Chatbot Supported Alerts and Alarms
Focus
Focus

Chatbot Supported Alerts and Alarms

Table of Contents

Chatbot Supported Alerts and Alarms

Prisma SD-WAN generates alerts and alarms when the system reaches system-defined or customer-defined thresholds or there is a fault in the system. An alert may or may not be an indication of a fault in the network. An alert is raised when the system reaches system-defined or customer-defined thresholds. An alarm is an indication of a fault in the system. Alarms are raised and cleared and vary in severity (Critical, Major, and Minor).
When configuring the Chatbot CloudBlade for Slack in Prisma SD-WAN, you can enable the Alerts and Notifications field to generate Slack notifications for the chatbot supported alarms and alerts from the controller. You must choose from the drop-down list of event codes you wish to configure, and the chatbot will send notifications only for those alarms or alerts with event codes.
The following tables describe the list of event codes, the event origin, its severity, and a description of each event.
CODEALARM/ALERTSEVERITYEVENT DESCRIPTION
APPLICATION_CUSTOM_
RULE_CONFLICT
ALARMMajorSelected application has a custom rule conflict.
APPLICATION_PROBE_
DISABLED
ALARMMajorApplication probes are disabled either due to incomplete configuration or invalid state.
DEVICEHW_DISKENC_SYSTEMALARMCriticalDisk partition fails to convert into an encrypted partition during device upgrade.
DEVICEHW_DISKUTIL_
PARTITIONSPACE
ALARMMajorDisk Storage Utilization on a device has reached 85% capacity.
DEVICEHW_INTERFACE_DOWNALARMMajorConfigured Admin-Up interface is not receiving a signal or experiencing an error that has caused lack of data flow through that interface.
DEVICEHW_INTERFACE_
ERRORS
ALARM/ALERTMajorInterface issues have been raised by the device and could be Interface down, SFP failure, and Excessive errors on the interfaces.
DEVICEHW_INTERFACE_
HALFDUPLEX
ALARMMajorInterface running in half-duplexmode.
DEVICEHW_MEMUTIL_
SWAPSPACE
ALARMCriticalHigh memory utilization.
DEVICEHW_POWER_LOSTALARMMajorPower supply unit reports loss of power, possibly due to failure or unplugged power cable.
DEVICEIF_ADDRESS_
DUPLICATE
ALARMMajorAnother device in the local network is using an IP address assigned to this device.
DEVICESW_ANALYTICS_
DISCONNECTED_FROM_
CONTROLLER
ALARMMinorDevice analytics is disconnected from Controller for a prolonged duration.
DEVICESW_CONCURRENT_
FLOWLIMIT_EXCEEDED
ALARMCriticalThe system has reached edits allowed max concurrent flow limit.
DEVICESW_CONNTRACK_
FLOWLIMIT_EXCEEDED
ALARMCriticalConntrack table flow count has exceeded the threshold.
DEVICESW_CRITICAL_
PROCESSRESTART
ALARMCriticalA critical software process on the device has restarted either due to an error or as a self recovery method.
DEVICESW_CRITICAL_
PROCESSSTOP
ALARMCriticalA critical software process on the device has stopped due to an error and is unable to recover with a self restart.
DEVICESW_DHCPRELAY_RESTARTALARMMinorDHCP relay agent on a device has restarted and recovered from an error.
DEVICESW_DHCPSERVER_ERRORSALARMCriticalDHCP server failed to start.
DEVICESW_DHCPSERVER_RESTARTALERTMinorDHCP server listening on physical interfaces has restarted and recovered from an error.
DEVICESW_DISCONNECTED_
FROM_CONTROLLER
ALARMMajorDevice has remained disconnected from the controller for a prolonged duration.
DEVICESW_FLOWS_
DISCONNECTED_FROM_
CONTROLLER
ALARMMinorDevice flows disconnected from Controller for prolonged duration.
DEVICESW_FPS_LIMIT_EXCEEDEDALARMMajorThe system has reached its allowed flows per second limit.
DEVICESW_GENERAL_
PROCESSRESTART
ALERTMinorA software process on the device has restarted either due to an error or self-recovery method.
DEVICESW_GENERAL_PROCESSSTOPALARMMajorA software process on the device has stopped due to an error and is unable to recover with a self-restart.
DEVICESW_IMAGE_UNSUPPORTEDALARMCriticalDevice's software image is not recognized by the controller.
DEVICESW_IPFIX_COLLECTORS_DOWNALARMMajorThe IPFIX export process observes that there are no active connections to the IPFIX collectors.
DEVICESW_LICENSE_
VERIFICATION_FAILED
ALARMCriticalThe license is no longer valid. The maximum ION device deployment limit is reached.
DEVICESW_MONITOR_DISABLEDALARMMajorA software process that monitors the health of device and its hardware or software components is disabled.
DEVICESW_NTP_NO_SYNCALARMMajorDevice NTP has been unreachable for more than 24 hours.
