Source: https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/templates/net/cisco/cisco_secure_ftd_http
This template provides monitoring capabilities for Cisco Secure Firewall Threat Defense devices using the REST API. It includes metrics for CPU and memory usage, interface statistics, connection tracking, and more.
Zabbix version: 8.0 and higher.
This template has been tested on:
Zabbix should be configured according to the instructions in the Templates out of the box section.
You must set the following macros in the template or host configuration:
{$CISCO.FTD.API.URL}
: The URL of the Cisco Secure Firewall Threat Defense REST API, e.g., https://ftd.example.com/api/fdm/latest
.{$CISCO.FTD.API.USERNAME}
: The username for the API.{$CISCO.FTD.API.PASSWORD}
: The password for the API.{$CISCO.FTD.HTTP_PROXY}
: Optional HTTP proxy for API requests.Name | Description | Default |
---|---|---|
{$CISCO.FTD.HTTP_PROXY} | Sets HTTP proxy value. If this macro is empty then no proxy is used. |
|
{$CISCO.FTD.API.URL} | Cisco Secure Firewall Threat Defense REST API URL. Format example: |
|
{$CISCO.FTD.API.USERNAME} | Cisco Secure Firewall Threat Defense REST API username. |
|
{$CISCO.FTD.API.PASSWORD} | Cisco Secure Firewall Threat Defense REST API password. |
|
{$CISCO.FTD.DATA.TIMEOUT} | Response timeout for the Cisco Secure Firewall Threat Defense REST API. |
15s |
{$CISCO.FTD.DATA.INTERVAL} | Update interval for the HTTP item that retrieves data from the API. Can be used with context if needed (check the context values in relevant items). |
1m |
{$CISCO.FTD.CPU.UTIL.WARN} | Warning threshold for FTD CPU utilization, expressed as a percentage. |
80 |
{$CISCO.FTD.MEMORY.UTIL.WARN} | Warning threshold for FTD memory utilization, expressed as a percentage. |
80 |
{$CISCO.FTD.LLD.FILTER.THROUGHPUT.INTERFACE.NAME.MATCHES} | Filter for discoverable throughput interfaces by name. |
.* |
{$CISCO.FTD.LLD.FILTER.THROUGHPUT.INTERFACE.NAME.NOT_MATCHES} | Filter to exclude discoverable throughput interfaces by name. |
CHANGE_IF_NEEDED |
{$CISCO.FTD.LLD.FILTER.IF.NAME.MATCHES} | Filter for discoverable interface names. |
.* |
{$CISCO.FTD.LLD.FILTER.IF.NAME.NOT_MATCHES} | Filter to exclude discovered interfaces by name. |
CHANGE_IF_NEEDED |
{$CISCO.FTD.LLD.FILTER.IF.DESCR.MATCHES} | Filter for discoverable interface descriptions. |
.* |
{$CISCO.FTD.LLD.FILTER.IF.DESCR.NOT_MATCHES} | Filter to exclude discovered interfaces by description. |
CHANGE_IF_NEEDED |
{$CISCO.FTD.LLD.FILTER.CONN.STATS.NAME.MATCHES} | Filter for discoverable connections by name. |
.* |
{$CISCO.FTD.LLD.FILTER.CONN.STATS.NAME.NOT_MATCHES} | Filter to exclude discovered connections by name. |
CHANGE_IF_NEEDED |
{$CISCO.FTD.LLD.FILTER.ASP.STATS.NAME.MATCHES} | Filter for discoverable Accelerated Security Path dropped packets or connections by name. |
.* |
{$CISCO.FTD.LLD.FILTER.ASP.STATS.NAME.NOT_MATCHES} | Filter to exclude discovered Accelerated Security Path dropped packets or connections by name. |
CHANGE_IF_NEEDED |
{$CISCO.FTD.LLD.FILTER.SNORT.ID.MATCHES} | Filter for discoverable Snort and IDS/IPS statistics by name. |
.* |
{$CISCO.FTD.LLD.FILTER.SNORT.ID.NOT_MATCHES} | Filter to exclude discovered Snort and IDS/IPS statistics by name. |
CHANGE_IF_NEEDED |
{$CISCO.FTD.LLD.FILTER.CPU.NAME.MATCHES} | Filter for discoverable CPUs by name. |
.* |
{$CISCO.FTD.LLD.FILTER.CPU.NAME.NOT_MATCHES} | Filter to exclude discovered CPUs by name. |
CHANGE_IF_NEEDED |
{$CISCO.FTD.LLD.FILTER.PROCESS.NAME.MATCHES} | Filter for discoverable processes by name. |
.* |
{$CISCO.FTD.LLD.FILTER.PROCESS.NAME.NOT_MATCHES} | Filter to exclude discovered processes by name. |
