License expired-checkpoint-False

warn
false
checkpoint
License expired-checkpoint-False
0

#1

License expired-checkpoint-False

Vendor: checkpoint

OS: False

Description:
indeni will trigger an issue when a license has expired. Licenses that have expired more that a set number of days will be ignored. The threshold for the number of days after licence expiration can be adjusted by the user.

Remediation Steps:
Renew any licenses that need to be renewed.
||Make sure you have purchased the required licenses and have updated them in your management server: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk33089

cpmds-cplic-print

#! META
name: cpmds-cplic-print
description: get contract data via cplic for MDS
type: monitoring
monitoring_interval: 60 minutes
requires:
    vendor: checkpoint
    vsx: true
    role-management: true
    mds: true

#! COMMENTS
contract-expiration:
    skip-documentation: true

license-expiration:
    skip-documentation: true

#! REMOTE::SSH
COLUMNS=150 && export COLUMNS && ${nice-path} -n 15 mdsstat |grep CMA | awk '{gsub(/\|/,"",$3); print $3}' | while read name; do mdsenv $name && ${nice-path} -n 15 mdsstat $name && ${nice-path} -n 15 cplic print; done

#! PARSER::AWK

############
# Why: Get information about contracts so we can alert before they expire.
# How: Use "cplic print"
###########

function addVsTags(tags) {
	tags["vs.ip"] = vsIp
    tags["vs.name"] = vsName
}

function dumpContracts() {
	addVsTags(contracttags)
	writeDoubleMetricWithLiveConfig("contract-expiration", contracttags, "gauge", "3600", contractexpiration, "Support Contract Expiration", "date", "")
}

function dumpLicenseExpr() {
	addVsTags(t)
	writeDoubleMetricWithLiveConfig("license-expiration", t, "gauge", 3600, date(yyyy, mm, dd), "License Expiration", "date", "name")
}

# | CMA |MDM-VSX_Management_Server | 10.10.6.14      | up 1531    | up 1616  | up 1493  | up 1720  |
/^\| CMA \|/ {
	vsName=$3
	vsIp=$5
	
	# Remove starting "|"
	gsub(/\|/,"",vsName)
}



# 1  | 38IH618   | 30Apr2017  | CPSB-ABOT-M-1Y
/^\d{1,2}  \| / {
    ddmmmyyyy = $5
    dd=substr(ddmmmyyyy, 1, length(ddmmmyyyy)-7) # need to handle 1 or 2 digits for day
	mmm=substr(ddmmmyyyy, length(dd)+1, 3)
    mm=parseMonthThreeLetter(mmm)
	yyyy=substr(ddmmmyyyy, length(ddmmmyyyy)-3, length(ddmmmyyyy))
	
    contracttags["name"] = $3 " - " $NF
    contractexpiration=date(yyyy, mm, dd)
    dumpContracts()
}


# 192.168.250.5    never       CPSB-ADNC-M CPSB-EVCR-10 CK-00-1C-7F-3E-CB-38
# 10.10.6.10       30Sep2017   CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-ADN CPSB-ACCL CPSB-IPSA CPSB-DLP CPSB-SSLVPN-50 CPSB-IA CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-ASPM CPSB-URLF CPSB-AV CPSB-APCL CPSB-ABOT-L CK-043C32F48B44
/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}/ {
	# extract the features, split on at least 2 spaces or more
	split($0,splitArr,/\s{2,}+/)
	gsub(/\sCK.+/, "", splitArr[3])
	
	t["features"] = splitArr[3]
	t["name"] = $NF
	
	if ($2 == "never") {
		# Since it never expires we set a expiry date very far in the future
		writeDoubleMetric("license-expiration", t, "gauge", 3600, date(2099,12,31))
	} else {
		
		ddmmmyyyy = $2
		dd=substr(ddmmmyyyy, 1, length(ddmmmyyyy)-7) # need to handle 1 or 2 digits for day
		mmm=substr(ddmmmyyyy, length(dd)+1, 3)
		mm=parseMonthThreeLetter(mmm)
		yyyy=substr(ddmmmyyyy, length(ddmmmyyyy)-3, length(ddmmmyyyy))
	
		dumpLicenseExpr()
	}
}

RuleMetadata

.builder(
  "cross_vendor_license_has_expired
package com.indeni.server.rules.library

import com.indeni.apidata.time.TimeSpan
import com.indeni.apidata.time.TimeSpan.TimePeriod
import com.indeni.ruleengine.expressions.conditions.{And, GreaterThan, LesserThan}
import com.indeni.ruleengine.expressions.core.{StatusTreeExpression, _}
import com.indeni.ruleengine.expressions.data._
import com.indeni.ruleengine.expressions.math.PlusExpression
import com.indeni.ruleengine.expressions.utility.NowExpression
import com.indeni.server.common.data.conditions.True
import com.indeni.server.params.ParameterDefinition
import com.indeni.server.params.ParameterDefinition.UIType
import com.indeni.server.rules._
import com.indeni.server.rules.library.core.PerDeviceRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class LicenseHasExpiredRule() extends PerDeviceRule with RuleHelper {

