# System alerts Vectra will send System Health Alerts for a variety of condition such as Sensor connectivity, capture interface health, or disk health. {% hint style="info" %} **Please Note:** The alerts you see on this page are not a comprehensive list and alerts can be added in the future. For example, [Traffic Validation alerts](https://docs.vectra.ai/deployment/traffic-engineering-and-validation/entv-syscheck-descriptions) were added as a another category of system health alerts in v9.10. {% endhint %} * It is a best practice to enable these alerts to monitor system health or monitor these alerts with the health API endpoint. * Further information on the general system health can be obtained from the command line using the command `show system-health`. Please see [Monitoring the health of Vectra appliances](https://docs.vectra.ai/deployment/appliance-operations/monitoring-appliance-health) for more details. To enable system healt email alerts, go to *Configuration → RESPONSE → Notifications* and enable the setting to **Send system alerts**. ![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-b632f57aeef8a2011c2e45e893990de08013f1db%2Fabd8a00cc687e25b34917d0694894852d835ef8ff01b1d18ae2469986bf91097.png?alt=media) System health alerts can send via webook to some apps. Please see [External App Alerts (webhook)](https://docs.vectra.ai/configuration/response/notifications/external-app-alerts-webhook) for details on webhook alerting. ## **Specific Alert Details** ### **1. Disk Health : Disk read only check or RAID Failure** Contact Vectra Support immediately. If remote support is possible please turn this on. If not please be prepared for remote session with Vectra support to try to diagnose and resolve this issue as quickly as possible. While the disk or raid is in bad state, traffic will not be captured on the device. Remediation may required: * Disk replacement * Hardware replacement * Manual intervention by support If hardware or disk replacement is required Vectra support will need the shipping details and address where to send the replacement disk or hardware. Examples: ``` Disk volume(s) in read-only state on [Serial#] When condition is no longer occurring: "RAID volumes and disk OK on [Serial#]" ``` ### **2. Interface Health : Capture interface flapping** Verify cable or SFP, re-seating or changing the cable or SFP may help. Was there a scheduled change or event, has the connected switch rebooted? This message indicates that the interfaces connected to the device were (and are no longer) flapping, this is usually due to wiring issues, switch issues or perhaps scheduled changes causing the switch to reboot. The beginning of the alert "No link flapping" indicates that the link flapping condition is no longer occurring. If this is a frequent occurrence and verifying the physical connectivity did not resolve the issue please contact Vectra Support. Examples: ```wysiwyg-indent1 Detected link flapping on capture interface(s) eth1, eth0 on [Serial#] When condition is no longer occurring: "No link flapping on capture interface(s) eth3, eth2, eth1, eth0 on [Serial#]" ``` ### **3. Bandwidth Drop** This alert fires if there is extended period of no traffic for at least 48 hours. Sensors that have very low bandwidth (<1 Mbps) typically receive these alerts more frequently due to the high variability in the observed bandwidth. Examples: ``` Detected recent bandwidth drop on capture interface(s). This bandwidth drop has lasted over three days When condition is no longer occurring: "No recent bandwidth drop on capture interface(s)" ``` ### **4. Sensor connectivity** This alert occurs when a sensor lost connectivity for 7 days. The current threshold will avoid alerting during planned downtime, power outage or relocation of a sensor. An initial physical and logical connectivity investigation should be performed and the required [firewall rules](https://docs.vectra.ai/deployment/getting-started/firewall-requirements) should be validated. Please Vectra support as required. Examples: ``` Lost connectivity to headend on {} sensor(s): [Serial#] When condition is no longer occurring: "All paired sensors connected to headend" or "Sensors/Stream have tunnel established on headend" ``` ### 5. Packet processing drop check This alert occurs when the packets dropped on the sensor reach above the threshold. This may be an indication of an oversubscribed sensor or Brain. Please check with Vectra support if you receive such an alert. Example: ``` Packet processing drops observed on " + serial When condition is no longer occurring: Packet processing is healthy on " + serial ``` **Note:** For Match System alerts, please refer to If your system is running on Respond UX, please refer to document at: