This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PhoneBoy
Admin
Admin
‎2021-08-24 10:21 AM

CPview and DiagnosticsView TechTalk: Video, Q&A, and Slides

Slides attached below, Q&A is below.
Please post a comment on the post before 31 August 2021 to be entered in a drawing for an Amazon Gift Card!

(view in My Videos)

CPview and DiagnosticsView SK articles

What does CPview run on?

It is supported on any (virtual) appliance that runs regular Gaia, including VSX and Maestro. VSX is supported from R80.10 and you can get historical data starting with R80.40.

When CPview will be available for Embedded Gaia?

Unfortunately no plans currently exist to integrate it in the near future, however it is planned.

Will CPview show the active blades on the management/log servers?

Not currently, though perhaps as part of a planned REST API it will be possible. Some of the data can be obtained via SNMP.

When will be CPview available on graphical interface (Gaia gui)?

Currently, the existing solution is to use DiagnosticsView to visualize the data, which requires taking a cpinfo from the relevant gateway. You can also use the community-provided CPviewer solution. The CPview database is a SQLite database, which can be visualized with a number of third party tools.

Can i save the output of CPview command into file like was available in previous versions (R80.20 and prior)?

We now have historical data saved on the device, which can be exported as a SQLite 3 database. Please use that instead.

Is it dangerous to use cpview in VSX advanced mode?

Not all statistics are collected in VSX mode as there may be a performance impact in doing so. It is recommended only to activate statistics (e.g. in Advanced > VSX > VSs) when troubleshooting a specific issue.

How come when you go to Network > Top-Connections to get Top Talker information, I don't get any info?

R80.20 and above have a different SecureXL implementation, which impacted the availability of this feature until it was added to recent JHF releases. Also, this feature requires specific steps to enable. Refer to sk167903 for details. We do plan to simplify this in the future.

How long does CPView keep data in historical mode?

1 month

Can SNMP provide all the information shown in CPview db?

Not currently. If there is something you'd like to see via SNMP, let us know!

Can you invoke a command to get to a specific area of CPview versus navigating to the correct submenu?

We will consider the suggestion, right now you can only navigate on CPView using mouse or keyboard.

What is the command for specific time window data on cpview?

cpview -t

Which version you are using for session?

Most of the features/functionality are relevant for all R8x versions. Some features require being on a specific version/JHF as noted.

In a Maestro environment are counters aggregated for all gateways or only returned for the SMO?

Only SMO for now.

Can we add via conf file parameters to be collected in the historical database?

Not at the moment, but this is planned for future releases.

How is the throughput under overview calculated?

There are 2 measurements: packets per second (average of amount of packets per second) and megabytes / bits per second.

What’s the difference between the throughout and the RX/TX value under network tab?

RX / TX  only shows received / sent data (not counting packet headers, etc) while the general throughput is for all the overall traffic.

When you look information on cpview's history you cannot see the same information you can see in real time, for example info about the connections they're consuming highest cpu. Is this feature included in newer versions (R81 and above)?

Not all data available in realtime is collected in a historical fashion. We do plan to offer the ability to collect additional data in the future.

Any plans of enabling the DiagnosticsView to query the active database on the devices? Possible integration with SmartConsole and/or replacement of SmartView Monitor?

This is on the roadmap.

Can the connection table be also saved/exported/viewed?

No, and it would require a fairly significant amount of storage to do this on a busy gateway. However, you can query the connections table via the CLI using: fw tab -t connections -u

CPview shows I have 16 cpus, but I'm only using 4. Is there any way to tell it I only have 4 CPUs licensed?

Not currently.

How will the CPview API data differ from SNMP data?

The API is still on development so it is still early to answer this question, however the information source should be the same, the format and UX will be of course completely different.

Is there any performance concerns leaving cpview open for an extended period of time (hours)?

Yes, it will keep the data flow open and may cause performance hiccups.

Are there plans to phase out SNMP in favor of API?

Not planned currently.

CPview and Monitoring Blade are similar?

They have some common ground but CPView has a more in depth data compared to the monitoring data, which is more summarized.

Where is the database for cpview actually located?

There are multiple paths, the file is easily searchable using a 'find' command - CPViewDB.dat or cpview_services.dat. You can also easily get an export of the current database via the command cpview -s export.

When will the REST API Support be available?

Planned for R81.20

As long as I know Monitoring Blade consumes some resources of the gateway. Can I use CPVIEW to do the same Monitoring but with less CPU impact?

Generally, yes.

Is it possible to save samples to the CPView history more frequently than once a minute? At least when a troubleshooting in a gateway is in progress. live answered

Can you do whois/dig/traceroute port scanning from CPVIEW?

No, that is outside the purview of CPview.

If i run cpview without any VS flags, would I be able to receive performance data for the gateway for sizing purposes?

Yes, for the overall gateway. Not for specific VS.

When executed on the gateway, what is the core affinity of cpview?

It will be the same as the shell.

Is cpview a single or a multi threaded application?

