Articles

Affichage des articles du 2013

Check Point SPLAT SNMPv3 memory monitoring

Basic implementation of memory monitoring using snmp can lead to false alarm. [Expert@FW1]# free
             total       used       free     shared    buffers     cached
Mem:       8308232    8027236     280996          0     249776    5983656
-/+ buffers/cache:    1793804    6514428
Swap:     18347752          0   18347752 In the example above, the firewall is running (208772 actives connexions)
The OS reports "8027236" of "8308232" used. However, we see that the
'free' + 'buffers' + 'cached' = "280996" + "249776" + "5983656" = "6514428", which is
'logically' free for applications to use, and will be handed out by the kernel appropriately.
According to sk32206:How to determine how much Free Memory is available on Linux/SecurePlatform systems
'Free Real Memory' should be equal to
- 'Free Real Memory' in output of 'cpstat -f memory os' command
- [ ('MemFree' + 'Buffers…

Check Point Splat monitoring SNMPv3

Configure SNMP v3 on SecurePlatform
[Expert@FW]#snmp user del public
[Expert@FW]#snmp user add authuser Nagios pass complexpassphrase priv privatepass
[Expert@FW]#snmp service enable
[Expert@FW]# cat /etc/snmp/snmpd.conf master agentx syslocation "Somewhere" syscontact SOC - Security sysservices 76 rocommunity PASSWORD trap2sink 192.168.1.2 PASSWORD1 cp_cleartrap 10 2 proc syslogd 1 1 disk /var 20% cp_monitor 1.3.6.1.2.1.2.2.1.8.1 == 2 60 "link 1 down" cp_monitor prErrorFlag.1 != "0" 60 "process monitor" cp_monitor dskErrorFlag.1 != 0 60 "disk monitor" cp_monitor 1.3.6.1.4.1.2021.10.1.5.1 > 100 60 "CPU load 1 min" cp_monitor 1.3.6.1.4.1.2021.10.1.5.2 > 90 60 "CPU load 5 min" cp_monitor 1.3.6.1.4.1.2021.4.4.0 < 2000 60 "memAvailSwap" cp_monitor 1.3.6.1.4.1.2021.4.6.0 < 2000 60 "memAvailReal" cp_monitor 1.3.6.1.4.1.2620.1.5.6.0 != "active" 20 "Cluster State" cp_monitor 1.3.6.1.4.1.2620.1.…

Google data center security

Image