HomeGuidesAPI Reference
GuidesAPI ReferenceGitHubAirheads Developer CommunityLog In

Gateway Alerts

Following are the SD-WAN and Gateway appliance-related alerts that you can configure for notification over Webhooks. Click on an alert to see its description and JSON payload.

New Gateway Connected

Generates an alert when a new Branch Gateway is connected.

{
    "id": "AXyzbcapqrstn24BIWcc",
    "nid": 301,
    "alert_type": "NEW_GATEWAY_DETECTED",
    "setting_id": "abce082bef4a428bb31366f6d6ff223f-301",
    "device_id": "CNXXYYZZAA",
    "description": "New Gateway GSK-7005-2 with serial CNXXYYZZAA, MAC address 20:aa:bb:cc:eb:30 and IP address 172.168.1.1 connected, Group:unprovisioned",
    "state": "Open",
    "severity": "Warning",
    "operation": "create",
    "timestamp": 1612725256,
    "details": {
        "group": "1",
        "labels": "",
        "_rule_number": "0",
        "params": ["CNXXYYZZAA", "20:aa:bb:cc:eb:30", "172.168.1.1", "GSK-7005-2"],
        "serial": "CNXXYYZZAA",
        "time": "2021-02-07 19:14:16 UTC",
        "group_name": "unprovisioned"
    },
    "webhook": "52e0abbd-cdda-45f2-bd68-3107fef43841",
    "text": "New Gateway GSK-7005-2 with serial CNXXYYZZAA, MAC address 20:aa:bb:cc:eb:30 and IP address 172.168.1.1 connected, Group:unprovisioned"
 }

Gateway Disconnected

Generates an alert when a Branch Gateway is disconnected. When a gateway disconnects because of license expiry, the alert description shows 'Reason: Device unlicensed'.

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 303,
  "alert_type": "GATEWAY_DISCONNECTED",
  "setting_id": "abce082bef4a428bb31366f6d6ff223f-303",
  "device_id": "CNXXYYZZAA",
  "description": "Gateway GSK-7005-2 with serial CNXXYYZZAA, MAC address 20:aa:bb:cc:eb:30 and IP address 172.168.1.1 disconnected. , Group:default",
  "state": "Open",
  "severity": "Major",
  "operation": "create",
  "timestamp": 1612725779,
  "details": {
    "params": [
      "CNXXYYZZAA",
      "20:aa:bb:cc:eb:30",
      "172.168.1.1",
      "GSK-7005-2",
      "",
      ""
    ],
    "group": "0",
    "ts": "1612725444737",
    "labels": "",
    "serial": "CNXXYYZZAA",
    "conn_status": "disconnected",
    "time": "2021-02-07 19:22:59 UTC",
    "group_name": "default"
  },
  "webhook": "52e0abbd-cdda-45f2-bd68-3107fef43841",
  "text": "Gateway GSK-7005-2 with serial CNXXYYZZAA, MAC address 20:aa:bb:cc:eb:30 and IP address 172.168.1.1 disconnected. , Group:default"
}

Gateway CPU Utilization

Generates an alert when the Branch Gateway CPU utilization exceeds the threshold value. You can add additional rule(s) for this alert.

{
    "id": "AXyzbcapqrstn24BIWcc",
    "nid": 1351,
    "alert_type": "CONTROLLER_CPU_OVER_UTILIZATION",
    "setting_id": "ggsswerr90254beccccaaazza05f17-1351",
    "device_id": "CNXXYYZZAA",
    "description": "CPU utilization for Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 10% for about 5 minutes since 2021-02-02 13:24:00 UTC.",
    "state": "Open",
    "severity": "Critical",
    "operation": "create",
    "timestamp": 1612272540,
    "details": {
        "name": "WTH_9004-2",
        "unit": "%",
        "serial": "CNXXYYZZAA",
        "group": "36",
        "labels": "8",
        "_rule_number": "0",
        "ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.cpu_utilization.5m",
        "duration": "5",
        "threshold": "10",
        "time": "2021-02-02 13:24:00 UTC"
    },
    "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
    "text": "CPU utilization for Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 10% for about 5 minutes since 2021-02-02 13:24:00 UTC."
}

Gateway Memory Utilization

Retrieving data. Wait a few seconds and try to cut or copy again.

