This is an alert that I created and tested to alert us when the Cisco ASA fails over.
FIRST you will need to be familiar with the Firewall, it's failover and the interfaces on each.
We chose the actual state "failover" interface on each. You will also need to know what the current physical address of the interface when it's in its standard/normal state.
YOU MUST CHOSE THE IDENTICAL INTERFACE ON THE PRIMARY and the SECONDARY/Standby OR IT WILL NOT WORK!!!
The template will chose Interface as the type of property to monitor.
The trigger will be the Full Name is equal to (which you will have a pull down to search and select the correct one, keep in mind the full name starts with the server name - interface name)
Also in the trigger is the Physical Address is NOT equal to ________ (you will also see a pull down for this and in it you will have to choose the correct CURRENT physical address of that interface, so long as it isn't currently in fail over mode. THE CURRENT ADDRESS IS THE SAME AS THE MAC-ADDRESS without the ".". He He, most will know that but I wanted to be as clear as I can with the instructions).
Con's, you will receive two alerts but I actually like it this way in case one fails completely, you will at least receive the alert that it failed over. Also, if you change port descriptions or for whatever reason the physical address changes, you will need to correct that in your alert.
Any questions, comments or suggestions, please let me know.
