Configuring Health Policies
License:
Any
A health policy contains configured health test criteria for several modules. You can control which health modules run against each of your appliances and configure the specific limits used in the tests run by each module. For more information on the health modules you can configure in a health policy, see Understanding Health Monitoring.
You can create one health policy that can be applied to every appliance in your system, customize each health policy to the specific appliance where you plan to apply it, or use the default health policy provided for you. You can also import a health policy exported from another Defense Center.
When you configure a health policy, you decide whether to enable each health module for that policy. You also select the criteria that control which health status each enabled module reports each time it assesses the health of a process.
For more information on the default health policy, which is applied to the Defense Center automatically, see Understanding the Default Health Policy.
For more information, see the following topics:
Understanding the Default Health Policy
License:
Any
The Defense Center health monitor includes a default health policy to make it easier for you to quickly implement health monitoring for your appliances. The default health policy is automatically applied to the Defense Center. You cannot edit the default health policy, but you can copy it to create custom policies based on its configuration. For more information, see Creating Health Policies.
To also monitor device health, you can push health policies to your managed devices.
Note You cannot apply a health policy to Cisco NGIPS for Blue Coat X-Series.
In the default health policy, most of the health modules available on the running platform are automatically enabled. The following table details the modules activated in the default policy for Defense Centers and managed devices.
Table 68-2 Default Active Health Modules
|
|
|
Advanced Malware Protection
|
yes
|
no
|
Appliance Heartbeat
|
yes
|
no
|
Automatic Application Bypass
|
no
|
yes
|
CPU Usage
|
no
|
no
|
Card Reset
|
no
|
no
|
Disk Status
|
yes
|
yes
|
Disk Usage
|
yes
|
yes
|
FireAMP Status Monitor
|
yes
|
no
|
FireSIGHT Host License Limit
|
yes
|
no
|
Hardware Alarm
|
no
|
yes
|
Health Monitor Process
|
no
|
no
|
Inline Link Mismatch Alarms
|
no
|
yes
|
Interface Status
|
no
|
yes
|
Intrusion Event Rate
|
no
|
yes
|
License Monitor
|
yes
|
no
|
Link State Propagation
|
no
|
yes
|
Memory Usage
|
yes
|
yes
|
Power Supply
|
no
|
yes
|
Process Status
|
yes
|
yes
|
Reconfiguring Detection
|
no
|
yes
|
RRD Server Process
|
yes
|
no
|
Security Intelligence
|
yes
|
no
|
Time Series Data Monitor
|
yes
|
no
|
Time Synchronization Status
|
yes
|
yes
|
URL Filtering Monitor
|
yes
|
no
|
User Agent Status Monitor
|
yes
|
no
|
VPN Status
|
yes
|
no
|
Creating Health Policies
License:
Any
If you want to customize a health policy to use with your appliances, you can create a new policy. The settings in the policy initially populate with the settings from the health policy you select as a basis for the new policy. You can enable or disable modules within the policy and change the alerting criteria for each module as needed.
Tip Instead of creating a new policy, you can export a health policy from another Defense Center and then import it onto your Defense Center. You can then edit the imported policy to suit your needs before you apply it. For more information, see Importing and Exporting Configurations.
To create a health policy:
Access:
Admin/Maint
Step 1 Select
Health > Health Policy
.
The Health Policy page appears.
Step 2 Click
Create Policy
.
The Create Health Policy page appears.
Step 3 Select the existing policy that you want to use as the basis for the new policy from the
Copy Policy
drop-down list
.
Step 4 Enter a name for the policy.
Step 5 Enter a description for the policy.
Step 6 Select
Save
to save the policy information.
The Health Policy Configuration page appears, including a list of the modules.
Step 7 Configure settings on each module you want to use to test the health status of your appliances, as described in the following sections:
Note Make sure you enable each module that you want to run to test the health status on each Health Policy Configuration page as you configure the settings. Disabled modules do not produce health status feedback, even if the policy that contains the module has been applied to an appliance.
Step 8 Click
Save Policy and Exit
to save the policy.
You must apply the policy to each appliance for it to take effect. For more information on applying health policies, see Applying Health Policies.
Configuring Policy Run Time Intervals
License:
Any
You can control how often health tests run by modifying the Policy Run Time Interval for the health policy. The maximum run time interval you can set is 99999 minutes.
Caution Do not set a run interval of less than five minutes.
To configure a policy run time interval:
Access:
Admin/Maint
Step 1 On the Health Policy Configuration page, select
Policy Run Time Interval
.
The Health Policy Configuration — Policy Run Time Interval page appears.
Step 2 In the
Run Interval (mins)
field, enter the time in minutes that you want to elapse between automatic repetitions of the test.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate appliances if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Advanced Malware Protection Monitoring
License:
Malware
This module tracks the state and stability of the Defense Center’s ability to query the Cisco cloud and detect files in network traffic. If the system detects that your connection with the cloud is interrupted, the encryption keys used for the connection are invalid, or the number of files detected in a time frame is excessive, the status classification for this module changes to Warning and the module generates a health alert. Note that if you are using a FireAMP Private Cloud and it is unable to communicate with the public Cisco cloud, the private cloud itself generates an alert; for more information, see the
FireAMP Private Cloud Administration Portal User Guide
.
Note If your Defense Center loses connectivity to the Internet, the system may take up to 30 minutes to generate an Advanced Malware Protection health alert.
