Hi Andrew,

As you can see below the alert (and recovery) messages are working well.

Alert                  HA event on Cisco ASA firewall cluster!
Entity                 Failover primary unit (this device)
Condition              status_event equals alert (alert)
Metrics status_event = alert
Duration               4m 34s (2018-02-03 13:16:43)
Device                *************
Hardware               ASA5525
Operating System       Cisco ASA 9.8(2)
Location               *********
Uptime                 165 days, 1h 13m 34s

Thanks again

Darren

On 27 January 2018 at 15:32, Storer, Darren <darren.storer@gmail.com> wrote:
Hi Andrew,

Thanks very much for the ASA HA alert; I've created a clone on the production network - hopefully it won't trigger too often.

Also, thanks for the recommendation about syslog, it's time for me to finish off the syslog integration, which I haven't got working yet.

Thanks again

Darren


On 24 January 2018 at 05:21, Andrew Plas <andrewp.plas@gmail.com> wrote:
This is the alert checker I use to monitor and alert on ASA redundancy.  It may not be what you are looking for as it does not alert on a failover event itself- the alert triggers when the cluster is no longer redundant and is cleared when both are up and in a normal HA state.  I find this acceptable in my environment since it is more likely one is hard down (hardware failure, power outage, etc) rather than down due to a soft outage (software crash or interface link down).  Basically I don't care if they failed over, I care if they can't fail over!
If you want to alert on the HA event, a syslog alert would be an easy way to go.  The ASA definitely throws a log you can match on.

Inline image 1

On Sun, Jan 21, 2018 at 2:21 PM, Storer, Darren <darren.storer@gmail.com> wrote:
Hi Adam,

Thanks for the syslog suggestion - I'll try that.

Regards

Darren

On 18 January 2018 at 23:44, Adam Armstrong <adama@memetic.org> wrote:
Do they generate useful syslog messages?

Adam.

Sent from BlueMail
On 18 Jan 2018, at 23:24, "Storer, Darren" <darren.storer@gmail.com> wrote:
After diagnostic assistance from Adam it's sad to report that the Cisco ASA platform does not expose IP SLA details.

Any assistance or ideas for ASA HA failover alerting would be gratefully received - here what I have so far:

Inline images 1

Many thanks

Darren

On 18 January 2018 at 09:52, Storer, Darren <darren.storer@gmail.com> wrote:
IPA SLA status is correctly reported from our core VSS switch but does not appear from ASA devices. Does anyone else see IP SLA reported from Cisco ASA firewalls? (Tried 9.7 and 9.8(2) software versions).

On the subject of Cisco ASA, does anyone have HA failover correctly alerting? I've tried to implement an alert but not quite mastered the technique.

Inline images 1

Inline images 2

Thanks in advance for any advice

Darren 




 

observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium



_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium



_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium