Interface nearing maximum Rx throughput-checkpoint-ipso

Interface nearing maximum Rx throughput-checkpoint-ipso
0

Interface nearing maximum Rx throughput-checkpoint-ipso

Vendor: checkpoint

OS: ipso

Description:
The interface is close to its maximum advertised throughput limit. Intermittent connectivity issues may occur such as network performance degradation or the inability to reach resources. This could be due to poor capacity management or user activity such as video streaming or file transfers. This could also be due to unexpected and suspicious activity.

Remediation Steps:
Follow the vendor specific remediation steps below.

How does this work?
Indeni will record the total bytes received, wait a pre-determined amount of time and then record it again. By comparing before and after a value for how many bytes sent during the period of time can be determined.

Why is this important?
If the throughput reaches the limit, packets will be dropped.

Without Indeni how would you find this?
An administrator could login and manually check this from the command line interface.

chkp-ipso-throughput-alert

name: chkp-ipso-throughput-alert
description: Check the current throughput for recieve and transmit for interfaces.
type: monitoring
monitoring_interval: 1 minutes
requires:
    vendor: checkpoint
    os.name: ipso
comments:
    network-interface-tx-util-percentage:
        why: |
            If the throughput reaches the limit, packets will be dropped.
        how: |
            Indeni will record the total bytes transmitted, wait a pre-determined amount of time and then record it again. By comparing before and after a value for how many bytes sent during the period of time can be determined.
        without-indeni: |
            An administrator could login and manually check this from the command line interface.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface or SmartView Monitor.
    network-interface-rx-util-percentage:
        why: |
            If the throughput reaches the limit, packets will be dropped.
        how: |
            Indeni will record the total bytes received, wait a pre-determined amount of time and then record it again. By comparing before and after a value for how many bytes sent during the period of time can be determined.
        without-indeni: |
            An administrator could login and manually check this from the command line interface.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: This is only accessible from the command line
            interface or SmartView Monitor.
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 ifconfig -a ; netstat -idb ; sleep 10 ; netstat
            -idb
    parse:
        type: AWK
        file: throughput-alert.parser.1.awk

cross_vendor_interface_rx_utilization

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.NearingCapacityWithItemsTemplateRule
import com.indeni.server.rules.RemediationStepCondition

/**
  * Contributed by Indeni_PJ
  */
case class crossVendorInterfaceRXUtilization() extends NearingCapacityWithItemsTemplateRule(
  ruleName = "cross_vendor_interface_rx_utilization",
  ruleFriendlyName = "All Devices: Interface nearing maximum Rx throughput",
  ruleDescription = "The interface is close to its maximum advertised throughput limit. Intermittent connectivity issues may occur such as network performance degradation or the inability to reach resources. This could be due to poor capacity management or user activity such as video streaming or file transfers. This could also be due to unexpected and suspicious activity.",
  usageMetricName = "network-interface-rx-util-percentage",
  applicableMetricTag = "name",
  threshold = 80.0,
  alertItemsHeader = "Affected Interfaces",
  alertItemDescriptionFormat  = "The interface is receiving at %.0f%% of it's capacity.",
  alertDescription = "Interfaces are nearing their maximum throughput. Connectivity issues may occur due to this. This could be due to poor capacity management, user activity such as video streaming or file transfers. This could also be due to unexpected activity.",
  baseRemediationText = "Follow the vendor specific remediation steps below.")(
  RemediationStepCondition.VENDOR_CP -> """Check point’s CLI cpview or SmartView Monitor tool can be used to view network top talkers such as source, destination, and protocol(s). 
                                              |Based on this information, it can be determined as to whether selected traffic should be blocked or dropped. If the throughput threshold reached is expected, consider adding more interfaces or modifying any applicable packet shaping.""".stripMargin,
  RemediationStepCondition.VENDOR_PANOS -> """Track down network top talkers such as source, destination, and application(s). This can be done by logging into the WebUI and viewing network activity on the ACC tab and Monitoring tab to view logs to look for patterns.
                                                |Based on this information, it can be determined as to whether selected traffic should be blocked or dropped. If the throughput utilization is expected or common in the environment, consider adding more interfaces or modifying any applicable packet shaping.""".stripMargin)