This page describes how to integrate ilert with any tool that can send emails.
Email integration is the easiest way to integrate ilert with your monitoring system. Each email alert source in ilert has its own email address (e.g. [email protected]). As soon as your monitoring system sends an e-mail to this address, ilert will create an alert.
- 1.Go to Alert sources and click on Add a new alert source
- 2.Enter a name and select an escalation policy
- 3.Chose Email as integation type
- 4.Enter an email address for the alert source
- 5.Save the email alert source
Your email alert source is now active. Any email sent to the email address will create an alert in ilert and trigger the alerting process using the alert source's escalation policy. The default setting creates an alert in ilert for each incoming email. The next section explains advanced settings, such as deduplicating or filtering emails.
By default, ilert creates a new alert for every email sent to the alert source's email address. You can fine-tune this behavior by
- adding email filter, which lets you filter emails based on defined conditions
- modifying alert creation options
Email filters allow you to ignore emails based on the content of the email's subject, body, or from address.
In the above sttings, only emails from [email protected] that contain the word PROBLEM in the subject will be accepted.
Open a new alert for every email
Each email sent to the alert source's email address will create a new alert.
Open a new alert for every new email subject
Alerts are de-duplicated based on the subject of the emails. Case sensivitiy and whitespaces are ignored. Deduplication considers only the emails of open alerts.
If, for example, a monitoring system sends two e-mails in succession with the same subject, a new alert is created for the first e-mail and the second e-mail is appended to the created alert in the event log.
Open a new alert only if all alerts in this alert source are in
An email sent to the alert source's email address will only open a new alert if an open alert does not already exist; otherwise, the email will be appended to the last open alert. Example: You get alerted at 3 A.M. in the morning and accept the alert and decide to look at the problem the next morning. In the meantime, if a new (potentially critical) issue is reported to ilert, a new alert will be notified again. In this scenario, you need to chose
Open and resolve alerts based alert keys extracted from emails
Use defined rules to link emails to the same alert based on matching substrings in the email subject or body. See Automatically resolve Alerts with Emails
Does ilert also process e-mails that are sent by forwarding to an alert source address?
Yes, ilert evaluates the
BCCfields as well as the
DELIVERED-TOheader when processing email.
My monitoring system sends emails when an issue is recovered (e.g.
RECOVERYemails in Nagios). Can ilert use these emails to resolve previously created alerts?
I need more examples that illustrate regex alert key extraction from emails, where can I find them?