To configure Advanced Malware Protection health module settings:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select Advanced Malware Protection.
The Health Policy Configuration — Advanced Malware Protection page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate appliances if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Appliance Heartbeat Monitoring
License:
Any
The Defense Center receives heartbeats from its managed devices once every two minutes or every 200 events, whichever comes first, as an indicator that the device is running and communicating properly with the Defense Center. Use the Appliance Heartbeat health status module to track whether the Defense Center receives heartbeats from managed appliances. If the Defense Center does not detect a heartbeat from a device, the status classification for this module changes to Critical. That status data feeds into the health monitor.
To configure Appliance Heartbeat health module settings:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
Appliance Heartbeat
.
The Health Policy Configuration — Appliance Heartbeat page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate appliances if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Automatic Application Bypass Monitoring
License:
Any
Use this module to detect when a managed device is bypassed because it did not respond within the number of seconds configured as the bypass threshold. If a bypass occurs, this module generates an alert. That status data feeds into the health monitor.
For more information on automatic application bypass, see Automatic Application Bypass.
To configure automatic application bypass monitoring status:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
Automatic Application Bypass Status
.
The Health Policy Configuration — Automatic Application Bypass Status page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate managed device if you want your settings to take effect. See Applying Health Policies for more information.
Configuring CPU Usage Monitoring
License:
Any
Supported Devices:
Any except 3D9900
Supported Defense Centers:
Any
Excessive CPU usage may indicate that you need to upgrade your hardware or that there are processes that are not functioning correctly. Use the CPU Usage health status module to set CPU usage limits.
If the CPU usage on the monitored appliance exceeds the Warning limit, the status classification for that module changes to Warning. If the CPU usage on the monitored appliance exceeds the Critical limit, the status classification for that module changes to Critical. That status data feeds into the health monitor.
The maximum percentage you can set for either limit is 100 percent, and the Critical limit must be higher than the Warning limit.
To configure CPU usage limits:
Access:
Admin/Maint
Step 1 On the Health Policy Configuration page, select
CPU Usage
.
The Health Policy Configuration — CPU Usage page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 In the
Critical Threshold %
field, enter the percentage of CPU usage that should trigger a critical health status.
Step 4 In the
Warning Threshold %
field, enter the percentage of CPU usage that should trigger a warning health status.
Step 5 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate appliances if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Card Reset Monitoring
License:
Any
Use the card reset monitoring health status module to track when the network card restarts because of hardware failure. If a reset occurs, this module generates an alert. That status data feeds into the health monitor.
To configure card reset monitoring:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
Card Reset
.
The Health Policy Configuration — Card Reset Monitoring page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate Defense Center if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Disk Status Monitoring
License:
Any
Use the Disk Status health module to monitor the current status of your appliance’s hard disk, and malware storage pack if installed. This module generates a Warning (yellow) health alert when the hard disk and RAID controller (if installed) are in danger of failing, or if an additional hard drive is installed that is not a malware storage pack. This module generates an Alert (red) health alert when an installed malware storage pack cannot be detected.
To configure Disk Status health module settings:
Access:
Admin/Maint
Step 1 On the Health Policy Configuration page, click
Disk Status
.
The Health Policy Configuration — Disk Status page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate devices if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Disk Usage Monitoring
License:
Any
Without sufficient disk space, an appliance cannot run. The health monitor can identify low disk space conditions on your appliance’s hard drive and malware storage pack before space runs out. The health monitor can also alert when hard drive file draining occurs too frequently. Use the Disk Usage health status module to monitor disk usage for the
/
and
/volume
partitions on the appliance and track draining frequency.
Note Although the disk usage module lists the /boot
partition as a monitored partition, the size of the partition is static so the module does not alert on the boot partition.
If the overall disk usage on the monitored appliance exceeds the Warning limit, the status classification for that module changes to Warning. If the overall disk usage on the monitored appliance exceeds the Critical limit, the status classification for that module changes to Critical. The maximum percentage you can set for either limit is 100 percent, and the Critical limit must be higher than the Warning limit.
If the system deletes unprocessed events, the status classification for that module changes to Warning. If the system drains files in any disk usage category too frequently based on module thresholds, or if disk usage for files not in a monitored disk usage category grows too large based on module thresholds, the status classification for that module changes to Critical. For more information on disk usage categories, see Understanding the Disk Usage Widget.
To configure Disk Usage health module settings:
Access:
Admin/Maint
Step 1 On the Health Policy Configuration page, select
Disk Usage
.
The Health Policy Configuration — Disk Usage page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 In the
Critical Threshold %
field, enter the percentage of disk usage that should trigger a critical health status.
Step 4 In the
Warning Threshold %
field, enter the percentage of disk usage that should trigger a warning health status.
Step 5 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate appliances if you want your settings to take effect. See Applying Health Policies for more information.
Configuring FireAMP Status Monitoring
License:
Any
Use the FireAMP Status Monitor module to alert you in the following situations:
-
the Defense Center cannot connect to the Cisco cloud after an initial successful connection
-
you deregister a cloud connection using the FireAMP portal
-
your FireAMP Private Cloud is unable to communicate with the public Cisco cloud
In these cases, the module status changes to Critical and provides the cloud name associated with the failed connection. For information on configuring a cloud connection, see Working with Cloud Connections for FireAMP.
