Regarding smtp setup
you mean trigger alert as SMTP output action? here is the list (you can refer onlinehelp for more details)
NIE RAID 5 Array Alert
SMTP alert used for NIE RAID 5 Array Alert notification. SMTP notification is sent to RSA and to user defined email addresses.
To 2: through To 5:
Type the email addresses individuals within your organization to receive the related message.
Type the email address of the sender. This should be a valid email address.
Tip: You may want to set up an address specifically for this purpose. For example, enVision@domain.com.
Type IP address of the SMTP mail server from which the email message will be sent. (This is typically your email server.) You can also type the resolved name of the mail server and update the hosts file (/WINNT/system32/drivers/etc) with the name and IP address of the mail server.
Type the subject line for the alert email message.
Leave this field blank - the system uses the actual syslog message as the email body. It also displays the following:
Date/Time the message was received
IP address of the device
Yes, you can send a CSV file with every event that triggered a correlation alert. The feature is called "Composite Events" and is all documented in the envision online help. You can add the file to an output action, but enVision still decide to send the event line, you cannot select which part of the line or which variable send ... fortunately it works! and you can see the file in you favorite CSV editor.
Regards from Chile,
You can use SYSLOG as ACTION TYPE instead of SMTP, when you are defining the output action.
Then you need to type all the information needed: IP addresses and ports.