Checkpoint Firewall Packet Statistics

Templates, scripts for templates, scripts and requests for templates.

Moderators: Moderators, Developers

Author
Message
Brettw
Posts: 26
Joined: Fri Mar 18, 2005 12:25 am

Checkpoint Firewall Packet Statistics

#1 Post by Brettw » Sun May 14, 2006 10:35 pm

Hi All,

Below are some checkpoint firewall templates for accepted packets, dropped packets and rejected packets.

These have been tested on checkpoint NG R55 server installed on a windows box with SNMP enabled.

Cheers

Brett
Attachments
cacti_fw_stats.JPG
cacti_fw_stats.JPG (33.27 KiB) Viewed 40120 times
cacti_graph_template_checkpoint_firewall_packet_statistics.xml
(8.65 KiB) Downloaded 2810 times
cacti_data_template_checkpoint_accepted_packets.xml
(2.44 KiB) Downloaded 2058 times
cacti_data_template_checkpoint_dropped_packets.xml
(2.43 KiB) Downloaded 2312 times
cacti_data_template_checkpoint_rejected_packets.xml
(2.44 KiB) Downloaded 2795 times

rickyboone
Posts: 4
Joined: Wed Aug 23, 2006 9:07 am

#2 Post by rickyboone » Mon Oct 09, 2006 8:36 am

Anyone else experiencing large (14+ million packets) spikes when installing the policy through SmartDashboard? If I leave the firewall policy(s) alone, the graphs are okay, and it contains usable information. However, when I install a policy after updating a rule, etc., all packet counters spike up to over 14 million, then immediately drop off.

I've already tried running removespikes.pl against the related rrd files, but nothing changes. :-?

User avatar
za
Posts: 29
Joined: Thu Nov 09, 2006 10:39 am

Trouble importing Checkpoint Firewall Packet Statistics

#3 Post by za » Tue Jan 09, 2007 11:10 am

Hi, i've got some trouble importing "Checkpoint Firewall Packet Statistics" templates..
This is the reply of cacti after my import..

Thanks for the kindness

Za
Attachments
screnShot.JPG
Importing cacti_graph_template_checkpoint_firewall_packet_statistics.xml
screnShot.JPG (19.49 KiB) Viewed 38467 times

User avatar
sebbs
Cacti User
Posts: 97
Joined: Mon Jan 22, 2007 9:41 am
Location: Ottawa,Canada

figure it out?

#4 Post by sebbs » Mon Jan 22, 2007 1:35 pm

Did you ever figure out your import issue? I am having the same problem.

User avatar
gandalf
Developer
Posts: 22375
Joined: Thu Dec 02, 2004 2:46 am
Location: Muenster, Germany
Contact:

#5 Post by gandalf » Mon Jan 22, 2007 1:39 pm

You may want to pay attention to the correct importing sequence. Data stuff goes first, graph stuff last (without having looked deeper into the templates)
Reinhard

User avatar
sebbs
Cacti User
Posts: 97
Joined: Mon Jan 22, 2007 9:41 am
Location: Ottawa,Canada

right

#6 Post by sebbs » Mon Jan 22, 2007 1:45 pm

And that is what I did. I important the data templates in first, and the graph template afterwards.

User avatar
sebbs
Cacti User
Posts: 97
Joined: Mon Jan 22, 2007 9:41 am
Location: Ottawa,Canada

data queries?

#7 Post by sebbs » Mon Jan 22, 2007 1:48 pm

We missing some data queries with these templates?

turlockaviator
Posts: 25
Joined: Wed Sep 12, 2007 12:17 pm
Contact:

Any ideas how to make this work with SecurePlatform

#8 Post by turlockaviator » Tue Oct 23, 2007 7:54 pm

We're still on NG 50 and the OS is Checkpoints SecurePlatform. Anyone know how to enable SNMP on this hardened Linux Distro?

cynicismic
Posts: 13
Joined: Thu Nov 22, 2007 5:05 am

Fixed data templates.

#9 Post by cynicismic » Fri Aug 22, 2008 6:49 am

I've managed to fix the data templates so they should import cleanly - lot of info was missing in the xml..
Having a bit more trouble with the graph template, but will post here if I manage to fix.
Attachments
cacti_data_template_checkpoint_accepted_packets.xml
cacti_data_template_checkpoint_accepted_packets.xml
(6.04 KiB) Downloaded 1238 times
cacti_data_template_checkpoint_dropped_packets.xml
cacti_data_template_checkpoint_dropped_packets.xml
(6.04 KiB) Downloaded 1151 times
cacti_data_template_checkpoint_rejected_packets.xml
cacti_data_template_checkpoint_rejected_packets.xml
(6.04 KiB) Downloaded 1286 times

limaunion
Posts: 20
Joined: Tue Jul 05, 2005 10:44 am

#10 Post by limaunion » Wed Nov 05, 2008 6:18 am

I'm having the following error while importing the graph template (I already have imported the data templates):

