This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Plum
Participant
‎2023-03-06 07:34 AM
Jump to solution

Skyline - prometheus grafana

Hello all,

 

I try to use skyline with prometheus to monitor several firewall frontend and backend (checkpoint software version: R81.10)

It seems to work correctly when I activate the configuration on one of my checkpoint nodes.

The metrics come correctly in prometheus.

On the other hand, as soon as I start the telemetry on several nodes, i receive their metrics for a few seconds then nothing more and after a while I end up receiving the metrics of one of the random nodes again and only from only one.

 

I can't explain this behavior.

 

 

 

0 Kudos
2 Solutions

Accepted Solutions
Plum
Participant
‎2023-03-08 11:44 PM
In response to Simon_Macpherso
Jump to solution

I am not sure to undestand , we just follow skyline guide and configure on all host the config file without prometheus receiver  url and cert/credential needed.



View solution in original post

0 Kudos
Arik_Ovtracht
Employee
Employee
‎2023-03-09 04:12 AM
In response to Plum
Jump to solution

Hi @Plum,

It looks like you have a synchronization issue between the reporting devices and the monitoring (Prometheus) server. You can see this example in our FAQ  (go to the question about "Out of bound" errors).

If this does not help, feel free to contact me at ariko@checkpoint.com and we can schedule a session to investigate the issue with you.

View solution in original post

0 Kudos
17 Replies
PhoneBoy
Admin
Admin
‎2023-03-07 11:15 AM
Jump to solution

It may be that you need to allocate more resources to the Prometheus server (RAM/CPU).
You may just want to confirm the gateway side is working by checking: https://support.checkpoint.com/results/sk/sk179870

0 Kudos
Plum
Participant
‎2023-03-08 06:23 AM
In response to PhoneBoy
Jump to solution

Hello,

Thx for your reply

We had check but we do not notice any particular charge on prometheus side 

prom_checkpoint.PNG

 

 

prom_checkpoint.PNG
Preview file
43 KB
0 Kudos
Vincent_Bacher
Advisor
Advisor
‎2023-03-08 07:30 AM
In response to Plum
Jump to solution

In our environment it works fine. We just configured Skyline on 10 CP devices (8 R81.10 and 2 R81.20) and on prometheus and Grafana everything is fine.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
Blason_R
Leader
Leader
‎2023-03-08 07:11 PM
In response to Vincent_Bacher
Jump to solution

Has anyone succeeded with Alert Rules? I am still struggling with it.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Sucream
Participant
‎2023-03-15 07:12 AM
In response to Blason_R
Jump to solution

Hi,

Have you been able to solve Alert Rules problem?
Because I'm also struggling with it..

0 Kudos
Sucream
Participant
‎2023-03-16 02:02 AM
In response to Arik_Ovtracht
Jump to solution

Hi,

No, I didn't 😀 Thanks

0 Kudos
Blason_R
Leader
Leader
‎2023-03-16 02:05 AM
In response to Arik_Ovtracht
Jump to solution

Been eagerly waiting for it. Thanks for sharing though

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Plum
Participant
‎2023-03-08 11:41 PM
In response to Vincent_Bacher
Jump to solution

Hello,

 

In prometheus log, i saw some error for all node without metric:

ts=2023-03-09T01:40:04.589Z caller=write_handler.go:109 level=error component=web msg="Out of order sample from remote write" err="out of bounds" series="{__name__=\"vpn_packets\", environment=\"Default\", host_name=\"XXXXXXXX\", job=\"vs_id_0/CPviewExporter\", service_name=\"CPviewExporter\", service_namespace=\"vs_id_0\", service_version=\"CPviewExporter-0.1.0\", type=\"Decrypted\"}" timestamp=1678326290434

 

But never for node with metric

0 Kudos
Arik_Ovtracht
Employee
Employee
‎2023-03-09 04:12 AM
In response to Plum
Jump to solution

Hi @Plum,

It looks like you have a synchronization issue between the reporting devices and the monitoring (Prometheus) server. You can see this example in our FAQ  (go to the question about "Out of bound" errors).

If this does not help, feel free to contact me at ariko@checkpoint.com and we can schedule a session to investigate the issue with you.

0 Kudos
Plum
Participant
‎2023-03-09 07:03 AM
In response to Arik_Ovtracht
Jump to solution

ty very much

i will check in our side. i be back if needed 

 

0 Kudos
Plum
Participant
‎2023-03-10 12:35 AM
In response to Arik_Ovtracht
Jump to solution

Hello,
ty you so much it was about ntp issu on our side , all host were not sync. 
Now all working  well

Ty again

0 Kudos
Simon_Macpherso
Advisor
‎2023-03-08 07:40 PM
In response to PhoneBoy
Jump to solution

What is the location of the OpenTelemetry collector logs?

0 Kudos
fmartensson
Explorer
‎2023-04-06 02:39 AM
In response to PhoneBoy
Jump to solution

Also wondering this, thanks

0 Kudos
Plum
Participant
‎2023-03-08 11:44 PM
In response to Simon_Macpherso
Jump to solution

I am not sure to undestand , we just follow skyline guide and configure on all host the config file without prometheus receiver  url and cert/credential needed.



0 Kudos
Elad_Chomsky
Employee
Employee
‎2023-04-09 01:50 AM
In response to Simon_Macpherso
Jump to solution

Hi @Simon_Macpherso,

The OpenTelemetry related logs are:

  • OpenTelemetry Collector logs - /opt/CPotelcol/otelcol.log
  • CPView OpenTelemetry Exporter - /opt/CPviewExporter/otlp_cpview.log
  • CPView Producer/Consumer Service - $CPDIR/log/cpview_api_service.elg

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top