To configure FireAMP Status Monitor module settings:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
Status Monitor
.
The Health Policy Configuration — FireAMP Status Monitor page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for FireAMP status monitoring.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the Defense Center if you want your settings to take effect. See Applying Health Policies for more information.
Configuring FireSIGHT Host Usage Monitoring
License:
FireSIGHT
Use the FireSIGHT Host License Limit health status module to set FireSIGHT Host amount warning limits. If the number of remaining FireSIGHT Hosts on the monitored device falls below the Warning Hosts limit, the status classification for that module changes to Warning. If the number of remaining FireSIGHT Hosts on the monitored device falls below the Critical Hosts limit, the status classification for that module changes to Critical. That status data feeds into the health monitor.
The maximum number of hosts you can set for either limit is 1000, and the Critical host limit number must be lower than the Warning limit.
To configure FireSIGHT Host License Limit health module settings:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
Host License Limit
.
The Health Policy Configuration — FireSIGHT Host License Limit page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 In the
Critical number Hosts
field, enter the remaining number of available hosts that should trigger a critical health status.
Step 4 In the
Warning number Hosts
field, enter the remaining number of available hosts that should trigger a warning health status.
Step 5 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate devices if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Hardware Alarm Monitoring
License:
Any
Supported Devices:
Series 3, 3D9900
Use the Hardware Alarms health status module to detect hardware failure on a Series 3 or 3D9900 device. If the Hardware Alarms module finds a hardware component that has failed or clustered devices that are not communicating with each other, the status classification for that module changes to Critical. That status data feeds into the health monitor.
For more information on the hardware status conditions that can cause hardware alerts on 3D9900 devices, see Interpreting Hardware Alert Details for 3D9900 Devices.
To configure Hardware Alarm health module settings:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
Hardware Alarms
.
The Health Policy Configuration — Hardware Alarm Monitor page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate devices if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Health Status Monitoring
License:
Any
Use the Health Monitor Process module to monitor the health of the health monitor on a Defense Center by generating alerts when too many minutes elapse between health events received from monitored appliances.
For example, if a Defense Center (
myrtle.example.com
) monitors a device (
dogwood.example.com
), you apply a health policy with the Health Monitor Process module enabled to
myrtle.example.com
. The Health Monitor Process module then reports events that indicate how many minutes have elapsed since the last event was received from
dogwood.example.com
.
You can configure the elapsed duration between events, in minutes, that causes an alert to be generated. If the wait exceeds the number of minutes configured in the Warning Minutes since last event limit, the status classification for that module changes to Warning. If the wait exceeds the Critical Minutes since last event limit, the status classification for that module changes to Critical. That status data feeds into the health monitor.
The maximum number of minutes you can set for either limit is 144, and the Critical limit must be higher than the Warning limit. The minimum number of minutes is 5.
To configure Health Monitor Process module settings:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
Health Monitor Process
.
The Health Policy Configuration — Health Monitor Process page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 In the
Critical Minutes since last event
field, enter the maximum number of minutes to wait between events, before triggering a critical health status.
Step 4 In the
Warning Minutes since last event
field, enter the maximum number of minutes to wait between events, before triggering a warning health status.
Step 5 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the Defense Center for your settings to take effect. See Applying Health Policies for more information.
Configuring Inline Link Mismatch Alarm Monitoring
License:
Any
Use the Inline Link Mismatch Alarm health status module to track when the interfaces on either side of an inline set negotiate different connection speeds. If different negotiated speeds are detected, this module generates an alert.
To configure inline link mismatch monitoring:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
Inline Link Mismatch Alarms
.
The Health Policy Configuration — Inline Link Mismatch Alarms page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate Defense Center if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Interface Status Monitoring
License:
FireSIGHT
Use the Interface Status health status module to detect whether a device receives traffic. If the Interface Status module determines that a device does not receive traffic, the status classification for that module changes to Critical. That status data feeds into the health monitor.
Note Interfaces labeled DataPlaneInterfacex
, where x
is a numerical value, are internal ASA interfaces (not user-defined) and involve packet flow within the system.
To configure Interface Status health module settings:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
Interface Status
.
The Health Policy Configuration — Interface Status page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate devices if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Intrusion Event Rate Monitoring
License:
Protection
Use the Intrusion Event Rate health status module to set limits for the number of packets per second that trigger a change in the health status. If the event rate on the monitored device exceeds the number of events per second configured in the Events per second (Warning) limit, the status classification for that module changes to Warning. If the event rate exceeds the number of events per second configured in the Events per second (Critical) limit, the status classification for that module changes to Critical. That status data feeds into the health monitor.
Typically, the event rate for a network segment averages 20 events per second. For a network segment with this average rate, Events per second (Critical) should be set to
50
and Events per second (Warning) should be set to
30
. To determine limits for your system, find the Events/Sec value on the Statistics page for your device (
System > Monitoring > Statistics
), then calculate the limits using these formulas:
-
Events per second (Critical) = Events/Sec * 2.5
-
Events per second (Warning) = Events/Sec * 1.5
The maximum number of events you can set for either limit is 999, and the Critical limit must be higher than the Warning limit.
To configure Intrusion Event Rate Monitor health module settings:
Access:
Admin/Maint
Step 1 On the Health Policy Configuration page, select
Intrusion Event Rate
.
The Health Policy Configuration — Intrusion Event Rate page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 In the
Events per second (Critical)
field, enter the number of events per second that should trigger a critical health status.
