HomeGuidesAPI Reference
GuidesAPI ReferenceGitHubAirheads Developer CommunityLog In

Gateway Alerts

Following are the SD-WAN and Gateway appliance-related alerts that you can configure for notification over Webhooks. Click on an alert to see its description and JSON payload.

New Gateway Connected

Generates an alert when a new Branch Gateway is connected.

{
 	"id": "AXyzbcapqrstn24BIWcc",
 	"nid": 301,
 	"alert_type": "NEW_GATEWAY_DETECTED",
 	"setting_id": "abce082bef4a428bb31366f6d6ff223f-301",
 	"device_id": "CNXXYYZZAA",
 	"description": "New Gateway GSK-7005-2 with serial CNXXYYZZAA, MAC address 20:aa:bb:cc:eb:30 and IP address 172.168.1.1 connected, Group:unprovisioned",
 	"state": "Open",
 	"severity": "Warning",
 	"operation": "create",
 	"timestamp": 1612725256,
 	"details": {
 		"group": "1",
 		"labels": "",
 		"_rule_number": "0",
 		"params": ["CNXXYYZZAA", "20:aa:bb:cc:eb:30", "172.168.1.1", "GSK-7005-2"],
 		"serial": "CNXXYYZZAA",
 		"time": "2021-02-07 19:14:16 UTC",
 		"group_name": "unprovisioned"
 	},
 	"webhook": "52e0abbd-cdda-45f2-bd68-3107fef43841",
 	"text": "New Gateway GSK-7005-2 with serial CNXXYYZZAA, MAC address 20:aa:bb:cc:eb:30 and IP address 172.168.1.1 connected, Group:unprovisioned"
 }

Gateway Disconnected

Generates an alert when a Branch Gateway is disconnected. When a gateway disconnects because of license expiry, the alert description shows 'Reason: Device unlicensed'.

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 303,
  "alert_type": "GATEWAY_DISCONNECTED",
  "setting_id": "abce082bef4a428bb31366f6d6ff223f-303",
  "device_id": "CNXXYYZZAA",
  "description": "Gateway GSK-7005-2 with serial CNXXYYZZAA, MAC address 20:aa:bb:cc:eb:30 and IP address 172.168.1.1 disconnected. , Group:default",
  "state": "Open",
  "severity": "Major",
  "operation": "create",
  "timestamp": 1612725779,
  "details": {
    "params": [
      "CNXXYYZZAA",
      "20:aa:bb:cc:eb:30",
      "172.168.1.1",
      "GSK-7005-2",
      "",
      ""
    ],
    "group": "0",
    "ts": "1612725444737",
    "labels": "",
    "serial": "CNXXYYZZAA",
    "conn_status": "disconnected",
    "time": "2021-02-07 19:22:59 UTC",
    "group_name": "default"
  },
  "webhook": "52e0abbd-cdda-45f2-bd68-3107fef43841",
  "text": "Gateway GSK-7005-2 with serial CNXXYYZZAA, MAC address 20:aa:bb:cc:eb:30 and IP address 172.168.1.1 disconnected. , Group:default"
}

Gateway CPU Utilization

Generates an alert when the Branch Gateway CPU utilization exceeds the threshold value. You can add additional rule(s) for this alert.

{
	"id": "AXyzbcapqrstn24BIWcc",
	"nid": 1351,
	"alert_type": "CONTROLLER_CPU_OVER_UTILIZATION",
	"setting_id": "ggsswerr90254beccccaaazza05f17-1351",
	"device_id": "CNXXYYZZAA",
	"description": "CPU utilization for Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 10% for about 5 minutes since 2021-02-02 13:24:00 UTC.",
	"state": "Open",
	"severity": "Critical",
	"operation": "create",
	"timestamp": 1612272540,
	"details": {
		"name": "WTH_9004-2",
		"unit": "%",
		"serial": "CNXXYYZZAA",
		"group": "36",
		"labels": "8",
		"_rule_number": "0",
		"ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.cpu_utilization.5m",
		"duration": "5",
		"threshold": "10",
		"time": "2021-02-02 13:24:00 UTC"
	},
	"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
	"text": "CPU utilization for Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 10% for about 5 minutes since 2021-02-02 13:24:00 UTC."
}

Gateway Memory Utilization

Retrieving data. Wait a few seconds and try to cut or copy again.

