Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Understsanding CSO Alarm Types

0

0

Article ID: KB37480 KB Last Updated: 29 Sep 2021Version: 1.0
Summary:

This article explains the different alarm types in CSO UI and how to get alarms via API instead of CSO UI.

Solution:
Device Down/Unreachable
This alarm is generated when a device is down or not reachable from CSO. Severity of this alarm is “critical”. It is “cleared” when connectivity between the device and CSO is restored.

Cluster Down
This alarm is applicable for Dual CPE. An alarm is raised with “major” severity if either “Primary” or “Secondary” node is down. If both nodes are down then the same alarm is raised with “critical” severity. The alarm with “major” severity is cleared when both nodes are up. The alarm with “critical” severity may move to “clear” or “major” depending on whether one or both nodes are up.

DHCP Address Change Notification
This alarm is generated when an IP address change is detected for a WAN link as a result of DHCP address assignment/re-assignment. The severity of this alarm is “major”. It is “cleared” when the IP Address remains the same across two consecutive checks.

WAN Interface Down
This alarm is generated when WAN link disconnection is detected. The severity of this alarm is “Major”, it is cleared when WAN connectivity is restored.

OAM IPSec Tunnel down
This alarm is generated when IPSec link between a site and OAM hub goes down. The severity of this alarm is “critical”. Itt is cleared when IPSec tunnel between site and OAM hub is re-established.

Overlay Tunnel Down
This alarm is generated when GRE/GRE_Over_IPSec data tunnel goes down. It can be between a spoke to hub, enterprise-hub or another spoke. The severity of this alarm is “critical”. It is cleared when the tunnels are re-established.

Underlay BGP Session Down
This alarm is generated when BGP association between a spoke and next hop router goes down. In case of dual homed connections, alarms for individual associations are raised. The severity of this alarm is “critical”. It is cleared when BGP association with the peer is restored.

Dual homed Underlay BGP Session Down
This alarm is generated when or both BGP associations between a spoke and next hop router are down. If one of the association is down, then severity of the alarm is “minor”. If both associations are down, then severity is “critical”. Alarm with “critical” may move to “clear” or “minor” depending on whether one or both associations are up.

Site Monitoring Stopped
This alarm is generated when a site is recalled or deleted. Severity of this alarm is “normal”. It is not required to “clear” this alarm.

VRR Down
This alarm is generated when a VRR is down or unreachable from CSO. The severity of this alarm is “critical”. It is cleared when connectivity between VRR and CSO is restored. This alarm is only visible to the CSO administrator.

Combined Alarm for “alarms present in the device”
This alarm is generated when a device shows any alarms (via CLI/NetConf). CSO raises an alarm with “major” severity if there are any alarms listed as a result of device CLI/NetConf command. It is cleared when no alarms are listed in the device.

Site-Edit Failure Alarm
This alarm is generated when any site-edit operation fails. The severity of this alarm is “major”. It is cleared once the parameter added or edited does not comply with the environment/criteria.
Reference to the technical documentation on Edit Site Properties.

Site-Edit Alarm for “DHCP Update”
This alarm is generated when TSSM microservice starts a workflow after receiving “DHCP Address change” alarm. The severity of this alarm is “major”. It is cleared after workflow is completed.

DVPN tenant tunnel threshold exceeded Alarm
This alarm is generated when tenant threshold for the number of DVPN tunnels is exceeded. The severity of this alarm is “major”. It is cleared when the number of DVPN tunnels for a tenant falls below the threshold.

Provider-HUB Alarms
CSO generates Device Up/Down and WAN Link Up/Down alarms for Provider-HUBs. Payloads of these alarms are similar to corresponding spoke alarms but these alarms are visible only to the owner of the Provider-HUB (SRE or OpCo). These are not shared with tenants that connect spokes to this HUB.


