Gateway Alerts
Following are the SD-WAN and Gateway appliance-related alerts that you can configure for notification over Webhooks. Click on an alert to see its description and JSON payload.
- New Gateway Connected
- Gateway Disconnected
- Gateway CPU Utilization
- Gateway Memory Utilization
- BGP Session Error
- Gateway Base License Capacity Limit Exceeded
- Routing Table Limit
- Overlay Route Orchestrator Connection
- WAN Health-Check Failure
- WAN VPN-Peer Unreachable
- Tunnel Flapping
- Uplink Flapping
- WAN Uplink Status Change
- WAN Uplink Autonegotiation State Change
- IPSec Establishment Failure
- IPSec SA Down
- All IPSec SAs Down
- CFG-SET Advertisement Failure
- VGW VM Down
- Gateway IDS/IPS Engine Error State
- Gateway IDS IPS Engine CPU Utilization
- Gateway IDS IPS Engine Memory Utilization
- Gateway IDS IPS Engine Packer Dropped Detected
New Gateway Connected
Generates an alert when a new Branch Gateway is connected.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 301,
"alert_type": "NEW_GATEWAY_DETECTED",
"setting_id": "abce082bef4a428bb31366f6d6ff223f-301",
"device_id": "CNXXYYZZAA",
"description": "New Gateway GSK-7005-2 with serial CNXXYYZZAA, MAC address 20:aa:bb:cc:eb:30 and IP address 172.168.1.1 connected, Group:unprovisioned",
"state": "Open",
"severity": "Warning",
"operation": "create",
"timestamp": 1612725256,
"details": {
"group": "1",
"labels": "",
"_rule_number": "0",
"params": ["CNXXYYZZAA", "20:aa:bb:cc:eb:30", "172.168.1.1", "GSK-7005-2"],
"serial": "CNXXYYZZAA",
"time": "2021-02-07 19:14:16 UTC",
"group_name": "unprovisioned"
},
"webhook": "52e0abbd-cdda-45f2-bd68-3107fef43841",
"text": "New Gateway GSK-7005-2 with serial CNXXYYZZAA, MAC address 20:aa:bb:cc:eb:30 and IP address 172.168.1.1 connected, Group:unprovisioned"
}
Gateway Disconnected
Generates an alert when a Branch Gateway is disconnected. When a gateway disconnects because of license expiry, the alert description shows 'Reason: Device unlicensed'.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 303,
"alert_type": "GATEWAY_DISCONNECTED",
"setting_id": "abce082bef4a428bb31366f6d6ff223f-303",
"device_id": "CNXXYYZZAA",
"description": "Gateway GSK-7005-2 with serial CNXXYYZZAA, MAC address 20:aa:bb:cc:eb:30 and IP address 172.168.1.1 disconnected. , Group:default",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612725779,
"details": {
"params": [
"CNXXYYZZAA",
"20:aa:bb:cc:eb:30",
"172.168.1.1",
"GSK-7005-2",
"",
""
],
"group": "0",
"ts": "1612725444737",
"labels": "",
"serial": "CNXXYYZZAA",
"conn_status": "disconnected",
"time": "2021-02-07 19:22:59 UTC",
"group_name": "default"
},
"webhook": "52e0abbd-cdda-45f2-bd68-3107fef43841",
"text": "Gateway GSK-7005-2 with serial CNXXYYZZAA, MAC address 20:aa:bb:cc:eb:30 and IP address 172.168.1.1 disconnected. , Group:default"
}
Gateway CPU Utilization
Generates an alert when the Branch Gateway CPU utilization exceeds the threshold value. You can add additional rule(s) for this alert.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1351,
"alert_type": "CONTROLLER_CPU_OVER_UTILIZATION",
"setting_id": "ggsswerr90254beccccaaazza05f17-1351",
"device_id": "CNXXYYZZAA",
"description": "CPU utilization for Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 10% for about 5 minutes since 2021-02-02 13:24:00 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612272540,
"details": {
"name": "WTH_9004-2",
"unit": "%",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": "8",
"_rule_number": "0",
"ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.cpu_utilization.5m",
"duration": "5",
"threshold": "10",
"time": "2021-02-02 13:24:00 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "CPU utilization for Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 10% for about 5 minutes since 2021-02-02 13:24:00 UTC."
