ON THIS PAGE
Webhooks and Alerts
Configuring Alerts
You can configure alerts for an entire organization, single sites, or multiple sites from the Alerts Configuration page in the portal.
To find this page, select Monitor > Alerts > Alerts Configuration from the left menu of the Juniper Mist portal.
All the alerts visible here are available to send an alert webhook by simply enabling the alert.
The alerts are broken down by color based upon severity, as follows:
-
Red—Critical
-
Orange—Warning
-
Blue—Informational
The alarms are also categorized into these groups:
-
Infrastructure—Infrastructure alarms don’t keep state. They are based directly off device events. When you monitor devices from infrastructure alarms, you typically either treat each event as a standalone event, or you match stateful device changes.
-
Marvis—Marvis events are events identified under Marvis Actions. These events are generally stateful. Inside their payload is a key called
details
. Underdetails
you can seestate
and the values:open
orvalidated
.-
open
means this issue is currently happening. -
validated
means that Marvis has validated that the issue is resolved. After the issue is deemed to be validated, the same webhook type will be set with the updated state.Because of the AI nature of Marvis actions, Marvis requires sufficient data to ensure that these alarms are accurate and actionable. Marvis needs to accumulate enough data to eliminate false positives. This requirement results in a varying number of times for the events to arrive.
-
-
Security—Most of the events in security are single-time events. These alerts will detect only specific attacks and don’t determine if the attack is active. Rogue APs are rate-limited to reporting once every 10 hours. Rogue clients and Honeypot AP events are sent once every 10 minutes.
The following alerts also have configurable failure thresholds:
-
ARP Failure
-
DHCP Failure
-
DNS Failure
-
Device Offline
For information about configuring alerts, see the Alert Configuration information in the Juniper Mist Network Monitoring Guide.
Alert Details
The table presents detailed information about each alert.
Alert/Webhook Name | Group | Category | Description | Triggering Mechanism | Comments |
---|---|---|---|---|---|
ap_bad_cable | marvis | ap |
Bad Ethernet cable connected to a Juniper AP |
Based on AP frequent ethernet disconnects, restarts, increasing ethernet errors, connecting at 100Mbps | Req SUB-VNA |
ap_offline | marvis | ap | Offline (Marvis) | Site down: all APs lose connection around the same time. Switch down/issue: all APs on the same switch lose connection around the same time. Locally online: AP is heard locally but lost cloud connection. Locally offline: AP is not heard locally & lost cloud connection | Req SUB-VNA |
arp_failure | marvis | connectivity | Site-wide wireless connection failures | Sudden increase in failures across the site OR 100% failures on a server/WLAN/AP | Req SUB-VNA |
authentication_failure | marvis | connectivity | Site-wide wireless and wired connection failures | Sudden increase in failures across the site OR 100% failures on a server/switch/WLAN/VLAN/AP |
Req SUB-VNA OR SUB-SVNA |
bad_cable | marvis | switch | Faulty cable connected to a Juniper switchport | Based on port errors, power draw without ethernet link, increase in bytes out and 0 in (and vice versa) | Req SUB-VNA |
bad_wan_uplink | marvis | Router | Underperforming/problematic interface (SRX, SSR) | Latency, jitter, packet loss, output drops & drop in transmit packets | Req SUB-WNA |
dhcp_failure | marvis | connectivity | Site-wide wireless and wired connection failures | Sudden increase in failures across the site OR 100% failures on a server/WLAN/VLAN/AP |
Req SUB-VNA OR SUB-SVNA |
dns_failure | marvis | connectivity | Site-wide wireless connection failures | Sudden increase in failures across the site OR 100% failures on a server/WLAN/AP | Req SUB-VNA |
gw_bad_cable | marvis | Router | Faulty cable connected to a Juniper gateway (SRX only) port | Interface stat errors, input/output bytes being 0 | Req SUB-WNA |
gw_negotiation_mismatch | marvis | Router | Difference in MTU packet size seen in the network (SRX only) | Packets being fragmented, MTU errors | Req SUB-WNA |
health_check_failed | marvis | ap | Unhealthy APs to be replaced | After all auto-remediation/self-healing on the AP fails, Marvis indicates a proactve RMA to replace the AP | Req SUB-VNA |
insufficient_capacity | marvis | ap | AP(s) with low Wi-Fi capacity | After RRM makes changes, a single client or a set of clients have heavy consumption resulting in high AP channel utilization | Req SUB-VNA |
insufficient_coverage | marvis | ap | Areas around AP(s) with consistent poor Wi-Fi coverage | After RRM makes changes, clients are still seen with low RSSI consistently | Req SUB-VNA |
missing_vlan | marvis | switch | VLAN configured on AP missing on switch port or upstream | AP observes traffic on each vlan and compares between APs on the same switch & other APs in the site. Doesn't require a Juniper switch |
Req SUB-VNA OR SUB-SVNA |
negotiation_mismatch | marvis | switch | Difference in settings between a wired client & connected port | Duplex mismatch and/or auto-negotiation failing | Req SUB-VNA |
non_compliant | marvis | ap | APs with mismatched firmware | APs in a given site deviating from the firmware version seen on majority APs (same model) at that site | Req SUB-VNA |
port_flap | marvis | switch | Port constantly going up & down | Port flapping with high frequency & continuously | Req SUB-VNA |
sw_alarm_chassis_psu | infrastructure | switch | Junos Power Supply Alarm | power supply missing event will trigger this alert | |
switch_stp_loop | marvis | switch | Same frame is seen by a switch multiple times | Frequent STP topology changes along with sudden increase in tx/rx | Req SUB-VNA |
vpn_path_down | marvis | Router | VPN peer path down (SSR only) | 100% failure of a peer path | Req SUB-WNA |
Within each alarm is contextual data that you can extrapolate for event correlation
comparing multiple devices. You can find examples of all the existing alert (alarm)
definitions with the function /api/v1/const/alarm_defs
(requires you to be
logged in to Juniper Mist).
Event Aggregation
Juniper Mist aggregates events based on topics that you’ve set up. If multiple events occur for the same topic during the specified aggregation window, Juniper Mist will group them into a single message. Because of message aggregation, you will need to parse the events from each message when they are received.