DEVICESW_SNMP_AGENT_
FAILED_TO_START
ALERTMajorSNMP Agent failed to start due to either invalid configuration or decryption failure.
DEVICESW_SNMP_AGENT_RESTARTALERT MinorSNMP agent on a device has restarted.
DEVICESW_SYSLOGSERVERS_DOWNALARMMinorA Syslog Export daemon failed to connect with remote syslog server.
DEVICESW_SYSTEM_BOOTALERTCriticalDevice rebooted either due to recovery from an alarm condition or as part of normal operations.
DEVICESW_TOKEN_
VERIFICATION_FAILED
ALERTCriticalThe token is no longer valid. It is currently utilized, expired, or revoked.
FLAP_RATE_EXCEEDEDALARMMajorAlarm is raised when an entity flaps more than the rate configured in the flap rule.
NAT_POLICY_LEGACY_
ALG_CONFIG_OVERRIDE
ALERTMajorALG action configured in the NAT policy has been overridden by legacy configuration present on the device.
NETWORK_DIRECTINTERNET_DOWNALARMMajorDirect internet reachability is down.
NETWORK_DIRECTPRIVATE_DOWNALARMMajorPrivate WAN reachability is down.
NETWORK_POLICY_RULE_CONFLICTALARMMinorTwo or more policy rules conflict in a policy set, resulting in an incorrect policy applied to someflows.
NETWORK_POLICY_RULE_DROPPEDALARMMajorNetwork policy configuration contains rules with too many permutations causing resources to exceed the operational limits.
NETWORK_PRIVATEWAN_DEGRADEDALARMMajorA subset of IP prefixes from one or more remote sites are unreachable over the private WAN based on routing updates received from the network.
NETWORK_PRIVATEWAN_UNREACHABLEALARMMajorOne or more remote sites are unreachable over the private WAN based on routing updatesreceived from the network.
NETWORK_ANYNETLINK_DEGRADEDALARMMajorSecure Fabric Link is degraded with at least 1 VPN link UP from the active spoke and 1 or more VPN links DOWN from the active SPOKE.
NETWORK_ANYNETLINK_DOWNALARMMajorSecure Fabric Link is down with all VPN Links DOWN from the active spoke.
NETWORK_STANDARD_
VPN_ENDPOINT_DOWN
ALARMMajorMultiple service link interfaces connecting to a service endpoint are down.
NETWORK_VPNBFD_DOWNALARMMinorThe VPN Link went down because the BFD heartbeats failed.
NETWORK_VPNLINK_DOWNALARMMajorA VPN Link connecting two sites is down.
NETWORK_VPNPEER_UNAVAILABLEALARMMinorA peer instance on other side of a VPN Link of a remote office (branch) has been declared to be down.
NETWORK_VPNPEER_UNREACHABLEALARMMinorControl communication could not be established with the VPN Peer.
NETWORK_VPNSS_MISMATCHALARMMinorVPN Peers could not agree on a shared secret.
NETWORK_VPNSS_UNAVAILABLEALARMMinorShared secret required to establish a VPN Link is not available.
OPERATOR_SIGNUP_TOKEN_
DISABLED
ALERTMinorA new user that was issued a sign up token to self-complete the sign up process failed multiple times by using a wrong combination of the sign up token and unique ID supplied by the administrator.
PEERING_BGP_DOWNALARMCriticalRouting peer session is down.
PEERING_CORE_DOWNALARMMinorA peer instance on other the side of a VPN Link of a remote office (branch) declared to be down.
PEERING_EDGE_DOWNALARMMajorWAN edge peering failure.
PRIORITY_POLICY_RULE_CONFLICTALARMMinorTwo or more policy rules conflict in a priority policy set, potentially resulting in an incorrect policy applied to someflows.
PRIORITY_POLICY_RULE_DROPPEDALARMMajorPriority policy configuration contains rules with too many permutations causing resources to exceed the operational limits.
SECURITY_POLICY_
LIMITS_EXCEEDED
ALARMCriticalThe security policy stack exceeds resource limits.
SITE_CIRCUIT_ABSENT_FOR_POLICYALARMMajorPath label used in policy is missing on site.
SITE_CONNECTIVITY_DEGRADEDALARMMajorBranch site connectivity is degraded due to one or more secure fabric links down, Layer 3 reachability is down or service link is down.
SITE_CONNECTIVITY_DOWNALARMCriticalWhen the site has lost connectivity with the controller and all of the remote branches or data center.
SITE_NETWORK_SERVICE_
ABSENT_FOR_POLICY
ALARMMajorOne or more DC groups used in the policy has not been assigned a valid service endpoint for the domain bound to the identified site.
SPOKEHA_CLUSTER_DEGRADEDALARMMajorSpoke cluster operating in a degraded state.
SPOKEHA_CLUSTER_DOWNALARMCriticalBoth devices in the cluster have failed, therefore affects the network connectivity to the site.
SPOKEHA_MULTIPLE_
ACTIVE_DEVICES
ALARMCriticalMore than one device is active in the spoke cluster.
SPOKEHA_STATE_UPDATEALERTMajorDevice state changes in spoke cluster.