CISCO devices have a mechanism to automatically shut down a port when there’s a policy violation (Port Security Violation, BPDU guard, etc.)
In LibeNMS these err-disabled ports appear as “OK”, because no error on the interface-error counters are detected (which is true).
However I’d like to monitor my devices for such ports which are in “err-disabled” state (because these are exactly the ports you are interested in).
My suggestion is to create something like an "extended port"state that is “NULL” by default and "carries the “cErrDisableIfStatusCause” if this port appears in the “cErrDisableIfStatusTable” (-> http://oidref.com/188.8.131.52.184.108.40.206.548.1.3) of the device. My suggestion is that this will also cause that this port “carries the red flag”.
The way you can currently detect this kind of ports is not very reliable:
The CISCO device could throw SNMP traps, which is not supported by Libre (as traps are not reliable anyway).
The CISCO device does report such incidents via syslog (but syslog reliability, by default, suffers for the same reasons as SNMP traps) and syslog-monitoring is something that has to be set up first (and is not trivial …).
I believe that Libre is widely spread in environments which have CISCO devices. Such a feature, I believe, would be highly appreciated… what do you think?