This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Arik_Ovtracht
Employee
Employee
‎2022-05-18 02:15 AM

Skyline - a new monitoring solution for Check Point devices - on EA now

Hi,

I am excited to announce the availability of Skyline - Check Point’s new solution for real-time monitoring of the Quantum Family devices.

Skyline uses modern technologies (based on OpenTelemetry) to report telemetry data from Check Point devices, and is designed to fit your existing monitoring environments - or you can create a simple new monitoring server using Prometheus and Grafana.

 

You can view a short presentation + demo of Skyline in this video.

More details on Skyline and how to set it up can be found in sk178566.

Disclaimer: This Early Availability version reports a basic set of monitoring data, that will be enhanced in the future.

Please contact me for any questions on Skyline.

Preview file
203 KB
(1)
48 Replies
JozkoMrkvicka
Mentor
Mentor
‎2022-10-26 01:15 PM
In response to Arik_Ovtracht

Can you please elaborate on following 2 known limitations:

  • On a VSX Gateway / VSX Cluster, Skyline shows the information only for the context VS0 (the VSX Gateway / VSX Cluster Member itself). Does it mean that there are no data from any of configured VSs, only from VS0 ?

  • Skyline deployment on a VSX Gateway / VSX Cluster with many Virtual Systems may increase the load on CPU cores. It is recommended to install it only on systems of up to 10 Virtual Systems. When will be this limitation fixed ?

Kind regards,
Jozko Mrkvicka
0 Kudos
Arik_Ovtracht
Employee
Employee
‎2022-10-27 12:51 AM
In response to JozkoMrkvicka

  • There will be data from VSs other than VS0, however due to a bug, that data will be the same as the data from VS0. This bug is relevant for the R81.10 and R81 current releases of Skyline, and will be fixed in the next JHF take on those versions. The R80.40 version (which is not yet released) will not contain this bug.
  • The limitation for <10 VSs is in all versions at the moment, but we are currently working to remove it. I hope we will be able to remove it fairly soon, possibly in a couple of months.
Simon_Macpherso
Advisor
‎2023-01-09 10:14 PM
In response to Arik_Ovtracht

Hi @Arik_Ovtracht , is Maestro (R81.10 JHF79) fully supported in the GA version? 

If i run a tcpdump on the prometheus server for a few minutes only the following metrics are received. 

.__name__..skyline_build_info
.__name__..system_uptime
.__name__..target
.__name__..cpview_info

Regards,

Simon

0 Kudos
Arik_Ovtracht
Employee
Employee
‎2023-01-11 03:13 AM
In response to Simon_Macpherso

Same answer as in https://community.checkpoint.com/t5/Security-Gateways/Skyline/m-p/167360/emcs_t/S2h8ZW1haWx8c3Vic2Ny...

Yes, they are fully supported.

Would it be possible for me to investigate your environment, to get a better understanding of the issue?

You can contact me directly at ariko@checkpoint.com 

0 Kudos
Simon_Macpherso
Advisor
‎2023-01-11 05:28 PM
In response to Arik_Ovtracht

I have emailed you.

There is definitely an issue either specific to our environment our support for Maestro. 

I upgraded an HA cluster to R81.10 JHF 81 today and all expected metrics are received in Prometheus.   

0 Kudos
Arik_Ovtracht
Employee
Employee
‎2023-01-11 04:03 AM
In response to Simon_Macpherso

Same answer as https://community.checkpoint.com/t5/Security-Gateways/Skyline/m-p/167371/emcs_t/S2h8ZW1haWx8c3Vic2Ny...

Yes, they are fully supported.

Would it be possible for me to investigate your environment, to get a better understanding of the issue?

You can contact me directly at ariko@checkpoint.com 

0 Kudos
Norbert_Bohusch
Advisor
‎2022-11-22 07:54 AM

Hi,

has anything changed for R81.20? After upgrade of my test environment from R81.10 JHF 79 I had to reconfigure it via the REST.py script. This has the first issue that it doesn't find python. I could fix this on my own.

