IPS - Health-monitor Status - ASA AIP-SSM

 

 

  • check current status of system health
 

show health
Overall Health Status Red
Health Status for Failed Applications Green
Health Status for Signature Updates Green
Health Status for License Key Expiration Green
Health Status for Running in Bypass Mode Green
Health Status for Interfaces Being Down Green
Health Status for the Inspection Load Green
Health Status for the Time Since Last Event Retrieval Red
Health Status for the Number of Missed Packets Green
Health Status for the Memory Usage Green
Health Status for Global Correlation Green
Health Status for Network Participation Not Enabled

Security Status for Virtual Sensor danpol Green
Security Status for Virtual Sensor vs0 Green

 
  • go to service health-monitor mode
 If you change any settings by mistake you can restore them to default value by typing "default value_to_change"

(config)# service health-monitor

enable-monitoring (defualt is TRUE) - we do not change it

application-failure-policy (default status is RED and ENABLE) - we do not change it

Health status policy for application failures.

bypass-policy (default status  is RED and ENABLE) - we do not change it.

Health status policy for the IPS being in bypass mode.

event-retrieval-policy (default statis is TRUE,yellow-threshold is 300secs, red-threshold is 600 secs)

(config-hea)# event-retrieval-policy

(config-hea-eve)# yellow-threshold 900

(config-hea-eve)# red-threshold 1800

(config-hea-eve)# exit

Health status policy for the number of seconds elapsed since the last event was retrieved.

You can also disable it if you do not do external event monitoring.

global-correlation-policy (default is TRUE,yelow-thr is 86400,red-thr is 259200 secs) - we do not change it

Health status policy for the number of seconds elapsed since the global correlation update was retrieved.

heartbeat-events (default is 300 secs and ENABLE) - we do not change it

This is hearbeat sends in interval period and have that apply to the overall sensor health rating

inspection-load-policy (default is TRUE yellow-thr 80%, red-thr 91%)

(config-hea)# inspection-load-policy

(config-hea-ins)# yellow-threshold 85

(config-hea-ins)# red-threshold 95

(config-hea-ins)# exit

Health status policy for when the inspection load exceeds threshold values.

interface-down-policy  (default is TRUE and status is RED) - we do not change it

Health status policy for one or more active interfaces being down.

license-expiration-policy (default is TRUE, yellow-thr is 30 days, red-thr is 0 days)

(config-hea)# license-expiration-policy

(config-hea-lic)# red-threshold 5

(config-hea-lic)# exit

Health status policy for the number of days until the license key expires.

memory-usage-policy (default is FALSE, yellow-thr is 80%, red-thr is 91%)

(config-hea-mem)# enable true

(config-hea-mem)# yellow-threshold 85

(config-hea-mem)# red-threshold 95

(config-hea-mem)# exit

Health status policy for when the memory usage percentage exceeds threshold values.

missed-packet-policy (default is TRUE, yellow-thr is 1%, red-thr is 6 %) - we do not change it.

Health status policy for when the percentage of missed packets exceeds threshold values.

network-participation-policy (default is FALSE,yellow-thr 1 connection failure,red-thr 6)

(config-hea)# network-participation-policy

(config-hea-net)# enable true

 (config-hea-net)# exit

We cannot edit number of connections failure for particular threshold.

Health status policy for when the number of failed connection attempts exceeds threshold values.

persist-security-status (default is 5 minutes) - we do not change it

The number of minutes that a lower security persists following the occurrence of the latest event to lower the security status.

signature-update-policy (default is TRUE, yellow-thr is 30 days, red-thr is 60 days)

(config-hea)# signature-update-policy

(config-hea-sig)# yellow-threshold 60

(config-hea-sig)# red-threshold 90

(config-hea-sig)# exit

Health status policy for the number of days elapsed since the last signature update.

 

Before you apply settings to IPS please check them:

(config-hea)# show settings
enable-monitoring: true <defaulted>
persist-security-status: 5 minutes <defaulted>
heartbeat-events
-----------------------------------------------
enable: 300 seconds <defaulted>
-----------------------------------------------
application-failure-policy
-----------------------------------------------
enable: true <defaulted>
status: red <defaulted>
-----------------------------------------------
bypass-policy
-----------------------------------------------
enable: true <defaulted>
status: red <defaulted>
-----------------------------------------------
interface-down-policy
-----------------------------------------------
enable: true <defaulted>
status: red <defaulted>
-----------------------------------------------
inspection-load-policy
-----------------------------------------------
enable: true <defaulted>
yellow-threshold: 85 percent default: 80
red-threshold: 95 percent default: 91
-----------------------------------------------
missed-packet-policy
-----------------------------------------------
enable: true <defaulted>
yellow-threshold: 1 percent <defaulted>
red-threshold: 6 percent <defaulted>
-----------------------------------------------
memory-usage-policy
-----------------------------------------------
enable: true default: false
yellow-threshold: 85 percent default: 80
red-threshold: 95 percent default: 91
-----------------------------------------------
signature-update-policy
-----------------------------------------------
enable: true <defaulted>
yellow-threshold: 60 days default: 30
red-threshold: 90 days default: 60

-----------------------------------------------
license-expiration-policy
-----------------------------------------------
enable: true <defaulted>
yellow-threshold: 30 days <defaulted>
red-threshold: 5 days default: 0
-----------------------------------------------
event-retrieval-policy
-----------------------------------------------
enable: true <defaulted>
yellow-threshold: 900 seconds default: 300
red-threshold: 1800 seconds default: 600
-----------------------------------------------
global-correlation-policy
-----------------------------------------------
enable: true <defaulted>
yellow-threshold: 86400 seconds <protected>
red-threshold: 259200 seconds <protected>
-----------------------------------------------
network-participation-policy
-----------------------------------------------
enable: true default: false
yellow-threshold: 1 connection failures <protected>
red-threshold: 6 connection failures <protected>
-----------------------------------------------

and if we are sure about our settings apply changes to sensor

(config-hea)# exit
Apply Changes?[yes]: yes

 

  •  save configuration

# copy current-config backup-config
Generating current config: /

 

 

 

dzbanek 2013-03-03

 

This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.