High vmalloc usage-checkpoint-gaia,secureplatform

High vmalloc usage-checkpoint-gaia,secureplatform
0

High vmalloc usage-checkpoint-gaia,secureplatform

Vendor: checkpoint

OS: gaia,secureplatform

Description:
indeni will alert when usage of vmalloc is high.

Remediation Steps:
Review sk84700.

How does this work?
Check the vmalloc limit and usage by reviewing the output of “cat /proc/meminfo”.

Why is this important?
If the allocation of virtual memory in the operating system reaches the limit, there could be severe memory-related issues. More information is available in the following Check Point KB article: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk84700

Without Indeni how would you find this?
An administrator could login and manually check this.

chkp-os-proc-meminfo

name: chkp-os-proc-meminfo
description: shows data about memory usage on gateway
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    or:
    -   os.name: gaia
    -   os.name: secureplatform
comments:
    vmalloc-used-kbytes:
        why: |
            If the allocation of virtual memory in the operating system reaches the limit, there could be severe memory-related issues.

            More information is available in the following Check Point KB article: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk84700
        how: |
            Check the vmalloc limit and usage by reviewing the output of "cat /proc/meminfo".
        without-indeni: |
            An administrator could login and manually check this.
        can-with-snmp: false
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface.
    vmalloc-total-kbytes:
        skip-documentation: true
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 cat /proc/meminfo
    parse:
        type: AWK
        file: proc-meminfo.parser.1.awk

chkp-os-proc-meminfo

name: chkp-os-proc-meminfo
description: shows data about memory usage on gateway
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    or:
    -   os.name: gaia
    -   os.name: secureplatform
comments:
    vmalloc-used-kbytes:
        why: |
            If the allocation of virtual memory in the operating system reaches the limit, there could be severe memory-related issues.

            More information is available in the following Check Point KB article: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk84700
        how: |
            Check the vmalloc limit and usage by reviewing the output of "cat /proc/meminfo".
        without-indeni: |
            An administrator could login and manually check this.
        can-with-snmp: false
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface.
    vmalloc-total-kbytes:
        skip-documentation: true
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 cat /proc/meminfo
    parse:
        type: AWK
        file: proc-meminfo.parser.1.awk

chkp_vmalloc_usage_high

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.checkpoint

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.NearingCapacityTemplateRule
/**
  *
  */
case class chkp_vmalloc_usage_high() extends NearingCapacityTemplateRule(
  ruleName = "chkp_vmalloc_usage_high",
  ruleFriendlyName = "Check Point Firewalls: High vmalloc usage",
  ruleDescription = "indeni will alert when usage of vmalloc is high.",
  usageMetricName = "vmalloc-used-kbytes",
  limitMetricName = "vmalloc-total-kbytes",
  threshold = 80.0,
  alertDescriptionFormat = "vmalloc is using %.0f kilobytes where the limit is %.0f.",
  baseRemediationText = "Review sk84700.")()