{
  "id": "AXdiyfwQo68tULajRTiG",
  "nid": 1352,
  "alert_type": "CONTROLLER_MEMORY_OVER_UTILIZATION",
  "setting_id": "ggsswerr90254beccccaaazza05f17-1352",
  "device_id": "CNXXYYZZAA",
  "description": "Memory utilization for Gateway WTH_9004-1 with serial CNXXYYZZAA has been above 30% for about 30 minutes since 2021-02-02 12:19:00 UTC.",
  "state": "Open",
  "severity": "Critical",
  "operation": "create",
  "timestamp": 1612270140,
  "details": {
    "name": "WTH_9004-1",
    "unit": "%",
    "serial": "CNXXYYZZAA",
    "group": "36",
    "labels": "8",
    "_rule_number": "0",
    "ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.memory_utilization.5m",
    "duration": "30",
    "threshold": "30",
    "time": "2021-02-02 12:19:00 UTC"
  },
  "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
  "text": "Memory utilization for Gateway WTH_9004-1 with serial CNXXYYZZAA has been above 30% for about 30 minutes since 2021-02-02 12:19:00 UTC."
}

BGP Session Error

Generates an alert when a BGP session fails.

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 1355,
  "alert_type": "CONTROLLER BGP SESSION ERROR",
  "setting_id": "ggsswerr90254beccccaaazza05f17-1355",
  "device_id": "CNXXYYZZAA",
  "description": "BGP neighbor 172.30.1.102 is down (router-id=10.53.9.44, ASN=3002, serial=CNXXYYZZAA)",
  "state": "Open",
  "severity": "Critical",
  "operation": "create",
  "timestamp": 1612811123,
  "details": {
    "serial": "CNXXYYZZAA",
    "nbr_addr": "172.30.1.102",
    "nbr_as": "3002",
    "nbr_id": "10.53.9.44",
    "group": "12",
    "time": "2021-02-08 19:05:23 UTC"
  },
  "webhook": "f6f2b19a-31d5-445c-b340-eb1ca8a6fdd8",
  "text": "BGP neighbor 172.30.1.102 is down (router-id=10.53.9.44, ASN=3002, serial=CNXXYYZZAA)"
}

Gateway Base License Capacity Limit Exceeded

Generates an alert when a Gateway with Foundation-Base Capacity subscription exceed the client capacity threshold. For more information on Foundation-Base Capacity subscription, see Assigning Subscriptions to Aruba Gateways.

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 1356,
  "alert_type": "GATEWAY_BASE_LICENSE_CAPACITY_EXCEEDED",
  "setting_id": "ggsswerr90254beccccaaazza05f17-1356",
  "device_id": "CNXXYYZZAA",
  "description": "Base license capacity limit exceeded for Gateway with name: CSIM_SCA0000073, serial: CNXXYYZZAA",
  "state": "Open",
  "severity": "Critical",
  "operation": "create",
  "timestamp": 1612424272,
  "details": {
    "group": "0",
    "labels": [],
    "name": "CSIM_CNXXYYZZAA",
    "serial": "CNXXYYZZAA",
    "time": "2021-02-04 07:37:52 UTC"
  },
  "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
  "text": "Base license capacity limit exceeded for Gateway with name: CSIM_CNXXYYZZAA, serial: CNXXYYZZAA"
}

Routing Table Limit

Generates an alert when the routing table size exceeds the 90% of the capacity. This alert is auto-acknowledged when the Routing table size goes below 85% of the capacity.

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 1357,
  "alert_type": "CONTROLLER ROUTE TABLE CAPACITY",
  "setting_id": "ggsswerr90254beccccaaazza05f17-1357",
  "device_id": "CNXXYYZZAA",
  "description": "Routing table for device DC3_VPNC8_7240XM exceeded threshold(serial=CNXXYYZZAA, IP=2.3.1.5, count=29268, max=32768)",
  "state": "Open",
  "severity": "Critical",
  "operation": "create",
  "timestamp": 1612801998,
  "details": {
    "serial": "CNXXYYZZAA",
    "ip_address": "2.3.1.5",
    "count": "29268",
    "hostname": "DC3_VPNC8_7240XM",
    "max": "32768",
    "group": "57",
    "time": "2021-02-08 16:33:18 UTC"
  },
  "webhook": "5cbc87e4-9eb5-45d2-b890-b21db89ca5b4",
  "text": "Routing table for device DC3_VPNC8_7240XM exceeded threshold(serial=CNXXYYZZAA, IP=2.3.1.5, count=29268, max=32768)"
}

Overlay Route Orchestrator Connection

Generates an alert when the control connection between the Branch Gateway and the Overlay Route Orchestration (ORO) is down. This alert is auto-acknowledged when the control connection is re-established.

