Checkpoint Firewall Packet Statistics

Templates, scripts for templates, scripts and requests for templates.

Moderators: Developers, Moderators

Post Reply
Brettw
Posts: 26
Joined: Fri Mar 18, 2005 12:25 am

Checkpoint Firewall Packet Statistics

Post by Brettw »

Hi All,

Below are some checkpoint firewall templates for accepted packets, dropped packets and rejected packets.

These have been tested on checkpoint NG R55 server installed on a windows box with SNMP enabled.

Cheers

Brett
Attachments
cacti_fw_stats.JPG
cacti_fw_stats.JPG (33.27 KiB) Viewed 46179 times
cacti_graph_template_checkpoint_firewall_packet_statistics.xml
(8.65 KiB) Downloaded 3354 times
cacti_data_template_checkpoint_accepted_packets.xml
(2.44 KiB) Downloaded 2439 times
cacti_data_template_checkpoint_dropped_packets.xml
(2.43 KiB) Downloaded 2687 times
cacti_data_template_checkpoint_rejected_packets.xml
(2.44 KiB) Downloaded 3223 times
Top
rickyboone
Posts: 4
Joined: Wed Aug 23, 2006 9:07 am

Post by rickyboone »

Anyone else experiencing large (14+ million packets) spikes when installing the policy through SmartDashboard? If I leave the firewall policy(s) alone, the graphs are okay, and it contains usable information. However, when I install a policy after updating a rule, etc., all packet counters spike up to over 14 million, then immediately drop off.

I've already tried running removespikes.pl against the related rrd files, but nothing changes. :-?
Top
User avatar
za
Posts: 44
Joined: Thu Nov 09, 2006 10:39 am

Trouble importing Checkpoint Firewall Packet Statistics

Post by za »

Hi, i've got some trouble importing "Checkpoint Firewall Packet Statistics" templates..
This is the reply of cacti after my import..

Thanks for the kindness

Za
Attachments
Importing cacti_graph_template_checkpoint_firewall_packet_statistics.xml
Importing cacti_graph_template_checkpoint_firewall_packet_statistics.xml
screnShot.JPG (19.49 KiB) Viewed 44526 times
Top
User avatar
sebbs
Cacti User
Posts: 97
Joined: Mon Jan 22, 2007 9:41 am
Location: Ottawa,Canada

figure it out?

Post by sebbs »

Did you ever figure out your import issue? I am having the same problem.
Top
User avatar
gandalf
Developer
Posts: 22383
Joined: Thu Dec 02, 2004 2:46 am
Location: Muenster, Germany
Contact:
Contact gandalf

Post by gandalf »

You may want to pay attention to the correct importing sequence. Data stuff goes first, graph stuff last (without having looked deeper into the templates)
Reinhard
Top
User avatar
sebbs
Cacti User
Posts: 97
Joined: Mon Jan 22, 2007 9:41 am
Location: Ottawa,Canada

right

Post by sebbs »

And that is what I did. I important the data templates in first, and the graph template afterwards.
Top
User avatar
sebbs
Cacti User
Posts: 97
Joined: Mon Jan 22, 2007 9:41 am
Location: Ottawa,Canada

data queries?

Post by sebbs »

We missing some data queries with these templates?
Top
turlockaviator
Posts: 25
Joined: Wed Sep 12, 2007 12:17 pm
Contact:
Contact turlockaviator

Any ideas how to make this work with SecurePlatform

Post by turlockaviator »

We're still on NG 50 and the OS is Checkpoints SecurePlatform. Anyone know how to enable SNMP on this hardened Linux Distro?
Top
cynicismic
Posts: 13
Joined: Thu Nov 22, 2007 5:05 am

Fixed data templates.

Post by cynicismic »

I've managed to fix the data templates so they should import cleanly - lot of info was missing in the xml..
Having a bit more trouble with the graph template, but will post here if I manage to fix.
Attachments
cacti_data_template_checkpoint_accepted_packets.xml
cacti_data_template_checkpoint_accepted_packets.xml
(6.04 KiB) Downloaded 1620 times
cacti_data_template_checkpoint_dropped_packets.xml
cacti_data_template_checkpoint_dropped_packets.xml
(6.04 KiB) Downloaded 1537 times
cacti_data_template_checkpoint_rejected_packets.xml
cacti_data_template_checkpoint_rejected_packets.xml
(6.04 KiB) Downloaded 1671 times
Top
limaunion
Posts: 20
Joined: Tue Jul 05, 2005 10:44 am

Post by limaunion »

I'm having the following error while importing the graph template (I already have imported the data templates):

Cacti has imported the following items:

