TX packets experienced collisions-checkpoint-ipso

TX packets experienced collisions-checkpoint-ipso
0

TX packets experienced collisions-checkpoint-ipso

Vendor: checkpoint

OS: ipso

Description:
Indeni tracks the number of packets that had issues and alerts if the ratio is too high.

Remediation Steps:
Packet collisions usually occur when there is a mismatch in duplex settings on two sides of a cable.

chkp-ipso-interfaces-novsx

name: chkp-ipso-interfaces-novsx
description: Get interface information
type: monitoring
monitoring_interval: 1 minute
requires:
    vendor: checkpoint
    and:
    -   os.name: ipso
    -   or:
        -   vsx:
                neq: 'true'
        -   mds: 'true'
comments:
    network-interface-state:
        why: |
            Interfaces in the "down" state could result in downtime or reduced redundancy.
        how: |
            The state of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-admin-state:
        why: |
            If the interface is disabled, then it is okay for it to be down. If the interface is enabled however, it should be up.
        how: |
            The state of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-speed:
        why: |
            If the interface speed is set to a low value, this could mean auto-negotiation is not working correctly and the interface does not utilize the full bandwidth available.
        how: |
            The speed of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-duplex:
        why: |
            If the interface has half-duplex setting, this will reduce throughput, and should be investigated.
        how: |
            The duplex of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-ipv4-address:
        why: |
            To be able to search for IP addresses in indeni, this data needs to be stored.
        how: |
            The IP address of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-ipv4-subnet:
        why: |
            To be able to search for IP addresses in indeni, this data needs to be stored.
        how: |
            The subnet of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-type:
        why: |
            The type of interface can be useful for administrators.
        how: |
            The type of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-mtu:
        why: |
            The MTU sometimes needs to be adjusted. Storing this gives an administrator an easy way to view the MTU from a large number of devices, as well as identifying incorrectly set MTU.
        how: |
            The MTU of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-mac:
        why: |
            To be able to search for MAC addresses in indeni, this data needs to be stored.
        how: |
            The MAC address of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-description:
        why: |
            The description is an important way to identify interfaces.
        how: |
            Retrive the information by parsing the IPSO database in /config/active.
        can-with-snmp: true
        can-with-syslog: false
    network-interface-tx-bits:
        why: |
            It is useful to know how much data has been transmitted by the interface.
        how: |
            How many bits sent by the interface is retrieved by running "netstat -idb".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-rx-bits:
        why: |
            It is useful to know how much data has been received by the interface.
        how: |
            How many bits received by the interface is retrieved by running "netstat -idb".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-tx-packets:
        why: |
            It is useful to know how many packets have been transmitted by the interface.
        how: |
            How many packets sent by the interface is retrieved by running "netstat -idb".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-rx-packets:
        why: |
            It is useful to know how many packets have been received by the interface.
        how: |
            How many packets received by the interface is retrieved by running "netstat -idb".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-tx-errors:
        why: |
            Transmit errors on an interface could indicate a problem.
        how: |
            The amount of transmit errors for the interface is retrieved by running "netstat -idb".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-rx-dropped:
        why: |
            Dropped packets on an interface could indicate a problem and potential traffic loss.
        how: |
            The amount of receive drops for the interface is retrieved by running "netstat -idb".
        can-with-snmp: true
        can-with-syslog: false

    network-interfaces:
        why: |
            To check get the list of network interfaces over the environment
        how: |
            By collecting the information about the interfaces can be obtained with "ifconfig -a"
        can-with-snmp: true

        can-with-syslog: false

    network-interface-tx-collisions:
        why: |
            To check the number of tx-collisions over all the network interfaces, high numbers could be a result of
            misconfiguration on duplex-speed
        how: |
            The amount of network interface tx-collisions for the interface is retrieved by running "ifconfig -a"
        can-with-snmp: true
        can-with-syslog: false

    network-interface-rx-errors:
        why: |
            To check the number of network interface "rx-errors" over all the network interfaces, high numbers could
            be a result of misconfiguration on duplex-speed
        how: |
            The amount of network interface tx-collisions for the interface is retrieved by running "ifconfig -a"
        can-with-snmp: true
        can-with-syslog: false
steps:
-   run:
        type: SSH
        file: show-interfaces-all-novsx.remote.1.bash
    parse:
        type: AWK
        file: show-interfaces-all-novsx.parser.1.awk