{

    "id": "AXyzbcapqrstn24BIWcc",
    "nid": 1359,
    "alert_type": "CONTROLLER OAP CONNECTION",
    "setting_id": "ggsswerr90254beccccaaazza05f17-1359",
    "device_id": "CNXXYYZZAA",
    "description": "Overlay Route Orchestrator control connection is down for Legacy2.0-BGW1-A7005-39_82_AC (serial=CNXXYYZZAA)",
    "state": "Open",
    "severity": "Critical",
    "operation": "create",
    "timestamp": 1612808837,
    "details": {
        "hostname": "Legacy2.0-BGW1-A7005-39_82_AC",
        "serial": "CNXXYYZZAA",
        "group": "22",
        "time": "2021-02-08 18:27:17 UTC"
    },
    "webhook": "f6f2b19a-31d5-445c-b340-eb1ca8a6fdd8",
    "text": "Overlay Route Orchestrator control connection is down for Legacy2.0-BGW1-A7005-39_82_AC (serial=CNXXYYZZAA)"
}

WAN Health-Check Failure

Generates an alert when WAN health check fails.

{
    "id": "AXyzbcapqrstn24BIWcc",
    "nid": 1501,
    "alert_type": "WAN_UPLINK_REACHABILITY_HEALTH_CHECK_IP_FAILED",
    "setting_id": "ggsswerr90254beccccaaazza05f17-1501",
    "device_id": "CNXXYYZZAA",
    "description": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNXXYYZZAA to Health Check IP 52.52.253.87 on uplink inet2_inet. Default-gateway is reachable.",
    "state": "Open",
    "severity": "Critical",
    "operation": "create",
    "timestamp": 1612304659,
    "details": {
        "default_gw_status": "reachable",
        "intf_name": "inet2_inet",
        "ip": "52.52.253.87",
        "hostname": "WTH_9004-2",
        "serial": "CNXXYYZZAA",
        "group": "36",
        "labels": [
            "8"
        ],
        "time": "2021-02-02 22:24:19 UTC"
    },
    "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
    "text": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNXXYYZZAA to Health Check IP 52.52.253.87 on uplink inet2_inet. Default-gateway is reachable."
}

WAN VPN-Peer Unreachable

Generates an alert when the WAN VPN peer is unreachable.

{
    "id": "AXyzbcapqrstn24BIWcc",
    "nid": 1502,
    "alert_type": "WAN_UPLINK_REACHABILITY_VPN_PEER_FAILED",
    "setting_id": "ggsswerr90254beccccaaazza05f17-1502",
    "device_id": "CNXXYYZZAA",
    "description": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNXXYYZZAA to VPN peer 192.168.103.99 on uplink inet2_inet. Default-gateway is unreachable.",
    "state": "Open",
    "severity": "Critical",
    "operation": "create",
    "timestamp": 1612348217,
    "details": {
        "ip": "192.168.103.99",
        "intf_name": "inet2_inet",
        "default_gw_status": "unreachable",
        "hostname": "WTH_9004-2",
        "serial": "CNXXYYZZAA",
        "group": "36",
        "labels": [
            "8"
        ],
        "time": "2021-02-03 10:30:17 UTC"
    },
    "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
    "text": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNXXYYZZAA to VPN peer 192.168.103.99 on uplink inet2_inet. Default-gateway is unreachable."
}

Tunnel Flapping

Generates an alert when the tunnel state changes frequently. In the Interface field, enter the interface name. You can add additional rule(s) for this alert.