{
  "id": "AXdiyfwQo68tULajRTiG",
  "nid": 1352,
  "alert_type": "CONTROLLER_MEMORY_OVER_UTILIZATION",
  "setting_id": "ggsswerr90254beccccaaazza05f17-1352",
  "device_id": "CNXXYYZZAA",
  "description": "Memory utilization for Gateway WTH_9004-1 with serial CNXXYYZZAA has been above 30% for about 30 minutes since 2021-02-02 12:19:00 UTC.",
  "state": "Open",
  "severity": "Critical",
  "operation": "create",
  "timestamp": 1612270140,
  "details": {
    "name": "WTH_9004-1",
    "unit": "%",
    "serial": "CNXXYYZZAA",
    "group": "36",
    "labels": "8",
    "_rule_number": "0",
    "ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.memory_utilization.5m",
    "duration": "30",
    "threshold": "30",
    "time": "2021-02-02 12:19:00 UTC"
  },
  "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
  "text": "Memory utilization for Gateway WTH_9004-1 with serial CNXXYYZZAA has been above 30% for about 30 minutes since 2021-02-02 12:19:00 UTC."
}

BGP Session Error

Generates an alert when a BGP session fails.

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 1355,
  "alert_type": "CONTROLLER BGP SESSION ERROR",
  "setting_id": "ggsswerr90254beccccaaazza05f17-1355",
  "device_id": "CNXXYYZZAA",
  "description": "BGP neighbor 172.30.1.102 is down (router-id=10.53.9.44, ASN=3002, serial=CNXXYYZZAA)",
  "state": "Open",
  "severity": "Critical",
  "operation": "create",
  "timestamp": 1612811123,
  "details": {
    "serial": "CNXXYYZZAA",
    "nbr_addr": "172.30.1.102",
    "nbr_as": "3002",
    "nbr_id": "10.53.9.44",
    "group": "12",
    "time": "2021-02-08 19:05:23 UTC"
  },
  "webhook": "f6f2b19a-31d5-445c-b340-eb1ca8a6fdd8",
  "text": "BGP neighbor 172.30.1.102 is down (router-id=10.53.9.44, ASN=3002, serial=CNXXYYZZAA)"
}

Gateway Base License Capacity Limit Exceeded

Generates an alert when a Gateway with Foundation-Base Capacity subscription exceed the client capacity threshold. For more information on Foundation-Base Capacity subscription, see Assigning Subscriptions to Aruba Gateways.

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 1356,
  "alert_type": "GATEWAY_BASE_LICENSE_CAPACITY_EXCEEDED",
  "setting_id": "ggsswerr90254beccccaaazza05f17-1356",
  "device_id": "CNXXYYZZAA",
  "description": "Base license capacity limit exceeded for Gateway with name: CSIM_SCA0000073, serial: CNXXYYZZAA",
  "state": "Open",
  "severity": "Critical",
  "operation": "create",
  "timestamp": 1612424272,
  "details": {
    "group": "0",
    "labels": [],
    "name": "CSIM_CNXXYYZZAA",
    "serial": "CNXXYYZZAA",
    "time": "2021-02-04 07:37:52 UTC"
  },
  "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
  "text": "Base license capacity limit exceeded for Gateway with name: CSIM_CNXXYYZZAA, serial: CNXXYYZZAA"
}

Routing Table Limit

Generates an alert when the routing table size exceeds the 90% of the capacity. This alert is auto-acknowledged when the Routing table size goes below 85% of the capacity.

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 1357,
  "alert_type": "CONTROLLER ROUTE TABLE CAPACITY",
  "setting_id": "ggsswerr90254beccccaaazza05f17-1357",
  "device_id": "CNXXYYZZAA",
  "description": "Routing table for device DC3_VPNC8_7240XM exceeded threshold(serial=CNXXYYZZAA, IP=2.3.1.5, count=29268, max=32768)",
  "state": "Open",
  "severity": "Critical",
  "operation": "create",
  "timestamp": 1612801998,
  "details": {
    "serial": "CNXXYYZZAA",
    "ip_address": "2.3.1.5",
    "count": "29268",
    "hostname": "DC3_VPNC8_7240XM",
    "max": "32768",
    "group": "57",
    "time": "2021-02-08 16:33:18 UTC"
  },
  "webhook": "5cbc87e4-9eb5-45d2-b890-b21db89ca5b4",
  "text": "Routing table for device DC3_VPNC8_7240XM exceeded threshold(serial=CNXXYYZZAA, IP=2.3.1.5, count=29268, max=32768)"
}

Overlay Route Orchestrator Connection

Generates an alert when the control connection between the Branch Gateway and the Overlay Route Orchestration (ORO) is down. This alert is auto-acknowledged when the control connection is re-established.

