- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi Everyone:
I recently had a problem in the firewall where it exceeded the concurrent connections of my VSX Firewall (R80.20)
I would like to see if there is a way to monitor each VSX Firewall and that it can monitor concurrent connections and send alert when a threshold is exceeded. Any tool that allows me to do this monitoring?
If I want to monitoring a VSX firewall, Does it have to be with the IP that was registered in the management console?
Can I do it through the other interfaces (internal interface)?
Thanks for your help.
I have this Python script to monitor concurrent connections on each VS via Nagios Service checks. It's set for using SNMPv3, just update to correct username and correct authentication and privacy encryption and password and should work.
Output is state of each VS and also it's printing performance data for graphing.
from __future__ import division
import subprocess
import argparse
from collections import OrderedDict
from sys import exit
import sys
argpar = argparse.ArgumentParser()
argpar.add_argument("-ip",action="store",dest="host_ip",help="specify IP",required=True)
argpar.add_argument("-d",action="store_true",dest="debug",help="debugging mode",required=False)
conn_oid = '1.3.6.1.4.1.2620.1.16.23.1.1'
conn_table_entry = OrderedDict()
conn_table_entry["enterprises.2620.1.16.23.1.1.3"]= "current" #0=OK, 1=Warning, 2=Error
conn_table_entry["enterprises.2620.1.16.23.1.1.4"] = "peak" #0=to log servers, 1=local configured, 2=local due to connectivity issues,3=local due to high rate
conn_table_entry["enterprises.2620.1.16.23.1.1.10"]= "max"
results = argpar.parse_args()
ip = results.host_ip
debug = results.debug
def get_context_name(ip,oid):
try:
snmp_query = subprocess.Popen("snmpbulkwalk -v 3 -a MD5 -A AuthPW -l authPriv -x DES -X PrivacyPW -u snmpv3User -Oqv {0} 1.3.6.1.4.1.2620.1.16.22.1.1.3 ".format(ip), shell=True, stdout=subprocess.PIPE).stdout.read()
snmp_query = snmp_query.split("\n")
if debug:
for item in snmp_query:
print item
if " No Such Instance currently exists at this OID" in snmp_query[0]:
return False
else:
return snmp_query
except Exception as e:
print "Looks like snmp issue"
print e
print ip, oid
def parse_context_name(snmp_output):
data_list = dict()
snmp_output = snmp_output[:-1]
for id,line in enumerate(snmp_output):
data_list[id+1] = line.strip('"')
return data_list
def get_snmp_table(ip,oid):
try:
snmp_query = subprocess.Popen("snmpbulkwalk -v 3 -c AuthPW -a MD5 -A PrivacyPW -l authPriv -x DES -X g3tt0d@CH0PP@ -u snmpv3User -Onsq {0} {1} ".format(ip,oid), shell=True, stdout=subprocess.PIPE).stdout.read()
snmp_query = snmp_query.split("\n")
if debug:
for item in snmp_query:
print item
if " No Such Instance currently exists at this OID" in snmp_query[0]:
return False
else:
return snmp_query
except Exception as e:
print "Looks like snmp issue"
print e
print ip, oid
def parse_snmp_output(snmp_output,context_names):
snmp_output = snmp_output[:-1]
data_list = list()
matched_data_dict = dict()
current = "enterprises.2620.1.16.23.1.1.2"
peak = "enterprises.2620.1.16.23.1.1.3"
max = "enterprises.2620.1.16.23.1.1.4"
conn_stat = dict()
current_list = list()
peak_list = list()
max_list = list()
for line in snmp_output:
data_list.append(line)
oid,value = line.split(".0")
#print oid,value
if oid.startswith(current):
current_list.append(value)
elif oid.startswith(peak):
peak_list.append(value)
elif oid.startswith(max):
max_list.append(value)
return current_list,peak_list,max_list
if __name__ == "__main__":
context_names = get_context_name(ip,conn_oid)
results = parse_context_name(context_names)
results.pop(1)
# print results
conn_lines= get_snmp_table(ip,conn_oid)
current_list,peak_list,max_list = parse_snmp_output(conn_lines,results)
warning_for = list()
output_status = list()
output_perf_data = list()
for id,name in results.iteritems():
# prefix,vs_system = name.split("01_")
vs_system = name
max = max_list[id-1]
current = current_list[id-1]
peak = peak_list[id-1]
#print vs_system,current_list[id-1],peak_list[id-1],max_list[id-1]
ratio = int(current)/int(max) * 100
ratio_limit = 80
if int(ratio) > ratio_limit:
output_status.append("Warning! Concurrent connections is above {2} % of max connection limit {0} on {1} system <<<<<".format(max_list[id-1],vs_system,ratio_limit))
output_perf_data.append(" {0}_current={1};;;{3};".format(vs_system,current_list[id-1].strip(),peak_list[id-1],max_list[id-1].strip()))
else:
output_status.append("OK! Concurrent connections is {0} on {1} system".format(current,vs_system))
output_perf_data.append(" {0}_current={1};;;{3}; ".format(vs_system,current_list[id-1].strip(),peak_list[id-1],max_list[id-1].strip()))
#print output_perf_data
exit_status = False
for line in output_status:
if "Warning" in line:
exit_status = True
if exit_status:
print "\n".join(output_status),"|","".join(output_perf_data)
sys.exit(1)
elif not exit_status:
print "\n".join(output_status),"|","".join(output_perf_data)
sys.exit(0)
I have this Python script to monitor concurrent connections on each VS via Nagios Service checks. It's set for using SNMPv3, just update to correct username and correct authentication and privacy encryption and password and should work.