{
  "alert_type": "WAN_TUNNEL_FLAP",
  "description": "Tunnel data-vpnc-00:1a:1e:03:83:30-link1_inet status flapped 1% on device CNXXYYZZAA for about 15 minutes since 2019-07-25 12:26:00 UTC.",
  "timestamp": 1564058460,
  "webhook": "394c7a3c-ca41-4476-8afc-857e54aa4b3b",
  "setting_id": "ggsswerr90254beccccaaazza05f17-1601",
  "state": "Open",
  "nid": 1601,
  "details": {
    "alias_map_name": "data-vpnc-00:1a:1e:03:83:30-link1_inet",
    "_rule_number": "0",
    "group": "77",
    "dst_ip": "172.168.101.9",
    "labels": "8,661",
    "src_ip": "192.168.51.254",
    "duration": "15",
    "time": "2019-07-25 12:26:00 UTC",
    "threshold": "1",
    "ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.uplink.tunnel.flap.5m",
    "serial": "CNXXYYZZAA",
    "uplink_tag": "link1_inet",
    "unit": "%"
  },
  "operation": "create",
  "device_id": "CNXXYYZZAA",
  "id": "AXyzbcapqrstn24BIWcc",
  "severity": "Critical"
}

Uplink Flapping

Generates an alert when the uplink state changes frequently. In the Interface field, enter the interface name. You can add additional rule(s) for this alert.

{
  "alert_type": "WAN_UPLINK_FLAP",
  "description": "Uplink link1_inet link status flapped 1% on device with CNXXYYZZAA for about 15 minutes 
     since 2019-07-25 12:36:00 UTC.",
  "timestamp": 1564059060,
  "webhook": "394c7a3c-ca41-4476-8afc-857e54aa4b3b",
  "setting_id": "ggsswerr90254beccccaaazza05f17-1600",
  "state": "Open",
  "nid": 1600,
  "details": {
    "status": "DOWN",
    "_rule_number": "0",
    "group": "77",
    "labels": "8,661",
    "current_status": "UP",
    "duration": "15",
    "intf_name": "link1_inet",
    "time": "2019-07-25 12:36:00 UTC",
    "threshold": "1",
    "ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.uplink.flap.5m",
    "serial": "CNXXYYZZAA",
    "uplink_tag": "link1_inet",
    "unit": "%"
  },
  "operation": "create",
  "device_id": "CNXXYYZZAA",
  "id": "AXyzbcapqrstn24BIWcc",
  "severity": "Critical"
}

WAN Uplink Status Change

Generates an alert when the WAN uplink status changes.

{
    "id": "AXyzbcapqrstn24BIWcc",
    "nid": 1505,
    "alert_type": "WAN_UPLINK_STATUS_CHANGE",
    "setting_id": "ggsswerr90254beccccaaazza05f17-1505",
    "device_id": "CNXXYYZZAA",
    "description": "Uplink port inet_inet status change UP -> DOWN for device WTH-9004-3 with serial CNXXYYZZAA at 2021-02-03 11:01:35 UTC",
    "state": "Open",
    "severity": "Critical",
    "operation": "create",
    "timestamp": 1612350095,
    "details": {
        "intf_name": "inet_inet",
        "status": "UP",
        "current_status": "DOWN",
        "uplink_tag": "inet_inet",
        "hostname": "WTH-9004-3",
        "serial": "CNXXYYZZAA",
        "group": "36",
        "labels": [
            "8"
        ],
        "time": "2021-02-03 11:01:35 UTC"
    },
    "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
    "text": "Uplink port inet_inet status change UP -> DOWN for device WTH-9004-3 with serial CNXXYYZZAA at 2021-02-03 11:01:35 UTC"
}

WAN Uplink Autonegotiation State Change

Generates an alert when the WAN uplink automatic negotiation status changes.

{
    "id": "AXyzbcapqrstn24BIWcc",
    "nid": 1506,
    "alert_type": "WAN_UPLINK_AUTONEGOTIATION_STATE_CHANGE",
    "setting_id": "ggsswerr90254beccccaaazza05f17-1506",
    "device_id": "CNXXYYZZAA",
    "description": "WAN ports autonegotiaton speed changed from 1000 Mbps to Auto Mbps for device WTH-9004-3 with serial CNXXYYZZAA for uplink GE0/0/1 at 2021-02-03 11:02:35 UTC",
    "state": "Open",
    "severity": "Critical",
    "operation": "create",
    "timestamp": 1612350155,
    "details": {
        "intf_name": "GE0/0/1",
        "speed": "1000",
        "new_speed": "Auto",
        "hostname": "WTH-9004-3",
        "serial": "CNXXYYZZAA",
        "group": "36",
        "labels": [
            "8"
        ],
        "time": "2021-02-03 11:02:35 UTC"
    },
    "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
    "text": "WAN ports autonegotiaton speed changed from 1000 Mbps to Auto Mbps for device WTH-9004-3 with serial CNXXYYZZAA for uplink GE0/0/1 at 2021-02-03 11:02:35 UTC"
}

IPSec Establishment Failure

Generates an alert when the IPsec tunnel fails to establish.