}
Gateway Memory Utilization
Retrieving data. Wait a few seconds and try to cut or copy again.
{
"id": "AXdiyfwQo68tULajRTiG",
"nid": 1352,
"alert_type": "CONTROLLER_MEMORY_OVER_UTILIZATION",
"setting_id": "ggsswerr90254beccccaaazza05f17-1352",
"device_id": "CNXXYYZZAA",
"description": "Memory utilization for Gateway WTH_9004-1 with serial CNXXYYZZAA has been above 30% for about 30 minutes since 2021-02-02 12:19:00 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612270140,
"details": {
"name": "WTH_9004-1",
"unit": "%",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": "8",
"_rule_number": "0",
"ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.memory_utilization.5m",
"duration": "30",
"threshold": "30",
"time": "2021-02-02 12:19:00 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Memory utilization for Gateway WTH_9004-1 with serial CNXXYYZZAA has been above 30% for about 30 minutes since 2021-02-02 12:19:00 UTC."
}
BGP Session Error
Generates an alert when a BGP session fails.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1355,
"alert_type": "CONTROLLER BGP SESSION ERROR",
"setting_id": "ggsswerr90254beccccaaazza05f17-1355",
"device_id": "CNXXYYZZAA",
"description": "BGP neighbor 172.30.1.102 is down (router-id=10.53.9.44, ASN=3002, serial=CNXXYYZZAA)",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612811123,
"details": {
"serial": "CNXXYYZZAA",
"nbr_addr": "172.30.1.102",
"nbr_as": "3002",
"nbr_id": "10.53.9.44",
"group": "12",
"time": "2021-02-08 19:05:23 UTC"
},
"webhook": "f6f2b19a-31d5-445c-b340-eb1ca8a6fdd8",
"text": "BGP neighbor 172.30.1.102 is down (router-id=10.53.9.44, ASN=3002, serial=CNXXYYZZAA)"
}
Gateway Base License Capacity Limit Exceeded
Generates an alert when a Gateway with Foundation-Base Capacity subscription exceed the client capacity threshold. For more information on Foundation-Base Capacity subscription, see Assigning Subscriptions to Aruba Gateways.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1356,
"alert_type": "GATEWAY_BASE_LICENSE_CAPACITY_EXCEEDED",
"setting_id": "ggsswerr90254beccccaaazza05f17-1356",
"device_id": "CNXXYYZZAA",
"description": "Base license capacity limit exceeded for Gateway with name: CSIM_SCA0000073, serial: CNXXYYZZAA",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612424272,
"details": {
"group": "0",
"labels": [],
"name": "CSIM_CNXXYYZZAA",
"serial": "CNXXYYZZAA",
"time": "2021-02-04 07:37:52 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Base license capacity limit exceeded for Gateway with name: CSIM_CNXXYYZZAA, serial: CNXXYYZZAA"
}
Routing Table Limit
Generates an alert when the routing table size exceeds the 90% of the capacity. This alert is auto-acknowledged when the Routing table size goes below 85% of the capacity.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1357,
"alert_type": "CONTROLLER ROUTE TABLE CAPACITY",
"setting_id": "ggsswerr90254beccccaaazza05f17-1357",
"device_id": "CNXXYYZZAA",
"description": "Routing table for device DC3_VPNC8_7240XM exceeded threshold(serial=CNXXYYZZAA, IP=2.3.1.5, count=29268, max=32768)",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612801998,
"details": {
"serial": "CNXXYYZZAA",
"ip_address": "2.3.1.5",
"count": "29268",
"hostname": "DC3_VPNC8_7240XM",
"max": "32768",
"group": "57",
"time": "2021-02-08 16:33:18 UTC"
},
"webhook": "5cbc87e4-9eb5-45d2-b890-b21db89ca5b4",
"text": "Routing table for device DC3_VPNC8_7240XM exceeded threshold(serial=CNXXYYZZAA, IP=2.3.1.5, count=29268, max=32768)"
}
Overlay Route Orchestrator Connection
Generates an alert when the control connection between the Branch Gateway and the Overlay Route Orchestration (ORO) is down. This alert is auto-acknowledged when the control connection is re-established.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1359,
"alert_type": "CONTROLLER OAP CONNECTION",
"setting_id": "ggsswerr90254beccccaaazza05f17-1359",
"device_id": "CNXXYYZZAA",
"description": "Overlay Route Orchestrator control connection is down for Legacy2.0-BGW1-A7005-39_82_AC (serial=CNXXYYZZAA)",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612808837,
"details": {
"hostname": "Legacy2.0-BGW1-A7005-39_82_AC",
"serial": "CNXXYYZZAA",
"group": "22",
"time": "2021-02-08 18:27:17 UTC"
},
"webhook": "f6f2b19a-31d5-445c-b340-eb1ca8a6fdd8",
"text": "Overlay Route Orchestrator control connection is down for Legacy2.0-BGW1-A7005-39_82_AC (serial=CNXXYYZZAA)"
}
WAN Health-Check Failure
Generates an alert when WAN health check fails.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1501,
"alert_type": "WAN_UPLINK_REACHABILITY_HEALTH_CHECK_IP_FAILED",
"setting_id": "ggsswerr90254beccccaaazza05f17-1501",
"device_id": "CNXXYYZZAA",
"description": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNXXYYZZAA to Health Check IP 52.52.253.87 on uplink inet2_inet. Default-gateway is reachable.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612304659,
"details": {
"default_gw_status": "reachable",
"intf_name": "inet2_inet",
"ip": "52.52.253.87",
"hostname": "WTH_9004-2",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-02 22:24:19 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNXXYYZZAA to Health Check IP 52.52.253.87 on uplink inet2_inet. Default-gateway is reachable."
}
WAN VPN-Peer Unreachable
Generates an alert when the WAN VPN peer is unreachable.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1502,
"alert_type": "WAN_UPLINK_REACHABILITY_VPN_PEER_FAILED",
"setting_id": "ggsswerr90254beccccaaazza05f17-1502",
"device_id": "CNXXYYZZAA",
"description": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNXXYYZZAA to VPN peer 192.168.103.99 on uplink inet2_inet. Default-gateway is unreachable.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612348217,
"details": {
"ip": "192.168.103.99",
"intf_name": "inet2_inet",
"default_gw_status": "unreachable",
"hostname": "WTH_9004-2",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-03 10:30:17 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNXXYYZZAA to VPN peer 192.168.103.99 on uplink inet2_inet. Default-gateway is unreachable."
}
Tunnel Flapping
Generates an alert when the tunnel state changes frequently. In the Interface field, enter the interface name. You can add additional rule(s) for this alert.
{
"alert_type": "WAN_TUNNEL_FLAP",
"description": "Tunnel data-vpnc-00:1a:1e:03:83:30-link1_inet status flapped 1% on device CNXXYYZZAA for about 15 minutes since 2019-07-25 12:26:00 UTC.",
"timestamp": 1564058460,
"webhook": "394c7a3c-ca41-4476-8afc-857e54aa4b3b",
"setting_id": "ggsswerr90254beccccaaazza05f17-1601",
"state": "Open",
"nid": 1601,
"details": {
"alias_map_name": "data-vpnc-00:1a:1e:03:83:30-link1_inet",
"_rule_number": "0",
"group": "77",
"dst_ip": "172.168.101.9",
"labels": "8,661",
"src_ip": "192.168.51.254",
"duration": "15",
"time": "2019-07-25 12:26:00 UTC",
"threshold": "1",
"ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.uplink.tunnel.flap.5m",
"serial": "CNXXYYZZAA",
"uplink_tag": "link1_inet",
"unit": "%"
},
"operation": "create",
"device_id": "CNXXYYZZAA",
"id": "AXyzbcapqrstn24BIWcc",
"severity": "Critical"
}
Uplink Flapping
Generates an alert when the uplink state changes frequently. In the Interface field, enter the interface name. You can add additional rule(s) for this alert.
{
"alert_type": "WAN_UPLINK_FLAP",
"description": "Uplink link1_inet link status flapped 1% on device with CNXXYYZZAA for about 15 minutes
since 2019-07-25 12:36:00 UTC.",
"timestamp": 1564059060,
"webhook": "394c7a3c-ca41-4476-8afc-857e54aa4b3b",
"setting_id": "ggsswerr90254beccccaaazza05f17-1600",
"state": "Open",
"nid": 1600,
"details": {
"status": "DOWN",
"_rule_number": "0",
"group": "77",
"labels": "8,661",
"current_status": "UP",
"duration": "15",
"intf_name": "link1_inet",
"time": "2019-07-25 12:36:00 UTC",
"threshold": "1",
"ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.uplink.flap.5m",
"serial": "CNXXYYZZAA",
"uplink_tag": "link1_inet",
"unit": "%"
},
"operation": "create",
"device_id": "CNXXYYZZAA",
"id": "AXyzbcapqrstn24BIWcc",
"severity": "Critical"
}
WAN Uplink Status Change
Generates an alert when the WAN uplink status changes.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1505,
"alert_type": "WAN_UPLINK_STATUS_CHANGE",
"setting_id": "ggsswerr90254beccccaaazza05f17-1505",
"device_id": "CNXXYYZZAA",
"description": "Uplink port inet_inet status change UP -> DOWN for device WTH-9004-3 with serial CNXXYYZZAA at 2021-02-03 11:01:35 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612350095,
"details": {
"intf_name": "inet_inet",
"status": "UP",
"current_status": "DOWN",
"uplink_tag": "inet_inet",
"hostname": "WTH-9004-3",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-03 11:01:35 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Uplink port inet_inet status change UP -> DOWN for device WTH-9004-3 with serial CNXXYYZZAA at 2021-02-03 11:01:35 UTC"
}
WAN Uplink Autonegotiation State Change
Generates an alert when the WAN uplink automatic negotiation status changes.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1506,
"alert_type": "WAN_UPLINK_AUTONEGOTIATION_STATE_CHANGE",
"setting_id": "ggsswerr90254beccccaaazza05f17-1506",
"device_id": "CNXXYYZZAA",
"description": "WAN ports autonegotiaton speed changed from 1000 Mbps to Auto Mbps for device WTH-9004-3 with serial CNXXYYZZAA for uplink GE0/0/1 at 2021-02-03 11:02:35 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612350155,
"details": {
"intf_name": "GE0/0/1",
"speed": "1000",
"new_speed": "Auto",
"hostname": "WTH-9004-3",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-03 11:02:35 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "WAN ports autonegotiaton speed changed from 1000 Mbps to Auto Mbps for device WTH-9004-3 with serial CNXXYYZZAA for uplink GE0/0/1 at 2021-02-03 11:02:35 UTC"
}
IPSec Establishment Failure
Generates an alert when the IPsec tunnel fails to establish.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1550,
"alert_type": "WAN_IPSEC_SA_ESTABILSHMENT_FAILED",
"setting_id": "ggsswerr90254beccccaaazza05f17-1550",
"device_id": "CNXXYYZZAA",
"description": "IPSec Tunnel Establishment from 192.168.36.10 to 192.168.103.99 failed on device WTH-9004-3 with serial CNXXYYZZAA at 2021-02-02 13:17:20 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612271840,
"details": {
"src_ip": "192.168.36.10",
"dst_ip": "192.168.103.99",
"alias_map_name": "WTH-9004-3:inet_inet::GSK_VPNC2:vlan103",
"link_tag": "inet_inet",
"hostname": "WTH-9004-3",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-02 13:17:20 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "IPSec Tunnel Establishment from 192.168.36.10 to 192.168.103.99 failed on device WTH-9004-3 with serial CNXXYYZZAA at 2021-02-02 13:17:20 UTC"
}
IPSec SA Down
Generates an alert when the IPsec SA is down.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1551,
"alert_type": "WAN_IPSEC_SA_DOWN",
"setting_id": "ggsswerr90254beccccaaazza05f17-1551",
"device_id": "CNXXYYZZAA",
"description": "IPSec tunnel WTH_9004-1:inet2_inet::GSK_VPNC2:vlan103 from 192.168.31.10 to 192.168.103.99 is DOWN on device WTH_9004-1 with serial CNXXYYZZAA. Reason: Administrator cleared IPSEC SA at 2021-02-02 13:14:11 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612271651,
"details": {
"src_ip": "192.168.31.10",
"dst_ip": "192.168.103.99",
"reason": "Administrator cleared IPSEC SA",
"alias_map_name": "WTH_9004-1:inet2_inet::GSK_VPNC2:vlan103",
"uplink_tag": "inet2_inet",
"hostname": "WTH_9004-1",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-02 13:14:11 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "IPSec tunnel WTH_9004-1:inet2_inet::GSK_VPNC2:vlan103 from 192.168.31.10 to 192.168.103.99 is DOWN on device WTH_9004-1 with serial CNXXYYZZAA. Reason: Administrator cleared IPSEC SA at 2021-02-02 13:14:11 UTC"
}
All IPSec SAs Down
Generates an alert when all the IPsec SAs are down.
