OPLP Alerts and Event Descriptions
OPLP Alerts and Event Descriptions
This document provides a complete list of OPLP alerts, their description, the required user action, and the SNMP trap notifications that the appliance generates when SNMP traps are enabled.
Alerts with a priority “None” are recovery alerts. “Medium” priority alerts are warnings and “High” priority alerts are critical.
| Alert | Priority | Description | User Action | SNMP Trap Notification |
|---|---|---|---|---|
| Device_rebooted | None | Device was rebooted. | Check the status of services by running show service-status | deviceRebootedNotif |
| Device_rebooted | High | Device rebooted. | Check the status of services by running show service-status | deviceRebootedNotif |
| Storage-root-partition | None | Disk usage of the root partition is below 75%. | Check the available disk size of the root partition. From the Linux shell, run the command: df -h | storageRootNotif |
| Storage-root-partition | Medium | Disk usage of the root partition is at 75% or more. | Check the available disk size of the root partition. From the Linux shell, run the command: df -h | storageRootNotif |
| Storage-root-partition | High | Disk usage of the root partition is at 90% or more. | Check the available disk size of the root partition. From the Linux shell, run the command: df -h | storageRootNotif |
| Storage-securestore-partition | None | Secure Store disk usage is below 75%. | Check the available disk size of the Secure Store disk using the “df” command. To increase the size of the partition contact support. | |
| Storage-securestore-partition | Medium | Secure Store disk usage is is at 75% or more. | Check the available disk size of the Secure Store disk using the “df” command. To increase the size of the partition contact support. | |
| Storage-securestore-partition | High | Secure Store disk usage is is at 90% or more. | Check the available disk size of the Secure Store disk using the “df” command. To increase the size of the partition contact support. | |
| Storage-lcmysql- partition | None | Disk usage of lcmysql is below 75%. | Check the available disk size of the lcmysql partition using the “df” command. To increase the size of the partition contact support. | storageMysqlNotif |
| Storage-lcmysql- partition | Medium | Disk usage of lcmysql is at 75% or more. | Check the available disk size of the lcmysql partition using the “df” command. To increase the size of the partition contact support. | storageMysqlNotif |
| Storage-lcmysql- partition | High | Disk usage of lcmysql is at 90% or more. | Check the available disk size of the lcmysql partition using the “df” command. To increase the size of the partition contact support. | storageMysqlNotif |
| Storage-lcmongo- infrastructure- partition | None | Disk usage of lcmongo-infrastructure is below 75%. | Check the available disk size of the lcmongo-infrastructure partition using the “df” command. To increase the size of the partition contact support. | storageMongoInfraNotif |
| Storage-lcmongo- infrastructure- partition | Medium | Disk usage of lcmongo-infrastructure is at 75% or more. | Check the available disk size of the lcmongo-infrastructure partition using the “df” command. To increase the size of the partition contact support. | storageMongoInfraNotif |
| Storage-lcmongo- infrastructure- partition | High | Disk usage of lcmongo-infrastructure is is at 90% or more. | Check the available disk size of the lcmongo-infrastructure partition using the “df” command. To increase the size of the partition contact support. | storageMongoInfraNotif |
| Storage-lclw-partition | None | Disk usage of lclw is below 75%. | Check the available disk size of the lclw partition using the “df” command. If required, increase the disk partition using the command troubleshooting expand-partition log | storageLogNotif |
| Storage-lclw-partition | Medium | Disk usage of lclw is at 75% or more. | Check the available disk size of the lclw partition using the “df” command. If required, increase the disk partition using the command troubleshooting expand-partition log | storageLogNotif |
| Storage-lclw-partition | High | Disk usage of lclw is at 90% or more. | Check the available disk size of the lclw partition using the “df” command. If required, increase the disk partition using the command troubleshooting expand-partition log | storageLogNotif |
| Storage-lckafkabroker- partition | None | Disk usage of lckafkabroker is below 75%. | Check the available disk size of the lckafkabroker partition using the “df” command. To increase the size of the partition contact support. | storageKafkaBrokerNotif |
| Storage-lckafkabroker- partition | Medium | Disk usage of lckafkabroker is at 75% or more. | Check the available disk size of the lckafkabroker partition using the “df” command. To increase the size of the partition contact support. | storageKafkaBrokerNotif |
| Storage-lckafkabroker- partition | High | Disk usage of lckafkabroker is at 90% or more. | Check the available disk size of the lckafkabroker partition using the “df” command. To increase the size of the partition contact support. | storageKafkaBrokerNotif |
| Storage-lcmongo-event- partition | None | Disk usage of lcmongo-event is below 75%. | Check the available disk size of the lcmongo-event partition using the “df” command. To increase the size of the partition contact support. | storageMongoEventNotif |
| Storage-lcmongo-event- partition | Medium | Disk usage of lcmongo-event is at 75% or more. | Check the available disk size of the lcmongo-event partition using the “df” command. To increase the size of the partition contact support. | storageMongoEventNotif |