chkp-ipso-interfaces-novsx

name: chkp-ipso-interfaces-novsx
description: Get interface information
type: monitoring
monitoring_interval: 1 minute
requires:
    vendor: checkpoint
    and:
    -   os.name: ipso
    -   or:
        -   vsx:
                neq: 'true'
        -   mds: 'true'
comments:
    network-interface-state:
        why: |
            Interfaces in the "down" state could result in downtime or reduced redundancy.
        how: |
            The state of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-admin-state:
        why: |
            If the interface is disabled, then it is okay for it to be down. If the interface is enabled however, it should be up.
        how: |
            The state of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-speed:
        why: |
            If the interface speed is set to a low value, this could mean auto-negotiation is not working correctly and the interface does not utilize the full bandwidth available.
        how: |
            The speed of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-duplex:
        why: |
            If the interface has half-duplex setting, this will reduce throughput, and should be investigated.
        how: |
            The duplex of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-ipv4-address:
        why: |
            To be able to search for IP addresses in indeni, this data needs to be stored.
        how: |
            The IP address of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-ipv4-subnet:
        why: |
            To be able to search for IP addresses in indeni, this data needs to be stored.
        how: |
            The subnet of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-type:
        why: |
            The type of interface can be useful for administrators.
        how: |
            The type of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-mtu:
        why: |
            The MTU sometimes needs to be adjusted. Storing this gives an administrator an easy way to view the MTU from a large number of devices, as well as identifying incorrectly set MTU.
        how: |
            The MTU of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-mac:
        why: |
            To be able to search for MAC addresses in indeni, this data needs to be stored.
        how: |
            The MAC address of the interface is retrieved by running "ifconfig -a".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-description:
        why: |
            The description is an important way to identify interfaces.
        how: |
            Retrive the information by parsing the IPSO database in /config/active.
        can-with-snmp: true
        can-with-syslog: false
    network-interface-tx-bits:
        why: |
            It is useful to know how much data has been transmitted by the interface.
        how: |
            How many bits sent by the interface is retrieved by running "netstat -idb".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-rx-bits:
        why: |
            It is useful to know how much data has been received by the interface.
        how: |
            How many bits received by the interface is retrieved by running "netstat -idb".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-tx-packets:
        why: |
            It is useful to know how many packets have been transmitted by the interface.
        how: |
            How many packets sent by the interface is retrieved by running "netstat -idb".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-rx-packets:
        why: |
            It is useful to know how many packets have been received by the interface.
        how: |
            How many packets received by the interface is retrieved by running "netstat -idb".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-tx-errors:
        why: |
            Transmit errors on an interface could indicate a problem.
        how: |
            The amount of transmit errors for the interface is retrieved by running "netstat -idb".
        can-with-snmp: true
        can-with-syslog: false
    network-interface-rx-dropped:
        why: |
            Dropped packets on an interface could indicate a problem and potential traffic loss.
        how: |
            The amount of receive drops for the interface is retrieved by running "netstat -idb".
        can-with-snmp: true
        can-with-syslog: false

    network-interfaces:
        why: |
            To check get the list of network interfaces over the environment
        how: |
            By collecting the information about the interfaces can be obtained with "ifconfig -a"
        can-with-snmp: true

        can-with-syslog: false

    network-interface-tx-collisions:
        why: |
            To check the number of tx-collisions over all the network interfaces, high numbers could be a result of
            misconfiguration on duplex-speed
        how: |
            The amount of network interface tx-collisions for the interface is retrieved by running "ifconfig -a"
        can-with-snmp: true
        can-with-syslog: false

    network-interface-rx-errors:
        why: |
            To check the number of network interface "rx-errors" over all the network interfaces, high numbers could
            be a result of misconfiguration on duplex-speed
        how: |
            The amount of network interface tx-collisions for the interface is retrieved by running "ifconfig -a"
        can-with-snmp: true
        can-with-syslog: false
steps:
-   run:
        type: SSH
        file: show-interfaces-all-novsx.remote.1.bash
    parse:
        type: AWK
        file: show-interfaces-all-novsx.parser.1.awk

CrossVendorTxCollisions

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.NearingCapacityWithItemsTemplateRule
import com.indeni.server.rules.RemediationStepCondition

/**
  *
  */
case class CrossVendorTxCollisions() extends NearingCapacityWithItemsTemplateRule(
  ruleName = "CrossVendorTxCollisions",
  ruleFriendlyName = "All Devices: TX packets experienced collisions",
  ruleDescription = "Indeni tracks the number of packets that had issues and alerts if the ratio is too high.",
  usageMetricName = "network-interface-tx-collisions",
  limitMetricName = "network-interface-tx-packets",
  applicableMetricTag = "name",
  threshold = 0.5,
  minimumValueToAlert = 100.0, // We don't want to alert if the number of packets is really low
  alertDescription = "Some network interfaces and ports are experiencing a high collision rate. Review the ports below.",
  alertItemDescriptionFormat = "%.0f collisions identified out of a total of %.0f transmitted.",
  baseRemediationText = "Packet collisions usually occur when there is a mismatch in duplex settings on two sides of a cable.",
  alertItemsHeader = "Affected Ports")(
  RemediationStepCondition.VENDOR_FORTINET ->
    """
      |1. Run "diag hardware deviceinfo nic <interface>" command to display a list of hardware related error names and values. Review  the next link for more details: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-toubleshooting-54/troubleshooting_tools.htm
      |2. Run command "fnsysctl cat /proc/net/dev" to get a summary of the interface statistics.
      |3. Check for speed and duplex mismatch in the interface settings on both sides of a cable, and check for a damaged cable. Review the next link for more info: http://kb.fortinet.com/kb/documentLink.do?externalID=10653""".stripMargin 
)