Cacti has imported the following items:

Graph Template
[success] Checkpoint Firewall Packet Statistics [update]
+ Unmet Dependency: (Data Template Item) fwAccepted
+ Unmet Dependency: (GPRINT Preset) Normal
+ Unmet Dependency: (Data Template Item) fwDropped
+ Unmet Dependency: (Data Template Item) fwRejected

I'm using cacti 0.8.7b
Thanks for any comment.

philuxe
Posts: 24
Joined: Fri Jan 07, 2005 6:15 am

#11 Post by philuxe » Thu Jan 15, 2009 4:50 am

what do these stats mean exactly ?

actually the checkpoint support is not able to answer :D

does that mean accepted packets per seconds ? since the last policy install ?

in other words what is the time reference ?

jesus_hairdo
Posts: 1
Joined: Mon Aug 03, 2009 3:40 am

#12 Post by jesus_hairdo » Mon Aug 03, 2009 3:41 am

I have managed to import the data templates fine (the 2nd versions, the initial ones gave errors).

Has anyone else managed to fix the problem with importing the graph template?

I get the following message when I import it.
Import Results
Cacti has imported the following items:

Graph Template

[success] Checkpoint Firewall Packet Statistics [update]
+ Unmet Dependency: (Data Template Item) fwAccepted
+ Unmet Dependency: (GPRINT Preset) Normal
+ Unmet Dependency: (Data Template Item) fwDropped
+ Unmet Dependency: (Data Template Item) fwRejected

trungtano
Cacti User
Posts: 90
Joined: Fri Apr 10, 2009 1:57 am
Contact:

Checkpoint Packet Statistics

#13 Post by trungtano » Tue Aug 11, 2009 4:40 am

Nobody fix this???
I have the same problem with my cacti 0.8.7d run on fedora 9, and this is my RRD tool say:


RRDTool Command:

/usr/bin/rrdtool graph - \
--imgformat=PNG \
--start=-86400 \
--end=-300 \
--title="CheckPoint FW1 - Checkpoint Packet Statistics" \
--rigid \
--base=1000 \
--height=120 \
--width=500 \
--alt-autoscale-max \
--lower-limit=0 \
--vertical-label="Packets" \
--slope-mode \
--font TITLE:12: \
--font AXIS:8: \
--font LEGEND:10: \
--font UNIT:8: \
DEF:a="/usr/share/cacti/rra/checkpoint_fw1_fwacceptpcktsin_157.rrd":fwAcceptPcktsIn:AVERAGE \
DEF:b="/usr/share/cacti/rra/checkpoint_fw1_fwacceptpcktsin_157.rrd":fwDropPcktsIn:AVERAGE \
DEF:c="/usr/share/cacti/rra/checkpoint_fw1_fwacceptpcktsin_157.rrd":fwRejectPcktsIn:AVERAGE \
AREA:a#00CF00FF:"Accepted Packets\:" \
GPRINT:a:LAST:"Current\:" \
GPRINT:a:AVERAGE:"Average\:" \
GPRINT:a:MAX:"Maximum\:\n" \
AREA:b#FF0000FF:"Dropped Packets\:" \
GPRINT:b:LAST:" Current\:" \
GPRINT:b:AVERAGE:"Average\:" \
GPRINT:b:MAX:"Maximum\:\n" \
AREA:c#FFAB00FF:"Rejected Packets\:" \
GPRINT:c:LAST:"Current\:" \
GPRINT:c:AVERAGE:"Average\:" \
GPRINT:c:MAX:"Maximum\:\n"
RRDTool Says:

ERROR: bad format for GPRINT in 'Current:'

trungtano
Cacti User
Posts: 90
Joined: Fri Apr 10, 2009 1:57 am
Contact:

#14 Post by trungtano » Mon Nov 02, 2009 4:35 am

Just upgrade new kernel, new cacti, new plugin.... everything will be fine!

I solved it with new installation!

User avatar
Vins
Cacti User
Posts: 116
Joined: Tue Sep 12, 2006 3:06 am

#15 Post by Vins » Sat Nov 07, 2009 9:34 am

rickyboone wrote:Anyone else experiencing large (14+ million packets) spikes when installing the policy through SmartDashboard? If I leave the firewall policy(s) alone, the graphs are okay, and it contains usable information. However, when I install a policy after updating a rule, etc., all packet counters spike up to over 14 million, then immediately drop off.

I've already tried running removespikes.pl against the related rrd files, but nothing changes. :-?

Yes,
I can confirm that happens on ALL Checkpoint versions, at least in the Nokia IPSO environment... from my point of view, it's something related with the Checkpoint/Nokia SNMP agent, has nothing to do with Cacti.

As a side effect... you can track WHEN you installed a new Policy directly from Cacti :lol:

I've identified a firewall cluster problem related with the policy installation process THROUGH this! :D

Post Reply