Use the information in the following tables to learn about all possible certificate alerts in detail that are raised by Fault Management.
31000 | XCO Certificate Expiry Notice |
---|---|
Description | Send an alert when an XCO certificate is about to expire. |
Preconditions | You cannot configure the system default settings in Certificate
Manager component.
The polling service sends the “CertificateExpiryNoticeAlert” notification with an expiry date. |
Requirements |
Alert shows the following data:
The following example shows an alert when an XCO certificate (for example, App Server Certificate) is about to expire: <116>1 2003-10-11T22:14:15.003Z xco.machine.com FaultManager - - [meta sequenceId=”47”] [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.2.0”] [alert@1916 resource=”/App/System/Security/Certificate?type=app_server_cert” alertId=”31000” cause=”keyExpired” type=”securityServiceOrMechanismViolation” severity=”warning”] [alertData@1916 type=”app_server_cert” expiry_date=”Sep 12 10:00:45 2022 GMT”] BOMThe App Server Certificate on the application will expire soon on “Sep 12 10:00:45 2022 GMT”. |
Health Response | Response{ Resource: /App/System/Security/Certificate?type=app_server_cert HQI { Color: Yellow Value: 1 } StatusText: The App Server Certificate on the application will expire soon on “Sep 12 10:00:45 2022 GMT”. } |
31001 | Managed Device Certificate Expiry Notice |
---|---|
Description | Send an alert when a certificate on the SLX device is about to expire. |
Preconditions |
You cannot configure the default system settings in Inventory Service.
The polling service sends the “DeviceCertificateExpiryNoticeAlert” notification with an expiry date. |
Requirements |
Alert shows the following data:
The following example shows an alert when a certificate (for example, HTTPS Server Certificate) is about to expire on SLX device: <116>1 2022-10-11T22:14:15.003Z xco.machine.com FaultManager - [meta sequenceId=”47”] [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.2.0”] [alert@1916 resource=”/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_cert” alertId=”31001” cause=”keyExpired” type=”securityServiceOrMechanismViolation” severity=”warning”] [alertData@1916 device_ip=”10.10.10.1” type=”https_server_cert” expiry_date=”Sep 12 10:00:45 2022 GMT”] BOMThe HTTPS Server Certificate on device “10.10.10.1” will expire soon on “Sep 12 10:00:45 2022 GMT”. |
Health Response |
Response
{ Resource:/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_cert HQI { Color: Yellow Value: 1 } StatusText: The HTTPS Server Certificate on device “10.10.10.1” will expire soon on “Sep 12 10:00:45 2022 GMT”. } |
31002 | XCO Certificate Expired |
---|---|
Description | Send an alert when an XCO certificate has expired. You will not get this alert when the system is not functional. |
Preconditions | K3s must be up and running Only supports non-k3s cert expiry.
When the App Server Certificate expires, you cannot communicate with XCO via REST API. Therefore, you cannot query the health status. |
Requirements |
Alert shows the following data:
The following example shows an alert when an XCO certificate (for example, App Server Certificate) is expired: <113>1 2003-10-11T22:14:15.003Z xco.machine.com FaultManager - - [meta sequenceId=”47”] [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.2.0”] [alert@1916 resource=”/App/System/Security/Certificate?type=app_server_cert” alertId=”31002” cause=”keyExpired” type=”securityServiceOrMechanismViolation” severity=”critical”] [alertData@1916 type=”app_server_cert” expire_date=”Sep 12 10:00:45 2022 GMT”] BOMThe App Server Certificate on the application has expired on “Sep 12 10:00:45 2022 GMT”. |
Health Response |
Response
{ Resource: /App/System/Security/Certificate?type=app_server_cert HQI { Color: Black Value: 4 } StatusText: The App Server Certificate on the application has expired on “Sep 12 10:00:45 2022 GMT”. } |
31003 | Managed Device Certificate Expired |
---|---|
Description | Send an alert when an SLX certificate has expired |
Preconditions | To allow the RASLog service to receive events from an SLX device,
ensure the device is registered and the SLX syslog server
configuration points to the XCO IP. When a syslog CA certificate
expires, SLX device does not send the syslog alerts to the RASLog
service.
