Email Inbound Integration
This page describes how to integrate ilert with any tool that can send emails.
Last updated
This page describes how to integrate ilert with any tool that can send emails.
Last updated
(c) 2011 - 2024 ilert GmbH
Email integration is the easiest way to integrate ilert with your monitoring system. Each email alert source in ilert has its own email address (e.g. your-tool@your-domain.ilertnow.com). As soon as your monitoring system sends an e-mail to this address, ilert will create an alert.
Go to Alert sources and click on Add a new alert source
Enter a name and select an escalation policy
Chose Email as integation type
Enter an email address for the alert source
Save the email alert source
Your email alert source is now active. Any email sent to the email address will create an alert in ilert and trigger the alerting process using the alert source's escalation policy. The default setting creates an alert in ilert for each incoming email. The next section explains advanced settings, such as deduplicating or filtering emails.
By default, ilert creates a new alert for every email sent to the alert source's email address. You can fine-tune this behavior by
adding email filter, which lets you filter emails based on defined conditions
modifying alert creation options
Email filters allow you to ignore emails based on the content of the email's subject, body, or from address.
Open a new alert for every email
Each email sent to the alert source's email address will create a new alert.
Open a new alert for every new email subject
Alerts are de-duplicated based on the subject of the emails. Case sensivitiy and whitespaces are ignored. Deduplication considers only the emails of open alerts.
If, for example, a monitoring system sends two e-mails in succession with the same subject, a new alert is created for the first e-mail and the second e-mail is appended to the created alert in the event log.
Open a new alert only if all alerts in this alert source are in RESOLVED
or ACCEPTED OR RESOLVED
state
An email sent to the alert source's email address will only open a new alert if an open alert does not already exist; otherwise, the email will be appended to the last open alert.
Example: You get alerted at 3 A.M. in the morning and accept the alert and decide to look at the problem the next morning. In the meantime, if a new (potentially critical) issue is reported to ilert, a new alert will be notified again. In this scenario, you need to chose ACCEPTED ir RESOLVED
in the dropdown list.
Open and resolve alerts based alert keys extracted from emails
Note that RFC 822 headers must contain only US-ASCII characters. To use non-ASCII characters in the headers, they must be encoded by the caller according to the rules of RFC 1342.
Does ilert also process e-mails that are sent by forwarding to an alert source address?
Yes, ilert evaluates the TO
, CC
and BCC
fields as well as the DELIVERED-TO
header when processing email.
My monitoring system sends emails when an issue is recovered (e.g. RECOVERY
emails in Nagios). Can ilert use these emails to resolve previously created alerts?
Yes, see Automatically resolve Alerts with Emails for further information
I need more examples that illustrate regex alert key extraction from emails, where can I find them?
Take a look here.
Why do my alerts contain odd characters such as 'ö'
?
It seems like your email message does not follow the RFC 822 standard and contains Non-ASCII characters. Please refer to this section.
Use defined rules to link emails to the same alert based on matching substrings in the email subject or body. See