{

	"id": "AXyzbcapqrstn24BIWcc",
	"nid": 1359,
	"alert_type": "CONTROLLER OAP CONNECTION",
	"setting_id": "ggsswerr90254beccccaaazza05f17-1359",
	"device_id": "CNXXYYZZAA",
	"description": "Overlay Route Orchestrator control connection is down for Legacy2.0-BGW1-A7005-39_82_AC (serial=CNXXYYZZAA)",
	"state": "Open",
	"severity": "Critical",
	"operation": "create",
	"timestamp": 1612808837,
	"details": {
		"hostname": "Legacy2.0-BGW1-A7005-39_82_AC",
		"serial": "CNXXYYZZAA",
		"group": "22",
		"time": "2021-02-08 18:27:17 UTC"
	},
	"webhook": "f6f2b19a-31d5-445c-b340-eb1ca8a6fdd8",
	"text": "Overlay Route Orchestrator control connection is down for Legacy2.0-BGW1-A7005-39_82_AC (serial=CNXXYYZZAA)"
}

WAN Health-Check Failure

Generates an alert when WAN health check fails.

{
	"id": "AXyzbcapqrstn24BIWcc",
	"nid": 1501,
	"alert_type": "WAN_UPLINK_REACHABILITY_HEALTH_CHECK_IP_FAILED",
	"setting_id": "ggsswerr90254beccccaaazza05f17-1501",
	"device_id": "CNXXYYZZAA",
	"description": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNXXYYZZAA to Health Check IP 52.52.253.87 on uplink inet2_inet. Default-gateway is reachable.",
	"state": "Open",
	"severity": "Critical",
	"operation": "create",
	"timestamp": 1612304659,
	"details": {
		"default_gw_status": "reachable",
		"intf_name": "inet2_inet",
		"ip": "52.52.253.87",
		"hostname": "WTH_9004-2",
		"serial": "CNXXYYZZAA",
		"group": "36",
		"labels": [
			"8"
		],
		"time": "2021-02-02 22:24:19 UTC"
	},
	"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
	"text": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNXXYYZZAA to Health Check IP 52.52.253.87 on uplink inet2_inet. Default-gateway is reachable."
}

WAN VPN-Peer Unreachable

Generates an alert when the WAN VPN peer is unreachable.

{
	"id": "AXyzbcapqrstn24BIWcc",
	"nid": 1502,
	"alert_type": "WAN_UPLINK_REACHABILITY_VPN_PEER_FAILED",
	"setting_id": "ggsswerr90254beccccaaazza05f17-1502",
	"device_id": "CNXXYYZZAA",
	"description": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNXXYYZZAA to VPN peer 192.168.103.99 on uplink inet2_inet. Default-gateway is unreachable.",
	"state": "Open",
	"severity": "Critical",
	"operation": "create",
	"timestamp": 1612348217,
	"details": {
		"ip": "192.168.103.99",
		"intf_name": "inet2_inet",
		"default_gw_status": "unreachable",
		"hostname": "WTH_9004-2",
		"serial": "CNXXYYZZAA",
		"group": "36",
		"labels": [
			"8"
		],
		"time": "2021-02-03 10:30:17 UTC"
	},
	"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
	"text": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNXXYYZZAA to VPN peer 192.168.103.99 on uplink inet2_inet. Default-gateway is unreachable."
}

Tunnel Flapping

Generates an alert when the tunnel state changes frequently. In the Interface field, enter the interface name. You can add additional rule(s) for this alert.

