Re: Skyline tutorial

Manning · ‎2022-12-23

I've taken a little bit of time to put together a video for Project Skyline; a new real-time health monitoring.

This tool sends data from Check Point CPview and forwards it to open-source tools Prometheus & Grafan.

the_rock · ‎2022-12-23

Great job, very impressive! Happy holidays.

Andy

D_TK · ‎2022-12-23

Terrific video, thanks for creating. Can i assume that the load on the gateway(s) to push the data to skyline is negligible?

Thanks.

Blason_R · ‎2022-12-23

Yes - The load is very negligible and I am using it in production use. I am looking for Alert mechanism.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

Jarvis_Lin · ‎2022-12-24

I done all step with no wrong, but no luck,

It is not work for me, is anyone successfully?

the_rock · ‎2022-12-25

Worked for me just fine...what step does it fail for you?

Jarvis_Lin · ‎2022-12-25

Hi Rock,

Grafana is no data, and prometheus had error message.

10.8.1.8 is prometheus and grafana server.

Dec 25 21:52:32 skyline2 prometheus[875]: ts=2022-12-25T13:52:32.208Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=500 exemplarCount=0 >
Dec 25 21:52:37 skyline2 prometheus[875]: ts=2022-12-25T13:52:37.210Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=243 exemplarCount=0 >
Dec 25 21:53:32 skyline2 prometheus[875]: ts=2022-12-25T13:53:32.209Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=500 exemplarCount=0 >
Dec 25 21:53:35 skyline2 prometheus[875]: ts=2022-12-25T13:53:35.466Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error while sending metadata" cou>
Dec 25 21:53:37 skyline2 prometheus[875]: ts=2022-12-25T13:53:37.210Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=243 exemplarCount=0 >
Dec 25 21:54:32 skyline2 prometheus[875]: ts=2022-12-25T13:54:32.209Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=500 exemplarCount=0 >
Dec 25 21:54:35 skyline2 prometheus[875]: ts=2022-12-25T13:54:35.467Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error while sending metadata" cou>
Dec 25 21:54:37 skyline2 prometheus[875]: ts=2022-12-25T13:54:37.211Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=243 exemplarCount=0 >
Dec 25 21:55:32 skyline2 prometheus[875]: ts=2022-12-25T13:55:32.210Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=500 exemplarCount=0 >
Dec 25 21:55:37 skyline2 prometheus[875]: ts=2022-12-25T13:55:37.212Z caller=dedupe.go:112 component=remote level=error remote_name=809306 url=http://10.8.1.8:9090/api/v1/write msg="non-recoverable error" count=243 exemplarCount=0

I done all step with no failed,

Blason_R · ‎2022-12-25

Looks like your prometheus is not started with --enable-feature=remote-write-receiver ?

ensure to run ps aux command and see if really prometheus is running with that parameter?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

Jarvis_Lin · ‎2022-12-26

Hi Blason_R,

Thanks a lot,

It is working when I add "--enable-feature=remote-write-receiver" parameter.

Regards,

Jarvis

cdav · ‎2024-12-04

I appear to be having the same issue. Everything is setup as es expected including the remote write option when running prometheus.

[Expert@AGFWHS01-Temp:0]# tail otelcol.log

go.opentelemetry.io/collector/exporter@v0.82.0/exporterhelper/internal/bounded_memory_queue.go:47

2024-12-04T23:14:58.311Z error exporterhelper/queued_retry.go:391 Exporting failed. The error is not retryable. Dropping data. {"kind": "exporter", "data_type": "metrics", "name": "prometheusremotewrite", "error": "Permanent error: Permanent error: Post \"http://10.128.251.44:9090/api/v1/write\": context deadline exceeded", "dropped_items": 2802}

go.opentelemetry.io/collector/exporter/exporterhelper.(*retrySender).send

go.opentelemetry.io/collector/exporter@v0.82.0/exporterhelper/queued_retry.go:391

go.opentelemetry.io/collector/exporter/exporterhelper.(*metricsSenderWithObservability).send

go.opentelemetry.io/collector/exporter@v0.82.0/exporterhelper/metrics.go:125

go.opentelemetry.io/collector/exporter/exporterhelper.(*queuedRetrySender).start.func1

go.opentelemetry.io/collector/exporter@v0.82.0/exporterhelper/queued_retry.go:195

go.opentelemetry.io/collector/exporter/exporterhelper/internal.(*boundedMemoryQueue).StartConsumers.func1

go.opentelemetry.io/collector/exporter@v0.82.0/exporterhelper/internal/bounded_memory_queue.go:47

My open telemetry configuration for a non tls encrypted prometheus server running on an ec2 in AWS.

sklnctl --show_open_telemetry
{"enabled":true,"export-targets":[{"client-auth":{"basic":{"password":"N/A","username":"N/A"},"token":{"custom-header":{"key":"N/A","value":"N/A"},"header-bearer-token":"N/A"}},"enabled":true,"server-auth":{"ca-public-key":{"type":"Default","value":"N/A"}},"type":"prometheusremotewrite","url":"http://10.128.251.44:9090/api/v1/write","name":"prometheusremotewrite"}]}

belteto · ‎2023-01-07

Great job!

Is this working on the MDS installed on VMware? Or just on the CP management appilances?

I was able to set up everything, seems working. However there is no data received from the MDS server. I see traffic on port 9090 to the prometheus server, but shows no data. just the uptime of the host visible in the Grapana.

Balint

Arik_Ovtracht · ‎2023-01-11

Yes it should work perfectly on VMWares.

Perhaps something was wrong in your setup process?

If you need assistance, please contact me directly at ariko@checkpoint.com

belteto · ‎2023-01-11

Ahh, I find the problem.

The cpview api service was not running.

started and works well.

maybe i missed this in the SK.

Jarvis_Lin · ‎2023-01-09

I can start with follow this command,

/opt/CPotelcol/REST.py --set_open_telemetry “$(cat payload.json)”

I want to stop to skyline on device, which command can do this?

Blason_R · ‎2023-01-09

find the PID and kill it. From expert mode

ps auxww | grep REST.py -> This would show the PID then

kill -9 <PID_NUMBER>

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

Jarvis_Lin · ‎2023-01-10

find nothing PID of REST.py

I running lsof -i:9090 and show as below

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
otelcol 3431 admin 10u IPv4 11792824 TCP CPSMS:36866->10.8.1.8:websm (ESTABLISHED)

then kill -9 3431, but it will running with another PID again .

Arik_Ovtracht · ‎2023-01-11

Use the following 3 commands to stop it:

/opt/CPotelcol/stop

/opt/CPviewExporter/stop

cpview -a off'

juliusn_ · ‎2024-08-05

Hi, I'm trying to connect multible Firewalls to the Checkpoint Skyline monitoring tool (to connect5 a single firewall is possible but with multible I'm not able to connect) can anyone advise me ho to do that?

Greetings

Julius

Daniel_Kuhl1 · ‎2025-07-21

What commands and config files are you using? Have you checked the dokumentation pages? https://support.checkpoint.com/results/sk/sk178566

genisis__ · ‎2025-07-20

Is it possible to intergrade Skyline functionality/dashboards into Zabbix as they basically seem to use the same products.

AviRP_Q

+1 - I'd be very interested in a follow-up , as I'm a Zabbix enthousiast myself and my client is also using Zabbix.

Are you a member of CheckMates?

Skyline tutorial