| Storage-lcmongo-event- partition | High | Disk usage of lcmongo-event is at 90% or more. | Check the available disk size of the lcmongo-event partition using the “df” command. To increase the size of the partition contact support. | storageMongoEventNotif |
| Reportjob_worker_status | None | Reportjob worker is running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | reportjobWorkerNotif |
| Reportjob_worker_status | High | Reportjob worker is not running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | reportjobWorkerNotif |
| Reportjob_scheduler_ status | None | Reportjob scheduler is running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | reportjobSchedulerNotif |
| Reportjob_scheduler_ status | High | Reportjob scheduler is not running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | reportjobSchedulerNotif |
| Cfgagent_connection | None | Cfgagent connection to config service has been restored. | If cfgagent is not connected to config services, then check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. | cfgagentConnectionNotif |
| MySql_status | None | MySql db is running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | mysqlNotif |
| MySql_status | High | MySql db is not running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | mysqlNotif |
| Event_flow_from_device | None | Event flow from device has been restored. | Indicates if the number of events coming in from a device for a particular week is half the number of events received during the previous week. Check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. | eventflowNotif |
| Event_flow_from_device | High | Event flow from the device is affected. | Indicates if the number of events coming in from a device for a particular week is half the number of events received during the previous week. Check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. | eventflowNotif |
| Files_not_uploaded_24_ hrs | None | Files uploaded successfully. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | filesNotUploaded24hNotif |
| Files_not_uploaded_24_ hrs | High | At least 5 files were not uploaded within 24 hours. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | filesNotUploaded24hNotif |
| Files_not_uploaded_48_ hrs | None | Files uploaded successfully. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | filesNotUploaded48hNotif |
| Files_not_uploaded_48_ hrs | High | At least 1 file was not uploaded within 48 hours. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | filesNotUploaded48hNotif |
| Files_not_picked_up_24_ hrs | None | Files picked up for processing successfully. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | filesNotPicked24hNotif |
| Files_not_picked_up_24_ hrs | High | At least 5 files were not picked up for processing within 24 hours. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | filesNotPicked24hNotif |
| Files_not_picked_up_48_ hrs | None | Files picked up for processing successfully. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | filesNotPicked48hNotif |
| Files_not_picked_up_48_ hrs | High | At least 1 file was not picked up for processing within 48 hours. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | filesNotPicked48hNotif |
| Queryservice_status | None | Queryservice is running. | Run the command restart queryservice to restart the service | queryServiceStatusNotif |
| Queryservice_status | High | Queryservice is not running. | Run the command restart queryservice to restart the service | queryServiceStatusNotif |
| Mongos_status | None | Mongos is running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | mongoSStatusNotif |
| Mongos_status | High | Mongos is not running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | mongoSStatusNotif |
| Mongodb_status | None | Mongodb is running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | mongoDBStatusNotif |
| Mongodb_status | High | Mongodb is not running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | mongoDBStatusNotif |
| Threat_feed_age | None | The threat feed data on the device is up-to-date. | threatfeedAgeNotif | |
| Auth_proxy_status | None | Auth Proxy services have recovered. | Contact support to resolve this issue. | authProxyStatusNotif |
| Auth_proxy_status | High | Auth Proxy services are down. Users may not be able to login to Microsoft Office 365. | Contact support to resolve this issue. | authProxyStatusNotif |
| No_events_from_device | None | Events from device were successfully sent. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | noEventsFromDeviceNotif |
| No_events_from_device | High | Events from device not received in the last 24 hours. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | noEventsFromDeviceNotif |
| No_metrics_from_device | None | Metrics from device were successfully sent. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | noMetricsFromDeviceNotif |
| No_metrics_from_device | Medium | Metrics from device were not received in the last 3 hours. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | noMetricsFromDeviceNotif |
| No_metrics_from_device | High | Metrics from device were not received in the last 6 hours. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | noMetricsFromDeviceNotif |
| Storage-1a | None | Disk usage of /nslogs is below 50%. | Check the available disk size of the /nslogs partition using the status all command.To increase the size of the partition contact support. | |
| Storage-1a | Medium | Disk usage of /nslogs is at 50% or more. | Check the available disk size of the /nslogs partition using the status all command.To increase the size of the partition contact support. | |
| Storage-1a | High | Disk usage of /nslogs is at 75% or more. | Check the available disk size of the /nslogs partition using the status all command.To increase the size of the partition contact support. | |
