Chatbot Supported Alerts and Alarms
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
-
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
-
-
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades
Chatbot Supported Alerts and Alarms
Prisma SD-WAN generates alerts and alarms
when the system reaches system-defined or customer-defined thresholds
or there is a fault in the system. An alert may or may not be an
indication of a fault in the network. An alert is raised when the
system reaches system-defined or customer-defined thresholds. An
alarm is an indication of a fault in the system. Alarms are raised
and cleared and vary in severity (Critical, Major, and Minor).
When configuring the Chatbot CloudBlade for Slack in Prisma SD-WAN,
you can enable the Alerts and Notifications field
to generate Slack notifications for the chatbot supported alarms
and alerts from the controller. You must choose from the drop-down
list of event codes you wish to configure, and the chatbot will send
notifications only for those alarms or alerts with event codes.
The following tables describe the list of event codes, the event
origin, its severity, and a description of each event.
CODE | ALARM/ALERT | SEVERITY | EVENT DESCRIPTION |
---|---|---|---|
APPLICATION_CUSTOM_ RULE_CONFLICT | ALARM | Major | Selected application has a custom rule conflict. |
APPLICATION_PROBE_ DISABLED | ALARM | Major | Application probes are disabled either due to incomplete configuration or invalid state. |
DEVICEHW_DISKENC_SYSTEM | ALARM | Critical | Disk partition fails to convert into an encrypted partition during device upgrade. |
DEVICEHW_DISKUTIL_ PARTITIONSPACE | ALARM | Major | Disk Storage Utilization on a device has reached 85% capacity. |
DEVICEHW_INTERFACE_DOWN | ALARM | Major | Configured Admin-Up interface is not receiving a signal or experiencing an error that has caused lack of data flow through that interface. |
DEVICEHW_INTERFACE_ ERRORS | ALARM/ALERT | Major | Interface issues have been raised by the device and could be Interface down, SFP failure, and Excessive errors on the interfaces. |
DEVICEHW_INTERFACE_ HALFDUPLEX | ALARM | Major | Interface running in half-duplexmode. |
DEVICEHW_MEMUTIL_ SWAPSPACE | ALARM | Critical | High memory utilization. |
DEVICEHW_POWER_LOST | ALARM | Major | Power supply unit reports loss of power, possibly due to failure or unplugged power cable. |
DEVICEIF_ADDRESS_ DUPLICATE | ALARM | Major | Another device in the local network is using an IP address assigned to this device. |
DEVICESW_ANALYTICS_ DISCONNECTED_FROM_ CONTROLLER | ALARM | Minor | Device analytics is disconnected from Controller for a prolonged duration. |
DEVICESW_CONCURRENT_ FLOWLIMIT_EXCEEDED | ALARM | Critical | The system has reached edits allowed max concurrent flow limit. |
DEVICESW_CONNTRACK_ FLOWLIMIT_EXCEEDED | ALARM | Critical | Conntrack table flow count has exceeded the threshold. |
DEVICESW_CRITICAL_ PROCESSRESTART | ALARM | Critical | A critical software process on the device has restarted either due to an error or as a self recovery method. |
DEVICESW_CRITICAL_ PROCESSSTOP | ALARM | Critical | A critical software process on the device has stopped due to an error and is unable to recover with a self restart. |
DEVICESW_DHCPRELAY_RESTART | ALARM | Minor | DHCP relay agent on a device has restarted and recovered from an error. |
DEVICESW_DHCPSERVER_ERRORS | ALARM | Critical | DHCP server failed to start. |
DEVICESW_DHCPSERVER_RESTART | ALERT | Minor | DHCP server listening on physical interfaces has restarted and recovered from an error. |
DEVICESW_DISCONNECTED_ FROM_CONTROLLER | ALARM | Major | Device has remained disconnected from the controller for a prolonged duration. |
DEVICESW_FLOWS_ DISCONNECTED_FROM_ CONTROLLER | ALARM | Minor | Device flows disconnected from Controller for prolonged duration. |
DEVICESW_FPS_LIMIT_EXCEEDED | ALARM | Major | The system has reached its allowed flows per second limit. |
DEVICESW_GENERAL_ PROCESSRESTART | ALERT | Minor | A software process on the device has restarted either due to an error or self-recovery method. |
DEVICESW_GENERAL_PROCESSSTOP | ALARM | Major | A software process on the device has stopped due to an error and is unable to recover with a self-restart. |
DEVICESW_IMAGE_UNSUPPORTED | ALARM | Critical | Device's software image is not recognized by the controller. |
DEVICESW_IPFIX_COLLECTORS_DOWN | ALARM | Major | The IPFIX export process observes that there are no active connections to the IPFIX collectors. |
DEVICESW_LICENSE_ VERIFICATION_FAILED | ALARM | Critical | The license is no longer valid. The maximum ION device deployment limit is reached. |
DEVICESW_MONITOR_DISABLED | ALARM | Major | A software process that monitors the health of device and its hardware or software components is disabled. |
DEVICESW_NTP_NO_SYNC | ALARM | Major | Device NTP has been unreachable for more than 24 hours. |
