Cisco Firepower Threat Defense Monitoring

Last updated on 27 December, 2022

LogicMonitor offers monitoring for the Cisco Firepower Threat Defense platform by default. The monitoring suite uses SNMP to query the Cisco ASA appliance running firewall threat defense for a wide variety of health and performance metrics.

Requirements

SNMP must be installed on the Cisco Firepower Threat device.

Adding Cisco Firepower Threat Defense Resources

For information on adding resources into monitoring, see Adding Devices. In addition:

  • LogicMonitor must provide the appropriate SNMP credentials in order to successfully access the Cisco Wireless device via SNMP. For instructions on how to set the appropriate credentials as properties on the resource within LogicMonitor, see Defining Authentication Credentials.
  • The following custom properties can be set on the Cisco Firepower Threat Defense resource within LogicMonitor. For more information on setting properties, see Resource and Instance Properties.
PropertyValue
SNMP credentialsProperties required to establish SNMP credentials vary depending on the SNMP version being used. 
system.categoriesThe Cisco_FTD category will be added by the addCategory_Cisco_FTD PropertySource.

Installing the LogicModules 

LogicMonitor’s package for Cisco Firepower Threat Defense consists of the following LogicModules. For full coverage, please ensure that all of these LogicModules are imported into your LogicMonitor platform. For more information, see Installing Modules and Packages.

NameTypeDescription
addCategory_Cisco_FTDPropertySourceUses the system name from SNMP to determine if the device is a Cisco Firepower Threat Defense device.
Cisco FTD Snort Lina StatsDataSourceCollection of statistics for Cisco Firepower Threat Defense.
Cisco FTD ServicesDataSourceMonitors the services running on a Cisco Firepower Threat Defense system.
Cisco FTD NAT SessionsDataSourceThe number of current and peak NAT sessions.
Cisco FTD MemoryDataSourceMemory used by Firepower Threat Defense by function.
Cisco FTD High AvailabilityDataSourceMonitors the status of Cisco Firepower firewalls running in an active/standby high availability configuration.
Cisco FTD DropsDataSourceLists the top ten causes for ASP flow drops on the firewall device and the count of these drops.
Cisco FTD CPUDataSourceMonitors the overall CPU busy percentages over the last one-minute and five-minute time intervals for all cores.
Cisco FTD ConnectionStatsDataSourceMonitors the virtual private networks based remote access networks of a Cisco Firepower Threat Defense system.

When setting static datapoint thresholds on the various metrics tracked by this package’s DataSources, LogicMonitor follows the technology owner’s best practice KPI recommendations. If necessary, adjust these predefined thresholds to meet the unique needs of your environment. For more information on tuning datapoint thresholds, see Tuning Static Thresholds for Datapoints.

In This Article