Howdy, List. I’m running RTIR 3.0.0rc1; I’m super-new to RT but
super-experienced with incident handling and hacking on Perl.
I have an automated process that emails RTIR various alerts on various
systems; each email is for a single system and its IP address is
included in the subject of the alert. When I take the ticket, this
creates an incident report. I already have a field in the incident
report for the IP address, but I’d like that field to automatically be
populated with the IP address that’s listed in the subject line.
This has probably been covered before; my Google-Fu is sharp, but my
understanding of RT is still dull.
Thanks.
-Bert
Bert Hayes, GSEC, GCIH, GCFA, GWAPT
Information Technology Security Analyst II
Texas Education Agency
bert.hayes@tea.state.tx.us
Howdy, List. I’m running RTIR 3.0.0rc1; I’m super-new to RT but
super-experienced with incident handling and hacking on Perl.
I have an automated process that emails RTIR various alerts on various
systems; each email is for a single system and its IP address is
included in the subject of the alert. When I take the ticket, this
creates an incident report. I already have a field in the incident
report for the IP address, but I’d like that field to automatically be
populated with the IP address that’s listed in the subject line.
This has probably been covered before; my Google-Fu is sharp, but my
understanding of RT is still dull.
Since RTIR already searches the content of the email for IP addresses
(and automatically stores them in the IP Custom Field) I’d probably
make a local modification to lib/RT/Action/RTIR_FindIP.pm in my local/
directory to look in Content and Subject.
That particular Action module could be refactored to make looking in
multiple places easier.
-kevin