DEVICESW_SNMP_AGENT_ FAILED_TO_START | ALERT | Major | SNMP Agent failed to start due to either invalid configuration or decryption failure. |
DEVICESW_SNMP_AGENT_RESTART | ALERT | Minor | SNMP agent on a device has restarted. |
DEVICESW_SYSLOGSERVERS_DOWN | ALARM | Minor | A Syslog Export daemon failed to connect with remote syslog server. |
DEVICESW_SYSTEM_BOOT | ALERT | Critical | Device rebooted either due to recovery from an alarm condition or as part of normal operations. |
DEVICESW_TOKEN_ VERIFICATION_FAILED | ALERT | Critical | The token is no longer valid. It is currently utilized, expired, or revoked. |
FLAP_RATE_EXCEEDED | ALARM | Major | Alarm is raised when an entity flaps more than the rate configured in the flap rule. |
NAT_POLICY_LEGACY_ ALG_CONFIG_OVERRIDE | ALERT | Major | ALG action configured in the NAT policy has been overridden by legacy configuration present on the device. |
NETWORK_DIRECTINTERNET_DOWN | ALARM | Major | Direct internet reachability is down. |
NETWORK_DIRECTPRIVATE_DOWN | ALARM | Major | Private WAN reachability is down. |
NETWORK_POLICY_RULE_CONFLICT | ALARM | Minor | Two or more policy rules conflict in a policy set, resulting in an incorrect policy applied to someflows. |
NETWORK_POLICY_RULE_DROPPED | ALARM | Major | Network policy configuration contains rules with too many permutations causing resources to exceed the operational limits. |
NETWORK_PRIVATEWAN_DEGRADED | ALARM | Major | A subset of IP prefixes from one or more remote sites are unreachable over the private WAN based on routing updates received from the network. |
NETWORK_PRIVATEWAN_UNREACHABLE | ALARM | Major | One or more remote sites are unreachable over the private WAN based on routing updatesreceived from the network. |
NETWORK_ANYNETLINK_DEGRADED | ALARM | Major | Secure Fabric Link is degraded with at least 1 VPN link UP from the active spoke and 1 or more VPN links DOWN from the active SPOKE. |
NETWORK_ANYNETLINK_DOWN | ALARM | Major | Secure Fabric Link is down with all VPN Links DOWN from the active spoke. |
NETWORK_STANDARD_ VPN_ENDPOINT_DOWN | ALARM | Major | Multiple service link interfaces connecting to a service endpoint are down. |
NETWORK_VPNBFD_DOWN | ALARM | Minor | The VPN Link went down because the BFD heartbeats failed. |
NETWORK_VPNLINK_DOWN | ALARM | Major | A VPN Link connecting two sites is down. |
NETWORK_VPNPEER_UNAVAILABLE | ALARM | Minor | A peer instance on other side of a VPN Link of a remote office (branch) has been declared to be down. |
NETWORK_VPNPEER_UNREACHABLE | ALARM | Minor | Control communication could not be established with the VPN Peer. |
NETWORK_VPNSS_MISMATCH | ALARM | Minor | VPN Peers could not agree on a shared secret. |
NETWORK_VPNSS_UNAVAILABLE | ALARM | Minor | Shared secret required to establish a VPN Link is not available. |
OPERATOR_SIGNUP_TOKEN_ DISABLED | ALERT | Minor | A new user that was issued a sign up token to self-complete the sign up process failed multiple times by using a wrong combination of the sign up token and unique ID supplied by the administrator. |
PEERING_BGP_DOWN | ALARM | Critical | Routing peer session is down. |
PEERING_CORE_DOWN | ALARM | Minor | A peer instance on other the side of a VPN Link of a remote office (branch) declared to be down. |
PEERING_EDGE_DOWN | ALARM | Major | WAN edge peering failure. |
PRIORITY_POLICY_RULE_CONFLICT | ALARM | Minor | Two or more policy rules conflict in a priority policy set, potentially resulting in an incorrect policy applied to someflows. |
PRIORITY_POLICY_RULE_DROPPED | ALARM | Major | Priority policy configuration contains rules with too many permutations causing resources to exceed the operational limits. |
SECURITY_POLICY_ LIMITS_EXCEEDED | ALARM | Critical | The security policy stack exceeds resource limits. |
SITE_CIRCUIT_ABSENT_FOR_POLICY | ALARM | Major | Path label used in policy is missing on site. |
SITE_CONNECTIVITY_DEGRADED | ALARM | Major | Branch site connectivity is degraded due to one or more secure fabric links down, Layer 3 reachability is down or service link is down. |
SITE_CONNECTIVITY_DOWN | ALARM | Critical | When the site has lost connectivity with the controller and all of the remote branches or data center. |
SITE_NETWORK_SERVICE_ ABSENT_FOR_POLICY | ALARM | Major | One or more DC groups used in the policy has not been assigned a valid service endpoint for the domain bound to the identified site. |
SPOKEHA_CLUSTER_DEGRADED | ALARM | Major | Spoke cluster operating in a degraded state. |
SPOKEHA_CLUSTER_DOWN | ALARM | Critical | Both devices in the cluster have failed, therefore affects the network connectivity to the site. |
SPOKEHA_MULTIPLE_ ACTIVE_DEVICES | ALARM | Critical | More than one device is active in the spoke cluster. |
SPOKEHA_STATE_UPDATE | ALERT | Major | Device state changes in spoke cluster. |