But afterwards it starts the exporter which then seems also to connect (netstat shows port established, tcpdump shows some packets), but the only data I see in the dashboards is now the uptime!

 

Here the output of my test configuration:

[Expert@cp-mgmt:0]# ./GetOTDynamicConfig.sh
{"exporters": {"prometheusremotewrite": {"endpoint": "http://10.2.232.82:9090/api/v1/write", "tls": {"ca_file": "/opt/CPshrd-R81.20/conf/ca-bundle.crt"}}}, "service": {"pipelines": {"metrics": {"exporters": ["prometheusremotewrite"]}}}}

./REST.py --show_open_telemetry
{"export-targets": [{"enabled": true, "type": "prometheus-remote-write", "url": "http://10.2.232.82:9090/api/v1/write", "client-auth": {"token": {"header-bearer-token": "N/A", "custom-header": {"key": "N/A", "value": "N/A"}}, "basic": {"username": "N/A", "password": "N/A"}}, "server-auth": {"ca-public-key": {"type": "Default", "value": "N/A"}}}], "enabled": true}

[Expert@cp-mgmt:0]# ./CPotelcolCli.sh show
{
"active_after_reboot":"true",
"status":"Collector is up"
}

 

2022-11-22T15:57:09.088+0100 info service/telemetry.go:102 Setting up own telemetry...
2022-11-22T15:57:09.089+0100 info service/telemetry.go:137 Serving Prometheus metrics {"address": ":8888", "level": "basic"}
2022-11-22T15:57:09.090+0100 info extensions/extensions.go:42 Starting extensions...
2022-11-22T15:57:09.090+0100 info extensions/extensions.go:45 Extension is starting... {"kind": "extension", "name": "health_check"}
2022-11-22T15:57:09.090+0100 info healthcheckextension@v0.56.0/healthcheckextension.go:44 Starting health_check extension {"kind": "extension", "name": "health_check", "config": {"Port":0,"TCPAddr":{"Endpoint":"0.0.0.0:13133"},"Path":"/","CheckCollectorPipeline":{"Enabled":false,"Interval":"5m","ExporterFailureThreshold":5}}}
2022-11-22T15:57:09.120+0100 info extensions/extensions.go:49 Extension started. {"kind": "extension", "name": "health_check"}
2022-11-22T15:57:09.120+0100 info pipelines/pipelines.go:74 Starting exporters...
2022-11-22T15:57:09.120+0100 info pipelines/pipelines.go:78 Exporter is starting... {"kind": "exporter", "data_type": "metrics", "name": "prometheusremotewrite"}
2022-11-22T15:57:09.123+0100 info pipelines/pipelines.go:82 Exporter started. {"kind": "exporter", "data_type": "metrics", "name": "prometheusremotewrite"}
2022-11-22T15:57:09.123+0100 info pipelines/pipelines.go:86 Starting processors...
2022-11-22T15:57:09.123+0100 info pipelines/pipelines.go:90 Processor is starting... {"kind": "processor", "name": "batch", "pipeline": "metrics"}
2022-11-22T15:57:09.123+0100 info pipelines/pipelines.go:94 Processor started. {"kind": "processor", "name": "batch", "pipeline": "metrics"}
2022-11-22T15:57:09.123+0100 info pipelines/pipelines.go:98 Starting receivers...
2022-11-22T15:57:09.123+0100 info pipelines/pipelines.go:102 Receiver is starting... {"kind": "receiver", "name": "otlp", "pipeline": "metrics"}
2022-11-22T15:57:09.123+0100 info otlpreceiver/otlp.go:70 Starting GRPC server on endpoint /opt/CPotelcol/grpc_otlp.sock {"kind": "receiver", "name": "otlp", "pipeline": "metrics"}
2022-11-22T15:57:09.123+0100 info pipelines/pipelines.go:106 Receiver started. {"kind": "receiver", "name": "otlp", "pipeline": "metrics"}
2022-11-22T15:57:09.123+0100 info healthcheck/handler.go:129 Health Check state change {"kind": "extension", "name": "health_check", "status": "ready"}
2022-11-22T15:57:09.123+0100 info service/collector.go:215 Starting otelcol... {"Version": "CPotelcol_0.56.0", "NumCPU": 8}
2022-11-22T15:57:09.123+0100 info service/collector.go:128 Everything is ready. Begin running and processing data.