{
    "id": "AXyzbcapqrstn24BIWcc",
    "nid": 1550,
    "alert_type": "WAN_IPSEC_SA_ESTABILSHMENT_FAILED",
    "setting_id": "ggsswerr90254beccccaaazza05f17-1550",
    "device_id": "CNXXYYZZAA",
    "description": "IPSec Tunnel Establishment from 192.168.36.10 to 192.168.103.99 failed on device WTH-9004-3 with serial CNXXYYZZAA at 2021-02-02 13:17:20 UTC",
    "state": "Open",
    "severity": "Critical",
    "operation": "create",
    "timestamp": 1612271840,
    "details": {
        "src_ip": "192.168.36.10",
        "dst_ip": "192.168.103.99",
        "alias_map_name": "WTH-9004-3:inet_inet::GSK_VPNC2:vlan103",
        "link_tag": "inet_inet",
        "hostname": "WTH-9004-3",
        "serial": "CNXXYYZZAA",
        "group": "36",
        "labels": [
            "8"
        ],
        "time": "2021-02-02 13:17:20 UTC"
    },
    "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
    "text": "IPSec Tunnel Establishment from 192.168.36.10 to 192.168.103.99 failed on device WTH-9004-3 with serial CNXXYYZZAA at 2021-02-02 13:17:20 UTC"
}

IPSec SA Down

Generates an alert when the IPsec SA is down.

{
    "id": "AXyzbcapqrstn24BIWcc",
    "nid": 1551,
    "alert_type": "WAN_IPSEC_SA_DOWN",
    "setting_id": "ggsswerr90254beccccaaazza05f17-1551",
    "device_id": "CNXXYYZZAA",
    "description": "IPSec tunnel WTH_9004-1:inet2_inet::GSK_VPNC2:vlan103 from 192.168.31.10 to 192.168.103.99 is DOWN on device WTH_9004-1 with serial CNXXYYZZAA.  Reason: Administrator cleared IPSEC SA at 2021-02-02 13:14:11 UTC",
    "state": "Open",
    "severity": "Critical",
    "operation": "create",
    "timestamp": 1612271651,
    "details": {
        "src_ip": "192.168.31.10",
        "dst_ip": "192.168.103.99",
        "reason": "Administrator cleared IPSEC SA",
        "alias_map_name": "WTH_9004-1:inet2_inet::GSK_VPNC2:vlan103",
        "uplink_tag": "inet2_inet",
        "hostname": "WTH_9004-1",
        "serial": "CNXXYYZZAA",
        "group": "36",
        "labels": [
            "8"
        ],
        "time": "2021-02-02 13:14:11 UTC"
    },
    "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
    "text": "IPSec tunnel WTH_9004-1:inet2_inet::GSK_VPNC2:vlan103 from 192.168.31.10 to 192.168.103.99 is DOWN on device WTH_9004-1 with serial CNXXYYZZAA.  Reason: Administrator cleared IPSEC SA at 2021-02-02 13:14:11 UTC"
}

All IPSec SAs Down

Generates an alert when all the IPsec SAs are down.

{
    "id": "AXdi4Qoyo68tULajRUzs",
    "nid": 1552,
    "alert_type": "WAN_IPSEC_SA_ALL_DOWN",
    "setting_id": "ggsswerr90254beccccaaazza05f17-1552",
    "device_id": "CNXXYYZZAA",
    "description": "All IPSec SAs down for device WTH_9004-1 with serial CNXXYYZZAA at 2021-02-02 13:14:11 UTC",
    "state": "Open",
    "severity": "Critical",
    "operation": "create",
    "timestamp": 1612271651,
    "details": {
        "hostname": "WTH_9004-1",
        "serial": "CNXXYYZZAA",
        "group": "36",
        "labels": [
            "8"
        ],
        "time": "2021-02-02 13:14:11 UTC"
    },
    "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
    "text": "All IPSec SAs down for device WTH_9004-1 with serial CNXXYYZZAA at 2021-02-02 13:14:11 UTC"
}

CFG-SET Advertisement Failure

Generates an alert when the CFG-SET advertisement fails.

