Cisco Cisco Firepower Management Center 4000
55-54
FireSIGHT System User Guide
Chapter 55 Using Health Monitoring
Working with Health Events
You can search for specific health events. You may want to create searches customized for your network
environment, then save them to reuse later. The following table describes the search criteria you can use.
environment, then save them to reuse later. The following table describes the search criteria you can use.
For more information on searching, including information on special search syntax as well as saving and
loading searches, see
loading searches, see
.
To run and save health event searches:
Access:
Admin/Maint/Any Security Analyst
Step 1
Select
Analysis > Search
.
The Search page appears.
Step 2
From the
Table
drop-down list, select
Health Events
.
The Health Event Search page appears.
Step 3
Optionally, if you want to save the search, enter a name for the search in the
Name
field.
If you do not enter a name, one is created automatically when you save the search.
Step 4
Enter your search criteria in the appropriate fields, as described in the
table.
If you enter multiple criteria, the search returns only the records that match all the criteria.
Step 5
Optionally, if you want to save the search so that other users can access it, disable the
Save As Private
check box. Otherwise, leave the check box selected to save the search as private.
Table 55-12
Health Event Search Criteria
Search Field
Description
Module Name
Specify the name of the module which generated the health events you want to view. For
example, to view events that measure CPU performance, type
example, to view events that measure CPU performance, type
CPU
. The search should retrieve
applicable CPU Usage and CPU temperature events.
Value
Specify the value (number of units) of the result obtained by the health test for the events you
want to view.
want to view.
For example, if you specify a value of 15 and type
CPU
in the Units field, you retrieve events
where the appliance CPU was running at 15% utilization at the time the test ran.
Description
Specify the description of the events you want to view. For example, you could enter
Unable to
Execute
to view any health events where a process was unable to execute. You can use an
asterisk (*) in this field to create wildcard searches.
Units
Specify the units descriptor for the result obtained by the health test for the events you want to
view. You can use an asterisk (*) in this field to create wildcard searches.
view. You can use an asterisk (*) in this field to create wildcard searches.
For example, if you type
%
in the Units field, you retrieve all events for the Disk Usage modules,
because the Disk Usage module has a “%” label in the Units field (and no additional text).
However, if you type
However, if you type
*%
in the Units field, you retrieve all events for any modules that contain
text followed by a “%” sign in the Units field.
Status
Specify the status for the health events that you want to view. Valid status levels are Critical,
Warning, Normal, Error, and Disabled.
Warning, Normal, Error, and Disabled.
For example, type
Critical
to retrieve all health events that indicate a critical status.
Device
Specify the name of the device.