MonitorWare Knowledge Base

Mail Action Questions
Is there any way to send the mail message as HTML rather than plain text? The reason for this request is that if it is send in HTML, the tags are color-coded making it easier to read the alert.

Can you set the mail alerts to consolidate events? For example, don't send me an alert until you have 5 matches of any eventID that the filter defines.

Future formating functionality?

Are there any plans in the future to provide a basic formated template that email alerts can be send as to provide easier reading functionality for HTML mail clients?

Hi,

well at the moment there is no function within EventReporter that could send it in formated HTML.

But there is MWAgent 2.0 Beta which has a new message formatting engine. This engine allows you to fully customize message in the File, Email and Forward Syslog Actions.

You can define a message format, and there where you see %something%, something from the current event will be inserted.

Here is a sample with a simple html format:

Code: Select all

<table>
<tr><td><b>Received Date: </b></td><td><font color="">%timereported%</font></td></tr>
<tr><td><b>From: </b></td><td><font color="blue">%source%</font></td></tr>
<tr><td><b>Event ID: </b></td><td><font color="red">%id%</font></td></tr>
<tr><td><b>Event Type: </b></td><td><font color="">%NTEventLogType%</font></td></tr>
<tr><td><b>Event Source: </b></td><td><font color="">%sourceproc%</font></td></tr>
<tr><td><b>Event Severity: </b></td><td><font color="">%severity%</font></td></tr>
<tr><td><b>Event Category: </b></td><td><font color="">%category%</font></td></tr>
<tr><td><b>Event User: </b></td><td><font color="">%user%</font></td></tr>
<tr><td><b>Event Message: </b></td><td><font color="">%msg%</font></td></tr>
</table>


Is there anyway to output the variables below (%timereported%, %source%, %id%, etc...) for use with another program using the Start Program action's parameters field?

Hi,

yes a few can be outputed in the command line of Start Program. They are described in the manual:

%d
date and time in localtime

%s
IP address or name (depending on the ?resolve hostnames? setting) of the source system that sent the message.

%f
numeric facility code of the received message

%p
numeric priority code of the received message

%m
the message itself

%%
represents a single % sign.

Also, the %property% syntax is scheduled to be added to the command line parameters, too. It eventually makes it in 6.2.

Rainer

Are there any plans to allow the full %field% functionality that MWAgent provides for Evntslog? (%timereported%,%source%,%id%,%NTEventLogType%,%sourceproc%,%severity%,%category%,%user%,%msg%)

I can certainly understand not providing the additional services, but it seems to make sense that all features MWAgent provides when it comes to Windows Eventlogs should be included in Event Reporter as well since this is the sole function of the client. Also, by providing this functionality, it gives the end user rich formating capabilities by using the Call Program action.

What I would like at a minimum is to be able to send plain text email messages in the following format:

Code: Select all

Received Date:2003-10-02 14:14:03 from MACHINE
Event ID: 528
Event Type: Security
Event Source: Security
Event Severity: [AUS]
Event Category: 2
Event User: MACHINE\user

Event Message:
Successful Logon: User Name: user Domain: MACHINE Logon ID: (0x0,0x175ED4) Logon Type: 7 Logon Process: User32 Authentication Package: Negotiate Workstation Name: MACHINE Logon GUID: - Caller User Name: MACHINE$ Caller Domain: WORKGROUP Caller Logon ID: (0x0,0x3E7) Caller Process ID: 2500 Transited Services: - Source Network Address: 192.168.1.1 Source Port: 3345

A wish list item would be to send formatted HTML tagged emails. I could do this if I could call postie or some other mail utility (hence the intial question above). Of course the best option would be to have the capability right in Event Reporter, but I certainly understand that you cannot provide every feature request solicited by customers.

Just my thoughts. Any comments would be most appreciated.

schmidman wrote:I can certainly understand not providing the additional services, but it seems to make sense that all features MWAgent provides when it comes to Windows Eventlogs should be included in Event Reporter as well since this is the sole function of the client. Also, by providing this functionality, it gives the end user rich formating capabilities by using the Call Program action.

This is exactly what our position is. Everything for event logs should go in EventReporter. So this is on the list and will move in.

You may ask why is it not yet in? The reason is different versioning of the supporting libraries. As the products have a slightly different cycle, they offer different capabilities at a given period in time. Over time, the set will become the same (of course, in respect to the intended use - so there will never be a file monitor in EventReporter).

I hope this clarifies. And please keep posting requests, this will help us create a product build to solve real needs

Rainer

I very much appreciate your position in regards to future version development!

Until then, we'll get by with the formatting limitations in Event Reporter, but look forward to future versions with great anticipation (including the SETP support!)

Kind Regards,

Dave