{
    "id": "AXyzbcapqrstn24BIWcc",
    "nid": 1554,
    "alert_type": "CFG_SET_ADVERTISEMENT_FAILURE",
    "setting_id": "ggsswerr90254beccccaaazza05f17-1554",
    "device_id": "CNXXYYZZAA",
    "description": "CFG-Set advertisement failure for Gateway CNXXYYZZAA with serial BIM0010001 on tunnel default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6 from 10.1.1.1 to 200.1.1.6",
    "state": "Open",
    "severity": "Critical",
    "operation": "create",
    "timestamp": 1612351819,
    "details": {
        "src_ip": "10.1.1.1",
        "dst_ip": "200.1.1.6",
        "alias_map_name": "default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6",
        "map_name": "default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6",
        "hostname": "CNXXYYZZAA",
        "serial": "CNXXYYZZAA",
        "group": "0",
        "labels": [],
        "time": "2021-02-03 11:30:19 UTC"
    },
    "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
    "text": "CFG-Set advertisement failure for Gateway BIM0010001 with serial CNXXYYZZAA on tunnel default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6 from 10.1.1.1 to 200.1.1.6"
}

VGW VM Down

Generates an alert when an Aruba Virtual Gateway deployed as a Virtual Machine is down.

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 1702,
  "alert_type": "VGW_HEALTH_STATE_CHANGE_DETECTED",
  "setting_id": "ggsswerr90254beccccaaazza05f17-1702",
  "device_id": "CNXXYYZZAA",
  "description": "VGW VM DOWN -- User: [email protected] Cloud-Account: Test Cloud-Provider: Azure Region-Id: canadacentral VPC-Id: /karan_res_canada/canadavnet VM-Id: /subscriptions/2bf1e338-5361-470d-bcba-78c50b2b7f16/resourceGroups/karan_res_canada/providers/Microsoft.Compute/virtualMachines/ArubaVGW-92-1A-3A Serial-Number: CNXXYYZZAA Mac-Address: 02:1A:1E:92:1A:3A",
  "state": "Open",
  "severity": "Major",
  "operation": "create",
  "timestamp": 1612782698,
  "details": {
    "account_id": "4454656d9-asdf-wert-8ss0-3erarq23e4be",
    "mac": "02:1A:1E:92:1A:3A",
    "serial": "CNXXYYZZAA",
    "vm_id": "/subscriptions/2bf1e338-5361-470d-bcba-78c50b2b7f16/resourceGroups/karan_res_canada/providers/Microsoft.Compute/virtualMachines/ArubaVGW-92-1A-3A",
    "account_name": "Test",
    "region_id": "canadacentral",
    "customer_name": "[email protected]",
    "health": "DOWN",
    "vpc_id": "/karan_res_canada/canadavnet",
    "provider_name": "Azure",
    "customer_id": "ggsswerr90254beccccaaazza05f17",
    "time": "2021-02-08 11:11:38 UTC"
  },
  "webhook": "5cbc87e4-9eb5-45d2-b890-b21db89ca5b4",
  "text": "VGW VM DOWN -- User: [email protected] Cloud-Account: Test Cloud-Provider: Azure Region-Id: canadacentral VPC-Id: /karan_res_canada/canadavnet VM-Id: /subscriptions/2bf1e338-5361-470d-bcba-78c50b2b7f16/resourceGroups/karan_res_canada/providers/Microsoft.Compute/virtualMachines/ArubaVGW-92-1A-3A Serial-Number: CNXXYYZZAA Mac-Address: 02:1A:1E:92:1A:3A"
}

Gateway IDS/IPS Engine Error State

Generates an alert when the Gateway’s IDS/IPS Engine state is either crashed or stopped. A severity of Critical indicates that the engine has crashed and Major indicates that the engine has stopped.

