BGP peer(s) down-checkpoint-gaia,ipso

error
health-checks
gaiaipso
checkpoint
BGP peer(s) down-checkpoint-gaia,ipso
0

#1

BGP peer(s) down-checkpoint-gaia,ipso

Vendor: checkpoint

OS: gaia,ipso

Description:
Indeni will alert one or more BGP peers isn’t communicating well.

Remediation Steps:
Review the cause for the peers being down.
Consider reading Tobias Lachmann’s blog on BGP: https://blog.lachmann.org/?p=1771

How does this work?
The clish command “show bgp peers” is used to retrieve the current BGP peer states.

Why is this important?
If BGP peers have connection issues it could mean whole sites going offline. Detecting it early is critical.

Without Indeni how would you find this?
An administrator could login and manually run the command.

chkp-clish-show-bgp

#! META
name: chkp-clish-show-bgp
description: Check status of BGP peers
type: monitoring
monitoring_interval: 1 minute
requires:
    vendor: checkpoint
    routing-bgp: true
    or:
        -
            os.name: gaia
        -
            os.name: ipso

#! COMMENTS
bgp-state:
    why: |
        If BGP peers have connection issues it could mean whole sites going offline. Detecting it early is critical.
    how: |
        The clish command "show bgp peers" is used to retrieve the current BGP peer states.
    without-indeni: |
        An administrator could login and manually run the command.
    can-with-snmp: false
    can-with-syslog: false
    vendor-provided-management: |
        Listing the clish BGP peer state is only available from the command line interface.

#! REMOTE::SSH
stty rows 80 ; ${nice-path} -n 15 clish -c 'show bgp peers'

#! PARSER::AWK

# The following two sections has been added by request of Dan Shouky
# https://indeni.atlassian.net/browse/IKP-1221

# Unfortunately, the following code is duplicated in many .ind scripts.
# If you change something in the following two sections, please find all
# of the other instances of this code and make the change there also.

#Could not acquire the config lock
/Could not acquire the config lock/ {
    if (NR == 1) {
        next
    }
}

#CLINFR0829  Unable to get user permissions
#CLINFR0819  User: johndoe denied access via CLI
#CLINFR0599  Failed to build ACLs
/(CLINFR0829\s+Unable to get user permissions|CLINFR0819\s+User: .+ denied access via CLI|CLINFR0599\s+Failed to build ACLs)/ {
    exit
}

# The script only accept states "Established" and "Ide" as valid states as they are the only states that would be acceptable during a longer period of time. Some other states will be present during the setup phase of a BGP connection, but they should not remain. Also technically they mean that no data is flowing yet.
# BGP states: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk40560

#215.117.172.229  3356   1       1       Established       3       1        5w5d
#215.117.172.230  3356   0       0       Idle              0       0        00:00:00
/^[0-9]/ {
	stateMessage = $5
	name = $1
	
	if (stateMessage == "Established" || stateMessage == "Idle") {
		status = 1
	} else {
		status = 0
	}
	
	tags["name"] = name
	writeDoubleMetric("bgp-state", tags, "gauge", 300, status)
}

cross_vendor_bgp_peer_down

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.ConditionalRemediationSteps
import com.indeni.server.rules.library.templates.StateDownTemplateRule

/**
  *
  */
case class cross_vendor_bgp_peer_down() extends StateDownTemplateRule(
  ruleName = "cross_vendor_bgp_peer_down",
  ruleFriendlyName = "All Devices: BGP peer(s) down",
  ruleDescription = "Indeni will alert one or more BGP peers isn't communicating well.",
  metricName = "bgp-state",
  applicableMetricTag = "name",
  alertItemsHeader = "Peers Affected",
  alertDescription = "One or more BGP peers are down.",
  baseRemediationText = "Review the cause for the peers being down.")(
  ConditionalRemediationSteps.VENDOR_CP -> "Consider reading Tobias Lachmann's blog on BGP: https://blog.lachmann.org/?p=1771",
  ConditionalRemediationSteps.VENDOR_PANOS -> "Consider starting at https://live.paloaltonetworks.com/t5/Configuration-Articles/BGP-Routes-are-not-Injected-into-the-Routing-Table/ta-p/54938 . You can also log into the device over SSH and run \"less mp-log routed.log\".",
  ConditionalRemediationSteps.OS_NXOS ->
    """|
      |1. Get information for all BGP neighbors by running the "show bgp vrf all sessions" NX-OS command
      |2. Get a summary list of BGP neighbors and statistics by executing the "show ip bgp vrf all summary" NX-OS command
      |3. Get detailed information from a BGP neighbor by running the "show ip bgp neighbors X.X.X.X" NX-OS command
      |4. Check global BGP process information with the "show bgp process" NX-OS command
      |5. Review the logs for relevant findings
      |6. For more information please review  following CISCO BGP troubleshooting flow chart:
      |https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/22166-bgp-trouble-main.html#anc6""".stripMargin
)
{
  override def deviceCondition(context: RuleContext) = generateDevicePassiveAndPassiveLinkStateCondition(context.tsDao)
}