ASE alerts resolution
The following table describes the various email alerts sent by ASE and their possible resolution. The resolution provided is only a starting point to understand the cause of the alert. If ASE is reporting an alert even after the following the resolution provided, contact PingIntelligence for APIs support.
Email alert | Possible cause and resolution |
---|---|
ASE start or restart email |
When ASE starts or restarts, it sends an email to the configured email ID. If email from ASE is not received, check the email settings in |
High CPU usage |
Cause: Each ASE node polls for CPU usage of the system every 30-minutes. If the average CPU usage in the 30-minutes interval is higher than the configured threshold in Resolution: If ASE is reporting a high CPU usage, check if other processes are running on the machine on which ASE is installed. If ASE controller or balancer processes are consuming high CPU, it may mean that ASE is receiving high traffic. You should consider adding more ASE nodes. |
High memory usage |
Cause: Each ASE node polls for memory usage of the system every 30-minutes. If the average memory usage in the 30-minutes interval is higher than the configured threshold Resolution: If ASE is reporting a high memory usage, check if any other process is consuming memory of the system on which ASE is installed. Kill any unnecessary process other than ASE’s process. |
High filesystem usage |
Cause: Each ASE node polls for filesystem usage of the system every 30-minutes. If the average filesystem usage in the 30-minutes interval is higher than the configured threshold Resolution: If ASE is reporting a high filesystem usage, check if the filesystem is getting full. Run the purge script available in the |
API added |
ASE sends an email alert when an API is added to ASE using CLI or REST API. Confirm: ASE admin should verify whether correct APIs were added manually or the APIs were added by AAD because of auto-discovery in API Behavioral Security (ABS). If an API is accidentally added, you should immediately remove it from ASE. |
API removed |
ASE sends an email alert when an API is removed using CLI or REST API. Confirm: ASE admin should verify whether the APIs were deleted intentionally or accidentally. |
API updated |
ASE sends an email alert when an API definition (the API JSON file) is updated by using CLI or REST API. Confirm: ASE admin should verify whether the correct APIs was updated. |
Server added |
ASE sends an email alert when a server is added to an API by using CLI or REST API. Confirm: ASE admin should verify whether the correct server was added to API. |
Server removed |
ASE sends an email alert when a server is removed from an API by using CLI or REST API. Confirm: ASE admin should verify whether the correct server was removed from an API. |
Cluster node up |
ASE sends an email alert when a node joins an ASE cluster. Confirm: ASE admin should verify whether the correct ASE node joined the ASE cluster. |
Cluster node down |
ASE sends an email alert when a node is removed from an ASE cluster. Confirm: ASE admin should check the reason for removal of ASE node from the cluster. ASE node could disconnect from cluster because of network issues, a manual stop of ASE, or change in IP address of the ASE machine. |
Server state changed to Up |
ASE sends an email alert when the backend API server changes state from inactive to active. This alert is applicable for Inline ASE when health check is enabled for an API. This is an informative alert. |
Server changed to Down |
ASE sends an email alert when the backend API server changes state from active to inactive. This alert is applicable for Inline ASE when health check is enabled for an API. Resolution: ASE admin should investigate the reason for the backend API server being not reachable from ASE. You can run the ASE |
Decoy API accessed |
ASE sends an email alert when a decoy API is accessed. This is an informative alert. |
Alerts for uploading access log files to ABS
ASE sends one or more alerts when it is not able to send access log files to ABS. The following table lists the alerts and possible resolution for the alerts.
Email alert | Possible cause and resolution |
---|---|
Network error |
Cause: ABS IP may not be reachable or ASE is not able to connect ABS IP and port. Resolution:
|
ABS seed node resolve error |
Cause: The host name provided in the Resolution: Check whether correct IP address is provided in |
ABS SSL handshake error |
Cause: SSL handshake error could be because of an invalid CA certificate. Resolution: Check whether a valid CA certificate is configured in ASE. |
ABS authentication error |
Cause: Authentication error could be because of invalid access and secret key. Resolution: Confirm the access key and secret key configured is the same that is configured in ABS |
ABS cluster info error |
Cause: Error while fetching ABS cluster information. Resolution: Check the |
ABS config post error |
Cause: Error while sending API JSON definition to ABS. Resolution: Check the |
ABS service unavailable error |
Cause: ABS returning Resolution: Check the |
Log upload error |
Cause: API call to upload access log files to ABS fails. Resolution: Check both ASE’s |
Duplicate log upload error |
This is an informative message. |
ABS node queue full error |
Cause: ABS responds with a message that it’s queue is full. This can be because of increased traffic on ASE and large number of access log files being generated. Resolution: Increase the number of ABS nodes. |
ABS node capacity low error |
Cause: ABS resources are utilized to a maximum. Resolution: Increase the number of ABS nodes. |
ABS attack get error |
Cause: Error while fetching attack list from ABS. Resolution: Check ASE’s |