Network appliance health monitor

What is claimed is: 1. A method comprising: for each network security device of a plurality of network security devices: receiving, by a network device health monitor, a usage log for the network security device over a network connection, wherein the usage log contains information regarding a write count to a solid state disk (SSD) of the network security device during a particular timeframe; wherein the usage log contains information regarding a utilization of a central processing unit (CPU) of the network security device during a particular timeframe; and determining, by the network device health monitor, based on an analysis of the usage log for the network security device whether an abnormal usage issue has occurred within the network security device, including comparing the write count to an SSD write count threshold and including comparing the utilization of the CPU to a CPU utilization threshold; determining, by the network device health monitor, whether the abnormal usage issue is common across multiple network security devices of the plurality of network security devices and if so, for each network security device of the multiple network security devices: retrieving, by the network device health monitor, environment information of the network security device, wherein the environment information includes a network security policy configuration of the network security device; and identifying, by the network device health monitor, a potential cause of the abnormal usage issue by detecting a potential defect within the environment information and associating the abnormal usage issue with potential defect within the environment information, wherein said detecting a potential defect includes: when the write count exceeds the SSD write count threshold, determining whether there exists a security policy in the network security policy configuration that triggers logging of network traffic between a plurality of source Internet Protocol (IP) addresses and a plurality of destination IP addresses by analyzing the network security policy configuration; and when the utilization of the CPU exceeds the CPU utilization threshold, determining whether there exists a security policy in the network security policy configuration that binds multiple security services between the plurality of source Internet Protocol (IP) addresses and the plurality of destination IP addresses by analyzing the network security policy configuration; and causing, by the network device health monitor, an administrator of the network device to be notified regarding the abnormal usage issue and the potential defect. 2. The method of claim 1 , further comprising collecting, by the network device health monitor, the environment information of a network security device of the plurality of network security devices during registration of the network security device with the network device health monitor. 3. The method of claim 1 , further comprising collecting, by the network device health monitor, the environment information of a network security device of the plurality of network security devices responsive to an update to the environment information of the network security device. 4. The method of claim 1 , wherein the common abnormal usage issue of the network device comprises an abnormal hardware usage issue. 5. The method of claim 4 , wherein the abnormal hardware usage issue comprises one or more of: excessive disk write operations; high-CPU usage over an extended time period; high kernel CPU usage; and high network usage. 6. The method of claim 1 , wherein the common abnormal usage issue comprises an abnormal software usage issue. 7. The method of claim 6 , wherein the abnormal software usage issue comprises one or more of: a daemon crash; a kernel crash; a memory leak; and memory usage in conserve mode. 8. The method of claim 1 , wherein the environment information comprises software environment information, including one or more of: a version of an operating system running within the network security device; a software update log; and a network security policy configuration. 9. The method of claim 1 , wherein the plurality of source IP addresses comprises any source IP address and wherein the plurality of destination IP addresses comprises any destination IP address. 10. A computer system comprising: non-transitory storage device having embodied therein instructions representing a device health monitoring application; and one or more processors coupled to the non-transitory storage device and operable to execute the health monitoring application to perform a method comprising: for each network security device of a plurality of network security devices: receiving a usage log for the network security device over a network connection, wherein the usage log contains information regarding a write count to a solid state disk (SSD) of the network security device during a particular timeframe; wherein the usage log contains information regarding a utilization of a central processing unit (CPU) of the network security device during a particular timeframe; and determining based on an analysis of the usage log for the network security device whether an abnormal usage issue has occurred within the network security device, including comparing the write count to an SSD write count threshold; including comparing the utilization of the CPU to a CPU utilization threshold; determining whether the abnormal usage issue is common across multiple network security devices of the plurality of network security devices and if so, for each network security device of the multiple network security devices: retrieving environment information of the network security device, wherein the environment information includes a network security policy configuration of the network security device; and identifying a potential cause of the abnormal usage issue by detecting a potential defect within the environment information and associating the abnormal usage issue with potential defect within the environment information, wherein said detecting a potential defect includes: when the write count exceeds the SSD write count threshold, determining whether there exists a security policy in the network security policy configuration that triggers logging of network traffic between a plurality of source Internet Protocol (IP) addresses and a plurality of destination IP addresses by analyzing the network security policy configuration; and when the utilization of the CPU exceeds the CPU utilization threshold, determining whether there exists a security policy in the network security policy configuration that binds multiple security services between the plurality of source Internet Protocol (IP) addresses and the plurality of destination IP addresses by analyzing the network security policy configuration; and causing an administrator of the network device to be notified regarding the abnormal usage issue and the potential defect. 11. The computer system of claim 10 , wherein the method further comprises collecting the environment information of a network security device of the plurality of network security devices during registration of the network security device with the device health monitoring application. 12. The computer system of claim 10 , wherein the method further comprises collecting the environment information of a network security device of the plurality of network security devices responsive to an update to the environment information of the network security device. 13. The computer system of claim 10 , wherein the common abnormal usage issue comprises an abnormal hardware usage issue. 14. The computer system of claim 13 , wherein the a