Integration with identity/AAA server down-checkpoint-gaia
Vendor: checkpoint
OS: gaia
Description:
Some devices may integrate with identity or AAA servers to provide user identification, authentication and authorization services. If the integration is down, such services may be disrupted. indeni will alert if this occurs.
Remediation Steps:
Make sure that the device can communicate with the identity/AAA server, that the username and password for accessing it are correct and that it has the permissions it needs.
How does this work?
Using the Check Point command “adlog a dc” we retreive the status of the domain controllers.
Why is this important?
When using Identity Awareness it is important to make sure that the domain controllers are connected, otherwise no new events will be retrieved.
Without Indeni how would you find this?
An administrator could login and manually run the command.
chkp-gaia-adlog-a-dc-novsx
name: chkp-gaia-adlog-a-dc-novsx
description: Check status of connected domain controllers for Identity Awareness
type: monitoring
monitoring_interval: 10 minute
requires:
vendor: checkpoint
os.name: gaia
role-firewall: 'true'
vsx:
neq: 'true'
comments:
identity-integration-connection-state:
why: |
When using Identity Awareness it is important to make sure that the domain controllers are connected, otherwise no new events will be retrieved.
how: |
Using the Check Point command "adlog a dc" we retreive the status of the domain controllers.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: ${nice-path} -n 15 adlog a dc && sleep 5 && ${nice-path} -n 15 adlog
a dc && sleep 5 && ${nice-path} -n 15 adlog a dc
parse:
type: AWK
file: adlog-a-dc-novsx.parser.1.awk
cross_vendor_identity_integration_down
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_identity_integration_down.scala