Event Category-Device
Table of Contents
Expand all | Collapse all
Event Category-Device
Event category - device codes in
Prisma SD-WAN
.The following tables describe a list of event or incident codes, the event
origin, its severity, and a description of each event as per the event category.
INCIDENT CODE | EVENT ORIGIN | INCIDENT /ALERT | SEVERITY | EVENT TITLE | EVENT DESCRIPTION | RELEASE INTRODUCED |
---|---|---|---|---|---|---|
CLAIMCERT_AUTO_ RENEWAL_DISABLED | Device | ALERT | Warning | Auto Renewal of Claim Certificate is Disabled. | The scheduler process for Claim Certificate renewals was
not initialized which has caused the auto renewal feature to be disabled
on the device. Renewal of Claim Certificate must be triggered manually
from the Controller. | 5.5.1 |
CLAIMCERT_ RENEWAL_FAILED | Device | ALERT | Warning | Renewal of Claim Certificate failed. | The process of renewing the Claim Certificate encountered
problems. These may be related to external events such as failures
reported by CA or incorrect or invalid certificate being issued. Other
reasons can be internal failures such as problems arising from
generating a CSR request or receiving CSR details from
controller. | 5.5.1 |
CLAIMCERT_ RENEWAL_RETRY_ LIMIT_EXCEEDED | Device | INCIDENT | Critical | Claim Certificate Renewal Attempts Exceeded Retry
Limit. | There were errors observed during the process of Claim
Certificate renewal. Repeated attempts to renew the Claim Certificate
exceeded three consecutive retries. Auto renewal is therefore disabled
and a renewal must be triggered from the Controller. However, this event
indicates a problem that is external to the process and it must be
attended to immediately. | 5.5.1 |
CLAIMCERT_ RENEWALS_ TOO_FREQUENT | Device | ALERT | Warning | Claim Certificate is being Renewed Too
Frequently. | A condition is reached where a renewed Claim Certificate
has already expired and a subsequent renewal is attempted. This
condition may occur when the renewal window configured on the Controller
is incorrect or the Certificate issued by the CA has an expiry time that
has already elapsed. | 5.5.1 |
DEVICEIF_IPV6_ ADDRESS_DUPLICATE | Device | INCIDENT | Warning | Duplicate IPv6 address | Another device in the local network is using an IPv6
address assigned to this device. | 6.1.1 |
DEVICEHW_ DISKUTIL_ FRUSSD | Device | INCIDENT | Warning | FRU SSD Unavailable | Logs and core files are normally stored on separate media
on this platform. That media is not currently available. Contact Palo
Alto Networks Support. | 6.2.1 |
DEVICEHW_ DISKENC_ SYSTEM | Device | INCIDENT | Critical | Disk Encryption Upgrade Failure. | One of the disk partitions failed to convert into an
encrypted partition during the last device upgrade. | 4.5.1 |
DEVICEHW_ DISKUTIL_ PARTITIONSPACE | Device | INCIDENT | Warning | High Disk Capacity Utilization. | Disk Storage Utilization on a device has reached 85%
capacity. Noncritical functions, including logging and statistics export
may be impacted. | 4.5.1 |
DEVICEHW_ INTERFACE_ ERRORS | Device | ALERT | Warning | High rate of errors on the interface. | Number of transmission and/or reception errors seen on an
interface over the last one hour period has exceeded the threshold. The
threshold is 0.5% of received or transmitted packet count in the same
one hour period. | 4.5.1 |
DEVICEHW_ INTERFACE_ HALFDUPLEX | Device | INCIDENT | Warning | Interface running in half-duplex mode. | An interface has negotiated half duplex, although it is
allowed to run in full duplex, which is preferred. | 4.5.1 |
DEVICEHW_ INTERFACE_DOWN | Device | INCIDENT | Warning | Interface Down. | A configured Admin-Up interface is
not receiving a signal or experiencing an error that has caused lack of
data flow through that interface.Release 5.4.1 onward, when
DEVICEHW_INTERFACE_DOWN incident is raised, it also shows Related
Faults. These faults are caused due to this incident which can be
NETWORK_SECUREFABRICLINK_DEGRADED or
NETWORK_SECUREFABRICLINK_DOWN. | 4.5.1 |
DEVICEHW_ MEMUTIL_ SWAPSPACE | Device | INCIDENT | Critical | High Memory Utilization. | Memory utilization on a device has reached maximum
capacity forcing use of disk based swap space. Sub-optimal performance
impact device functions. | 4.5.1 |
DEVICEHW_ POWER_LOST | Device | INCIDENT | Warning | Power Lost. | Power supply unit is reporting loss of power, possibly
due to failure or unplugged power cable. | 4.5.1 |
DEVICEHW_POWER_MISSING | Device | INCIDENT | Warning | Power Supply Missing | If PSU is missing or AC voltage is not detected in ION
5200 and 9200, Power Missing alarm with reason psu_not_present and
ac_lost respectively is raised. | 6.4.1 |
DEVICEHW_ TEMPERATURE_ SENSOR | Device | INCIDENT | Warning | Operating temperature beyond threshold | One or more thermal sensors has reported temperature
beyond operationally safe threshold. Please monitor device temperature
activity chart. If the condition persists, the device will shutdown.
