The following is a list of Auvik's preconfigured alerts and the default settings for them, including :
- Default Severity
- Default Description
- Default Entities applied to
- Default Trigger Condition
- Default Trigger Message
- Alert Delay
- Default Clear Condition
- Default Clear Message
Note: You can change the preconfigured alerts to fit your network needs.
Default Settings in Preconfigured Alerts
Emergency
| Default Severity: | Emergency |
| Default Description: |
A collector is detected as offline and remains offline for 3 minutes. |
| Default Entities Applied To: | Collectors |
| Default Trigger Message: | The collector, $collector.hostname ($collector.privateIPAddress) is $collector.connectionState. |
| Default Trigger Condition: | Connection State equal to Offline |
| Alert Delay: |
Alert if condition has been true for more than a certain 3 minutes |
| Default Clear Condition: |
Default - Inverse of Trigger Condition |
| Default Clear Message: |
The collector, $collector.hostname ($collector.privateIPAddress) is $collector.connectionState. |
This alert will notify when an Auvik Collector has disconnected from your network.
Possible causes for this include:
- Auvik is performing routine maintenance to upgrade the collector.
- Device running the collector has powered down.
- Collector has been powered down or stopped.
- Device running the collector has lost connection to the network.
In order to resolve this alert:
- Check the status of the collector or device the collector is running on (hypervisor, Windows desktop, or Windows server) and power it on again.
| Default Severity: | Emergency |
| Default Description: |
VMware Hypervisor CPU Module Status equal to Bad or Degraded |
| Default Entities Applied To: | Hypervisor |
| Default Trigger Message: | The $system.deviceClass, $system.name, has a CPU module that is bad or degraded. |
| Default Trigger Condition: | VMWare Hypervisor CPU Module Status equal to Degraded OR Bad |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
VMWare Hypervisor CPU Module Status equal to Good |
| Default Clear Message: |
The $system.deviceClass, $system.name, has a CPU module that is now good. |
This alert will notify when a CPU module is reported as bad or degraded by a VMware hypervisor hardware sensor.
Possible causes for this include:
- Hardware sensors for an on-board CPU module have identified a bad or degraded state for the component.
In order to resolve this alert:
- Replace affected components as soon as possible. This can potentially cause application degradation and/or an outage for your clients.
| Default Severity: | Emergency |
| Default Description: |
VMware Hypervisor Hard Drive Status is equal to Bad or Degraded. |
| Default Entities Applied To: | Hypervisor |
| Default Trigger Message: | The $system.deviceClass, $system.name, has a hard drive that is bad or degraded. |
| Default Trigger Condition: | VMWare Hypervisor Hard Drive Status equal to Degraded OR Bad |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
VMWare Hypervisor Hard Drive Status equal to Good |
| Default Clear Message: |
The $system.deviceClass, $system.name has a hard drive status that is now good. |
This alert will notify when a hard drive is reported as bad or degraded by a VMware hypervisor hardware sensor.
Possible causes for this include:
- The hardware sensor and/or RAID controller is reporting a bad or degraded status for a specific drive.
In order to resolve this alert:
- Replace the degraded hard drive. You’ll need to schedule a maintenance window for the physical swap. If the drives are in a RAID array, account for time for data replication to occur on the new drive.
| Default Severity: | Emergency |
| Default Description: |
VMware Hypervisor Power Supply Status is equal to Bad or Degraded |
| Default Entities Applied To: | Hypervisor |
| Default Trigger Message: | The $system.deviceClass, $system.name, has a power supply that is bad or degraded. |
| Default Trigger Condition: | VMWare Hypervisor Power Supply Component Status equal to Degraded OR Bad |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
VMWare Hypervisor Power Supply Component Status equal to Good |
| Default Clear Message: |
The $system.deviceClass, $system.name has a power supply status that is now good. |
This alert will notify when a power supply is reported as bad or degraded by a VMware hypervisor hardware sensor.
