Cisco Cisco Firepower Management Center 2000
55-35
FireSIGHT System User Guide
Chapter 55 Using Health Monitoring
Using the Health Monitor Blacklist
To temporarily disable health events from an appliance, go to the blacklist configuration page and add
an appliance to the blacklist. After the setting takes effect, the system no longer includes the blacklisted
appliance when calculating the overall health status. The Health Monitor Appliance Status Summary
lists the appliance as disabled.
an appliance to the blacklist. After the setting takes effect, the system no longer includes the blacklisted
appliance when calculating the overall health status. The Health Monitor Appliance Status Summary
lists the appliance as disabled.
At times it may be more practical to just blacklist an individual health monitoring module on an
appliance. For example, when you run out of FireSIGHT host licenses on an appliance, you can blacklist
the FireSIGHT Host License Limit status messages.
appliance. For example, when you run out of FireSIGHT host licenses on an appliance, you can blacklist
the FireSIGHT Host License Limit status messages.
Note that on the main Health Monitor page you can distinguish between appliances that are blacklisted
if you expand to view the list of appliances with a particular status by clicking the arrow in that status
row. For more information on expanding that view, see
if you expand to view the list of appliances with a particular status by clicking the arrow in that status
row. For more information on expanding that view, see
.
A blacklist icon (
) and a notation are visible after you expand the view for a blacklisted or partially
blacklisted appliance.
Note
On a Defense Center, Health Monitor blacklist settings are local configuration settings. Therefore, if you
blacklist a device, then delete it and later re-register it with the Defense Center, the blacklist settings
remain persistent. The newly re-registered device remains blacklisted.
blacklist a device, then delete it and later re-register it with the Defense Center, the blacklist settings
remain persistent. The newly re-registered device remains blacklisted.
For more information, see:
•
•
•
Blacklisting Health Policies or Appliances
License:
Any
If you want to set health events to disabled for all appliances with a particular health policy, you can
blacklist the policy. If you need to disable the results of a group of appliances’ health monitoring, you
can blacklist the group of appliances. After the blacklist settings take effect, the appliance shows as
disabled in the Health Monitor Appliance Module Summary and Device Management page. Health
events for the appliance have a status of disabled.
blacklist the policy. If you need to disable the results of a group of appliances’ health monitoring, you
can blacklist the group of appliances. After the blacklist settings take effect, the appliance shows as
disabled in the Health Monitor Appliance Module Summary and Device Management page. Health
events for the appliance have a status of disabled.
Note that if your Defense Center is in a high availability configuration, you can blacklist a managed
device on one high availability peer and not the other. You can also blacklist the high availability peer
to cause it to mark events generated by it and the devices from which it receives health events as disabled.
Defense Centers in a high availability pair have the option to completely or partially blacklist their peer.
device on one high availability peer and not the other. You can also blacklist the high availability peer
to cause it to mark events generated by it and the devices from which it receives health events as disabled.
Defense Centers in a high availability pair have the option to completely or partially blacklist their peer.
To blacklist an entire health policy or group of appliances:
Access:
Admin/Maint
Step 1
Select
Health > Blacklist
.
The Blacklist page appears.
Step 2
Use the drop-down list on the right to sort the list by group, policy, or model. (Groups on a Defense
Center are managed devices.)
Center are managed devices.)
Note that appliances with some, but not all, health modules blacklisted will appear as
(Partially
Blacklisted)
. If you edit their blacklist status on the main blacklist page, you can either blacklist all
modules on those appliances or remove all blacklisting. For information on blacklisting individual health