CHANGE_IF_NEEDED |
{$CISCO.FTD.LLD.FILTER.SENSOR.NAME.MATCHES} | Filter for discoverable temperature sensors by name. |
.* |
{$CISCO.FTD.LLD.FILTER.SENSOR.NAME.NOT_MATCHES} | Filter to exclude discovered temperature sensors by name. |
CHANGE_IF_NEEDED |
{$CISCO.FTD.LLD.FILTER.FSNAME.MATCHES} | Filter for discoverable filesystems by name. |
.* |
{$CISCO.FTD.LLD.FILTER.FSNAME.NOT_MATCHES} | Filter to exclude discovered filesystems by name. |
CHANGE_IF_NEEDED |
{$CISCO.FTD.LLD.FILTER.FSMOUNT.MATCHES} | Filter for discoverable filesystems by mount point. |
.* |
{$CISCO.FTD.LLD.FILTER.FSMOUNT.NOT_MATCHES} | Filter to exclude discovered filesystems by mount point. |
CHANGE_IF_NEEDED |
{$CISCO.FTD.TEMP.CRIT} | Critical threshold for the temperature sensor trigger. Can be used with the interface name as context. |
60 |
{$CISCO.FTD.TEMP.WARN} | Warning threshold for the temperature sensor trigger. Can be used with the interface name as context. |
50 |
{$CISCO.FTD.FS.PUSED.WARN} | Threshold for the filesystem utilization trigger. Can be used with the filesystem name as context. |
80 |
{$CISCO.FTD.IF.ERRORS.WARN} | Threshold for the error packet rate warning trigger. Can be used with the interface name as context. |
2 |
{$CISCO.FTD.IF.CONTROL} | Macro for the operational state of the interface for the "link down" trigger. Can be used with the interface name as context. |
1 |
Name | Description | Type | Key and additional info |
---|---|---|---|
Get token | Requests an access token using the |
HTTP agent | cisco.ftd.token.get |
Get device metrics | Collects device metrics from the Cisco Secure FTD API. |
Dependent item | cisco.ftd.device.metrics.get Preprocessing
|
Device metric item errors | Collects errors from device metrics. |
Dependent item | cisco.ftd.device.metrics.get.errors Preprocessing
|
Get operational metrics | Collects device metrics from the Cisco Secure FTD API. |
Dependent item | cisco.ftd.operational.metrics.get Preprocessing
|
Operational metric item errors | Collects errors from operational metrics. |
Dependent item | cisco.ftd.operational.metrics.get.errors Preprocessing
|
CPU utilization | Average CPU utilization. |
Dependent item | cisco.ftd.cpu.utilization Preprocessing
|
Memory utilization | Memory utilization percentage. |
Dependent item | cisco.ftd.memory.utilization Preprocessing
|
Events per second | Average events per second. |
Dependent item | cisco.ftd.events.rate Preprocessing
|
Disc space: Utilization | Total disk space utilization percentage. |
Dependent item | cisco.ftd.disk.total.utilization Preprocessing
|
Disc space: Total | Total disk size in bytes. |
Dependent item | cisco.ftd.disk.total.size Preprocessing
|
Disc space: Used | Total used disk space in bytes. |
Dependent item | cisco.ftd.disk.total.used Preprocessing
|
Storage: Used | Amount of storage used. |
Dependent item | cisco.ftd.storage.usage Preprocessing
|
Storage: Free | Amount of free storage. |
Dependent item | cisco.ftd.storage.free Preprocessing
|
Storage: Total | Amount of total storage. |
Dependent item | cisco.ftd.storage.total Preprocessing
|
Serial number | Serial number of the Cisco Secure FTD. |
Dependent item | cisco.ftd.serialnumber Preprocessing
|
Platform model | Platform model of the Cisco Secure FTD. |
Dependent item | cisco.ftd.model Preprocessing
|
Software version | Software version of the Cisco Secure FTD. |
Dependent item | cisco.ftd.software.version Preprocessing
|
System uptime | The system uptime. |
Dependent item | cisco.ftd.uptime Preprocessing
|
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
