Re: How to configure Skyline Monitor for Security ...

MarcuzShinz · ‎2024-11-08

Hi Team,

Have a nice day!

We are currently configuring Skyline for Security Group, however only MHO can push logs to Prometheus and Security Group cannot, does anyone have experience with this?

PhoneBoy · ‎2024-11-11

From what I can tell, this is supported, but requires configuring each node in the security group.
Is that correct @Elad_Chomsky ?

Elad_Chomsky · ‎2024-11-12

Hi,

As part of the latest Skyline version the correct behavior is to use the sklnctl command per member or use g_all and g_cp2blades to run it in parallel on all of the SGM's.

Tom_Kendrick · ‎2024-11-11

Hi,

You need to do the same on the security group - so follow https://support.checkpoint.com/results/sk/sk178566, as I'm sure you are to ensure the server is ready, the Dashboards are ready and the correct Jumbo is installed if needed. Then check https://sc1.checkpoint.com/documents/Appliances/Skyline/Content/Topics-AG/Configuration-on-Servers-G.... (as an example).

In short, as mentioned, configuring on the MHO(s), sends info back from the MHO(s), you also need to configure on the Security Group too. Arguably, it's more important/beneficial to see the info from the group.

Tom

MarcuzShinz · ‎2024-11-11

Dear Tom,

We have configured according to the guide on all devices including MHO and SGMs, however only MHO can display data on Grafana. All SGMs only display information as below.

We tried reboot All SGMs, but this not resolve the issue.

Tom_Kendrick · ‎2024-11-11

Check you have the correct date/time/timezone on the group, and, check in the SP view. I would also set a 5 minute view, and ensure you are looking at the correct VS if necessary. You will see a better summary of the Maestro system in that view with per member views below it. There is also a log (tail -f /opt/CPotelcol/otelcol.log) to confirm data is being sent (system is connected).

MarcuzShinz · ‎2024-11-12

Configured the same all device, tried reboot, restart service, but SGMs not send data to Skyline. Has anyone had problems with this issue?

Elad_Chomsky · ‎2024-11-12

Hi @MarcuzShinz ,

Please open a support ticket to CheckPoint, so we can assist you directly to troubleshoot the issue.

LaurentFr · ‎2024-11-12

I had the problem with vsx: I needed to specify a specific vs/context to see the info. What is surprising is that I need to do this specification for only one of the blades in the group

Sven_Glock · ‎2024-11-12

Your security group is sending some data. Otherwise you would not see it in grafana. If there is no data within the selected timeframe the device disapears from grafanas hostname selector.
Moreover you can see an uptime, which means, that minimum the system uptime is beeing reported.

To better understand your problem it could be helpful to check the "explorer" in grafana using the syntax

{host_name="SecGroup-ch1-03"}

MarcuzShinz · ‎2024-11-12

As you see the picture above, I have connect security group to Skyline about 2 weeks, but data show as picture. We're not sure how Grafana will get the data field to display correctly.

How to configure Skyline Monitor for Security Group in Maestro