Description
Template for Cisco Intrusion Detection System (IDS). Monitors CPU 5 minutes, License status, health sensor monitors, etc. Can be applied on Cisco Intrusion Prevention System (IPS). This template can also be called as Cisco IPS template.
This template can be applied on Cisco Firewall devices, if that firewall has “Intrusion Detection System (IDS)” feature enabled.
Prerequisites
SNMP should be enabled in end device and device should support CISCO-PROCESS-MIB, CISCO-ENHANCED-MEMPOOL-MIB and CISCO-CIDS-MIB OIDs and SNMP credentials should be attached against the device in portal.
How to Apply: This template is All instance selection based. It will not ask user to select any instance (s) while assigning it to a device.
Metric Parameters
| Parameter | Description |
|---|---|
| Frequency | |
| Warning Threshold | If the metric value satisfies the condition defined along with Warning Threshold value, then a notification is sent to the user. |
| Critical Threshold | If the metric value satisfies the condition defined along with Critical Threshold value, then a notification is sent to the user. |
| Alert | The alert value can be set to either Yes or No. If it is Yes, then an alert message is sent to the user. |
Metrics
cisco.cpu.utilization
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.109.1.1.1.1.8 |
| Expression | NULL |
| Description | CPU utilization is a key performance metric. It is the percentage of time the processor spends doing work (as opposed to being idle). It can be used to track CPU performance regressions or improvements and is a useful data point for performance problem investigations. [OID: 1.3.6.1.4.1.9.9.109.1.1.1.1.8] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | Cisco CPU Utilization |
| Unit | % |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | NULL | Not Applicable |
| Warning Operator | GREATER_THAN_EQUAL | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Warning Threshold | 80 | 0-100 |
| Warning Repeat Count | 2 | 1-12 |
| Critical Operator | GREATER_THAN_EQUAL | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Critical Threshold | 90 | 0-100 |
| Critical Repeat Count | 2 | 1-12 |
| Alert | No | Yes/No |
| Graph (Yes/No) | Yes | Yes/No |
Sample Output
CPU Utilization
cisco.memory.pool.util.percent
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.221.1.1.1.1.7, 1.3.6.1.4.1.9.9.221.1.1.1.1.8, 1.3.6.1.4.1.9.9.221.1.1.1.1.6 |
| Expression | if(cempMemPoolValid==1,(cempMemPoolUsed/(cempMemPoolUsed+cempMemPoolFree))*100,0) |
| Description | It monitors the memory utilization of each memory pool except lsmpi_io memory pool. [OIDs: cempMemPoolUsed - 1.3.6.1.4.1.9.9.221.1.1.1.1.7, cempMemPoolFree - 1.3.6.1.4.1.9.9.221.1.1.1.1.8] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | Cisco Memory Utilization - CISCO-ENHANCED-MEMPOOL-MIB |
| Unit | % |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | Name Not Equals Ignore Case lsmpi_io | NA |
| Warning Operator | GREATER_THAN_EQUAL | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Warning Threshold | 80 | 0-100 |
| Warning Repeat Count | 2 | 1-12 |
| Critical Operator | GREATER_THAN_EQUAL | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Critical Threshold | 90 | 0-100 |
| Critical Repeat Count | 2 | 1-12 |
| Alert | Yes | Yes/No |
| Graph (Yes/No) | Yes | Yes/No |
Sample Output
Memory Utilization
cisco.ids.health.security.partition.space.utilization
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.383.1.4.33.1.2, 1.3.6.1.4.1.9.9.383.1.4.33.1.3 |
| Expression | (cidsHealthSecMonUtilizedPartitionSpace/cidsHealthSecMonTotalPartitionSpace)*100 |
| Description | It monitors CISCO Intrusion Detection System(Sensor) disk utilisation. [OID: 1.3.6.1.4.1.9.9.383.1.4.33.1.2, 1.3.6.1.4.1.9.9.383.1.4.33.1.3] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | CISCO IDS - Disk Utilization |
| Unit | % |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | NULL | Not Applicable |
