NetCloud Manager: Alerting and Reporting
This article describes how to set up alerts, export reports, and export logs from NetCloud Manager (NCM).
NOTE: On July 13, 2017, NetCloud Alerts currently generated from the legacy Enterprise Cloud Manager (ECM) will be updated with the name change to NetCloud Manager (NCM). Automated systems that consume this information may need to be updated accordingly.
Email and API Alert changes include:
- Alert titles will change from “Cradlepoint ECM Alert Notification” to “Cradlepoint NCM Alert Notification”
- Alert subjects will change from "ECM Alert: <friendly info>" to "NCM Alert: <friendly info>"
- Emailed Alert summary report subject will change from "ECM Alert Summary" to "NCM Alert Summary"
- Connection State Alert name will change from “ECM Connection State” to “NCM Connection State”
- Firmware Upgrade alert name will change from “Firmware Upgrade” to “NetCloud OS Upgrade” with an alert description changing to “The router NetCloud OS was successfully upgraded to X.X.X”
Setting Up Alerts
The Alerts page has two views for tracking device status changes:
- The Log view shows a list of alerts sent from the routers to NCM.
- The Settings view shows rules for alerts, including email notifications.
Toggle between these two views by clicking on the buttons at the top left.
Alerts are of the following types (see Definitions below):
- Configuration Change
- Configuration Rejected
- Configuration Unacknowledged
- Ethernet WAN Connected
- Ethernet WAN Disconnected
- Ethernet WAN Plugged In
- Ethernet WAN Standby
- Ethernet WAN Unplugged
- Carrier Data Usage Per Router
- Data Cap Threshold
- Device Location Unknown
- Geofence Proximity Change
- IPSec Tunnel Down
- NCM Connection State
- NetCloud OS Upgrade
- Pooled Carrier Data Usage
- ADC Voltage Event
- GPIO State
- SIM Door Event
- Temperature Limit Exceeded
- Modem WAN Connected
- Modem WAN Device Plugged In
- Modem WAN Device Unplugged
- Modem WAN Disconnected
- Modem WAN Standby
- WAN Service Type
- Custom Alert
- NCOS App Execution State Changed
- Unexpected NCOS App Installed
- NetCloud Gateway Added
- NetCloud Gateway Removed
- NetCloud Gateway Status Changed
- Account Locked
- Failed Login Attempt
- Intrusion Activity
- IP Address Banned
- IPS Engine Failure
- Rogue Access Point Detected
- Successful Login
- Unrecognized Client
- WiFi as WAN Connected
- WiFi as WAN Disconnected
- WiFi as WAN Network Available
- WiFi as WAN Network Unavailable
- WiFi as WAN Standby
- WiFi Client State Changed
To enable alerts, including emailed notifications, first select the Settings view and then click on Add at the top left. Create an alert notification rule by completing the fields.
Complete the following fields to create an alert notification rule:
Accounts/Groups (required) – Choose which sets of devices will follow the notification rule. If you select an account, both grouped and ungrouped devices within that account (including all subaccounts) will be assigned to this rule.
Alerts (required) – Select the alert types from the dropdown options.
Users (optional) – If you want emailed notifications for these alerts, select users from the list to receive those emails. If you just want these alerts logged, leave this field blank.
Interval (optional) – Select a time interval from the dropdown options. If you select “Immediately,” an email notification is sent every time one of the selected types of alerts are logged. Otherwise, the alerts are stored over the course of the time interval and then sent together.
Potential NCM Alert Issues
- Receiving the Email Alert seem to take longer than expected.
- Once NCM is aware of the alert, it will verify the alert, and send it out to the configured email address. We do not have control over the alert once we have sent it to its destination address.
- We have seen some mail servers reject, or display abnormally long delays in the alert deliveries.
- To trouble shoot/verify if this is the issue, configure a different email address with a different domain and test the behavior of the alerts.
- Times can also vary depending on the number and type of WAN connections being used for this device.