Possible causes for this include:
- The hardware sensor for the hypervisor’s power supply is reporting a bad or degraded status.
In order to resolve this alert:
- Order a replacement power supply if a spare isn’t in storage. Replace the power supply as soon as possible.
| Default Severity: | Emergency |
| Default Description: |
VMware Hypervisor RAM Module Status is equal to Bad or Degraded |
| Default Entities Applied To: | Hypervisor |
| Default Trigger Message: | The $system.deviceClass, $system.name, has a RAM module that is bad or degraded. |
| Default Trigger Condition: | VMWare Hypervisor RAM Module Status equal to Degraded OR Bad |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
VMWare Hypervisor RAM Module Status equal to Good |
| Default Clear Message: |
The $system.deviceClass, $system.name, has a RAM module that is now good. |
This alert will notify when a RAM module is reported as bad or degraded by a VMware hypervisor hardware sensor.
Possible causes for this include:
- The hardware sensor for the hypervisor’s RAM module is reporting a bad or degraded status.
In order to resolve this alert:
- Replace the affected module.
Critical
| Default Severity: | Critical |
| Default Description: |
A device has an interface that is over over 50% utilized and the majority of that traffic is broadcast. |
| Default Entities Applied To: | Tag = "Network Device" |
| Default Trigger Message: |
The following interface(s) on $system.deviceClass, $system.name have relatively high utilization and high broadcast traffic: $deviceInterfaces.name |
| Default Trigger Condition: | For ANY interface, Interface Type equal to Ethernet AND Percentage of Packets Being Broadcasted greater than 75% AND Interface Utilization Percentage greater than 50% |
| Alert Delay: |
Alert if condition has been true for more than a certain 15 minutes |
| Default Clear Condition: |
For ANY interface, Interface Type equal to Ethernet AND Percentage of Packets Being Broadcasted less than 50% |
| Default Clear Message: |
The $system.deviceClass, $system.name, no longer has a high broadcast traffic percentage |
This alert will notify when the amount of broadcast traffic is greater than the defined thresholds on a device.
Possible causes for this include:
- A malfunction or misconfiguration that’s pushing a lot of traffic.
- A new (possibly rogue) DHCP server that’s been plugged in.
- A loop in the network that’s causing a broadcast storm.
In order to resolve this alert:
- Check the device the interface is connected to in order to see what could be causing high broadcast traffic. A malfunction or misconfiguration could be pushing a lot of traffic.
- Check for network loops. Hardware loops can be seen on Auvik’s network map. Unplug where necessary.
- If the alert is on a managed switch, check logs for spanning tree errors.
- Check for new switches or hubs that may have be added by the client and not configured properly.
- For advanced troubleshooting and where the switch permits, set up a port mirror on the port reporting high broadcast traffic. Use a laptop to perform a packet capture on traffic traversing the mirrored port. Inspect the traffic from the switch for further insight.
| Default Severity: | Critical |
| Default Description: |
A network element is offline for 5 minutes. |
| Default Entities Applied To: | Tag = "Network Device" |
| Default Trigger Message: |
The $system.deviceClass, $system.name, is $system.operStatus. $icmpDescription $system.name |
| Default Trigger Condition: | Operational Status equal to Down |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
Operational Status equal to Up |
| Default Clear Message: |
The $system.deviceClass, $system.name, is $system.operStatus. $icmpDescription |
This alert will notify when a network element has gone offline.
Possible causes for this include:
- Power outage or brownout.
- Upstream switch or router on the network is also having issues.
- Device misconfiguration.
- ICMP traffic to device blocked.
- Emergency maintenance.
- Hardware malfunction.
- Crash related to the operating system.
- Device removed from network.
