Critical process(es) down (per VS)-checkpoint-all
Vendor: checkpoint
OS: all
Description:
Many devices have critical processes, usually daemons, that must be up for certain functions to work. indeni will alert if any of these goes down.
Remediation Steps:
Review the cause for the processes being down.
Check if “cpstop” was run.If MDS check if “mdsstop” was run",
How does this work?
The status of all important processes is retrieved using the built-in Check Point “cpwd_admin list” command. Descriptions are added, based on information from Check Point KB: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638
Why is this important?
The device functionality is dependent on software processes. It is vital for the operation of the device that these processes are running at all times.
Without Indeni how would you find this?
An administrator could login and manually run the command.
chkp-process-state-fw-novsx
name: chkp-process-state-fw-novsx
description: Checking the state of important processes.
type: monitoring
monitoring_interval: 1 minute
requires:
vendor: checkpoint
role-firewall: 'true'
vsx:
neq: true
comments:
process-state:
why: |
The device functionality is dependent on software processes. It is vital for the operation of the device that these processes are running at all times.
how: |
The status of all important processes is retrieved using the built-in Check Point "cpwd_admin list" command. Descriptions are added, based on information from Check Point KB: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: ${nice-path} -n 15 cpstat mg | grep "Active status:";${nice-path}
-n 15 cpwd_admin list
parse:
type: AWK
file: cpwd-admin-list-m-novsx.parser.1.awk
cross_vendor_critical_process_down_vsx
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_critical_process_down_vsx.scala