Cisco Secure Firewall Threat Defense by HTTP
All Cisco Devices (10)
Default (1)
Cisco Catalyst 3700 (5)
Cisco SD-WAN (1)
Cisco Nexus 9000 Series (1)
Cisco ASAv (1)

Source: https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/templates/net/cisco/cisco_secure_ftd_http

Cisco Secure Firewall Threat Defense by HTTP

Overview

This template provides monitoring capabilities for Cisco Secure Firewall Threat Defense devices using the REST API. It includes metrics for CPU and memory usage, interface statistics, connection tracking, and more.

Requirements

Zabbix version: 8.0 and higher.

Tested versions

This template has been tested on:

  • Cisco Secure Firewall 3120 Threat Defense, Software 7.2.8-25

Configuration

Zabbix should be configured according to the instructions in the Templates out of the box section.

Setup

You must set the following macros in the template or host configuration:

  • {$CISCO.FTD.API.URL}: The URL of the Cisco Secure Firewall Threat Defense REST API, e.g., https://ftd.example.com/api/fdm/latest.
  • {$CISCO.FTD.API.USERNAME}: The username for the API.
  • {$CISCO.FTD.API.PASSWORD}: The password for the API.
  • {$CISCO.FTD.HTTP_PROXY}: Optional HTTP proxy for API requests.

Macros used

Name Description Default
{$CISCO.FTD.HTTP_PROXY}

Sets HTTP proxy value. If this macro is empty then no proxy is used.
{$CISCO.FTD.API.URL}

Cisco Secure Firewall Threat Defense REST API URL. Format example: https://ftd.example.com/api/fdm/latest
{$CISCO.FTD.API.USERNAME}

Cisco Secure Firewall Threat Defense REST API username.
{$CISCO.FTD.API.PASSWORD}

Cisco Secure Firewall Threat Defense REST API password.
{$CISCO.FTD.DATA.TIMEOUT}

Response timeout for the Cisco Secure Firewall Threat Defense REST API.

 15s
{$CISCO.FTD.DATA.INTERVAL}

Update interval for the HTTP item that retrieves data from the API. Can be used with context if needed (check the context values in relevant items).

 1m
{$CISCO.FTD.CPU.UTIL.WARN}

Warning threshold for FTD CPU utilization, expressed as a percentage.

 80
{$CISCO.FTD.MEMORY.UTIL.WARN}

Warning threshold for FTD memory utilization, expressed as a percentage.

 80
{$CISCO.FTD.LLD.FILTER.THROUGHPUT.INTERFACE.NAME.MATCHES}

Filter for discoverable throughput interfaces by name.

 .*
{$CISCO.FTD.LLD.FILTER.THROUGHPUT.INTERFACE.NAME.NOT_MATCHES}

Filter to exclude discoverable throughput interfaces by name.

 CHANGE_IF_NEEDED
{$CISCO.FTD.LLD.FILTER.IF.NAME.MATCHES}

Filter for discoverable interface names.

 .*
{$CISCO.FTD.LLD.FILTER.IF.NAME.NOT_MATCHES}

Filter to exclude discovered interfaces by name.

 CHANGE_IF_NEEDED
{$CISCO.FTD.LLD.FILTER.IF.DESCR.MATCHES}

Filter for discoverable interface descriptions.

 .*
{$CISCO.FTD.LLD.FILTER.IF.DESCR.NOT_MATCHES}

Filter to exclude discovered interfaces by description.

 CHANGE_IF_NEEDED
{$CISCO.FTD.LLD.FILTER.CONN.STATS.NAME.MATCHES}

Filter for discoverable connections by name.

 .*
{$CISCO.FTD.LLD.FILTER.CONN.STATS.NAME.NOT_MATCHES}

Filter to exclude discovered connections by name.

 CHANGE_IF_NEEDED
{$CISCO.FTD.LLD.FILTER.ASP.STATS.NAME.MATCHES}

Filter for discoverable Accelerated Security Path dropped packets or connections by name.

 .*
{$CISCO.FTD.LLD.FILTER.ASP.STATS.NAME.NOT_MATCHES}

Filter to exclude discovered Accelerated Security Path dropped packets or connections by name.

 CHANGE_IF_NEEDED
{$CISCO.FTD.LLD.FILTER.SNORT.ID.MATCHES}

Filter for discoverable Snort and IDS/IPS statistics by name.

 .*
{$CISCO.FTD.LLD.FILTER.SNORT.ID.NOT_MATCHES}

Filter to exclude discovered Snort and IDS/IPS statistics by name.

 CHANGE_IF_NEEDED
{$CISCO.FTD.LLD.FILTER.CPU.NAME.MATCHES}

Filter for discoverable CPUs by name.

 .*
{$CISCO.FTD.LLD.FILTER.CPU.NAME.NOT_MATCHES}

Filter to exclude discovered CPUs by name.

 CHANGE_IF_NEEDED
{$CISCO.FTD.LLD.FILTER.PROCESS.NAME.MATCHES}

Filter for discoverable processes by name.

 .*
{$CISCO.FTD.LLD.FILTER.PROCESS.NAME.NOT_MATCHES}

Filter to exclude discovered processes by name.

 CHANGE_IF_NEEDED
{$CISCO.FTD.LLD.FILTER.SENSOR.NAME.MATCHES}

Filter for discoverable temperature sensors by name.

 .*
{$CISCO.FTD.LLD.FILTER.SENSOR.NAME.NOT_MATCHES}

Filter to exclude discovered temperature sensors by name.

 CHANGE_IF_NEEDED
{$CISCO.FTD.LLD.FILTER.FSNAME.MATCHES}

Filter for discoverable filesystems by name.

 .*
{$CISCO.FTD.LLD.FILTER.FSNAME.NOT_MATCHES}

Filter to exclude discovered filesystems by name.

 CHANGE_IF_NEEDED
{$CISCO.FTD.LLD.FILTER.FSMOUNT.MATCHES}

Filter for discoverable filesystems by mount point.

 .*
{$CISCO.FTD.LLD.FILTER.FSMOUNT.NOT_MATCHES}

Filter to exclude discovered filesystems by mount point.

 CHANGE_IF_NEEDED
{$CISCO.FTD.TEMP.CRIT}

Critical threshold for the temperature sensor trigger. Can be used with the interface name as context.

 60
{$CISCO.FTD.TEMP.WARN}

Warning threshold for the temperature sensor trigger. Can be used with the interface name as context.

 50
{$CISCO.FTD.FS.PUSED.WARN}

Threshold for the filesystem utilization trigger. Can be used with the filesystem name as context.

 80
{$CISCO.FTD.IF.ERRORS.WARN}

Threshold for the error packet rate warning trigger. Can be used with the interface name as context.

 2
{$CISCO.FTD.IF.CONTROL}

Macro for the operational state of the interface for the "link down" trigger. Can be used with the interface name as context.

 1

Items

Name Description Type Key and additional info
Get token

Requests an access token using the password grant type (username and password).

 HTTP agent cisco.ftd.token.get
Get device metrics

Collects device metrics from the Cisco Secure FTD API.

 Dependent item cisco.ftd.device.metrics.get

Preprocessing

  • JavaScript: The text is too long. Please see the template.
Device metric item errors

Collects errors from device metrics.

 Dependent item cisco.ftd.device.metrics.get.errors

Preprocessing

  • JSON Path: $.error

    ⛔️Custom on fail: Set value to

  • Discard unchanged with heartbeat: 1h
Get operational metrics

Collects device metrics from the Cisco Secure FTD API.

 Dependent item cisco.ftd.operational.metrics.get

Preprocessing

  • JavaScript: The text is too long. Please see the template.
Operational metric item errors

Collects errors from operational metrics.

 Dependent item cisco.ftd.operational.metrics.get.errors

Preprocessing

  • JSON Path: $.error

    ⛔️Custom on fail: Set value to

  • Discard unchanged with heartbeat: 1h
CPU utilization

Average CPU utilization.

 Dependent item cisco.ftd.cpu.utilization

Preprocessing

  • JSON Path: $.cpu.items..avgUsage.first()
Memory utilization

Memory utilization percentage.