- If a device only has one internet source, only one connection to NCM, then you can expect delays in the alerts. The alerts are configured in NCM, then NCM lets the router know what to watch for. If the router experiences any issue pertaining to the configured alerts, the router will then report this back to NCM. However the caveat is if the router loses its internet source or connection to NCM, then the router cannot report the issues to NCM until it regains its connection to NCM.
- In cases where you have more than one internet connection the alerts should be fairly on queue, so long as the router can check into NCM via its second internet connection to report its alerts.
Reports allow you to create a summary of information about groups of devices and export that information as a CSV file. Select from several fields to customize your reports. Select the type of report (Data Usage or Signal Quality), a range of dates, the group(s), and identifying fields and then click Run Report to view the report. You also have the option to save the settings of a report for future use.
Note: Reports are time-stamped in UTC.
To export a device’s logs as a CSV file, first enable log reporting for the group the device is in. (This is disabled by default because some users won’t use this functionality – it would unnecessarily use data.) Navigate to the Groups page, select the desired group, and click on Settings.
In the popup window that appears, ensure that Enable Log Reporting is selected.
Once log reporting is enabled, navigate to the Devices page, select the desired device, and click on Export → Export Logs to export the device’s logs as a CSV file.
Note: Logs are time-stamped based on browser time.
- Account Locked – If Advanced Security Mode is turned on for a device, the account will lock for 30 minutes after six failed attempts to log into the device. To enable this setting, open the configuration pages in Groups or Devices and go to System → Administration. Open the Router Security tab and select Advanced Security Mode.
- ADC Voltage Event – For products with a voltage sensing system and configured voltage limits, this alert displays when one of those limits is reached or when the voltage returns to within the accepted range. Sample alert: ADC on channel 1 is below 3.0V limit at 2.5V.
- Carrier Data Usage Per Router – Use to configure alerts related to cellular-data usage for routers.
- Configuration Change – This displays when there has been a local configuration change. Sample alert: The device configuration has changed.
- Configuration Rejected – A configuration change that was sent to the device has been rejected.
- Configuration Unacknowledged – A configuration change that was sent to the device was not acknowledged by the device.
- Data Cap Threshold – If you have a data cap threshold set, this sends an alert when the threshold is reached. A data cap threshold must be configured under Internet → Data Usage. Sample alert: The (Internal LTE/EVDO Port:int1) rule exceeded 100 percent of its 150 MB daily cycle.
- Device Location Unknown - Displays when no location has been reported for 24 hours if the device has GPS enabled. If a manual location is being used the alert will not be generated.
- NCM Connection State – Displays when the device loses or regains its connection to NCM. Sample alert: The device entered the "online" state.
- Ethernet WAN Connected – An Ethernet WAN device is now active.
- Ethernet WAN Disconnected – An Ethernet WAN device is no longer active.
- Ethernet WAN Plugged In – An Ethernet WAN device is now attached.
- Ethernet WAN Unplugged – An Ethernet WAN device has been removed.
- Failed Login Attempt – Someone attempted to log into the device administration pages locally and failed. Sample alert: An attempt to log in as the admin user from 192.168.0.142 has failed.
- NetCloud OS Upgrade – The device NetCloud OS has been upgraded.
- Geo-fence Proximity Change - Displays whenever the device enters or exits the specified geo-fence.
- GPIO State Change - A device GPIO pin has changed state. To update the GPIO configuration, open the configuration pages in Groups or Devices, select the System → GPIO Configuration tab. Requires at least 6.0.2 NetCloud OS.
- Intrusion Activity – This is only relevant for devices with CP Secure Threat Management. Whenever the Threat Management deep packet inspection engine detects an intrusion, the event is recorded in the logs. These events are grouped together for 15 minutes and then reported in NCM, so even if you select "Immediately" in the Interval field below, an emailed alert might not arrive for approximately 15 minutes after an intrusion. Intrusion Activity alerts include the intrusion details and the action taken by the engine (e.g., "Blocked"). To edit Threat Management settings, open the configuration pages in Groups or Devices and select Network Settings → Threat Management. For more information about Threat Management, visit the Knowledge Base article.
