Chatbot Supported Alerts and Alarms
Table of Contents
Expand all | Collapse all
Chatbot Supported Alerts and Alarms
Prisma SD-WAN generates alerts and alarms
when the system reaches system-defined or customer-defined thresholds
or there is a fault in the system. An alert may or may not be an
indication of a fault in the network. An alert is raised when the
system reaches system-defined or customer-defined thresholds. An
alarm is an indication of a fault in the system. Alarms are raised
and cleared and vary in severity (Critical, Major, and Minor).
When configuring the Chatbot CloudBlade for Slack in Prisma SD-WAN,
you can enable the Alerts and Notifications field
to generate Slack notifications for the chatbot supported alarms
and alerts from the controller. You must choose from the drop-down
list of event codes you wish to configure, and the chatbot will send
notifications only for those alarms or alerts with event codes.
The following tables describe the list of event codes, the event
origin, its severity, and a description of each event.
CODE | ALARM/ALERT | SEVERITY | EVENT DESCRIPTION |
---|---|---|---|
APPLICATION_CUSTOM_ RULE_CONFLICT | ALARM | Major | Selected application has a custom rule conflict. |
APPLICATION_PROBE_ DISABLED | ALARM | Major | Application probes are disabled either due
to incomplete configuration or invalid state. |
DEVICEHW_DISKENC_SYSTEM | ALARM | Critical | Disk partition fails to convert into an encrypted
partition during device upgrade. |
DEVICEHW_DISKUTIL_ PARTITIONSPACE | ALARM | Major | Disk Storage Utilization on a device has reached
85% capacity. |
DEVICEHW_INTERFACE_DOWN | ALARM | Major | Configured Admin-Up interface is not receiving
a signal or experiencing an error that has caused lack of data flow
through that interface. |
DEVICEHW_INTERFACE_ ERRORS | ALARM/ALERT | Major | Interface issues have been raised by the device
and could be Interface down, SFP failure, and Excessive errors on
the interfaces. |
DEVICEHW_INTERFACE_ HALFDUPLEX | ALARM | Major | Interface running in half-duplexmode. |
DEVICEHW_MEMUTIL_ SWAPSPACE | ALARM | Critical | High memory utilization. |
DEVICEHW_POWER_LOST | ALARM | Major | Power supply unit reports loss of power, possibly
due to failure or unplugged power cable. |
DEVICEIF_ADDRESS_ DUPLICATE | ALARM | Major | Another device in the local network is using
an IP address assigned to this device. |
DEVICESW_ANALYTICS_ DISCONNECTED_FROM_ CONTROLLER | ALARM | Minor | Device analytics is disconnected from Controller
for a prolonged duration. |
DEVICESW_CONCURRENT_ FLOWLIMIT_EXCEEDED | ALARM | Critical | The system has reached edits allowed max concurrent
flow limit. |
DEVICESW_CONNTRACK_ FLOWLIMIT_EXCEEDED | ALARM | Critical | Conntrack table flow count has exceeded the
threshold. |
DEVICESW_CRITICAL_ PROCESSRESTART | ALARM | Critical | A critical software process on the device has
restarted either due to an error or as a self recovery method. |
DEVICESW_CRITICAL_ PROCESSSTOP | ALARM | Critical | A critical software process on the device has
stopped due to an error and is unable to recover with a self restart. |
DEVICESW_DHCPRELAY_RESTART | ALARM | Minor | DHCP relay agent on a device has restarted
and recovered from an error. |
DEVICESW_DHCPSERVER_ERRORS | ALARM | Critical | DHCP server failed to start. |
DEVICESW_DHCPSERVER_RESTART | ALERT | Minor | DHCP server listening on physical interfaces
has restarted and recovered from an error. |
DEVICESW_DISCONNECTED_ FROM_CONTROLLER | ALARM | Major | Device has remained disconnected from the controller for
a prolonged duration. |
DEVICESW_FLOWS_ DISCONNECTED_FROM_ CONTROLLER | ALARM | Minor | Device flows disconnected from Controller for
prolonged duration. |
DEVICESW_FPS_LIMIT_EXCEEDED | ALARM | Major | The system has reached its allowed flows per
second limit. |
DEVICESW_GENERAL_ PROCESSRESTART | ALERT | Minor | A software process on the device has restarted
either due to an error or self-recovery method. |
DEVICESW_GENERAL_PROCESSSTOP | ALARM | Major | A software process on the device has stopped
due to an error and is unable to recover with a self-restart. |
DEVICESW_IMAGE_UNSUPPORTED | ALARM | Critical | Device's software image is not recognized by
the controller. |
DEVICESW_IPFIX_COLLECTORS_DOWN | ALARM | Major | The IPFIX export process observes that there
are no active connections to the IPFIX collectors. |
DEVICESW_LICENSE_ VERIFICATION_FAILED | ALARM | Critical | The license is no longer valid. The maximum
ION device deployment limit is reached. |
DEVICESW_MONITOR_DISABLED | ALARM | Major | A software process that monitors the health
of device and its hardware or software components is disabled. |
DEVICESW_NTP_NO_SYNC | ALARM | Major | Device NTP has been unreachable for more than
24 hours. |