The polling service sends the “DeviceCertificateExpiredNoticeAlert” notification with an expiry date. |
Requirements |
Alert shows the following data:
The following example shows an alert when an SLX certificate (for example, Syslog CA) is expired: <113>1 2022-10-11T22:14:15.003Z xco.machine.com FaultManager - - [meta sequenceId=”47”] [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.2.0”] [alert@1916 resource=”/App/System/Security/Certificate?device_ip=10.10.10.1&type=syslog_ca” alertId=”31003” cause=”keyExpired” type=”securityServiceOrMechanismViolation” severity=”critical”] [alertData@1916 device_ip=”10.10.10.1” type=”syslog_ca” expiry_date=”Sep 12 10:00:45 2022 GMT”] BOMThe Syslog CA on device “10.10.10.1” has expired on “Sep 12 10:00:45 2022 GMT” |
Health Response |
Response { Resource:/App/System/Security/Certificate?device_ip=10.10.10.1&type=syslog_ca HQI { Color: Black Value: 4 } StatusText: The Syslog CA on device “10.10.10.1” has expired on “Sep 12 10:00:45 2022 GMT. } |
31004 | XCO Certificate Upload or Renewal |
---|---|
Description | Send an alert when a certificate is renewed. |
Preconditions |
|
Requirements |
Alert shows the following data:
The following example shows an alert when an XCO certificate is renewed: Syslog RFC-5424 Example: <118>1 2003-10-11T22:14:15.003Z xco.machine.com FaultManager - - [meta sequenceId=”47”] [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.2.0”] [alert@1916 resource=”/App/System/Security/Certificate?type=app_server_cert” alertId=”31004” cause=”keyGenerated” type=”securityServiceOrMechanismViolation” severity=”warning”] [alertData@1916 type=”app_server_cert”] BOMThe App Server Certificate on the application has bee renewed. |
Health Response |
Response
{ Resource: /App/System/Security/Certificate?type=app_server_cert HQI { Color: Green Value: 0 } StatusText: The App Server Certificate on the application has been renewed. } |
31005 | Managed Device Certificate Upload or Renewal |
---|---|
Description | Send an alert when a device certificate is renewed. |
Preconditions |
Sent an alert on renewal of following certificates on devices:
|
Requirements |
Alert shows the following data:
The following example shows an alert when a device certificate is renewed: <118>1 2003-10-11T22:14:15.003Z xco.machine.com FaultManager - - [meta sequenceId=”47”] [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.2.0”] [alert@1916 resource=”/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_cert” alertId=”31005” cause=”keyGenerated” type=”securityServiceOrMechanismViolation” severity=”info”] [alertData@1916 device_iP=”10.10.10.1” type=”https_server_cert”] BOMThe HTTPS Server Certificate on the device 10.10.10.1 has been renewed. |
Health Response |
Response
{ Resource:/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_cert HQI { Color: Green Value: 0 } StatusText: The HTTPS Server Certificate on the device 10.10.10.1 has been renewed. } |
31008 | Managed Device Certificate Expiration Device Removed |
---|---|
Description | Send an alert when an SLX device is removed from a managed device |
Preconditions |
The SLX device is registered in inventory service.
The removed device sends three alerts to clear any unhealthy state in the health service. |
Requirements |
Alert shows the following data:
The following example shows an alert when an SLX device is removed: <118>1 2022-10-11T22:14:15.003Z xco.machine.com FaultManager - - [meta sequenceId=”47”] [origin ip=”10.20.30.40” enterpriseId=”1916” software=”XCO” swVersion=”3.2.0”] [alert@1916 resource=”/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_cert” alertId=”31008” cause=”configRemoved” type=”securityServiceOrMechanismViolation” severity=”info”] [alertData@1916 device_ip=”10.10.10.1” type=”https_server_cert”] BOMThe device 10.10.10.1 has been removed so cleaning up HTTPS Server Certificate |
Health Response |
Response
{ Resource:/App/System/Security/Certificate?device_ip=10.10.10.1&type=https_server_cert HQI { Color: Green Value: 0 } StatusText: The device 10.10.10.1 has been removed so cleaning up HTTPS Server Certificate. } |