Description
This article describes how to get all message details which is mentioned in event logs during setting up the e-mail alerts.
Solution
While setting up the emails alerts in go to Security Fabric -> Automation -> E-mail Alerts and do not remove '%%log%%' from the e-mail body otherwise the event details will appear but not the proper information mentioned in the event logs:
In the below screenshot, the event was set up for the link status and in the E-mail alert ->E-mail Body value '%%log%%' was removed.
When the link status is moved to downstate, the below message will appear in the email which did not have the complete information that the interface down or up.
Do not remove the '%%log%%' information otherwise complete message mentioned in the events logs will not be sent in the email.
After setting up the e-mail body to '%%log%%', the full message appears in the email which is mentioned in the events logs below:
If the issue still persists, collect the below debug:
To collect the debug for email alert :
diag debug reset
diag debug enable
diag debug console timestamp enable
diag debug application alertmail -1
Send a test activation mail:
diagnose log alertmail test
Then disable debug:
diag debug disable
diag debug reset
Related article:
Technical Tip: How to configure email alert when interface status is changed