Cisco Secure FTD: There are errors in the 'Get device metrics' metric | An error occurred when trying to get device metrics from the Cisco Secure FTD API. |
length(last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.device.metrics.get.errors))>0 |
Warning | |
Cisco Secure FTD: There are errors in the 'Get operational metrics' metric | An error occurred when trying to get operational metrics from the Cisco Secure FTD API. |
length(last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.operational.metrics.get.errors))>0 |
Warning | |
Cisco Secure FTD: High CPU utilization | CPU utilization is too high. The system might be slow to respond. |
min(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.cpu.utilization,15m)>{$CISCO.FTD.CPU.UTIL.WARN} |
Warning | |
Cisco Secure FTD: High memory utilization | RAM utilization is too high. The system might be slow to respond. |
min(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.memory.utilization,15m) >= {$CISCO.FTD.MEMORY.UTIL.WARN} |
Average | |
Cisco Secure FTD: Device has been replaced | The device serial number has changed. Acknowledge to close the problem manually. |
last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.serialnumber,#1)<>last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.serialnumber,#2) and length(last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.serialnumber))>0 |
Info | Manual close: Yes |
Cisco Secure FTD: Device has been restarted | The host uptime is less than 10 minutes. |
last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.uptime)<10m |
Info | Manual close: Yes |
Name | Description | Type | Key and additional info |
---|---|---|---|
Throughput discovery | Discovery of throughput interfaces from the Cisco Secure FTD API. |
Dependent item | cisco.ftd.throughput.discovery Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
Interface [{#NAME}]: Throughput | Throughput of the |
Dependent item | cisco.ftd.interface.throughput["{#NAME}"] Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
Interface discovery | Discovery of interfaces from the Cisco Secure FTD API. |
Dependent item | cisco.ftd.interface.discovery Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
Interface [{#NAME}][{#DESCR}]: Get metric data | Gets data from the interface |
Dependent item | cisco.ftd.interface.get["{#NAME}","{#DESCR}"] Preprocessing
|
Interface [{#NAME}][{#DESCR}]: Incoming traffic | Input traffic |
Dependent item | cisco.ftd.net.if.in.traffic["{#NAME}"] Preprocessing
|
Interface [{#NAME}][{#DESCR}]: Outgoing traffic | Outgoing traffic |
Dependent item | cisco.ftd.interface.out.traffic["{#NAME}"] Preprocessing
|
Interface [{#NAME}][{#DESCR}]: Input packets | Input packets |
Dependent item | cisco.ftd.interface.input.packets["{#NAME}"] Preprocessing
|
Interface [{#NAME}][{#DESCR}]: Output packets | Output packets |
Dependent item | cisco.ftd.interface.output.packets["{#NAME}"] Preprocessing
|
Interface [{#NAME}][{#DESCR}]: Input errors | Input errors |
Dependent item | cisco.ftd.interface.input.errors["{#NAME}"] Preprocessing
|
Interface [{#NAME}][{#DESCR}]: Output errors | Output errors |
Dependent item | cisco.ftd.interface.output.errors["{#NAME}"] Preprocessing
|
Interface [{#NAME}][{#DESCR}]: Dropped packets | Number of dropped packets per second |
Dependent item | cisco.ftd.interface.drop.packets["{#NAME}"] Preprocessing
|
Interface [{#NAME}][{#DESCR}]: Status | Status |
Dependent item | cisco.ftd.interface.status["{#NAME}"] Preprocessing
|
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
Cisco Secure FTD: Interface [{#NAME}][{#DESCR}]: High input error rate | Recovers when below 80% of the |
