System Alert Descriptions
|
Alert Name |
Description |
Severity |
|---|---|---|
|
APPLIANCE_CERTIFICATE.CERT_CRITICAL_EXPIRING_ALERT |
Sent when the system certificate (Inbound, Outbound, GUI, or LDAP) is about to expire in less than five days . |
Critical |
|
APPLIANCE_CERTIFICATE.CERT_EXPIRED_ALERT |
Sent when the system certificate (Inbound, Outbound, GUI, or LDAP) has expired. |
Critical |
|
APPLIANCE_CERTIFICATE.CERT_EXPIRING_ALERT |
Sent when the system certificate (Inbound, Outbound, GUI, or LDAP) is about to expire in less than 90 days and more than five days. |
Warning |
| CERTIFICATE.CERT_CRITICAL_ EXPIRING_ALERT |
Sent when the custom CA certificate is about to expire in less than five days. |
Critical |
| CERTIFICATE.CERT_EXPIRED_ALERT |
Sent when the custom CA certificate has expired. |
Critical |
| CERTIFICATE.CERT_EXPIRING _ALERT |
Sent when the custom CA certificate is about to expire in less than 90 days and more than five days. |
Warning |
|
CERTIFICATE.UPDATER_CERT_CRITICAL_EXPIRING_ALERT |
Sent when the updater certificate is about to expire in less than five days. |
Critical |
|
CERTIFICATE.UPDATER_CERT_EXPIRING_ALERT |
Sent when the updater certificate is about to expire in less than 90 days and more than five days. |
Warning |
|
COMMON.APP_FAILURE |
Sent when there is an unknown application failure. |
Critical |
|
COMMON.KEY_EXPIRED_ALERT |
Sent when a feature key has expired. |
Warning |
|
COMMON.KEY_EXPIRING_ALERT |
Sent when a feature key is about to expire. |
Warning |
|
COMMON.KEY_FINAL_EXPIRING_ALERT |
Sent as a final notice that a feature key is about to expire. |
Warning |
|
DNS.BOOTSTRAP_FAILED |
Sent when the appliance is unable to contact the root DNS servers. |
Warning |
|
COMMON.INVALID_FILTER |
Sent when an invalid filter is encountered. |
Warning |
|
IPBLOCKD.HOST_ADDED_TO_ALLOWED LIST IPBLOCKD.HOST_ADDED_TO_BLOCKED LIST IPBLOCKD.HOST_REMOVED_FROM_BLOCKED LIST |
Alert messages:
IP addresses that try to connect to the appliance over SSH but do not provide valid credentials are added to the SSH blocked list if more than 10 failed attempts occur within two minutes. When a user logs in successfully from the same IP address, that IP address is added to the allowed list. Addresses on the allowed list are allowed access even if they are also on the blocked list. |
Warning |
|
LDAP.GROUP_QUERY_FAILED_ALERT |
Sent when an LDAP group query fails. |
Critical |
|
LDAP.HARD_ERROR |
Sent when an LDAP query fails completely (after trying all servers). |
Critical |
|
LOG.ERROR.* |
Various logging errors. |
Critical |
|
MAIL.PERRCPT.LDAP_GROUP_QUERY_FAILED |
Sent when an LDAP group query fails during per-recipient scanning. |
Critical |
|
MAIL.QUEUE.ERROR.* |
Various mail queue hard errors. |
Critical |
|
MAIL.RES_CON_START_ALERT.MEMORY |
Sent when RAM utilization has exceeded the system resource conservation threshold. |
Critical |
|
MAIL.RES_CON_START_ALERT.QUEUE_SLOW |
Sent when the mail queue is overloaded and system resource conservation is enabled. |
Critical |
|
MAIL.RES_CON_START_ALERT.QUEUE |
Sent when queue utilization has exceeded the system resource conservation threshold. |
Critical |
|
MAIL.RES_CON_START_ALERT.WORKQ |