Step 4 In the
Events per second (Warning)
field, enter the number of events per second that should trigger a warning health status.
Step 5 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate devices if you want your settings to take effect. See Applying Health Policies for more information.
Understanding License Monitoring
License:
Any
Use the License Monitoring health status module to determine if sufficient licenses remain for Control, Protection, URL Filtering, Malware, and VPN. This module alerts if the number of remaining licenses is low or insufficient.
This module also alerts if the system detects that devices in a stacked configuration have mismatched license sets (stacked devices must have identical sets of licenses).
The License Monitoring module is automatically configured. Because you cannot change or disable this module, it does not appear on the Health Policy Configuration page.
Configuring Link State Propagation Monitoring
License:
Any
Use the Link State Propagation health status module to detect the link state propagation status on an inline pair. If a link state propagates to the pair, the status classification for that module changes to Critical and the state reads:
Module Link State Propagation: ethx_ethy is Triggered
where
x
and
y
are the paired interface numbers.
To configure Link State Propagation health module settings:
Access:
Admin/Maint
Step 1 On the Health Policy Configuration page, select
Link State Propagation
.
The Health Policy Configuration — Link State Propagation monitor page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate devices if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Memory Usage Monitoring
License:
Any
Use the Memory Usage health status module to set memory usage limits. The module calculates free memory by considering free memory, cached memory, and swap memory. If the memory usage on the monitored appliance exceeds the Warning limit, the status classification for that module changes to Warning. If the memory usage on the monitored appliance exceeds the Critical limit, the status classification for that module changes to Critical. That status data feeds into the health monitor.
For appliances with more than 4GB of memory, the preset alert thresholds are based on a formula that accounts for proportions of available memory likely to cause system problems.
Note On <4GB appliances, because the interval between Warning and Critical thresholds may be very narrow, Cisco recommends that you manually set the Warning Threshold % value to 50
. This will further ensure that you receive memory alerts for your appliance in time to address the issue.
The maximum percentage you can set for either limit is 100 percent, and the Critical limit must be higher than the Warning limit.
Note If you apply an access control policy with many FireSIGHT features enabled (such as security intelligence, file capture, intrusion policies with many rules, or URL filtering), some lower-end ASA FirePOWER devices may generate intermittent memory usage warnings, as the device’s memory allocation is being used to the fullest extent possible.
To configure Memory Usage health module settings:
Access:
Admin/Maint
Step 1 On the Health Policy Configuration page, select
Memory Usage
.
The Health Policy Configuration — Memory Usage page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 In the
Critical Threshold %
field, enter the percentage of memory usage that should trigger a critical health status.
Step 4 In the
Warning Threshold %
field, enter the percentage of memory usage that should trigger a warning health status.
Step 5 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate appliances if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Power Supply Monitoring
License:
Any
Supported Devices:
3D3500, 3D4500, 3D6500, 3D9900, Series 3
Supported Defense Centers:
DC1500, DC2000, DC3500, DC4000
Use the Power Supply health status module to detect a power supply failure on any of the supported platforms. If the module finds a power supply that has no power, the status classification for that module changes to No Power. If the module cannot detect the presence of the power supply, the status changes to Critical Error. That status data feeds into the health monitor. You can expand the Power Supply item on the Alert Detail list in the health monitor to see specific status items for each power supply.
To configure Power Supply health module settings:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
Power Supply
.
The Health Policy Configuration — Power Supply page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate devices if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Process Status Monitoring
License:
Any
Use the Process Status health module to monitor for processes running on the appliance that exit or terminate outside of the process manager. The response of the Process Status module to a process ending depends on how the process ends:
-
If the process terminates inside the process manager, the module does not report any health events.
-
If a process is deliberately exited outside of the process manager, the module status changes to Warning and the health event message indicates which process exited until the module runs again and the process has restarted.
-
If a process terminates abnormally or crashes outside of the process manager, the module status changes to Critical and the health event message indicates the terminated process until the module runs again and the process has restarted.
To configure Process Status health module settings:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
Process Status
.
The Health Policy Configuration — Process Status page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate appliances if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Reconfiguring Detection Monitoring
License:
Any
Use the Reconfiguring Detection Monitor module to determine the status of detection capabilities after applying a policy to your managed devices. If a policy apply fails and detection ceases functionality, the module generates an alert in Health Events.
To configure time series data monitoring settings:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
Reconfiguring Detection
.
The Health Policy Configuration — Reconfiguring Detection page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health alerts.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate devices if you want your settings to take effect. See Applying Health Policies for more information.
Configuring RRD Server Process Monitoring
License:
Any
Use the RRD Server Process module to see if the RRD server that stores time series data is working properly. The module will alert If the RRD server has restarted since the last time it updated; it will enter Critical or Warning status if the number of consecutive updates with an RRD server restart reaches the numbers specified in the module configuration.
To configure RRD server process monitoring settings:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
RRD Server Process
.
The Health Policy Configuration — RRD Server Process page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 In the
Critical Number of restarts
field, enter the number of consecutive detected RRD server resets that should trigger a critical health status.
Step 4 In the
Warning Number of restarts
field, enter the number of consecutive detected RRD server resets that should trigger a warning health status.
