mardi 19 février 2013

Check Point Splat monitoring SNMPv3


Configure SNMP v3 on SecurePlatform 

[Expert@FW]# snmp user del public
[Expert@FW]# snmp user add authuser Nagios pass complexpassphrase priv privatepass
[Expert@FW]# snmp service enable

[Expert@FW]# cat /etc/snmp/snmpd.conf
master agentx
syslocation "Somewhere"
syscontact SOC - Security
sysservices 76
rocommunity PASSWORD
trap2sink 192.168.1.2 PASSWORD1
cp_cleartrap 10 2
proc syslogd 1 1
disk /var 20%
cp_monitor 1.3.6.1.2.1.2.2.1.8.1 == 2 60 "link 1 down"
cp_monitor prErrorFlag.1 != "0" 60 "process monitor"
cp_monitor dskErrorFlag.1 != 0 60 "disk monitor"
cp_monitor 1.3.6.1.4.1.2021.10.1.5.1 > 100 60 "CPU load 1 min"
cp_monitor 1.3.6.1.4.1.2021.10.1.5.2 > 90 60 "CPU load 5 min"
cp_monitor 1.3.6.1.4.1.2021.4.4.0 < 2000 60 "memAvailSwap"
cp_monitor 1.3.6.1.4.1.2021.4.6.0 < 2000 60 "memAvailReal"
cp_monitor 1.3.6.1.4.1.2620.1.5.6.0 != "active" 20 "Cluster State"
cp_monitor 1.3.6.1.4.1.2620.1.1.25.3.0 > 50000 20 "Firewall connections"
cp_monitor 1.3.6.1.2.1.25.2.3.1.6.6 > 60000 60 "/opt hrStorageUsed"
smuxpeer 1.3.6.1.4.1.4.3.1.4
exec maxconn /bin/sh /home/admin/getMaxConn.sh


Activate Check Point MIB with cpconfig :
2.SNMP Extension

There should be 2 processes running:
 /usr/sbin/snmpd
 /opt/CPshrd-R75.40/bin/cpsnmpd

Wanna get the current number of connections in real time?
[Expert@FW]# cat getMaxConn.sh
#!/bin/sh
/bin/cpfw_start ctl pstat | grep 'Concurrent Connections:' | sed 's/.*out of\ \([0-9]\+\).*/\1/g'

By the way to avoid snmp spam messages in /var/log/messages:
Dec 7 15:50:48 hostname snmpd[2621]: Received SNMP packet(s) from UDP: [10.22.1.2]:34665

Follow this SK: Disable verbose SNMP logging - "snmpd[PID]: Received SNMP packet(s) from UDP:"
Solution ID:            sk59023

Aucun commentaire:

Enregistrer un commentaire