Sent when listeners are suspended because the work queue size is too big. |
Critical |
|
MAIL.RES_CON_START_ALERT |
Sent when the appliance enters “resource conservation” mode. |
Critical |
|
MAIL.RES_CON_STOP_ALERT |
Sent when the appliance leaves “resource conservation” mode. |
Critical |
|
MAIL.WORK_QUEUE_PAUSED_NATURAL |
Sent when the work queue is paused. |
Critical |
|
MAIL.WORK_QUEUE_UNPAUSED_NATURAL |
Sent when the work queue is resumed. |
Critical |
|
NTP.NOT_ROOT |
Sent when the appliance is unable to adjust time because NTP is not running as root. |
Warning |
|
PERIODIC_REPORTS.DOMAIN_REPORT. DOMAIN_FILE_ERRORS |
Sent when errors are found in the domain specification file. |
Critical |
|
PERIODIC_REPORTS.DOMAIN_REPORT.FILE_EMPTY |
Sent when the domain specification file is empty. |
Critical |
|
PERIODIC_REPORTS.DOMAIN_REPORT.FILE_MISSING |
Sent when the domain specification file is not found. |
Critical |
|
REPORTD.DATABASE_OPEN_FAILED_ALERT |
Sent if the reporting engine is unable to open the database. |
Critical |
|
REPORTD.AGGREGATION_DISABLED_ALERT |
Sent if the system runs out of disk space. When the disk usage for a log entry exceeds the log usage threshold, reportd disables aggregation and sends the alert. |
Warning |
|
REPORTD.DATABASE_DELETION_ALERT |
Sent if system checks and finds the export directory is not empty, then it prints the logline and tries to delete the directory in the next iteration. |
Information |
|
REPORTING.CLIENT.UPDATE_FAILED_ALERT |
Sent if the reporting engine was unable to save reporting data. |
Warning |
|
REPORTING.CLIENT.JOURNAL.FULL |
Sent if the reporting engine is unable to store new data. |
Critical |
|
REPORTING.CLIENT.JOURNAL.FREE |
Sent when the reporting engine is again able to store new data. |
Information |
|
PERIODIC_REPORTS.REPORT_TASK. BUILD_FAILURE_ALERT |
Sent when the reporting engine is unable to build a report. |
Critical |
|
PERIODIC_REPORTS.REPORT_TASK. EMAIL_FAILURE_ALERT |
Sent when a report could not be emailed. |
Critical |
|
PERIODIC_REPORTS.REPORT_TASK. ARCHIVE_FAILURE_ALERT |
Sent when a report could not be archived. |
Critical |
|
SENDERBASE.ERROR |
Sent when an error occurred while processing a response from SenderBase. |
Information |
|
SMAD.ICCM.ALERT_PUSH_FAILED |
Sent if a configuration push failed for one or more hosts. |
Warning |
|
SMAD.TRANSFER.TRANSFERS_STALLED |
Sent if SMA logs are unable to fetch tracking data for two hours or reporting data for six hours. |
Warning |
|
SMTPAUTH.FWD_SERVER_FAILED_ALERT |
Sent when the SMTP Authentication forwarding server is unreachable. |
Warning |
|
SMTPAUTH.LDAP_QUERY_FAILED |
Sent when an LDAP query fails. |
Warning |
|
SYSTEM.HERMES_SHUTDOWN_FAILURE. REBOOT |
Sent when there was a problem shutting down the system on reboot. |
Warning |
|
SYSTEM.HERMES_SHUTDOWN_FAILURE. SHUTDOWN |
Sent when there was a problem shutting down the system. |
Warning |
|
SYSTEM.RCPTVALIDATION.UPDATE_FAILED |
Sent when a recipient validation update failed. |
Critical |
|
SYSTEM.SERVICE_TUNNEL.DISABLED |
Sent when a tunnel created for Cisco Support Services is disabled. |
Information |
|
SYSTEM.SERVICE_TUNNEL.ENABLED |
Sent when a tunnel created for Cisco Support Services is enabled. |
Information |