Follow

Vectra system alerts

To enable Alerts go to Settings - Notifications - Send system alerts

Screenshot_2018-10-12_at_15.25.14.png

Further information on the general system health can be obtained from the command line using the command "show system-health".

1. Disk Health : Disk read only check or RAID Failure

Contact Vectra Support immediately. If VPN support is possible please turn this on. If not please be prepared for remote session with Vectra support to try to diagnose and resolve this issue as quickly as possible.

While the disk or raid is in bad state, traffic will not be captured on the device.

Remediation may required:

  • Disk replacement
  • Hardware replacement
  • Manual intervention by support

If hardware or disk replacement is required Vectra support will need the shipping details and address where to send the replacement disk or hardware.

Examples:

Disk volume(s) in read-only state on [Serial#]

When condition is no longer occurring:

"RAID volumes and disk OK on [Serial#]"

2. Interface Health : Capture interface flapping

Verify cable or SFP, re-seating or changing the cable or SFP may help.

Was there a scheduled change or event, has the connected switch rebooted?

This message indicates that the interfaces connected to the device were (and are no longer) flapping, this is usually due to wiring issues, switch issues or perhaps scheduled changes causing the switch to reboot.  The beginning of the alert "No link flapping" indicates that the link flapping condition is no longer occurring.

If this is a frequent occurrence and verifying the physical connectivity did not resolve the issue please contact Vectra Support.

Examples:

Detected link flapping on capture interface(s) eth1, eth0 on [Serial#]

When condition is no longer occurring:

"No link flapping on capture interface(s) eth3, eth2, eth1, eth0 on [Serial#]"

3. Bandwidth Drop

This alert fires if there is extended period of no traffic for at least 48 hours.

Sensors that have very low bandwidth (<1 Mbps) typically receive these alerts more frequently due to the high variability in the observed bandwidth.

Examples:

Detected recent bandwidth drop on capture interface(s). This bandwidth drop has lasted over two days

When condition is no longer occurring:

"No recent bandwidth drop on capture interface(s)"

4. Sensor connectivity

This alert occurs when a sensor lost connectivity for 7 days. The current threshold will avoid alerting during planned downtime, power outage or relocation of a sensor.

An intial physical and logical connectivity investigation should be performed and the required  firewall rules should be validated. Please Vectra support as required. 

Examples:

Lost connectivity to headend on {} sensor(s): [Serial#] 

When condition is no longer occurring:

"All paired sensors connected to headend"

 

 

4. Packet processing drop check

This alert occurs when the packets dropped on the sensor reach above the threshold.

This may be an indication of an oversubscribed sensor or Brain. Please check with Vectra support if you receive such an alert.

 

Example:

Packet processing drops observed on " + serial

When condition is no longer occurring:

Packet processing is healthy on " + serial

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful

Download PDF

0 Comments

Article is closed for comments.