Network port(s) down-cisco-asa

Network port(s) down-cisco-asa
0

Network port(s) down-cisco-asa

Vendor: cisco

OS: asa

Description:
Indeni will trigger an issue if one or more network ports is down.

Remediation Steps:
Review the cause for the ports being down.
|||
|1. Check the physical media to ensure that there are no damaged parts.
|2. Verify that the SFP (small form-factor pluggable) devices in use are those authorized by Cisco and that they are not faulty by executing the “show interface transceiver” NX-OS command.
|3. Verify that you have enabled the port by using the “no shutdown” NX-OS command.
|4. Use the “show interface” command to verify the state of the interface. Besides, you can use the “show interface counters” command to check port counters.
|5. Check if the port is configured in dedicated mode.
|6. Execute the following NX-OS commands to gather more information about ports:
| a. “show interface status”
| b. “show interface capabilities”
| c. “show udld”
| d. “show tech-support udld”
|
|7. For more information review: Nexus Troubleshooting Guide

How does this work?
This script retrieves the interface state by polling ifTable via SNMP.

Why is this important?
Interfaces that should be UP and are DOWN can reduce the resiliance of the systems and cause service disruption.

Without Indeni how would you find this?
It is possible to poll this data through SNMP.

cisco-asa-interfaces

name: cisco-asa-interfaces
description: Fetch interface metrics for ASA device
type: monitoring
monitoring_interval: 1 minute
requires:
    vendor: cisco
    os.name: asa
    snmp: true
comments:
    network-interface-mtu:
        why: |
            The Maximum Transmission Unit (MTU) is the maximum frame size that can be sent between two hosts without fragmentation.
        how: |
            This script retrieves the interface MTU Setting by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false
    network-interface-speed:
        why: |
            If the interface speed is set to a low value, this could mean auto-negotiation is not working correctly and the interface does not utilize the full bandwidth available.
        how: |
            This script retrieves the interface speed by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false
    network-interface-mac:
        why: |
            A media access control address (MAC address) is a unique identifier assigned to a network interface.
        how: |
            This script retrieves the interface MAC Address by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false
    network-interface-admin-state:
        why: |
           If an interface is disabled and it is a member of a Port Channel, then the link might be running at reduced capacity.
        how: |
            This script retrieves the interface administrative state by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false   
    network-interface-state:
        why: |
            Interfaces that should be UP and are DOWN can reduce the resiliance of the systems and cause service disruption.
        how: |
            This script retrieves the interface state by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false 
    network-interface-rx-bytes:
        why: |
            Capture the interface Received Bytes counter. Knowing the amount of bytes and packets flowing through an interface can help estimate an interface's performance and utilization.
        how: |
            This script retrieves the interface statistics by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false             
    network-interface-rx-packets:
        why: |
            Capture the interface Received Packets counter. Knowing the amount of bytes and packets flowing through an interface can help estimate an interface's performance and utilization.
        how: |
            This script retrieves the interface statistics by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false 
    network-interface-rx-dropped:
        why: |
            Capture the interface Receive Drop counter. Packet loss may have severe impact to the traffic utilization (retransmission for TCP apps) and to the performance of the applications
        how: |
            This script retrieves the interface statistics by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false 
    network-interface-rx-errors:
        why: |
            Capture the interface Receive Errors counter. Receive errors coould indicate an issue with duplex/speed matching.
        how: |
            This script retrieves the interface statistics by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false 
    network-interface-tx-bytes:
        why: |
            Capture the interface Transmit Bytes counter. Knowing the amount of bytes and packets flowing through an interface can help estimate an interface's performance and utilization.
        how: |
            This script retrieves the interface statistics by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false  
    network-interface-tx-packets:
        why: |
            Capture the interface Transmit Packets counter. Knowing the amount of bytes and packets flowing through an interface can help estimate an interface's performance and utilization.
        how: |
            This script retrieves the interface statistics by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false 
    network-interface-tx-dropped:
        why: |
            Capture the interface Transmit Drop counter. Packet loss may have severe impact to the traffic utilization (retransmission for TCP apps) and to the performance of the applications
        how: |
            This script retrieves the interface statistics by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false 
    network-interface-tx-errors:
        why: |
            Capture the interface Transmit Errors counter. Transmit errors coould indicate an issue with duplex/speed matching.
        how: |
            This script retrieves the interface statistics by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false 
steps:
-   run:
      type: SNMP
      command: GETTABLE 1.3.6.1.2.1.2.2
    parse:
      type: AWK
      file: asa-interfaces.parser.1.awk

