OPLP Alerts and Event Descriptions
OPLP Alerts and Event Descriptions
This document provides a complete list of OPLP alerts, their description, the required user action, and the SNMP trap notifications that the appliance generates when SNMP traps are enabled.
Alerts with a priority “None” are recovery alerts. “Medium” priority alerts are warnings and “High” priority alerts are critical.
Alert | Priority | Description | User Action | SNMP Trap Notification |
---|---|---|---|---|
Device_rebooted | None | Device was rebooted. | Check the status of services by running show service-status | deviceRebootedNotif |
Device_rebooted | High | Device rebooted. | Check the status of services by running show service-status | deviceRebootedNotif |
Storage-root-partition | None | Disk usage of the root partition is below 75%. | Check the available disk size of the root partition. From the Linux shell, run the command: df -h | storageRootNotif |
Storage-root-partition | Medium | Disk usage of the root partition is at 75% or more. | Check the available disk size of the root partition. From the Linux shell, run the command: df -h | storageRootNotif |
Storage-root-partition | High | Disk usage of the root partition is at 90% or more. | Check the available disk size of the root partition. From the Linux shell, run the command: df -h | storageRootNotif |
Storage-securestore-partition | None | Secure Store disk usage is below 75%. | Check the available disk size of the Secure Store disk using the “df” command. To increase the size of the partition contact support. | |
Storage-securestore-partition | Medium | Secure Store disk usage is is at 75% or more. | Check the available disk size of the Secure Store disk using the “df” command. To increase the size of the partition contact support. | |
Storage-securestore-partition | High | Secure Store disk usage is is at 90% or more. | Check the available disk size of the Secure Store disk using the “df” command. To increase the size of the partition contact support. | |
Storage-lcmysql- partition | None | Disk usage of lcmysql is below 75%. | Check the available disk size of the lcmysql partition using the “df” command. To increase the size of the partition contact support. | storageMysqlNotif |
Storage-lcmysql- partition | Medium | Disk usage of lcmysql is at 75% or more. | Check the available disk size of the lcmysql partition using the “df” command. To increase the size of the partition contact support. | storageMysqlNotif |
Storage-lcmysql- partition | High | Disk usage of lcmysql is at 90% or more. | Check the available disk size of the lcmysql partition using the “df” command. To increase the size of the partition contact support. | storageMysqlNotif |
Storage-lcmongo- infrastructure- partition | None | Disk usage of lcmongo-infrastructure is below 75%. | Check the available disk size of the lcmongo-infrastructure partition using the “df” command. To increase the size of the partition contact support. | storageMongoInfraNotif |
Storage-lcmongo- infrastructure- partition | Medium | Disk usage of lcmongo-infrastructure is at 75% or more. | Check the available disk size of the lcmongo-infrastructure partition using the “df” command. To increase the size of the partition contact support. | storageMongoInfraNotif |
Storage-lcmongo- infrastructure- partition | High | Disk usage of lcmongo-infrastructure is is at 90% or more. | Check the available disk size of the lcmongo-infrastructure partition using the “df” command. To increase the size of the partition contact support. | storageMongoInfraNotif |
Storage-lclw-partition | None | Disk usage of lclw is below 75%. | Check the available disk size of the lclw partition using the “df” command. If required, increase the disk partition using the command troubleshooting expand-partition log | storageLogNotif |
Storage-lclw-partition | Medium | Disk usage of lclw is at 75% or more. | Check the available disk size of the lclw partition using the “df” command. If required, increase the disk partition using the command troubleshooting expand-partition log | storageLogNotif |
Storage-lclw-partition | High | Disk usage of lclw is at 90% or more. | Check the available disk size of the lclw partition using the “df” command. If required, increase the disk partition using the command troubleshooting expand-partition log | storageLogNotif |
Storage-lckafkabroker- partition | None | Disk usage of lckafkabroker is below 75%. | Check the available disk size of the lckafkabroker partition using the “df” command. To increase the size of the partition contact support. | storageKafkaBrokerNotif |
Storage-lckafkabroker- partition | Medium | Disk usage of lckafkabroker is at 75% or more. | Check the available disk size of the lckafkabroker partition using the “df” command. To increase the size of the partition contact support. | storageKafkaBrokerNotif |
Storage-lckafkabroker- partition | High | Disk usage of lckafkabroker is at 90% or more. | Check the available disk size of the lckafkabroker partition using the “df” command. To increase the size of the partition contact support. | storageKafkaBrokerNotif |
Storage-lcmongo-event- partition | None | Disk usage of lcmongo-event is below 75%. | Check the available disk size of the lcmongo-event partition using the “df” command. To increase the size of the partition contact support. | storageMongoEventNotif |
