CPU monitoring enabled-bluecoat-sgos

CPU monitoring enabled-bluecoat-sgos
0

CPU monitoring enabled-bluecoat-sgos

Vendor: bluecoat

OS: sgos

Description:
CPU monitor provides very useful data when troubleshooting a ProxySG that is experiencing a high CPU related issue. The CPU monitor should only be enabled when troubleshooting a high CPU issue as it can increase CPU utilization by 2-4% depending on the platform. Indeni will alert if CPU monitoring is enabled.

Remediation Steps:
The CPU monitor should be used for tubleshooting a ProxySG that is experiencing a high CPU related issue.
|(Can be done using the live config or using the “show cpu-monitor” command)
|Otherwise it should be disabled because it increases the CPU utilization:
|1. Log into the ProxySG via SSH.
|2. Enter the following commands:
|# en
|# configure terminal
|# (config) diagnostics
|# (config diagnostics) cpu-monitor disable
|3. Verify that CPU monitor is disabled by entering the “show cpu-monitor” command.

How does this work?
Indeni logs in over SSH and executes “show cpu-monitor”. The output includes the current cpu usage of each proccess.

Why is this important?
CPU monitor provides very useful data when troubleshooting a ProxySG that is experiencing a high CPU related issue. The CPU monitor should only be enabled when troubleshooting a high CPU issue as it can increase CPU utilization by 2-4% depending on the platform. All other times CPU monitor should be disabled.

Without Indeni how would you find this?
An administrator could login and manually run the command.

bluecoat-show-cpu-monitor

#! META
name: bluecoat-show-cpu-monitor
description: Fetch cpu monitor statistics
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: "bluecoat"
    os.name: "sgos"

#! COMMENTS
cpu-monitor-enabled:
    why: |
        CPU monitor provides very useful data when troubleshooting a ProxySG that is experiencing a high CPU related issue. The CPU monitor should only be enabled when troubleshooting a high CPU issue as it can increase CPU utilization by 2-4% depending on the platform.  All other times CPU monitor should be disabled.
    how: |
        Indeni logs in over SSH and executes "show cpu-monitor".  The output includes the current cpu usage of each proccess.
    without-indeni: |
        An administrator could login and manually run the command.
    can-with-snmp: false
    can-with-syslog: false

process-cpu:
    skip-documentation: true

#! REMOTE::SSH
show cpu-monitor

#! PARSER::AWK

#CPU Monitor
#If it's not running, we'll see "CPU Monitor is not running. Enable in diagnostics menu"
#If it is, we will see:
#CPU Monitor:
#Configured interval duration:  5 seconds
#Current interval complete in:  2 seconds
#CPU 0                                                1%
#TCPIP                                            1%

/^(CPU Monitor is not running|Configured interval duration)/ {
    if (match($0, /^CPU Monitor is not running/)) {
        cpu_monitor_enabled = "false"
    } else {
        cpu_monitor_enabled = "true"
    }
    writeComplexMetricString("cpu-monitor-enabled", null, cpu_monitor_enabled)

}

#TCPIP                                            1%
/%$/ {
    process_name = $1
    if (process_name != "CPU") {
        cpu_usage = $NF
        gsub(/%/, "", cpu_usage)
        processtags["name"] = process_name
        processtags["process-name"] = process_name
        processtags["command"] = "show cpu-monitor"
        writeDoubleMetricWithLiveConfig("process-cpu", processtags, "gauge", "60", cpu_usage, "Top Processes CPU Utilization", "percentage", "process-name")
   }
}

BlueCoatCPUMonitorRule

package com.indeni.server.rules.library.templatebased.bluecoat.proxysg

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library._
import com.indeni.server.rules.library.templates.SingleSnapshotValueCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

/**
  *
  */
case class BlueCoatCPUMonitorRule() extends SingleSnapshotValueCheckTemplateRule(
  ruleName = "BlueCoatCPUMonitorRule",
  ruleFriendlyName = "Blue Coat Devices: CPU monitoring enabled",
  ruleDescription = "CPU monitor provides very useful data when troubleshooting a ProxySG that is experiencing a high CPU related issue. The CPU monitor should only be enabled when troubleshooting a high CPU issue as it can increase CPU utilization by 2-4% depending on the platform. Indeni will alert if CPU monitoring is enabled.",
  severity = AlertSeverity.WARN,
  metricName = "cpu-monitor-enabled",
  alertDescription = "CPU monitoring is enabled",
  baseRemediationText = """The CPU monitor should be used for tubleshooting a ProxySG that is experiencing a high CPU related issue.
                          |(Can be done using the live config or using the "show cpu-monitor" command)
                          |Otherwise it should be disabled because it increases the CPU utilization:
                          |1. Log into the ProxySG via SSH.
                          |2. Enter the following commands:
                          |# en
                          |# configure terminal
                          |# (config) diagnostics
                          |# (config diagnostics) cpu-monitor disable
                          |3. Verify that CPU monitor is disabled by entering the "show cpu-monitor" command.""".stripMargin,
  complexCondition = RuleEquals(RuleHelper.createComplexStringConstantExpression("true"), SnapshotExpression("cpu-monitor-enabled").asSingle().mostRecent().value().noneable))()