Audit Network Events and Alarms

Introduction

Events and alarms are two types of logs that are generated to give you a view into the changes and conditions that are occurring on your network. The primary difference between them is their timeframe.

Events represent an occurrence that takes place at a single point in time, e.g. a console or API user creates a network, or provisions an AppWAN or endpoint.

Alarms are conditions that begin at a point in time and then resolve at a future point in time, e.g. a gateway goes offline at time A and comes back online at time B. Open alarms are those that are unresolved, while closed alarms are those that have resolved.

To view network events and alarms in the console, choose Network Events from the navigation menu. From this page you can view:

On the network events page, you can toggle between events and alarms from the sub-navigation menu.

Exporting Logs

Both pages have an export to CSV button in the upper-right corner of the page. Clicking it will download a CSV log file to your computer, which honors the filters and sorting options you have set in the table.

Network Events

Events can be filtered by network, event type, or resource time through the pull-down menus, and text can be searched using the filter bar. The scope of displayed events can be adjusted by the timeframe filter.

Events include a "Trace ID" which ties together events that are related to one another.

When an event is generated by a console or API user, their name will be included in the event log. Otherwise a double dash "--" in the User column indicates that it was a system generated event.

Network Alarms

Alarms are conditions within the network which have a begin and end time. Every alarm will have two rows in the table. The first logs when the alarm occurs, and the second records when the alarm has resolved (cleared).

Alarm Severities

Alarm Severity Description
CRITICAL Severe impact, network resource non-functional
MAJOR Network capacity degraded, capability reduced
MINOR Network at risk of degradation or loss of functionality
CLEAR Previous alarm condition has resolved

Alarm Types

Alarm Type Description
ENDPOINT_COMM_OUTAGE ENDPOINT cannot contact network control plane
APPWAN_SERVICE_UNAVAILABLE APPWAN service transport unavailable
ENDPOINT_WITH_SERVICES_UNAVAILABLE ENDPOINT with multiple clients utilizing its services is unavailable
ENDPOINT_CPE_UNAVAILABLE Customer CPE endpoint is offline or unavailable
APPWAN_SERVICE_HOST_UNAVAILABLE APPWAN endpoint hosting a service is unavailable
APPWAN_UNAVAILABLE APPWAN data transport unavailable
ENDPOINT_PREVENTED_DATA_ANOMOLY ENDPOINT detected and prevented possible malicious data
ENDPOINT_APPLICATION_MISSING ENDPOINT application not installed or functioning properly
ENDPOINT_CERTIFICATE_UNAVAILABLE ENDPOINT application cannot find certificate for identifcation with network
ENDPOINT_LAN_INTERFACE_DOWN ENDPOINT LAN interface unavailable for application communication
ENDPOINT_CLIENT_MULTIFACTOR_AUTH_LOCKOUT ENDPOINT failed to login with user/password multi-factor auth 3 times
NETWORK_SERVICES_UNAVAILABLE_OR_UNPROVISIONED NETWORK Unable to Initiate Network Data Sessions OR No Services Provisioned
ENDPOINT_MAX_PACKET_SIZE_EXCEEDED Endpoint detected packet that was too large to process
ENDPOINT_SOCKETS_EXHAUSTED Endpoint exceeded max number of possible data connections

 

 

Was this article helpful?
1 out of 2 found this helpful

Comments

0 comments

Please sign in to leave a comment.