Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Manning
Employee
Employee

Skyline tutorial

I've taken a little bit of time to put together a video for Project Skyline; a new real-time health monitoring.

This tool sends data from Check Point CPview and forwards it to open-source tools Prometheus & Grafan.

(1)
17 Replies
the_rock
Legend
Legend

Great job, very impressive! Happy holidays.

Andy

0 Kudos
D_TK
Advisor

Terrific video, thanks for creating.  Can i assume that the load on the gateway(s) to push the data to skyline is negligible?

Thanks.

0 Kudos
Blason_R
Leader
Leader

Yes - The load is very negligible and I am using it in production use. I am looking for Alert mechanism.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Jarvis_Lin
Collaborator

I done all step with no wrong, but no luck,

It is not work for me, is anyone successfully?

0 Kudos
the_rock
Legend
Legend

Worked for me just fine...what step does it fail for you?

0 Kudos
Jarvis_Lin
Collaborator

Hi Rock,

Grafana is no data, and prometheus had error message.

10.8.1.8 is prometheus and grafana server.

 

Dec 25 21:52:32 skyline2 prometheus[875]: ts=2022-12-25T13:52:32.208Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=500 exemplarCount=0 >
Dec 25 21:52:37 skyline2 prometheus[875]: ts=2022-12-25T13:52:37.210Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=243 exemplarCount=0 >
Dec 25 21:53:32 skyline2 prometheus[875]: ts=2022-12-25T13:53:32.209Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=500 exemplarCount=0 >
Dec 25 21:53:35 skyline2 prometheus[875]: ts=2022-12-25T13:53:35.466Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error while sending metadata" cou>
Dec 25 21:53:37 skyline2 prometheus[875]: ts=2022-12-25T13:53:37.210Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=243 exemplarCount=0 >
Dec 25 21:54:32 skyline2 prometheus[875]: ts=2022-12-25T13:54:32.209Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=500 exemplarCount=0 >
Dec 25 21:54:35 skyline2 prometheus[875]: ts=2022-12-25T13:54:35.467Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error while sending metadata" cou>
Dec 25 21:54:37 skyline2 prometheus[875]: ts=2022-12-25T13:54:37.211Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=243 exemplarCount=0 >
Dec 25 21:55:32 skyline2 prometheus[875]: ts=2022-12-25T13:55:32.210Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=500 exemplarCount=0 >
Dec 25 21:55:37 skyline2 prometheus[875]: ts=2022-12-25T13:55:37.212Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=243 exemplarCount=0

 

I done all step with no failed,

0 Kudos
Blason_R
Leader
Leader

Looks like your prometheus is not started with --enable-feature=remote-write-receiver ?

ensure to run ps aux command and see if really prometheus is running with that parameter?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Jarvis_Lin
Collaborator

Hi Blason_R,

Thanks a lot,

It is working when I add "--enable-feature=remote-write-receiverparameter.

Regards,

Jarvis

0 Kudos
cdav
Contributor

I appear to be having the same issue. Everything is setup as es expected including the remote write option when running prometheus. 

[Expert@AGFWHS01-Temp:0]# tail otelcol.log
go.opentelemetry.io/collector/exporter@v0.82.0/exporterhelper/internal/bounded_memory_queue.go:47
2024-12-04T23:14:58.311Z error exporterhelper/queued_retry.go:391 Exporting failed. The error is not retryable. Dropping data. {"kind": "exporter", "data_type": "metrics", "name": "prometheusremotewrite", "error": "Permanent error: Permanent error: Post \"http://10.128.251.44:9090/api/v1/write\": context deadline exceeded", "dropped_items": 2802}
go.opentelemetry.io/collector/exporter/exporterhelper.(*retrySender).send
go.opentelemetry.io/collector/exporter@v0.82.0/exporterhelper/queued_retry.go:391
go.opentelemetry.io/collector/exporter/exporterhelper.(*metricsSenderWithObservability).send
go.opentelemetry.io/collector/exporter@v0.82.0/exporterhelper/metrics.go:125
go.opentelemetry.io/collector/exporter/exporterhelper.(*queuedRetrySender).start.func1
go.opentelemetry.io/collector/exporter@v0.82.0/exporterhelper/queued_retry.go:195
go.opentelemetry.io/collector/exporter/exporterhelper/internal.(*boundedMemoryQueue).StartConsumers.func1
go.opentelemetry.io/collector/exporter@v0.82.0/exporterhelper/internal/bounded_memory_queue.go:47

 

My open telemetry configuration for a non tls encrypted prometheus server running on an ec2 in AWS.


sklnctl --show_open_telemetry
{"enabled":true,"export-targets":[{"client-auth":{"basic":{"password":"N/A","username":"N/A"},"token":{"custom-header":{"key":"N/A","value":"N/A"},"header-bearer-token":"N/A"}},"enabled":true,"server-auth":{"ca-public-key":{"type":"Default","value":"N/A"}},"type":"prometheusremotewrite","url":"http://10.128.251.44:9090/api/v1/write","name":"prometheusremotewrite"}]}

 

0 Kudos
belteto
Participant
Participant

Great job!

Is this working on the MDS installed on VMware? Or just on the CP management appilances?

I was able to set up everything, seems working. However there is no data received from the MDS server. I see traffic on port 9090 to the prometheus server, but shows no data. just the uptime of the host visible in the Grapana. 

 

Balint

0 Kudos
Arik_Ovtracht
Employee
Employee

Yes it should work perfectly on VMWares.

Perhaps something was wrong in your setup process? 

If you need assistance, please contact me directly at ariko@checkpoint.com

0 Kudos
belteto
Participant
Participant

Ahh, I find the problem.

The cpview api service was not running.

started and works well.

maybe i missed this in the SK.

0 Kudos
Jarvis_Lin
Collaborator

I can start with follow this command,

/opt/CPotelcol/REST.py --set_open_telemetry “$(cat payload.json)”

 

I want to stop to skyline on device, which command can do this?

0 Kudos
Blason_R
Leader
Leader

find the PID and kill it. From expert mode

ps auxww | grep REST.py -> This would show the PID then

kill -9 <PID_NUMBER>

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
Jarvis_Lin
Collaborator

find nothing PID of REST.py

I running  lsof -i:9090 and show as below

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
otelcol 3431 admin 10u IPv4 11792824 TCP CPSMS:36866->10.8.1.8:websm (ESTABLISHED)

 

then kill -9 3431, but it will running with another PID again .

0 Kudos
Arik_Ovtracht
Employee
Employee

Use the following 3 commands to stop it:

/opt/CPotelcol/stop

/opt/CPviewExporter/stop

cpview -a off'

(1)
juliusn_
Explorer

Hi, I'm trying to connect multible Firewalls to the Checkpoint Skyline monitoring tool (to connect5 a single firewall is possible but with multible I'm not able to connect) can anyone advise me ho to do that?

Greetings

Julius

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events