Step 5 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate devices if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Security Intelligence Monitoring
License:
Protection
Supported Defense Centers:
Any except DC500
Use the Security Intelligence module to warn you in a variety of situations involving Security Intelligence filtering. The module alerts if Security Intelligence is in use and:
-
the Defense Center cannot update a feed, or if feed data is corrupt or contains no recognizable IP addresses
-
a managed device had a problem receiving updated Security Intelligence data from the Defense Center
-
a managed device cannot load all of the Security Intelligence data provided to it by the Defense Center, due to memory issues
Tip If a Security Intelligence memory warning appears in the health monitor, you can reapply the affected device’s access control policy to increase the memory allocated to Security Intelligence; see Applying an Access Control Policy.
For more information on Security Intelligence filtering, see Blacklisting Using Security Intelligence IP Address Reputation and Working with Security Intelligence Lists and Feeds.
To configure Security Intelligence module settings:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
Security Intelligence
.
The Health Policy Configuration — Security Intelligence page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for Security Intelligence monitoring.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate devices if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Time Series Data Monitoring
License:
Any
Use the Time Series Data Monitor module to monitor the status of time series data (such as lists of compliance events) that your system has stored. This module scans your time series data storage directory for corrupt files. If the module finds corrupted data, it enters a Warning status and reports the names of all affected files.
To configure time series data monitoring settings:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
Time Series Data Monitor
.
The Health Policy Configuration — Time Series Data Monitor page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate devices if you want your settings to take effect. See Applying Health Policies for more information.
Configuring Time Synchronization Monitoring
License:
Any
Use the Time Synchronization Status module to detect when the time on a managed device that uses NTP to obtain time from an NTP server differs by 10 seconds or more from the time on the server.
To configure time synchronization monitoring settings:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
Time Synchronization Status
.
The Health Policy Configuration — Time Synchronization Status page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate devices if you want your settings to take effect. See Applying Health Policies for more information.
Configuring URL Filtering Monitoring
License:
URL Filtering
Supported Defense Centers:
Any except DC500
Use the URL Filtering Monitor module to track communications between the Defense Center and the Cisco cloud, where the system obtains its URL filtering (category and reputation) data for commonly visited URLs. If the Defense Center fails to successfully communicate with or retrieve an update from the cloud, the status classification for that module changes to Critical.
In a high availability configuration, only the primary Defense Center communicates with the URL filtering cloud; all data from this module refers only to that primary appliance.
The URL Filtering Monitor module also tracks communications between the Defense Center and any managed devices where you have enabled URL filtering. If the Defense Center is successfully communicating with the cloud, the module status changes to Warning if the Defense Center cannot push new URL filtering data to its managed devices.
To configure URL Filtering Monitor health module settings:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
URL Filtering Monitor
.
The Health Policy Configuration — URL Filtering Monitor page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the Defense Center if you want your settings to take effect. See Applying Health Policies for more information.
Configuring User Agent Status Monitoring
License:
FireSIGHT
You can use the User Agent Status Monitor health module to monitor the heartbeat of agents connected to a Defense Center. If you enable the module in an applied health policy, the module generates a health alert if the Defense Center does not detect a heartbeat for any agent configured on the Defense Center.
To configure User Agent Status Monitor health module settings:
Access:
Admin/Maint
Step 1 In the Health Policy Configuration page, select
User Agent Status Monitor
.
The Health Policy Configuration — User Agent Status Monitor page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the Defense Center if you want your settings to take effect. See Applying Health Policies for more information.
Configuring VPN Status Monitoring
License:
VPN
Supported Defense Centers:
Any except Series 2
Use the VPN Status health module to monitor the current status of your configured Gateway VPN tunnels; information for each individual tunnel is displayed. This module generates a Critical (red) health alert when any of your VPN tunnels is not working.
To configure VPN Status health module settings:
Access:
Admin/Maint
Step 1 On the Health Policy Configuration page, click
VPN Status
.
The Health Policy Configuration — VPN Status page appears.
Step 2 Select
On
for the
Enabled
option to enable use of the module for health status testing.
Step 3 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
You must apply the health policy to the appropriate devices if you want your settings to take effect. See Applying Health Policies for more information.
Applying Health Policies
License:
Any
When you apply a health policy to an appliance, the health tests for all the modules you enabled in the policy automatically monitor the health of the processes and hardware on the appliance. Health tests then continue to run at the intervals you configured in the policy, collecting health data for the appliance and forwarding that data to the Defense Center.
If you enable a module in a health policy and then apply the policy to an appliance that does not require that health test, the health monitor reports the status for that health module as disabled.
If you apply a policy with all modules disabled to an appliance, it removes all applied health policies from the appliance so no health policy is applied.
When you apply a different policy to an appliance that already has a policy applied, expect some latency in the display of new data based on the newly applied tests.
Note Custom health policies created on Defense Centers in a high availability pair will be replicated between both appliances. However, changes to default health policies are not replicated; each appliance uses the local default health policy configured for that appliance.
To apply a health policy:
Access:
Admin/Maint
Step 1 Select
Health > Health Policy
.
The Health Policy page appears.
Step 2 Click the apply icon (
) next to the policy you want to apply.
The Health Policy Apply page appears.
Tip The status icon () next to the Health Policy column indicates the current health status for the appliance.
Step 3 Select the appliances where you want to apply the health policy.
Step 4 Click
Apply
to apply the policy to the selected appliances.
