This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Yuri_Slobodyany
Collaborator
‎2021-12-01 02:38 AM
Jump to solution

cpstat confusion about the documentation

Good day everyone,

I am trying to get to know cpstat command better and find that flags/flavors listed in the CLI Reference (R80.40/R81) do not work quite a lot. Is there something missing on the gateways/SMS I am trying this command out (installed-wise) or is it by intention (documented but not implemented)?

E.g.:

 

[Expert@R81-standalone:0]# cpstat -f default ips
No product has flag 'ips'

[Expert@R81-standalone:0]# cpstat blades -f av
Invalid flavour 'av' for product 'blades'. Use 'cpstat' without any arguments to see supported products and flavours.

 

Of course, all those flags/flavors appear as valid in the documentation and I have all blades enabled on this standalone open server.

Thanks

Reference:

-  https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_CLI_ReferenceGuide/Topics-CL... 

- SK: Tried quite hard to find an SK for this tool to no avail, would be great if someone could point me to one.

https://www.linkedin.com/in/yurislobodyanyuk/
0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
‎2021-12-01 03:42 AM
In response to _Val_
Jump to solution

Also, just "cpstat" without anything else

 

View solution in original post

10 Replies
_Val_
Admin
Admin
‎2021-12-01 03:33 AM
Jump to solution

The reference is not exactly matching your version, use https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/SEC...

 

Also, flavors are not required to see IPS. Did you try without "-f default"?

 

0 Kudos
Yuri_Slobodyany
Collaborator
‎2021-12-01 03:37 AM
In response to _Val_
Jump to solution

Nope: 

[Expert@R81-standalone:0]# cpstat ips
No product has flag 'ips'

And those are enabled blades:

[Expert@R81-standalone:0]# enabled_blades
fw vpn cvpn urlf av appi ips anti_bot qos mon
[Expert@R81-standalone:0]#

 

Yes, I meant R81 has the same flags as R80.40 with the same errors when trying to use them.

 

https://www.linkedin.com/in/yurislobodyanyuk/
0 Kudos
_Val_
Admin
Admin
‎2021-12-01 03:40 AM
In response to Yuri_Slobodyany
Jump to solution

Please run "cpstat blades" and show the output

0 Kudos
_Val_
Admin
Admin
‎2021-12-01 03:42 AM
In response to _Val_
Jump to solution

Also, just "cpstat" without anything else

 

Yuri_Slobodyany
Collaborator
‎2021-12-01 04:00 AM
In response to _Val_
Jump to solution

Got it now - thanks. Each gateway differs in output of cpstat , not sure how - even on production servers with the same blades enabled the options differ. The reference about this -  "Note - The available flags depend on the enabled Software Blades. Some flags are supported only by a Security Gateway, and some flags are supported only by a Management Server."  Even though, gateways where e.g. cpstat ips does work, do not accept -f default to it (as per reference should). So the bottom line is NOT to reference the documentation (I guess it is just a dump of ALL possible options on ALL possible gateways, including SMB/VSX/Crossbeam/etc), but reference output of the cpstat on a particular server, then move on from there.

Thanks again,
case closed.

https://www.linkedin.com/in/yurislobodyanyuk/
_Val_
Admin
Admin
‎2021-12-01 04:31 AM
In response to Yuri_Slobodyany
Jump to solution

You are welcome.

I do agree that the notion of flags and flavours is a bit odd here, especially considering flavors depend on flags but are called before those in the CLI command 🙂 But this is not a documentation issue, and with a minimal effort, it all clicks into place.

0 Kudos
Yuri_Slobodyany
Collaborator
‎2021-12-01 03:43 AM
In response to _Val_
Jump to solution

[Expert@R81-standalone:0]# cpstat blades

Packets accepted : 923861
Packets dropped : 9471
Peak number of connections: 537
Number of connections: 19


Top Rule Hits
-----------------------
|rule index|rule count|
-----------------------
-----------------------

 

Note: This is a lab setup, not production gateway so not much rules/hits seen above.

