Hello,
Please find in attached my new Custom-SNMP Probe for CheckPoint Security
Appliances UTM-1 Series and Security Management on OpenServer.
They are, successively, already in v1.3 and v1.0.
You can share it with the InterMapper community ;)
*@InterMapper Community*: Do those who use CheckPoint products can send me
the result of a complete SNMP Walk (no size limit, OID: 1.3) in order to
generalize as much as possible those probes.
*Off course*: Thank you to hide informations like: serial number, IP address,
... Just hide or modify values so that I know that such OID give value
Best regards,
Xavier BENSEMHOUN
<!--
################################################################################
#
#
# InterMapper SNMP Probe
#
# ----------------------
#
# for: CheckPoint / Security Gateway / UTM-1
Series #
#
-------------------------------------------- #
#
#
# Created by: Xavier BENSEMHOUN on august 2011 -
[email protected] #
# Originally for: NES Conseil @ Taores / La Mutuelle Générale
#
#
#
This probe references the following MIB files:
SNMPv2-MIB (already in IM by default)
HOST-RESOURCES-MIB (already in IM by default)
UCD-SNMP-MIB (already in IM by default)
CHECKPOINT-MIB.mib
# Please feel free to use this as the basis for new probes.
#
#
#
# InterMapper Dev. Guide: http://download.intermapper.com/docs/DevGuide/
#
#
#
#################################################################################
-->
<header>
type = "custom-snmp"
package = "net.rhapirou"
probe_name =
"snmp.CheckPoint.Security_Gateway.UTM-1_Series"
human_name = "CheckPoint / Security Gateway / UTM-1 Series"
version = "1.3"
address_type = "IP/AT"
display_name = "Network Devices/CheckPoint/Security
Gateway/UTM-1 Series"
flags = "MINIMAL,SNMPv2"
</header>
<description>
\GB++\SNMP probe for CheckPoint Security Gateway / UTM-1 Series\P\
This is a system & fonctionalities state probe for CheckPoint Security
Gateways, UTM-1 Series
Status information is queried from:
- All CheckPoint products: Firewall-1, VPN-1, FloodGate-1, High Availability
(ClusterXL), Secure Virtual Network, Management, Web Access Module, Desktop
Policy Server and Log Server
- CPU, RAM & Disks
- Processes, user sessions & basic O.S. informations
Minimum InterMapper version: \B\5.3\!B\ \3I\(for Calculation within on-demand
tables)\P0\
\B-\N.B.\!B\: You will need to access to CHECKPOINT-MIB and HOST-RESOURCES-MIB
on (minimum) SNMP V2c (ie: accessing in v1 will return you errors).
Please refer to \2U=https://supportcenter.checkpoint.com\CheckPoint
UserCenter\P0\ (especially
\2U=https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk41643\sk41643\P0\
or other related SK) to help you implementing that.\+\
This probe has been successfully tested on UTM-1 570 Security Gateways
\P0--\
\B+\History:\P\
\M3--\ Date | Version | Who | Actions
----------------------------------------------------------------------------------
01/09/2011 | 1.3 | X. BENSEMHOUN | not include any more partitioning probe
| | | some limitations on version < 5.6 :(
| | | + some cleaning things
29/08/2011 | 1.2 | X. BENSEMHOUN | include Host Resources General
Informations
| | | (equivalent to 'SNMP Host Resources'
integrated probe)
24/08/2011 | 1.1 | X. BENSEMHOUN | include partitioning probe (using probe
parameters)
23/08/2011 | 1.0 | X. BENSEMHOUN | complete layout
16/08/2011 | 0.2 | X. BENSEMHOUN | implementation of all functions
19/07/2011 | 0.1 | X. BENSEMHOUN | Creation, first functions
\P0+\
\GB+\Updates & feedback:\P\
\G3-\Do not forget to check for new versions of this probe:
\2U=http://dartware.com/go.php?to=probes.contrib\User Contributed Probes\!U0\.
