Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Manning
Employee
Employee

Skyline tutorial

I've taken a little bit of time to put together a video for Project Skyline; a new real-time health monitoring.

This tool sends data from Check Point CPview and forwards it to open-source tools Prometheus & Grafan.

17 Replies
the_rock
Legend
Legend

Great job, very impressive! Happy holidays.

Andy

D_TK
Advisor

Terrific video, thanks for creating.  Can i assume that the load on the gateway(s) to push the data to skyline is negligible?

Thanks.

Blason_R
Leader
Leader

Yes - The load is very negligible and I am using it in production use. I am looking for Alert mechanism.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
Jarvis_Lin
Collaborator

I done all step with no wrong, but no luck,

It is not work for me, is anyone successfully?

the_rock
Legend
Legend

Worked for me just fine...what step does it fail for you?

Jarvis_Lin
Collaborator

Hi Rock,

Grafana is no data, and prometheus had error message.

10.8.1.8 is prometheus and grafana server.

 

Dec 25 21:52:32 skyline2 prometheus[875]: ts=2022-12-25T13:52:32.208Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=500 exemplarCount=0 >
Dec 25 21:52:37 skyline2 prometheus[875]: ts=2022-12-25T13:52:37.210Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=243 exemplarCount=0 >
Dec 25 21:53:32 skyline2 prometheus[875]: ts=2022-12-25T13:53:32.209Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=500 exemplarCount=0 >
Dec 25 21:53:35 skyline2 prometheus[875]: ts=2022-12-25T13:53:35.466Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error while sending metadata" cou>
Dec 25 21:53:37 skyline2 prometheus[875]: ts=2022-12-25T13:53:37.210Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=243 exemplarCount=0 >
Dec 25 21:54:32 skyline2 prometheus[875]: ts=2022-12-25T13:54:32.209Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=500 exemplarCount=0 >
Dec 25 21:54:35 skyline2 prometheus[875]: ts=2022-12-25T13:54:35.467Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error while sending metadata" cou>
Dec 25 21:54:37 skyline2 prometheus[875]: ts=2022-12-25T13:54:37.211Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=243 exemplarCount=0 >
Dec 25 21:55:32 skyline2 prometheus[875]: ts=2022-12-25T13:55:32.210Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=500 exemplarCount=0 >
Dec 25 21:55:37 skyline2 prometheus[875]: ts=2022-12-25T13:55:37.212Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=243 exemplarCount=0

 

I done all step with no failed,

Blason_R
Leader
Leader

Looks like your prometheus is not started with --enable-feature=remote-write-receiver ?

ensure to run ps aux command and see if really prometheus is running with that parameter?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
Jarvis_Lin
Collaborator

Hi Blason_R,

Thanks a lot,

It is working when I add "--enable-feature=remote-write-receiverparameter.

Regards,

Jarvis

cdav
Contributor

I appear to be having the same issue. Everything is setup as es expected including the remote write option when running prometheus. 

[Expert@AGFWHS01-Temp:0]# tail otelcol.log
go.opentelemetry.io/collector/exporter@v0.82.0/exporterhelper/internal/bounded_memory_queue.go:47
2024-12-04T23:14:58.311Z error exporterhelper/queued_retry.go:391 Exporting failed. The error is not retryable. Dropping data. {"kind": "exporter", "data_type": "metrics", "name": "prometheusremotewrite", "error": "Permanent error: Permanent error: Post \"http://10.128.251.44:9090/api/v1/write\": context deadline exceeded", "dropped_items": 2802}
go.opentelemetry.io/collector/exporter/exporterhelper.(*retrySender).send
go.opentelemetry.io/collector/exporter@v0.82.0/exporterhelper/queued_retry.go:391
go.opentelemetry.io/collector/exporter/exporterhelper.(*metricsSenderWithObservability).send
go.opentelemetry.io/collector/exporter@v0.82.0/exporterhelper/metrics.go:125
go.opentelemetry.io/collector/exporter/exporterhelper.(*queuedRetrySender).start.func1
go.opentelemetry.io/collector/exporter@v0.82.0/exporterhelper/queued_retry.go:195
go.opentelemetry.io/collector/exporter/exporterhelper/internal.(*boundedMemoryQueue).StartConsumers.func1
go.opentelemetry.io/collector/exporter@v0.82.0/exporterhelper/internal/bounded_memory_queue.go:47

 

My open telemetry configuration for a non tls encrypted prometheus server running on an ec2 in AWS.


sklnctl --show_open_telemetry
{"enabled":true,"export-targets":[{"client-auth":{"basic":{"password":"N/A","username":"N/A"},"token":{"custom-header":{"key":"N/A","value":"N/A"},"header-bearer-token":"N/A"}},"enabled":true,"server-auth":{"ca-public-key":{"type":"Default","value":"N/A"}},"type":"prometheusremotewrite","url":"http://10.128.251.44:9090/api/v1/write","name":"prometheusremotewrite"}]}

 

belteto
Participant
Participant

Great job!

Is this working on the MDS installed on VMware? Or just on the CP management appilances?

I was able to set up everything, seems working. However there is no data received from the MDS server. I see traffic on port 9090 to the prometheus server, but shows no data. just the uptime of the host visible in the Grapana. 

 

Balint

Arik_Ovtracht
Employee
Employee

Yes it should work perfectly on VMWares.

Perhaps something was wrong in your setup process? 

If you need assistance, please contact me directly at ariko@checkpoint.com

belteto
Participant
Participant

Ahh, I find the problem.

The cpview api service was not running.

started and works well.

maybe i missed this in the SK.

Jarvis_Lin
Collaborator

I can start with follow this command,

/opt/CPotelcol/REST.py --set_open_telemetry “$(cat payload.json)”

 

I want to stop to skyline on device, which command can do this?

Blason_R
Leader
Leader

find the PID and kill it. From expert mode

ps auxww | grep REST.py -> This would show the PID then

kill -9 <PID_NUMBER>

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
Jarvis_Lin
Collaborator

find nothing PID of REST.py

I running  lsof -i:9090 and show as below

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
otelcol 3431 admin 10u IPv4 11792824 TCP CPSMS:36866->10.8.1.8:websm (ESTABLISHED)

 

then kill -9 3431, but it will running with another PID again .

Arik_Ovtracht
Employee
Employee

Use the following 3 commands to stop it:

/opt/CPotelcol/stop

/opt/CPviewExporter/stop

cpview -a off'

juliusn_
Explorer

Hi, I'm trying to connect multible Firewalls to the Checkpoint Skyline monitoring tool (to connect5 a single firewall is possible but with multible I'm not able to connect) can anyone advise me ho to do that?

Greetings

Julius

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events