RX packets experienced errors-checkpoint-ipso

RX packets experienced errors-checkpoint-ipso
0

RX packets experienced errors-checkpoint-ipso

Vendor: checkpoint

OS: ipso

Description:
Indeni tracks the number of packets that had issues and alerts if the ratio is too high.

Remediation Steps:
Packet errors usually occur when there is a mismatch in the speed and duplex settings on two sides of a cable, or a damaged cable.

chkp-ipso-interfaces-novsx

name: chkp-ipso-interfaces-novsx
description: Get interface information
type: monitoring
monitoring_interval: 1 minute
requires:
    vendor: checkpoint
    and:
    -   os.name: ipso
    -   or:
        -   vsx:
                neq: 'true'
        -   mds: 'true'
comments:
    network-interface-state:
        why: |
            Interfaces in the "down" state could result in downtime or reduced redundancy.
        how: |
            The state of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface status, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-admin-state:
        why: |
            If the interface is disabled, then it is okay for it to be down. If the interface is enabled however, it should be up.
        how: |
            The state of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-speed:
        why: |
            If the interface speed is set to a low value, this could mean auto-negotiation is not working correctly and the interface does not utilize the full bandwidth available.
        how: |
            The speed of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-duplex:
        why: |
            If the interface has half-duplex setting, this will reduce throughput, and should be investigated.
        how: |
            The duplex of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-ipv4-address:
        why: |
            To be able to search for IP addresses in indeni, this data needs to be stored.
        how: |
            The IP address of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP, WebUI or SmartDashboard.
    network-interface-ipv4-subnet:
        why: |
            To be able to search for IP addresses in indeni, this data needs to be stored.
        how: |
            The subnet of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP, WebUI or SmartDashboard.
    network-interface-type:
        why: |
            The type of interface can be useful for administrators.
        how: |
            The type of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface or SNMP.
    network-interface-mtu:
        why: |
            The MTU sometimes needs to be adjusted. Storing this gives an administrator an easy way to view the MTU from a large number of devices, as well as identifying incorrectly set MTU.
        how: |
            The MTU of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-mac:
        why: |
            To be able to search for MAC addresses in indeni, this data needs to be stored.
        how: |
            The MAC address of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-description:
        why: |
            The description is an important way to identify interfaces.
        how: |
            Retrive the information by parsing the IPSO database in /config/active.
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-tx-bytes:
        why: |
            It is useful to know how much data has been transmitted by the interface.
        how: |
            How many bytes sent by the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-rx-bytes:
        why: |
            It is useful to know how much data has been received by the interface.
        how: |
            How many bytes received by the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-tx-packets:
        why: |
            It is useful to know how many packets have been transmitted by the interface.
        how: |
            How many packets sent by the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-rx-packets:
        why: |
            It is useful to know how many packets have been received by the interface.
        how: |
            How many packets received by the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-tx-errors:
        why: |
            Transmit errors on an interface could indicate a problem.
        how: |
            The amount of transmit errors for the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-rx-dropped:
        why: |
            Dropped packets on an interface could indicate a problem and potential traffic loss.
        how: |
            The amount of receive drops for the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interfaces:
        skip-documentation: true
    network-interface-:
        skip-documentation: true
steps:
-   run:
        type: SSH
        file: show-interfaces-all-novsx.remote.1.bash
    parse:
        type: AWK
        file: show-interfaces-all-novsx.parser.1.awk