min(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.interface.input.errors["{#NAME}"],5m)>{$CISCO.FTD.IF.ERRORS.WARN:"{#IFNAME}"} |
Warning | Depends on:
|
Cisco Secure FTD: Interface [{#NAME}][{#DESCR}]: High output error rate | Recovers when below 80% of the |
min(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.interface.output.errors["{#NAME}"],5m)>{$CISCO.FTD.IF.ERRORS.WARN:"{#IFNAME}"} |
Warning | Depends on:
|
Cisco Secure FTD: Interface [{#NAME}][{#DESCR}]: Link down | This trigger expression works as follows: |
{$CISCO.FTD.IF.CONTROL:"{#IFNAME}"}=1 and (last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.interface.status["{#NAME}"])=0) |
Average |
Name | Description | Type | Key and additional info |
---|---|---|---|
Connection discovery | Discovery of connection statistics from the Cisco Secure FTD API. |
Dependent item | cisco.ftd.conn_stats.discovery Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
Statistic [{#NAME}][{#METRIC}] | Connection statistic for |
Dependent item | cisco.ftd.conn_stats["{#NAME}","{#METRIC}"] Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
ASP drop discovery | Discovery of the Accelerated Security Path drops or connections from the Cisco Secure FTD API. |
Dependent item | cisco.ftd.asp_drops.discovery Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
ASP [{#METRIC}] | Number of Accelerated Security Path (ASP) drops per second for |
Dependent item | cisco.ftd.asp_drops["{#ID}"] Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
Snort discovery | Discovery of Snort and IDS/IPS statistics from the Cisco Secure FTD API. |
Dependent item | cisco.ftd.snort.discovery Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
Statistic [{#NAME}][{#METRIC}] | Discovery of Snort |
Dependent item | cisco.ftd.snort["{#ID}"] Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
CPU discovery | Discovery of CPU monitoring entries from the Cisco Secure FTD API. |
Dependent item | cisco.ftd.cpu.discovery Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
CPU [{#METRIC}] utilization | Discovery of CPU |
Dependent item | cisco.ftd.cpu.util["{#NAME}"] Preprocessing
|
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
Cisco Secure FTD: High CPU [{#METRIC}] utilization | CPU utilization is too high. The system might be slow to respond. |
min(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.cpu.util["{#NAME}"],15m)>{$CISCO.FTD.CPU.UTIL.WARN:"{#NAME}"} |
Warning |
Name | Description | Type | Key and additional info |
---|---|---|---|
Memory utilization discovery | Discovery of utilization memory monitoring entries from the Cisco Secure FTD API. |
Dependent item | cisco.ftd.memory.util.discovery Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
Memory [{#METRIC}] utilization | Discovery of memory |
Dependent item | cisco.ftd.memory.util["{#NAME}"] Preprocessing
|
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
Cisco Secure FTD: High memory utilization | Memory utilization is too high. The system might be slow to respond. |
min(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.memory.util["{#NAME}"],15m)>{$CISCO.FTD.MEMORY.UTIL.WARN:"{#NAME}"} |
Warning |
Name | Description | Type | Key and additional info |
---|---|---|---|
Memory discovery | Discovery of memory monitoring entries from the Cisco Secure FTD API. |
Dependent item | cisco.ftd.memory.discovery Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
Memory [{#METRIC}] | Amount of memory in bytes for |
Dependent item | cisco.ftd.memory["{#NAME}"] Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
Mounted filesystem discovery | Discovery of mounted filesystems from the Cisco Secure FTD API. |