\3\Also feel free to leave feedback by email:
\2U=mailto:[email protected]?subject=InterMapper_UserContributedProbe_-_net.rhapirou.snmp.CheckPoint.Security_Gateway.UTM-1_Series\post
a message to InterMapper Talk list\!U0\ or
\2U=mailto:[email protected]?subject=InterMapper_UserContributedProbe_-_net.rhapirou.snmp.CheckPoint.Security_Gateway.UTM-1_Series\write
directly to me\!U0\.\P0\
</description>
<parameters>
"Firewall[true,false]" = "True"
"VPN[true,false]" =
"True"
"FloodGate[true,false]" = "True"
"High Availability[true,false]" = "True"
-- "Management[true,false]" = "True"
-- "Web Access Module[true,false]" = "True"
"Desktop Policy Server[true,false]" = "True"
-- "Log Server[true,false]" = "True"
</parameters>
<snmp-device-variables>
-- MIB Variable -- -- OID --
-- TYPE --
-- LEGEND --
-- SNMPv2-MIB
sysDescr, SNMPv2-MIB::sysDescr.0,
OctetString
-- HOST-RESOURCES-MIB
hrSystemUptime,
HOST-RESOURCES-MIB::hrSystemUptime.0, Timeticks
hrSystemDate,
HOST-RESOURCES-MIB::hrSystemDate.0, OctetString
hrSystemDate_txt, sprintf("%s",$hrSystemDate),
CALCULATION
hrSystemDate2, "$hrSystemDate_txt" =~ "0x(.*)
(.*) (.*) (.*) (.*) (.*) (.*) (.*) (.*) (.*) (.*)", CALCULATION
hrSystemDate_yearTEMP, "${1}${2}",
CALCULATION
hrSystemDate_year,
unpack("${hrSystemDate_yearTEMP}", "H"), CALCULATION
hrSystemDate_month, sprintf( "%0.2d",
unpack("${3}", "H")), CALCULATION
hrSystemDate_day, sprintf( "%0.2d",
unpack("${4}", "H")), CALCULATION
hrSystemDate_hour, sprintf( "%0.2d",
unpack("${5}", "H")), CALCULATION
hrSystemDate_minutes, sprintf( "%0.2d", unpack("${6}", "H")),
CALCULATION
hrSystemDate_seconds, sprintf( "%0.2d", unpack("${7}", "H")),
CALCULATION
hrSystemDate_deci-seconds, sprintf( "%0.2d", unpack("${8}", "H")),
CALCULATION
-- hrSystemDate_dirFromUTC, unpack("${9}", "#H"),
CALCULATION
-- hrSystemDate_hoursFromUTC, sprintf( "%0.2d", unpack("${10}",
"H")), CALCULATION
-- hrSystemDate_hoursFromUTC2, sprintf( "%0.2d", ${10}),
CALCULATION
-- hrSystemDate_hoursFromUTC3, ${10}, CALCULATION
-- hrSystemDate_minFromUTC, sprintf( "%0.2d", unpack("${11}",
"H")), CALCULATION
hrSystemNumUsers,
HOST-RESOURCES-MIB::hrSystemNumUsers.0, Gauge
hrSystemProcesses,
HOST-RESOURCES-MIB::hrSystemProcesses.0, Gauge
-- UCD-SNMP-MIB
laLoad.1, UCD-SNMP-MIB::laLoad.1, OctetString
laLoad.2, UCD-SNMP-MIB::laLoad.2, OctetString
laLoad.3, UCD-SNMP-MIB::laLoad.3, OctetString
-- CHECKPOINT-MIB.mib: SUBTREE: 1.3.6.1.4.1.2620.1
-- iso.org.dod.internet.private.enterprises.checkpoint.products
-- checkpoint OBJECT IDENTIFIER ::= { enterprises 2620 }
-- products OBJECT IDENTIFIER ::= { checkpoint 1 }
-- fw OBJECT IDENTIFIER ::= { products 1 }
-- vpn OBJECT IDENTIFIER ::= { products 2 }