In order to resolve this alert:
- Check the status of the device to determine why it’s no longer online.
| Default Severity: | Critical |
| Default Description: |
Internet connection has been lost for more than 5 minutes. |
| Default Entities Applied To: | Service Name equal to Internet Connection Check |
| Default Trigger Message: |
The internet connection for this default gateway $monitors.cloudPingCheckStatus.ipAddress is $monitors.monitorStatus.serviceOnlineStatus for more than 5 minutes. |
| Default Trigger Condition: |
Service Status equal to Offline |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
Service Status is equal to Online |
| Default Clear Message: |
The internet connection for this default gateway $monitors.cloudPingCheckStatus.ipAddress is online. |
This alert will notify when your internet connection has been lost for more than 5 minutes.
Possible causes for this include:
- Connectivity issues from the ISP.
- Malfunction in an edge network device (e.g., firewall).
- Power outage or brownout.
In order to resolve this alert:
- Check with your ISP to confirm if they’re having any connectivity issues.
| Default Severity: | Critical |
| Default Description: |
There has been a potential power outage. UPS is running on battery power. |
| Default Entities Applied To: |
Tag = "UPS Device" |
| Default Trigger Message: |
It appears that there has been a power outage or interruption as the UPS, $system.name, is now running on battery power. |
| Default Trigger Condition: |
UPS - Current Failure Reason not equal to Self Test AND UPS - Input/Output Status equal to On Battery Power |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
UPS - Input/Output Status not equal to |
| Default Clear Message: |
The UPS, $system.name, is no longer on battery power and is back on wall power. |
This alert will notify when a power outage has occurred and the UPS is running on battery power.
Possible causes for this include:
- Power outage or brownout.
- Power disconnection.
- UPS was powered off.
In order to resolve this alert:
- If a power outage occurred, power down all devices connected to the UPS before they power down as a result of the UPS running out of battery power. Check any breakers to confirm the power outage wasn’t a result of a breaker trip.
| Default Severity: | Critical |
| Default Description: |
UPS battery is getting low. |
| Default Entities Applied To: |
Tag = "UPS Device" |
| Default Trigger Message: |
This UPS, $system.name, is reporting that the battery charge is $ups.capacity%, which is considered low. |
| Default Trigger Condition: |
UPS - Percent Charged less than or equal to 20% |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
Default - Inverse of Trigger Condition |
| Default Clear Message: |
The UPS, $system.name, battery power is greater than the defined threshold. It is now at $ups.capacity% |
This alert will notify when a UPS battery is getting low.
In order to resolve this alert:
- Charge or replace the battery.
| Default Severity: | Critical |
| Default Description: |
VPN remote gateway has been lost for 5 minutes. |
| Default Entities Applied To: |
Service Type equal to SERVICE_VPN |
| Default Trigger Message: |
The VPN remote gateway $monitors.subDomain has been lost for 5 minutes. |
| Default Trigger Condition: |
Service Status equal to Offline |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
Service Status is equal to Online |
| Default Clear Message: |
The VPN remote gateway $monitors.subDomain is online. |
This alert will notify when a VPN remote gateway is no longer available.
Possible causes for this include:
- Gateway configuration has changed.
- One side of the tunnel is down due to a power down or link down.
- VPN appliance is down.
In order to resolve this alert:
- Check the VPN remote gateway connection to determine why it’s no longer reporting as available.
Warning
| Default Severity: | Warning |
| Default Description: |
An alert for when a new collector is discovered but not approved. |
| Default Entities Applied To: | Collectors |
| Default Trigger Message: |
The collector $collector.hostname ($collector.uuid) is $collector.connectionState and $collector.approvalState. Its IP address is $collector.privateIPAddress. Public IP: $collector.publicIPAddress |
| Default Trigger Condition: | Approval State equal to Not Approved AND Connection State equal to Online |
| Alert Delay: |
Alert if condition has been true for more than a certain 30 minutes |
| Default Clear Condition: |
Approval State equal to Approved |
| Default Clear Message: |
The collector $collector.hostname ($collector.uuid) is $collector.connectionState and $collector.approvalState. Its IP address is $collector.privateIPAddress. Public IP: $collector.publicIPAddress OS: $collector.osVersion BuildVersion: $collector.buildVersion |
This alert will notify when a new Auvik collector has been powered on and requires your approval.