{
  "alert_type": "WAN_TUNNEL_FLAP",
  "description": "Tunnel data-vpnc-00:1a:1e:03:83:30-link1_inet status flapped 1% on device CNXXYYZZAA for about 15 minutes since 2019-07-25 12:26:00 UTC.",
  "timestamp": 1564058460,
  "webhook": "394c7a3c-ca41-4476-8afc-857e54aa4b3b",
  "setting_id": "ggsswerr90254beccccaaazza05f17-1601",
  "state": "Open",
  "nid": 1601,
  "details": {
    "alias_map_name": "data-vpnc-00:1a:1e:03:83:30-link1_inet",
    "_rule_number": "0",
    "group": "77",
    "dst_ip": "172.168.101.9",
    "labels": "8,661",
    "src_ip": "192.168.51.254",
    "duration": "15",
    "time": "2019-07-25 12:26:00 UTC",
    "threshold": "1",
    "ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.uplink.tunnel.flap.5m",
    "serial": "CNXXYYZZAA",
    "uplink_tag": "link1_inet",
    "unit": "%"
  },
  "operation": "create",
  "device_id": "CNXXYYZZAA",
  "id": "AXyzbcapqrstn24BIWcc",
  "severity": "Critical"
}

Uplink Flapping

Generates an alert when the uplink state changes frequently. In the Interface field, enter the interface name. You can add additional rule(s) for this alert.

{
  "alert_type": "WAN_UPLINK_FLAP",
  "description": "Uplink link1_inet link status flapped 1% on device with CNXXYYZZAA for about 15 minutes 
     since 2019-07-25 12:36:00 UTC.",
  "timestamp": 1564059060,
  "webhook": "394c7a3c-ca41-4476-8afc-857e54aa4b3b",
  "setting_id": "ggsswerr90254beccccaaazza05f17-1600",
  "state": "Open",
  "nid": 1600,
  "details": {
    "status": "DOWN",
    "_rule_number": "0",
    "group": "77",
    "labels": "8,661",
    "current_status": "UP",
    "duration": "15",
    "intf_name": "link1_inet",
    "time": "2019-07-25 12:36:00 UTC",
    "threshold": "1",
    "ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.uplink.flap.5m",
    "serial": "CNXXYYZZAA",
    "uplink_tag": "link1_inet",
    "unit": "%"
  },
  "operation": "create",
  "device_id": "CNXXYYZZAA",
  "id": "AXyzbcapqrstn24BIWcc",
  "severity": "Critical"
}

WAN Uplink Status Change

Generates an alert when the WAN uplink status changes.

{
	"id": "AXyzbcapqrstn24BIWcc",
	"nid": 1505,
	"alert_type": "WAN_UPLINK_STATUS_CHANGE",
	"setting_id": "ggsswerr90254beccccaaazza05f17-1505",
	"device_id": "CNXXYYZZAA",
	"description": "Uplink port inet_inet status change UP -> DOWN for device WTH-9004-3 with serial CNXXYYZZAA at 2021-02-03 11:01:35 UTC",
	"state": "Open",
	"severity": "Critical",
	"operation": "create",
	"timestamp": 1612350095,
	"details": {
		"intf_name": "inet_inet",
		"status": "UP",
		"current_status": "DOWN",
		"uplink_tag": "inet_inet",
		"hostname": "WTH-9004-3",
		"serial": "CNXXYYZZAA",
		"group": "36",
		"labels": [
			"8"
		],
		"time": "2021-02-03 11:01:35 UTC"
	},
	"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
	"text": "Uplink port inet_inet status change UP -> DOWN for device WTH-9004-3 with serial CNXXYYZZAA at 2021-02-03 11:01:35 UTC"
}

WAN Uplink Autonegotiation State Change

Generates an alert when the WAN uplink automatic negotiation status changes.

{
	"id": "AXyzbcapqrstn24BIWcc",
	"nid": 1506,
	"alert_type": "WAN_UPLINK_AUTONEGOTIATION_STATE_CHANGE",
	"setting_id": "ggsswerr90254beccccaaazza05f17-1506",
	"device_id": "CNXXYYZZAA",
	"description": "WAN ports autonegotiaton speed changed from 1000 Mbps to Auto Mbps for device WTH-9004-3 with serial CNXXYYZZAA for uplink GE0/0/1 at 2021-02-03 11:02:35 UTC",
	"state": "Open",
	"severity": "Critical",
	"operation": "create",
	"timestamp": 1612350155,
	"details": {
		"intf_name": "GE0/0/1",
		"speed": "1000",
		"new_speed": "Auto",
		"hostname": "WTH-9004-3",
		"serial": "CNXXYYZZAA",
		"group": "36",
		"labels": [
			"8"
		],
		"time": "2021-02-03 11:02:35 UTC"
	},
	"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
	"text": "WAN ports autonegotiaton speed changed from 1000 Mbps to Auto Mbps for device WTH-9004-3 with serial CNXXYYZZAA for uplink GE0/0/1 at 2021-02-03 11:02:35 UTC"
}