| Warning Operator | GREATER_THAN | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Warning Threshold | 80 | 0-100 |
| Warning Repeat Count | 1 | 1-12 |
| Critical Operator | GREATER_THAN | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Critical Threshold | 90 | 0-100 |
| Critical Repeat Count | 1 | 1-12 |
| Alert | Yes | Yes/No |
| Graph (Yes/No) | Yes | Yes/No |
Sample Output
No graph
cisco.ids.health.security.license.status
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.383.1.4.22.0 |
| Expression | NULL |
| Description | This object indicates IPS license status along with expiration date. For example it will contain the following possible values: - signatureUpdateKey: Not expired until: - trialKey: Not expired until: - expiredLicense - noLicense - invalidLicense - unknown The timestamp will be in the format: MM/DD/YYYY HH:MM:SS [OID: 1.3.6.1.4.1.9.9.383.1.4.22] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | CISCO IDS - Health Check |
| Unit |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | ||
| Warning Operator | EQUALS_IGNORE_CASE | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Warning Threshold | unknown | signatureUpdateKey: Not expired until: - trialKey: Not expired until: - expiredLicense - noLicense - invalidLicense - unknown |
| Warning Repeat Count | 1 | 1-12 |
| Critical Operator | INS | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Critical Threshold | expiredLicense,invalidLicense | signatureUpdateKey: Not expired until: - trialKey: Not expired until: - expiredLicense - noLicense - invalidLicense - unknown |
| Critical Repeat Count | 1 | 1-12 |
| Alert | Yes | Yes/No |
| Graph (Yes/No) | No | Yes/No |
Sample Output
No graph
cisco.ids.health.packet.loss
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.383.1.4.1.0 |
| Expression | NULL |
| Description | Provides the percentage of packets lost at the device interface level. [OID: 1.3.6.1.4.1.9.9.383.1.4.1 ] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | CISCO IDS - Health Check |
| Unit | % |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | ||
| Warning Operator | GREATER_THAN | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Warning Threshold | 1 | 0-100 |
| Warning Repeat Count | 1 | 1-12 |
| Critical Operator | GREATER_THAN | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Critical Threshold | 5 | 0-100 |
| Critical Repeat Count | 1 | 1-12 |
| Alert | Yes | Yes/No |
| Graph (Yes/No) | Yes | Yes/No |
Sample Output
No graph
cisco.ids.health.packet.denial.rate
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.383.1.4.2.0 |
| Expression | NULL |
| Description | Provides the percentage of packets denied due to protocol and security violations. [ OID: 1.3.6.1.4.1.9.9.383.1.4.2 ] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | CISCO IDS - Health Check |
| Unit | % |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | ||
| Warning Operator | GREATER_THAN | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Warning Threshold | 1 | 0-100 |
| Warning Repeat Count | 1 | 1-12 |
| Critical Operator | GREATER_THAN | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Critical Threshold | 5 | 0-100 |
| Critical Repeat Count | 1 | 1-12 |
| Alert | Yes | Yes/No |
| Graph (Yes/No) | Yes | Yes/No |
Sample Output
No graph
cisco.ids.health.alarms.generated
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.383.1.4.3.0 |
| Expression | NULL |
| Description | Provides the number of alarms generated, includes all currently defined alarm severities. [OID: 1.3.6.1.4.1.9.9.383.1.4.3 ] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | CISCO IDS - Health Check |
| Unit |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | ||
| Warning Operator | ||
| Warning Threshold | ||
| Warning Repeat Count | ||
| Critical Operator | ||
| Critical Threshold | ||
| Critical Repeat Count | ||
| Alert | No | Yes/No |
| Graph (Yes/No) | Yes | Yes/No |
Note: As Alert is not enabled on the above metric, the fields are left blank.
Sample Output
No graph
cisco.ids.health.is.sensor.memory.critical
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.383.1.4.14.0 |
| Expression | NULL |
| Description | This gives value between 0 and 10 that should rarely get above 3. If this is non-zero the sensor has stopped enforcing policy on some traffic in order to keep up with the current traffic load; the sensor is oversubscribed. The higher the number the more oversubscribed the sensor. It could be oversubscribed from a memory prospective and not traffic speed. For example on a 200 Mbit sensor this number might be 3 if the sensor was only seeing 100Mbit of traffic but 6000 connections per second which is over the rated capacity of the sensor. When the sensor is in Memory Critical state then a ciscoCidsError trap will be sent accordingly. [OID: 1.3.6.1.4.1.9.9.383.1.4.14] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | CISCO IDS - Health Check |
| Unit |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | ||
| Warning Operator | GREATER_THAN | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Warning Threshold | 0 | 0-10 |
| Warning Repeat Count | 1 | 1-12 |
| Critical Operator | GREATER_THAN | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Critical Threshold | 1 | 0-10 |
| Critical Repeat Count | 1 | 1-12 |
| Alert | Yes | Yes/No |
| Graph (Yes/No) | Yes | Yes/No |
Sample Output
No graph
cisco.ids.health.is.sensor.active
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.383.1.4.15.0 |
| Expression | NULL |
| Description | Indicates the fail over status of the device. True indicates the device is currently active. False indicates it is in a standby mode. Possible status values are 1- True, 2- False. Alert is generated when the current status is different from previous. [OID: 1.3.6.1.4.1.9.9.383.1.4.15] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | CISCO IDS - Health Check |
| Unit |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | ||
| Warning Operator | ||
| Warning Threshold | ||
| Warning Repeat Count | ||
| Critical Operator | EQUAL | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Critical Threshold | 2 | 1, 2 |
| Critical Repeat Count | 1 | 1-12 |
| Alert | Yes | Yes/No |
| Graph (Yes/No) | Yes | Yes/No |
Sample Output
No graph
cisco.ids.health.security.availability
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.383.1.4.18.0 |
| Expression | NULL |
| Description | Provides the Cisco IDS health security monitor. This object indicates the availability of health and security monitor statistics. If the IPS health and security monitoring service is disabled, it will return false. Possible status values are 1- True, 2- False. [OID: 1.3.6.1.4.1.9.9.383.1.4.18] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | CISCO IDS - Health Check |
| Unit |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | ||
| Warning Operator | ||
| Warning Threshold | ||
| Warning Repeat Count | ||
| Critical Operator | EQUAL | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Critical Threshold | 2 | 1, 2 |
| Critical Repeat Count | 1 | 1-12 |
| Alert | Yes | Yes/No |
| Graph (Yes/No) | Yes | Yes/No |
Sample Output
No graph
cisco.ids.health.security.overall.health
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.383.1.4.19.0 |
| Expression | if(cidsHealthSecMonAvailability==1,cidsHealthSecMonOverallHealth,0) |
| Description | This object indicates IPS sensor's overall health value - green, yellow or red. The overall health status is set to the highest severity of all metrics that are configured to be applied to the IPS's health determination. This object is instantiated only if the value of cidsHealthSecMonAvailability is set to 'true'. [OID: 1.3.6.1.4.1.9.9.383.1.4.19] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | CISCO IDS - Health Check |
| Unit |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | ||
| Warning Operator | EQUAL | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Warning Threshold | 2 | 0,1,2,3 |
| Warning Repeat Count | 1 | 1-12 |
| Critical Operator | EQUAL | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Critical Threshold | 3 | 0,1,2,3 |
| Critical Repeat Count | 1 | 1-12 |
| Alert | Yes | Yes/No |
| Graph (Yes/No) | Yes | Yes/No |
Sample Output
No graph
cisco.ids.health.security.main.app.status
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.383.1.4.24.0 |
| Expression | NULL |
| Description | This object indicates the running status for the control plane. This object is instantiated only if the value of cidsHealthSecMonAvailability is set to 'true'. [OID: 1.3.6.1.4.1.9.9.383.1.4.24] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | CISCO IDS - Health Check |
| Unit |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | ||
| Warning Operator | EQUAL | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Warning Threshold | 8 | 1-9 |
| Warning Repeat Count | 1 | 1-12 |
| Critical Operator | EQUAL | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Critical Threshold | 2 | 1-9 |
| Critical Repeat Count | 1 | 1-12 |
| Alert | Yes | Yes/No |
| Graph (Yes/No) | Yes | Yes/No |
Sample Output
No graph
cisco.ids.health.security.analysis.engine.status
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.383.1.4.25.0 |
| Expression | if(cidsHealthSecMonAvailability==1,cidsHealthSecMonAnalysisEngineStatus,0) |
