Alarms
Feature |
Release Information |
Description |
---|---|---|
Optimization of Alarms |
Cisco IOS XE Catalyst SD-WAN Release 17.5.1a Cisco SD-WAN Release 20.5.1 Cisco vManage Release 20.5.1 |
This feature optimizes the alarms on Cisco SD-WAN Manager by automatically suppressing redundant alarms. This allows you to easily identify the component that is causing issues. You can view these alarms from the Cisco SD-WAN Manager menu, choose . |
Grouping of Alarms |
Cisco IOS XE Catalyst SD-WAN Release 17.11.1a Cisco vManage Release 20.11.1 |
The following enhancements are added to alarms:
|
Heatmap View for Alarms |
Cisco IOS XE Catalyst SD-WAN Release 17.12.1a Cisco Catalyst SD-WAN Manager Release 20.12.1 |
In the heatmap view, a grid of colored bars displays the alarms as Critical, Major, or Medium & Minor. You can hover over a bar or click it to display additional details at a selected time interval. The intensity of a color indicates the frequency of alarms in a severity level. |
Alarm Notifications Using WebHooks |
Cisco IOS XE Catalyst SD-WAN Release 17.15.1a Cisco Catalyst SD-WAN Manager Release 20.15.1 |
Configure a WebHook URL in Cisco SD-WAN Manager to receive alarm notifications in Webex or Slack. |
Information About Alarms
Note |
From Cisco IOS XE Catalyst SD-WAN Release 17.13.1a, the Controllers tab is renamed as Control Components for consistency with Cisco Catalyst SD-WAN terminology. |
When something of interest happens on an individual device in the overlay network, the device reports it by sending a notification to Cisco SD-WAN Manager. Cisco SD-WAN Manager then filters the event notifications and correlates related events, and it consolidates major and critical events into alarms.
Use the Alarms screen to display detailed information about alarms generated by control components and routers in the overlay network.
When a site is down, Cisco SD-WAN Manager reports the following alarms:
-
Site down
-
Node down
-
TLOC down
Cisco SD-WAN Manager displays alarms for each component that is down. Depending on the size of your site, you may see several redundant alarms such as alarms for each TLOC in a node as well as the node alarm. In Cisco vManage Release 20.5.1, Cisco SD-WAN Manager intelligently suppresses redundant alarms. For example, if all the TLOCs in a node are down, Cisco SD-WAN Manager suppresses the alarms from each TLOC and displays only the alarm from the node. For multitenant configurations, each tenant displays alarms for the sites in its tenancy.
Scenario |
Alarms Displayed |
|
---|---|---|
Cisco vManage Release 20.5.1 |
Previous Releases |
|
Link 1 down Link 2 up. |
bfd-tloc-1_down |
bfd-tloc-1_down |
Link 1 down Link 2 down |
bfd-site-1_down bfd-node-1_down, bfd-tloc-1_down, and bfd-tloc-2_down are suppresed by the site alarm. |
bfd-site-1_down bfd-tloc-1_down |
Link 1 up Link 2 down |
bfd-site-1_up bfd-node-1_up bfd-tloc-1_up bfd-tloc-2_up |
bfd-site-1_up bfd-tloc-1_up |
Alarms Details
Note |
From Cisco IOS XE Catalyst SD-WAN Release 17.13.1a, the Controllers tab is renamed as Control Components for consistency with Cisco Catalyst SD-WAN terminology. |
The Cisco SD-WAN Manager generates alarms when a state or condition changes, such as when a software component starts, transitions from down to up, or transitions from up to down. The severity indicates the seriousness of the alarm. When you create email notifications, the severity that you configure in the notification determines which alarms you can receive email notifications about.
Alarm States
Cisco SD-WAN Manager alarms are assigned a state based on their severity:
-
Critical (red)—Serious events that impair or shut down the operation of an overlay network function.
-
Major (yellow)—Serious events that affect, but do not shut down, the operational of a network function.
-
Medium (blue)—Events that might impair the performance of a network function.
