The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Introduction to Cisco Firepower 2100 Faults
This chapter provides an overview of faults on the Cisco Firepower 2100. This chapter contains the following sections:
This section includes the following topics:
On the Firepower 2100, a fault is a mutable object that is managed by the Cisco Firepower Management Center. Each fault represents a failure in the Firepower 2100 instance or an alarm threshold that has been raised. During the lifecycle of a fault, it can change from one state or severity to another.
Each fault includes information about the operational state of the affected object at the time the fault was raised. If the fault is transitional and the failure is resolved, then the object transitions to a functional state.
A fault remains in Firepower Management Center until the fault is cleared and deleted according to the settings in the fault collection policy.
You can view all faults on the Firepower 2100 from either the FXOS CLI or the Cisco Firepower Management Center. You can also configure the fault collection policy to determine how a Firepower 2100 instance collects and retains faults.
Note: All Cisco Firepower 2100 faults can be trapped by SNMP.
A fault raised on the Firepower 2100 can transition through more than one severity during its lifecycle. Table 1-1 describes the possible fault severities in alphabetical order.
A fault raised on the Firepower 2100 can be one of the types described in Table 1-2 .
The Firepower Management Center provides detailed information about each fault raised on the Firepower 2100. Table 1-3 describes the fault properties that can be viewed in the FXOS CLI or the Cisco Firepower Management Center.
The current severity level of the fault. This can be any of the severities described in Table 1-1. |
|
The day and time on which the severity for the fault last changed. If the severity has not changed since the fault was raised, this property displays the original creation date. |
|
The component that is affected by the condition that raised the fault. |
|
Additional information about the fault state. This can be any of the states described in Table 1-4. |
|
The type of fault that has been raised. This can be any of the types described in Table 1-2. |
|
The unique identifier associated with the condition that caused the fault. |
|
The number of times the event that raised the fault occurred. |
|
The severity assigned to the fault on the first time that it occurred. |
|
The faults on the Firepower 2100 are stateful, and a fault raised on the Firepower 2100 transitions through more than one state during its lifecycle. In addition, only one instance of a given fault can exist on each object. If the same fault occurs a second time, the Firepower 2100 increases the number of occurrences by one.
A fault has the following lifecycle:
1. A condition occurs in the system and the Firepower 2100 raises a fault in the active state.
2. If the fault is alleviated within a short period of time know as the flap interval, the fault severity remains at its original active value but the fault enters the soaking state. The soaking state indicates that the condition that raised the fault has cleared, but the system is waiting to see whether the fault condition reoccurs.
By default, the flap interval is set to 10 seconds. To change this value, see Set the Flap Interval.
3. If the condition reoccurs during the flap interval, the fault enters the flapping state. Flapping occurs when a fault is raised and cleared several times in rapid succession. If the condition does not reoccur during the flap interval, the fault is cleared.
4. Once cleared, the fault enters the retention interval. This interval ensures that the fault reaches the attention of an administrator even if the condition that caused the fault has been alleviated, and that the fault is not deleted prematurely. The retention interval retains the cleared fault for the length of time specified in the fault collection policy.
5. If the condition reoccurs during the retention interval, the fault returns to the active state. If the condition does not reoccur, the fault is deleted.
When a fault is active, the additional lifecycle state information listed in Table 1-4 may be provided in the Status field of the fault notification.
The flap interval specifies the time interval (in seconds) the system waits before changing a fault state. Flapping occurs when a fault is raised and cleared several times in rapid succession. To prevent this, the system does not allow a fault to change state until the flapping interval has elapsed after the last state change. The default flap interval value is 10 seconds.
Use the following procedure to change the value of the flap interval:
1. In the FXOS CLI, enter the monitoring scope:
2. Enter the fault policy scope:
The fault collection policy controls the lifecycle of a fault on the Firepower 2100, including the length of time that each fault remains in the flapping and retention intervals.
Note: For information on how to configure the fault collection policy, see the Firepower Management Center configuration guides, accessible through the Firepower Documentation Roadmap.
The Platform Faults module is disabled by default. To enable platform faults monitoring for your Firepower 2100 series device:
1. Navigate to System > Health > Policy > Platform Faults in the Cisco Firepower Management Center.
2. Enter a Policy Name and Policy Description for the new platform health monitoring policy.
3. Click the On radio button for Enabled.
4. Select the lowest severity of faults to display in Firepower Management Center. For example, if you select Major, then fault events with severity Major and above will display in your Firepower Management Center events. Warning, Minor, and Info faults will not display.
The health module filters the faults based on your defined severity preferences. For each severity, there is a single event generated in Firepower Management Center. If there are no faults for a particular severity, then the health event is not generated for that severity.
To view faults for all objects in the system, navigate to System > Health > Events in the Cisco Firepower Management Center.
Each fault severity is represented by a different icon:
To display details for a particular fault, right-click on the fault and select Show Full Text.
If you want to view the faults for all objects in the system, at the top-level scope, enter the show fault command in the FXOS CLI. If you want to view faults for a specific object, scope to that object and then enter the show fault command.
If you want to view all of the available details about a fault, enter the show fault detail command.
This section includes the following topics:
A finite state machine (FSM) is a workflow model, similar to a flow chart, that is composed of the following:
The current stage in the FSM is determined by past stages and the operations performed to transition between the stages. A transition from one stage to another stage is dependent on the success or failure of an operation.
Firepower Management Center uses FSM tasks that run in the Data Management Engine (DME) to manage end points in the Firepower object model, including the following:
The DME manages the FSM stages and transition, and instructs the Application Gateway (AG) to perform operations on the managed end points. Therefore, each stage can be considered to be an interaction between the DME, the AG, and the managed end point. The AGs do the real work of interacting with managed end points.
When all of the FSM stages have run successfully, the Firepower 2100 considers that the FSM operation is successful.
If the FSM encounters an error or a timeout at a stage, the FSM retries that stage at scheduled intervals. When the retry count has been reached for that stage, the FSM stops and the Firepower Management Center declares that the change has failed. If an FSM task fails, the Firepower Management Center raises the appropriate faults and alarms.
Multiple FSM tasks can be associated to an end point. However, only one FSM task at a time can run. Additional FSM tasks for the same end point are placed in a queue and are scheduled to be run when the previous FSM task is either successfully completed or the task fails.
You can view the FSM details for a particular end point to determine if a task succeeded or failed. You can also use the FSM to troubleshoot any failures.
The FSM stage names are constructed using the following notation
Fsm ObjectWorkflowOperationWhere-is-it-executed
Each FSM stage name has a prefix that identifies the FSM and a suffix that identifies a stage within the FSM. The prefix notation is Fsm ObjectWorkflow and the suffix notation is OperationWhere-is-it-executed . For example, if the FSM name is FsmComputeBladeDiscoverBmcInventory :
The Cisco Firepower Management Center displays the FSM information for an end point on the FSM tab for that end point. You can use the FSM tab to monitor the progress and status of the current FSM task and view a list of the pending FSM tasks.
The information about a current FSM task in the Cisco Firepower Management Center is dynamic and changes as the task progresses. You can view the following information about the current FSM task:
To view the FSM task for an end point that supports FSM, navigate to the end point in the Navigation pane and click on the FSM tab in the Work pane.
The FXOS CLI can display the FSM information for an end point when you are in the command mode for that end point.
Enter the show fsm status command in the appropriate mode to view the current FSM task for an end point. The information displayed about a current FSM task in the CLI is static. You must re-enter the command to see the progress updates. The following example displays the information about the current FSM task for the server in chassis 1, slot 6:
Enter the show fsm task command in the appropriate mode to view all of the pending tasks in the FSM queue. The following example displays the FSM task queue for chassis 1, slot 1:
The Error Message Decoder parses published System Message Guides and provides easy error message search capabilities for Cisco customers.
To use the Error Message Decoder:
Step 1 Click the following link: http://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi
Step 3 Paste the error message into the field indicated.