RX packets overrun-checkpoint-gaia

RX packets overrun-checkpoint-gaia
0

RX packets overrun-checkpoint-gaia

Vendor: checkpoint

OS: gaia

Description:
Indeni tracks the number of packets that had issues and alerts if the ratio is too high.

Remediation Steps:
Packet overruns usually occur when there are too many packets being inserted into the port’s memory buffer, faster than the rate at which the kernel is able to process them.

chkp-gaia-clish_show_interfaces_all-vsx

name: chkp-gaia-clish_show_interfaces_all-vsx
description: Run "show interfaces all" over clish in VSX
type: monitoring
monitoring_interval: 5 minute
requires:
    vendor: checkpoint
    os.name: gaia
    vsx: 'true'
    role-firewall: 'true'
comments:
    network-interface-state:
        why: |
            To check the network interface  state for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-admin-state:
        why: |
           To check the interface admin state for all the interfaces on the system
        how: |
           By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-speed:
        why: |
            To check the  network interface  speed for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-duplex:
        why: |
            To check the network interface duplex state for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-ipv4-address:
        why: |
            To check the network interface ipv4 address for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-ipv4-subnet:
        why: |
            To check the network interface ipv4 subnet for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false
    network-interface-type:
        why: |
            To check the network interface state for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-mtu:
        why: |
            To check the network interface MTU for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-mac:
        why: |
            To check the network interface mac for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-description:
        why: |
            To check the network interface description for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-tx-bits:
        why: |
            To check the network interface transmitted bits for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-rx-bits:
        why: |
            To check the network interface recieved bits for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-tx-packets:
        why: |
             To check the network interface transmitted packets for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-rx-packets:
        why: |
            To check the network interface recieved packets for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-tx-errors:
        why: |
            To check the network interface "tx-errors" for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-rx-dropped:
        why: |
            To check the network interface "rx-dropped" packets for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-tx-overruns:
        why: |
            To check the network interface "tx-overruns" for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-rx-overruns:
        why: |
            To check the network interface "rx-overrruns" for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-tx-carrier:

        why: |
            To check the network interface "tx-carrier" for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-rx-frame:
        why: |
            To check the network interface "rx-frame"  for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interfaces:
        why: |
            To list all the network interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-admin-state-logical:
        why: |
            To check the interface network state for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-state-logical:
        why: |
            To check the network interface logical state for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-:
        why: |
            To check the network interface names for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false
steps:
   -  run:
          type: SSH
          file: show-interfaces-all-vsx.remote.1.bash
      parse:
          type: AWK
          file: show-interfaces-all-vsx.parser.1.awk

chkp-gaia-clish_show_interfaces_all-vsx

name: chkp-gaia-clish_show_interfaces_all-vsx
description: Run "show interfaces all" over clish in VSX
type: monitoring
monitoring_interval: 5 minute
requires:
    vendor: checkpoint
    os.name: gaia
    vsx: 'true'
    role-firewall: 'true'
comments:
    network-interface-state:
        why: |
            To check the network interface  state for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-admin-state:
        why: |
           To check the interface admin state for all the interfaces on the system
        how: |
           By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-speed:
        why: |
            To check the  network interface  speed for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-duplex:
        why: |
            To check the network interface duplex state for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-ipv4-address:
        why: |
            To check the network interface ipv4 address for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-ipv4-subnet:
        why: |
            To check the network interface ipv4 subnet for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false
    network-interface-type:
        why: |
            To check the network interface state for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-mtu:
        why: |
            To check the network interface MTU for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-mac:
        why: |
            To check the network interface mac for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-description:
        why: |
            To check the network interface description for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-tx-bits:
        why: |
            To check the network interface transmitted bits for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-rx-bits:
        why: |
            To check the network interface recieved bits for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-tx-packets:
        why: |
             To check the network interface transmitted packets for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-rx-packets:
        why: |
            To check the network interface recieved packets for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-tx-errors:
        why: |
            To check the network interface "tx-errors" for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-rx-dropped:
        why: |
            To check the network interface "rx-dropped" packets for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-tx-overruns:
        why: |
            To check the network interface "tx-overruns" for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-rx-overruns:
        why: |
            To check the network interface "rx-overrruns" for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-tx-carrier:

