https://community.checkpoint.com/t5/Cloud-Firewall/Oracle-OCI-Script-Monitor/m-p/194077#M5947 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/82249">@Bernardes</a>&nbsp;</P> <P>Yes, that looks good to me. I was thinking of possibly being able to do cron job, sounds like most feasable thing.</P> <P>Andy</P> Mon, 02 Oct 2023 23:23:10 GMT the_rock 2023-10-02T23:23:10Z https://community.checkpoint.com/t5/Cloud-Firewall/Oracle-OCI-Script-Monitor/m-p/194059#M5943 <P>Dear friends,</P> <P>&nbsp;</P> <P>We have a customer with a CloudGuard cluster in the Oracle OCI environment, which runs a script to validate the Active/Standby members ($FWDIR/scripts/oracle_had.py), and the log output is located in the $FWDIR/log/oracle_had.elg directory.</P> <P>&nbsp;</P> <P>I would like to know how I could monitor the correct functioning of this script. Is there any Check Point process or tool that could accomplish this? Can cpwatchdog handle this task? If so, what would be the configuration?</P> <P>&nbsp;</P> <P>Thank you!</P> Mon, 02 Oct 2023 17:25:34 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Oracle-OCI-Script-Monitor/m-p/194059#M5943 Bernardes 2023-10-02T17:25:34Z https://community.checkpoint.com/t5/Cloud-Firewall/Oracle-OCI-Script-Monitor/m-p/194061#M5944 <P>Not aware of any built-in instrumentation to monitor this script.<BR />A script could theoretically be written to monitor the log file and send alerts based on what's there.</P> Mon, 02 Oct 2023 17:31:54 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Oracle-OCI-Script-Monitor/m-p/194061#M5944 PhoneBoy 2023-10-02T17:31:54Z https://community.checkpoint.com/t5/Cloud-Firewall/Oracle-OCI-Script-Monitor/m-p/194064#M5945 <P>Interesting request...might be worth TAC case.</P> Mon, 02 Oct 2023 18:15:33 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Oracle-OCI-Script-Monitor/m-p/194064#M5945 the_rock 2023-10-02T18:15:33Z https://community.checkpoint.com/t5/Cloud-Firewall/Oracle-OCI-Script-Monitor/m-p/194075#M5946 <P>Dear friends <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/38213">@the_rock</a>&nbsp;,</P> <P>&nbsp;</P> <P>I've been thinking about this specific request, and I believe it could be achieved as follows: The goal is to monitor the output of the log $FWDIR/log/oracle_had.elg, so on the Check Point Gateways, I could create a .sh script with the following content:</P> <P>&nbsp;</P> <P>###################################################################</P> <P><STRONG>#!/bin/bash</STRONG></P> <P><STRONG>while true; do</STRONG><BR /><STRONG>tail -f /opt/CPsuite-R81.10/fw1/log/oracle_had.elg | nc -l -p 12345</STRONG><BR /><STRONG>sleep 5</STRONG><BR /><STRONG>done</STRONG></P> <P>###################################################################</P> <P>and schedule this task in cron. This will make the Gateway create a server listening on port 12345 and sending the content of the specific log.</P> <P>&nbsp;</P> <P>After that, in some monitoring tool, I can use netcat with the 'nc gateway_ip 12345' command to allow the tool to view the log's output and then create some kind of alert if the log's output contains any unexpected values.</P> <P>&nbsp;</P> <P>I'm not sure yet which tool could be used or how to configure this alert within it, but this could be a way to go.</P> Mon, 02 Oct 2023 22:41:56 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Oracle-OCI-Script-Monitor/m-p/194075#M5946 Bernardes 2023-10-02T22:41:56Z https://community.checkpoint.com/t5/Cloud-Firewall/Oracle-OCI-Script-Monitor/m-p/194077#M5947 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/82249">@Bernardes</a>&nbsp;</P> <P>Yes, that looks good to me. I was thinking of possibly being able to do cron job, sounds like most feasable thing.</P> <P>Andy</P> Mon, 02 Oct 2023 23:23:10 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Oracle-OCI-Script-Monitor/m-p/194077#M5947 the_rock 2023-10-02T23:23:10Z