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 2301,
  "alert_type": "GW_IDS_IPS_ENGINE_ERROR_STATE_ALERT",
  "setting_id": "ggsswerr90254beccccaaazza05f17-2301",
  "device_id": "CNXXYYZZAA",
  "description": "IDS/IPS engine on Gateway WTH_9004-1 with serial CNXXYYZZAA has moved to an error (Stopped) state.",
  "state": "Close",
  "severity": "Critical",
  "operation": "update",
  "timestamp": 1612407706,
  "details": {
    "serial": "CNXXYYZZAA",
    "hostname": "WTH_9004-1",
    "state": "Stopped",
    "time": "2021-02-04 03:00:23 UTC"
  },
  "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
  "text": "IDS/IPS engine on Gateway WTH_9004-1 with serial CNXXYYZZAA has moved to an error (Stopped) state."
}

Gateway IDS IPS Engine CPU Utilization

Generates an alert when the CPU utilization by IDS/IPS engine exceeds the threshold value and duration. You can add additional rule(s) for this alert.

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 2302,
  "alert_type": "GW_IDS_IPS_ENGINE_CPU_OVER_UTILIZATION",
  "setting_id": "ggsswerr90254beccccaaazza05f17-2302",
  "device_id": "CNXXYYZZAA",
  "description": "CPU utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 10% for about 11 minutes since 2021-02-04 02:43:01 UTC.",
  "state": "Open",
  "severity": "Critical",
  "operation": "create",
  "timestamp": 1612407241,
  "details": {
    "name": "WTH_9004-2",
    "unit": "%",
    "serial": "CNXXYYZZAA",
    "group": "36",
    "labels": "8",
    "_rule_number": "0",
    "ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.idps.cpu.5m",
    "duration": "11",
    "threshold": "10",
    "time": "2021-02-04 02:43:01 UTC"
  },
  "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
  "text": "CPU utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 10% for about 11 minutes since 2021-02-04 02:43:01 UTC."
}

Gateway IDS IPS Engine Memory Utilization

Generates an alert when the memory utilization exceeds the threshold value and duration. You can add additional rule(s) for this alert.

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 2303,
  "alert_type": "GW_IDS_IPS_ENGINE_MEMORY_OVER_UTILIZATION",
  "setting_id": "ggsswerr90254beccccaaazza05f17-2303",
  "device_id": "CNXXYYZZAA",
  "description": "Memory utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial CNJJKLB0HB has been above 2% for about 5 minutes since 2021-02-04 02:49:00 UTC.",
  "state": "Open",
  "severity": "Minor",
  "operation": "create",
  "timestamp": 1612407240,
  "details": {
    "name": "WTH_9004-2",
    "unit": "%",
    "serial": "CNXXYYZZAA",
    "group": "36",
    "labels": "8",
    "_rule_number": "0",
    "ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.idps.mem.5m",
    "duration": "5",
    "threshold": "2",
    "time": "2021-02-04 02:49:00 UTC"
  },
  "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
  "text": "Memory utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 2% for about 5 minutes since 2021-02-04 02:49:00 UTC."
}

Gateway IDS IPS Engine Packer Dropped Detected

Generates an alert every time when the number of packets dropped exceeds the configured threshold value

{
  "id": "AXyzbcapqrstn24BIWcc",
  "nid": 2304,
  "alert_type": "GW_IDS_IPS_ENGINE_PACKET_DROPPED_DETECTED",
  "setting_id": "ggsswerr90254beccccaaazza05f17-2304",
  "device_id": "CNXXYYZZAA",
  "description": "Packet drop for IDS/IPS engine on Gateway CSIM_CNXXYYZZAA with serial CNXXYYZZAA has been above 75% for about 5 minutes since 2021-02-04 07:22:15 UTC.",
  "state": "Open",
  "severity": "Minor",
  "operation": "create",
  "timestamp": 1612423635,
  "details": {
    "name": "CSIM_CNXXYYZZAA",
    "serial": "CNXXYYZZAA",
    "threshold": "75",
    "duration": "5",
    "time": "2021-02-04 07:22:15 UTC"
  },
  "webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
  "text": "Packet drop for IDS/IPS engine on Gateway CSIM_CNXXYYZZAA with serial CNXXYYZZAA has been above 75% for about 5 minutes since 2021-02-04 07:22:15 UTC."
}

Did this page help you?