68-4
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 68 Health and Performance Monitoring
Preparing for Health and Performance Monitoring
You can control access to the Health and Performance Monitoring administrative settings page (in
Security Manager’s Configuration Manager) where HPM is enabled or disabled, as described in
Health and Performance Monitoring Page, page 11-25. The user must have the Modify > Policies >
HPM Admin privilege to access this page (or any other administrative settings page). All default
ACS roles except Help Desk can view the page, but only System Administrators can change the
setting.
For information on integrating Security Manager with Cisco Secure ACS, see the Installation Guide for
Cisco Security Manager.
Preparing for Health and Performance Monitoring
In order to use the Health and Performance Monitor (HPM), you must configure Security Manager,
enable the HPM application, and configure device monitoring, as follows:
Basic Threat Detection must be enabled on ASA 8.0+ devices in order to monitor metrics such as
ACL Dropped Packets, Scanning Threat Dropped Packets, Inspection Dropped Packets, and Syn
Attack Dropped Packets. (Basic Threat Detection is enabled by default on these ASA devices.)
To receive alert notifications via email, you must have configured the SMTP server and
administrator email ID on the System Preferences page of the Security Manager server. See the
Installation Guide for Cisco Security Manager for more information. (Specifying email addresses
for alert notifications from the Health and Performance Monitor application is described in Alerts:
Configuring, page 68-31.)
Health and Performance Monitoring must be enabled in Security Manager, as described in Health
and Performance Monitoring Page, page 11-25.
In HPM, specify the devices to be monitored, in both Normal and Priority modes, as described in
Managing Monitored Devices, page 68-5.
Note To prevent read time-outs for ASAs, those devices must be configured to use only certain
SSL/TLS protocol versions when acting as a server, as described in Setting Up SSL
(HTTPS) on PIX Firewall, ASA and FWSM Devices, page 2-3.
Enable and configure the device threshold values and state-change rules that define when alerts and
email notifications are triggered. This process is described in Alerts: Configuring, page68-31.
Note We also recommend configuring monitored devices to use a Network Time Protocol (NTP) server for
synchronized timing. See NTP Page, page 51-19 for more information.
After you have completed these steps, HPM begins polling the specified devices and displays health
information and alerts.
Launching the Health and Performance Monitor
Use the Health and Performance Monitor (HPM) to view status information and alerts collected from
monitored firewall and IPS devices across your network. For more information about selecting devices
for monitoring, see Managing Monitored Devices, page 68-5.
To launch HPM, do any one of the following: