Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vincent_Bacher
Advisor

Zabbix agent on VSX

Hello mates,

I am curious, if anybody here has ever installed Zabbix agent on VSX environment to run Checks / scripts on virtual Systems.

If yes, sharing experience or reports what is done would be appreciated. 

Thanks and best regards 

Vincent 

and now to something completely different
0 Kudos
8 Replies
PhoneBoy
Admin
Admin

0 Kudos
John_Fleming
Advisor

Here is our Zabbix post.

Zabbix agent is a full blow agent meant to be installed on a linux/windows box. We didn't cover doing that on a checkpoint firewall directly or VSX for that matter.

That being said, I'm in that "don't tell me how I can/can't use my tool" camp. We have all kinds of write ups on how to put things on checkpoint in interesting ways.. like.. a Fortinet VM on QEMU inside a Palo VM inside QEMU inside a Checkpoint VM (PBJ blog post).. you know.. to protect those other vendors that have.. ehem.. colorful CVE reports.

The way we approached custom things in Zabbix was custom snmp scripts (for example installed on a MDS host). We made a few to do things like monitor diskspace per CMA  dir, log dir, logdata dir etc. 

Its pretty easy to script out. I could publish to our snmp scripts to github if you wanted to use that as a baseline. 

Vincent_Bacher
Advisor

Would be interesting.
Background for thinking about zabbix is following:
There is for instance no way to query IA values on distributed pdp environments (pdp broker using publisher and subscriber). You only see connections on the cli using "pdp b s"
So how to monitor this automatically if not using an agent?

and now to something completely different
0 Kudos
John_Fleming
Advisor

Show the output. I don't have that handy.

0 Kudos
Vincent_Bacher
Advisor

From what? 

pdp broker status?

Mentioned in the getting started guide 

have already turned off my laptop 

and now to something completely different
0 Kudos
John_Fleming
Advisor

yeah, I mean isn't that what you want access to? The output of that command? 

I didn't poke around the mib file. Some of that might already be in there. If its not here is the quick and dirty.

I made a script to print MDS + CMA names. (MDSnames.sh)

#!/bin/bash
. /etc/profile
MDSname=$(hostname)
echo $HOSTNAME
for x in $($MDSVERUTIL ALLCMAs)
do
echo $x
done

 

edit /etc/snmp/userDefinedSettings.conf

add 

extend MDSnames /bin/bash /home/admin/MDSnames.sh

restart snmp

OID would be nsExtendedOutLine.\"MDSnames\"

\" are required if doin this via command line.

output will be like

 

NET-SNMP-EXTEND-MIB:nsExtendOutLine."MDSnames".1 = STRING: MDS_NAME_HERE

NET-SNMP-EXTEND-MIB:nsExtendOutLine."MDSnames".2 = STRING: FIRST_CMA_HERE

etc

good luck!

 

 

Vincent_Bacher
Advisor

Hm. Interesting approach. Maybe i can realize that in pdp as well. Thanks a lot, will have a look at it.

and now to something completely different
0 Kudos
Vincent_Bacher
Advisor

Again thanks for that hint. I did some tests and compiled a short script to show state of cpd using cpwd_admin list and it works with and without vsx enabled 🙂

and now to something completely different
0 Kudos