Cisco Systems 5, NAM Alarm Action Configuration

2-37

User Guide for the Cisco Network Analysis Module (NAM) Traffic Analyzer, 5.0

OL-22617-01

Chapter 2 Setting Up The NAM Traffic Analyzer

Alarms

Note You could see two alarms for the same occurrence if both the source and the destination are in the same

site.

When you choose Setup > Alarms > Actions, you will see events that have been created. See Table 2-13,

Alarm Configuration for descriptions of the fields.

Alarm Action Configuration

When a threshold’s rising water mark is crossed, the alarm condition is met. This will trigger the alarm

action to take effect. The NAM supports the following alarm actions:

• E-mail syslog: An alarm action that e-mails the syslog content of the alarm condition. To avoid

e-mail flooding the network, the NAM does not send more than five e-mails in any given hour.

• Trap: An alarm action that sends NAM trap message to one or more trap servers. Any trap server

that has the same community string will receive the trap message. The NAM use Cisco Syslog MIB

in the trap message. To avoid trap flooding, the NAM’s limit is ten trap messages per interval.

• Remote syslog: An alarm action that sends syslog messages to remote syslog servers. The NAM’s

limit is ten syslog messages per interval to avoid flooding the network.

• Trigger capture: An alarm action to start or stop a pre-defined capture session.

The NAM supports any combination of the above four actions in one alarm condition.

Tab l e 2-13 Alarm Configuration

Field Description

Name Name given to the alarm at setup.

Email If turned on, will show “Enable”. If not turned on,

will show “Disable.” E-mail server settings are

configured on Administration > System >

E-Mail Setting.

Trap If configured, will show “Community: xxxxx” as

configured on Administration > System >

SNMP Trap Setting. If not configured, will be

blank.

Trigger Capture If configured, will show “Session:xxxxx” as

configured on Capture > Packet

Capture/Decode > Sessions. If no captures are

configured, will be blank.

Syslog Remote If turned on, will say “Enable”. If turned off, will

say “Disable.” Settings configured on

Administration > System > Syslog Setting.

Status “Missing Trap” means that the trap configured for

that alarm action has been deleted.

“OK” means the Alarm action was successfully

created.