-
Minor (green)—Events that might diminish the performance of a network function.
Note |
From Cisco vManage Release 20.11.1, the Medium alarms appear in green and the Minor alarms appear in blue. |
The alarms listed as Active generally have a severity of either critical or major.
To view alarm details such as alarm name, sevcerity, and alarm description:
-
From the Cisco SD-WAN Manager menu, choose
. -
Click Export to export data for all alarms to a file in CSV format.
Cisco SD-WAN Manager downloads data from the alarms table to the default download location of your browser. The data is downloaded as a CSV file with the name alarms-mm-dd-yyyy.csv.
-
Open the downloaded file to view alarm details.
Alarm Name |
Severity |
Description |
||
---|---|---|---|---|
AAA Admin Password Change |
Critical |
The password for the AAA user admin changed on a router or controller. |
||
BFD Between Sites Down |
Critical |
All BFD sessions on all routers between two sites are in the Down state. This means that no data traffic can be sent to or transmitted between those two routers. |
||
BFD Between Sites Up |
Medium |
A BFD session on a router between two sites transitioned to the Up state. |
||
BFD Node Down |
Critical |
All BFD sessions for a router are in the Down state. This means that no data traffic can be sent to or transmitted from that router. |
||
BFD Node Up |
Medium |
A BFD session for a router transitioned to the Up state. |
||
BFD Site Down |
Critical |
All BFD sessions on all Cisco vEdge devices in a site are in the Down state. This means that no data traffic can be sent to or transmitted from that site. |
||
BFD Site Up |
Medium |
A BFD session on a router in a site transitioned to the Up state. |
||
BFD TLOC Down |
Major |
All BFD sessions for a TLOC (transport tunnel identified by a color) are in the Down state. This means that no data traffic can be sent to or transmitted from that transport tunnel. |
||
BFD TLOC Up |
Medium |
A BFD session for a TLOC transitioned to the Up state. |
||
BGP Router Down |
Critical |
All BGP sessions on a router are in the Down state. |
||
BGP Router Up |
Medium |
A BGP session on a router transitioned to the Up state. |
||
Clear Installed Certificate |
Critical |
All certificates on a controller or device, including the public and private keys and the root certificate, have been cleared, and the device has returned to the factory-default state. |
||
Cloned Cisco vEdge Detected |
Critical |
A duplicate router that has the same chassis and serial numbers and the same system IP address has been detected. |
||
Cloud onRamp |
Major |
The Cloud onRamp service was started on a router. |
||
Control All Cisco vSmarts Down |
Critical |
All control connections from all Cisco Catalyst SD-WAN Controllers in the overlay network are in the Down state. This means that the overlay network cannot function. |
||
Control Node Down |
Critical |
All control connections for a Cisco vEdge device are in the Down state. |
||
Control Node Up |
Medium |
At least one control connection for a Cisco vEdge device transitioned to the Up State. |
||
Control Site Down |
Critical |
All control connections from all Cisco Catalyst SD-WAN devices in a site are in the Down state. This means that no control or data traffic can be sent to or transmitted from that site. |
||
Control Site Up |
Medium |
A control connection from Cisco SD-WAN Manager and the Cisco Catalyst SD-WAN Validator in the site transitioned to the Up state. |
||
Control Cisco vBond State Change |
Critical Major |
A control connection on a Cisco Catalyst SD-WAN Validator transitioned to the Down state (Critical) or the Up state (Major). |
||
Control TLOC Down |
Major |
All control connections for a TLOC are in the Down state. |
||
Control TLOC Up |
Medium |
A control connection for a TLOC is in the Up state. |
||
Control Cisco vManage Down |
Critical |
All control connections from Cisco SD-WAN Manager are in the Down state. |
||
Control Cisco vManage Up |
Medium |
A control connection from Cisco SD-WAN Manager transitioned to the Up state. |
||
Control Cisco vSmart Down |
Critical |
All control connections from a Cisco SD-WAN Controller in the overlay network are in the Down state. |
||
Control Cisco vSmart Up |
Medium |
A control connection from a Cisco SD-WAN Controller in the overlay network transitioned to the Up state. |
||
Control Cisco vSmarts Up |
Medium |
Control connection from all Cisco SD-WAN Controllers in the overlay network transition to the Up state. |
||
CPU Load |
Critical, Medium |
The CPU load on a controller or device has reached a critical level that could impair or shut down functionality, or a medium level that could impair functionality. |
||
Default App List Update |
Major |
The default application and application family lists, which are used in application-aware routing policy, have changed. |
||
Device Activation Failed |
Critical |
Activation of a software image on a controller or device failed. |
||
Device Upgrade Failed |
Critical |
The software upgrade on a router failed. |
||
DHCP Server State Change |
Major |
The state of a DHCP server changed. |
||
Disk Usage |
Critical, Major |
The disk usage load on a controller or device has reached a critical level that could impair or shut down functionality, or a medium level that could impair functionality. |
||
Domain ID Change |
Critical |
A domain identifier in the overlay network changed. |
||
Interface Admin State Change |
Critical, Medium |
The administrative status of an interface in a controller or router changed from up to down (Critical) or down to up (Medium). |
||
Interface State Change |
Medium |
The administrative or operational status of an interface changed. |
||
Memory Usage |
Critical, Medium |
The memory usage on a controller or device has reached a critical level that could impair or shut down functionality, or a medium level that could impair functionality. |
||
New CSR Generated |
Minor |
A controller or router generated a certificate signing request (CSR).
|
||
OMP All Cisco vSmarts Down |
Critical |
All OMP connections from all Cisco SD-WAN Controller in the overlay network are in the Down state. This means that the overlay network cannot function. |
||
OMP Cisco vSmarts Up |
At least one OMP connection from all Cisco SD-WAN Controllers in the overlay network is in the Up state. |
|||
OMP Node Down |
All OMP connections for a Cisco vEdge device are in the Down state. |
|||
OMP Node Up |
Medium |
At least one OMP connection for a Cisco vEdge device is in the Up state. |
||
OMP Site Down |
Critical |
All OMP connections to Cisco Catalyst SD-WAN Controller from all nodes in the a are in the Down state. This means that site cannot participate in the overlay network. |
||
OMP Site Up |
Medium |
At least one OMP connection to Cisco Catalyst SD-WAN Controller from all nodes in the site is in the Up state. |
||
OMP State Change |
Critical, Medium |
The administration or operational state of an OMP session between a Cisco Catalyst SD-WAN Controller and a Cisco vEdge device has changed, from Up to Down (Critical) or Down to Up (Medium). |
||
OMP vSmarts Up |
Medium |
OMP connection from all Cisco Catalyst SD-WAN Controllers in the overlay network transition to the Up state. |
||
Org Name Change |
Critical |
The organization name used in the certificates for all overlay network devices changed. |
||
OSPF Router Down |
Critical |
All OSPF connections on a router are in the Down state. |
||
OSPF Router Up |
Medium |
An OSPF connection on a router transitioned to the Up state. |
||
PIM Interface State Change |
Major |
The state of a PIM interface changed. |
||
Process Restart |
Critical |
A process (daemon) on a controller or router restarted. |
||
Pseudo Commit Status |
Minor |
Cisco SD-WAN Manager has started pushing a device configuration template to a controller or router. Cisco SD-WAN Manager pushes a tentative configuration (called the pseudo commit) to the device and starts the rollback timer. If , with the new configuration, the control connections between the device and Cisco SD-WAN Manager come up, the tentative configuration becomes permanent. If the control connections do not come up, the tentative configuration is removed, and the device's configuration is rolled back to the previous configuration (that is, to the last known working). |
||
Root Cert Chain Installed |
Minor |
The file containing the root certificate key chain was installed on a controller or router.
|
||
Root Cert Chain Uninstalled |
Minor |
The file containing the root certificate key chain was removed from a controller or router.
|
||
SD-AVC service switchover |
Minor |
The Cisco SD-AVC component has switched from one node to another in a Cisco SD-WAN Manager cluster. The number of switchovers is limited to the number of nodes in the cluster. If Cisco SD-AVC switches over to each node in the cluster at least once, further switchover is disabled. For information about Cisco SD-AVC, see Cisco SD-AVC in the Cisco Catalyst SD-WAN Getting Started Guide. |
||
SD-AVC service termination |
Major |
Cisco SD-AVC has switched over to each node in the cluster at least once and cannot switch over again without a reset. For information about Cisco SD-AVC, see Cisco SD-AVC in the Cisco Catalyst SD-WAN Getting Started Guide. |
||
Site ID Change |
Critical |
A site identifier in the overlay network changed. |
||
System IP Change |
Critical |
The system IP address on a controller or router changed. |
||
System IP Reuse |
Critical |
The same system IP address is being used by more than one device in the overlay network. |
||
System Reboot Issued |
Critical, Medium |
A device rebooted, either initiated by the device (Critical) or by a user (Medium). |
||
Template Rollback |
Critical |
The attaching of a device configuration template to a router did not succeed in the configured rollback time, and as a result, the configuration on the device was not updated, but instead was rolled back to the previous configuration. |
||
Unsupported SFP Detected |
Critical |
The software detected an unsupported transceiver in a hardware router. |
||
Cisco vEdge Serial File Uploaded |
Critical |
The WAN Edge serial number file was uploaded to the Cisco SD-WAN Manager server. |
||
Cisco vSmart/Cisco vManage Serial File Uploaded |
Critical |
Cisco SD-WAN Manager uploaded the file containing certificate serial numbers for Cisco SD-WAN Managers and Cisco Catalyst SD-WAN Controllers in the overlay network. |
||
ZTP Upgrade Failed |
Critical |
A software upgrade using ZTP failed on a controller or router. |
Alarm Fields
Alarm messages can contain the following fields that provide more information about the alarm:
Field |
Description |
---|---|
Acknowledged |
Whether the alarm has been viewed and acknowledged. This field allows Cisco SD-WAN Manager to distinguish between alarms that have already been reported and those that have not yet been addressed. To acknowledge an alarm, use the following API post call: https://vmanage-ip-address:8443/dataservice/alarms/markviewed Specify the data as: {“uuid”: [<uuids of alarms to acknowledge>]} |
Active |
Whether the alarm is still active. For alarms that are automatically cleared, when a network element recovers, the alarm is marked as "active":false. |
Cleared By |
Universally Unique IDentifier (UUID) of alarm to clear current alarm. |
Cleared Time |
Time when alarm was cleared. This field is present of for alarms whose "active" field is false. |
Component |
The software component for this alarm. |
Devices |
List of system IP addresses or router IDs of the affected devices. |
Entry Time |
Time when the alarm was raised, in milliseconds, expressed in UNIX time. |
Message |
Short message that describes the alarm. |
Possible Causes |
Possible causes for the event. |
Rule Name Display |
Name of the alarm. Use this name when querying for alarms of a particular type. |
Suppressed |
Whether this alarm is suppressed by other alarm. |
Tenant |
Indicates the tenant ID. |
Severity |
Severity of the alarm: critical, major, medium, minor. |
Severity Number |
Integer value for the severity: 1 (critical), 2 (major), 3 (medium), 4 (minor) |
UUID |
Unique identifier for the alarm |
Values |
Set of values for all the affected devices. These values, which are different for each alarm, are in addition to those shown in the "devices" field. |
Values Short Display |
Subset of the values field that provides a summary of the affected network devices. |
Use the Alarms screen to display detailed information about alarms generated by control components and routers in the overlay network.
When the notification events that Cisco SD-WAN Manager receives indicate that the alarm condition has passed, most alarms clear themselves automatically. Cisco SD-WAN Manager then lists the alarm as Cleared, and the alarm state generally changes to medium or minor.
View Alarms
You can view alarms from the Cisco SD-WAN Manager dashboard by clicking the bell icon at the top-right corner. The alarms are grouped into Active or Cleared.
From Cisco vManage Release 20.11.1, when you click the bell icon at the top-right corner, the Notifications pane is displayed. Click the gear icon in this pane to filter or group alarms based on the following criteria:
-
Object: Alarms are grouped based on the device for which the alarm is generated.
-
Severity: Alarms are grouped based on the alarm severity.
-
Type: Alarms are grouped based on the alarm type.
By default, alarms are displayed for the last 24 hours.
Alternatively, follow these steps to view alarms from the Alarms screen in Cisco SD-WAN Manager.
-
From the Cisco SD-WAN Manager menu, choose .
From the Cisco SD-WAN Manager menu, choose .
The alarms are displayed in graphical and tabular formats.
From Cisco Catalyst SD-WAN Manager Release 20.12.1, the heatmap view displays alarms.
-
To view more details for a specific alarm, click … for the desired alarm, and then click Alarm Details.
The Alarm Details window opens and displays the probable cause of the alarm, impacted entities, and other details.
From Cisco vManage Release 20.11.1, a new column called Related Event is added to the alarms page. This column displays events, related to an alarm, that occurs around the time the alarm is generated.
From Cisco Catalyst SD-WAN Manager Release 20.12.1, you can use the following commands to view more details about alarms:
-
show sdwan alarms detail: Provides detailed information about each alarm separated by a new line.
-
show sdwan alarms summary: Provides alarm details such as the timestamp, event name, and severity in a tabular format.
The following is a sample output of the show sdwan alarms detail command:
vm5#show sdwan alarms detail
alarms 2023-06-01:00:38:46.868569
event-name geo-fence-alert-status
severity-level minor
host-name Router
kv-pair [ system-ip=:: alert-type=device-tracking-stop alert-msg=Device Tracking stopped in Geofencing Mode latitude=N/A longitude=N/A geo-color=None ]
-------------------------------------------------------
alarms 2023-06-01:00:38:47.730907
event-name system-reboot-complete
severity-level major
host-name Router
kv-pair [ ]
-------------------------------------------------------
alarms 2023-06-01:00:39:00.633682
event-name pki-certificate-event
severity-level critical
host-name Router
kv-pair [ trust-point=Trustpool event-type=pki-certificate-install valid-from=2008-11-18T21:50:24+00:00 expires-at=2033-11-18T21:59:46+00:00 is-ca-cert=true subject-name=cn=Cisco Root CA M1,o=Cisco issuer-name=cn=Cisco Root CA M1,o=Cisco serial-number=2ED20E7347D333834B4FDD0DD7B6967E ]
-------------------------------------------------------
The following is a sample output of the show sdwan alarms summary command:
vm5#show sdwan alarms summary
time-stamp event-name severity-l
----------------------------------------------------------------------------------------------
2023-06-01:00:38:46.868569 geo-fence-alert-status minor
2023-06-01:00:38:47.730907 system-reboot-complete major
2023-06-01:00:39:00.633682 pki-certificate-event critical
2023-06-01:00:39:00.644209 pki-certificate-event critical
2023-06-01:00:39:00.649363 pki-certificate-event critical
2023-06-01:00:39:00.652777 pki-certificate-event critical
2023-06-01:00:39:00.658387 pki-certificate-event critical
2023-06-01:00:39:00.661119 pki-certificate-event critical
2023-06-01:00:39:00.665882 pki-certificate-event critical
2023-06-01:00:39:00.669655 pki-certificate-event critical
2023-06-01:00:39:00.674912 pki-certificate-event critical
2023-06-01:00:39:00.683510 pki-certificate-event critical
2023-06-01:00:39:00.689850 pki-certificate-event critical
2023-06-01:00:39:00.692883 pki-certificate-event critical
2023-06-01:00:39:00.699143 pki-certificate-event critical
2023-06-01:00:39:00.702386 pki-certificate-event critical
2023-06-01:00:39:00.703653 pki-certificate-event critical
2023-06-01:00:39:00.704488 pki-certificate-event critical
2023-06-01:00:39:01.949479 pki-certificate-event critical
2023-06-01:00:40:38.992382 interface-state-change major
2023-06-01:00:40:39.040929 fib-updates minor
2023-06-01:00:40:39.041866 fib-updates minor
For more information, see Troubleshooting Commands in the Cisco IOS XE Catalyst SD-WAN Qualified Command Reference Guide.
