Cisco Firepower Threat Defense MonitoringLast updated on 17 March, 2023
LogicMonitor offers monitoring for the Cisco Firepower Threat Defense platform by default. The monitoring suite uses SNMP to query the Cisco ASA appliance running firewall threat defense for a wide variety of health and performance metrics.
SNMP must be installed on the Cisco Firepower Threat device.
Adding Cisco Firepower Threat Defense Resources
For information on adding resources into monitoring, see Adding Devices. In addition:
- LogicMonitor must provide the appropriate SNMP credentials in order to successfully access the Cisco Wireless device via SNMP. For instructions on how to set the appropriate credentials as properties on the resource within LogicMonitor, see Defining Authentication Credentials.
- The following custom properties can be set on the Cisco Firepower Threat Defense resource within LogicMonitor. For more information on setting properties, see Resource and Instance Properties.
|SNMP credentials||Properties required to establish SNMP credentials vary depending on the SNMP version being used.|
Installing the LogicModules
LogicMonitor’s package for Cisco Firepower Threat Defense consists of the following LogicModules. For full coverage, please ensure that all of these LogicModules are imported into your LogicMonitor platform. For more information, see Installing Modules and Packages.
|addCategory_Cisco_FTD||PropertySource||Uses the system name from SNMP to determine if the device is a Cisco Firepower Threat Defense device.|
|Cisco FTD Snort Lina Stats||DataSource||Collection of statistics for Cisco Firepower Threat Defense.|
|Cisco FTD Services||DataSource||Monitors the services running on a Cisco Firepower Threat Defense system.|
|Cisco FTD NAT Sessions||DataSource||The number of current and peak NAT sessions.|
|Cisco FTD Memory||DataSource||Memory used by Firepower Threat Defense by function.|
|Cisco FTD High Availability||DataSource||Monitors the status of Cisco Firepower firewalls running in an active/standby high availability configuration.|
|Cisco FTD Drops||DataSource||Lists the top ten causes for ASP flow drops on the firewall device and the count of these drops.|
|Cisco FTD CPU||DataSource||Monitors the overall CPU busy percentages over the last one-minute and five-minute time intervals for all cores.|
|Cisco FTD ConnectionStats||DataSource||Monitors the virtual private networks based remote access networks of a Cisco Firepower Threat Defense system.|
When setting static datapoint thresholds on the various metrics tracked by this package’s DataSources, LogicMonitor follows the technology owner’s best practice KPI recommendations. If necessary, adjust these predefined thresholds to meet the unique needs of your environment. For more information on tuning datapoint thresholds, see Tuning Static Thresholds for Datapoints.