This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bernardes
Advisor
Advisor
‎2023-10-02 10:25 AM

Oracle OCI Script Monitor

Dear friends,

 

We have a customer with a CloudGuard cluster in the Oracle OCI environment, which runs a script to validate the Active/Standby members ($FWDIR/scripts/oracle_had.py), and the log output is located in the $FWDIR/log/oracle_had.elg directory.

 

I would like to know how I could monitor the correct functioning of this script. Is there any Check Point process or tool that could accomplish this? Can cpwatchdog handle this task? If so, what would be the configuration?

 

Thank you!

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2023-10-02 10:31 AM

Not aware of any built-in instrumentation to monitor this script.
A script could theoretically be written to monitor the log file and send alerts based on what's there.

0 Kudos
the_rock
Legend
Legend
‎2023-10-02 11:15 AM

Interesting request...might be worth TAC case.

0 Kudos
Bernardes
Advisor
Advisor
‎2023-10-02 03:41 PM

Dear friends @PhoneBoy @the_rock ,

 

I've been thinking about this specific request, and I believe it could be achieved as follows: The goal is to monitor the output of the log $FWDIR/log/oracle_had.elg, so on the Check Point Gateways, I could create a .sh script with the following content:

 

###################################################################

#!/bin/bash

while true; do
tail -f /opt/CPsuite-R81.10/fw1/log/oracle_had.elg | nc -l -p 12345
sleep 5
done

###################################################################

and schedule this task in cron. This will make the Gateway create a server listening on port 12345 and sending the content of the specific log.

 

After that, in some monitoring tool, I can use netcat with the 'nc gateway_ip 12345' command to allow the tool to view the log's output and then create some kind of alert if the log's output contains any unexpected values.

 

I'm not sure yet which tool could be used or how to configure this alert within it, but this could be a way to go.

(1)
the_rock
Legend
Legend
‎2023-10-02 04:23 PM
In response to Bernardes

@Bernardes 

Yes, that looks good to me. I was thinking of possibly being able to do cron job, sounds like most feasable thing.

Andy

0 Kudos
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events