High vmalloc usage-checkpoint-gaia,secureplatform

High vmalloc usage-checkpoint-gaia,secureplatform
0

High vmalloc usage-checkpoint-gaia,secureplatform

Vendor: checkpoint

OS: gaia,secureplatform

Description:
indeni will alert when usage of vmalloc is high.

Remediation Steps:
Review sk84700.

How does this work?
Check the vmalloc limit and usage by reviewing the output of “cat /proc/meminfo”.

Why is this important?
If the allocation of virtual memory in the operating system reaches the limit, there could be severe memory-related issues. More information is available in the following Check Point KB article: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk84700

Without Indeni how would you find this?
An administrator could login and manually check this.

chkp-os-proc-meminfo

#! META
name: chkp-os-proc-meminfo
description: shows data about memory usage on gateway
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    or:
        -
            os.name: gaia
        -
            os.name: secureplatform
        # os.name: gaia-embedded removed per   IKP-932

#! COMMENTS
vmalloc-used-kbytes:
    why: |
        If the allocation of virtual memory in the operating system reaches the limit, there could be severe memory-related issues.

        More information is available in the following Check Point KB article: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk84700
    how: |
        Check the vmalloc limit and usage by reviewing the output of "cat /proc/meminfo".
    without-indeni: |
        An administrator could login and manually check this.
    can-with-snmp: false
    can-with-syslog: false
    vendor-provided-management: |
        This is only accessible from the command line interface.

vmalloc-total-kbytes:
    skip-documentation: true

#! REMOTE::SSH
${nice-path} -n 15 cat /proc/meminfo

#! PARSER::AWK

# VmallocUsed:     44812 kB
/VmallocUsed/ {
	writeDoubleMetric("vmalloc-used-kbytes", null, "gauge", "300", $2)
}

# VmallocTotal:     116728 kB
/VmallocTotal/ {
	writeDoubleMetric("vmalloc-total-kbytes", null, "gauge", "300", $2)
}

chkp-os-proc-meminfo

#! META
name: chkp-os-proc-meminfo
description: shows data about memory usage on gateway
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    or:
        -
            os.name: gaia
        -
            os.name: secureplatform
        # os.name: gaia-embedded removed per   IKP-932

#! COMMENTS
vmalloc-used-kbytes:
    why: |
        If the allocation of virtual memory in the operating system reaches the limit, there could be severe memory-related issues.

        More information is available in the following Check Point KB article: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk84700
    how: |
        Check the vmalloc limit and usage by reviewing the output of "cat /proc/meminfo".
    without-indeni: |
        An administrator could login and manually check this.
    can-with-snmp: false
    can-with-syslog: false
    vendor-provided-management: |
        This is only accessible from the command line interface.

vmalloc-total-kbytes:
    skip-documentation: true

#! REMOTE::SSH
${nice-path} -n 15 cat /proc/meminfo

#! PARSER::AWK

# VmallocUsed:     44812 kB
/VmallocUsed/ {
	writeDoubleMetric("vmalloc-used-kbytes", null, "gauge", "300", $2)
}

# VmallocTotal:     116728 kB
/VmallocTotal/ {
	writeDoubleMetric("vmalloc-total-kbytes", null, "gauge", "300", $2)
}

chkp_vmalloc_usage_high

package com.indeni.server.rules.library.templatebased.checkpoint

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.NearingCapacityTemplateRule
/**
  *
  */
case class chkp_vmalloc_usage_high() extends NearingCapacityTemplateRule(
  ruleName = "chkp_vmalloc_usage_high",
  ruleFriendlyName = "Check Point Firewalls: High vmalloc usage",
  ruleDescription = "indeni will alert when usage of vmalloc is high.",
  usageMetricName = "vmalloc-used-kbytes",
  limitMetricName = "vmalloc-total-kbytes",
  threshold = 80.0,
  alertDescriptionFormat = "vmalloc is using %.0f kilobytes where the limit is %.0f.",
  baseRemediationText = "Review sk84700.")()