This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
a-pomaskin
Participant
‎2023-04-11 01:24 AM
Jump to solution

Skyline: adding multiple export targets

Hello everyone,

I'm currently attempting to deploy Skyline, but I've run into a problem with adding multiple export targets to the config file. I would greatly appreciate any advice you may have on this matter. Thank you.

0 Kudos
1 Solution

Accepted Solutions
a-pomaskin
Participant
‎2023-04-18 12:07 PM
In response to a-pomaskin
Jump to solution

I opened an SR with TAC regarding this question, but unfortunately, TAC informed me that currently it is not possible to use multiple export targets in SkyLine.

View solution in original post

0 Kudos
11 Replies
Arik_Ovtracht
Employee
Employee
‎2023-04-13 12:54 AM
Jump to solution

Hi @a-pomaskin,

can you share more details? What are you trying to do exactly?

0 Kudos
a-pomaskin
Participant
‎2023-04-13 01:30 AM
In response to Arik_Ovtracht
Jump to solution

 

Hi @Arik_Ovtracht,

I am currently working on deploying Skyline based on sk178566. However, I am facing an issue with adding multiple export targets to the config file.
Please take a look at my current payload-tls.json:

 

{
    "enabled": true,
    "export-targets": {"add": [
        {
            "client-auth": {
                "basic": {
                    "username": "checkpoint",
                    "password": "<PASSWORD>"
                }
            },
            "enabled": true,
            "server-auth": {
                "ca-public-key": {
                    "type": "PEM-X509",
                    "value":"<CERT>"
                }
            },
			"type": "prometheus-remote-write",
            "url": "https://u40.prometheus-collector.service.rockset-s.local/api/v1/write"
			},
		{
            "client-auth": {
                "basic": {
                    "username": "checkpoint",
                    "password": "<PASSWORD>"
                }
            },
            "enabled": true,
            "server-auth": {
                "ca-public-key": {
                    "type": "PEM-X509",
                    "value":"<CERT>"
                }
            },
			"type": "prometheus-remote-write",
            "url": "https://m7.prometheus-collector.service.rockset-s.local/api/v1/write"
			}
    ]}
}

 


Additionally, the output of the "/opt/CPotelcol/GetOTDynamicConfig.sh" command shows that only the last export target is being displayed. The output is as follows:

{"exporters": {"prometheusremotewrite": {"tls": {"ca_file": "/opt/CPotelcol/certs/ca-bundle.crt"}, "headers": {"Authorization": "Basic "}, "endpoint": "https://m7.prometheus-collector.service.rockset-s.local/api/v1/write"}}, "service": {"pipelines": {"metrics": {"exporters": ["prometheusremotewrite"]}}}}

I am wondering if there is an error in my Skyline json configuration.

I would greatly appreciate any advice or suggestions you may have regarding this issue.

 

0 Kudos
a-pomaskin
Participant
‎2023-04-18 12:07 PM
In response to a-pomaskin
Jump to solution

I opened an SR with TAC regarding this question, but unfortunately, TAC informed me that currently it is not possible to use multiple export targets in SkyLine.

0 Kudos
Arik_Ovtracht
Employee
Employee
‎2023-04-19 03:31 AM
In response to a-pomaskin
Jump to solution

I see.

Yes, that is correct, Skyline currently does not support multiple export targets with the same type (i.e. both Prometheus server).

We will add this support soon though, so keep an eye out for the next Skyline version.

0 Kudos
eltonsimoes
Contributor
‎2024-03-09 04:55 AM
In response to Arik_Ovtracht
Jump to solution

@Arik_Ovtracht 

Do we already have the new version of Skyline that allows sending to multiple Prometheus servers?

 

Best Regards,

Elton Simões

0 Kudos
Elad_Chomsky
Employee
Employee
‎2024-03-10 12:04 AM
In response to eltonsimoes
Jump to solution

Hi @eltonsimoes ,

Yes, it is now supported, see sk178566. It is also recommended to add the "name" key-value to the payload for each exporter definition, with a unique name per target. 

{
    "enabled": true,
    "export-targets": {"add": [
        {
            "server-auth": {
                "sigv4auth": {
                  "region":"<Region>",
                  "aws-access-key-id": "<Access Key ID>",
                  "aws-secret-access-key": "<Access Key>",
                  "session-token": "<Seesion Token>"
                 }
            },
            "enabled": true,
            "type": "prometheus-remote-write",
            "url": "https://<IP1>:9090/api/v1/write",
            "name" : "my-target-1"
        },
        {
            "enabled": true,
            "type": "prometheus-remote-write",
            "url": "http://<IP2>:9090/api/v1/write",
            "name" : "my-target-2"
        }
    ]}
}

 

0 Kudos
eltonsimoes
Contributor
‎2024-03-11 12:29 PM
In response to Elad_Chomsky
Jump to solution

Hi @Elad_Chomsky 

Thanks for the answer. It was out of date about sk178566. I read it again and found the necessary configuration for sending to multiple servers. However, in sk I noticed that it does not have a unique name and in the example given above it uses the unique name. Should I use it with a single name? Is it necessary to modify something in Prometheus? Thank you for now!

0 Kudos
Elad_Chomsky
Employee
Employee
‎2024-03-12 02:19 AM
In response to eltonsimoes
Jump to solution

Hi @eltonsimoes , 

The correct approach is with a unique name, we will update the sk during the week, to the new format.

0 Kudos
eltonsimoes
Contributor
‎2024-03-12 05:18 AM
In response to Elad_Chomsky
Jump to solution

Hi @Elad_Chomsky 

 

Thanks for answer! But I need help with a configuration, I used the payload below, still without using SSL. I have the following scenario, the firewall already sends data to TARGET-1, but now I need to send the information to the new TARGET-2. However, I don't see the data arriving at TARGET-2 and sometimes I stop receiving information at TARGET-1.

My doubt is whether I am making the correct configuration in the payload. The configurations for TARGETs are standard, according to sk178566.

 

{
    "enabled": true,
    "export-targets": {"add": [
        {
            "enabled": true,
            "type": "prometheus-remote-write",
            "url": "https://IP-PROMETHEUS-1:9090/api/v1/write",
			"name": "TARGET-1"
        },
        {
            "enabled": true,
            "type": "prometheus-remote-write",
            "url": "http://IP-PROMETHEUS-2:9090/api/v1/write",
			"name": "TARGET-2"
        }
    ]}
}

 

0 Kudos
Elad_Chomsky
Employee
Employee
‎2024-03-12 05:48 AM
In response to eltonsimoes
Jump to solution

Hi @eltonsimoes ,

Please contact me on private on eladch@checkpoint.com, and we will try to assist you.

0 Kudos
Alexander_Wilke
Advisor
‎2024-11-01 03:01 AM
In response to Elad_Chomsky
Jump to solution

Can you please update the SK to make sure all available options are in the examples?

The downloadable example files do not contain these syntax.

 

Further I do not know/see how to implement custom http headers.

 

maybe an updated documentation how to comfigure the payload.json would help.

 

 

The Amdin Guide does not contan these information, too:

Skyline Configuration on Check Point Servers that run Gaia OS - Prometheus with Grafana

 

Or I missed that all.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top