-- fg OBJECT IDENTIFIER ::= { products 3 }
-- ha OBJECT IDENTIFIER ::= { products 5 }
-- svn OBJECT IDENTIFIER ::= { products 6 }
-- mngmt OBJECT IDENTIFIER ::= { products 7 }
-- wam OBJECT IDENTIFIER ::= { products 8 }
-- dtps OBJECT IDENTIFIER ::= { products 9 }
-- ls OBJECT IDENTIFIER ::= { products 11 }
-- the FW group
fwModuleState,
CHECKPOINT-MIB::fwModuleState.0, OctetString
fwAccepted,
CHECKPOINT-MIB::fwAccepted.0, Counter
fwRejected,
CHECKPOINT-MIB::fwRejected.0, Counter
fwDropped,
CHECKPOINT-MIB::fwDropped.0, Counter
fwLogged,
CHECKPOINT-MIB::fwLogged.0, Counter
fwMajor,
CHECKPOINT-MIB::fwMajor.0, Integer
fwMajor2, sprintf("%s",$fwMajor),
CALCULATION
fwMinor,
CHECKPOINT-MIB::fwMinor.0, Integer
fwMinor2, sprintf("%s",$fwMinor),
CALCULATION
fwProdName,
CHECKPOINT-MIB::fwProdName.0, OctetString
fwVerMajor,
CHECKPOINT-MIB::fwVerMajor.0, Integer
fwVerMajor2, sprintf("%s",$fwVerMajor),
CALCULATION
fwVerMinor,
CHECKPOINT-MIB::fwVerMinor.0, Integer
fwVerMinor2, sprintf("%s",$fwVerMinor),
CALCULATION
fwKernelBuild,
CHECKPOINT-MIB::fwKernelBuild.0, Counter
fwKernelBuild2, sprintf("%s",$fwKernelBuild),
CALCULATION
fwPolicyName, CHECKPOINT-MIB::fwPolicyName.0,
OctetString
fwInstallTime,
CHECKPOINT-MIB::fwInstallTime.0, OctetString
fwNumConn,
CHECKPOINT-MIB::fwNumConn.0, Counter
fwPeakNumConn,
CHECKPOINT-MIB::fwPeakNumConn.0, Counter
fwPeakNumConn2, sprintf("%s",$fwPeakNumConn),
CALCULATION
-- the VPN status
cpvProdName, CHECKPOINT-MIB::cpvProdName.0,
OctetString
cpvProdName2, sprintf("%s",$cpvProdName),
CALCULATION, "cause include a
special caracter"
cpvVerMajor, CHECKPOINT-MIB::cpvVerMajor.0,
Integer
cpvVerMajor2, sprintf("%s",$cpvVerMajor),
CALCULATION, "cause include a
special caracter"
cpvVerMinor, CHECKPOINT-MIB::cpvVerMinor.0,
Integer
cpvVerMinor2, sprintf("%s",$cpvVerMinor),
CALCULATION, "cause include a
special caracter"
cpvHwAccelVendor,
CHECKPOINT-MIB::cpvHwAccelVendor.0, OctetString
cpvHwAccelVendor2,
sprintf("%s",$cpvHwAccelVendor), CALCULATION,
"cause include a special caracter"
cpvHwAccelStatus,
CHECKPOINT-MIB::cpvHwAccelStatus.0, OctetString
cpvHwAccelStatus2,
sprintf("%s",$cpvHwAccelStatus), CALCULATION,
"cause include a special caracter"
cpvHwAccelDriverMajorVer,
CHECKPOINT-MIB::cpvHwAccelDriverMajorVer.0, Integer
cpvHwAccelDriverMajorVer2,
sprintf("%s",$cpvHwAccelDriverMajorVer), CALCULATION, "cause
include a special caracter"
cpvHwAccelDriverMinorVer,
CHECKPOINT-MIB::cpvHwAccelDriverMinorVer.0, Integer
cpvHwAccelDriverMinorVer2,
sprintf("%s",$cpvHwAccelDriverMinorVer), CALCULATION, "cause
include a special caracter"
cpvIKECurrSAs,
CHECKPOINT-MIB::cpvIKECurrSAs.0, OctetString
cpvIKECurrInitSAs,
