Alert notifications are not triggering in Aria Operations for Logs.
Article ID: 385135
Updated On:
Products
VMware Aria Suite
Issue/Introduction
- Alert notifications are not triggered even though the alert conditions are met. Sending test alert is successful and the test alert notifications are received by the endpoints as well, but not the alert notification.
- com.vmware.loginsight.rbac.RBACException errors are seen in /storage/core/loginsight/var/runtime.log:
[YYYY-MM-DD TT:TT:TT.TTT+0000] ["ScheduledQueryServiceScheduler-thread-3"/X.X.X.X ERROR] [com.vmware.loginsight.scheduled.ScheduledQueryService] [Could not run query for alert] com.vmware.loginsight.rbac.RBACException: User [username] not found in domain <domain_name>. at com.vmware.loginsight.aaa.krb5.ActiveDirectoryQueryHelper.queryUserGroups(ActiveDirectoryQueryHelper.java:1042) ~[auth-lib.jar:?] at com.vmware.loginsight.database.dao.RBACUserDO.loadDirectoryGroups(RBACUserDO.java:172) ~[database-lib-li.jar:?] at com.vmware.loginsight.database.dao.RBACUserDO.loadDirectoryGroups(RBACUserDO.java:146) ~[database-lib-li.jar:?] at com.vmware.loginsight.rbac.RBACUser.getDirectoryGroups(RBACUser.java:198) ~[commons-lib.jar:?] at com.vmware.loginsight.rbac.RBACUser.getGroups(RBACUser.java:182) ~[commons-lib.jar:?] at com.vmware.loginsight.rbac.RBACUser.getEffectiveDataSets(RBACUser.java:389) ~[commons-lib.jar:?] at com.vmware.loginsight.scheduled.ScheduledQuerySearch.constrainSearchToUser(ScheduledQuerySearch.java:625) ~[scheduled-services.jar:?] at com.vmware.loginsight.scheduled.ScheduledQuerySearch.doSearch(ScheduledQuerySearch.java:577) ~[scheduled-services.jar:?] at com.vmware.loginsight.scheduled.ScheduledQuerySearch.searchGroupByQuery(ScheduledQuerySearch.java:400) ~[scheduled-services.jar:?] at com.vmware.loginsight.scheduled.ScheduledQuerySearch.alertSearch(ScheduledQuerySearch.java:173) ~[scheduled-services.jar:?] at com.vmware.loginsight.scheduled.ScheduledQuerySearch.alertSearch(ScheduledQuerySearch.java:132) ~[scheduled-services.jar:?] at com.vmware.loginsight.scheduled.ScheduledQueryService.searchAndRaiseAlertIfNeeded(ScheduledQueryService.java:211) [scheduled-services.jar:?] at com.vmware.loginsight.scheduled.ScheduledQueryService$ScheduledQueryServiceImpl$1.run(ScheduledQueryService.java:650) [scheduled-services.jar:?] at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [?:?] at java.util.concurrent.FutureTask.run(Unknown Source) [?:?] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) [?:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?] at java.lang.Thread.run(Unknown Source) [?:?] Caused by: com.vmware.loginsight.aaa.AuthenticationFailedException: User [username] not found in domain msc.internal. at com.vmware.loginsight.aaa.krb5.ActiveDirectoryQueryHelper.getUser(ActiveDirectoryQueryHelper.java:142) ~[auth-lib.jar:?] at com.vmware.loginsight.aaa.krb5.ActiveDirectoryQueryHelper.getUser(ActiveDirectoryQueryHelper.java:126) ~[auth-lib.jar:?] at com.vmware.loginsight.aaa.krb5.ActiveDirectoryQueryHelper.queryUserGroups(ActiveDirectoryQueryHelper.java:1040) ~[auth-lib.jar:?] ... 18 more[YYYY-MM-DD TT:TT:TT.TTT+0000] ["ScheduledQueryServiceScheduler-thread-2"/X.X.X.X ERROR] [com.vmware.loginsight.scheduled.ScheduledQueryService] [Could not run query for alert] com.vmware.loginsight.rbac.RBACException: Cannot load Directory groups without configuration. at com.vmware.loginsight.database.dao.RBACUserDO.loadDirectoryGroups(RBACUserDO.java:179) ~[database-lib-li.jar:?]
Environment
Aria Operations for Logs 8.18.x
Cause
This issue is encountered if the alerts were created via users imported from Active Directory and if the users were deleted or if the Active Directory configuration was removed.
Resolution
Duplicate the alerts using local admin or any valid user and the alert notifications will trigger as expected.
Refer Define an Alert documentation to create the alert as required.
Feedback
Yes
No
Powered by