{
"id": "AXdi4Qoyo68tULajRUzs",
"nid": 1552,
"alert_type": "WAN_IPSEC_SA_ALL_DOWN",
"setting_id": "ggsswerr90254beccccaaazza05f17-1552",
"device_id": "CNXXYYZZAA",
"description": "All IPSec SAs down for device WTH_9004-1 with serial CNXXYYZZAA at 2021-02-02 13:14:11 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612271651,
"details": {
"hostname": "WTH_9004-1",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-02 13:14:11 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "All IPSec SAs down for device WTH_9004-1 with serial CNXXYYZZAA at 2021-02-02 13:14:11 UTC"
}
CFG-SET Advertisement Failure
Generates an alert when the CFG-SET advertisement fails.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1554,
"alert_type": "CFG_SET_ADVERTISEMENT_FAILURE",
"setting_id": "ggsswerr90254beccccaaazza05f17-1554",
"device_id": "CNXXYYZZAA",
"description": "CFG-Set advertisement failure for Gateway CNXXYYZZAA with serial BIM0010001 on tunnel default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6 from 10.1.1.1 to 200.1.1.6",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612351819,
"details": {
"src_ip": "10.1.1.1",
"dst_ip": "200.1.1.6",
"alias_map_name": "default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6",
"map_name": "default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6",
"hostname": "CNXXYYZZAA",
"serial": "CNXXYYZZAA",
"group": "0",
"labels": [],
"time": "2021-02-03 11:30:19 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "CFG-Set advertisement failure for Gateway BIM0010001 with serial CNXXYYZZAA on tunnel default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6 from 10.1.1.1 to 200.1.1.6"
}
VGW VM Down
Generates an alert when an Aruba Virtual Gateway deployed as a Virtual Machine is down.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1702,
"alert_type": "VGW_HEALTH_STATE_CHANGE_DETECTED",
"setting_id": "ggsswerr90254beccccaaazza05f17-1702",
"device_id": "CNXXYYZZAA",
"description": "VGW VM DOWN -- User: [email protected] Cloud-Account: Test Cloud-Provider: Azure Region-Id: canadacentral VPC-Id: /karan_res_canada/canadavnet VM-Id: /subscriptions/2bf1e338-5361-470d-bcba-78c50b2b7f16/resourceGroups/karan_res_canada/providers/Microsoft.Compute/virtualMachines/ArubaVGW-92-1A-3A Serial-Number: CNXXYYZZAA Mac-Address: 02:1A:1E:92:1A:3A",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612782698,
"details": {
"account_id": "4454656d9-asdf-wert-8ss0-3erarq23e4be",
"mac": "02:1A:1E:92:1A:3A",
"serial": "CNXXYYZZAA",
"vm_id": "/subscriptions/2bf1e338-5361-470d-bcba-78c50b2b7f16/resourceGroups/karan_res_canada/providers/Microsoft.Compute/virtualMachines/ArubaVGW-92-1A-3A",
"account_name": "Test",
"region_id": "canadacentral",
"customer_name": "[email protected]",
"health": "DOWN",
"vpc_id": "/karan_res_canada/canadavnet",
"provider_name": "Azure",
"customer_id": "ggsswerr90254beccccaaazza05f17",
"time": "2021-02-08 11:11:38 UTC"
},
"webhook": "5cbc87e4-9eb5-45d2-b890-b21db89ca5b4",
"text": "VGW VM DOWN -- User: [email protected] Cloud-Account: Test Cloud-Provider: Azure Region-Id: canadacentral VPC-Id: /karan_res_canada/canadavnet VM-Id: /subscriptions/2bf1e338-5361-470d-bcba-78c50b2b7f16/resourceGroups/karan_res_canada/providers/Microsoft.Compute/virtualMachines/ArubaVGW-92-1A-3A Serial-Number: CNXXYYZZAA Mac-Address: 02:1A:1E:92:1A:3A"
}
Gateway IDS/IPS Engine Error State
Generates an alert when the Gateway’s IDS/IPS Engine state is either crashed or stopped. A severity of Critical indicates that the engine has crashed and Major indicates that the engine has stopped.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 2301,
"alert_type": "GW_IDS_IPS_ENGINE_ERROR_STATE_ALERT",
"setting_id": "ggsswerr90254beccccaaazza05f17-2301",
"device_id": "CNXXYYZZAA",
"description": "IDS/IPS engine on Gateway WTH_9004-1 with serial CNXXYYZZAA has moved to an error (Stopped) state.",
"state": "Close",
"severity": "Critical",
"operation": "update",
"timestamp": 1612407706,
"details": {
"serial": "CNXXYYZZAA",
"hostname": "WTH_9004-1",
"state": "Stopped",
"time": "2021-02-04 03:00:23 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "IDS/IPS engine on Gateway WTH_9004-1 with serial CNXXYYZZAA has moved to an error (Stopped) state."
