Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Sensor Health Thresholds

We now have the concept of system health which can be viewed in the IDM Dashboard, but can/could the same monitors be configured to send a snmptrap on threshold breach?

2 REPLIES
Cisco Employee

Re: Sensor Health Thresholds

Threshold breaches on sensor are tracked by health monitor application in the form of heartbeat messages encapsulated in evStatus events every 300 seconds as shown below :

evStatus: eventId=1172446951295212902 vendor=Cisco

originator:

hostId: qssm-230

appName: monitor

appInstanceId: 359

time: 2007/02/26 05:00:05 2007/02/26 05:00:05 UTC

healthAndSecurity:

description: Heartbeat

healthStatus: red

securityStatus:

virtualSensor: vs0

status: green

...

...

evStatus messages cannot be sent as snmp traps like evError messages. However the events that cause the threshold to exceed in some cases are also generated as evError messages which are eligible to be sent as snmptraps. Some examples are termination of some application like sensorApp or removing the monitoring interface from virtual sensor, etc. as shown below :

evError: eventId=1172446951295212899 severity=warning vendor=Cisco

originator:

hostId: qssm-230

appName: sensorApp

appInstanceId: 456

time: 2007/02/26 04:59:14 2007/02/26 04:59:14 UTC

errorMessage: name=errWarning unspecifiedWarning:There are no interfaces assigned to any virtual sensors. This can result in some packets not being monitored.

Hope this helps

Community Member

Re: Sensor Health Thresholds

That is indeed useful info, thanks for replying :)

203
Views
0
Helpful
2
Replies
CreatePlease to create content