 

0 Kudos
Arik_Ovtracht
Employee
Employee
‎2022-11-22 11:16 PM
In response to Norbert_Bohusch

Hi @Norbert_Bohusch ,

Skyline is not included in the R81.20 GA release, it will be added in one of the first Jumbo Hotfix takes on top of it. 

What you have is only part of the Skyline installation, which is automatically installed when upgrading, but is does not actually transmit any data. 

If you would like to use Skyline on top of R81.20, please hold on a few more weeks until we can release the JHF with it.

0 Kudos
Norbert_Bohusch
Advisor
‎2022-11-22 11:19 PM
In response to Arik_Ovtracht

Oh ok,

I mean the folders are there through AutoUpdater after some minutes after upgrade and according to the "resolved issues and enhancements" SK it is based on R81.10 JHF 79 which includes Skyline. So I thought it should work.

But thanks for clearing this up. Looking forward to the release of Skyline for R81.20 then.

0 Kudos
JozkoMrkvicka
Mentor
Mentor
‎2022-11-23 12:41 PM
In response to Arik_Ovtracht

Will there by any new features and known limitation solved within Skyline for R81.20 ? Or it will be the same version like is currently for R81.10 ?

Kind regards,
Jozko Mrkvicka
0 Kudos
Arik_Ovtracht
Employee
Employee
‎2022-11-24 01:12 AM
In response to JozkoMrkvicka

Skyline has (and will have) the same basic content in all version. We will release updates to the GA version in all of them, partly via JHFs and partly as automatic updates.

That said, there are some basic differences between the versions, which would mean that some metrics are only available in certain versions (and forward).

RamGuy239
Advisor
3 weeks ago
In response to Arik_Ovtracht

@Arik_Ovtracht do you have any estimate on when we can expect at least an on-going JHF for R81.20 adding support for Skyline? It's been quite some time now, and there has yet to be released anything for R81.20 thus far. GA on November 21st, and we are in March without even an on-going JHF for R81.20 seems rather strange.

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
0 Kudos
Arik_Ovtracht
Employee
Employee
3 weeks ago
In response to RamGuy239

The R81.20 JHF should be released as on-going next week, including Skyline.

milunb
Participant
3 weeks ago
In response to Arik_Ovtracht

Finaly 
thanks

0 Kudos
JozkoMrkvicka
Mentor
Mentor
3 weeks ago
In response to Arik_Ovtracht

Can we expect within R81.20 JHF that the Skyline limitation of max 10 VS per VSX to be dismissed ?

Kind regards,
Jozko Mrkvicka
0 Kudos
JozkoMrkvicka
Mentor
Mentor
2 weeks ago
In response to JozkoMrkvicka

I see update on skyline homepage as max 25 VSs are supported with R81.10 Take 93.

Kind regards,
Jozko Mrkvicka
0 Kudos
Arik_Ovtracht
Employee
Employee
2 weeks ago
In response to JozkoMrkvicka

Actually, it was a mistake - we removed the VS number limitation completely 😀

Arik_Ovtracht
Employee
Employee
‎2022-12-28 01:35 AM

Check out this video tutorial on how to set up Skyline easily:

https://www.youtube.com/watch?v=FO2Rp9x31i0

Huge thanks to @Manning for creating this tutorial!

(1)
Diego_Escobar_A
Employee
Employee
3 weeks ago
In response to Arik_Ovtracht

Hi checkmates,

To complement this post, I have taken the liberty of creating a repository in github. In which a docker stack is defined with docker compose, composed of 3 docker (prometheus, grafana and nginx that will work as a reverse-proxy and will be responsible for balancing the requests to these two containers using certificates and https to secure navigation.

Here you have:
https://github.com/dearevalillo/easy_telemetry_chkp_majoraccount

grafana_machines_overview.png

grafana_machines_overview2.png

maestro_5.png

Enjoy