| Log_Process-4 | None | Files were picked up. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
| Log_Process-4 | Medium | Files were not being picked within 10 hours. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
| Log_Process-4 | High | Files were not being picked within 15 hours. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
| Log_Process-5a | None | Files moved and split successfully. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
| Log_Process-5a | Medium | Files moved but not split within 24 hours. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
| Log_Process-5a | High | Files moved but not split within 72 hours. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
| Log_Process-5b | None | Files moved & split and parsed successfully. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
| Log_Process-5b | Medium | Files moved & split, parsing not finished in 24 hours. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
| Log_Process-5b | High | Files moved & split, parsing not finished in 72 hours. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
| Log_Process-5c | None | File parsing finished; events uploaded successfully. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
| Log_Process-5c | Medium | File parsing finished; events haven't been uploaded within 24 hours of parsing. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
| Log_Process-5c | High | File parsing finished; events haven't been uploaded within 72 hours of parsing done. | Run the following command to see the list of unprocessed files:log-upload tools listIf the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
| Callhome_status | None | Callhome endpoint is reachable. | The domain always needs to be allowlisted and accessible to the appliance. | callhomeConnectivityNotif |
| Callhome_status | High | Callhome endpoint cannot be reached. | The domain always needs to be allowlisted and accessible to the appliance. | callhomeConnectivityNotif |
| Downloader_status | None | Downloader endpoint is reachable. | The domain always needs to be allowlisted and accessible to the appliance. | downloaderConnectivityNotif |
| Downloader_status | High | Downloader endpoint cannot be reached. | The domain always needs to be allowlisted and accessible to the appliance. | downloaderConnectivityNotif |
| Config_service_status | None | Config service endpoint is reachable. | The domain always needs to be allowlisted and accessible to the appliance. | configsvcConnectivityNotif |
| Config_service_status | High | Config service endpoint cannot be reached. | The domain always needs to be allowlisted and accessible to the appliance. | configsvcConnectivityNotif |
| UI_hostname_status | None | HTTP endpoint is reachable. | The domain always needs to be allowlisted and accessible to the appliance. | uihostnameConnectivityNotif |
| UI_hostname_status | High | HTTP endpoint cannot be reached. | The domain always needs to be allowlisted and accessible to the appliance. | uihostnameConnectivityNotif |
| UI_hostname_ssh_status | None | SSH endpoint is reachable. | The domain always needs to be allowlisted and accessible to the appliance. | uihostnamesshConnectivityNotif |
| UI_hostname_ssh_status | High | SSH endpoint cannot be reached. | The domain always needs to be allowlisted and accessible to the appliance. | uihostnamesshConnectivityNotif |
| Logupload_status | None | Logupload endpoint is reachable. | The domain always needs to be allowlisted and accessible to the appliance. | loguploadConnectivityNotif |
| Logupload_status | High | Logupload endpoint cannot be reached. | The domain always needs to be allowlisted and accessible to the appliance. | loguploadConnectivityNotif |
Outboard Ports
Use these ports for management connectivity and log uploads.
Note
In release 46
domain names changed. Using version 46 and later requires using the new domainnames. Existing deployments (release 45 and prior) do not require the new
domain names, but using them are recommended. The one required update is forauto-updates; either turn off auto-update or use the new
download-<tenant hostname>.goskope.com domain name. New deployments with
release 46 and higher do need to use the new domain names.
For management connectivity:
| Domain | Description | Port |
|---|---|---|
New:config-<tenant
hostname>.goskope.comOld:
| Use for configuration updates. The domain needs to be SSL allowlisted if you have SSL decryption enabled. | 443 |
New: download-<tenant
hostname>.goskope.comOld:
| Use for software upgrades. | 443 |
New:
messenger-<tenant hostname>.goskope.com
Old:
| Use for reporting and status updates in the UI. The domain needs to be SSL allowlisted if you have SSL decryption enabled. | 443 |
New:
callhome-<tenant hostname>.goskope.com
Old:
| Use for receiving metrics from on-premises appliances and forwarding them to cloud tenants, as well as receiving event data from an on-premises dataplane appliances. Also for receiving custom user attributes from user endpoints. The domain needs to be SSL allowlisted if you have SSL decryption enabled. | 443 |
Note
For international deployments, use ~
-<tenant hostname>.eu.goskope.com or ~
-<tenant hostname>.de.goskope.com.
For log uploads:
| Domain | Description | Port |
|---|---|---|
New: upload-<tenant
hostname>.goskope.comOld:
| Use for sending logs to the Netskope cloud with SFTP. This is the default port for log uploads. | 22 |
No change: logupload-<tenant
hostname>.goskope.com | Use for sending logs to the Netskope cloud with HTTPS. This port is enabled by default. | 443 |
No change:
<tenant hostname>.goskope.com
| Use for fetching the REST API token with HTTPS. | 443 |
Note
For international deployments, use ~ -<tenant
hostname>.eu.goskope.com or ~ -<tenant
hostname>.de.goskope.com.