Single threaded.

Is it possible to replace service port names under Top-Connections and only show protocol and port number instead of service port names?

Not currently, however the names come from /etc/services.

Can you touch on data and usage for cpview (historical) versus data from running cpsizeme?

cpsizeme gathers slightly more sizing details over a period of time, whereas CPview will give you a snapshot as the system exists currently. 

Has CPU Profiler been deprecated in cpview in R80.40?

In R80.40, you have the CPU Spike Detective, available from JHF 69. See sk166454.

There are a number of features, such as the sub topics under the advanced tab in cpview, will there be a discussion on what they mean and how to use them?

A more detailed session is in the works. If there are specific items you wish to see, please leave them as a comment to this post!

Preview file
6190 KB
(1)
21 Replies
K_montalvo
Advisor
‎2021-08-24 10:34 AM

Thanks for sharing, i have to admit i expected a little bit more. Wonderful job everyone, also if there's a way that after the session ends add the Q&A section in here and follow up on the not responded questions for the benefit of everyone.

PhoneBoy
Admin
Admin
‎2021-08-24 03:34 PM
In response to K_montalvo

The post has been updated with the (summarized) Q&A.
If there was a specific question not answered above, please ask it here, we'll make sure you get an answer.

K_montalvo
Advisor
‎2021-08-25 06:20 AM
In response to PhoneBoy

@PhoneBoythanks!

0 Kudos
xiucoatl
Explorer
‎2021-08-25 08:39 AM
In response to PhoneBoy

Great work, and information very useful 

0 Kudos
the_rock
Legend
Legend
‎2021-08-24 02:09 PM

Pretty good guys!

JoDo
Participant
‎2021-08-25 07:53 AM

Great work guys.  It was very informative.

0 Kudos
dsears
Explorer
‎2021-08-25 08:05 AM

Thank you gentlemen for the live demonstration. Hopefully this is something that I can learn more on and have the needed answers when they are brought to me from our customers.

0 Kudos
Carl_Neidhardt1
Explorer
‎2021-08-25 10:15 AM

Regarding Top-Connections/Top Talker, once enabled per SK167903, is there a limit on the number of top talkers recorded?  Visible in DiagnosticsView?  Imagine 300 remote access vpn users complain of poor performance, turns out they are getting a surprise OS patch all at the same time or something like that, kind of mass elephant flow.  Will cpview help document that reason behind the performance hit?

0 Kudos
PhoneBoy
Admin
Admin
‎2021-08-25 01:00 PM
In response to Carl_Neidhardt1

@Arik_Ovtracht ?

0 Kudos
Arik_Ovtracht
Employee
Employee
‎2021-08-26 05:45 AM
In response to Carl_Neidhardt1

Hi,

CPview shows the top 5 connections. 

CPview can help to find heavy connections via throughput, less so via CPU usage. If you need to view the CPU usage, there is the Top-Connections/Protocols under the CPU view.

0 Kudos
Carl_Neidhardt1
Explorer
‎2021-08-26 08:45 AM
In response to Arik_Ovtracht

Thanks Arik.  Given the limitation of 5 top connections, what is another method of measuring/analyzing the throughput/performance related to hundreds of remote access users?

0 Kudos
I_Santos
Contributor
‎2021-08-26 04:50 AM

I really enjoy the TechTalks. Even when you already have some knowledge about a topic or tool there are always many things to learn about it. Thank you guys, great job.

0 Kudos
EmiM
Explorer
‎2021-08-26 12:33 PM

Great material, very informative! Thank you!

0 Kudos
Kasim_Gokbel
Participant
Participant
‎2021-08-27 02:51 AM

Hi,

Thanks for the session. 

As far I know there is a limitation for top connections section on the usfw. We can not see these information in the cpview menu. Is there any plan to improve this or possibility to change this behavior?

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2021-08-27 04:56 AM
In response to Kasim_Gokbel

Load the latest GA Jumbo HFA for your release and that screen will return, see sk167903: CPview Top Connections and Protocols tabs show no data

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
Kasim_Gokbel
Participant
Participant
‎2021-08-27 12:24 PM
In response to Timothy_Hall

I totally forgot this, my bad. I haven't been applied this to any of my customer. Do you have any information about impact of this change?

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2021-08-28 06:05 AM
In response to Kasim_Gokbel

Shouldn't be an impact that I know of, these "Top" screens in cpview went away when SecureXL was overhauled in R80.20 and it took awhile for them to get implemented back into SecureXL again by popular demand.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
NunoLourenco
Participant
‎2021-08-30 05:23 AM

Good info.

Thanks

0 Kudos
Umit_Guler
Participant
Participant
‎2021-08-30 10:02 PM

Thank you for this valuable information.

0 Kudos
Paolo_Bratti
Explorer
Explorer
‎2021-08-31 12:55 AM

Very helpful! Thank you!

0 Kudos
clsellman
Explorer
‎2021-08-31 11:28 AM

Thank you for the presentation.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events