IPSec Establishment Failure

Generates an alert when the IPsec tunnel fails to establish.

{
	"id": "AXyzbcapqrstn24BIWcc",
	"nid": 1550,
	"alert_type": "WAN_IPSEC_SA_ESTABILSHMENT_FAILED",
	"setting_id": "ggsswerr90254beccccaaazza05f17-1550",
	"device_id": "CNXXYYZZAA",
	"description": "IPSec Tunnel Establishment from 192.168.36.10 to 192.168.103.99 failed on device WTH-9004-3 with serial CNXXYYZZAA at 2021-02-02 13:17:20 UTC",
	"state": "Open",
	"severity": "Critical",
	"operation": "create",
	"timestamp": 1612271840,
	"details": {
		"src_ip": "192.168.36.10",
		"dst_ip": "192.168.103.99",
		"alias_map_name": "WTH-9004-3:inet_inet::GSK_VPNC2:vlan103",
		"link_tag": "inet_inet",
		"hostname": "WTH-9004-3",
		"serial": "CNXXYYZZAA",
		"group": "36",
		"labels": [
			"8"
		],
		"time": "2021-02-02 13:17:20 UTC"
	},
	"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
	"text": "IPSec Tunnel Establishment from 192.168.36.10 to 192.168.103.99 failed on device WTH-9004-3 with serial CNXXYYZZAA at 2021-02-02 13:17:20 UTC"
}

IPSec SA Down

Generates an alert when the IPsec SA is down.

{
	"id": "AXyzbcapqrstn24BIWcc",
	"nid": 1551,
	"alert_type": "WAN_IPSEC_SA_DOWN",
	"setting_id": "ggsswerr90254beccccaaazza05f17-1551",
	"device_id": "CNXXYYZZAA",
	"description": "IPSec tunnel WTH_9004-1:inet2_inet::GSK_VPNC2:vlan103 from 192.168.31.10 to 192.168.103.99 is DOWN on device WTH_9004-1 with serial CNXXYYZZAA.  Reason: Administrator cleared IPSEC SA at 2021-02-02 13:14:11 UTC",
	"state": "Open",
	"severity": "Critical",
	"operation": "create",
	"timestamp": 1612271651,
	"details": {
		"src_ip": "192.168.31.10",
		"dst_ip": "192.168.103.99",
		"reason": "Administrator cleared IPSEC SA",
		"alias_map_name": "WTH_9004-1:inet2_inet::GSK_VPNC2:vlan103",
		"uplink_tag": "inet2_inet",
		"hostname": "WTH_9004-1",
		"serial": "CNXXYYZZAA",
		"group": "36",
		"labels": [
			"8"
		],
		"time": "2021-02-02 13:14:11 UTC"
	},
	"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
	"text": "IPSec tunnel WTH_9004-1:inet2_inet::GSK_VPNC2:vlan103 from 192.168.31.10 to 192.168.103.99 is DOWN on device WTH_9004-1 with serial CNXXYYZZAA.  Reason: Administrator cleared IPSEC SA at 2021-02-02 13:14:11 UTC"
}

All IPSec SAs Down

Generates an alert when all the IPsec SAs are down.

{
	"id": "AXdi4Qoyo68tULajRUzs",
	"nid": 1552,
	"alert_type": "WAN_IPSEC_SA_ALL_DOWN",
	"setting_id": "ggsswerr90254beccccaaazza05f17-1552",
	"device_id": "CNXXYYZZAA",
	"description": "All IPSec SAs down for device WTH_9004-1 with serial CNXXYYZZAA at 2021-02-02 13:14:11 UTC",
	"state": "Open",
	"severity": "Critical",
	"operation": "create",
	"timestamp": 1612271651,
	"details": {
		"hostname": "WTH_9004-1",
		"serial": "CNXXYYZZAA",
		"group": "36",
		"labels": [
			"8"
		],
		"time": "2021-02-02 13:14:11 UTC"
	},
	"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
	"text": "All IPSec SAs down for device WTH_9004-1 with serial CNXXYYZZAA at 2021-02-02 13:14:11 UTC"
}

CFG-SET Advertisement Failure

Generates an alert when the CFG-SET advertisement fails.