Contents

Main Page CONTENTS Page Page Page Page Page Page Page About This Guide Chapter Overview Audience Conventions Notices Obtaining Documentation and Submitting a Service Request Page Overview Introducing NAM Traffic Analyzer 5.0 Dashboards Logical Site New Application Classification Architecture Standards-Based NBI NetFlow v9 Data Export Historical Analysis SNMP v3 Support -- NAM to Router/Switch Support Overview of the NAM Platforms Logging In Navigating the User Interface Common Navigation and Control Elements Menu Bar Detailed Views Context Menus Quick Capture Interactive Report Chart View / Grid View Mouse-Over for Details Zoom/Pan Charts Page Context-Sensitive Online Help Understanding How the NAM Works Page Understanding How the NAM Uses SPAN Understanding How the NAM Uses VACLs Understanding How the NAM Uses NDE Understanding How the NAM Uses WAAS Configuration Overview Page Configuring and Viewing Data Cisco WAAS NAM Virtual Service Blade Setting Up The NAM Traffic Analyzer Default Functions Traffic Analysis Application Response Time Metrics Voice Signaling/RTP Stream Monitoring Traffic Usage Statistics Traffic SPAN About SPAN Sessions Page Page Creating a SPAN Session Page Editing a SPAN Session Deleting a SPAN Session Data Sources SPAN ERSPAN Enabling Auto-Creation of ERSPAN Data Sources Using the Web GUI Enabling Auto-Creation of ERSPAN Data Sources Using the CLI Disabling Auto-Creation of ERSPAN Data Sources Using the Web GUI Disabling Auto-Creation of ERSPAN Data Sources Using the CLI Creating ERSPAN Data Sources Using the Web GUI Creating ERSPAN Data Sources Using the CLI Deleting ERSPAN Data Sources Using the Web GUI Deleting ERSPAN Data Sources Using the CLI Configuring ERSPAN on Devices VACL Configuring VACL on a WAN Interface Configuring VACL on a LAN VLAN NetFlow Understanding NetFlow Interfaces Understanding NetFlow Flow Records Managing NetFlow Data Sources Configuring NetFlow on Devices Page Enabling Auto-Creation of NetFlow Data Sources Using the Web GUI Enabling Auto-Creation of NetFlow Data Sources Using the CLI Disabling Auto-Creation of NetFlow Data Sources Using the Web GUI Disabling Auto-Creation of NetFlow Data Sources Using the CLI Creating NetFlow Data Sources Using the Web GUI Page Creating NetFlow Data Sources Using the CLI 2-26 assigned to the new device, you will need it to create the data source! shown here: Step 8 Enter ? to see all the command options available, as in the example below: Step 9 Enter the device ID from Step 4 (required): Deleting NetFlow Data Sources Using the Web GUI Deleting NetFlow Data Sources Using the CLI Testing NetFlow Devices WAAS Understanding WAAS Response Time Monitoring from WAAS Data Sources Monitoring Client Data Sources Monitoring WAN Data Sources Monitoring Server Data Sources Deployment Scenarios Managing WAAS Devices Adding Data Sources for New WAAS Device Editing WAAS Data Sources Deleting a WAAS Data Source Auto Create of New WAAS Devices Hardware Deduplication Alarms Alarm Actions Alarm Action Configuration Editing Alarm Actions Deleting Alarm Actions Thresholds Setting Host Thresholds Setting Conversation Thresholds Setting Application Thresholds Setting Response Time Thresholds Setting DSCP Thresholds Setting RTP Stream Thresholds Setting Voice Signaling Thresholds Setting NDE Interface Thresholds Editing an Alarm Threshold Deleting a NAM Threshold User Scenario Data Export NetFlow Viewing Configured NetFlow Exports Configuring NetFlow Data Export Page Editing NetFlow Data Export Scheduled Exports Editing a Scheduled Export Deleting a Scheduled Export Custom Export Managed Device Device Information Page NBAR Protocol Discovery Network Sites Definition Rules Specifying a Site Using Subnets Specifying a Site Using WAE devices (WAAS Data Sources) Specifying a Site Using Multiple Rules Resolving Ambiguity (Overlapping Site Definitions) Viewing Defined Sites Defining a Site Page Subnet Detection Editing a Site NDE Interface Capacity Creating an NDE Interface DSCP Groups Creating a DSCP Group Editing a DSCP Group Deleting a DSCP Group Classification Applications Creating a New Application Editing an Application Deleting a Protocol Application Groups Creating an Application Group Editing an Application Group Deleting an Application Group URL-based Applications Example Editing a URL-Based Application Deleting a URL-based Application Encapsulations Monitoring Aggregation Intervals Response Time Voice RTP Filter URL Enabling a URL Collection Changing a URL Collection Disabling a URL Collection WAAS Monitored Servers Adding a WAAS Monitored Server Deleting a WAAS Monitored Server Monitoring and Analysis Navigation Context Menus Interactive Report Saving Filter Parameters Traffic Summary Response Time Summary Site Summary Alarm Summary Page Analyzing Traffic Application Hosts Detail Host Applications Detail NDE Interface Traffic Analysis Viewing Interface Details DSCP Detail DSCP Application Groups Detail URL Hits Viewing Collected URLs Filtering a URL Collection List Host Conversations Network Conversation Top Application Traffic Page Application Traffic By Host WAN Optimization Top Talkers Detail Application Performance Analysis Transaction Time (Client Experience) Traffic Volume and Compression Ratio Average Concurrent Connections (Optimized vs. Passthru) Multi-Segment Network Time (Client LAN - WAN - Server LAN) Response Time Page Page Application Response Time Network Response Time Server Response Time Client Response Time Client-Server Response Time Server Application Responses Server Application Transactions Server Network Responses Client-Server Application Responses Client-Server Application Transactions Client-Server Network Responses Managed Device Interface Interfaces Stats Table Interface Statistics Over Time Health Switch Health Chassis Health Chassis Information Crossbar Switching Fabric Ternary Content Addressable Memory Information Router Health Router Health Router Information NBAR Media RTP Streams Purpose Monitoring RTP Streams Voice Call Statistics Calls Table Page RTP Conversation Page Page Capturing and Decoding Packet Data Sessions Viewing Capture Sessions Configuring Capture Sessions Page Page Software Filters Creating a Software Filter Page Page Editing a Software Capture Filter Hardware Assisted Filters Configuring a Hardware Filter VLAN VLAN and IP IP IP and TCP/UDP IP and Payload Data Payload Data Files Page Analyzing Capture Files Error Scan Downloading Capture Files Deleting a Capture File Deleting Multiple Files Viewing Packet Decode Information Browsing Packets in the Packet Decoder Filtering Packets Displayed in the Packet Decoder Viewing Detailed Protocol Decode Information Using Alarm-Triggered Captures Custom Display Filters Creating Custom Display Filters Page Tips for Creating Custom Decode Filter Expressions Editing Custom Display Filters Deleting Custom Display Filters Page User and System Administration System Administration Resources Network Parameters SNMP Agent Working with NAM Community Strings Creating NAM Community Strings Deleting NAM Community Strings Testing the Router Community Strings System Time Synchronizing the NAM System Time with the Switch or Router Synchronizing the NAM System Time Locally Configuring the NAM System Time with an NTP Server E-Mail Setting Web Data Publication Capture Data Storage Creating NFS Storage Locations Configuring the NFS Server Configuring the NFS Storage Location on the NAM Editing NFS Storage Locations Creating iSCSI Storage Locations Editing iSCSI Storage Locations Syslog Setting SNMP Trap Setting Creating a NAM Trap Destination Editing a NAM Trap Destination Deleting a NAM Trap Destination Preferences Diagnostics System Alerts Audit Trail Tech Support User Administration Local Database Recovering Passwords Changing Predefined NAM User Accounts on the Switch or Router Creating a New User Editing a User Deleting a User Establishing TACACS+ Authentication and Authorization Configuring a TACACS+ Server to Support NAM Authentication and Authorization Configuring a Cisco ACS TACACS+ Server Adding a NAM User or User Group Configuring a Generic TACACS+ Server Current User Sessions NAM Traffic Analyzer 5.0 Usage Scenarios Deployment Deploying NAMs in the Branch Deploying NAMs for Voice/Video applications Deploying NAMs for WAN Optimization Deploying Multi-NAM Consolidation Autodiscovery Capabilities of NAM Creating Custom Applications Utilizing Sites to Create a Geographically Familiar Deployment Integrating NAM with Third Party Reporting Tools Integrating NAM with LMS Monitoring Understanding Traffic Patterns at the Network Layer Understanding Traffic patterns for DiffServ-Enabled Networks Using NAM to Evaluate Application-Level Performance Monitoring for TCP-Interactive Applications Using NAM to Evaluate Application-Level Performance Monitoring for UDP Realtime Applications Troubleshooting Using NAM for Problem Isolation Using NAM for SmartGrid Visibility APPENDIX A Troubleshooting General NAM Issues Error Messages Packet Drops NAM Not Responding NAM Behavior WAAS Troubleshooting Page APPENDIX B Supported MIB Objects Supported MIBs Page Page Page INDEX A C D E F G H I M O P R S T U V W