OPLP Alerts and Event Descriptions
This document provides a complete list of OPLP alerts, their description, the required user action, and the SNMP trap notifications that the appliance generates when SNMP traps are enabled.
Alerts with a priority "None" are recovery alerts. "Medium" priority alerts are warnings and "High" priority alerts are critical.
Alert |
Priority |
Description |
User Action |
SNMP Trap Notification |
---|---|---|---|---|
Device_rebooted |
None |
Device was rebooted |
Check the status of services by running, show service-status |
deviceRebootedNotif |
High |
Device rebooted |
|||
Storage-root-partition |
None |
Disk usage of the root partition is below 75%. |
Check the available disk size of the root partition. From the Linux shell, run the command: df -h |
storageRootNotif |
Medium |
Disk usage of the root partition is at 75% or more. |
|||
High |
Disk usage of the root partition is at 90% or more. |
|||
Storage-securestore-partition |
None |
Secure Store disk usage is below 75%. |
Check the available disk size of the Secure Store disk using the “df” command. To increase the size of the partition contact support. |
|
Medium |
Secure Store disk usage is is at 75% or more. |
|||
High |
Secure Store disk usage is is at 90% or more. |
|||
Storage-lcmysql- partition |
None |
Disk usage of lcmysql is below 75%. |
Check the available disk size of the lcmysql partition using the “df” command. To increase the size of the partition contact support. |
storageMysqlNotif |
Medium |
Disk usage of lcmysql is at 75% or more. |
|||
High |
Disk usage of lcmysql is at 90% or more. |
|||
Storage-lcmongo- infrastructure- partition |
None |
Disk usage of lcmongo-infrastructure is below 75%. |
Check the available disk size of the lcmongo-infrastructure partition using the “df” command. To increase the size of the partition contact support. |
storageMongoInfraNotif |
Medium |
Disk usage of lcmongo-infrastructure is at 75% or more. |
|||
High |
Disk usage of lcmongo-infrastructure is is at 90% or more. |
|||
Storage-lclw-partition |
None |
Disk usage of lclw is below 75%. |
Check the available disk size of the lclw partition using the “df” command. If required, increase the disk partition using the command, troubleshooting expand-partition log |
storageLogNotif |
Medium |
Disk usage of lclw is at 75% or more. |
|||
High |
Disk usage of lclw is at 90% or more. |
|||
Storage-lckafkabroker- partition |
None |
Disk usage of lckafkabroker is below 75%. |
Check the available disk size of the lckafkabroker partition using the “df” command. To increase the size of the partition contact support. |
storageKafkaBrokerNotif |
Medium |
Disk usage of lckafkabroker is at 75% or more. |
|||
High |
Disk usage of lckafkabroker is at 90% or more. |
|||
Storage-lcmongo-event- partition |
None |
Disk usage of lcmongo-event is below 75%. |
Check the available disk size of the lcmongo-event partition using the “df” command. To increase the size of the partition contact support. |
storageMongoEventNotif |
Medium |
Disk usage of lcmongo-event is at 75% or more. |
|||
High |
Disk usage of lcmongo-event is at 90% or more. |
|||
Reportjob_worker_status |
None |
Reportjob worker is running. |
Contact support and provide them the debug package. Run: troubleshooting debug-package generate |
reportjobWorkerNotif |
High |
Reportjob worker is not running. |
|||
Reportjob_scheduler_ status |
None |
Reportjob scheduler is running. |
Contact support and provide them the debug package. Run: troubleshooting debug-package generate |
reportjobSchedulerNotif |
High |
Reportjob scheduler is not running. |
|||
Cfgagent_connection |
None |
Cfgagent connection to config service has been restored. |
If cfgagent is not connected to config services, then check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. |
cfgagentConnectionNotif |
MySql_status |
None |
MySql db is running. |
Contact support and provide them the debug package. Run: troubleshooting debug-package generate |
mysqlNotif |
High |
MySql db is not running. |
|||
Event_flow_from_device |
None |
Event flow from device has been restored. |
Indicates if the number of events coming in from a device for a particular week is half the number of events received during the previous week. Check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. |
eventflowNotif |
High |
Event flow from the device is affected. |
|||
Files_not_uploaded_24_ hrs |
None |
Files uploaded successfully. |
Run the following command to see the list of unprocessed files: log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. |
filesNotUploaded24hNotif |
High |
Atleast 5 files were not uploaded within 24 hours. |
|||
Files_not_uploaded_48_ hrs |
None |
Files uploaded successfully. |
Run the following command to see the list of unprocessed files: log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. |
filesNotUploaded48hNotif |
High |
Atleast 1 file was not uploaded within 48 hours. |
|||
Files_not_picked_up_24_ hrs |
None |
Files picked up for processing successfully. |
Run the following command to see the list of unprocessed files: log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. |
filesNotPicked24hNotif |
High |
Atleast 5 files were not picked up for processing within 24 hours. |
|||
Files_not_picked_up_48_ hrs |
None |
Files picked up for processing successfully. |
Run the following command to see the list of unprocessed files: log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. |
filesNotPicked48hNotif |
High |
Atleast 1 file was not picked up for processing within 48 hours. |
|||
Queryservice_status |
None |
Queryservice is running. |
Run the command,
|
queryServiceStatusNotif |
High |
Queryservice is not running. |
|||
Mongos_status |
None |
Mongos is running. |
Contact support and provide them the debug package. Run: troubleshooting debug-package generate |
mongoSStatusNotif |
High |
Mongos is not running. |
|||
Mongodb_status |
None |
Mongodb is running. |
Contact support and provide them the debug package. Run: troubleshooting debug-package generate |
