Cloud Monitor (CMS) automatically monitors the system events of a VPN gateway that occur when you use the VPN gateway. The system events include service failures, O&M events, and user service exceptions. You can view the system events of a VPN gateway in the CloudMonitor console and configure alert rules for system events. This helps you handle issues at the earliest opportunity.
Background information
CloudMonitor monitors the following system events when you use a VPN gateway. Each system event has a default severity level. System events are classified based on the following severity levels:
CRITICAL: critical. We recommend that you handle such system events at the earliest opportunity.
WARN: warning. We recommend that you handle such system events based on your requirements.
INFO: information. You do not need to handle such system events.
A system event occurs only when the status of VPN gateway resources changes.
For example, if the initial health check status of an IPsec-VPN connection is Failed due to wrong configurations, the ipsec_health_check_failed system event does not occur. The ipsec_health_check_success or ipsec_health_check_failed system event occurs only when the health check status changes from Failed to Successful or from Successful to Failed. If you have configured alert rules for system events, you are notified of the system events.
System event | Severity level | Description |
CertKeyExpired | CRITICAL | The SSL client certificate has expired. |
ipsec_health_check_failed | WARN | In scenarios in which an IPsec-VPN connection is associated with a VPN gateway, the IPsec-VPN connection fails health checks. |
ipsec_health_check_success | INFO | In scenarios in which an IPsec-VPN connection is associated with a VPN gateway, the IPsec-VPN connection passes health checks. |
ipsec_phase1_nego_failed | WARN | In scenarios in which an IPsec-VPN connection is associated with a VPN gateway, Phase 1 negotiations fail. |
ipsec_phase1_nego_success | INFO | In scenarios in which an IPsec-VPN connection is associated with a VPN gateway, Phase 1 negotiations succeed. |
ipsec_phase2_nego_failed | WARN | In scenarios in which an IPsec-VPN connection is associated with a VPN gateway, Phase 2 negotiations fail. |
ipsec_phase2_nego_success | INFO | In scenarios in which an IPsec-VPN connection is associated with a VPN gateway, Phase 2 negotiations succeed. |
vpn_connection_hc_failed | WARN | In scenarios in which an IPsec-VPN connection is associated with a transit router, the IPsec-VPN connection fails health checks. |
vpn_connection_hc_success | INFO | In scenarios in which an IPsec-VPN connection is associated with a transit router, the IPsec-VPN connection passes health checks. |
vpn_connection_ph1_failed | WARN | In scenarios in which an IPsec-VPN connection is associated with a transit router, Phase 1 negotiations fail. |
vpn_connection_ph1_success | INFO | In scenarios in which an IPsec-VPN connection is associated with a transit router, Phase 1 negotiations succeed. |
vpn_connection_ph2_failed | WARN | In scenarios in which an IPsec-VPN connection is associated with a transit router, Phase 2 negotiations fail. |
vpn_connection_ph2_success | INFO | In scenarios in which an IPsec-VPN connection is associated with a transit router, Phase 2 negotiations succeed. |
ipsec_tunnel_nego_success | INFO | In scenarios in which an IPsec-VPN connection is used in dual-tunnel mode, negotiations with the next tunnel succeed. |
ipsec_tunnel_nego_failed | WARN | In scenarios in which an IPsec-VPN connection is used in dual-tunnel mode, negotiations with the next tunnel fail. |
ipsec_vco_tunnel_all_nego_failed | WARN | In scenarios in which an IPsec-VPN connection is used in dual-tunnel mode, negotiations with the two tunnels all fail. |
View the system events of a VPN gateway
You can view the system events of a VPN gateway in the CloudMonitor console.
Log on to the CloudMonitor console.
In the left-side navigation pane, choose .
On the Event Monitoring tab, select vpngw, select a severity level, an event name, and a time range, and then click Search.
In the event list, you can view the information about the events in the Event Level, Region, Resource, and Contents columns.
You can also click Details in the Actions column to view the details about a system event. The information in the Event Details panel is in the JSON format.
Subscribe to the system events of a VPN gateway
We recommend that you subscribe to the system events of your VPN gateways. This way, you can receive notifications when system events occur and handle issues at the earliest opportunity.
Log on to the CloudMonitor console.
In the left-side navigation pane, choose .
Click the Event Subscription tab. On the Subscription Policy tab of the Event Subscription page, click Create Subscription Policy.
On the Create Subscription Policy page, configure the parameters of alert rules for system events, and click Submit.
Set the Subscription Type parameter to System events. In the Subscription Scope section, select vpngw from the Products drop-down list, and then configure other parameters based on your business requirements. For more information about how to configure other parameters, see Manage event subscription policies (recommended).
What to do next
If a system event occurs or you receive an alert notification, you can troubleshoot in the VPN Gateway console. For more information, see Troubleshoot IPsec-VPN connection issues.
References
For more information about the system events of Alibaba Cloud services, see View system events.