Graph Template
[success] Checkpoint Firewall Packet Statistics [update]
+ Unmet Dependency: (Data Template Item) fwAccepted
+ Unmet Dependency: (GPRINT Preset) Normal
+ Unmet Dependency: (Data Template Item) fwDropped
+ Unmet Dependency: (Data Template Item) fwRejected

I'm using cacti 0.8.7b
Thanks for any comment.
Top
philuxe
Posts: 24
Joined: Fri Jan 07, 2005 6:15 am

Post by philuxe »

what do these stats mean exactly ?

actually the checkpoint support is not able to answer :D

does that mean accepted packets per seconds ? since the last policy install ?

in other words what is the time reference ?
Top
jesus_hairdo
Posts: 1
Joined: Mon Aug 03, 2009 3:40 am

Post by jesus_hairdo »

I have managed to import the data templates fine (the 2nd versions, the initial ones gave errors).

Has anyone else managed to fix the problem with importing the graph template?

I get the following message when I import it.
Import Results
Cacti has imported the following items:

Graph Template

[success] Checkpoint Firewall Packet Statistics [update]
+ Unmet Dependency: (Data Template Item) fwAccepted
+ Unmet Dependency: (GPRINT Preset) Normal
+ Unmet Dependency: (Data Template Item) fwDropped
+ Unmet Dependency: (Data Template Item) fwRejected
Top
trungtano
Cacti User
Posts: 90
Joined: Fri Apr 10, 2009 1:57 am
Contact:
Contact trungtano

Checkpoint Packet Statistics

Post by trungtano »

Nobody fix this???
I have the same problem with my cacti 0.8.7d run on fedora 9, and this is my RRD tool say:


RRDTool Command:

/usr/bin/rrdtool graph - \
--imgformat=PNG \
--start=-86400 \
--end=-300 \
--title="CheckPoint FW1 - Checkpoint Packet Statistics" \
--rigid \
--base=1000 \
--height=120 \
--width=500 \
--alt-autoscale-max \
--lower-limit=0 \
--vertical-label="Packets" \
--slope-mode \
--font TITLE:12: \
--font AXIS:8: \
--font LEGEND:10: \
--font UNIT:8: \
DEF:a="/usr/share/cacti/rra/checkpoint_fw1_fwacceptpcktsin_157.rrd":fwAcceptPcktsIn:AVERAGE \
DEF:b="/usr/share/cacti/rra/checkpoint_fw1_fwacceptpcktsin_157.rrd":fwDropPcktsIn:AVERAGE \
DEF:c="/usr/share/cacti/rra/checkpoint_fw1_fwacceptpcktsin_157.rrd":fwRejectPcktsIn:AVERAGE \
AREA:a#00CF00FF:"Accepted Packets\:" \
GPRINT:a:LAST:"Current\:" \
GPRINT:a:AVERAGE:"Average\:" \
GPRINT:a:MAX:"Maximum\:\n" \
AREA:b#FF0000FF:"Dropped Packets\:" \
GPRINT:b:LAST:" Current\:" \
GPRINT:b:AVERAGE:"Average\:" \
GPRINT:b:MAX:"Maximum\:\n" \
AREA:c#FFAB00FF:"Rejected Packets\:" \
GPRINT:c:LAST:"Current\:" \
GPRINT:c:AVERAGE:"Average\:" \
GPRINT:c:MAX:"Maximum\:\n"
RRDTool Says:

ERROR: bad format for GPRINT in 'Current:'
Top
trungtano
Cacti User
Posts: 90
Joined: Fri Apr 10, 2009 1:57 am
Contact:
Contact trungtano

Post by trungtano »

Just upgrade new kernel, new cacti, new plugin.... everything will be fine!

I solved it with new installation!
Top
User avatar
Vins
Cacti User
Posts: 116
Joined: Tue Sep 12, 2006 3:06 am

Post by Vins »

rickyboone wrote:Anyone else experiencing large (14+ million packets) spikes when installing the policy through SmartDashboard? If I leave the firewall policy(s) alone, the graphs are okay, and it contains usable information. However, when I install a policy after updating a rule, etc., all packet counters spike up to over 14 million, then immediately drop off.

I've already tried running removespikes.pl against the related rrd files, but nothing changes. :-?

Yes,
I can confirm that happens on ALL Checkpoint versions, at least in the Nokia IPSO environment... from my point of view, it's something related with the Checkpoint/Nokia SNMP agent, has nothing to do with Cacti.

As a side effect... you can track WHEN you installed a new Policy directly from Cacti :lol:

I've identified a firewall cluster problem related with the policy installation process THROUGH this! :D
Top
Post Reply

Return to “Scripts and Templates”

Who is online

Users browsing this forum: No registered users and 2 guests