In order to resolve this alert:
- Approve the new collector so it can start discovering details about your network.
| Default Severity: | Warning |
| Default Description: |
A Network Device has had its firmware changed. |
| Default Entities Applied To: | Tag = "Network Device" |
| Default Trigger Message: |
The $system.deviceClass, $system.name, just had its firmware changed to: $system.firmwareVersion |
| Default Trigger Condition: | Firmware Version Has Changed is True |
| Alert Delay: |
No delay |
| Default Clear Condition: |
No Clear Condition - Clear By Dismissing |
| Default Clear Message: |
The $system.deviceClass, $system.name, just had its firmware changed to: $system.firmwareVersion |
This alert will notify when the firmware on a network element has changed (upgrade or downgrade).
In order to resolve this alert:
- Check that the change completed correctly.
| Default Severity: | Warning |
| Default Description: |
This device has had an average CPU utilization of 80% over the last 10 minutes. |
| Default Entities Applied To: | Tag = "Network Device" |
| Default Trigger Message: | The $system.deviceClass, $system.name, has a sustained average CPU utilization of $deviceWithStats.cpu.totalUtilizationAvg5Min. |
| Default Trigger Condition: | CPU Utilization greater than 80% |
| Alert Delay: |
Alert if condition has been true for more than a certain 10 minutes |
| Default Clear Condition: |
CPU Utilization less than 70% |
| Default Clear Message: |
The $system.deviceClass, $system.name, has a sustained average CPU utilization of $deviceWithStats.cpu.totalUtilizationAvg5Min. |
This alert will notify when the CPU utilization has been greater than the defined thresholds on a device for several minutes.
Possible causes for this include:
- A runaway process on the affected device.
In order to resolve this alert:
- Check the device to see what could be causing high CPU utilization. Stop the process if necessary.
| Default Severity: | Warning |
| Default Description: |
Interface Utilization is greater than 80.0% |
| Default Entities Applied To: | Tag = "Network Device" |
| Default Trigger Message: | The following interface(s) on $system.deviceClass, $system.name have an average utilization greater than 80%: $deviceInterfaces.name |
| Default Trigger Condition: | For ANY interface, Interface Type equal to Ethernet AND Interface Utilization Percentage greater than 80% |
| Alert Delay: |
Alert if condition has been true for more than a certain 15 minutes |
| Default Clear Condition: |
For ANY interface, Interface Type equal to Ethernet AND Interface Utilization Percentage less than 80% |
| Default Clear Message: |
The $system.deviceClass, $system.name, has a sustained average memory utilization of $deviceWithStats.memory.totalUtilizationAvg5Min. |
This alert will notify when the interface utilization is greater than the defined thresholds on a device.
Possible causes for this include:
- Bandwidth hogs.
- An attached device performing a backup.
- Misconfigured device sending out multiple ARP requests.
In order to resolve this alert:
- Check the device to see what could be causing high interface utilization.
| Default Severity: | Warning |
| Default Description: |
Memory Utilization is above 85%. |
| Default Entities Applied To: | Tag = "Network Device" |
| Default Trigger Message: | The following interface(s) on $system.deviceClass, $system.name have an average utilization greater than 80%: $deviceInterfaces.name |
| Default Trigger Condition: | Memory Utilization greater than 85% |
| Alert Delay: |
Alert if condition has been true for more than a certain 60 minutes |
| Default Clear Condition: |
Memory Utilization less than 80% |
| Default Clear Message: |
The $system.deviceClass, $system.name, has a sustained average memory utilization of $deviceWithStats.memory.totalUtilizationAvg5Min. |
This alert will notify when the memory utilization is greater than the defined thresholds on a device.
Possible causes for this include:
- Memory leaks.
- Processes running on a device to see what’s using memory.
- Memory size not large enough to support OS image (if you upgraded recently).