CHECKPOINT-MIB::cpvIKECurrInitSAs.0, OctetString
cpvIKECurrRespSAs,
CHECKPOINT-MIB::cpvIKECurrRespSAs.0, OctetString
cpvIKETotalSAs,
CHECKPOINT-MIB::cpvIKETotalSAs.0, OctetString
cpvIKETotalInitSAs,
CHECKPOINT-MIB::cpvIKETotalInitSAs.0, OctetString
cpvIKETotalRespSAs,
CHECKPOINT-MIB::cpvIKETotalRespSAs.0, OctetString
cpvIKEMaxConncurSAs, CHECKPOINT-MIB::cpvIKEMaxConncurSAs.0,
OctetString
cpvIKEMaxConncurInitSAs,
CHECKPOINT-MIB::cpvIKEMaxConncurInitSAs.0, OctetString
cpvIKEMaxConncurRespSAs,
CHECKPOINT-MIB::cpvIKEMaxConncurRespSAs.0, OctetString
-- the FG status
fgProdName,
CHECKPOINT-MIB::fgProdName.0, OctetString
fgVerMajor,
CHECKPOINT-MIB::fgVerMajor.0, Integer
fgVerMajor2, sprintf("%s",$fgVerMajor),
CALCULATION
fgVerMinor,
CHECKPOINT-MIB::fgVerMinor.0, Integer
fgVerMinor2, sprintf("%s",$fgVerMinor),
CALCULATION
fgModuleKernelBuild, CHECKPOINT-MIB::fgModuleKernelBuild.0,
Integer
fgModuleKernelBuild2, sprintf("%s",$fgModuleKernelBuild),
CALCULATION
fgStrPolicyName,
CHECKPOINT-MIB::fgStrPolicyName.0, OctetString
fgInstallTime,
CHECKPOINT-MIB::fgInstallTime.0, OctetString
fgNumInterfaces,
CHECKPOINT-MIB::fgNumInterfaces.0, Integer
-- the HA status
haProdName,
CHECKPOINT-MIB::haProdName.0, OctetString
haVerMajor,
CHECKPOINT-MIB::haVerMajor.0, Integer
haVerMajor2, sprintf("%s",$haVerMajor),
CALCULATION
haVerMinor,
CHECKPOINT-MIB::haVerMinor.0, Integer
haVerMinor2, sprintf("%s",$haVerMinor),
CALCULATION
haState,
CHECKPOINT-MIB::haState.0,
OctetString
haProtoVersion,
CHECKPOINT-MIB::haProtoVersion.0, Integer
haProtoVersion2, sprintf("%s",$haProtoVersion),
CALCULATION
haWorkMode,
CHECKPOINT-MIB::haWorkMode.0, OctetString
haStatCode,
CHECKPOINT-MIB::haStatCode.0, Integer
haStatShort, CHECKPOINT-MIB::haStatShort.0,
OctetString
haStatLong,
CHECKPOINT-MIB::haStatLong.0, OctetString
-- the SVN status
svnProdName, CHECKPOINT-MIB::svnProdName.0,
OctetString
svnProdVerMajor,
CHECKPOINT-MIB::svnProdVerMajor.0, Integer
svnProdVerMajor2, sprintf("%s",$svnProdVerMajor),
CALCULATION
svnProdVerMinor,
CHECKPOINT-MIB::svnProdVerMinor.0, Integer
svnProdVerMinor2, sprintf("%s",$svnProdVerMinor),
CALCULATION
svnVersion,
CHECKPOINT-MIB::svnVersion.0, OctetString
svnBuild,
CHECKPOINT-MIB::svnBuild.0, Counter
svnBuild2,
sprintf("%s",$svnBuild),
CALCULATION
osName,
CHECKPOINT-MIB::osName.0,
OctetString
procUsage,
CHECKPOINT-MIB::procUsage.0, Integer
procNum,
CHECKPOINT-MIB::procNum.0, Integer
procNum2, sprintf("%s",$procNum),
CALCULATION
diskPercent, CHECKPOINT-MIB::diskPercent.0,
Integer
diskTotal,
CHECKPOINT-MIB::diskTotal.0, OctetString
diskTotal2,
sprintf("%.2f",$diskTotal/1000000000), CALCULATION
svnDisk,
CHECKPOINT-MIB::svnDisk.7.0, OctetString
memTotalReal64,
