Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
IdentityUnknown
Participant

How to monitor Check Point API?

Jump to solution

Hi folks,

 

one question. Do I have any chances to monitor the status of the REST API without a login?

 

On the CLI I am able to check the "api status".

If everything is fine I will get the message

"API readiness test SUCCESSFUL. The server is up and ready to receive connections"

 

Now I want to monitor the API status with a simple curl statement. But without the need of a session id and authorization.

 

 Any ideas?

 

Best regards!

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Every API call other than login requires an active session ID. There is no "status" API call that I am aware of. Might be a decent RFE. @Omer_Kleinstern 

View solution in original post

0 Kudos
4 Replies
HeikoAnkenbrand
Champion
Champion

Use this CLI command and you get the mgmt version:

# mgmt_cli -r  true show version


product-version: "Check Point Gaia R80.30"
os-build: "200"
os-kernel-version: "3.10.0-693cpx86_64"
os-edition: "64-bit"

 

0 Kudos
IdentityUnknown
Participant

Yes, but I need the status from an external monitoring device and via https.
I need an URL which I am able to access without login credentials and which will response with http status 200 if the API is up and running.

https://1.1.1.1:443/web_api responses with 200 but it doesn't matter if the API is up or down. 

0 Kudos
Nüüül
Advisor

Hi

 

you can either for mgmt api use the SDK from Checkpoint ( https://github.com/CheckPointSW/cp_mgmt_api_python_sdk ) for logging in and checking if logging in was successful. like:

if login_res.success is False:
  print("Login failed: {}".format(login_res.error_message))
  raise SystemExit("UNKNOWN")
do-something = client.api_call("show-something")

if login_res.success just checks if the respons´s JSON field "success" has value false

I assume you have some kind of Monitoring in place that looks for Responses like "OK", "WARNING, "CRITICAL" or "UNKNOWN"? i.e. Nagios based. With the SystemExit you can raise these towards the application.

 

(remember to logoff the session afterwards, otherwise you´ll end up with lots of orphaned sessions)

Maybe this helps:

https://github.com/leinadred/CP_IPS-Update-Monitoring4Nagios

(just take out the IPS stuff 🙂 )

 

For gateway API there is no SDK AFAIK, so you might have to "login manually" via sending http requests in json and so... it´s possible with some time

 

Daniel

0 Kudos
PhoneBoy
Admin
Admin

Every API call other than login requires an active session ID. There is no "status" API call that I am aware of. Might be a decent RFE. @Omer_Kleinstern 

View solution in original post

0 Kudos