Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Webhooks and Alerts

Configuring Alerts

You can configure alerts for an entire organization, single sites, or multiple sites from the Alerts Configuration page in the portal.

Alerts page in the Juniper Mist portal

Note:

To find this page, select Monitor > Alerts > Alerts Configuration from the left menu of the Juniper Mist portal.

All the alerts visible here are available to send an alert webhook by simply enabling the alert.

The alerts are broken down by color based upon severity, as follows:

  • Red—Critical

  • Orange—Warning

  • Blue—Informational

The alarms are also categorized into these groups:

  • Infrastructure—Infrastructure alarms don’t keep state. They are based directly off device events. When you monitor devices from infrastructure alarms, you typically either treat each event as a standalone event, or you match stateful device changes.

  • Marvis—Marvis events are events identified under Marvis Actions. These events are generally stateful. Inside their payload is a key called details. Under details you can see state and the values: open or validated.

    • open means this issue is currently happening.

    • validated means that Marvis has validated that the issue is resolved. After the issue is deemed to be validated, the same webhook type will be set with the updated state.

      Because of the AI nature of Marvis actions, Marvis requires sufficient data to ensure that these alarms are accurate and actionable. Marvis needs to accumulate enough data to eliminate false positives. This requirement results in a varying number of times for the events to arrive.

  • Security—Most of the events in security are single-time events. These alerts will detect only specific attacks and don’t determine if the attack is active. Rogue APs are rate-limited to reporting once every 10 hours. Rogue clients and Honeypot AP events are sent once every 10 minutes.

The following alerts also have configurable failure thresholds:

  • ARP Failure

  • DHCP Failure

  • DNS Failure

  • Device Offline

For information about configuring alerts, see the Alert Configuration information in the Juniper Mist Network Monitoring Guide.

Alert Details

The table presents detailed information about each alert.

Table 1: Webhook Alerts Table
Alert/Webhook Name Group Category Description Triggering Mechanism Comments
ap_bad_cable marvis ap

Bad Ethernet cable connected to a

Juniper AP

 Based on AP frequent ethernet disconnects, restarts, increasing ethernet errors, connecting at 100Mbps Req SUB-VNA
ap_offline marvis ap Offline (Marvis) Site down: all APs lose connection around the same time. Switch down/issue: all APs on the same switch lose connection around the same time. Locally online: AP is heard locally but lost cloud connection. Locally offline: AP is not heard locally & lost cloud connection Req SUB-VNA
arp_failure marvis connectivity Site-wide wireless connection failures Sudden increase in failures across the site OR 100% failures on a server/WLAN/AP Req SUB-VNA
authentication_failure marvis connectivity Site-wide wireless and wired connection failures Sudden increase in failures across the site OR 100% failures on a server/switch/WLAN/VLAN/AP

Req SUB-VNA

OR SUB-SVNA
bad_cable marvis switch Faulty cable connected to a Juniper switchport Based on port errors, power draw without ethernet link, increase in bytes out and 0 in (and vice versa) Req SUB-VNA
bad_wan_uplink marvis Router Underperforming/problematic interface (SRX, SSR) Latency, jitter, packet loss, output drops & drop in transmit packets Req SUB-WNA
dhcp_failure marvis connectivity Site-wide wireless and wired connection failures Sudden increase in failures across the site OR 100% failures on a server/WLAN/VLAN/AP

Req SUB-VNA

OR SUB-SVNA
dns_failure marvis connectivity Site-wide wireless connection failures Sudden increase in failures across the site OR 100% failures on a server/WLAN/AP Req SUB-VNA
gw_bad_cable marvis Router Faulty cable connected to a Juniper gateway (SRX only) port Interface stat errors, input/output bytes being 0 Req SUB-WNA
gw_negotiation_mismatch marvis Router Difference in MTU packet size seen in the network (SRX only) Packets being fragmented, MTU errors Req SUB-WNA
health_check_failed marvis ap Unhealthy APs to be replaced After all auto-remediation/self-healing on the AP fails, Marvis indicates a proactve RMA to replace the AP Req SUB-VNA
insufficient_capacity marvis ap AP(s) with low Wi-Fi capacity After RRM makes changes, a single client or a set of clients have heavy consumption resulting in high AP channel utilization Req SUB-VNA
insufficient_coverage marvis ap Areas around AP(s) with consistent poor Wi-Fi coverage After RRM makes changes, clients are still seen with low RSSI consistently Req SUB-VNA
missing_vlan marvis switch VLAN configured on AP missing on switch port or upstream AP observes traffic on each vlan and compares between APs on the same switch & other APs in the site. Doesn't require a Juniper switch

Req SUB-VNA

OR SUB-SVNA
negotiation_mismatch marvis switch Difference in settings between a wired client & connected port Duplex mismatch and/or auto-negotiation failing Req SUB-VNA
non_compliant marvis ap APs with mismatched firmware APs in a given site deviating from the firmware version seen on majority APs (same model) at that site Req SUB-VNA
port_flap marvis switch Port constantly going up & down Port flapping with high frequency & continuously Req SUB-VNA
sw_alarm_chassis_psu infrastructure switch Junos Power Supply Alarm power supply missing event will trigger this alert  
switch_stp_loop marvis switch Same frame is seen by a switch multiple times Frequent STP topology changes along with sudden increase in tx/rx Req SUB-VNA
vpn_path_down marvis Router VPN peer path down (SSR only) 100% failure of a peer path Req SUB-WNA

Within each alarm is contextual data that you can extrapolate for event correlation comparing multiple devices. You can find examples of all the existing alert (alarm) definitions with the function /api/v1/const/alarm_defs (requires you to be logged in to Juniper Mist).

Event Aggregation

Juniper Mist aggregates events based on topics that you’ve set up. If multiple events occur for the same topic during the specified aggregation window, Juniper Mist will group them into a single message. Because of message aggregation, you will need to parse the events from each message when they are received.