This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alex-
Advisor
‎2022-05-09 06:54 AM

vs_corexl_check: a tool for a quick overview of VSX CoreXL allocation

Here's a tool to quickly check the CoreXL allocation of all your VS.

Copy it on your VSX gateway and chmod+x, make sure to run it on the standby unit first to ensure it doesn't interfere with your systems.

It will take into account that you can have non-contiguous Virtual System ID.

 

 

 

#!/bin/bash

#Functions
function display_help () {
echo "Displays VS CoreXL allocations and connections ratios."
echo "Options:"
echo "  -h: Display this help"
echo "  -v: Display version"
echo "  -w: Save output in web version to /var/tmp/vs_corexl_check.html"
echo "  -s: Display output to terminal"
exit $2
}


#Initialize global empy argument variables
version=''
web=''
screen=''
echo $version
while getopts 'hwvs' flag
do
    case "${flag}" in
        v) version=1;;
        h) help=1;;
        w) web=1;;
        s) screen=1;;
    esac
done

if [[ "$version" -eq 1 ]];then
echo "Version 1.0"
exit 2
fi

if [[ "$help" -eq 1 ]];then
display_help
fi

#Import the vsenv shell to run vsenv commands
source /etc/profile.d/vsenv.sh

#Check if this is a VSX system, if not exit with error code 1.
vsenv 2&> /dev/null
if [[ ! "$? -eq 0" ]]; then
echo "This is not a VSX system, exiting. Run with the -h flag to get all options."
exit 1
fi

#System variable definitions
#---------------------------

t=0             #Assigned CoreXL instance counter
array_offset=1  #Since arrays begin with an index of 0 but VS count starts at 1
array_index=0   #Base array index is 0
chassis_name=`hostname`

#Screen version
if [[ "$screen" -eq 1 ]];then
#Initialize display and arrays
clear
echo "VSX CoreXL allocation summary"
echo "-----------------------------"
echo "Chassis name: $chassis_name"
printf "\n"

#Read the output of vsx stat -v and search for virtual systems
readarray -t vs_index < <(vsx stat -v | awk '{if ($3 == "S") print $1}')
readarray -t vs_name < <(vsx stat -v | awk '{if ($3 == "S") print $4}')
declare -p vs_list &>/dev/null
declare -p vs_name &>/dev/null

#Initialize for loop and match array index

for i in ${vs_index[@]}
do
evaluator=$(($array_index+1))


#Verifiy if there is not a gap in VS index

if [[ ! " $evaluator -eq  $array_index " ]]; then
array_index=$(($array_index + 2))
fi

#Display results

corecount=(`cpwd_admin list -ctx $i | grep _wd | awk {'print $11'}`)
conns_count=(`vsx stat -l $i | grep peak | awk '{print $3}'`)
conns_limit=(`vsx stat -l $i | grep limit | awk '{print $3}'`)
conns_ratio=(`echo "scale=2; ($conns_count / $conns_limit) * 100" | bc`)
if (( $(bc <<< "$conns_ratio<=75") )); then conn_color=2; elif
 (( $(bc <<< "$conns_ratio>75 && $conns_ratio<=85") )); then conn_color=3; else
 conn_color=1; fi
if [ "$corecount" -eq 1 ]; then
echo "Virtual system ID $i with name ${vs_name[$array_index]} has CoreXL disabled"
else
echo "Virtual System ID $i with name ${vs_name[$array_index]} has been assigned $corecount CoreXL instances"
fi
echo "Peak connections#: $conns_count"
echo "Connections limit#: $conns_limit"
echo "Connections ratio: $(tput setaf $conn_color) $conns_ratio% $(tput setaf 7)"
echo "--"
array_index=$(($array_index+$array_offset))
t=$(($t + $corecount))
done
printf "\n"
echo "A total of $t CoreXL instances have been assigned between all virtual systems."
exit 0
fi