CHECKPOINT-MIB::memTotalReal64.0, OctetString
memTotalReal642,
sprintf("%.2f",$memTotalReal64/1000000000), CALCULATION
memActiveReal64,
CHECKPOINT-MIB::memActiveReal64.0, OctetString
memFreeReal64,
CHECKPOINT-MIB::memFreeReal64.0, OctetString
svnStatCode, CHECKPOINT-MIB::svnStatCode.0,
Counter
svnStatShortDescr,
CHECKPOINT-MIB::svnStatShortDescr.0, OctetString
svnStatLongDescr,
CHECKPOINT-MIB::svnStatLongDescr.0, OctetString
deviceSerialNumber, CHECKPOINT-MIB::svn.13.0,
OctetString
deviceSerialNumber_length,
strlen(sprintf("%s",$deviceSerialNumber)), CALCULATION
-- the Desktop Policy Server Status
dtpsProdName, CHECKPOINT-MIB::dtpsProdName.0,
OctetString
dtpsVerMajor, CHECKPOINT-MIB::dtpsVerMajor.0,
INTEGER
dtpsVerMajor2, sprintf("%s",$dtpsVerMajor),
CALCULATION
dtpsVerMinor, CHECKPOINT-MIB::dtpsVerMinor.0,
INTEGER
dtpsVerMinor2, sprintf("%s",$dtpsVerMinor),
CALCULATION
dtpsLicensedUsers,
CHECKPOINT-MIB::dtpsLicensedUsers.0, INTEGER
dtpsConnectedUsers,
CHECKPOINT-MIB::dtpsConnectedUsers.0, INTEGER
dtpsStatCode, CHECKPOINT-MIB::dtpsStatCode.0,
INTEGER
dtpsStatShortDescr,
CHECKPOINT-MIB::dtpsStatShortDescr.0, OctetString
dtpsStatLongDescr,
CHECKPOINT-MIB::dtpsStatLongDescr.0, OctetString
</snmp-device-variables>
<autorecord>
</autorecord>
<snmp-device-variables-ondemand>
HrSWRun,
1.3.6.1.2.1.25.4.2.1, TABLE
HrSWRun/hrSWRunIndex, HrSWRun.1,
INTEGER
HrSWRun/hrSWRunName, HrSWRun.2,
OctetString
HrSWRun/hrSWRunPath, HrSWRun.4,
OctetString
HrSWRun/hrSWRunParameters, HrSWRun.5,
OctetString
HrSWRun/hrSWRunType, HrSWRun.6,
INTEGER, "Type: unknown=1,
operatingSystem=2, deviceDriver=3, application=4"
HrSWRun/hrSWRunStatus, HrSWRun.7,
INTEGER, "Status: running=1,
runnable=2, notRunnable=3, invalid=4"
--HrSWRun/hrSWRunType, HrSWRun.6,
INTEGER { unknown(1), operatingSystem(2),
deviceDriver(3), application(4) }
--HrSWRun/hrSWRunStatus, HrSWRun.7,
INTEGER { running(1), runnable(2),
notRunnable(3), invalid(4) }
IpRoute,
1.3.6.1.2.1.4.21.1, TABLE
IpRoute/ipRouteDest, IpRoute.1,
IpAddress, "Destination"
IpRoute/ipRouteMask, IpRoute.11,
IpAddress, "Netmask"
IpRoute/ipRouteNextHop, IpRoute.7,
IpAddress, "Gateway"
IpRoute/ipRouteMetric, IpRoute.3,
Integer, "Metric"
IpRoute/ipRouteIfIndex, IpRoute.2,
Integer, "Interface ID"
IpRoute/ipRouteIfDescr,
1.3.6.1.4.1.2620.1.6.6.1.5, DisplayString, "Interface"
ARPTable, .1,
TABLE,
"ARP Table"
ARPTable/ipNetToMediaIfIndex, ipNetToMediaType[0:1],
DEFAULT, "Interface index"
ARPTable/ipNetToMediaNetAddress, ipNetToMediaType[1:4],
DEFAULT, "IP Address"
ARPTable/ipNetToMediaPhysAddress, ipNetToMediaPhysAddress,
HEXADECIMAL, "MAC Address"
ARPTable/ipNetToMediaType, ipNetToMediaType,
STRING, "Type"
-- the FW group
-- CHECKPOINT-MIB, fwIfTable
