includes headers for all selected items, even if they are blank. If Include N/A Fields is cleared, selected items that are blank are omitted completely.
  6. In the Include Alarms Fields section, select the information to be included in the Email Notification.

    Origin/Impacted section is a summary of all Origin/Impacted fields (Entity, Host, User, etc.)

  7. (Optional) Click the Additional Info tab and type additional information in the Details box.
  8. Click OK.
  9. Click OK.

A new private policy is created. To create a group policy that can be used by others, see Create Group Notifications for Alarms.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.