Prisma SD-WAN generates alerts and alarms
when the system reaches system-defined or customer-defined thresholds
or there is a fault in the system. An alert may or may not be an
indication of a fault in the network. An alert is raised when the
system reaches system-defined or customer-defined thresholds. An
alarm is an indication of a fault in the system. Alarms are raised
and cleared and vary in severity (Critical, Major, and Minor).
When configuring the Chatbot CloudBlade for Slack in Prisma SD-WAN,
you can enable the Alerts and Notifications field
to generate Slack notifications for the chatbot supported alarms
and alerts from the controller. You must choose from the drop-down
list of event codes you wish to configure, and the chatbot will send
notifications only for those alarms or alerts with event codes.
The following tables describe the list of event codes, the event
origin, its severity, and a description of each event.
CODE
ALARM/ALERT
SEVERITY
EVENT DESCRIPTION
APPLICATION_CUSTOM_
RULE_CONFLICT
ALARM
Major
Selected application has a custom rule conflict.
APPLICATION_PROBE_
DISABLED
ALARM
Major
Application probes are disabled either due
to incomplete configuration or invalid state.
DEVICEHW_DISKENC_SYSTEM
ALARM
Critical
Disk partition fails to convert into an encrypted
partition during device upgrade.
DEVICEHW_DISKUTIL_
PARTITIONSPACE
ALARM
Major
Disk Storage Utilization on a device has reached
85% capacity.
DEVICEHW_INTERFACE_DOWN
ALARM
Major
Configured Admin-Up interface is not receiving
a signal or experiencing an error that has caused lack of data flow
through that interface.
DEVICEHW_INTERFACE_
ERRORS
ALARM/ALERT
Major
Interface issues have been raised by the device
and could be Interface down, SFP failure, and Excessive errors on
the interfaces.
DEVICEHW_INTERFACE_
HALFDUPLEX
ALARM
Major
Interface running in half-duplexmode.
DEVICEHW_MEMUTIL_
SWAPSPACE
ALARM
Critical
High memory utilization.
DEVICEHW_POWER_LOST
ALARM
Major
Power supply unit reports loss of power, possibly
due to failure or unplugged power cable.
DEVICEIF_ADDRESS_
DUPLICATE
ALARM
Major
Another device in the local network is using
an IP address assigned to this device.
DEVICESW_ANALYTICS_
DISCONNECTED_FROM_
CONTROLLER
ALARM
Minor
Device analytics is disconnected from Controller
for a prolonged duration.
DEVICESW_CONCURRENT_
FLOWLIMIT_EXCEEDED
ALARM
Critical
The system has reached edits allowed max concurrent
flow limit.
DEVICESW_CONNTRACK_
FLOWLIMIT_EXCEEDED
ALARM
Critical
Conntrack table flow count has exceeded the
threshold.
DEVICESW_CRITICAL_
PROCESSRESTART
ALARM
Critical
A critical software process on the device has
restarted either due to an error or as a self recovery method.
DEVICESW_CRITICAL_
PROCESSSTOP
ALARM
Critical
A critical software process on the device has
stopped due to an error and is unable to recover with a self restart.
DEVICESW_DHCPRELAY_RESTART
ALARM
Minor
DHCP relay agent on a device has restarted
and recovered from an error.
DEVICESW_DHCPSERVER_ERRORS
ALARM
Critical
DHCP server failed to start.
DEVICESW_DHCPSERVER_RESTART
ALERT
Minor
DHCP server listening on physical interfaces
has restarted and recovered from an error.
DEVICESW_DISCONNECTED_
FROM_CONTROLLER
ALARM
Major
Device has remained disconnected from the controller for
a prolonged duration.
DEVICESW_FLOWS_
DISCONNECTED_FROM_
CONTROLLER
ALARM
Minor
Device flows disconnected from Controller for
prolonged duration.
DEVICESW_FPS_LIMIT_EXCEEDED
ALARM
Major
The system has reached its allowed flows per
second limit.
DEVICESW_GENERAL_
PROCESSRESTART
ALERT
Minor
A software process on the device has restarted
either due to an error or self-recovery method.
DEVICESW_GENERAL_PROCESSSTOP
ALARM
Major
A software process on the device has stopped
due to an error and is unable to recover with a self-restart.
DEVICESW_IMAGE_UNSUPPORTED
ALARM
Critical
Device's software image is not recognized by
the controller.
DEVICESW_IPFIX_COLLECTORS_DOWN
ALARM
Major
The IPFIX export process observes that there
are no active connections to the IPFIX collectors.
DEVICESW_LICENSE_
VERIFICATION_FAILED
ALARM
Critical
The license is no longer valid. The maximum
ION device deployment limit is reached.
DEVICESW_MONITOR_DISABLED
ALARM
Major
A software process that monitors the health
of device and its hardware or software components is disabled.
DEVICESW_NTP_NO_SYNC
ALARM
Major
Device NTP has been unreachable for more than
24 hours.
DEVICESW_SNMP_AGENT_
FAILED_TO_START
ALERT
Major
SNMP Agent failed to start due to either invalid
configuration or decryption failure.
DEVICESW_SNMP_AGENT_RESTART
ALERT
Minor
SNMP agent on a device has restarted.
DEVICESW_SYSLOGSERVERS_DOWN
ALARM
Minor
A Syslog Export daemon failed to connect with
remote syslog server.
DEVICESW_SYSTEM_BOOT
ALERT
Critical
Device rebooted either due to recovery from
an alarm condition or as part of normal operations.
DEVICESW_TOKEN_
VERIFICATION_FAILED
ALERT
Critical
The token is no longer valid. It is currently
utilized, expired, or revoked.
FLAP_RATE_EXCEEDED
ALARM
Major
Alarm is raised when an entity flaps more than
the rate configured in the flap rule.
NAT_POLICY_LEGACY_
ALG_CONFIG_OVERRIDE
ALERT
Major
ALG action configured in the NAT policy has
been overridden by legacy configuration present on the device.
NETWORK_DIRECTINTERNET_DOWN
ALARM
Major
Direct internet reachability is down.
NETWORK_DIRECTPRIVATE_DOWN
ALARM
Major
Private WAN reachability is down.
NETWORK_POLICY_RULE_CONFLICT
ALARM
Minor
Two or more policy rules conflict in a policy
set, resulting in an incorrect policy applied to someflows.
NETWORK_POLICY_RULE_DROPPED
ALARM
Major
Network policy configuration contains rules
with too many permutations causing resources to exceed the operational
limits.
NETWORK_PRIVATEWAN_DEGRADED
ALARM
Major
A subset of IP prefixes from one or more remote
sites are unreachable over the private WAN based on routing updates received
from the network.
NETWORK_PRIVATEWAN_UNREACHABLE
ALARM
Major
One or more remote sites are unreachable over
the private WAN based on routing updatesreceived from the network.
NETWORK_ANYNETLINK_DEGRADED
ALARM
Major
Secure Fabric Link is degraded with at least
1 VPN link UP from the active spoke and 1 or more VPN links DOWN
from the active SPOKE.
NETWORK_ANYNETLINK_DOWN
ALARM
Major
Secure Fabric Link is down with all VPN Links
DOWN from the active spoke.
NETWORK_STANDARD_
VPN_ENDPOINT_DOWN
ALARM
Major
Multiple service link interfaces connecting
to a service endpoint are down.
NETWORK_VPNBFD_DOWN
ALARM
Minor
The VPN Link went down because the BFD heartbeats failed.
NETWORK_VPNLINK_DOWN
ALARM
Major
A VPN Link connecting two sites is down.
NETWORK_VPNPEER_UNAVAILABLE
ALARM
Minor
A peer instance on other side of a VPN Link
of a remote office (branch) has been declared to be down.
NETWORK_VPNPEER_UNREACHABLE
ALARM
Minor
Control communication could not be established
with the VPN Peer.
NETWORK_VPNSS_MISMATCH
ALARM
Minor
VPN Peers could not agree on a shared secret.
NETWORK_VPNSS_UNAVAILABLE
ALARM
Minor
Shared secret required to establish a VPN Link
is not available.
OPERATOR_SIGNUP_TOKEN_
DISABLED
ALERT
Minor
A new user that was issued a sign up token
to self-complete the sign up process failed multiple times by using
a wrong combination of the sign up token and unique ID supplied
by the administrator.
PEERING_BGP_DOWN
ALARM
Critical
Routing peer session is down.
PEERING_CORE_DOWN
ALARM
Minor
A peer instance on other the side of a VPN
Link of a remote office (branch) declared to be down.
PEERING_EDGE_DOWN
ALARM
Major
WAN edge peering failure.
PRIORITY_POLICY_RULE_CONFLICT
ALARM
Minor
Two or more policy rules conflict in a priority
policy set, potentially resulting in an incorrect policy applied
to someflows.
PRIORITY_POLICY_RULE_DROPPED
ALARM
Major
Priority policy configuration contains rules
with too many permutations causing resources to exceed the operational
limits.
SECURITY_POLICY_
LIMITS_EXCEEDED
ALARM
Critical
The security policy stack exceeds resource
limits.
SITE_CIRCUIT_ABSENT_FOR_POLICY
ALARM
Major
Path label used in policy is missing on site.
SITE_CONNECTIVITY_DEGRADED
ALARM
Major
Branch site connectivity is degraded due to
one or more secure fabric links down, Layer 3 reachability is down
or service link is down.
SITE_CONNECTIVITY_DOWN
ALARM
Critical
When the site has lost connectivity with the
controller and all of the remote branches or data center.
SITE_NETWORK_SERVICE_
ABSENT_FOR_POLICY
ALARM
Major
One or more DC groups used in the policy has
not been assigned a valid service endpoint for the domain bound
to the identified site.
SPOKEHA_CLUSTER_DEGRADED
ALARM
Major
Spoke cluster operating in a degraded state.
SPOKEHA_CLUSTER_DOWN
ALARM
Critical
Both devices in the cluster have failed, therefore
affects the network connectivity to the site.
SPOKEHA_MULTIPLE_
ACTIVE_DEVICES
ALARM
Critical
More than one device is active in the spoke
cluster.