The Health Policy page appears, with a message indicating if the application of the policy was successful. Monitoring of the appliance starts as soon as the policy is successfully applied.
Editing Health Policies
License:
Any
You can modify a health policy by enabling or disabling modules or by changing module settings. If you modify a policy that is already applied to an appliance, the changes do not take effect until you reapply the policy.
Applicable health models for various appliances are listed in the following table.
Table 68-3 Health Modules Applicable to Appliances
|
|
Advanced Malware Protection
|
Defense Centers, except DC500
|
Appliance Heartbeat
|
Defense Center
|
Automatic Application Bypass Status
|
Any managed device
|
CPU Usage
|
Any except 3D9900
|
Card Reset
|
Any managed device
|
Disk Status
|
Any
|
Disk Usage
|
Any
|
FireAMP Status Monitor
|
Defense Center
|
FireSIGHT Host License Limit
|
Defense Center
|
Hardware Alarms
|
Series 3, 3D9900
|
Health Monitor Process
|
Defense Center
|
Inline Link Mismatch Alarms
|
Any managed device
|
Interface Status
|
Any managed device
|
Intrusion Event Rate
|
Managed devices with Protection
|
License Monitor
|
Defense Center
|
Link State Propagation
|
Managed devices with Protection
|
Memory Usage
|
Any
|
Power Supply
|
Defense Centers: DC1500, DC2000, DC3500, DC4000
Devices: 3D3500, 3D4500, 3D6500, 3D9900, Series 3
|
Process Status
|
Any
|
Reconfiguring Detection
|
Any
|
RRD Server Process
|
Defense Center
|
Security Intelligence
|
Defense Center, except DC500
|
Time Series Data Monitor
|
Defense Center
|
Time Synchronization Status
|
Any
|
URL Filtering Monitor
|
Defense Centers, except DC500
|
User Agent Status Monitor
|
Defense Center
|
VPN Status
|
Defense Center
|
To edit a health policy:
Access:
Admin/Maint
Step 1 Select
Health > Health Policy
.
The Health Policy page appears.
Step 2 Click the edit icon (
) next to the policy you want to modify.
The Health Policy Configuration page appears, with the Policy Run Time Interval settings selected.
Step 3 Modify settings as needed, as described in the following sections:
Step 4 You have three options:
-
To save your changes to this module and return to the Health Policy page, click
Save Policy and Exit
.
-
To return to the Health Policy page without saving any of your settings for this module, click
Cancel
.
-
To temporarily save your changes to this module and switch to another module’s settings to modify, select the other module from the list at the left of the page. If you click
Save Policy and Exit
when you are done, all changes you made will be saved; if you click
Cancel
, you discard all changes.
Step 5 Reapply the policy to the appropriate appliances as described in Applying Health Policies.
Comparing Health Policies
License:
Any
To review policy changes for compliance with your organization’s standards or to optimize health monitoring performance, you can examine the differences between two health policies. You can compare any two health policies or two revisions of the same health policy, for the health policies you can access. To quickly compare your active health policy to another, you can select the
Running Configuration
option. Optionally, after you compare, you can then generate a PDF report to record the differences between the two policies or policy revisions.
There are two tools you can use to compare health policies or health policy revisions:
-
The comparison view displays only the differences between two health policies or health policy revisions in a side-by-side format; the name of each policy or policy revision appears in the title bar on the left and right sides of the comparison view.
You can use this to view and navigate both policy revisions on the web interface, with their differences highlighted.
-
The comparison report creates a record of only the differences between two health policies or health policy revisions in a format similar to the health policy report, but in PDF format.
You can use this to save, copy, print and share your policy comparisons for further examination.
For more information on understanding and using the health policy comparison tools, see:
Using the Health Policy Comparison View
License:
Any
The comparison view displays both health policies or policy revisions in a side-by-side format, with each policy or policy revision identified by name in the title bar on the left and right sides of the comparison view. The time of last modification and the last user to modify are displayed to the right of the policy name. Note that the Health Policy page displays the time a policy was last modified in local time, but the health policy report lists the time modified in UTC.
Differences between the two health policies or policy revisions are highlighted:
-
Blue indicates that the highlighted setting is different in the two policies or policy revisions, and the difference is noted in red text.
-
Green indicates that the highlighted setting appears in one policy or policy revision but not the other.
You can perform any of the actions in the following table.
Table 68-4 Health Policy Comparison View Actions
|
|
navigate individually through changes
|
click
Previous
or
Next
above the title bar.
The double-arrow icon (
) centered between the left and right sides moves, and the
Difference
number adjusts to identify which difference you are viewing.
|
generate a new health policy comparison view
|
click
New Comparison.
The
Select Comparison
window appears. See Using the Health Policy Comparison Report for more information.
|
generate a health policy comparison report
|
click
Comparison Report
.
The health policy comparison report creates a PDF containing information identical to the comparison view.
|
Using the Health Policy Comparison Report
License:
Any
A health policy comparison report is a record of all differences between two health policies or two revisions of the same health policy identified by the health policy comparison view, presented as a PDF. You can use this report to further examine the differences between two health policy configurations and to save and disseminate your findings.
You can generate a health policy comparison report from the comparison view for any health policies to which you have access. Remember to commit any potential changes before you generate a health policy report; only committed changes appear in the report.
Depending on your configuration, a health policy comparison report can contain one or more sections. Each section uses the same format and provides the same level of detail. Note that the Value A and Value B columns represent the policies or policy revisions you configured in the comparison view.