DEVICESW_SNMP_AGENT_ FAILED_TO_START | ALERT | Major | SNMP Agent failed to start due to either invalid
configuration or decryption failure. |
DEVICESW_SNMP_AGENT_RESTART | ALERT | Minor | SNMP agent on a device has restarted. |
DEVICESW_SYSLOGSERVERS_DOWN | ALARM | Minor | A Syslog Export daemon failed to connect with
remote syslog server. |
DEVICESW_SYSTEM_BOOT | ALERT | Critical | Device rebooted either due to recovery from
an alarm condition or as part of normal operations. |
DEVICESW_TOKEN_ VERIFICATION_FAILED | ALERT | Critical | The token is no longer valid. It is currently
utilized, expired, or revoked. |
FLAP_RATE_EXCEEDED | ALARM | Major | Alarm is raised when an entity flaps more than
the rate configured in the flap rule. |
NAT_POLICY_LEGACY_ ALG_CONFIG_OVERRIDE | ALERT | Major | ALG action configured in the NAT policy has
been overridden by legacy configuration present on the device. |
NETWORK_DIRECTINTERNET_DOWN | ALARM | Major | Direct internet reachability is down. |
NETWORK_DIRECTPRIVATE_DOWN | ALARM | Major | Private WAN reachability is down. |
NETWORK_POLICY_RULE_CONFLICT | ALARM | Minor | Two or more policy rules conflict in a policy
set, resulting in an incorrect policy applied to someflows. |
NETWORK_POLICY_RULE_DROPPED | ALARM | Major | Network policy configuration contains rules
with too many permutations causing resources to exceed the operational
limits. |
NETWORK_PRIVATEWAN_DEGRADED | ALARM | Major | A subset of IP prefixes from one or more remote
sites are unreachable over the private WAN based on routing updates received
from the network. |
NETWORK_PRIVATEWAN_UNREACHABLE | ALARM | Major | One or more remote sites are unreachable over
the private WAN based on routing updatesreceived from the network. |
NETWORK_ANYNETLINK_DEGRADED | ALARM | Major | Secure Fabric Link is degraded with at least
1 VPN link UP from the active spoke and 1 or more VPN links DOWN
from the active SPOKE. |
NETWORK_ANYNETLINK_DOWN | ALARM | Major | Secure Fabric Link is down with all VPN Links
DOWN from the active spoke. |
NETWORK_STANDARD_ VPN_ENDPOINT_DOWN | ALARM | Major | Multiple service link interfaces connecting
to a service endpoint are down. |
NETWORK_VPNBFD_DOWN | ALARM | Minor | The VPN Link went down because the BFD heartbeats failed. |
NETWORK_VPNLINK_DOWN | ALARM | Major | A VPN Link connecting two sites is down. |
NETWORK_VPNPEER_UNAVAILABLE | ALARM | Minor | A peer instance on other side of a VPN Link
of a remote office (branch) has been declared to be down. |
NETWORK_VPNPEER_UNREACHABLE | ALARM | Minor | Control communication could not be established
with the VPN Peer. |
NETWORK_VPNSS_MISMATCH | ALARM | Minor | VPN Peers could not agree on a shared secret. |
NETWORK_VPNSS_UNAVAILABLE | ALARM | Minor | Shared secret required to establish a VPN Link
is not available. |
OPERATOR_SIGNUP_TOKEN_ DISABLED | ALERT | Minor | A new user that was issued a sign up token
to self-complete the sign up process failed multiple times by using
a wrong combination of the sign up token and unique ID supplied
by the administrator. |
PEERING_BGP_DOWN | ALARM | Critical | Routing peer session is down. |
PEERING_CORE_DOWN | ALARM | Minor | A peer instance on other the side of a VPN
Link of a remote office (branch) declared to be down. |
PEERING_EDGE_DOWN | ALARM | Major | WAN edge peering failure. |
PRIORITY_POLICY_RULE_CONFLICT | ALARM | Minor | Two or more policy rules conflict in a priority
policy set, potentially resulting in an incorrect policy applied
to someflows. |
PRIORITY_POLICY_RULE_DROPPED | ALARM | Major | Priority policy configuration contains rules
with too many permutations causing resources to exceed the operational
limits. |
SECURITY_POLICY_ LIMITS_EXCEEDED | ALARM | Critical | The security policy stack exceeds resource
limits. |
SITE_CIRCUIT_ABSENT_FOR_POLICY | ALARM | Major | Path label used in policy is missing on site. |
SITE_CONNECTIVITY_DEGRADED | ALARM | Major | Branch site connectivity is degraded due to
one or more secure fabric links down, Layer 3 reachability is down
or service link is down. |
SITE_CONNECTIVITY_DOWN | ALARM | Critical | When the site has lost connectivity with the
controller and all of the remote branches or data center. |
SITE_NETWORK_SERVICE_ ABSENT_FOR_POLICY | ALARM | Major | One or more DC groups used in the policy has
not been assigned a valid service endpoint for the domain bound
to the identified site. |
SPOKEHA_CLUSTER_DEGRADED | ALARM | Major | Spoke cluster operating in a degraded state. |
SPOKEHA_CLUSTER_DOWN | ALARM | Critical | Both devices in the cluster have failed, therefore
affects the network connectivity to the site. |
SPOKEHA_MULTIPLE_ ACTIVE_DEVICES | ALARM | Critical | More than one device is active in the spoke
cluster. |
SPOKEHA_STATE_UPDATE | ALERT | Major | Device state changes in spoke cluster. |