        why: |
            To check the network interface "tx-carrier" for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-rx-frame:
        why: |
            To check the network interface "rx-frame"  for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interfaces:
        why: |
            To list all the network interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-admin-state-logical:
        why: |
            To check the interface network state for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-state-logical:
        why: |
            To check the network interface logical state for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-:
        why: |
            To check the network interface names for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false
steps:
   -  run:
          type: SSH
          file: show-interfaces-all-vsx.remote.1.bash
      parse:
          type: AWK
          file: show-interfaces-all-vsx.parser.1.awk

cross_vendor_rx_overrun

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.NearingCapacityWithItemsTemplateRule
import com.indeni.server.rules.RemediationStepCondition

/**
  *
  */
case class CrossVendorRxOverrun() extends NearingCapacityWithItemsTemplateRule(
  ruleName = "cross_vendor_rx_overrun",
  ruleFriendlyName = "All Devices: RX packets overrun",
  ruleDescription = "Indeni tracks the number of packets that had issues and alerts if the ratio is too high.",
  usageMetricName = "network-interface-rx-overruns",
  limitMetricName = "network-interface-rx-packets",
  applicableMetricTag = "name",
  threshold = 0.5,
  minimumValueToAlert = 100.0, // We don't want to alert if the number of error packets is really low
  alertDescription = "Some network interfaces and ports are experiencing a high overrun rate. Review the ports below.",
  alertItemDescriptionFormat = "%.0f packets overrun out of a total of %.0f received.",
  baseRemediationText = "Packet overruns usually occur when there are too many packets being inserted into the port's memory buffer, faster than the rate at which the kernel is able to process them.",
  alertItemsHeader = "Affected Ports")(
  RemediationStepCondition.VENDOR_CISCO ->
    """|
       |In a small number of cases, the overrun counter may be incremented because of a software defect. However, in the majority of cases, it indicates that the receiving capability of the interface was exceeded. Nothing can be done on the device that reports overruns. If possible, the rate that frames are coming should be controlled at the remote end of the connection.
       |1. Run the "show interface" command to review the interface overrun & underun counters and the bitrate. Consider to configure the "load-interval 30" interface sub command to improve the accuracy of the interface measurements.
       |2. If the number of overruns is high, the hardware should be upgraded.
       |
       |In case of high bandwidth utilization:
       |1. Run the "show interface" command to review the interface counters and the bitrate. Consider to configure the "load-interval 30" interface sub command to improve the accuracy of the interface measurements.
       |2. If the interface bitrate is too high and close to the upper bandwidth limit consider to use multiple links with the port-channel technology or upgrade the bandwidth of the link.
       |3. Consider to implement QoS in case of high bandwidth utilization.""".stripMargin,
  RemediationStepCondition.VENDOR_JUNIPER ->
    """|The issue can not be resolved on the device that reports overruns. The rate that frames are coming should be controlled at the remote end of the connection.
       |1. Run the “show interface extensive” command to review the interface overrun counters. 

       |2. If the number of overruns is high, consider upgrading the hardware.
       |3. Review the following article on Juniper tech support site: <a target="_blank" href="https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-interfaces-security.html#jd0e1772">Operational Commands</a>""".stripMargin,
  RemediationStepCondition.VENDOR_FORTINET ->
    """
       |1. Run "diag hardware deviceinfo nic <interface>" command to display a list of hardware related error names and values. Review  the next link for more details: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-toubleshooting-54/troubleshooting_tools.htm
       |2. Run command "fnsysctl cat /proc/net/dev" to get a summary of the interface statistics.
       |3. Check for speed and duplex mismatch in the interface settings on both sides of a cable, and check for a damaged cable. Review the next link for more info: http://kb.fortinet.com/kb/documentLink.do?externalID=10653""".stripMargin
)