Management service down (Non-Virtual)-checkpoint-gaia,secureplatform

Management service down (Non-Virtual)-checkpoint-gaia,secureplatform
0

Management service down (Non-Virtual)-checkpoint-gaia,secureplatform

Vendor: checkpoint

OS: gaia,secureplatform

Description:
Alert if the management component is down on a device.

Remediation Steps:
This may be due to someone stopping the management component itself, a licensing or a performance issue.

How does this work?
By using the Check Point built-in “cpstat mg” command, the status of the management server is retrieved.

Why is this important?
Unless the management services are running correctly, it might not be possible to manage other gateways.

Without Indeni how would you find this?
An administrator could login and manually run the command.

cpstat-mg

name: cpstat-mg
description: Shows status of management server
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    or:
    -   os.name: gaia
    -   os.name: secureplatform
    role-management: true
    mds:
        neq: true
comments:
    mgmt-status:
        why: |
            Unless the management services are running correctly, it might not be possible to manage other gateways.
        how: |
            By using the Check Point built-in "cpstat mg" command, the status of the management server is retrieved.
        without-indeni: |
            An administrator could login and manually run the command.
        can-with-snmp: false
        can-with-syslog: false
        vendor-provided-management: |
            Retreiving the management status is only available from the command line.
    mgmt-status-description:
        skip-documentation: true
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 cpstat mg
    parse:
        type: AWK
        file: cpstat-mg-nomds.parser.1.awk

cpstat-mg

name: cpstat-mg
description: Shows status of management server
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    or:
    -   os.name: gaia
    -   os.name: secureplatform
    role-management: true
    mds:
        neq: true
comments:
    mgmt-status:
        why: |
            Unless the management services are running correctly, it might not be possible to manage other gateways.
        how: |
            By using the Check Point built-in "cpstat mg" command, the status of the management server is retrieved.
        without-indeni: |
            An administrator could login and manually run the command.
        can-with-snmp: false
        can-with-syslog: false
        vendor-provided-management: |
            Retreiving the management status is only available from the command line.
    mgmt-status-description:
        skip-documentation: true
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 cpstat mg
    parse:
        type: AWK
        file: cpstat-mg-nomds.parser.1.awk

cross_vendor_mgmt_component_down_novsx

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.{Contains, Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.ruleengine.utility.LastNNonEmptyValues
import com.indeni.server.common.data.conditions.{Equals => DataEquals, Not => DataNot}
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.StateDownTemplateRule
import com.indeni.server.rules.RemediationStepCondition

/**
  *
  */
case class cross_vendor_mgmt_component_down_novsx() extends StateDownTemplateRule(
  ruleName = "cross_vendor_mgmt_component_down_novsx",
  ruleFriendlyName = "Management Devices: Management service down (Non-Virtual)",
  ruleDescription = "Alert if the management component is down on a device.",
  metricName = "mgmt-status",
  historyLength = 3,
  generateStateDownCondition = (historyLength, tsToTestAgainst, stateToLookFor) =>
    Contains(LastNNonEmptyValues(tsToTestAgainst, historyLength), stateToLookFor),
  stateDescriptionComplexMetricName = "mgmt-status-description",
  alertDescription = "The management component on this device is down.",
  metaCondition = !DataEquals("vsx", "true"),
  baseRemediationText = "This may be due to someone stopping the management component itself, a licensing or a performance issue.")(
  RemediationStepCondition.VENDOR_CP -> "The management service is handled by the \"fwm\" process. Run \"cpstat mg\" for more details. Review the licenses installed on the device, as well as whether or not anyone has run cpstop recently."
)