Storage-lcmongo-event- partition | Medium | Disk usage of lcmongo-event is at 75% or more. | Check the available disk size of the lcmongo-event partition using the “df” command. To increase the size of the partition contact support. | storageMongoEventNotif |
Storage-lcmongo-event- partition | High | Disk usage of lcmongo-event is at 90% or more. | Check the available disk size of the lcmongo-event partition using the “df” command. To increase the size of the partition contact support. | storageMongoEventNotif |
Reportjob_worker_status | None | Reportjob worker is running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | reportjobWorkerNotif |
Reportjob_worker_status | High | Reportjob worker is not running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | reportjobWorkerNotif |
Reportjob_scheduler_ status | None | Reportjob scheduler is running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | reportjobSchedulerNotif |
Reportjob_scheduler_ status | High | Reportjob scheduler is not running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | reportjobSchedulerNotif |
Cfgagent_connection | None | Cfgagent connection to config service has been restored. | If cfgagent is not connected to config services, then check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. | cfgagentConnectionNotif |
MySql_status | None | MySql db is running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | mysqlNotif |
MySql_status | High | MySql db is not running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | mysqlNotif |
Event_flow_from_device | None | Event flow from device has been restored. | Indicates if the number of events coming in from a device for a particular week is half the number of events received during the previous week. Check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. | eventflowNotif |
Event_flow_from_device | High | Event flow from the device is affected. | Indicates if the number of events coming in from a device for a particular week is half the number of events received during the previous week. Check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. | eventflowNotif |
Files_not_uploaded_24_ hrs | None | Files uploaded successfully. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | filesNotUploaded24hNotif |
Files_not_uploaded_24_ hrs | High | At least 5 files were not uploaded within 24 hours. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | filesNotUploaded24hNotif |
Files_not_uploaded_48_ hrs | None | Files uploaded successfully. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | filesNotUploaded48hNotif |
Files_not_uploaded_48_ hrs | High | At least 1 file was not uploaded within 48 hours. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | filesNotUploaded48hNotif |
Files_not_picked_up_24_ hrs | None | Files picked up for processing successfully. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | filesNotPicked24hNotif |
Files_not_picked_up_24_ hrs | High | At least 5 files were not picked up for processing within 24 hours. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | filesNotPicked24hNotif |
Files_not_picked_up_48_ hrs | None | Files picked up for processing successfully. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | filesNotPicked48hNotif |
Files_not_picked_up_48_ hrs | High | At least 1 file was not picked up for processing within 48 hours. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | filesNotPicked48hNotif |
Queryservice_status | None | Queryservice is running. | Run the command restart queryservice to restart the service | queryServiceStatusNotif |
Queryservice_status | High | Queryservice is not running. | Run the command restart queryservice to restart the service | queryServiceStatusNotif |
Mongos_status | None | Mongos is running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | mongoSStatusNotif |
Mongos_status | High | Mongos is not running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | mongoSStatusNotif |
Mongodb_status | None | Mongodb is running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | mongoDBStatusNotif |
Mongodb_status | High | Mongodb is not running. | Contact support and provide them the debug package. Run: troubleshooting debug-package generate | mongoDBStatusNotif |
Threat_feed_age | None | The threat feed data on the device is up-to-date. | threatfeedAgeNotif | |
Auth_proxy_status | None | Auth Proxy services have recovered. | Contact support to resolve this issue. | authProxyStatusNotif |
Auth_proxy_status | High | Auth Proxy services are down. Users may not be able to login to Microsoft Office 365. | Contact support to resolve this issue. | authProxyStatusNotif |
No_events_from_device | None | Events from device were successfully sent. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | noEventsFromDeviceNotif |
No_events_from_device | High | Events from device not received in the last 24 hours. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | noEventsFromDeviceNotif |
No_metrics_from_device | None | Metrics from device were successfully sent. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | noMetricsFromDeviceNotif |
No_metrics_from_device | Medium | Metrics from device were not received in the last 3 hours. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | noMetricsFromDeviceNotif |
No_metrics_from_device | High | Metrics from device were not received in the last 6 hours. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | noMetricsFromDeviceNotif |
