QRadar: Custom alert-config.xml template creates emails with columns that are not aligned properly.

Troubleshooting

Problem

I properly modify the alert-config.xml template, but after an offense fires the resulting email has an incorrect alignment.

Cause

Editing the alert-config.xml file on a Windows desktop using notepad, wordpad, or word can cause errors in formatting. Editing this file in notepad will convert the tab characters in the template to space characters.

Diagnosing The Problem

If you look at the resulting email that was sent you see the column alignment is wrong.

Improper column alignment:

Username: root Event TimeStamp: Jan 31, 2017Event Name: A user executed a Category: SIM User Action Log Source Name: SIM Audit-2::c Computer: N/A EventID: N/A Message: N/A Subject: N/A
Email should look like:

Username: root Event TimeStamp: Jan 31, 2017 Event Name: A user executed a Category:SIM User Action Log Source Name: SIM Audit-2::c Computer: N/A EventID: N/A Message: N/A Subject: N/A

Resolving The Problem

To resolve the issue edit the alert-config.xml file using an editor such as vi on the system to preserve the template formatting and ensure that the formatting is correct.

For more information on how to edit the alert-config.xml file please refer to this Knowledge Center article. Configuring custom email notifications

Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Offense Manager","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2;7.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

QRadar: Custom alert-config.xml template creates emails with columns that are not aligned properly.

Troubleshooting

Problem

Cause

Diagnosing The Problem

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?