Dependent item | cisco.ftd.vfs.fs.discovery Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
FS [{#FSNAME}][{#FSMOUNT}]: Space utilization | Calculated as the percentage of the currently used space compared to the maximum available space. |
Dependent item | cisco.ftd.fs.pused["{#FSNAME}","{#FSMOUNT}"] Preprocessing
|
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
Cisco Secure FTD: FS [{#FSNAME}][{#FSMOUNT}]: Space is low | The trigger expression is based on the current used and maximum available space. The system might be slow to respond. |
min(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.fs.pused["{#FSNAME}","{#FSMOUNT}"],15m)>{$CISCO.FTD.FS.PUSED.WARN:"{#FSNAME}"} |
Warning |
Name | Description | Type | Key and additional info |
---|---|---|---|
Critical process discovery | Discovery of critical process statistics from the Cisco Secure FTD API. |
Dependent item | cisco.ftd.critical_process.discovery Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
Process [{#ID}]: Uptime | Uptime of process |
Dependent item | cisco.ftd.critical_process.uptime["{#ID}"] Preprocessing
|
Process [{#ID}]: Status | Status of process |
Dependent item | cisco.ftd.critical_process.status["{#ID}"] Preprocessing
|
Process [{#ID}]: Restart count | Restart count of process |
Dependent item | cisco.ftd.critical_process.restart_count["{#ID}"] Preprocessing
|
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
Cisco Secure FTD: Process [{#ID}]: Status failed | Process |
last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.critical_process.status["{#ID}"])=3 |
Average | |
Cisco Secure FTD: Process [{#ID}]: Status stopped | Process |
last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.critical_process.status["{#ID}"])=1 |
Average |
Name | Description | Type | Key and additional info |
---|---|---|---|
Temperature sensor discovery | Discovery of temperature sensors from the Cisco Secure FTD API. |
Dependent item | cisco.ftd.temp.discovery Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
Temperature [{#SENSOR}] | Temperature of sensor |
Dependent item | cisco.ftd.sensor.temp.value["{#SENSOR}"] Preprocessing
|
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
Cisco Secure FTD: Temperature is above critical threshold | This trigger uses temperature sensor values as well as the temperature sensor status, if available. |
avg(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.sensor.temp.value["{#SENSOR}"],5m)>{$CISCO.FTD.TEMP.CRIT:"{#SENSOR}"} |
High | |
Cisco Secure FTD: Temperature is above warning threshold | This trigger uses temperature sensor values as well as the temperature sensor status, if available. |
avg(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.sensor.temp.value["{#SENSOR}"],5m)>{$CISCO.FTD.TEMP.WARN:"{#SENSOR}"} |
Warning | Depends on:
|
Name | Description | Type | Key and additional info |
---|---|---|---|
PSU discovery | Discovery of PSU sensors. |
Dependent item | cisco.ftd.psu.discovery Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
Power supply [{#SENSOR}] | Power supply unit |
Dependent item | cisco.ftd.sensor.psu.pwr[{#SENSOR}] Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
FAN discovery | Discovery of FAN sensors. |
Dependent item | cisco.ftd.fan.discovery Preprocessing
|
Name | Description | Type | Key and additional info |
---|---|---|---|
Fan speed [{#NAME}] | FAN |
Dependent item | cisco.ftd.sensor.fan.rpm[{#SENSOR}] Preprocessing
|
Please report any issues with the template at https://support.zabbix.com
You can also provide feedback, discuss the template, or ask for help at ZABBIX forums