cisco-asa-interfaces

name: cisco-asa-interfaces
description: Fetch interface metrics for ASA device
type: monitoring
monitoring_interval: 1 minute
requires:
    vendor: cisco
    os.name: asa
    snmp: true
comments:
    network-interface-mtu:
        why: |
            The Maximum Transmission Unit (MTU) is the maximum frame size that can be sent between two hosts without fragmentation.
        how: |
            This script retrieves the interface MTU Setting by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false
    network-interface-speed:
        why: |
            If the interface speed is set to a low value, this could mean auto-negotiation is not working correctly and the interface does not utilize the full bandwidth available.
        how: |
            This script retrieves the interface speed by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false
    network-interface-mac:
        why: |
            A media access control address (MAC address) is a unique identifier assigned to a network interface.
        how: |
            This script retrieves the interface MAC Address by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false
    network-interface-admin-state:
        why: |
           If an interface is disabled and it is a member of a Port Channel, then the link might be running at reduced capacity.
        how: |
            This script retrieves the interface administrative state by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false   
    network-interface-state:
        why: |
            Interfaces that should be UP and are DOWN can reduce the resiliance of the systems and cause service disruption.
        how: |
            This script retrieves the interface state by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false 
    network-interface-rx-bytes:
        why: |
            Capture the interface Received Bytes counter. Knowing the amount of bytes and packets flowing through an interface can help estimate an interface's performance and utilization.
        how: |
            This script retrieves the interface statistics by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false             
    network-interface-rx-packets:
        why: |
            Capture the interface Received Packets counter. Knowing the amount of bytes and packets flowing through an interface can help estimate an interface's performance and utilization.
        how: |
            This script retrieves the interface statistics by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false 
    network-interface-rx-dropped:
        why: |
            Capture the interface Receive Drop counter. Packet loss may have severe impact to the traffic utilization (retransmission for TCP apps) and to the performance of the applications
        how: |
            This script retrieves the interface statistics by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false 
    network-interface-rx-errors:
        why: |
            Capture the interface Receive Errors counter. Receive errors coould indicate an issue with duplex/speed matching.
        how: |
            This script retrieves the interface statistics by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false 
    network-interface-tx-bytes:
        why: |
            Capture the interface Transmit Bytes counter. Knowing the amount of bytes and packets flowing through an interface can help estimate an interface's performance and utilization.
        how: |
            This script retrieves the interface statistics by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false  
    network-interface-tx-packets:
        why: |
            Capture the interface Transmit Packets counter. Knowing the amount of bytes and packets flowing through an interface can help estimate an interface's performance and utilization.
        how: |
            This script retrieves the interface statistics by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false 
    network-interface-tx-dropped:
        why: |
            Capture the interface Transmit Drop counter. Packet loss may have severe impact to the traffic utilization (retransmission for TCP apps) and to the performance of the applications
        how: |
            This script retrieves the interface statistics by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false 
    network-interface-tx-errors:
        why: |
            Capture the interface Transmit Errors counter. Transmit errors coould indicate an issue with duplex/speed matching.
        how: |
            This script retrieves the interface statistics by polling ifTable via SNMP.
        without-indeni: |
            It is possible to poll this data through SNMP.
        can-with-snmp: true
        can-with-syslog: false 
steps:
-   run:
      type: SNMP
      command: GETTABLE 1.3.6.1.2.1.2.2
    parse:
      type: AWK
      file: asa-interfaces.parser.1.awk

cross_vendor_network_port_down

package com.indeni.server.rules.library.core
import com.indeni.ruleengine.expressions.conditions.{And, Equals}
import com.indeni.ruleengine.expressions.core.{StatusTreeExpression, _}
import com.indeni.ruleengine.expressions.data.{SelectTagsExpression, SelectTimeSeriesExpression, TimeSeriesExpression}
import com.indeni.server.common.data.conditions.True
import com.indeni.server.rules._
import com.indeni.server.rules.library.{ConditionalRemediationSteps, PerDeviceRule, RuleHelper}
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity


case class PortIsDownRule() extends PerDeviceRule with RuleHelper {

  override val metadata: RuleMetadata = RuleMetadata.builder("cross_vendor_network_port_down", "Network port(s) down",
    "Indeni will trigger an issue if one or more network ports is down.", AlertSeverity.CRITICAL, categories = Set(RuleCategory.HealthChecks), deviceCategory = DeviceCategory.AllDevices).build()

  override def expressionTree(context: RuleContext): StatusTreeExpression = {

    val actualValue = TimeSeriesExpression[Double]("network-interface-state").last
    val adminValue = TimeSeriesExpression[Double]("network-interface-admin-state").last