| Description | Provides the object indicates the running status for the Analysis Engine. This object is instantiated only if the value of cidsHealthSecMonAvailability is set to true. Possible status values are 1: notResponding(1) 2: notRunning(2) 3: processingTransaction(3) 4: reconfiguring(4) 5: running(5) 6: starting(6) 7: stopping(7) 8: unknown(8) 9: upgradeInprogress(9) [OID: 1.3.6.1.4.1.9.9.383.1.4.25] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | CISCO IDS - Health Check |
| Unit |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | ||
| Warning Operator | EQUAL | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Warning Threshold | 8 | 0-9 |
| Warning Repeat Count | 1 | 1-12 |
| Critical Operator | EQUAL | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Critical Threshold | 2 | 0-9 |
| Critical Repeat Count | 1 | 1-12 |
| Alert | Yes | Yes/No |
| Graph (Yes/No) | Yes | Yes/No |
Sample Output
No graph
cisco.ids.health.security.collaboration.app.status
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.383.1.4.26.0 |
| Expression | if(cidsHealthSecMonAvailability==1,cidsHealthSecMonCollaborationAppStatus,0) |
| Description | Provides the object indicates the running status for the collaboration application. This object is instantiated only if the value of cidsHealthSecMonAvailability is set to true. Possible status values are 1: notResponding(1) 2: notRunning(2) 3: processingTransaction(3) 4: reconfiguring(4) 5: running(5) 6: starting(6) 7: stopping(7) 8: unknown(8) 9: upgradeInprogress(9) [OID: 1.3.6.1.4.1.9.9.383.1.4.26] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | CISCO IDS - Health Check |
| Unit |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | ||
| Warning Operator | EQUAL | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Warning Threshold | 8 | 0-9 |
| Warning Repeat Count | 1 | 1-12 |
| Critical Operator | EQUAL | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Critical Threshold | 2 | 0-9 |
| Critical Repeat Count | 1 | 1-12 |
| Alert | Yes | Yes/No |
| Graph (Yes/No) | Yes | Yes/No |
Sample Output
No graph
cisco.ids.health.security.analysis.engine.memory.percent
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.383.1.4.29.0 |
| Expression | if(cidsHealthSecMonAvailability==1,cidsHealthSecMonAnalysisEngMemPercent,-1) |
| Description | This object indicates the percentage of memory used by Analysis Engine. This object is instantiated only if the value of cidsHealthSecMonAvailability is set to 'true'. [OID: 1.3.6.1.4.1.9.9.383.1.4.29] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | CISCO IDS - Health Check |
| Unit | % |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | ||
| Warning Operator | GREATER_THAN | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Warning Threshold | 80 | 0-100 |
| Warning Repeat Count | 1 | 1-12 |
| Critical Operator | GREATER_THAN | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Critical Threshold | 90 | 0-100 |
| Critical Repeat Count | 1 | 1-12 |
| Alert | Yes | Yes/No |
| Graph (Yes/No) | Yes | Yes/No |
Sample Output
No graph
cisco.ids.health.security.sensor.load
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.383.1.4.30.0 |
| Expression | if(cidsHealthSecMonAvailability==1,cidsHealthSecMonSensorLoad,-1) |
| Description | This object indicates sensor inspection load. This object is instantiated only if the value of cidsHealthSecMonAvailability is set to true. [OID: 1.3.6.1.4.1.9.9.383.1.4.30 ] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | CISCO IDS - Health Check |
| Unit | % |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | ||
| Warning Operator | GREATER_THAN | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Warning Threshold | 80 | 0-100 |
| Warning Repeat Count | 1 | 1-12 |
| Critical Operator | GREATER_THAN | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Critical Threshold | 90 | 0-100 |
| Critical Repeat Count | 1 | 1-12 |
| Alert | Yes | Yes/No |
| Graph (Yes/No) | Yes | Yes/No |
Sample Output
No graph
cisco.ids.health.security.virtual.sensor.status
Metric Details
| Applicable for | Device |
| SNMP OID | 1.3.6.1.4.1.9.9.383.1.4.32.1.2 |
| Expression | NULL |
| Description | This object represents the virtual sensor network status level. Possible color ratings 1-Green : Everything is fine 2-Yellow : There may be issues occuring on the attached network. 3. Red : the network needs attention as problems are detected and network security is critical. [OID: 1.3.6.1.4.1.9.9.383.1.4.32.1.2] |
| Category | SNMP monitors |
| Collector Type | Gateway |
| Monitor Name | CISCO IDS - Virtual Sensor Status |
| Unit |
Possible Inputs
| Metric | Input Value | Range of Values |
|---|---|---|
| Frequency | 5 | 1 – 1440 (mins) |
| Filter | NULL | Not Applicable |
| Warning Operator | EQUAL | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Warning Threshold | 2 | 1-3 |
| Warning Repeat Count | 1 | 1-12 |
| Critical Operator | EQUAL | Ends with, ==, !=, >=, <=, >, <, In Range, Out of range, Equals, Not equals, Equals Ignore Case, Not Equals Ignore Case, Contains, Not contains, Regex match, Regex no match, In string list, Not in string list, In List, Not in list, Starts with |
| Critical Threshold | 3 | 1-3 |
| Critical Repeat Count | 1 | 1-12 |
| Alert | Yes | Yes/No |
| Graph (Yes/No) | Yes | Yes/No |
Sample Output
No graph