04-14-2025 10:22 AM
Hello!
I may be trying to do something impossible, but it seems like the configuration elements are all there. We have a static default route to our ISP that is set with path monitoring so that we failover to a backup route when the gateway is unreachable. We are trying to figure out a way to be emailed when the path monitor fails. I have seen the logs in the system log. I have created a log server profile with the correct info and verified that the connection test succeeds. In Log Settings > System, I have added a new entry set to match on filter (eventid eq path-monitor-failure), and attached it to the log server profile I created.
This log has been generated multiple times in the system logs, but it appears that no emails are even being attempted by the firewall. Nothing is showing up in logs to indicate they are, and no emails are getting through. I went ahead and removed the filter and just made it filter on "all logs" and the results are the same.
This surely seems like all the pieces are in place, but maybe this is not possible to email on a certain log event?
04-14-2025 10:33 AM
When you test the server on the email server profile, do you actually receive an email or do you just get the test succeeded message? That test should generate an email to the configured address when you test it; assuming that goes through there's no reason that what you've described shouldn't be sending messages. Have you verified with the individual/team that manages your email system that they are seeing the traffic or not?
04-14-2025 10:55 AM
I do not receive an email when I "test connection", it just says the test was a success. I have reached out to the system admins to inquire about the email traffic and am waiting to hear back. There really shouldn't be anything stopping it as we just use a mail relay with no TLS. I just randomly received one single email from the email server profile I setup, which is just more confusing since the profile is set to match on any log. I should be getting hammered with email alerts. I plan to hold until the system folks can confirm what they are seeing
04-14-2025 11:00 AM
Something is getting in the way of the traffic then, the test connection process will send you an email. It could be that the firewall isn’t be permitted on the relay, or it could be that it’s being flagged and blocked by your email defense platform.
The fact that you’re seeing some of these alerts generate would lead me more down the path that your email defense platform isn’t accepting the email for delivery.
04-17-2025 05:41 AM
Maybe it is supposed to send a test email. It's certainly not clear that that is the case from the prompts. Regardless, thank you for weighing in. Sadly, it does not appear that it is a problem with the path. I do randomly get a few emails a day for alerts, and the system admins have confirmed that the mail that hits the relay is getting delivered, and matches the few messages I am getting. But with it set to alert on "all logs" I should be getting absolutely crushed with emails. And when I physically disconnected a link to generate a critical alert, that did not generate an email. I will open up a ticket and see what they say. It must be some configuration thing I did wrong, but I am baffled as to how I am just getting an email and here and there when it's matching on all logs. I'll post a solution in here when/if I get one.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
