Critical process(es) down (per VS)-checkpoint-all

Critical process(es) down (per VS)-checkpoint-all
0

Critical process(es) down (per VS)-checkpoint-all

Vendor: checkpoint

OS: all

Description:
Many devices have critical processes, usually daemons, that must be up for certain functions to work. indeni will alert if any of these goes down.

Remediation Steps:
Review the cause for the processes being down.
Check if “cpstop” was run.If MDS check if “mdsstop” was run",

How does this work?
The status of all important processes is retrieved using the built-in Check Point “cpwd_admin list” command. Descriptions are added, based on information from Check Point KB: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638

Why is this important?
The device functionality is dependent on software processes. It is vital for the operation of the device that these processes are running at all times.

Without Indeni how would you find this?
An administrator could login and manually run the command.

chkp-process-state-fw-novsx

name: chkp-process-state-fw-novsx
description: Checking the state of important processes.
type: monitoring
monitoring_interval: 1 minute
requires:
    vendor: checkpoint
    role-firewall: 'true'
    vsx:
        neq: true
comments:
    process-state:
        why: |
            The device functionality is dependent on software processes. It is vital for the operation of the device that these processes are running at all times.
        how: |
            The status of all important processes is retrieved using the built-in Check Point "cpwd_admin list" command. Descriptions are added, based on information from Check Point KB: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97638
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 cpstat mg | grep "Active status:";${nice-path}
            -n 15 cpwd_admin list
    parse:
        type: AWK
        file: cpwd-admin-list-m-novsx.parser.1.awk

cross_vendor_critical_process_down_vsx

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_critical_process_down_vsx.scala