 

https://www.linkedin.com/in/yurislobodyanyuk/
0 Kudos
_Val_
Admin
Admin
‎2021-12-01 03:45 AM
In response to Yuri_Slobodyany
Jump to solution

Okay, I believe it should be "cpstat -f ips blades"

 

0 Kudos
_Val_
Admin
Admin
‎2021-12-01 03:56 AM
In response to Yuri_Slobodyany
Jump to solution

As I mentioned already, it should be:

cpstat -f ips blades

cpstat -f av blades

Does it work for you this way?

cpstat without any input should show you all options

the_rock
MVP Gold
MVP Gold
‎2021-12-01 05:01 AM
Jump to solution

I agree with @_Val_ . I always just run cpstat without any flags and it will show you all available options, for sure. 

Here is what I see on R81.10 gateway:


Available application_flags:

--------------------------------------------------------------
|Flag |Flavours |
--------------------------------------------------------------
|os |default, ifconfig, routing, routing6, |
| |memory, old_memory, cpu, disk, perf, |
| |multi_cpu, multi_disk, raidInfo, sensors, |
| |power_supply, hw_info, all, average_cpu, |
| |average_memory, statistics, updates, |
| |licensing, connectivity, vsx |
--------------------------------------------------------------
|persistency |product, TableConfig, SourceConfig |
--------------------------------------------------------------
|thresholds |default, active_thresholds, destinations, |
| |error |
--------------------------------------------------------------
|ci |default |
--------------------------------------------------------------
|https_inspection |default, hsm_status, all |
--------------------------------------------------------------
|polsrv |default, all |
--------------------------------------------------------------
|cvpn |cvpnd, sysinfo, products, overall |
--------------------------------------------------------------
|fw |default, interfaces, policy, perf, hmem, |
| |kmem, inspect, cookies, chains, |
| |fragments, totals, totals64, ufp, http, |
| |ftp, telnet, rlogin, smtp, pop3, sync, |
| |log_connection, all |
--------------------------------------------------------------
|vsx |default, stat, traffic, conns, cpu, all, |
| |memory, cpu_usage_per_core |
--------------------------------------------------------------
|vpn |default, product, IKE, ipsec, traffic, |
| |compression, accelerator, nic, |
| |statistics, watermarks, all |
--------------------------------------------------------------
|blades |fw, ips, av, urlf, vpn, cvpn, aspm, dlp, |
| |appi, anti_bot, default, |
| |content_awareness, threat-emulation, |
| |default |
--------------------------------------------------------------
|ha |default, all |
--------------------------------------------------------------
|identityServer |default, authentication, logins, ldap, |
| |components, adquery, idc, muh |
--------------------------------------------------------------
|appi |default, subscription_status, |
| |update_status, RAD_status, top_last_hour, |
| |top_last_day, top_last_week, |
| |top_last_month |
--------------------------------------------------------------
|urlf |default, subscription_status, |
| |update_status, RAD_status, top_last_hour, |
| |top_last_day, top_last_week, |
| |top_last_month |
--------------------------------------------------------------
|dlp |default, dlp, exchange_agents, fingerprint|
--------------------------------------------------------------
|ctnt |default |
--------------------------------------------------------------
|antimalware |default, scanned_hosts, scanned_mails, |
| |subscription_status, update_status, |
| |ab_prm_contracts, av_prm_contracts, |
| |ab_prm_contracts, av_prm_contracts |
--------------------------------------------------------------
|threat-emulation |default, general_statuses, update_status, |
| |scanned_files, malware_detected, |
| |scanned_on_cloud, malware_on_cloud, |
| |average_process_time, emulated_file_size, |
| |queue_size, peak_size, |
| |file_type_stat_file_scanned, |
| |file_type_stat_malware_detected, |
| |file_type_stat_cloud_scanned, |
| |file_type_stat_cloud_malware_scanned, |
| |file_type_stat_filter_by_analysis, |
| |file_type_stat_cache_hit_rate, |
| |file_type_stat_error_count, |
| |file_type_stat_no_resource_count, |
| |contract, downloads_information_current, |
| |downloading_file_information, |
| |queue_table, history_te_incidents, |
| |history_te_comp_hosts |
--------------------------------------------------------------
|scrub |default, subscription_status, |
| |threat_extraction_statistics |
--------------------------------------------------------------
|fg |all |
--------------------------------------------------------------
|PA |default |

 

Then I ran cpstat blades -f ips and got below:

cpstat blades -f ips
Invalid flavour 'ips' for product 'blades'. Use 'cpstat' without any arguments to see supported products and flavours.

 

Also tried what Val suggested cpstat -f ips blades, but same issue.

Its possible that certain flags dont work right, not sure.

 

Best,
Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events