Storage-1a | None | Disk usage of /nslogs is below 50%. | Check the available disk size of the /nslogs partition using the status all command.To increase the size of the partition contact support. | |
Storage-1a | Medium | Disk usage of /nslogs is at 50% or more. | Check the available disk size of the /nslogs partition using the status all command.To increase the size of the partition contact support. | |
Storage-1a | High | Disk usage of /nslogs is at 75% or more. | Check the available disk size of the /nslogs partition using the status all command.To increase the size of the partition contact support. | |
Log_Process-4 | None | Files were picked up. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
Log_Process-4 | Medium | Files were not being picked within 10 hours. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
Log_Process-4 | High | Files were not being picked within 15 hours. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
Log_Process-5a | None | Files moved and split successfully. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
Log_Process-5a | Medium | Files moved but not split within 24 hours. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
Log_Process-5a | High | Files moved but not split within 72 hours. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
Log_Process-5b | None | Files moved & split and parsed successfully. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
Log_Process-5b | Medium | Files moved & split, parsing not finished in 24 hours. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
Log_Process-5b | High | Files moved & split, parsing not finished in 72 hours. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
Log_Process-5c | None | File parsing finished; events uploaded successfully. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
Log_Process-5c | Medium | File parsing finished; events haven't been uploaded within 24 hours of parsing. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
Log_Process-5c | High | File parsing finished; events haven't been uploaded within 72 hours of parsing done. | Run the following command to see the list of unprocessed files:log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. | |
Callhome_status | None | Callhome endpoint is reachable. | The domain always needs to be allowlisted and accessible to the appliance. | callhomeConnectivityNotif |
Callhome_status | High | Callhome endpoint cannot be reached. | The domain always needs to be allowlisted and accessible to the appliance. | callhomeConnectivityNotif |
Downloader_status | None | Downloader endpoint is reachable. | The domain always needs to be allowlisted and accessible to the appliance. | downloaderConnectivityNotif |
Downloader_status | High | Downloader endpoint cannot be reached. | The domain always needs to be allowlisted and accessible to the appliance. | downloaderConnectivityNotif |
Config_service_status | None | Config service endpoint is reachable. | The domain always needs to be allowlisted and accessible to the appliance. | configsvcConnectivityNotif |
Config_service_status | High | Config service endpoint cannot be reached. | The domain always needs to be allowlisted and accessible to the appliance. | configsvcConnectivityNotif |
UI_hostname_status | None | HTTP endpoint is reachable. | The domain always needs to be allowlisted and accessible to the appliance. | uihostnameConnectivityNotif |
UI_hostname_status | High | HTTP endpoint cannot be reached. | The domain always needs to be allowlisted and accessible to the appliance. | uihostnameConnectivityNotif |
UI_hostname_ssh_status | None | SSH endpoint is reachable. | The domain always needs to be allowlisted and accessible to the appliance. | uihostnamesshConnectivityNotif |
UI_hostname_ssh_status | High | SSH endpoint cannot be reached. | The domain always needs to be allowlisted and accessible to the appliance. | uihostnamesshConnectivityNotif |
Logupload_status | None | Logupload endpoint is reachable. | The domain always needs to be allowlisted and accessible to the appliance. | loguploadConnectivityNotif |
Logupload_status | High | Logupload endpoint cannot be reached. | The domain always needs to be allowlisted and accessible to the appliance. | loguploadConnectivityNotif |
Outboard Ports
Use these ports for management connectivity and log uploads.
For management connectivity:
Domain | Description | Port |
---|---|---|
config-<tenant-URL> | Use for configuration updates. The domain needs to be SSL allowlisted if you have SSL decryption enabled. | 443 |
download-<tenant-URL> | Use for software upgrades. | 443 |
messenger-<tenant-URL> | Use for reporting and status updates in the UI. The domain needs to be SSL allowlisted if you have SSL decryption enabled. | 443 |
callhome-<tenant-URL> | Use for receiving metrics from on-premises appliances and forwarding them to cloud tenants, as well as receiving event data from an on-premises dataplane appliances. Also for receiving custom user attributes from user endpoints. The domain needs to be SSL allowlisted if you have SSL decryption enabled. | 443 |
For log uploads:
Domain | Description | Port |
---|---|---|
upload-<tenant-URL> | Use for sending logs to the Netskope cloud with SFTP. This is the default port for log uploads. | 22 |
logupload-<tenant-URL> | Use for sending logs to the Netskope cloud with HTTPS. This port is enabled by default. | 443 |
<tenant-URL> | Use for fetching the REST API token with HTTPS. | 443 |