- Memory fragmentation.
In order to resolve this alert:
- Check the device to see what could be causing high memory utilization.
| Default Severity: | Warning |
| Default Description: |
A device has a 5 minute average of 100,000 packet discards consecutively for 3 hours. |
| Default Entities Applied To: | Tag = "Network Device" |
| Default Trigger Message: | The following interface(s) on $system.deviceClass, $system.name have relatively high utilization and a 3 hour sustained 5 minute average of 100,000 packet discards: $deviceInterfaces.name |
| Default Trigger Condition: | For ANY interface, Interface Type equal to Ethernet AND Interface Packet Discards, Total greater than 100000 AND Interface Utilization Percentage greater than 10% |
| Alert Delay: |
Alert if condition has been true for more than a certain 180 minutes |
| Default Clear Condition: |
For ANY interface, Interface Type equal to Ethernet AND Interface Packet Discards, Total greater than 90000 |
| Default Clear Message: |
The $system.deviceClass, $system.name, no longer has a high packet discard count. |
This alert will notify when the packet discards for a device are greater than the defined thresholds.
Possible causes for this include:
- Network congestion.
- Interface receiving tagged traffic for a VLAN it’s not configured to use.
- Spanning tree with blocked port.
- Faulty hardware.
- Port authentication or port-security violations.
- Frames exceeding storm control limits.
- All zero MAC addresses for either the source or the destination.
- MAC address of source and destination are equal.
- ARP requests with all zeros for the IP address.
- Hardware ACL dropping traffic.
- Hardware queue on the interface is full (overbooking).
- Software buffer is full (CPU doesn’t have enough resources to process traffic).
- Multi-path fading (if device is an access point or wireless).
In order to resolve this alert:
- Check the device to see what could be causing excessive packet discards.
| Default Severity: | Warning |
| Default Description: |
A device has a 5 minute average of 100,000 packet discards consecutively for 3 hours. |
| Default Entities Applied To: | Tag = "Network Device" |
| Default Trigger Message: | The following interface(s) on $system.deviceClass, $system.name have relatively high utilization and a 3 hour sustained 5 minute average of 100,000 packet errors: $deviceInterfaces.name |
| Default Trigger Condition: | For ANY interface, Interface Type equal to Ethernet AND Interface Packet Errors, Total greater than 100000 AND Interface Utilization Percentage greater than 10% |
| Alert Delay: |
Alert if condition has been true for more than a certain 180 minutes |
| Default Clear Condition: |
For ANY interface, Interface Type equal to Ethernet AND Interface Packet Errors, Total greater than 90000 |
| Default Clear Message: |
The $system.deviceClass, $system.name, no longer has a high packet error count. |
This alert will notify when the packet errors for a device are greater than the defined thresholds.
Possible causes for this include:
- Alignment errors.
- FCS (frame check sequence) errors.
- CRC (cyclic redundancy check) errors.
- Too long/too short errors.
- Overloaded device.
In order to resolve this alert:
- Check the device logs to see what type of packet errors are occurring.
| Default Severity: | Warning |
| Default Description: |
A device has storage utilization above 80%. |
| Default Entities Applied To: | Tag = "Network Device" |
| Default Trigger Message: | The $system.deviceClass, $system.name has storage utilization of $deviceWithStats.storage.totalUtilizationAvg5Min |
| Default Trigger Condition: | Device Storage Utilization greater than 80% |
| Alert Delay: |
Alert if condition has been true for more than a certain 180 minutes |
| Default Clear Condition: |
Default - Inverse of Trigger Condition |
| Default Clear Message: |
The $system.deviceClass, $system.name has storage utilization of $deviceWithStats.storage.totalUtilizationAvg5Min |
This alert will notify when storage utilization is running high on a device.
