cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

Errors with Cisco IronPort (Powershell) Template

I deployed the Cisco IronPort (PowerShell) Application template to monitor two different IronPort devices in our environment, but the monitors return multiple script errors on both devices. The errors occur about once per hour. Sometimes less, sometimes more; but they are consistent.

As far as I can tell, any one of the five components can cause of of these two errors:

"PowerShell script error. Scripting Error: Script does not contain the expected parameters or is improperly formatted. 'Total_CPU', 'Email_Security_Appliance_CPU', 'Reporting_CPU', 'Quarantine_CPU', 'RAM', 'Disk_IO', 'Logging_Disk' missing"

"The return code is different than expected. Testing on node '[IP Address Removed]' failed with 'Down' status ('Down' might be different if script exits with a different exit code). Failed to get status page. Error: The '=' operator failed: Index was outside the bounds of the array.."

If I manually re-poll the application, then the error goes away - every time.

I am not too familiar with PowerShell - I only dabble. Can someone help me interpret the error messages so that I can troubleshoot the issue? Thanks in advance for any help!

0 Kudos
11 Replies
Level 9

After working with support, we figured out that, too many concurrent logins will cause the error. Each monitor is a separate login, and it logs in every 300 seconds. It eventually has ton of sessions, that have not timed out, so it blocks the polling. Since there is no way to tweak login timeouts per account on ironports, the change needs to be on script. I've tried modding the end of the script to "logout", but have been unsuccessful. Any ideas on how to make it logout?

This was super useful. I edited the powershell script in each section, adding "start-sleep" with a different value so that all six of the component monitors don't kick off at the same time. Here's how I added the line:

  return $ts_d;

  }

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

$web = New-Object Net.WebClient;

$web.Credentials = Get-Credential ${CREDENTIAL};

start-sleep 5;

try {

  $out = $web.DownloadString("https://${IP}/xml/status");

  }

catch {

  Write-Host "Message: Failed to get status page. Error: $($Error[0])";

  exit 1;

  }

One of does not need start-sleep, the other five I varied by five seconds.

0 Kudos
Level 9

Is this still being actively worked on? I'm experiencing the same pattern of errors. Highly unstable.

0 Kudos
Product Manager
Product Manager

If you unmanage one of the IronPort applications so that it's no longer monitoring, is the other then reliably stable by chance, or does it continue to return in error at random intervals?

0 Kudos

After unmanaging one of the monitors over the weekend, I can say that the other monitor was definitely unstable. The error continued to appear all weekend - roughly once per hour.

0 Kudos

Have you tried using the SNMP template instead?

Cisco IronPort (SNMP)

0 Kudos

I am thinking that I should go ahead and open up a ticket with support.

0 Kudos

Agreed. I would recommend placing this particular application into debug mode and gathering a diagnostic immediately after receiving the next error from that monitored application. From those diagnostics we should have a much better idea what is cause of these false positives.

has this been resolved yet? I am having the same issue with ironport monitoring.

0 Kudos

I haven't tried that template yet. The PowerShell template is preferred because it monitors a lot more information such as license status.

0 Kudos

I haven't tried that yet. I will give it a shot and report back after the weekend.

0 Kudos