{
	"id": "AXyzbcapqrstn24BIWcc",
	"nid": 1554,
	"alert_type": "CFG_SET_ADVERTISEMENT_FAILURE",
	"setting_id": "ggsswerr90254beccccaaazza05f17-1554",
	"device_id": "CNXXYYZZAA",
	"description": "CFG-Set advertisement failure for Gateway CNXXYYZZAA with serial BIM0010001 on tunnel default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6 from 10.1.1.1 to 200.1.1.6",
	"state": "Open",
	"severity": "Critical",
	"operation": "create",
	"timestamp": 1612351819,
	"details": {
		"src_ip": "10.1.1.1",
		"dst_ip": "200.1.1.6",
		"alias_map_name": "default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6",
		"map_name": "default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6",
		"hostname": "CNXXYYZZAA",
		"serial": "CNXXYYZZAA",
		"group": "0",
		"labels": [],
		"time": "2021-02-03 11:30:19 UTC"
	},
	"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
	"text": "CFG-Set advertisement failure for Gateway BIM0010001 with serial CNXXYYZZAA on tunnel default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6 from 10.1.1.1 to 200.1.1.6"
}

VGW VM Down

Generates an alert when an Aruba Virtual Gateway deployed as a Virtual Machine is down.

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 1702,
  "alert_type": "VGW_HEALTH_STATE_CHANGE_DETECTED",
  "setting_id": "ggsswerr90254beccccaaazza05f17-1702",
  "device_id": "CNXXYYZZAA",
  "description": "VGW VM DOWN -- User: [email protected] Cloud-Account: Test Cloud-Provider: Azure Region-Id: canadacentral VPC-Id: /karan_res_canada/canadavnet VM-Id: /subscriptions/2bf1e338-5361-470d-bcba-78c50b2b7f16/resourceGroups/karan_res_canada/providers/Microsoft.Compute/virtualMachines/ArubaVGW-92-1A-3A Serial-Number: CNXXYYZZAA Mac-Address: 02:1A:1E:92:1A:3A",
  "state": "Open",
  "severity": "Major",
  "operation": "create",
  "timestamp": 1612782698,
  "details": {
    "account_id": "4454656d9-asdf-wert-8ss0-3erarq23e4be",
    "mac": "02:1A:1E:92:1A:3A",
    "serial": "CNXXYYZZAA",
    "vm_id": "/subscriptions/2bf1e338-5361-470d-bcba-78c50b2b7f16/resourceGroups/karan_res_canada/providers/Microsoft.Compute/virtualMachines/ArubaVGW-92-1A-3A",
    "account_name": "Test",
    "region_id": "canadacentral",
    "customer_name": "[email protected]",
    "health": "DOWN",
    "vpc_id": "/karan_res_canada/canadavnet",
    "provider_name": "Azure",
    "customer_id": "ggsswerr90254beccccaaazza05f17",
    "time": "2021-02-08 11:11:38 UTC"
  },
  "webhook": "5cbc87e4-9eb5-45d2-b890-b21db89ca5b4",
  "text": "VGW VM DOWN -- User: [email protected] Cloud-Account: Test Cloud-Provider: Azure Region-Id: canadacentral VPC-Id: /karan_res_canada/canadavnet VM-Id: /subscriptions/2bf1e338-5361-470d-bcba-78c50b2b7f16/resourceGroups/karan_res_canada/providers/Microsoft.Compute/virtualMachines/ArubaVGW-92-1A-3A Serial-Number: CNXXYYZZAA Mac-Address: 02:1A:1E:92:1A:3A"
}

Gateway IDS/IPS Engine Error State

Generates an alert when the Gateway’s IDS/IPS Engine state is either crashed or stopped. A severity of Critical indicates that the engine has crashed and Major indicates that the engine has stopped.