  private val highThresholdParameterName = "Effective_Duration_Threshold"
  private val highThresholdParameter = new ParameterDefinition(
    highThresholdParameterName,
    "",
    "Effective Duration Threshold",
    "How many days the license expiration issue should be effective",
    UIType.TIMESPAN,
    TimeSpan.fromDays(30)
  )

  override val metadata: RuleMetadata = RuleMetadata
    .builder(
      "cross_vendor_license_has_expired",
      "All Devices: License expired",
      "indeni will trigger an issue when a license has expired. Licenses that have expired more that a set number of days will be ignored.  The threshold for the number of days after licence expiration can be adjusted by the user.",
      AlertSeverity.WARN
    )
    .configParameter(highThresholdParameter)
    .build()

  override def expressionTree(context: RuleContext): StatusTreeExpression = {
    val actualValue = TimeSeriesExpression[Double]("license-expiration").last.toTimeSpan(TimePeriod.SECOND)

    StatusTreeExpression(
      // Which objects to pull (normally, devices)
      SelectTagsExpression(context.metaDao, Set(DeviceKey), True),
      // What constitutes an issue
      StatusTreeExpression(
        // The additional tags we care about (we'll be including this in alert data)
        SelectTagsExpression(context.tsDao, Set("name"), withTagsCondition("license-expiration")),
        StatusTreeExpression(
          // The time-series we check the test condition against:
          SelectTimeSeriesExpression[Double](context.tsDao, Set("license-expiration"), denseOnly = false),
          // The condition which, if true, we have an issue. Checked against the time-series we've collected
          And(
            LesserThan(actualValue, NowExpression()),
            GreaterThan(NowExpression(),
                        PlusExpression(actualValue, getParameterTimeSpanForTimeSeries(highThresholdParameter)))
          )

          // The Alert Item to add for this specific item
        ).withSecondaryInfo(
            scopableStringFormatExpression("${scope(\"name\")}"),
            scopableStringFormatExpression("Expired on %s", timeSpanToDateExpression(actualValue)),
            title = "Affected Licenses"
          )
          .asCondition()
      ).withoutInfo().asCondition()
    ).withRootInfo(
      getHeadline(),
      ConstantExpression("One or more licenses have expired. See the list below."),
      ConditionalRemediationSteps(
        "Renew any licenses that need to be renewed.",
        ConditionalRemediationSteps.VENDOR_CP -> "Make sure you have purchased the required licenses and have updated them in your management server: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk33089",
        ConditionalRemediationSteps.VENDOR_PANOS -> "Review this page on licensing: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/activate-licenses-and-subscriptions",
        ConditionalRemediationSteps.OS_NXOS ->
          """1. Run the “show license usage” NX-OS command to display information about the current license usage and the license expiration date.
            |2. Run the “show license” NX-OS command to view the installed licenses.
            |3. Run the “show license usage <feature>” NX-OS command e.g.” sh license usage ENHANCED_LAYER2_PKG” to display information about the activated features which utilize this license
            |4. Consider activating the grace-period for the license.
            |5. Order new license from CISCO.
            |6. For more information please review: <a target="_blank" href="https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/nxos/commands/fund/show-license-usage.html">Cisco Guide</a> """.stripMargin,
        ConditionalRemediationSteps.VENDOR_FORTINET ->
          """
            |1. Login via ssh to the Fortinet firewall and execute the FortiOS “get system fortiguard-service status” and “diag autoupdate versions” commands to list current update package versions and license expiry status.
            |2. Login via https to the Fortinet firewall and go to the menu System > Dashboard > Status to locate the License Information widget. All subscribed services should have a green checkmark, indicating that connections are successful. A gray X indicates that the FortiGate unit cannot connect to the FortiGuard network, or that the FortiGate unit is not registered. A red X indicates that the FortiGate unit was able to connect but that a subscription has expired or has not been activated.
            |3. Login via https to the Fortinet firewall to view the FortiGuard connection status by going to System > Config > FortiGuard menu.
            |4. Purchase additional licenses if are needed.
            |5. Consider enabling the issue email setting to the Fortinet firewall in order to receive a issue email prior to FortiGuard license expiration (notification date range: 1 - 100 days). The current issue email status can be provided with the next command: “get alertemail setting”. More details can be found in the next link: https://docs.fortinet.com/uploaded/files/2798/fortigate-cli-ref-54.pdf
            |6. For more information about licensing review  the next  online article “Setting up FortiGuard services” : http://cookbook.fortinet.com/setting-fortiguard-services-54/
            |7. Contact Fortinet Technical support at https://support.fortinet.com/ for further assistance.""".stripMargin
      )
    )
  }
}