- IP Address Banned – If the Ban IP Address setting is turned on for a device and someone from a particular IP address attempts and fails to log into the device administration pages six times, that IP address will be banned for 30 minutes. To enable this setting, open the configuration pages in Groups or Devices and go to System → Administration. Open the Router Security tab and click on Advanced Security Mode. Select the Ban IP Address option.
- IPS Engine Failure – This is only relevant for devices with CP Secure Threat Management. In the unlikely event that the Threat Management engine fails, an alert is logged. You can set the router to either allow or deny traffic with a failed engine: to edit this setting, open the configuration pages in Groups or Devices and select Security→ Threat Management. For more information about Threat Management, visit the Knowledge Base article.
- IPSec Tunnel Down - An IPSec tunnel that was successfully connected has gone down.
- Modem WAN Connected – A modem WAN device is now active.
- Modem WAN Device Plugged In – A modem WAN device is now attached.
- Modem WAN Device Unplugged – A modem WAN device has been removed.
- Modem WAN Disconnected – A modem WAN device is no longer active.
- Modem WAN Standby – A modem WAN device is now in standby. This means the modem is connected to the carrier, but is not sending any data. A modem in standby will failover faster than a modem not in standby. Standby can be turned on in the router's configuration in the Connection Manager grid.
- NetCloud Gateway Added – NetCloud Gateway was added to a router that can now be part of an overlay network.
- NetCloud Gateway Removed – NetCloud Gateway was removed from a router which has now been disconnected from any overlay network.
- NetCloud Gateway Status Changed – The status of a NetCloud Gateway has changed which may or may not affect its connection to an overlay network.
- Pooled Carrier Data Usage – Use to configure alerts related to cellular-data usage for pooled data plans and for routers
- Reboot – Displays when the device has been rebooted. Sample alert: The device has been rebooted.
- Rogue Access Point Detected - Displays after running a WiFi site survey when a rogue access point not marked as known is detected broadcasting the same SSID as the device running the site survey. This helps identify potential access point hijacking, evil twin, and man-in-the-middle WiFi attacks.
- Custom Alert - A custom alert that is generated by the custom code inside a router app.
- NCOS App Execution State Changed - A router app that is running on a group goes into a different execution state (start, stop, error, etc).
- Unexpected NCOS App Installed - An unexpected router app is found installed, an expected router app is unexpectedly uninstalled, or a router app unknown to the system is found installed.
- SIM Door Event – The SIM door has either opened or closed.
- Successful Login – A user has logged into the router locally (requires at least NetCloud OS 5.0.1).
- Temperature Limit Exceeded – For products with an internal temperature sensor (COR IBR1100 and IBR1150) and configured temperature limits, this alert displays when one of those limits is reached. To set these temperature limits for the COR IBR1100 Series, open the configuration pages in Groups or Devices, select System → Administration, and click on the Temperature tab.
- Unrecognized Client – A client with an unrecognized MAC address has attempted to connect to the device. MAC logging must be enabled for this alert to display. In the configuration pages, go to: Networking → Local Networks → MAC Filter & Logging to enable MAC logging.
- WAN Service Type – A WAN device has changed its service type, such as switching from 3G to 4G. Possible service types include: DHCP, LTE, HSPA+, etc. Sample alert: The lte-2ae6ec8e service type has changed to LTE.
- WiFi as WAN Connected – WiFi as WAN is now active.
- WiFi as WAN Disconnected – WiFi as WAN is no longer active.
- WiFi as WAN Network Available – A WiFi as WAN network is now attached.
- WiFi as WAN Network Unavailable – A WiFi as WAN network has been removed.
- WiFi as WAN Standby – A WiFi as WAN network is in standby.
- WiFi Client State Changed – A WiFi client has changed state. For example, when a client's state changes from connected to disconnected (requires NCOS version 6.6.1).
Published Date: 10/11/2017
This article not have what you need? Not find what you were looking for? Think this article can be improved? Please let us know at firstname.lastname@example.org.