Required interface(s) down-checkpoint-all

Required interface(s) down-checkpoint-all
0

Required interface(s) down-checkpoint-all

Vendor: checkpoint

OS: all

Description:
ClusterXL requires a certain number of interfaces to be up for the member to be considered OK.

Remediation Steps:
Determine why the interfaces are down and resolve the issue.

cphaprob_a_if_novsx

name: cphaprob_a_if_novsx
description: run "cphaprob -a if" on non-vsx
type: monitoring
monitoring_interval: 1 minute
requires:
    vendor: checkpoint
    high-availability: 'true'
    vsx:
        neq: true
    clusterxl: 'true'
    role-firewall: true
comments:
    cphaprob-required-interfaces:
        why: |
            ClusterXL defines a certain number of interfaces which are required to be up for the cluster to be considered
            healthy. If there are less than these actually up, the cluster is not in a healthy state and traffic flow may be affected.
        how: |
            By using the Check Point built-in "cphaprob" command, the information is retrieved.
        can-with-snmp: false
        can-with-syslog: false

    cphaprob-required-secured-interfaces:
        why: |
            ClusterXL defines a certain number of secured (sync) interfaces which are required to be up for the cluster
            to be considered healthy. If there are less than these actually up, the cluster is not in a healthy state
            and traffic flow may be affected.
        how: |
            By using the Check Point built-in "cphaprob" command, the information is retrieved.
        can-with-snmp: false
        can-with-syslog: false

    cphaprob-up-interfaces:
        why: |
            To check the healthy state of the cluster interfaces important factor for Cluster stability and redundancy
        how: |
            By Checking the input of Check Point clusterXL command "cphaprob -a if"
        can-with-snmp: false
        can-with-syslog: false

    cluster-vip:
        why: |
            This is the list of cluster virtual IP addresses also called floating IP adddresses for the cluster interfaces.
        how: |
            By using the Check Point built-in "cphaprob" command, the information is retrieved.
        can-with-snmp: false
        can-with-syslog: false

    clusterxl-ccp-mode:
        why: |
            ClusterXL can operate in different modes, multicast or broadcast. All members of the same clusters should have the same setting to ensure redundancy works correctly.
        how: |
            By using the Check Point built-in "cphaprob" command, the information is retrieved.
        can-with-snmp: false
        can-with-syslog: false

    cphaprob-up-secured-interfaces:
        why: |
            To check the status of the "Sync" interface is up
        how: |
            By running the command "cphaprob -a if"
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 cphaprob -a if
    parse:
        type: AWK
        file: cphaprob-a-if-novsx.parser.1.awk

cphaprob_a_if_novsx

name: cphaprob_a_if_novsx
description: run "cphaprob -a if" on non-vsx
type: monitoring
monitoring_interval: 1 minute
requires:
    vendor: checkpoint
    high-availability: 'true'
    vsx:
        neq: true
    clusterxl: 'true'
    role-firewall: true
comments:
    cphaprob-required-interfaces:
        why: |
            ClusterXL defines a certain number of interfaces which are required to be up for the cluster to be considered
            healthy. If there are less than these actually up, the cluster is not in a healthy state and traffic flow may be affected.
        how: |
            By using the Check Point built-in "cphaprob" command, the information is retrieved.
        can-with-snmp: false
        can-with-syslog: false

    cphaprob-required-secured-interfaces:
        why: |
            ClusterXL defines a certain number of secured (sync) interfaces which are required to be up for the cluster
            to be considered healthy. If there are less than these actually up, the cluster is not in a healthy state
            and traffic flow may be affected.
        how: |
            By using the Check Point built-in "cphaprob" command, the information is retrieved.
        can-with-snmp: false
        can-with-syslog: false

    cphaprob-up-interfaces:
        why: |
            To check the healthy state of the cluster interfaces important factor for Cluster stability and redundancy
        how: |
            By Checking the input of Check Point clusterXL command "cphaprob -a if"
        can-with-snmp: false
        can-with-syslog: false

