search

System alerts

Vectra will send System Health email Alerts for a variety of condition such as Sensor connectivity, capture interface health, or disk health.

  • The alerts you see on this page are not a comprehensive list and alerts can be added in the future.

  • It is a best practice to enable these alerts of to monitor system health with the health API endpoint.

  • Further information on the general system health can be obtained from the command line using the command "show system-health". Please see Monitoring the health of Vectra appliances for a

To enable Alerts go to Settings - Notifications - Send system alerts

hashtag
Alerts as of v8.9

hashtag
Specific Alert Details

hashtag
1. Disk Health : Disk read only check or RAID Failure

Contact Vectra Support immediately. If remote support is possible please turn this on. If not please be prepared for remote session with Vectra support to try to diagnose and resolve this issue as quickly as possible.

While the disk or raid is in bad state, traffic will not be captured on the device.

Remediation may required:

  • Disk replacement

  • Hardware replacement

  • Manual intervention by support

If hardware or disk replacement is required Vectra support will need the shipping details and address where to send the replacement disk or hardware.

Examples:

hashtag
2. Interface Health : Capture interface flapping

Verify cable or SFP, re-seating or changing the cable or SFP may help.

Was there a scheduled change or event, has the connected switch rebooted?

This message indicates that the interfaces connected to the device were (and are no longer) flapping, this is usually due to wiring issues, switch issues or perhaps scheduled changes causing the switch to reboot. The beginning of the alert "No link flapping" indicates that the link flapping condition is no longer occurring.

If this is a frequent occurrence and verifying the physical connectivity did not resolve the issue please contact Vectra Support.

Examples:

hashtag
3. Bandwidth Drop

This alert fires if there is extended period of no traffic for at least 48 hours.

Sensors that have very low bandwidth (<1 Mbps) typically receive these alerts more frequently due to the high variability in the observed bandwidth.

Examples:

hashtag
4. Sensor connectivity

This alert occurs when a sensor lost connectivity for 7 days. The current threshold will avoid alerting during planned downtime, power outage or relocation of a sensor.

An initial physical and logical connectivity investigation should be performed and the required firewall rules should be validated. Please Vectra support as required.

Examples:

hashtag
**5. Packet processing drop check **

This alert occurs when the packets dropped on the sensor reach above the threshold.

This may be an indication of an oversubscribed sensor or Brain. Please check with Vectra support if you receive such an alert.

Example:

Note: For Match System alerts, please refer to https://support.vectra.ai/s/article/KB-VS-1859arrow-up-right

If your system is running on Respond UX, please refer to document at: https://support.vectra.ai/vectra/article/KB-VS-2665arrow-up-right

PreviousSyslog and Kafka message size limits (QUX)NextSIEM

Last updated

Was this helpful?