Correlating Device Metrics

The device health monitor includes an array of key threat defense device metrics that serve to predict and respond to system events. The health of any threat defense device can be determined by these reported metrics.

The device monitor reports these metrics in several predefined dashboards by default. These dashboards include:

  • Overview ― Highlights key metrics from the other predefined dashboards, including CPU, memory, interfaces, connection statistics; plus disk usage and critical process information.

  • CPU ― CPU utilization, including the CPU usage by process and by physical cores.

  • Memory ― Device memory utilization, including data plane and Snort memory usage.

  • Interfaces ― Interface status and aggregate traffic statistics.

  • Connections ― Connection statistics (such as elephant flows, active connections, peak connections, and so on) and NAT translation counts.

  • Snort ― Statistics related to the Snort process.

  • ASP Drops ― Statistics related to the Accelerated Security Path (ASP) performance and behavior.

You can add custom dashboards to correlate metrics that are interrelated. Select from predefined correlation groups, such as CPU and Snort; or create a custom correlation dashboard by building your own variable set from the available metric groups. See Cisco Secure Firewall Threat Defense Health Metrics for a comprehensive list of the supported device metrics.

Before you begin

  • To view and correlate the time series data (device metrics) in the health monitor dashboard, enable REST API (Settings > Configuration > REST API Preferences).

  • You must be an Admin, Maintenance, or Security Analyst user to perform this procedure.

Note

Correlating device metrics is available only for threat defense 6.7 and later versions. Hence, for threat defense versions earlier than 6.7, the health monitor dashboard does not display these metrics even if you enable REST API.

Procedure

Step 1

Choose System (system gear icon) > Health > Monitor.

Use the Monitoring navigation pane to access device-specific health monitors.

Step 2

In the Devices list, click Expand (expand icon) and Collapse (collapse icon) to expand and collapse the list of managed devices.

Step 3

Choose the device for which you want to modify the dashboard.

Step 4

Click the Add New Dashboard (+) icon to add a new dashboard.

Step 5

Specify a name to identity the dashboard.

Step 6

To create a dashboard from a predefined correlation group, click Add from Predefined Correlations drop-down, choose the group, and click Add Dashboard.

Step 7

To create a custom correlation dashboard, choose a group from the Select Metric Group drop-down, then choose corresponding metrics from the Select Metrics drop-down.

See Cisco Secure Firewall Threat Defense Health Metrics for a comprehensive list of the supported device metrics.

Step 8

Click Add Metrics to add and select metrics from another group.

Step 9

To remove an individual metric, click the x icon on the right side of the item. Click the delete icon to remove the entire group.

Step 10

Click Add Dashboard to add the dashboard to the health monitor.

Step 11

You can Edit or Delete the predefined dashboards and the custom correlation dashboards.