Too retrieve alarm objects, use the following API:

GET https://{ }/fmpm-provider/alert_status_object?detail=true&filter=(severity!=normal)

Example Output:

{
    "total": 1,
    "alert_status_object": [
        {
            "last_update_time": 1598372083,
            "alert_type": "host",
            "site_name": "Spoke-01",
            "parent_uuid": "3a35363e-0928-46d2-bd1c-d1d2a91cec8f",
            "tenant_name": "Juniper",
            "object_type": "SRX_CLUSTER",
            "parent_type": "project",
            "site": "e68ff330-bc19-4190-ad9d-fcc74a93ee65",
            "pop": "68517ed4-dd5d-4605-bdc6-8b62ef5bf66a",
            "id": "d805adaf-e7c5-487b-9775-054c9f0b404b",
            "category": "alarm",
            "fq_name": [
                "default-domain",
                "Juniper",
                "d805adaf-e7c5-487b-9775-054c9f0b404b"
            ],
            "uuid": "64e7987c-e377-4ea1-bb0d-d4a2da13e53e",
            "sub_system": "CSO",
            "object_id": "d805adaf-e7c5-487b-9775-054c9f0b404b",
            "source": "device",
            "id_perms": {
                "enable": true,
                "uuid": {
                    "uuid_mslong": 7270947785572568737,
                    "uuid_lslong": 13478663055698289982
                },
                "created": "2020-08-25T09:21:53.694893",
                "description": null,
                "creator": "admin",
                "user_visible": true,
                "last_modified": "2020-08-25T16:14:43.704588",
                "modifier": "admin",
                "permissions": {
                    "owner": "admin",
                    "owner_access": 7,
                    "other_access": 7,
                    "group": "admin",
                    "group_access": 7
                }
            },
            "type": "alert_status_object",
            "parent_uri": "/fmpm-provider/project/3a35363e-0928-46d2-bd1c-d1d2a91cec8f",
            "region_name": null,
            "start_time": 1598347313,
            "reason": "Host is UP",
            "perms2": {
                "owner": "3a35363e092846d2bd1cd1d2a91cec8f",
                "owner_access": 7,
                "global_access": 0,
                "share": [
                    {
                        "tenant_access": 7,
                        "tenant": "f07884c8f7994eb49af0828031d7e247"
                    },
                    {
                        "tenant_access": 4,
                        "tenant": "share.child_projects"
                    }
                ]
            },
            "device": "d805adaf-e7c5-487b-9775-054c9f0b404b",
            "display_name": "d805adaf-e7c5-487b-9775-054c9f0b404b",
            "tenant": "3a35363e-0928-46d2-bd1c-d1d2a91cec8f",
            "severity": "normal",
            "name": "d805adaf-e7c5-487b-9775-054c9f0b404b",
            "region": "9e8d52c9-34c7-40dc-b26a-ba458db62fad",
            "counter": 4,
            "uri": "/fmpm-provider/alert_status_object/64e7987c-e377-4ea1-bb0d-d4a2da13e53e",
            "server": "d805adaf-e7c5-487b-9775-054c9f0b404b",
            "pop_name": null,
            "attributes": {
                "region_display_name": "regional",
                "pop_display_name": "regional",
                "opco_display_name": "default-domain"
            },
            "opco_name": null
        }
    ]
}
 

Other useful API's

  • Get all active alarms for a site:

    GET /fmpm-provider/alert_status_object?detail=true&filter=(site=e68ff330-bc19-4190-ad9d-fcc74a93ee65 and severity!=normal)
  • Get alarms for a tenant:

    GET /fmpm-provider/alert_object?detail=true
  • Get alarms for a site:

    GET /fmpm-provider/alert_object?detail=true&filter=(site=e68ff330-bc19-4190-ad9d-fcc74a93ee65)
  • Filters Based on Alarm Attributes
    Based on other fields, e.g. alert_type, source etc. RPC below will fetch history of all device down alarms for a given site.

    GET /fmpm-provider/alert_object?from=0&size=200&detail=true&filter=(site=e68ff330-bc19-4190-ad9d-fcc74a93ee65 and alert_type=host)

Note: If any of the alarm does not clear, please contact your JTAC Representative.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search