Cisco Cisco Firepower Management Center 4000
55-4
FireSIGHT System User Guide
Chapter 55 Using Health Monitoring
Understanding Health Monitoring
Discovery Event Status
This module indicates whether a specified period of time has passed since any discovery events
have been detected by a device.
have been detected by a device.
Disk Status
This module examines performance of the hard disk, and malware storage pack (if installed) on
the appliance. It alerts when the hard disks and RAID controller (if installed) are in danger of
failing, or if the malware storage pack is not detected after installation or inauthentic.
the appliance. It alerts when the hard disks and RAID controller (if installed) are in danger of
failing, or if the malware storage pack is not detected after installation or inauthentic.
Disk Usage
This module compares disk usage on the appliance’s hard drive and malware storage pack to the
limits configured for the module and alerts when usage exceeds the percentages configured for
the module. This module also alerts when the system excessively deletes files in monitored disk
usage categories, or when disk usage excluding those categories reaches excessive levels, based
on module thresholds.
limits configured for the module and alerts when usage exceeds the percentages configured for
the module. This module also alerts when the system excessively deletes files in monitored disk
usage categories, or when disk usage excluding those categories reaches excessive levels, based
on module thresholds.
FireAMP Status Monitor
The module alerts if the Defense Center cannot connect to the Cisco cloud after an initial
successful connection, or if you deregister a cloud connection using the FireAMP portal.
successful connection, or if you deregister a cloud connection using the FireAMP portal.
This module only runs on Defense Centers.
FireSIGHT Host License
Limit
Limit
This module determines if sufficient FireSIGHT host licenses remain and alerts based on the
warning level configured for the module.
warning level configured for the module.
This module only runs on Defense Centers.
Hardware Alarms
This module determines if hardware needs to be replaced on a Series 3 or 3D9900 device and
alerts based on the hardware status. The module also reports on the status of hardware-related
daemons and on the status of clustered appliances.
alerts based on the hardware status. The module also reports on the status of hardware-related
daemons and on the status of clustered appliances.
For more information on the details reported for these devices, see
and
Health Monitor Process
This module monitors the status of the health monitor itself and alerts if the number of minutes
since the last health event received by the Defense Center exceeds the Warning or Critical limits.
since the last health event received by the Defense Center exceeds the Warning or Critical limits.
This module only runs on Defense Centers.
Inline Link Mismatch
Alarms
Alarms
This module monitors the ports associated with inline sets and alerts if the two interfaces of an
inline pair negotiate different speeds.
inline pair negotiate different speeds.
Intrusion Event Rate
This module compares the number of intrusion events per second to the limits configured for
this module and alerts if the limits are exceeded. If the Intrusion Event Rate is zero, the intrusion
process may be down or the managed device may not be sending events. Select
this module and alerts if the limits are exceeded. If the Intrusion Event Rate is zero, the intrusion
process may be down or the managed device may not be sending events. Select
Analysis >
Intrusions > Events
to check if events are being received from the device.
License Monitor
This module determines if sufficient licenses for Control, Protection, URL Filtering, Malware,
and VPN remain. It also alerts when devices in a stack have mismatched license sets. It alerts
based on a warning level automatically configured for the module. You cannot change the
configuration of this module.
and VPN remain. It also alerts when devices in a stack have mismatched license sets. It alerts
based on a warning level automatically configured for the module. You cannot change the
configuration of this module.
This module only runs on Defense Centers.
Link State Propagation
This module determines when a link in a paired inline set fails and triggers the link state
propagation mode.
propagation mode.
Memory Usage
This module compares memory usage on the appliance to the limits configured for the module
and alerts when usage exceeds the levels configured for the module.
and alerts when usage exceeds the levels configured for the module.
Table 55-1
Health Modules (continued)
Module
Description