 Dependent item cisco.ftd.memory.utilization

Preprocessing

  • JSON Path: $.memory.items..avgUsage.first()

    ⛔️Custom on fail: Discard value
Events per second

Average events per second.

 Dependent item cisco.ftd.events.rate

Preprocessing

  • JSON Path: $.eps.items..avgEps.first()

  • Change per second
Disc space: Utilization

Total disk space utilization percentage.

 Dependent item cisco.ftd.disk.total.utilization

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value

  • Discard unchanged with heartbeat: 1h
Disc space: Total

Total disk size in bytes.

 Dependent item cisco.ftd.disk.total.size

Preprocessing

  • JSON Path: $[?(@.name == "disk_stats.total.size")].value.first()

    ⛔️Custom on fail: Discard value

  • Discard unchanged with heartbeat: 1h
Disc space: Used

Total used disk space in bytes.

 Dependent item cisco.ftd.disk.total.used

Preprocessing

  • JSON Path: $[?(@.name == "disk_stats.total.used")].value.first()

    ⛔️Custom on fail: Discard value

  • Discard unchanged with heartbeat: 1h
Storage: Used

Amount of storage used.

 Dependent item cisco.ftd.storage.usage

Preprocessing

  • JSON Path: $.disk.used

    ⛔️Custom on fail: Discard value

  • Custom multiplier: 1073741824

  • Discard unchanged with heartbeat: 1h
Storage: Free

Amount of free storage.

 Dependent item cisco.ftd.storage.free

Preprocessing

  • JSON Path: $.disk.free

    ⛔️Custom on fail: Discard value

  • Custom multiplier: 1073741824

  • Discard unchanged with heartbeat: 1h
Storage: Total

Amount of total storage.

 Dependent item cisco.ftd.storage.total

Preprocessing

  • JSON Path: $.disk.total

    ⛔️Custom on fail: Discard value

  • Custom multiplier: 1073741824

  • Discard unchanged with heartbeat: 1h
Serial number

Serial number of the Cisco Secure FTD.

 Dependent item cisco.ftd.serialnumber

Preprocessing

  • JSON Path: $.systeminfo.serialNumber

  • Discard unchanged with heartbeat: 24h
Platform model

Platform model of the Cisco Secure FTD.

 Dependent item cisco.ftd.model

Preprocessing

  • JSON Path: $.systeminfo.platformModel

  • Discard unchanged with heartbeat: 12h
Software version

Software version of the Cisco Secure FTD.

 Dependent item cisco.ftd.software.version

Preprocessing

  • JSON Path: $.systeminfo.softwareVersion

  • Discard unchanged with heartbeat: 12h
System uptime

The system uptime.

 Dependent item cisco.ftd.uptime

Preprocessing

  • JSON Path: $.systeminfo.systemUptime

  • JavaScript: The text is too long. Please see the template.

Triggers

Name Description Expression Severity Dependencies and additional info
Cisco Secure FTD: There are errors in the 'Get device metrics' metric

An error occurred when trying to get device metrics from the Cisco Secure FTD API.

 length(last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.device.metrics.get.errors))>0 Warning
Cisco Secure FTD: There are errors in the 'Get operational metrics' metric

An error occurred when trying to get operational metrics from the Cisco Secure FTD API.

 length(last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.operational.metrics.get.errors))>0 Warning
Cisco Secure FTD: High CPU utilization

CPU utilization is too high. The system might be slow to respond.

 min(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.cpu.utilization,15m)>{$CISCO.FTD.CPU.UTIL.WARN} Warning
Cisco Secure FTD: High memory utilization

RAM utilization is too high. The system might be slow to respond.

 min(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.memory.utilization,15m) >= {$CISCO.FTD.MEMORY.UTIL.WARN} Average
Cisco Secure FTD: Device has been replaced

The device serial number has changed. Acknowledge to close the problem manually.

 last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.serialnumber,#1)<>last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.serialnumber,#2) and length(last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.serialnumber))>0 Info Manual close: Yes
Cisco Secure FTD: Device has been restarted

The host uptime is less than 10 minutes.

 last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.uptime)<10m Info Manual close: Yes

LLD rule Throughput discovery

Name Description Type Key and additional info
Throughput discovery

Discovery of throughput interfaces from the Cisco Secure FTD API.