Tip You can use a similar procedure to compare SSL, network analysis, intrusion, file, system, or access control policies.
To compare two health policies or two revisions of the same policy:
Access:
Admin/Maint
Step 1 Select
Health > Health Policy
.
The Health Policy page appears.
Step 2 Click
Compare Policies
.
The Select Comparison window appears.
Step 3 From the
Compare Against
drop-down list, select the type of comparison you want to make:
-
To compare two different policies, select
Other Policy
.
-
To compare two revisions of the same policy, select
Other Revision
.
-
To compare another policy to the currently active policy, select
Running Configuration.
Remember to commit any changes before you generate a health policy report; only committed changes appear in the report.
Step 4 Depending on the comparison type you selected, you have the following choices:
-
If you are comparing two different policies, select the policies you want to compare from the
Policy A
and
Policy B
drop-down lists.
-
If you are comparing two revisions of the same policy, select the policy from the
Policy
drop-down list, then select the revisions you want to compare from the
Revision A
and
Revision B
drop-down lists.
-
If you are comparing the running configuration to another policy, select the second policy from the
Policy B
drop-down list.
Step 5 Click
OK
to display the health policy comparison view.
The comparison view appears.
Step 6 Click
Comparison Report
to generate the health policy comparison report.
The health policy report appears. Depending on your browser settings, the report may appear in a pop-up window, or you may be prompted to save the report to your computer.
Deleting Health Policies
License:
Any
You can delete health policies that you no longer need. If you delete a policy that is still applied to an appliance, the policy settings remain in effect until you apply a different policy. In addition, if you delete a health policy that is applied to a device, any health monitoring alerts in effect for the device remain active until you disable the underlying associated alert response; see Enabling and Disabling Alert Responses.
Tip To stop health monitoring for an appliance, create a health policy with all modules disabled and apply it to the appliance. For more information on creating health policies, see Creating Health Policies. For more information on applying health policies, see Applying Health Policies.
To delete a health policy:
Access:
Admin/Maint
Step 1 Select
Health > Health Policy
.
The Health Policy page appears.
Step 2 Click the delete icon (
) next to the policy you want to delete.
A message appears, indicating if the deletion was successful.
Using Appliance Health Monitors
License:
Any
The Appliance health monitor provides a detailed view of the health status of an appliance.
Note Your session normally logs you out after 1 hour of inactivity (or another configured interval). If you plan to passively monitor the health monitor for long periods of time, consider exempting some users from session timeout, or changing the system timeout settings. For more information, see Managing User Login Settings and Configuring User Interface Settings.
To view the status summary for a specific appliance:
Access:
Admin/Maint/Any Security Analyst
Step 1 Select
Health > Health Monitor
.
The Health Monitor page appears.
Step 2 To show the list of appliances with a particular status, click the arrow in that status row.
Tip If the arrow in the row for a status level points down, the appliance list for that status shows in the lower table. If the arrow points right, the appliance list is hidden.
Step 3 In the
Appliance
column of the appliance list, click the name of the appliance for which you want to view details in the health monitor toolbar.
The Health Monitor Appliance page appears.
Step 4 Optionally, in the
Module Status Summary
graph, click the color for the event status category you want to view. The Alert Detail list toggles the display to show or hide events.
For more information, see the following sections:
Viewing Alerts by Status
License:
Any
You can show or hide categories of alerts by status.
To show alerts by status:
Access:
Admin/Maint/Any Security Analyst
Step 1 Click the status icon or the color segment in the pie chart that corresponds to the health status of the alerts you want to view. The alerts for that category appear in the Alert Detail list.
To hide alerts by status:
Access:
Admin/Maint/Any Security Analyst
Step 1 Click the status icon or the color segment in the pie chart that corresponds to the health status of the alerts you want to view. The alerts in the Alert Detail list for that category disappear.
Running All Modules for an Appliance
License:
Any
Health module tests run automatically at the policy run time interval you configure when you create a health policy. However, you can also run all health module tests on demand to collect up-to-date health information for the appliance.
To run all health modules for the appliance:
Access:
Admin/Maint/Any Security Analyst
Step 1 Select
Health > Health Monitor
.
The Health Monitor page appears.
Step 2 To expand the appliance list to show appliances with a particular status, click the arrow in that status row.
Tip If the arrow in the row for a status level points down, the appliance list for that status shows in the lower table. If the arrow points right, the appliance list is hidden.
Step 3 In the
Appliance
column of the appliance list, click the name of the appliance for which you want to view details.
The Health Monitor Appliance page appears.
Step 4 Click
Run All Modules
.
The status bar indicates the progress of the tests, then the Health Monitor Appliance page refreshes.
Note When you manually run health modules, the first refresh that automatically occurs may not reflect the data from the manually run tests. If the value has not changed for a module that you just ran manually, wait a few seconds, then refresh the page by clicking the device name. You can also wait for the page to refresh again automatically.
Running a Specific Health Module
License:
Any
Health module tests run automatically at the policy run time interval you configure when you create a health policy. However, you can also run a health module test on demand to collect up-to-date health information for that module.
To run a specific health module:
Access:
Admin/Maint/Any Security Analyst
Step 1 Select
Health > Health Monitor
.
The Health Monitor page appears.
Step 2 To expand the appliance list to show appliances with a particular status, click the arrow in that status row.
Tip If the arrow in the row for a status level points down, the appliance list for that status shows in the lower table. If the arrow points right, the appliance list is hidden.
Step 3 In the
Appliance
column of the appliance list, click the name of the appliance for which you want to view details.
The Health Monitor Appliance page appears.
Step 4 In the
Module Status Summary
graph of the Health Monitor Appliance page, click the color for the health alert status category you want to view.
The Alert Detail list expands to list the health alerts for the selected appliance for that status category.
Step 5 In the
Alert Detail
row for the alert for which you want to view a list of events, click
Run
.
The status bar indicates the progress of the test, then the Health Monitor Appliance page refreshes.
Note When you manually run health modules, the first refresh that automatically occurs may not reflect the data from the manually run tests. If the value has not changed for a module that you just manually ran, wait a few seconds, then refresh the page by clicking the device name. You can also wait for the page to refresh automatically again.
Generating Health Module Alert Graphs
License:
Any
You can graph the results over a period of time of a particular health test for a specific appliance.
To generate a health module alert graph:
Access:
Admin/Maint/Any Security Analyst
Step 1 Select
Health > Health Monitor
.
The Health Monitor page appears.
Step 2 To expand the appliance list to show appliances with a particular status, click the arrow in that status row.
Tip If the arrow in the row for a status level points down, the appliance list for that status shows in the lower table. If the arrow points right, the appliance list is hidden.
Step 3 In the
Appliance
column of the appliance list, click the name of the appliance for which you want to view details.
The Health Monitor Appliance page appears.
Step 4 In the
Module Status Summary
graph of the Health Monitor Appliance page, click the color for the health alert status category you want to view.
The Alert Detail list expands to list the health alerts for the selected appliance for that status category.
Step 5 In the
Alert Detail
row for the alert for which you want to view a list of events, click
Graph
.
A graph appears, showing the status of the event over time. The Alert Detail section below the graph lists all health alerts for the selected appliance.
Tip If no events appear, you may need to adjust the time range. See Setting Event Time Constraints for more information.
Using the Health Monitor to Troubleshoot
License:
Any
In some cases, if you have a problem with your appliance, Support may ask you to generate troubleshooting files to help them diagnose the problem. You can select any of the options listed in the following table to customize the troubleshooting data that the health monitor reports.
Table 68-7 Selectable Troubleshoot Options
|
|
Snort Performance and Configuration
|
data and configuration settings related to Snort on the appliance
|
Hardware Performance and Logs
|
data and logs related to the performance of the appliance hardware
|
System Configuration, Policy, and Logs
|
configuration settings, data, and logs related to the current system configuration of the appliance
|
Detection Configuration, Policy, and Logs
|
configuration settings, data, and logs related to detection on the appliance
|
Interface and Network Related Data
|
configuration settings, data, and logs related to inline sets and network configuration of the appliance
|
Discovery, Awareness, VDB Data, and Logs
|
configuration settings, data, and logs related to the current discovery and awareness configuration on the appliance
|
Upgrade Data and Logs
|
data and logs related to prior upgrades of the appliance
|
All Database Data
|
all database-related data that is included in a troubleshoot report
|
All Log Data
|
all logs collected by the appliance database
|
Network Map Information
|
current network topology data
|
Note that some options overlap in terms of the data they report, but the troubleshooting files will not contain redundant copies, regardless of what options you select.
For more information, see the following sections:
Generating Appliance Troubleshooting Files
License:
Any
Use the following procedure to generate customized troubleshooting files that you can send to Support.
Note You cannot use the primary Defense Center in a high availability configuration to generate troubleshooting files for the secondary Defense Center, or visa versa. You must generate troubleshooting files for a Defense Center from its own web interface.
To generate troubleshooting files:
Access:
Admin/Maint/Any Security Analyst
Step 1 Select
Health > Health Monitor
.
The Health Monitor page appears.
Step 2 To expand the appliance list to show appliances with a particular status, click the arrow in that status row.
Tip If the arrow in the row for a status level points down, the appliance list for that status shows in the lower table. If the arrow points right, the appliance list is hidden.
Step 3 In the
Appliance
column of the appliance list, click the name of the appliance for which you want to view details.
The Health Monitor Appliance page appears.
Step 4 Click
Generate Troubleshooting Files
.
The Troubleshooting Options pop-up window appears.
Step 5 Select
All Data
to generate all possible troubleshooting data, or select individual check boxes to customize your report. For more information, see the
Selectable Troubleshoot Options
table.
Step 6 Click
OK
.
The Defense Center generates the troubleshooting files. You can monitor the file generation process in the task queue (
System > Monitoring > Task Status
).
Step 7 Continue with the procedure in the next section, Downloading Troubleshooting Files.
Downloading Troubleshooting Files
License:
Any
Use the following procedure to download copies of your generated troubleshooting files.
To download troubleshooting files:
Access:
Admin/Maint/Any Security Analyst
Step 1 Select
System > Monitoring > Task Status
.
The Task Status page appears.
Step 2 Find the task that corresponds to the troubleshooting files you generated.
Step 3 After the appliance generates the troubleshooting files and the task status changes to
Completed
, click
Click to retrieve generated files
.
Step 4 Follow your browser’s prompts to download the files.
The files are downloaded in a single
.tar.gz
file.
Step 5 Follow the directions from Support to send the troubleshooting files to Cisco.