    StatusTreeExpression(
      // Which objects to pull (normally, devices)
      SelectTagsExpression(context.metaDao, Set(DeviceKey), True),

      // What constitutes an issue
      And(StatusTreeExpression(
        // The additional tags we care about (we'll be including this in alert data)
        SelectTagsExpression(context.tsDao, Set("name"), withTagsCondition("network-interface-state")),
        And(
          StatusTreeExpression(
            SelectTimeSeriesExpression[Double](context.tsDao, Set("network-interface-state"), denseOnly = false),
            Equals(ConstantExpression[Option[Double]](Some(0)), actualValue)
          ).withoutInfo().asCondition(),
          StatusTreeExpression(
            SelectTimeSeriesExpression[Double](context.tsDao, Set("network-interface-admin-state"), denseOnly = false),
            adminValue.isNot(0.0)
          ).withoutInfo().asCondition().orElse(Some(true))
        )
      ).withSecondaryInfo(
        scopableStringFormatExpression("${scope(\"name\")}"),
        EMPTY_STRING,
        title = "Ports Affected"
      ).asCondition(), generateDevicePassiveAndPassiveLinkStateCondition(context.tsDao))
    ).withRootInfo(
      getHeadline(),
      ConstantExpression("One or more ports are down."),
      ConditionalRemediationSteps("Review the cause for the ports being down.",
        RemediationStepCondition.VENDOR_CISCO ->
          """|
            |1. Check the physical media to ensure that there are no damaged parts.
            |2. Verify that the SFP (small form-factor pluggable) devices in use are those authorized by Cisco and that they are not faulty by executing the "show interface transceiver" NX-OS command.
            |3. Verify that you have enabled the port by using the "no shutdown" NX-OS command.
            |4. Use the "show interface" command to verify the state of the interface. Besides, you can use the "show interface counters" command to check port counters.
            |5. Check if the port is configured in dedicated mode.
            |6. Execute the following NX-OS commands to gather more information about ports:
            | a. "show interface status"
            | b. "show interface capabilities"
            | c. "show udld"
            | d. "show tech-support udld"
            |
            |7. For more information review: <a target="_blank" href="https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/troubleshooting/guide/b_Cisco_Nexus_9000_Series_NX-OS_Troubleshooting_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Troubleshooting_Guide_7x_chapter_0101.pdf">Nexus Troubleshooting Guide</a> """.stripMargin,
        RemediationStepCondition.VENDOR_JUNIPER ->
          """|
            |1. On the device command line interface run "show interfaces extensive" command to check the status of the interface.
            |2. Execute "show configuration interface" command to check interface configuration.
            |3. Check the encapsulation type and physical media on the port.
            |4. Check the port specification and the fiber cable.
            |5. Review the following article on Juniper TechLibrary for more information: <a target="_blank" href="https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-interfaces-security.html#jd0e1772">Operational Commands: show interfaces (SRX Series)</a>.""".stripMargin,
        RemediationStepCondition.VENDOR_FORTINET ->
          """|
            |1. Monitor hardware network operations (e.g. speed, duplex settings) by using the "diag hardware deviceinfo nic <interface>" FortiOS command.
            |2. Run the command "diag hardware deviceinfo nic <interface>" command to display a list of hardware related names and values. Review the next link for more details: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-toubleshooting-54/troubleshooting_tools.htm
            |3. Run the hidden FortiOS command "fnsysctl cat /proc/net/dev" to get a summary of  the interface statistics.
            |4. Check for a mismatch in the speed and duplex interface settings on two sides of a cable, or for a damaged cable / SFP. Try to manually configure both sides to the same speed/duplex mode when you can. For more information, review "Symptoms of Ethernet speed/duplex mismatches" at http://kb.fortinet.com/kb/documentLink.do?externalID=10653
            |5. Review the log history for interfaces status changes.
            |6. Review the interface configuration. For more information, use the following interface configuration guide: http://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-system-administration-52/Interfaces/interfaces.htm""".stripMargin
      )
    )
  }
}