Cisco Cisco Firepower Management Center 4000
55-5
FireSIGHT System User Guide
Chapter 55 Using Health Monitoring
Understanding Health Monitoring
Power Supply
This module determines if power supplies on the device require replacement and alerts based on
the power supply status.
the power supply status.
This module runs on these Defense Centers: DC1500, DC3500.
This module runs on these devices: 3D3500, 3D4500, 3D6500, 3D9900, and Series 3.
Process Status
This module determines if processes on the appliance exit or terminate outside of the process
manager. If a process is deliberately exited outside of the process manager, the module status
changes to Warning and the health event message indicates which process exited, until the
module runs again and the process has restarted. If a process terminates abnormally or crashes
outside of the process manager, the module status changes to Critical and the health event
message indicates the terminated process, until the module runs again and the process has
restarted.
manager. If a process is deliberately exited outside of the process manager, the module status
changes to Warning and the health event message indicates which process exited, until the
module runs again and the process has restarted. If a process terminates abnormally or crashes
outside of the process manager, the module status changes to Critical and the health event
message indicates the terminated process, until the module runs again and the process has
restarted.
RRD Server Process
This module determines if the round robin data server that stores time series data is running
properly and alerts based on the number of recent RRD server restarts.
properly and alerts based on the number of recent RRD server restarts.
This module only runs on Defense Centers.
Security Intelligence
This module alerts in a variety of situations involving Security Intelligence filtering, including
feed update, feed corruption, and memory issues.
feed update, feed corruption, and memory issues.
This module runs on all Defense Centers except the DC500, which does not support Security
Intelligence filtering.
Intelligence filtering.
Time Series Data Monitor
This module tracks the presence of corrupt files in the directory where time series data (such as
compliance event counts) are stored and alerts when files are flagged as corrupt and removed.
compliance event counts) are stored and alerts when files are flagged as corrupt and removed.
This module only runs on Defense Centers.
Time Synchronization
Status
Status
This module tracks the synchronization of a device clock that obtains time using NTP with the
clock on the NTP server and alerts if the difference in the clocks is more than ten seconds.
clock on the NTP server and alerts if the difference in the clocks is more than ten seconds.
Traffic Status
This module determines if the device currently collects traffic and alerts based on the traffic
status.
status.
URL Filtering Monitor
This module tracks communication between the Defense Center and the Cisco cloud, where the
system obtains its URL filtering (category and reputation) data for commonly visited URLs. The
module alerts if the Defense Center fails to successfully communicate with or retrieve an update
from the cloud.
system obtains its URL filtering (category and reputation) data for commonly visited URLs. The
module alerts if the Defense Center fails to successfully communicate with or retrieve an update
from the cloud.
This module also tracks communications between the Defense Center and any managed devices
where you have enabled URL filtering. The module alerts if the Defense Center cannot push
URL filtering data to those devices.
where you have enabled URL filtering. The module alerts if the Defense Center cannot push
URL filtering data to those devices.
This module only runs on all Defense Centers except the DC500, which does not support URL
filtering.
filtering.
User Agent Status Monitor This module alerts when heartbeats are not detected for any User Agents connected to the
Defense Center.
This module only runs on Defense Centers.
VPN Status
This module alerts when the system detects that the VPN feature is not functioning.
This module only runs on Defense Centers.
Table 55-1
Health Modules (continued)
Module
Description