 Dependent item cisco.ftd.throughput.discovery

Preprocessing

  • JSON Path: $.throughput.items

  • JavaScript: The text is too long. Please see the template.

  • Discard unchanged with heartbeat: 3h

Item prototypes for Throughput discovery

Name Description Type Key and additional info
Interface [{#NAME}]: Throughput

Throughput of the {#NAME} interface.

 Dependent item cisco.ftd.interface.throughput["{#NAME}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value

  • Custom multiplier: 8

LLD rule Interface discovery

Name Description Type Key and additional info
Interface discovery

Discovery of interfaces from the Cisco Secure FTD API.

 Dependent item cisco.ftd.interface.discovery

Preprocessing

  • JavaScript: The text is too long. Please see the template.

  • Discard unchanged with heartbeat: 3h

Item prototypes for Interface discovery

Name Description Type Key and additional info
Interface [{#NAME}][{#DESCR}]: Get metric data

Gets data from the interface {#NAME}.

 Dependent item cisco.ftd.interface.get["{#NAME}","{#DESCR}"]

Preprocessing

  • JSON Path: $[?(@.id == "{#NAME}")]
Interface [{#NAME}][{#DESCR}]: Incoming traffic

Input traffic {#NAME} interface.

 Dependent item cisco.ftd.net.if.in.traffic["{#NAME}"]

Preprocessing

  • JSON Path: $[?(@.metric == "input_bytes")].value.first()

  • Custom multiplier: 8

    ⛔️Custom on fail: Discard value

  • Change per second
Interface [{#NAME}][{#DESCR}]: Outgoing traffic

Outgoing traffic {#NAME} interface.

 Dependent item cisco.ftd.interface.out.traffic["{#NAME}"]

Preprocessing

  • JSON Path: $[?(@.metric == "output_bytes")].value.first()

    ⛔️Custom on fail: Discard value

  • Custom multiplier: 8

  • Change per second
Interface [{#NAME}][{#DESCR}]: Input packets

Input packets {#NAME} interface.

 Dependent item cisco.ftd.interface.input.packets["{#NAME}"]

Preprocessing

  • JSON Path: $[?(@.metric == "input_packets")].value.first()

    ⛔️Custom on fail: Discard value

  • Change per second
Interface [{#NAME}][{#DESCR}]: Output packets

Output packets {#NAME} interface.

 Dependent item cisco.ftd.interface.output.packets["{#NAME}"]

Preprocessing

  • JSON Path: $[?(@.metric == "output_packets")].value.first()

    ⛔️Custom on fail: Discard value

  • Change per second
Interface [{#NAME}][{#DESCR}]: Input errors

Input errors {#NAME} interface.

 Dependent item cisco.ftd.interface.input.errors["{#NAME}"]

Preprocessing

  • JSON Path: $[?(@.metric == "input_errors")].value.first()

    ⛔️Custom on fail: Discard value

  • Change per second
Interface [{#NAME}][{#DESCR}]: Output errors

Output errors {#NAME} interface.

 Dependent item cisco.ftd.interface.output.errors["{#NAME}"]

Preprocessing

  • JSON Path: $[?(@.metric == "output_errors")].value.first()

    ⛔️Custom on fail: Discard value

  • Change per second
Interface [{#NAME}][{#DESCR}]: Dropped packets

Number of dropped packets per second {#NAME} interface.

 Dependent item cisco.ftd.interface.drop.packets["{#NAME}"]

Preprocessing

  • JSON Path: $[?(@.metric == "drop_packets")].value.first()

    ⛔️Custom on fail: Discard value

  • Change per second
Interface [{#NAME}][{#DESCR}]: Status

Status {#NAME} interface.

