Cloud Monitor (CMS) automatically monitors the service failures, O&M events, and user business exceptions that occur when you use an IPsec-VPN connection. In the CloudMonitor console, You can view the system events that are generated for an IPsec-VPN connection and configure alert notifications for the system events. This helps you troubleshoot issues at the earliest opportunity.
Background information
CloudMonitor automatically monitors the following system events when you use an IPsec-VPN connection. Each system event has a default severity level. System events are classified based on the following severity levels:
CRITICAL: critical. We recommend that you handle such system events at the earliest opportunity.
WARN: warning. We recommend that you handle such system events based on your business requirements.
INFO: information. You do not need to handle such system events.
A system event occurs only when the status of an IPsec-VPN connection changes.
For example, if the initial health check status of an IPsec-VPN connection is Failed due to wrong configurations, the ipsec_health_check_failed system event does not occur. The ipsec_health_check_success or ipsec_health_check_failed system event occurs only when the health check status changes from Failed to Successful or from Successful to Failed. If you have configured alert rules for system events, you are notified of the system events.
System event | Severity level | Description |
ipsec_health_check_failed | WARN | In scenarios in which an IPsec-VPN connection is associated with a VPN gateway, the IPsec-VPN connection fails health checks. |
ipsec_health_check_success | INFO | In scenarios in which an IPsec-VPN connection is associated with a VPN gateway, the IPsec-VPN connection passes health checks. |
ipsec_phase1_nego_failed | WARN | In scenarios in which an IPsec-VPN connection is associated with a VPN gateway, Phase 1 negotiations fail. |
ipsec_phase1_nego_success | INFO | In scenarios in which an IPsec-VPN connection is associated with a VPN gateway, Phase 1 negotiations succeed. |
ipsec_phase2_nego_failed | WARN | In scenarios in which an IPsec-VPN connection is associated with a VPN gateway, Phase 2 negotiations fail. |
ipsec_phase2_nego_success | INFO | In scenarios in which an IPsec-VPN connection is associated with a VPN gateway, Phase 2 negotiations succeed. |
vpn_connection_hc_failed | WARN | In scenarios in which an IPsec-VPN connection is associated with a transit router, the IPsec-VPN connection fails health checks. |
vpn_connection_hc_success | INFO | In scenarios in which an IPsec-VPN connection is associated with a transit router, the IPsec-VPN connection passes health checks. |
vpn_connection_ph1_failed | WARN | In scenarios in which an IPsec-VPN connection is associated with a transit router, Phase 1 negotiations fail. |
vpn_connection_ph1_success | INFO | In scenarios in which an IPsec-VPN connection is associated with a transit router, Phase 1 negotiations succeed. |
vpn_connection_ph2_failed | WARN | In scenarios in which an IPsec-VPN connection is associated with a transit router, Phase 2 negotiations fail. |
vpn_connection_ph2_success | INFO | In scenarios in which an IPsec-VPN connection is associated with a transit router, Phase 2 negotiations succeed. |
ipsec_tunnel_nego_success | INFO | In scenarios in which an IPsec-VPN connection is used in dual-tunnel mode, negotiations with the next tunnel succeed. |
ipsec_tunnel_nego_failed | WARN | In scenarios in which an IPsec-VPN connection is used in dual-tunnel mode, negotiations with the next tunnel fail. |
ipsec_vco_tunnel_all_nego_failed | WARN | In scenarios in which an IPsec-VPN connection is used in dual-tunnel mode, negotiations with the two tunnels all fail. |
View the system events of an IPsec-VPN connection
You can view the system events of an IPsec-VPN connection in the CloudMonitor console.
Log on to the CloudMonitor console.
In the left-side navigation pane, choose .
On the Event Monitoring tab, select vpngw, select a severity level, an event name, and a time range, and then click Search.
In the event list, you can view the information about the events in the Event Level, Region, Resource, and Contents columns.
You can also click Details in the Actions column to view the details about a system event. The information in the Event Details panel is in the JSON format.
Subscribe to the system events of an IPsec-VPN connection
We recommend that you subscribe to the system events of your IPsec-VPN connections. This way, you can receive notifications when system events occur and handle issues at the earliest opportunity.
Log on to the CloudMonitor console.
In the left-side navigation pane, choose .
On the Subscription Policy tab of the Event Subscription page, click Create Subscription Policy.
On the Create Subscription Policy page, configure the parameters of alert rules for system events, and click Submit.
Set the Subscription Type parameter to System events. In the Subscription Scope section, select vpngw from the Products drop-down list, and then configure other parameters based on your business requirements. For more information about how to configure other parameters, see Manage event subscription policies (recommended).
What to do next
If a system event occurs or you receive an alert notification, you can troubleshoot the related issue in the VPN Gateway console. For more information, see Troubleshoot IPsec-VPN connection issues.
References
For more information about the system events of Alibaba Cloud services, see View system events.