-checkpoint-gaia

-checkpoint-gaia
0

-checkpoint-gaia

Vendor: checkpoint

OS: gaia

Description:
indeni will alert when a virtual system’s CPU utilization is too high.

Remediation Steps:
Determine the cause for the high CPU usage of the listed cores. This may indicate a need for more cores needs to be added.\nReview the following article for further information on high CPU utilization on Check Point firewalls. https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98348

How does this work?
Indeni issues a combination of Linux and Checkpoint commands to discover the processes and threads associated with a given VS, and then adds up the CPU usage, per CPU core, for each VS. Indeni reports both the average and per core usage, and alerts the user if usage is above a certain threshold.

Why is this important?
High CPU usage could cause traffic to be dropped and may result in notable performance issues.

Without Indeni how would you find this?
An administrator could log in and manually issue the commands and add up the various results to check CPU usage.

chkp-gaia-vs-cpu-vsx

name: chkp-gaia-vs-cpu-vsx
description: Records the CPU usage for virtual systems
type: monitoring
monitoring_interval: 2 minutes
includes_resource_data: true
requires:
    vendor: checkpoint
    os.name: gaia
    vsx: 'true'
    role-firewall: 'true'
comments:
    vs-cpu-usage:
        why: |
            High CPU usage could cause traffic to be dropped and may result in notable performance issues.
        how: |
            Indeni issues a combination of Linux and Checkpoint commands to discover the processes and threads associated with a given VS, and then adds up the CPU usage, per CPU core, for each VS. Indeni reports both the average and per core usage, and alerts the user if usage is above a certain threshold.
        without-indeni: |
            An administrator could log in and manually issue the commands and add up the various results to check CPU usage.
        can-with-snmp: fasle
        can-with-syslog: false
        vendor-provided-management: |
            Detailed CPU utilization data is not available for virtual systems, except via CLI. It is possible to also get this in SmartView Monitor but it is off by default.
    live-config-only-vs-cpu-usage:
        skip-documentation: true
steps:
-   run:
        type: SSH
        file: vs-cpu-vsx.remote.1.bash
    parse:
        type: AWK
        file: vs-cpu-vsx.parser.1.awk

check_point_vs_cpu

package com.indeni.server.rules.library.checkpoint

import com.indeni.server.rules.{DeviceCategory, RuleContext,RuleCategory}
import com.indeni.server.rules.library.templates.NumericThresholdOnDoubleMetricWithItemsTemplateRule

case class check_point_vs_cpu() extends NumericThresholdOnDoubleMetricWithItemsTemplateRule(
    ruleName = "check_point_vs_cpu",
    ruleFriendlyName = "Some VSes have high CPU usage",
    ruleDescription = "indeni will alert when a virtual system's CPU utilization is too high.",
    metricName = "vs-cpu-usage",
    threshold = 70.0,
    applicableMetricTag = "vs.name",
    alertItemsHeader = "Affected Virtual Systems",
    alertItemDescriptionFormat = "The current CPU usage is %.0f%%",
    alertDescription = "Some VSes have high CPU utilization. This could mean slowdown of traffic or packet loss.",
    baseRemediationText = "Determine the cause for the high CPU usage of the listed cores. This may indicate a need for more cores needs to be added.\nReview the following article for further information on high CPU utilization on Check Point firewalls. https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98348",
    ruleCategories = Set(RuleCategory.HealthChecks),
    deviceCategory = DeviceCategory.CheckPointVSX
)()