FwIfEntry,
1.3.6.1.4.1.2620.1.1.25.5.1, TABLE
FwIfEntry/fwIfIndex, FwIfEntry.1,
INTEGER
FwIfEntry/fwIfName, FwIfEntry.2,
DisplayString
FwIfEntry/fwAcceptPcktsIn, FwIfEntry.5,
INTEGER
FwIfEntry/fwAcceptPcktsOut, FwIfEntry.6,
INTEGER
FwIfEntry/fwAcceptBytesIn, FwIfEntry.7,
INTEGER
FwIfEntry/fwAcceptBytesOut, FwIfEntry.8,
INTEGER
FwIfEntry/fwDropPcktsIn, FwIfEntry.9,
INTEGER
FwIfEntry/fwDropPcktsOut, FwIfEntry.10,
INTEGER
FwIfEntry/fwRejectPcktsIn, FwIfEntry.11,
INTEGER
FwIfEntry/fwRejectPcktsOut, FwIfEntry.12,
INTEGER
FwIfEntry/fwLogIn, FwIfEntry.13,
INTEGER
FwIfEntry/fwLogOut, FwIfEntry.14,
INTEGER
-- the VPN status
-- CHECKPOINT-MIB, cpvTnlMon
CpvTnlMonEntry,
1.3.6.1.4.1.2620.1.2.11.1, TABLE
CpvTnlMonEntry/cpvTnlMonAddr, CpvTnlMonEntry.1,
IpAddress
CpvTnlMonEntry/cpvTnlMonStatus, CpvTnlMonEntry.2,
INTEGER
CpvTnlMonEntry/cpvTNlMonCurrAddr, CpvTnlMonEntry.3,
IpAddress
-- the FG status
-- CHECKPOINT-MIB, fgIfTable
FgIfEntry,
1.3.6.1.4.1.2620.1.3.9.1, TABLE
FgIfEntry/fgIfName, FgIfEntry.2,
DisplayString
FgIfEntry/fgPolicyName, FgIfEntry.3,
DisplayString
FgIfEntry/fgRateLimitIn, FgIfEntry.4,
INTEGER
FgIfEntry/fgRateLimitOut, FgIfEntry.5,
INTEGER
FgIfEntry/fgAvrRateIn, FgIfEntry.6,
INTEGER
FgIfEntry/fgAvrRateOut, FgIfEntry.7,
INTEGER
FgIfEntry/fgRetransPcktsIn, FgIfEntry.8,
INTEGER
FgIfEntry/fgRetransPcktsOut, FgIfEntry.9,
INTEGER
FgIfEntry/fgPendPcktsIn, FgIfEntry.10,
INTEGER
FgIfEntry/fgPendPcktsOut, FgIfEntry.11,
INTEGER
FgIfEntry/fgPendBytesIn, FgIfEntry.12,
INTEGER
FgIfEntry/fgPendBytesOut, FgIfEntry.13,
INTEGER
FgIfEntry/fgNumConnIn, FgIfEntry.14,
INTEGER
FgIfEntry/fgNumConnOut, FgIfEntry.15,
INTEGER
-- the SVN status
PartTable,
CHECKPOINT-MIB::svnPerf.6.1, TABLE
PartTable/index, PartTable.1,
INTEGER
PartTable/mountPoint, PartTable.2,
OctetString
PartTable/Size, PartTable.3,
OctetString
PartTable/Used, PartTable.4,
OctetString
PartTable/Free, PartTable.5,
OctetString
PartTable/perCentFree, PartTable.6,
Integer
</snmp-device-variables-ondemand>
<snmp-device-thresholds>
-- order: down, critical, alarm, warning, okay
-- ex.: critical: ${hrProcessorLoad_3} > ${load
DP Critical} "DataProcessor Packet load: ${hrProcessorLoad_3}%"
critical: ${High Availability[true,false]} and
$haStatCode > 0 "HA Incident: $haStatLong"
critical: ${Desktop Policy Server[true,false]} and
$dtpsStatCode > 0 and $dtpsLicensedUsers > 0
"Desktop Policy Server Status $dtpsStatShortDescr: $dtpsStatLongDescr"
critical: $svnStatCode > 0
"SVN Status
$svnStatShortDescr: $svnStatLongDescr"
</snmp-device-thresholds>
<snmp-device-display>
\B5\Host Resources General Information\P0\
\IB5\Hardware\P0\
\4\Ser. # Server:\0\ ${eval: ($deviceSerialNumber_length != 1) ?
