Emaild
Overview
The Unified Assurance Event Email Aggregator is a generic email integration. It connects to a POP3/IMAP email account and processes any messages found with customizable rules which can create de-duplicated events within Unified Assurance. It then deletes the email from the server.
Email Aggregator Setup
-
Update the application configuration to connect to the correct email server, along with the correct authentication settings.
-
Enable the default Service, unless a specific configuration option is needed.
Default Service
| Field | Value |
|---|---|
| Package Name | coreCollection-app |
| Service Name | Event Email Aggregator |
| Service Program | bin/core/collection/Emaild |
| Service Arguments | |
| Service Description | Email Aggregator that collects from POP3 |
| Failover Type | Standalone (Supported: Standalone, Primary/Backup) |
| Status | Disabled |
| Privileged | (Checked) |
Default Configuration
| Name | Value | Possible Values | Notes |
|---|---|---|---|
| BaseRules | collection/event/email/base.rules | Text, 255 characters | Relative path to Base Rules. |
| BranchDir | core/default | Text, 255 characters | relative path to Rules dir. |
| ConnectionSecurity | None (Plaintext) | None (Plaintext) / SSL (Secure on connect) / TLS (Negotiated) | Secure connection protocol. |
| EmailProtocol | POP3 | POP3 / IMAP | Mail protocol. |
| Host | mail.example.com | Text, 255 characters | DNS name or IP Address of the email server. |
| IncludeRules | collection/event/email/base.includes | Text, 255 characters | Relative path to Include Rules. |
| Interval | 60 | Integer | How often in seconds the aggregator will connect to collect the email. |
| LoadRules | collection/event/email/base.load | Text, 255 characters | Relative path to Load Rules. |
| LogFile | logs/EventEmail.log | Text, 255 characters | Relative path to Log File. |
| LogLevel | ERROR | OFF, FATAL, ERROR, WARN, INFO, DEBUG | Logging level used by application. |
| Password | monolith | Text, 255 characters | Password for login name of email server account. |
| Port | 110 | Integer | Port for email server to collect email. (defaults: POP3 = 110, POP3S = 995, IMAP = 143, IMAPS = 993). |
| ShardID | 1 | Integer | Database shard to be used. |
| Threads | 3 | Integer | Number of process threads created. The aggregator takes a third of this value (rounded up) for database threads unless overridden by the "DBThreads" application configuration. |
| Username | username@example.com | Text, 255 characters | Login name for email server account. |
| Capture | Disabled | Enabled/Disabled | Optional - If enabled, saves the raw message in the Log. |
| DBThreads | Integer | Optional - Number of database threads to be created. If not specified, defaults to a third (rounded up) of "Threads" application configuration. | |
| FieldSetFile | Text, 255 characters | Optional - Path to csv file containing custom list of fields that will be used when inserting data. (Requires InsertSQLFile.) | |
| Folder | INBOX | Text, 255 characters | Optional - If specified only processes the matching folder (IMAP only). |
| IgnoreSizeErrors | Disabled | Enabled/Disabled | Optional - IMAP only. Certain (caching) servers, like Exchange 2007, often report the wrong message size. Instead of skipping the message with an error, the reported size will just be ignored. |
| InsertSQLFile | Text, 255 characters | Optional - Path to file containing custom SQL Insert statement for handling of event inserts. (Requires FieldSetFile.) | |
| Verification | Enabled | Enabled/Disabled | Optional - Verify server certificate on connection (SSL/TLS only) defaults to Enabled. |
Rules
This aggregator uses the Unified Assurance standard rules architecture. The rules are written in Perl syntax. Refer to the following guides for details on rules creation:
Tokens
The aggregator exposes the following tokens for rules processing.
| Token | Description |
|---|---|
| $AppConfig | Hash reference to the application configuration name-value pairs that were configured. (i.e. use $AppConfig->{'Host'} to retrieve the set value for 'Host'.) |
| $Event | Reference to the hash that is used to create and insert the Event data into the database. Keys map to the fields within the table used and values assigned are inserted in the database to that field. (e.g. $Event->{'IPAddress'} = '192.0.2.1' to assign the event IP address to '192.0.2.1') At least the 'Node' and 'Summary' fields must be set, or no event is inserted. |
| $SubjectOfMessage | Subject of Received Email |
| $FromEmailAddress | First From Email Address header contents (may contain multiple emails) |
| $ToEmailAddress | First To Email Address header contents (may contain multiple emails) |
| $CCEmailAddress | First CC Email Address header contents (may contain multiple emails) |
| $BodyOfMessage | Body of Received Email. ('text/plain' = PlainBody, 'text/html' = HTMLBody, 'multipart/*' = PlainBody) |
| $RawEmail | Raw undecoded Email including headers |
| $ContentType | Content Type of message |
| $ToAddresses | Array reference to all "To" header contents (usually the same as $ToEmailAddress) |
| $FromAddresses | Array reference to all "From" header contents (usually the same as $FromEmailAddress) |
| $CCAddresses | Array reference to all "CC" header contents |
| $ReceivedHeaders | Array reference to all "Received" header contents (contains list of servers mail went through) |
| $PlainBody | Email body. In text/html content type this contains the plaintext stripped of any HTML tags |
| $HTMLBody | Email body for text/html content type |
| $EmailObject | Email::MIME object representing the email. For advanced parsing operations only |
| $discard_flag | Flag for discard (0 = No, 1 = Yes) |
| $Count | Message Counter |
| $CustomHash | Custom key, value cache available across all rules. Contents commonly defined in Load Rules then used in Base or other rules. NOTE: This variable is a shared object and any additional sub hashes or arrays must be shared before use or it will cause the error: "Invalid value for shared scalar". Instantiate the sub hash/array using '&share({})' e.g. $CustomHash->{SubObject} = \&share({}); |
Example Integration
In the below example, a section of logic was added so that emails that have "Example" in the subject line will processed. For each of those emails, the body will be parsed and the Node and Status values will be extracted. The default event fields are then modified with those values, along with setting the "SubMethod". If the Status contains "Down", a event is created with Severity set to 5 (Critical). If the Status contains "Up", a event is created with Severity set to 0 (Clear), which will also clear the previous "Down" event.
elsif ($SubjectOfMessage =~ /Example/) {
$Event->{'SubMethod'} = "Example Email";
(my $Device, $Status) = $BodyOfMessage =~ /Device:(.*) Status:(.*)/;
if($Status eq 'Up'){
$Event->{Severity} = 0;
}
elsif($Status eq 'Down'){
$Event->{Severity} = 5;
}
$Event->{'Node'} = $Device;
$Event->{'Summary'} = "$SubjectOfMessage - $Device is $Status";
}
Administration Details
The following list shows the technical details you will need for advanced administration of the application:
-
Package - coreCollection-app
-
Synopsis -
./Emaild [OPTIONS] -
Options:
-c, --AppConfigID N Application Config ID (Service, Job, or Request ID) -?, -h, --Help Print usage and exit -
Threaded - Multi-Threaded