- CheckMates
- :
- Products
- :
- Quantum
- :
- Skyline
- :
- Re: Skyline tutorial
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Skyline tutorial
I've taken a little bit of time to put together a video for Project Skyline; a new real-time health monitoring.
This tool sends data from Check Point CPview and forwards it to open-source tools Prometheus & Grafan.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great job, very impressive! Happy holidays.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Terrific video, thanks for creating. Can i assume that the load on the gateway(s) to push the data to skyline is negligible?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes - The load is very negligible and I am using it in production use. I am looking for Alert mechanism.
Blason R
CCSA,CCSE,CCCS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I done all step with no wrong, but no luck,
It is not work for me, is anyone successfully?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Worked for me just fine...what step does it fail for you?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Rock,
Grafana is no data, and prometheus had error message.
10.8.1.8 is prometheus and grafana server.
Dec 25 21:52:32 skyline2 prometheus[875]: ts=2022-12-25T13:52:32.208Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=500 exemplarCount=0 >
Dec 25 21:52:37 skyline2 prometheus[875]: ts=2022-12-25T13:52:37.210Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=243 exemplarCount=0 >
Dec 25 21:53:32 skyline2 prometheus[875]: ts=2022-12-25T13:53:32.209Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=500 exemplarCount=0 >
Dec 25 21:53:35 skyline2 prometheus[875]: ts=2022-12-25T13:53:35.466Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error while sending metadata" cou>
Dec 25 21:53:37 skyline2 prometheus[875]: ts=2022-12-25T13:53:37.210Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=243 exemplarCount=0 >
Dec 25 21:54:32 skyline2 prometheus[875]: ts=2022-12-25T13:54:32.209Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=500 exemplarCount=0 >
Dec 25 21:54:35 skyline2 prometheus[875]: ts=2022-12-25T13:54:35.467Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error while sending metadata" cou>
Dec 25 21:54:37 skyline2 prometheus[875]: ts=2022-12-25T13:54:37.211Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=243 exemplarCount=0 >
Dec 25 21:55:32 skyline2 prometheus[875]: ts=2022-12-25T13:55:32.210Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=500 exemplarCount=0 >
Dec 25 21:55:37 skyline2 prometheus[875]: ts=2022-12-25T13:55:37.212Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=243 exemplarCount=0
I done all step with no failed,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looks like your prometheus is not started with --enable-feature=remote-write-receiver ?
ensure to run ps aux command and see if really prometheus is running with that parameter?
Blason R
CCSA,CCSE,CCCS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Blason_R,
Thanks a lot,
It is working when I add "--enable-feature=remote-write-receiver" parameter.
Regards,
Jarvis
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I appear to be having the same issue. Everything is setup as es expected including the remote write option when running prometheus.
My open telemetry configuration for a non tls encrypted prometheus server running on an ec2 in AWS.
sklnctl --show_open_telemetry
{"enabled":true,"export-targets":[{"client-auth":{"basic":{"password":"N/A","username":"N/A"},"token":{"custom-header":{"key":"N/A","value":"N/A"},"header-bearer-token":"N/A"}},"enabled":true,"server-auth":{"ca-public-key":{"type":"Default","value":"N/A"}},"type":"prometheusremotewrite","url":"http://10.128.251.44:9090/api/v1/write","name":"prometheusremotewrite"}]}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great job!
Is this working on the MDS installed on VMware? Or just on the CP management appilances?
I was able to set up everything, seems working. However there is no data received from the MDS server. I see traffic on port 9090 to the prometheus server, but shows no data. just the uptime of the host visible in the Grapana.
Balint
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes it should work perfectly on VMWares.
Perhaps something was wrong in your setup process?
If you need assistance, please contact me directly at ariko@checkpoint.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ahh, I find the problem.
The cpview api service was not running.
started and works well.
maybe i missed this in the SK.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can start with follow this command,
/opt/CPotelcol/REST.py --set_open_telemetry “$(cat payload.json)”
I want to stop to skyline on device, which command can do this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
find the PID and kill it. From expert mode
ps auxww | grep REST.py -> This would show the PID then
kill -9 <PID_NUMBER>
Blason R
CCSA,CCSE,CCCS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
find nothing PID of REST.py
I running lsof -i:9090 and show as below
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
otelcol 3431 admin 10u IPv4 11792824 TCP CPSMS:36866->10.8.1.8:websm (ESTABLISHED)
then kill -9 3431, but it will running with another PID again .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Use the following 3 commands to stop it:
/opt/CPotelcol/stop
/opt/CPviewExporter/stop
cpview -a off'
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I'm trying to connect multible Firewalls to the Checkpoint Skyline monitoring tool (to connect5 a single firewall is possible but with multible I'm not able to connect) can anyone advise me ho to do that?
Greetings
Julius