chkp-ipso-interfaces-novsx

name: chkp-ipso-interfaces-novsx
description: Get interface information
type: monitoring
monitoring_interval: 1 minute
requires:
    vendor: checkpoint
    and:
    -   os.name: ipso
    -   or:
        -   vsx:
                neq: 'true'
        -   mds: 'true'
comments:
    network-interface-state:
        why: |
            Interfaces in the "down" state could result in downtime or reduced redundancy.
        how: |
            The state of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface status, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-admin-state:
        why: |
            If the interface is disabled, then it is okay for it to be down. If the interface is enabled however, it should be up.
        how: |
            The state of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-speed:
        why: |
            If the interface speed is set to a low value, this could mean auto-negotiation is not working correctly and the interface does not utilize the full bandwidth available.
        how: |
            The speed of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-duplex:
        why: |
            If the interface has half-duplex setting, this will reduce throughput, and should be investigated.
        how: |
            The duplex of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-ipv4-address:
        why: |
            To be able to search for IP addresses in indeni, this data needs to be stored.
        how: |
            The IP address of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP, WebUI or SmartDashboard.
    network-interface-ipv4-subnet:
        why: |
            To be able to search for IP addresses in indeni, this data needs to be stored.
        how: |
            The subnet of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP, WebUI or SmartDashboard.
    network-interface-type:
        why: |
            The type of interface can be useful for administrators.
        how: |
            The type of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface or SNMP.
    network-interface-mtu:
        why: |
            The MTU sometimes needs to be adjusted. Storing this gives an administrator an easy way to view the MTU from a large number of devices, as well as identifying incorrectly set MTU.
        how: |
            The MTU of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-mac:
        why: |
            To be able to search for MAC addresses in indeni, this data needs to be stored.
        how: |
            The MAC address of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-description:
        why: |
            The description is an important way to identify interfaces.
        how: |
            Retrive the information by parsing the IPSO database in /config/active.
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-tx-bytes:
        why: |
            It is useful to know how much data has been transmitted by the interface.
        how: |
            How many bytes sent by the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-rx-bytes:
        why: |
            It is useful to know how much data has been received by the interface.
        how: |
            How many bytes received by the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-tx-packets:
        why: |
            It is useful to know how many packets have been transmitted by the interface.
        how: |
            How many packets sent by the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-rx-packets:
        why: |
            It is useful to know how many packets have been received by the interface.
        how: |
            How many packets received by the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-tx-errors:
        why: |
            Transmit errors on an interface could indicate a problem.
        how: |
            The amount of transmit errors for the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-rx-dropped:
        why: |
            Dropped packets on an interface could indicate a problem and potential traffic loss.
        how: |
            The amount of receive drops for the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interfaces:
        skip-documentation: true
    network-interface-:
        skip-documentation: true
steps:
-   run:
        type: SSH
        file: show-interfaces-all-novsx.remote.1.bash
    parse:
        type: AWK
        file: show-interfaces-all-novsx.parser.1.awk

cross_vendor_rx_error

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.NearingCapacityWithItemsTemplateRule
import com.indeni.server.rules.RemediationStepCondition

/**
  *
  */
case class CrossVendorRxError() extends NearingCapacityWithItemsTemplateRule(
  ruleName = "cross_vendor_rx_error",
  ruleFriendlyName = "All Devices: RX packets experienced errors",
  ruleDescription = "Indeni tracks the number of packets that had issues and alerts if the ratio is too high.",
  usageMetricName = "network-interface-rx-errors",
  limitMetricName = "network-interface-rx-packets",
  applicableMetricTag = "name",
  threshold = 0.5,
  minimumValueToAlert = 100.0, // We don't want to alert if the number of error packets is really low
  alertDescription = "Some network interfaces and ports are experiencing a high error rate. Review the ports below.",
  alertItemDescriptionFormat = "%.0f error packets identified out of a total of %.0f received.",
  baseRemediationText = "Packet errors usually occur when there is a mismatch in the speed and duplex settings on two sides of a cable, or a damaged cable.",
  alertItemsHeader = "Affected Ports")(
  RemediationStepCondition.VENDOR_CISCO ->
    """|
       |1. Run the "show interface" command to review the interface error counters and the bitrate. Consider to configure the "load-interval 30" interface sub command to improve the accuracy of the interface measurements.
       |2. Check for a mismatch in the speed and duplex interface settings on two sides of a cable, or for a damaged cable.
       |3. Use the "show interface counters errors" NX-OS command to display detailed interface error counters. If you do not specify an interface, this command displays information about all Layer 2 interfaces.""".stripMargin,
  RemediationStepCondition.VENDOR_JUNIPER ->
    """|1. Run the "show interface extensive" command to review the interface error counters.

       |2. Check for a mismatch in the speed and duplex interface settings on the both sides.
       |3. Check the physical cable. It might be damaged or incorrect type is used.
       |4. Review the following article on Juniper tech support site: <a target="_blank" href="https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-interfaces-security.html#jd0e1772">Operational Commands</a>
       |5. If the problem persists, contact the Juniper Networks Technical Assistance Center (JTAC)""",
  RemediationStepCondition.VENDOR_FORTINET ->
    """
       |1. Run "diag hardware deviceinfo nic <interface>" command to display a list of hardware related error names and values. Review  the next link for more details: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-toubleshooting-54/troubleshooting_tools.htm
       |2. Run command "fnsysctl cat /proc/net/dev" to get a summary of the interface statistics.
       |3. Check for speed and duplex mismatch in the interface settings on both sides of a cable, and check for a damaged cable. Review the next link for more info: http://kb.fortinet.com/kb/documentLink.do?externalID=10653""".stripMargin
)