Duplicate email notification delayed by 6 hours

Answered

Follow

Jeff Harris

• October 31, 2019 15:42

Hello,

I have seen this behavior on a few different servers, both Wisenet Wave and DW Spectrum, both running version 3.2.  I have configured a rule to send an email in response to an event, the event occurs, the email is sent, then exactly 6 hours later, I get another email for the same event--the body of the email has all the same details as the previous email six hours prior: same event, same description, even the same timestamp.

Is there a setting hidden somewhere that is causing these servers to "follow-up" or something or is this a bug?

0

• 

  Norman - Nx Support

  • May 14, 2020 18:49
  • Edited

  Hi Jeff,

  This shouldn't happen. And is also not something I was able to reproduce. 

  Could you add <removed> as a recipient so I might have a better understanding about what is happening? 

  0

  Comment actions Permalink
• 

  Jeff Harris

  • October 31, 2019 23:27

  Hi Norman,

  Thanks for getting back to me.  I have added the email address you specified as a recipient of notifications for "Network Issue" events.  Coincidentally, this behavior is experienced on the same server which I am trying to capture packets using wireshark related to "network issue" events.  The events seem to be only happening after business hours when I don't monitor my inbox or have access to the server. 

  0

  Comment actions Permalink
• 

  Norman - Nx Support

  • November 01, 2019 07:38

  Hi Jeff,

  That is a 'happy' coincidence since Wireshark should help us to pinpoint this as well, although I assume Wireshark won't capture the 1st and 2nd email like we set it up and capturing 6 hours would cost you several GB of data, if not TB of data. So hopefully Wireshark will capture 1 of them and we can do some analyzing on that. 
  
  So I first see if I can do something with those emails I receive and continue from there.  

  0

  Comment actions Permalink
• 

  Jeff Harris

  • November 01, 2019 15:29

  Hi Norman,

  After I left that comment, I realized that I opened this ticket for behavior exhibited by a different server on which I'm not already running wireshark, so I moved your email over to the server exhibiting this email problem.

  Funny enough, however, the other server that is running a 20x500MB ring buffer had a network issue at 4:52pm yesterday 8 minutes before I left for the day so I didn't catch it in time to stop the packet capture.  Not only that, but 1 hour later, rather than 6, I got a duplicate email for that event :)

  Since you've mentioned it could be helpful, I will setup a similar wireshark capture on the server relevant to this ticket.

  0

  Comment actions Permalink
• 

  Jeff Harris

  • November 01, 2019 15:44

  Also, it's worth mentioning that in this case, in order to catch the outbound email, I'll have to setup the capture on the "WAN" interface of the server rather than on the surveillance interface which is isolated by the server, so I should have much longer than ~10-11 minutes to turn off capture if the email comes. 

  0

  Comment actions Permalink
• 

  Norman - Nx Support

  • May 14, 2020 18:54
  • Edited

  Hi Jeff,

  Until today I didn't receive any email on <removed>. 

  Is the issue resolved or was my email address added in the wrong way? 

  0

  Comment actions Permalink
• 

  Norman - Nx Support

  • January 20, 2020 08:28
  • Edited

  Hi Jeff,

  I was thinking about this topic. Could it be that the emails you receive are related to the default rules in Nx Witness and that these rules are similar to the rules you set up? 

  

  0

  Comment actions Permalink

Post is closed for comments.