#Web version
if [[ "$web" -eq 1 ]];then
#Initialize display and arrays
clear
echo "<html><header><title>vs_corexl_check</title><style>table, th, td {border: 1px solid black;border-collapse: collapse;padding: 5pt;align-items: center;} body {font-family: sans-serif;background-color: white;}</style></header><body>" > /var/tmp/vs_corexl_check.html
echo "<body>" >> /var/tmp/vs_corexl_check.html
echo "<img src=\"https://sc1.checkpoint.com/www/images/layout/duke/check-point-logo.png\"> <h1>VSX CoreXL and connections for $chassis_name</h1>" >> /var/tmp/vs_corexl_check.html
echo "<table>" >> /var/tmp/vs_corexl_check.html
echo "<tr><th>VS Index</th><th>VS name</th><th>CoreXL Instances</th><th>Connections max/limit</th><th>Connections Ratio</th></tr>" >> /var/tmp/vs_corexl_check.html

#Read the output of vsx stat -v and search for virtual systems
readarray -t vs_index < <(vsx stat -v | awk '{if ($3 == "S") print $1}')
readarray -t vs_name < <(vsx stat -v | awk '{if ($3 == "S") print $4}')
declare -p vs_list &>/dev/null
declare -p vs_name &>/dev/null

#Initialize for loop and match array index

for i in ${vs_index[@]}
do
evaluator=$(($array_index+1))


#Verifiy if there is not a gap in VS index

if [[ ! " $evaluator -eq  $array_index " ]]; then
array_index=$(($array_index + 2))
fi

#Display results
clear;
echo "Processing VS $i of ${vs_index[-1]}"
echo "<tr>" >> /var/tmp/vs_corexl_check.html
corecount=(`cpwd_admin list -ctx $i | grep _wd | awk {'print $11'}`)
conns_count=(`vsx stat -l $i | grep peak | awk '{print $3}'`)
conns_limit=(`vsx stat -l $i | grep limit | awk '{print $3}'`)
conns_ratio=(`echo "scale=2; ($conns_count / $conns_limit) * 100" | bc`)
if (( $(bc <<< "$conns_ratio<=75") )); then conn_color="lightgreen"; elif
 (( $(bc <<< "$conns_ratio>75 && $conns_ratio<=85") )); then conn_color="lightsalmon"; else
 conn_color="lightcoral"; fi
if [ "$corecount" -eq 1 ]; then
echo "<td>$i</td><td>${vs_name[$array_index]}</td><td>Off</td><td>$conns_count / $conns_limit</td><td style=\"background-color:$conn_color;\">$conns_ratio</td>" >> /var/tmp/vs_corexl_check.html
else
echo "<td>$i</td><td>${vs_name[$array_index]}</td><td>$corecount</td><td>$conns_count / $conns_limit</td><td style=\"background-color:$conn_color;\">$conns_ratio</td>" >> /var/tmp/vs_corexl_check.html
fi
array_index=$(($array_index+$array_offset))
t=$(($t + $corecount))
echo "</tr>" >> /var/tmp/vs_corexl_check.html
done
echo "<tr><td colspan=\"5\">A total of $t CoreXL instances has been assigned.</td></tr>" >> /var/tmp/vs_corexl_check.html
echo "</table>" >> /var/tmp/vs_corexl_check.html
echo "</body></html>" >> /var/tmp/vs_corexl_check.html
echo "Iteration done. Output can be found in /var/tmp/vs_corexl_check.html"
exit 0
fi

#By default, display help if no option was chosen
display_help

 

 

3 Replies
Alex-
Advisor
‎2022-05-13 09:11 AM

Code has been updated to also provide connections peak/limit per VS and provide a ratio with percentage, below 75%: OK, green, between 75% and  85% Warning, yellow, above 85% Critical, red, probably time to update that connections limit.

vs_corexl_check_conns.png

0 Kudos
genisis__
Advisor
‎2022-05-14 11:00 AM
In response to Alex-

Can confirm this works on R81.10 with JHFA45 VSX system.

0 Kudos
Alex-
Advisor
‎2022-07-05 12:22 AM

Code has been updated. The script will now prompt the user for an option instead of starting as it can take some time on larger VSX environments.

 

 

./vs_corexl_check

Displays VS CoreXL allocations and connections ratios.
Options:
  -h: Display this help
  -v: Display version
  -w: Save output in web version to /var/tmp/vs_corexl_check.html
  -s: Display output to terminal

 

 

A new option to save the output in an HTML page has been added and looks like this, with real chassis and VS names of course.

vs_corexl_check_html.png 

Another approach is to use the script repository in Smart Console.

 

script_repository_output.pngscript_repository.png

Comments and suggestions are welcome.