    cluster-vip:
        why: |
            This is the list of cluster virtual IP addresses also called floating IP adddresses for the cluster interfaces.
        how: |
            By using the Check Point built-in "cphaprob" command, the information is retrieved.
        can-with-snmp: false
        can-with-syslog: false

    clusterxl-ccp-mode:
        why: |
            ClusterXL can operate in different modes, multicast or broadcast. All members of the same clusters should have the same setting to ensure redundancy works correctly.
        how: |
            By using the Check Point built-in "cphaprob" command, the information is retrieved.
        can-with-snmp: false
        can-with-syslog: false

    cphaprob-up-secured-interfaces:
        why: |
            To check the status of the "Sync" interface is up
        how: |
            By running the command "cphaprob -a if"
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 cphaprob -a if
    parse:
        type: AWK
        file: cphaprob-a-if-novsx.parser.1.awk

clusterxl_insufficient_nics_vsx

package com.indeni.server.rules.library.checkpoint

import com.indeni.ruleengine.expressions.conditions.GreaterThan
import com.indeni.ruleengine.expressions.core.{StatusTreeExpression, _}
import com.indeni.ruleengine.expressions.data.{SelectTagsExpression, SelectTimeSeriesExpression, TimeSeriesExpression}
import com.indeni.server.common.data.conditions.True
import com.indeni.server.rules._
import com.indeni.server.rules.library.{ConditionalRemediationSteps, PerDeviceRule, RuleHelper}
import com.indeni.server.rules.library.checkpoint.ClusterXLInsufficientNicsVsxRule.NAME
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class ClusterXLInsufficientNicsVsxRule() extends PerDeviceRule with RuleHelper {

  override val metadata: RuleMetadata = RuleMetadata.builder(NAME, "(VSX) Required interface(s) down",
    "ClusterXL requires a certain number of interfaces to be up for the member to be considered OK.", AlertSeverity.CRITICAL, categories = Set(RuleCategory.HealthChecks), deviceCategory = DeviceCategory.CheckPointClusterXLVSX).build()

  override def expressionTree(context: RuleContext): StatusTreeExpression = {
    val inUseValue = TimeSeriesExpression[Double]("cphaprob-up-interfaces").last
    val requiredValue = TimeSeriesExpression[Double]("cphaprob-required-interfaces").last

    StatusTreeExpression(
      // Which objects to pull (normally, devices)
      SelectTagsExpression(context.metaDao, Set(DeviceKey), True),

      // What constitutes an issue
        StatusTreeExpression(

          // The additional tags we care about (we'll be including this in alert data)
          SelectTagsExpression(context.tsDao, Set("vs.id"), True),

            StatusTreeExpression(
              // The time-series we check the test condition against:
              SelectTimeSeriesExpression[Double](context.tsDao, Set("cphaprob-up-interfaces", "cphaprob-required-interfaces"), denseOnly = false),

              // The condition which, if true, we have an issue. Checked against the time-series we've collected
              GreaterThan(
                requiredValue,
                inUseValue)

              // The Alert Item to add for this specific item
            ).withSecondaryInfo(
                scopableStringFormatExpression("VS: ${scope(\"vs.id\")}"),
                scopableStringFormatExpression("%.0f interfaces are up vs a requirement of %.0f", inUseValue, requiredValue),
                title = "Affected VS's"
            ).asCondition()
        ).withoutInfo().asCondition()

      // Details of the alert itself
    ).withRootInfo(
        getHeadline(),
        ConstantExpression("Some VS's have less interfaces up than required."),
        ConditionalRemediationSteps("Determine why the interfaces are down and resolve the issue.")
    )
  }
}

object ClusterXLInsufficientNicsVsxRule {

  /* --- Constants --- */

  private[checkpoint] val NAME = "clusterxl_insufficient_nics_vsx"
}