}
Gateway IDS IPS Engine CPU Utilization
Generates an alert when the CPU utilization by IDS/IPS engine exceeds the threshold value and duration. You can add additional rule(s) for this alert.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 2302,
"alert_type": "GW_IDS_IPS_ENGINE_CPU_OVER_UTILIZATION",
"setting_id": "ggsswerr90254beccccaaazza05f17-2302",
"device_id": "CNXXYYZZAA",
"description": "CPU utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 10% for about 11 minutes since 2021-02-04 02:43:01 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612407241,
"details": {
"name": "WTH_9004-2",
"unit": "%",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": "8",
"_rule_number": "0",
"ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.idps.cpu.5m",
"duration": "11",
"threshold": "10",
"time": "2021-02-04 02:43:01 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "CPU utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 10% for about 11 minutes since 2021-02-04 02:43:01 UTC."
}
Gateway IDS IPS Engine Memory Utilization
Generates an alert when the memory utilization exceeds the threshold value and duration. You can add additional rule(s) for this alert.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 2303,
"alert_type": "GW_IDS_IPS_ENGINE_MEMORY_OVER_UTILIZATION",
"setting_id": "ggsswerr90254beccccaaazza05f17-2303",
"device_id": "CNXXYYZZAA",
"description": "Memory utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial CNJJKLB0HB has been above 2% for about 5 minutes since 2021-02-04 02:49:00 UTC.",
"state": "Open",
"severity": "Minor",
"operation": "create",
"timestamp": 1612407240,
"details": {
"name": "WTH_9004-2",
"unit": "%",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": "8",
"_rule_number": "0",
"ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.idps.mem.5m",
"duration": "5",
"threshold": "2",
"time": "2021-02-04 02:49:00 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Memory utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 2% for about 5 minutes since 2021-02-04 02:49:00 UTC."
}
Gateway IDS IPS Engine Packer Dropped Detected
Generates an alert every time when the number of packets dropped exceeds the configured threshold value
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 2304,
"alert_type": "GW_IDS_IPS_ENGINE_PACKET_DROPPED_DETECTED",
"setting_id": "ggsswerr90254beccccaaazza05f17-2304",
"device_id": "CNXXYYZZAA",
"description": "Packet drop for IDS/IPS engine on Gateway CSIM_CNXXYYZZAA with serial CNXXYYZZAA has been above 75% for about 5 minutes since 2021-02-04 07:22:15 UTC.",
"state": "Open",
"severity": "Minor",
"operation": "create",
"timestamp": 1612423635,
"details": {
"name": "CSIM_CNXXYYZZAA",
"serial": "CNXXYYZZAA",
"threshold": "75",
"duration": "5",
"time": "2021-02-04 07:22:15 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Packet drop for IDS/IPS engine on Gateway CSIM_CNXXYYZZAA with serial CNXXYYZZAA has been above 75% for about 5 minutes since 2021-02-04 07:22:15 UTC."
}
Updated over 2 years ago