 Dependent item cisco.ftd.interface.status["{#NAME}"]

Preprocessing

  • JSON Path: $[?(@.metric == "status")].value.first()

    ⛔️Custom on fail: Discard value

Trigger prototypes for Interface discovery

Name Description Expression Severity Dependencies and additional info
Cisco Secure FTD: Interface [{#NAME}][{#DESCR}]: High input error rate

Recovers when below 80% of the {$CISCO.FTD.IF.ERRORS.WARN:"{#NAME}"} threshold.

 min(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.interface.input.errors["{#NAME}"],5m)>{$CISCO.FTD.IF.ERRORS.WARN:"{#IFNAME}"} Warning Depends on:
  • Cisco Secure FTD: Interface [{#NAME}][{#DESCR}]: Link down
Cisco Secure FTD: Interface [{#NAME}][{#DESCR}]: High output error rate

Recovers when below 80% of the {$CISCO.FTD.IF.ERRORS.WARN:"{#NAME}"} threshold.

 min(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.interface.output.errors["{#NAME}"],5m)>{$CISCO.FTD.IF.ERRORS.WARN:"{#IFNAME}"} Warning Depends on:
  • Cisco Secure FTD: Interface [{#NAME}][{#DESCR}]: Link down
Cisco Secure FTD: Interface [{#NAME}][{#DESCR}]: Link down

This trigger expression works as follows:
1. It can be triggered if the operations status is down.
2. {$CISCO.FTD.IF.CONTROL:"{#IFNAME}"}=1 - a user can redefine the context macro to0, marking this interface as not important. No new trigger will be fired if this interface is down.

 {$CISCO.FTD.IF.CONTROL:"{#IFNAME}"}=1 and (last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.interface.status["{#NAME}"])=0) Average

LLD rule Connection discovery

Name Description Type Key and additional info
Connection discovery

Discovery of connection statistics from the Cisco Secure FTD API.

 Dependent item cisco.ftd.conn_stats.discovery

Preprocessing

  • JavaScript: The text is too long. Please see the template.

  • Discard unchanged with heartbeat: 3h

Item prototypes for Connection discovery

Name Description Type Key and additional info
Statistic [{#NAME}][{#METRIC}]

Connection statistic for {#NAME} and metric {#METRIC}.

 Dependent item cisco.ftd.conn_stats["{#NAME}","{#METRIC}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value

LLD rule ASP drop discovery

Name Description Type Key and additional info
ASP drop discovery

Discovery of the Accelerated Security Path drops or connections from the Cisco Secure FTD API.

 Dependent item cisco.ftd.asp_drops.discovery

Preprocessing

  • JavaScript: The text is too long. Please see the template.

  • Discard unchanged with heartbeat: 3h

Item prototypes for ASP drop discovery

Name Description Type Key and additional info
ASP [{#METRIC}]

Number of Accelerated Security Path (ASP) drops per second for {#METRIC}.

 Dependent item cisco.ftd.asp_drops["{#ID}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

  • Change per second

LLD rule Snort discovery

Name Description Type Key and additional info
Snort discovery

Discovery of Snort and IDS/IPS statistics from the Cisco Secure FTD API.

 Dependent item cisco.ftd.snort.discovery

Preprocessing

  • JavaScript: The text is too long. Please see the template.

  • Discard unchanged with heartbeat: 3h

Item prototypes for Snort discovery

Name Description Type Key and additional info
Statistic [{#NAME}][{#METRIC}]

Discovery of Snort {#NAME} statistics of {#METRIC}.

 Dependent item cisco.ftd.snort["{#ID}"]

Preprocessing

  • JSON Path: $[?(@.name == "{#ID}")].value.first()

LLD rule CPU discovery

Name Description Type Key and additional info
CPU discovery

Discovery of CPU monitoring entries from the Cisco Secure FTD API.

 Dependent item cisco.ftd.cpu.discovery

Preprocessing

  • JavaScript: The text is too long. Please see the template.

  • Discard unchanged with heartbeat: 3h

Item prototypes for CPU discovery

Name Description Type Key and additional info
CPU [{#METRIC}] utilization

Discovery of CPU {#METRIC} utilization (in percent).