This will require manual intervention to turn the device back
up. | 6.2.1 |
DEVICEIF_ ADDRESS_ DUPLICATE | Device | ALERT | Warning | Interface Duplicate Address. | Another device in the local network is using an IP
address assigned to this device. | 4.5.1 |
DEVICESW_ CONCURRENT_ FLOWLIMIT_ EXCEEDED | Device | INCIDENT | Critical | Concurrent flow limit. | The system has reach edits allowed max concurrent flow
limit. | 4.5.1 |
DEVICESW_ CONCURRENT_ FLOW_ SOFTLIMIT_ EXCEEDED | Device | ALERT | Informational | Concurrent flow soft limit. | The system reached its 75% of the max concurrent flow
limit. | 6.2.1 |
DEVICESW_IMAGE _UNSUPPORTED | Controller | INCIDENT | Critical | Unsupported Software Image | Device's software image is not recognized by the
controller. The software version may not be allowed in the network or
may no longer exist. | |
DEVICESW_ INTERFACE_ CONFIG_OUTOFSYNC | Device | INCIDENT | Warning | Interface configuration out-of-sync | When a user modifies interface configuration via the
toolkit command when a device is in an assigned state. As a result, the
config between the element and the controller goes out of sync. | 6.3.1 |
APPLICATION_ PROBE_DISABLED | Device | INCIDENT | Warning | Application Probe Disabled | Application probes are disabled either due to incomplete
configuration or invalid state. Device will no longer issue application
probe to detect application reachability unless the issue is resolved.
Consequently, if application probes are disabled then application will
no longer switch to alternative paths in case it fails on its current
path. | |
DEVICESW_ CRITICAL_ PROCESSRESTART | Device | ALERT | Critical | Critical Process Restart. | A critical software process on the device has restarted
either due to an error or as a self recovery method. Process restart as
a self-recovery does not impact long-term functions on the device but
can cause short term sub-optimal data plane functions and
errors. | 4.6.1 |
DEVICESW_ CRITICAL_ PROCESSSTOP | Device | INCIDENT | Critical | Critical Process Stopped. | A critical software process on the device has stopped due
to an error and is unable to recover with a self restart. Impacts data
forwarding functionality. | 4.6.1 |
DEVICESW_ DHCPRELAY_ RESTART | Device | ALERT | Informational | DHCP relay agent restarted. | DHCP relay agent on a device has restarted and recovered
from an error. | 4.4.1 |
DEVICESW_ DHCPSERVER_ ERRORS | Device | INCIDENT | Critical | DHCP server failed to start. | DHCP server listening on physical interfaces failed to
start due to the following reasons:
| 4.4.1 |
DEVICESW_ DHCPSERVER_ RESTART | Device | ALERT | Informational | DHCP server restarted. | DHCP server listening on physical interfaces has
restarted and recovered from an error. | 4.4.1 |
DEVICESW_ DISCONNECTED_ FROM_ CONTROLLER | Device | INCIDENT | Warning | Device disconnected from Controller | Release 5.4.1 and later Device has remained
disconnected from the controller for a prolonged duration. The incident
hold time has been reduced to 10 minutes. Releases prior to Release
5.4.1 the hold time was 30 minutes. | 5.0.3 |
DEVICESW_FPS_ LIMIT_ EXCEEDED | Device | INCIDENT | Warning | Flows Per Second limit. | The system has reached its allowed flows per second
limit. | 4.5.1 |
DEVICESW_ GENERAL_ PROCESSRESTART | Device | ALERT | Informational | Process Restart. | A software process on the device has restarted either due
to an error or self-recovery method. Process restart as self recovery