Filter Alarms
You can filter alarms to view details about alarms of interest.
Set Alarm Filters
-
From the Cisco SD-WAN Manager menu, choose .
-
Click Filter.
-
In the Severity field, choose an alarm severity level from the drop-down list. You can specify more than one severity level.
-
In the Active field, choose active, cleared, or both types of alarm from the drop-down list. Active alarms are alarms that are currently on the device but have not been acknowledged.
-
In the Alarm Name field, choose an alarm name from the drop-down list. You can specify more than one alarm name.
-
Click Search to look for alarms that match the filter criteria.
Cisco SD-WAN Manager displays the alarms in both table and graphical formats.
From Cisco Catalyst SD-WAN Manager Release 20.12.1, the heatmap view displays alarms.
Set Advanced Alarm Filters
From Cisco vManage Release 20.11.1, you can set advanced filters to search for alarms that are generated by sites or devices. To set advanced filters:
-
From the Cisco SD-WAN Manager menu, choose .
-
Click Advanced Filter.
-
In the Object Type drop-down menu, choose either Site or Device for which you want to view alarms.
-
In the Object List drop-down menu, choose either Site ID or Device IP for which you want to view alarms.
You can choose more than one site or device.
-
In the Severity drop-down menu, choose one or more alarm severity levels from the drop-down list.
-
In the Type drop-down menu, choose one or more alarm names from the drop-down list.
-
Click Apply Filters to view alarms that match the filter criteria.
The Custom Filter Condition allows you to filter alarms based on the OR condition, for example, 1 OR 2 OR 3.
You can add up to five filters. To delete a filter, click the Bin icon.
Cisco SD-WAN Manager displays the alarms in both table and graphical formats.
From Cisco Catalyst SD-WAN Manager Release 20.12.1, the heatmap view displays alarms.
Export Alarms
To export data for all alarms to a file in CSV format, click Export.
Cisco SD-WAN Manager downloads data from the alarms table to the default download location of your browser. The data is downloaded as a CSV file with the name alarms-mm-dd-yyyy.csv, where mm, dd, and yyyy are the month, day, and year that the file was downloaded.
Alarms data displayed on the graph can also be looked up in the downloaded file.
For example, if the graph displays an alarm data (Critical 2, Major 274, Medium 4, Minor 405) with date and time as 15/Feb/2022 3:30 AM, the same alarm data is also available in the downloaded file against a date and time range between 15/Feb/2022 3:00 AM and 15/Feb/2022 3:29 AM.
Alarm Notifications
You can configure Cisco SD-WAN Manager to send email notifications when alarms occur on devices in the overlay network.
Enable Email Notifications
Configure SMTP and email recipient parameters to enable email notifications for alarms. Configure the SMTP and email recipient parameters on this screen:
-
From the Cisco SD-WAN Manager menu, choose .
-
In Alarm Notifications, choose Enabled.
From Cisco Catalyst SD-WAN Manager Release 20.13.1, click the toggle button to enable cloud services.
-
Check the Email Settings check box.
-
Choose the security level for sending the email notifications. The security level can be None, SSL, or TLS.
-
In the SMTP Server field, enter the name or the IP address of the SMTP server to receive the email notifications.
-
In the SMTP Port field, enter the SMTP port number. For no security, the default port is 25; for SSL it is 465; and for TLS it is 587.
-
In the From address field, enter the full email address to include as the sender in email notifications.