In order to resolve this alert:
- Check the device to confirm if it’s running low on storage resources. Removing unwanted items to clear space will help.
| Default Severity: | Warning |
| Default Description: |
An infrastructure device is offline for the past 5 minutes. |
| Default Entities Applied To: | Tag = "Infrastructure Device" |
| Default Trigger Message: |
The $system.deviceClass, $system.name, is $system.operStatus. $icmpDescription $system.name |
| Default Trigger Condition: | Operational Status equal to Down |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
Operational Status equal to Up |
| Default Clear Message: |
The $system.deviceClass, $system.name is now $system.operStatus. |
This alert will notify when an infrastructure device has gone offline.
Possible causes for this include:
- Device is no longer responding to pings from the Auvik collector.
- Device has been powered down.
- Device has crashed.
- Power outage or brownout.
- Emergency maintenance.
- Device removed from the network.
In order to resolve this alert:
- Check on the status of the device to determine why it is no longer online.
| Default Severity: | Warning |
| Default Description: |
Age of the Last Hypervisor Snapshot is greater than 3 Days |
| Default Entities Applied To: | Hypervisors |
| Default Trigger Message: |
The last snapshot for $system.name was $virtualMachine.vmData.lastSnapshot |
| Default Trigger Condition: | Age of the Last Snapshot (Day) greater than 3 days |
| Alert Delay: |
Alert if condition has been true for more than a certain 180 minutes |
| Default Clear Condition: |
Default - Inverse of Trigger Condition |
| Default Clear Message: |
The last snapshot for $system.name was $virtualMachine.vmData.lastSnapshot |
This alert will notify if a snapshot for a virtual machine has not been taken.
In order to resolve this alert:
- Take a new snapshot if determined a new snapshot should be taken for the virtual machine.
| Default Severity: | Warning |
| Default Description: |
A Network Device has had its software changed. |
| Default Entities Applied To: | Tag = "Network Device" |
| Default Trigger Message: |
The $system.deviceClass, $system.name, just had its software changed to: $system.softwareVersion |
| Default Trigger Condition: | Software Version Has Changed is True |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
No Clear Condition - Clear By Dismissing |
| Default Clear Message: |
The $system.deviceClass, $system.name, just had its software changed to: $system.softwareVersion |
This alert will notify when the software on a network element has changed (upgrade or downgrade).
In order to resolve this alert:
- Check that the change completed correctly.
| Default Severity: | Warning |
| Default Description: |
Number of Snapshots for this Virtual Machine is greater than 5 |
| Default Entities Applied To: | Hypervisors |
| Default Trigger Message: |
The last snapshot for $system.name was $virtualMachine.vmData.lastSnapshot. This virtual machine now has more than 5 snapshots. |
| Default Trigger Condition: | Number of Snapshots for this Virtual Machine greater than 5 |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
Default - Inverse of Trigger Condition |
| Default Clear Message: |
The last snapshot for $system.name was $virtualMachine.vmData.lastSnapshot. The snapshot count is now below the threshold. |
This alert will notify when the number of available snapshots for a virtual machine has exceeded the allowed number.
In order to resolve this alert:
- From VMware: reduce the number of snapshots by deleting old snapshots that are no longer needed.
| Default Severity: | Warning |
| Default Description: |
Size of All Snapshots is greater than 50 GiB(s) |
| Default Entities Applied To: | Hypervisors |
| Default Trigger Message: |
The total size of the snapshot repository for the virtual machine, $system.name has exceeded the limit and is now $virtualMachine.vmData.snapshotSizeGB. Previous: $virtualMachine.vmData.lastSnapshotSizeGB |
| Default Trigger Condition: | Snapshot Size greater than 50 GB |
| Alert Delay: |
Alert if condition has been true for more than a certain 180 minutes |
| Default Clear Condition: |
Default - Inverse of Trigger Condition |
| Default Clear Message: |
The total size of the snapshot repository for the virtual machine, $system.name is now below the threshold. Current: $virtualMachine.vmData.snapshotSizeGB |
This alert will notify when the size of a hypervisor’s snapshot repository has exceeded the allowed size (in GB).
