Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kb1
Collaborator

Interface monitoring on checkpoint R80.20

So we are trying to monitor our interface usage and I'm using SmartView monitor for that, i click Top interfaces under the traffic option and it shows some stats:

 

Monitor.PNG

These are al 1 Gbps interfaces. Some of the traffic below are for different vlans for the same interface. It seems that the above numbers are in bit per second but what we want is to see the average for a period of time, like say between 12-2 pm (so 2 hours) because in this case the numbers keep changing every second so it would be convenient to have all of this data but for a period of over 2 hours (or x amount of hours).

If someone can tell me how to do that exactly it will be much appreciated.

Thank You.

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

cpview might be a better way to retrieve this data.
This is run from expert mode on the relevant gateway.
It also has a history mode (you can see the stats at a specific time)...and you can export the data.
You can use something like the following to then visualize it: https://community.checkpoint.com/t5/Management/CPViewer-visualize-your-cpview-cpinfo-files-in-5-minu... 

0 Kudos
Timothy_Hall
Champion
Champion

As Phoneboy said cpview/CPViewer would work with a bit of setup.

You could also easily use the sar command right now from expert mode like this to show network interface statistics today from 1am to 5am:

sar -n DEV -s 01:00:00 -e 05:00:00

It will dump the statistics for each interface in 10-minute intervals then present an overall average for the selected period at the bottom of the output like this:

IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s

Average: gre0 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: eth0 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: eth1 1.50 0.91 1.61 0.08 0.00 0.00 0.00
Average: lo 20.66 20.66 10.07 10.07 0.00 0.00 0.00
Average: gretap0 0.00 0.00 0.00 0.00 0.00 0.00 0.00

30 days of sar history is available by default, to see network interface stats from prior days add the -f option like this, where XX is the day of the month to query (i.e. August 5th = 05, July 27th = 27):

sar -f  /var/log/sa/saXX -n DEV -s 01:00:00 -e 05:00:00

Keep in mind that sar creates its data by averaging the overall utilization in 10-minute intervals, so an interface that is spiked to 100% for 2 minutes then relatively idle for the remaining 80% of the 10-minute period will only show about 20% utilization for that period which is technically accurate but can be misleading.  Cpview's history takes a reading every 30 seconds then averages the two readings together for that particular minute in time, and as such cpview has a somewhat better chance of picking up short spikes than sar.  All of this was covered in the third edition of my book, pages 459-463.

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com