-
In the Reply to address field, enter the full email address to include in the Reply-To field of the email. This address can be a noreply address, such as noreply@cisco.com.
-
Check the Use SMTP Authentication check box to enable SMTP authentication to the SMTP server.
Enter the username and password to use for SMTP authentication. The default user email suffix is appended to the username. The password that you type is hidden.
-
Click Save.
Note |
The email is sent from Cisco SD-WAN Manager Public-IP of VPN0 (Transport Interface) as a source interface. |
Send Alarm Notifications
Before you begin: Ensure that Email Notifications are enabled under Alarm Notifications is enabled and, Email Settings check box is checked.
, check whetherFrom Cisco Catalyst SD-WAN Manager Release 20.13.1, click the toggle button to enable cloud services.
From Cisco Catalyst SD-WAN Manager Release 20.15.1, configure Slack or Webex webhooks to receive alarm notifications.
To send email notifications when alarms occur:
-
From the Cisco SD-WAN Manager menu, choose .
From the Cisco SD-WAN Manager menu, choose .
-
Click Alarm Notifications. A list of configured notifications is displayed in the table.
-
Click Add Alarm Notifications.
-
In the Notification Name field, enter a name for the email notification. The name can be up to 128 characters and can contain only alphanumeric characters.
-
Expand the Alarm Type filter and do the following to configure the parameters:
-
From the Object Type drop-down list, choose a site or device you want to view the alarms for.
-
From the Object List drop-down list, choose a site ID or a device based on the type of object you have selected.
-
From the Severity drop-down list, choose the alarm severity.
-
From the Types drop-down list, choose an alarm type.
-
-
Expand the Delivery Method filter and click the following options to configure the alarm delivery method.
-
Check the Email check box to trigger an email an alarm notification event occurs.
-
In the Email field, enter one or more email addresses.
-
(Optional) Click Add New Email List and enter an email list, if desired.
-
In the Email Threshold field, set the maximum number of emails to be sent per minute. The number can be a value from 1 through 30. The default is 5.
-
-
Check the WebHook check box to trigger an HTTP callback to a webhook channel when an alarm notification event occurs.
-
From the Choose a Channel for Webhook drop-down list, choose a webhook channel to receive alarm notifications in
-
Cisco Webex
-
Slack
-
Custom
-
-
In the WebHook URL field, enter the URL of the webhook server.
To create a webhook URL for Slack, go to api.slack.com see the section "Sending messages using incoming webhooks".
To create a webhook URL for Webex, go to WebEx App Hub and see the section Incoming Webhooks.
-
In the WebHook Threshold field, enter the threshold value.
The value you enter indicates the number of notifications that you receive for that webhook URL per minute. For example, if the WebHook Threshold value is 2, you receive two notifications for that webhook URL per minute. Notifications that are generated beyond the threshold are not delivered.
-
(Optional) If you have chosen Custom from the Choose a Channel for Webhook option, configure these additional parameters:
Field
Description
Username
Enter a username for authentication.
Password
Enter a password for authentication.
-
-
-
Click Add.
View and Edit Email Notification
-
From the Cisco SD-WAN Manager menu, choose .
From the Cisco SD-WAN Manager menu, choose .
-
Click Alarm Notifications. A list of configured notifications is displayed in the table.
-
For the desired notification, click the View icon to the right of the row.
-
When you are done viewing the notification, click OK.
Edit an Email Notification
-
From the Cisco SD-WAN Manager menu, choose .
From the Cisco SD-WAN Manager menu, choose .
-
Click Alarm Notifications. A list of configured notifications is displayed in the table.
-
For the desired email notification, click the Edit icon.
-
When you are done editing the notification, click Update.
Delete an Email Notification
-
From the Cisco SD-WAN Manager menu, choose .
From the Cisco SD-WAN Manager menu, choose .
-
Click Alarm Notifications. A list of configured notifications is displayed in the table.
-
For the desired email notification, click the Trash Bin icon.
-
In the confirmation dialog box, click OK.