Output is state of each VS and also it's printing performance data for graphing.
from __future__ import division
import subprocess
import argparse
from collections import OrderedDict
from sys import exit
import sys
argpar = argparse.ArgumentParser()
argpar.add_argument("-ip",action="store",dest="host_ip",help="specify IP",required=True)
argpar.add_argument("-d",action="store_true",dest="debug",help="debugging mode",required=False)
conn_oid = '1.3.6.1.4.1.2620.1.16.23.1.1'
conn_table_entry = OrderedDict()
conn_table_entry["enterprises.2620.1.16.23.1.1.3"]= "current" #0=OK, 1=Warning, 2=Error
conn_table_entry["enterprises.2620.1.16.23.1.1.4"] = "peak" #0=to log servers, 1=local configured, 2=local due to connectivity issues,3=local due to high rate
conn_table_entry["enterprises.2620.1.16.23.1.1.10"]= "max"
results = argpar.parse_args()
ip = results.host_ip
debug = results.debug
def get_context_name(ip,oid):
try:
snmp_query = subprocess.Popen("snmpbulkwalk -v 3 -a MD5 -A AuthPW -l authPriv -x DES -X PrivacyPW -u snmpv3User -Oqv {0} 1.3.6.1.4.1.2620.1.16.22.1.1.3 ".format(ip), shell=True, stdout=subprocess.PIPE).stdout.read()
snmp_query = snmp_query.split("\n")
if debug:
for item in snmp_query:
print item
if " No Such Instance currently exists at this OID" in snmp_query[0]:
return False
else:
return snmp_query
except Exception as e:
print "Looks like snmp issue"
print e
print ip, oid
def parse_context_name(snmp_output):
data_list = dict()
snmp_output = snmp_output[:-1]
for id,line in enumerate(snmp_output):
data_list[id+1] = line.strip('"')
return data_list
def get_snmp_table(ip,oid):
try:
snmp_query = subprocess.Popen("snmpbulkwalk -v 3 -c AuthPW -a MD5 -A PrivacyPW -l authPriv -x DES -X g3tt0d@CH0PP@ -u snmpv3User -Onsq {0} {1} ".format(ip,oid), shell=True, stdout=subprocess.PIPE).stdout.read()
snmp_query = snmp_query.split("\n")
if debug:
for item in snmp_query:
print item
if " No Such Instance currently exists at this OID" in snmp_query[0]:
return False
else:
return snmp_query
except Exception as e:
print "Looks like snmp issue"
print e
print ip, oid
def parse_snmp_output(snmp_output,context_names):
snmp_output = snmp_output[:-1]
data_list = list()
matched_data_dict = dict()
current = "enterprises.2620.1.16.23.1.1.2"
peak = "enterprises.2620.1.16.23.1.1.3"
max = "enterprises.2620.1.16.23.1.1.4"
conn_stat = dict()
current_list = list()
peak_list = list()
max_list = list()
for line in snmp_output:
data_list.append(line)
oid,value = line.split(".0")
#print oid,value
if oid.startswith(current):
current_list.append(value)
elif oid.startswith(peak):
peak_list.append(value)
elif oid.startswith(max):
max_list.append(value)
return current_list,peak_list,max_list
if __name__ == "__main__":
context_names = get_context_name(ip,conn_oid)
results = parse_context_name(context_names)
results.pop(1)
# print results
conn_lines= get_snmp_table(ip,conn_oid)
current_list,peak_list,max_list = parse_snmp_output(conn_lines,results)
warning_for = list()
output_status = list()
output_perf_data = list()
for id,name in results.iteritems():
# prefix,vs_system = name.split("01_")
vs_system = name
max = max_list[id-1]
current = current_list[id-1]
peak = peak_list[id-1]
#print vs_system,current_list[id-1],peak_list[id-1],max_list[id-1]
ratio = int(current)/int(max) * 100
ratio_limit = 80
if int(ratio) > ratio_limit:
output_status.append("Warning! Concurrent connections is above {2} % of max connection limit {0} on {1} system <<<<<".format(max_list[id-1],vs_system,ratio_limit))
output_perf_data.append(" {0}_current={1};;;{3};".format(vs_system,current_list[id-1].strip(),peak_list[id-1],max_list[id-1].strip()))
else:
output_status.append("OK! Concurrent connections is {0} on {1} system".format(current,vs_system))
output_perf_data.append(" {0}_current={1};;;{3}; ".format(vs_system,current_list[id-1].strip(),peak_list[id-1],max_list[id-1].strip()))
#print output_perf_data
exit_status = False
for line in output_status:
if "Warning" in line:
exit_status = True
if exit_status:
print "\n".join(output_status),"|","".join(output_perf_data)
sys.exit(1)
elif not exit_status:
print "\n".join(output_status),"|","".join(output_perf_data)
sys.exit(0)
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY