Required interface(s) down-checkpoint-all
Vendor: checkpoint
OS: all
Description:
ClusterXL requires a certain number of interfaces to be up for the member to be considered OK.
Remediation Steps:
Determine why the interfaces are down and resolve the issue.
cphaprob_a_if_novsx
name: cphaprob_a_if_novsx
description: run "cphaprob -a if" on non-vsx
type: monitoring
monitoring_interval: 1 minute
requires:
vendor: checkpoint
high-availability: 'true'
vsx:
neq: true
clusterxl: 'true'
role-firewall: true
or:
- os.version.num:
compare-type: version-compare
op: "<"
value: "80.40"
- and:
- os.version: R80.30
- hotfix-jumbo-take:
compare-type: version-compare
op: "<"
value: "215"
comments:
cphaprob-required-interfaces:
why: |
ClusterXL defines a certain number of interfaces which are required to be up for the cluster to be considered
healthy. If there are less than these actually up, the cluster is not in a healthy state and traffic flow may be affected.
how: |
By using the Check Point built-in "cphaprob" command, the information is retrieved.
can-with-snmp: false
can-with-syslog: false
cphaprob-required-secured-interfaces:
why: |
ClusterXL defines a certain number of secured (sync) interfaces which are required to be up for the cluster
to be considered healthy. If there are less than these actually up, the cluster is not in a healthy state
and traffic flow may be affected.
how: |
By using the Check Point built-in "cphaprob" command, the information is retrieved.
can-with-snmp: false
can-with-syslog: false
cphaprob-up-interfaces:
why: |
To check the healthy state of the cluster interfaces important factor for Cluster stability and redundancy
how: |
By Checking the input of Check Point clusterXL command "cphaprob -a if"
can-with-snmp: false
can-with-syslog: false
cluster-vip:
why: |
This is the list of cluster virtual IP addresses also called floating IP adddresses for the cluster interfaces.
how: |
By using the Check Point built-in "cphaprob" command, the information is retrieved.
can-with-snmp: false
can-with-syslog: false
clusterxl-ccp-mode:
why: |
ClusterXL can operate in different modes, multicast or broadcast. All members of the same clusters should have the same setting to ensure redundancy works correctly.
how: |
By using the Check Point built-in "cphaprob" command, the information is retrieved.
can-with-snmp: false
can-with-syslog: false
cphaprob-up-secured-interfaces:
why: |
To check the status of the "Sync" interface is up
how: |
By running the command "cphaprob -a if"
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: ${nice-path} -n 15 cphaprob -a if
parse:
type: AWK
file: cphaprob-a-if-novsx.parser.1.awk
cphaprob_a_if_novsx
name: cphaprob_a_if_novsx
description: run "cphaprob -a if" on non-vsx
type: monitoring
monitoring_interval: 1 minute
requires:
vendor: checkpoint
high-availability: 'true'
vsx:
neq: true
clusterxl: 'true'
role-firewall: true
or:
- os.version.num:
compare-type: version-compare
op: "<"
value: "80.40"
- and:
- os.version: R80.30
- hotfix-jumbo-take:
compare-type: version-compare
op: "<"
value: "215"
comments:
cphaprob-required-interfaces:
why: |
ClusterXL defines a certain number of interfaces which are required to be up for the cluster to be considered
healthy. If there are less than these actually up, the cluster is not in a healthy state and traffic flow may be affected.
how: |
By using the Check Point built-in "cphaprob" command, the information is retrieved.
can-with-snmp: false
can-with-syslog: false
cphaprob-required-secured-interfaces:
why: |
ClusterXL defines a certain number of secured (sync) interfaces which are required to be up for the cluster
to be considered healthy. If there are less than these actually up, the cluster is not in a healthy state
and traffic flow may be affected.
how: |
By using the Check Point built-in "cphaprob" command, the information is retrieved.
can-with-snmp: false
can-with-syslog: false
cphaprob-up-interfaces:
why: |
To check the healthy state of the cluster interfaces important factor for Cluster stability and redundancy
how: |
By Checking the input of Check Point clusterXL command "cphaprob -a if"
can-with-snmp: false
can-with-syslog: false
cluster-vip:
why: |
This is the list of cluster virtual IP addresses also called floating IP adddresses for the cluster interfaces.
how: |
By using the Check Point built-in "cphaprob" command, the information is retrieved.
can-with-snmp: false
can-with-syslog: false
clusterxl-ccp-mode:
why: |
ClusterXL can operate in different modes, multicast or broadcast. All members of the same clusters should have the same setting to ensure redundancy works correctly.
how: |
By using the Check Point built-in "cphaprob" command, the information is retrieved.
can-with-snmp: false
can-with-syslog: false
cphaprob-up-secured-interfaces:
why: |
To check the status of the "Sync" interface is up
how: |
By running the command "cphaprob -a if"
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: ${nice-path} -n 15 cphaprob -a if
parse:
type: AWK
file: cphaprob-a-if-novsx.parser.1.awk
clusterxl_insufficient_nics_vsx
package com.indeni.server.rules.library.checkpoint
import com.indeni.ruleengine.expressions.conditions.GreaterThan
import com.indeni.ruleengine.expressions.core.{StatusTreeExpression, _}
import com.indeni.ruleengine.expressions.data.{SelectTagsExpression, SelectTimeSeriesExpression, TimeSeriesExpression}
import com.indeni.server.common.data.conditions.True
import com.indeni.server.rules._
import com.indeni.server.rules.library.{ConditionalRemediationSteps, PerDeviceRule, RuleHelper}
import com.indeni.server.rules.library.checkpoint.ClusterXLInsufficientNicsVsxRule.NAME
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity
case class ClusterXLInsufficientNicsVsxRule() extends PerDeviceRule with RuleHelper {
override val metadata: RuleMetadata = RuleMetadata.builder(NAME, "(VSX) Required interface(s) down",
"ClusterXL requires a certain number of interfaces to be up for the member to be considered OK.", AlertSeverity.CRITICAL, categories = Set(RuleCategory.HealthChecks), deviceCategory = DeviceCategory.CheckPointClusterXLVSX).build()
override def expressionTree(context: RuleContext): StatusTreeExpression = {
val inUseValue = TimeSeriesExpression[Double]("cphaprob-up-interfaces").last
val requiredValue = TimeSeriesExpression[Double]("cphaprob-required-interfaces").last
StatusTreeExpression(
// Which objects to pull (normally, devices)
SelectTagsExpression(context.metaDao, Set(DeviceKey), True),
// What constitutes an issue
StatusTreeExpression(
// The additional tags we care about (we'll be including this in alert data)
SelectTagsExpression(context.tsDao, Set("vs.id"), True),
StatusTreeExpression(
// The time-series we check the test condition against:
SelectTimeSeriesExpression[Double](context.tsDao, Set("cphaprob-up-interfaces", "cphaprob-required-interfaces"), denseOnly = false),
// The condition which, if true, we have an issue. Checked against the time-series we've collected
GreaterThan(
requiredValue,
inUseValue)
// The Alert Item to add for this specific item
).withSecondaryInfo(
scopableStringFormatExpression("VS: ${scope(\"vs.id\")}"),
scopableStringFormatExpression("%.0f interfaces are up vs a requirement of %.0f", inUseValue, requiredValue),
title = "Affected VS's"
).asCondition()
).withoutInfo().asCondition()
// Details of the alert itself
).withRootInfo(
getHeadline(),
ConstantExpression("Some VS's have less interfaces up than required."),
ConditionalRemediationSteps("Determine why the interfaces are down and resolve the issue.")
)
}
}
object ClusterXLInsufficientNicsVsxRule {
/* --- Constants --- */
private[checkpoint] val NAME = "clusterxl_insufficient_nics_vsx"
}