does not impact long-term functions on the device. However, it can cause
short-term sub-optimal functions and errors. | 4.5.1 |
DEVICESW_ GENERAL_ PROCESSSTOP | Device | INCIDENT | Warning | Process Stopped. | A software process on the device has stopped due to an
error and is unable to recover with a self-restart. Impacts the
Functionality. | 4.5.1 |
DEVICESW_ INITIATED_ CONNECTION_ON_ EXCLUDED_PATH | Device | INCIDENT | Warning | Device Initiated Connection on excluded path. | Due to the lack of any other available interface,
established a device initiated controller connection from an excluded
interface as a last resort. | 5.4.3 |
DEVICESW_LICENSE_ VERIFICATION_ FAILED | Device | INCIDENT | Critical | Virtual ION license verification failed. | The license is no longer valid. The maximum ION device
deployment limit is reached. | 4.5.1 |
DEVICESW_ MONITOR_ DISABLED | Device | INCIDENT | Warning | System Monitoring Disabled | A software process that monitors the health of device and
its hardware or software components is disabled. | 4.5.1 |
DEVICESW_NTP_ NO_SYNC | Device | INCIDENT | Warning | NTP synchronization failed. | Device NTP has been unreachable for more than 24
hours. | 4.6.1 |
DEVICESW_SNMP_ AGENT_ RESTART | Device | ALERT | Informational | SNMP | SNMP agent on a device has restarted. | 4.5.1 |
DEVICESW_ SNMP_ AGENT_FAILED_ TO_START | Device | ALERT | Warning | SNMP Agent failed to start. | SNMP Agent failed to start due to either invalid
configuration or decryption failure. | 5.2.1 |
DEVICESW_ SYSTEM_BOOT | Device | ALERT | Critical | Device Reboot. | Device rebooted either due to recovery from an incident
condition or as part of normal operations, including user initiated
reboots and software upgrades. Reboots due to incident conditions can
cause sub-optimal or significantly reduced functionality on the
device. | 4.5.1 |
DEVICESW_ TOKEN_ VERIFICATION_ FAILED | Device | ALERT | Critical | Virtual ION token validation failed. | The token is no longer valid. It is currently utilized,
expired, or revoked. | 4.5.1 |
DEVICESW_ CONNTRACK_ FLOWLIMIT_ EXCEEDED | Device | INCIDENT | Critical | Conntrack table flow count exceeded threshold. | Number of flows in the connection tracking table that are
used for features such as NAT and device management policy has exceeded
90% threshold. | 5.2.1 |
DEVICESW_ IPFIX_ COLLECTORS_DOWN | Device | INCIDENT | Warning | IPFIX collectors down | The IPFIX export process observes that there are no
active connections to the IPFIX collectors. The process will continue to
monitor the connection status and resume export of the IPFIX records
once the connection is re-established. | 5.5.1 |
DEVICESW_ SYSLOGSERVERS_ DOWN | Device | INCIDENT | Informational | Syslog Export Down | A Syslog Export daemon failed to connect with remote
syslog server. | 5.6.1 |
DEVICESW_ ANALYTICS_ DISCONNECTED_ FROM_CONTROLLER | Controller | INCIDENT | Informational | Device analytics disconnected from Controller | Device analytics has remained disconnected from the
Controller for a prolonged duration. | 5.6.1 |
DEVICESW_FLOWS_ DISCONNECTED_ FROM_CONTROLLER | Controller | INCIDENT | Informational | Device flows disconnected from Controller | Device flows has remained disconnected from the
Controller for a prolonged duration. | 5.6.1 |
NAT_POLICY_ STATIC_NATPOOL_ OVERRUN | Device | INCIDENT | Informational | Static NAT pool range is overrun by selector
prefix. | Configured NAT pool range cannot map 1:1 with matching
traffic selector prefix. | 5.2.1 |