mongoDBStatusNotif |
High |
Mongodb is not running. |
|||
Threat_feed_age |
None |
The threat feed data on the device is up-to-date. |
threatfeedAgeNotif |
|
Auth_proxy_status |
None |
Auth Proxy services have recovered. |
Contact support to resolve this issue. |
authProxyStatusNotif |
High |
Auth Proxy services are down. Users may not be able to login to Microsoft Office 365. |
|||
No_events_from_device |
None |
Events from device were successfully sent |
Run the following command to see the list of unprocessed files: log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see. Contact support to resolve this issue. |
noEventsFromDeviceNotif |
High |
Events from device not received in the last 24 hours |
|||
No_metrics_from_device |
None |
Metrics from device were successfully sent. |
Run the following command to see the list of unprocessed files: log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. |
noMetricsFromDeviceNotif |
Medium |
Metrics from device were not received in the last 3 hours. |
|||
High |
Metrics from device were not received in the last 6 hours. |
|||
Storage-1a |
None |
Disk usage of /nslogs is below 50%. |
Check the available disk size of the /nslogs partition using the To increase the size of the partition contact support. |
|
Medium |
Disk usage of /nslogs is at 50% or more. |
|||
High |
Disk usage of /nslogs is at 75% or more. |
|||
Log_Process-4 |
None |
Files were picked up |
Run the following command to see the list of unprocessed files: log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see. Contact support to resolve this issue. |
|
Medium |
Files were not being picked within 10 hours. |
|||
High |
Files were not being picked within 15 hours. |
|||
Log_Process-5a |
None |
Files moved and split successfully. |
Run the following command to see the list of unprocessed files: log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. |
|
Medium |
Files moved but not split within 24 hours. |
|||
High |
Files moved but not split within 72 hours. |
|||
Log_Process-5b |
None |
Files moved & split and parsed successfully. |
Run the following command to see the list of unprocessed files: log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. |
|
Medium |
Files moved & split, parsing not finished in 24 hours. |
|||
High |
Files moved & split, parsing not finished in 72 hours. |
|||
Log_Process-5c |
None |
File parsing finished; events uploaded successfully. |
Run the following command to see the list of unprocessed files: log-upload tools list If the list is zero, check your firewall to ensure that OPLP can access the tenant domains. For a complete list of supported tenant domains, see Outbound Ports. Contact support to resolve this issue. |
|
Medium |
File parsing finished; events haven't been uploaded within 24 hours of parsing. |
|||
High |
File parsing finished; events haven't been uploaded within 72 hours of parsing done. |
|||
Callhome_status |
None |
Callhome endpoint is reachable. |
The domain always needs to be allowlisted and accessible to the appliance. |
callhomeConnectivityNotif |
High |
Callhome endpoint cannot be reached. |
|||
Downloader_status |
None |
Downloader endpoint is reachable. |
The domain always needs to be allowlisted and accessible to the appliance. |
downloaderConnectivityNotif |
High |
Downloader endpoint cannot be reached. |
|||
Config_service_status |
None |
Config service endpoint is reachable. |
The domain always needs to be allowlisted and accessible to the appliance. |
configsvcConnectivityNotif |
High |
Config service endpoint cannot be reached. |
|||
UI_hostname_status |
None |
HTTP endpoint is reachable. |
The domain always needs to be allowlisted and accessible to the appliance. |
uihostnameConnectivityNotif |
High |
HTTP endpoint cannot be reached. |
|||
UI_hostname_ssh_status |
None |
SSH endpoint is reachable. |
The domain always needs to be allowlisted and accessible to the appliance. |
uihostnamesshConnectivityNotif |
High |
SSH endpoint cannot be reached. |
|||
Logupload_status |
None |
Logupload endpoint is reachable. |
The domain always needs to be allowlisted and accessible to the appliance. |
loguploadConnectivityNotif |
High |
Logupload endpoint cannot be reached. |
Outbound Ports
Use these ports for management connectivity and log uploads.
Note
In release 46
domain names changed. Using version 46 and later requires using the new domain
names. Existing deployments (release 45 and prior) do not require the new
domain names, but using them are recommended. The one required update is for
auto-updates; either turn off auto-update or use the new
download-<tenant
hostname>.goskope.com
domain name. New deployments with
release 46 and higher do need to use the new domain names.
For management connectivity:
Domain |
Description |
Port |
---|---|---|
New: Old:
|
Use for configuration updates. The domain needs to be SSL allowlisted if you have SSL decryption enabled. |
443 |
New:
Old:
|
Use for software upgrades. |
443 |
New:
Old:
|
Use for reporting and status updates in the UI. The domain needs to be SSL allowlisted if you have SSL decryption enabled. |
443 |
New:
Old:
|
Use for receiving metrics from on-premises appliances and forwarding them to cloud tenants, as well as receiving event data from an on-premises dataplane appliances. Also for receiving custom user attributes from user endpoints. The domain needs to be SSL allowlisted if you have SSL decryption enabled. |
443 |
Note
For international deployments, use ~
-<tenant
hostname>.eu.goskope.com
or ~
-<tenant
hostname>.de.goskope.com
.
For log uploads:
Domain |
Description |
Port |
---|---|---|
New:
Old:
|
Use for sending logs to the Netskope cloud with SFTP. This is the default port for log uploads. |
22 |
No change:
|
Use for sending logs to the Netskope cloud with HTTPS. This port is enabled by default. |
443 |
No change:
|
Use for fetching the REST API token with HTTPS. |
443 |
Note
For international deployments, use ~
-<tenant
hostname>.eu.goskope.com
or ~
-<tenant
hostname>.de.goskope.com
.