In order to resolve this alert:
- From VMware: reduce the size of the hypervisor’s snapshot repository by deleting old snapshots that are no longer needed.
| Default Severity: | Warning |
| Default Description: |
Network element uptime is greater than 1000 days. |
| Default Entities Applied To: | Tag = "Network Device" |
| Default Trigger Message: |
The uptime of $system.name is $uptimeDurationDays days. |
| Default Trigger Condition: | Uptime greater than 1000 days |
| Alert Delay: |
No delay |
| Default Clear Condition: |
Default - Inverse of Trigger Condition |
| Default Clear Message: |
The uptime of $system.name is now $uptimeDurationDays days. |
This alert will notify when when a network device has been online past a specific time period.
Some devices that are up for too long begin to run poorly and may display other issues. This alert can also be used to determine if a device has gone too long without a firmware update.
In order to resolve this alert:
- Restart the device.
| Default Severity: | Warning |
| Primary Purpose: |
Notify when a UPS battery needs to be replaced. |
| Default Description: |
UPS status monitoring indicates that the battery can no longer function properly and needs to be replaced. |
| Possible cause for this alert include | N/A |
| Default Entities Applied To: | Tag = "UPS Device" |
| Default Trigger Message: |
This UPS, $system.name, is reporting that the battery needs to be replaced. |
| Default Trigger Condition: | UPS - Replace Battery is True |
| Alert Delay: |
No delay |
| Default Clear Condition: |
Default - Inverse of Trigger Condition |
| Default Clear Message: |
The battery on the UPS, $system.name, has been replaced. |
| Action to be Taken: |
Replace the old battery with a new battery. |
This alert will notify when a UPS battery needs to be replaced.
In order to resolve this alert:
- Replace the old battery with a new battery.
| Default Severity: | Warning |
| Default Description: |
The printer is reporting a missing output tray. |
| Default Entities Applied To: | Tag = "Printer" |
| Default Trigger Message: |
The printer, $system.name, is reporting a missing output tray. |
| Default Trigger Condition: | Printer - Output Tray Missing is True |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
Default - Inverse of Trigger Condition |
| Default Clear Message: |
The output tray on the printer, $system.name, has been put back. |
This alert will notify when the output tray for a printer has been removed and not put back.
In order to resolve this alert:
- Check the printer and put the output tray back.
| Default Severity: | Warning |
| Default Description: |
The printer is reporting a missing input tray. |
| Default Entities Applied To: | Tag = "Printer" |
| Default Trigger Message: |
The printer, $system.name, is reporting a missing input tray. |
| Default Trigger Condition: | Printer - Input Tray Missing is True |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
Default - Inverse of Trigger Condition |
| Default Clear Message: |
The input tray on the printer, $system.name, has been put back. |
This alert will notify when the input tray for a printer has been removed and not put back.
In order to resolve this alert:
- Check the printer and put the input tray back.
| Default Severity: | Warning |
| Default Description: |
The printer is reporting that it's jammed. |
| Default Entities Applied To: | Tag = "Printer" |
| Default Trigger Message: |
The printer, $system.name, is reporting that it's jammed. |
| Default Trigger Condition: | Printer - Paper Jammed is True |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
Default - Inverse of Trigger Condition |
| Default Clear Message: |
The printer, $system.name, is no longer jammed. |
This alert will notify when paper has become jammed in a printer.
In order to resolve this alert:
- Check the printer and remove any paper that’s jamming the works.
| Default Severity: | Warning |
| Default Description: |
The printer has gone offline. |
| Default Entities Applied To: | Tag = "Printer" |
| Default Trigger Message: |
The printer, $system.name, is down. system.serialNo: $system.serialNo |
| Default Trigger Condition: | Operational Status equal to Down |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
Operational Status equal to Up |
| Default Clear Message: |
The printer, $system.name, is up. $icmpDescription $system.name |
This alert will notify when when a printer has gone offline.
