Cisco Cisco Firepower Management Center 4000
55-38
FireSIGHT System User Guide
Chapter 55 Using Health Monitoring
Configuring Health Monitor Alerts
When you create a health monitor alert, you create an association between a severity level, a health
module, and an alert response. You can use an existing alert or configure a new one specifically to report
on system health. When the severity level occurs for the selected module, the alert triggers.
module, and an alert response. You can use an existing alert or configure a new one specifically to report
on system health. When the severity level occurs for the selected module, the alert triggers.
Note that if you create or update a threshold in a way that duplicates an existing threshold, you are
notified of the conflict. When duplicate thresholds exist, the health monitor uses the threshold that
generates the fewest alerts and ignores the others. The timeout value for the threshold must be between
5 and 4,294,967,295 minutes.
notified of the conflict. When duplicate thresholds exist, the health monitor uses the threshold that
generates the fewest alerts and ignores the others. The timeout value for the threshold must be between
5 and 4,294,967,295 minutes.
To create health monitor alerts:
Access:
Admin
Step 1
Select
Health > Health Monitor Alerts
.
The Health Monitor Alerts page appears.
Step 2
Type a name for the health alert in the
Health Alert Name
field.
Step 3
From the
Severity
list, select the severity level you want to use to trigger the alert.
Step 4
From the
Module
list, select the modules for which you want the alert to apply.
Tip
To select multiple modules, press Shift + Ctrl and click the module names.
Step 5
From the
Alert
list, select the alert response that you want to trigger when the selected severity level is
reached.
Tip
Click
Alerts
Step 6
Optionally, in the
Threshold Timeout
field, type the number of minutes that should elapse before each
threshold period ends and the threshold count resets. The default value is 5 minutes.
Note that even if the policy run time interval value is less than the threshold timeout value, the interval
between two reported health events from a given module is always greater, such that if the threshold
timeout is 8 minutes and the policy run time interval is 5 minutes, there will be a 10-minute interval (5
x 2) between reported events.
between two reported health events from a given module is always greater, such that if the threshold
timeout is 8 minutes and the policy run time interval is 5 minutes, there will be a 10-minute interval (5
x 2) between reported events.
Step 7
Click
Save
to save the health alert.
A message appears, indicating if the alert configuration was successfully saved. The Active Health
Alerts list now includes the alert you created.
Alerts list now includes the alert you created.
Interpreting Health Monitor Alerts
License:
Any
The alerts generated by the health monitor contain the following information:
•
Severity, which indicates the severity level of the alert.
•
Module, which specifies the health module whose test results triggered the alert.
•
Description, which includes the health test results that triggered the alert.