 Dependent item cisco.ftd.cpu.util["{#NAME}"]

Preprocessing

  • JSON Path: $[?(@.name == "{#NAME}")].value.first()

Trigger prototypes for CPU discovery

Name Description Expression Severity Dependencies and additional info
Cisco Secure FTD: High CPU [{#METRIC}] utilization

CPU utilization is too high. The system might be slow to respond.

 min(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.cpu.util["{#NAME}"],15m)>{$CISCO.FTD.CPU.UTIL.WARN:"{#NAME}"} Warning

LLD rule Memory utilization discovery

Name Description Type Key and additional info
Memory utilization discovery

Discovery of utilization memory monitoring entries from the Cisco Secure FTD API.

 Dependent item cisco.ftd.memory.util.discovery

Preprocessing

  • JavaScript: The text is too long. Please see the template.

  • JSON Path: $.mem_percentage

  • Discard unchanged with heartbeat: 3h

Item prototypes for Memory utilization discovery

Name Description Type Key and additional info
Memory [{#METRIC}] utilization

Discovery of memory {#METRIC} utilization (in percent).

 Dependent item cisco.ftd.memory.util["{#NAME}"]

Preprocessing

  • JSON Path: $[?(@.name == "{#NAME}")].value.first()

Trigger prototypes for Memory utilization discovery

Name Description Expression Severity Dependencies and additional info
Cisco Secure FTD: High memory utilization

Memory utilization is too high. The system might be slow to respond.

 min(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.memory.util["{#NAME}"],15m)>{$CISCO.FTD.MEMORY.UTIL.WARN:"{#NAME}"} Warning

LLD rule Memory discovery

Name Description Type Key and additional info
Memory discovery

Discovery of memory monitoring entries from the Cisco Secure FTD API.

 Dependent item cisco.ftd.memory.discovery

Preprocessing

  • JavaScript: The text is too long. Please see the template.

  • JSON Path: $.mem_bytes

  • Discard unchanged with heartbeat: 3h

Item prototypes for Memory discovery

Name Description Type Key and additional info
Memory [{#METRIC}]

Amount of memory in bytes for {#METRIC}.

 Dependent item cisco.ftd.memory["{#NAME}"]

Preprocessing

  • JSON Path: $[?(@.name == "{#NAME}")].value.first()

LLD rule Mounted filesystem discovery

Name Description Type Key and additional info
Mounted filesystem discovery

Discovery of mounted filesystems from the Cisco Secure FTD API.

 Dependent item cisco.ftd.vfs.fs.discovery

Preprocessing

  • JavaScript: The text is too long. Please see the template.

  • Discard unchanged with heartbeat: 3h

Item prototypes for Mounted filesystem discovery

Name Description Type Key and additional info
FS [{#FSNAME}][{#FSMOUNT}]: Space utilization

Calculated as the percentage of the currently used space compared to the maximum available space.

 Dependent item cisco.ftd.fs.pused["{#FSNAME}","{#FSMOUNT}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

Trigger prototypes for Mounted filesystem discovery

Name Description Expression Severity Dependencies and additional info
Cisco Secure FTD: FS [{#FSNAME}][{#FSMOUNT}]: Space is low

The trigger expression is based on the current used and maximum available space. The system might be slow to respond.

 min(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.fs.pused["{#FSNAME}","{#FSMOUNT}"],15m)>{$CISCO.FTD.FS.PUSED.WARN:"{#FSNAME}"} Warning

LLD rule Critical process discovery

Name Description Type Key and additional info
Critical process discovery

Discovery of critical process statistics from the Cisco Secure FTD API.

 Dependent item cisco.ftd.critical_process.discovery

Preprocessing

  • JavaScript: The text is too long. Please see the template.

  • Discard unchanged with heartbeat: 3h

Item prototypes for Critical process discovery

Name Description Type Key and additional info
Process [{#ID}]: Uptime

Uptime of process {#ID}.

 Dependent item cisco.ftd.critical_process.uptime["{#ID}"]

Preprocessing

  • JSON Path: $[?(@.id == "{#ID}" && @.metric == "uptime")].value.first()

    ⛔️Custom on fail: Discard value
Process [{#ID}]: Status

Status of process {#ID}.