In order to resolve this alert:
- Check the status of the device to determine why it’s no longer online. If needed, power it back on.
| Default Severity: | Warning |
| Default Description: |
The device has reached its maximum number of SSL VPN sessions. |
| Default Entities Applied To: | Tag = "Firewall" |
| Default Trigger Message: |
The $system.deviceClass, $system.name, has reached the maximum number of SSL VPN sessions. Currently, it has $vpnClientConnections.currentConnectionCount SSL VPN sessions in use. |
| Default Trigger Condition: | SSL VPN Session Utilization equal to 100% |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
SSL VPN Session Utilization less than 90% |
| Default Clear Message: |
The $system.deviceClass, $system.name, has fallen below 90% of the maximum number of SSL VPN sessions. Currently, it has $vpnClientConnections.currentConnectionCount SSL VPN sessions in use. |
This alert will notify when the number of SSL VPN sessions in use is greater than or equal to the maximum entered for the firewall.
In order to resolve this alert:
- Check that there are enough licenses and hardware capacity.
Informational
| Default Severity: | Informational |
| Default Description: |
The device has a low number of available SSL VPN sessions. |
| Default Entities Applied To: | Tag = "Firewall" |
| Default Trigger Message: | The $system.deviceClass, $system.name, has a low number of available SSL VPN sessions. Currently, it has $vpnClientConnections.currentAvailableSessions sessions left. |
| Default Trigger Condition: | SSL VPN Sessions Available less than 2 |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
No Clear Condition - Clear By Dismissing |
| Default Clear Message: |
Dismissed. Currently, the $system.deviceClass, $system.name, has $vpnClientConnections.currentAvailableSessions SSL VPN sessions left. |
This alert will notify when the number of available SSL VPN sessions remaining, based on the maximum entered, is less than the defined threshold for the firewall.
In order to resolve this alert:
- Check that there are enough licenses and hardware capacity.
| Default Severity: | Informational |
| Default Description: |
The device has a high number of SSL VPN sessions in use. |
| Default Entities Applied To: | Tag = "Firewall" |
| Default Trigger Message: | The $system.deviceClass, $system.name, has a high number of SSL VPN sessions in use. Currently, there are $vpnClientConnections.currentConnectionCount sessions in use. |
| Default Trigger Condition: | SSL VPN Sessions In Use greater than 90 |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
No Clear Condition - Clear By Dismissing |
| Default Clear Message: |
Dismissed. The $system.deviceClass, $system.name, has $vpnClientConnections.currentConnectionCount SSL VPN sessions in use. |
This alert will notify when the number of SSL VPN sessions in use is greater than the defined threshold for the firewall.
In order to resolve this alert:
- Check that there are enough licenses and hardware capacity.
| Default Severity: | Informational |
| Primary Purpose: | Notify when the percentage of SSL VPN sessions in use, relative to the maximum entered, is greater than the defined threshold for the firewall. |
| Default Description: |
The device has a high percentage of SSL VPN sessions in use. |
| Possible cause for this alert include: | N/A |
| Default Entities Applied To: | Tag = "Firewall" |
| Default Trigger Message: | The $system.deviceClass, $system.name, has a high percentage of SSL VPN sessions in use. Currently, it's at $vpnClientConnections.currentSessionUtilization%. |
| Default Trigger Condition: | SSL VPN Session Utilization greater than 90% |
| Alert Delay: |
Alert if condition has been true for more than a certain 5 minutes |
| Default Clear Condition: |
No Clear Condition - Clear By Dismissing |
| Default Clear Message: |
Dismissed. Currently, the percentage of SSL VPN sessions in use for $system.deviceClass, $system.name, is $vpnClientConnections.currentSessionUtilization%. |
| Action to be Taken: |
Check that there are enough licenses and hardware capacity. |
This alert will notify when the percentage of SSL VPN sessions in use, relative to the maximum entered, is greater than the defined threshold for the firewall.
In order to resolve this alert:
- Check that there are enough licenses and hardware capacity.