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 2301,
  "alert_type": "GW_IDS_IPS_ENGINE_ERROR_STATE_ALERT",
  "setting_id": "ggsswerr90254beccccaaazza05f17-2301",
  "device_id": "CNXXYYZZAA",
  "description": "IDS/IPS engine on Gateway WTH_9004-1 with serial CNXXYYZZAA has moved to an error (Stopped) state.",
  "state": "Close",
  "severity": "Critical",
  "operation": "update",
  "timestamp": 1612407706,
  "details": {
    "serial": "CNXXYYZZAA",
    "hostname": "WTH_9004-1",
    "state": "Stopped",
    "time": "2021-02-04 03:00:23 UTC"
  },
  "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
  "text": "IDS/IPS engine on Gateway WTH_9004-1 with serial CNXXYYZZAA has moved to an error (Stopped) state."
}

Gateway IDS IPS Engine CPU Utilization

Generates an alert when the CPU utilization by IDS/IPS engine exceeds the threshold value and duration. You can add additional rule(s) for this alert.

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 2302,
  "alert_type": "GW_IDS_IPS_ENGINE_CPU_OVER_UTILIZATION",
  "setting_id": "ggsswerr90254beccccaaazza05f17-2302",
  "device_id": "CNXXYYZZAA",
  "description": "CPU utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 10% for about 11 minutes since 2021-02-04 02:43:01 UTC.",
  "state": "Open",
  "severity": "Critical",
  "operation": "create",
  "timestamp": 1612407241,
  "details": {
    "name": "WTH_9004-2",
    "unit": "%",
    "serial": "CNXXYYZZAA",
    "group": "36",
    "labels": "8",
    "_rule_number": "0",
    "ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.idps.cpu.5m",
    "duration": "11",
    "threshold": "10",
    "time": "2021-02-04 02:43:01 UTC"
  },
  "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
  "text": "CPU utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 10% for about 11 minutes since 2021-02-04 02:43:01 UTC."
}

Gateway IDS IPS Engine Memory Utilization

Generates an alert when the memory utilization exceeds the threshold value and duration. You can add additional rule(s) for this alert.

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 2303,
  "alert_type": "GW_IDS_IPS_ENGINE_MEMORY_OVER_UTILIZATION",
  "setting_id": "ggsswerr90254beccccaaazza05f17-2303",
  "device_id": "CNXXYYZZAA",
  "description": "Memory utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial CNJJKLB0HB has been above 2% for about 5 minutes since 2021-02-04 02:49:00 UTC.",
  "state": "Open",
  "severity": "Minor",
  "operation": "create",
  "timestamp": 1612407240,
  "details": {
    "name": "WTH_9004-2",
    "unit": "%",
    "serial": "CNXXYYZZAA",
    "group": "36",
    "labels": "8",
    "_rule_number": "0",
    "ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.idps.mem.5m",
    "duration": "5",
    "threshold": "2",
    "time": "2021-02-04 02:49:00 UTC"
  },
  "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
  "text": "Memory utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 2% for about 5 minutes since 2021-02-04 02:49:00 UTC."
}

Gateway IDS IPS Engine Packer Dropped Detected

Generates an alert every time when the number of packets dropped exceeds the configured threshold value

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 2304,
  "alert_type": "GW_IDS_IPS_ENGINE_PACKET_DROPPED_DETECTED",
  "setting_id": "ggsswerr90254beccccaaazza05f17-2304",
  "device_id": "CNXXYYZZAA",
  "description": "Packet drop for IDS/IPS engine on Gateway CSIM_CNXXYYZZAA with serial CNXXYYZZAA has been above 75% for about 5 minutes since 2021-02-04 07:22:15 UTC.",
  "state": "Open",
  "severity": "Minor",
  "operation": "create",
  "timestamp": 1612423635,
  "details": {
    "name": "CSIM_CNXXYYZZAA",
    "serial": "CNXXYYZZAA",
    "threshold": "75",
    "duration": "5",
    "time": "2021-02-04 07:22:15 UTC"
  },
  "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
  "text": "Packet drop for IDS/IPS engine on Gateway CSIM_CNXXYYZZAA with serial CNXXYYZZAA has been above 75% for about 5 minutes since 2021-02-04 07:22:15 UTC."
}