 Dependent item cisco.ftd.critical_process.status["{#ID}"]

Preprocessing

  • JSON Path: $[?(@.id == "{#ID}" && @.metric == "status")].status.first()

    ⛔️Custom on fail: Discard value

  • JavaScript: The text is too long. Please see the template.
Process [{#ID}]: Restart count

Restart count of process {#ID}.

 Dependent item cisco.ftd.critical_process.restart_count["{#ID}"]

Preprocessing

  • JSON Path: The text is too long. Please see the template.

    ⛔️Custom on fail: Discard value

Trigger prototypes for Critical process discovery

Name Description Expression Severity Dependencies and additional info
Cisco Secure FTD: Process [{#ID}]: Status failed

Process {#ID} is the failed status.

 last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.critical_process.status["{#ID}"])=3 Average
Cisco Secure FTD: Process [{#ID}]: Status stopped

Process {#ID} is the stopped status.

 last(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.critical_process.status["{#ID}"])=1 Average

LLD rule Temperature sensor discovery

Name Description Type Key and additional info
Temperature sensor discovery

Discovery of temperature sensors from the Cisco Secure FTD API.

 Dependent item cisco.ftd.temp.discovery

Preprocessing

  • JavaScript: The text is too long. Please see the template.

  • Discard unchanged with heartbeat: 3h

Item prototypes for Temperature sensor discovery

Name Description Type Key and additional info
Temperature [{#SENSOR}]

Temperature of sensor {#SENSOR}.

 Dependent item cisco.ftd.sensor.temp.value["{#SENSOR}"]

Preprocessing

  • JSON Path: $[?(@.metric == "{#SENSOR}")].value.first()

Trigger prototypes for Temperature sensor discovery

Name Description Expression Severity Dependencies and additional info
Cisco Secure FTD: Temperature is above critical threshold

This trigger uses temperature sensor values as well as the temperature sensor status, if available.

 avg(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.sensor.temp.value["{#SENSOR}"],5m)>{$CISCO.FTD.TEMP.CRIT:"{#SENSOR}"} High
Cisco Secure FTD: Temperature is above warning threshold

This trigger uses temperature sensor values as well as the temperature sensor status, if available.

 avg(/Cisco Secure Firewall Threat Defense by HTTP/cisco.ftd.sensor.temp.value["{#SENSOR}"],5m)>{$CISCO.FTD.TEMP.WARN:"{#SENSOR}"} Warning Depends on:
  • Cisco Secure FTD: Temperature is above critical threshold

LLD rule PSU discovery

Name Description Type Key and additional info
PSU discovery

Discovery of PSU sensors.

 Dependent item cisco.ftd.psu.discovery

Preprocessing

  • JavaScript: The text is too long. Please see the template.

  • Discard unchanged with heartbeat: 3h

Item prototypes for PSU discovery

Name Description Type Key and additional info
Power supply [{#SENSOR}]

Power supply unit {#SENSOR} power consumption in watts.

 Dependent item cisco.ftd.sensor.psu.pwr[{#SENSOR}]

Preprocessing

  • JSON Path: $[?(@.metric == '{#SENSOR}')].value.first()

LLD rule FAN discovery

Name Description Type Key and additional info
FAN discovery

Discovery of FAN sensors.

 Dependent item cisco.ftd.fan.discovery

Preprocessing

  • JavaScript: The text is too long. Please see the template.

  • Discard unchanged with heartbeat: 3h

Item prototypes for FAN discovery

Name Description Type Key and additional info
Fan speed [{#NAME}]

FAN {#SENSOR} speed in RPM.

 Dependent item cisco.ftd.sensor.fan.rpm[{#SENSOR}]

Preprocessing

  • JSON Path: $[?(@.metric == '{#SENSOR}')].value.first()

Feedback

Please report any issues with the template at https://support.zabbix.com

You can also provide feedback, discuss the template, or ask for help at ZABBIX forums

Articles and documentation

+ Propose new article

Não encontrou a integração que vocá precisa?

Request custom integration

Zabbix integration team will develop custom integration based on your requirements and Zabbix best practices.

Request

Propose your integration

Have you already developed high quality integration and want to submit to Zabbix integration repository?

Propose