'$deviceSerialNumber' : "\I3\not available\P\"}
\4\Memory:\0\ $memTotalReal642 GBytes\P\
\4\Processor usage:\0\ ${procUsage}% \I3\($procNum2\I3\ processor)\P\
\4\Load Average:\0\ ${chartable:"%3.2f":${laLoad.1}} (last 1 min),
${chartable:"%3.2f":${laLoad.2}} (last 5 min), ${chartable:"%3.2f":${laLoad.3}}
(last 15 min),
\4\System Uptime:\0\ $hrSystemUptime
\4\System Date:\0\
${hrSystemDate_year}-${hrSystemDate_month}-${hrSystemDate_day},
${hrSystemDate_hour}:${hrSystemDate_minutes}:${hrSystemDate_seconds}.${hrSystemDate_deci-seconds}
\IB5\Operating System\P0\
\4\Description:\0\ $sysDescr
\4\Partition table:\0\ $PartTable, \4\Sys. partition:\0\ ${diskPercent}%
\3I\(\$ $svnDisk size: $diskTotal2 GBytes)\P\
\4\User logged on:\0\ $hrSystemNumUsers ${eval: $hrSystemNumUsers > 0 ?
"\3I\(look after 'sshd' process into \$HrSWRun)\P0\" : ""}
\4\Process list:\0\ $hrSystemProcesses \3I\(complete list: $HrSWRun)\P0\
\B5\CheckPoint Security Gateway / UTM-1 Series\P0\<!-- the eval function cannot
be more that approx. 250 character :( -->
<!-- the SVN status --> \IB5\$svnProdName\P0\ (ver.:
$svnProdVerMajor2.$svnProdVerMinor2)
\4\Version:\0\ $svnVersion BUILD $svnBuild2
\4\Platform:\0\ $osName
\4\Status:\0\ \B\$svnStatShortDescr\P\
\4\Routing table:\0\ $IpRoute / \4\ARP Table:\0\ $ARPTable
<!-- the FW group --> \IB5\$fwProdName\P0\ (ver.: $fwVerMajor2.$fwVerMinor2,
BUILD: $fwKernelBuild2)
\4\Topology:\0\ $FwIfEntry
\4\Policy name:\0\ $fwPolicyName
\4\Status:\0\ \B\$fwModuleState\P\
\4\Connections:\0\ ${chartable:"%5d":$fwNumConn} connections \I3\(peak:
$fwPeakNumConn2)\P0\
\4\Install. date:\0\ $fwInstallTime
\4\Accepted:\0\ ${chartable:"%11d":$fwAccepted} pkts \4\& Logged:\0\
${chartable:"%11d":$fwLogged} pkts
\4\Rejected:\0\ ${chartable:"%11d":$fwRejected} pkts \4\& Dropped:\0\
${chartable:"%11d":$fwDropped} pkts
<!-- the VPN status --> \IB5\$cpvProdName2\P0\ (ver.:
$cpvVerMajor2.$cpvVerMinor2)
\4\Monitored tunnel:\0\ $CpvTnlMonEntry
\4\HW Accellerator:\0\ $cpvHwAccelStatus2 \I3\(vendor: $cpvHwAccelVendor2,
version: $cpvHwAccelDriverMajorVer2.$cpvHwAccelDriverMinorVer2\I3\)\P0\
\4\IKE current SAs:\0\ ${chartable:"%7d":$cpvIKECurrSAs}
\I3\(${chartable:"%5d":$cpvIKECurrInitSAs}\I3\ initiated,
${chartable:"%7d":$cpvIKECurrRespSAs}\I3\ responded)\P0\
\4\IKE max concur. SAs:\0\ ${chartable:"%7d":$cpvIKEMaxConncurSAs}
\I3\(${chartable:"%5d":$cpvIKEMaxConncurInitSAs}\I3\ initiated,
${chartable:"%7d":$cpvIKEMaxConncurRespSAs}\I3\ responded)\P0\
\4\IKE total SAs:\0\ ${chartable:"%7d":$cpvIKETotalSAs}
\I3\(${chartable:"%5d":$cpvIKETotalInitSAs}\I3\ initiated,
${chartable:"%7d":$cpvIKETotalRespSAs}\I3\ responded)\P0\
<!-- the FG status --> \IB5\$fgProdName\P0\ (ver.: $fgVerMajor2.$fgVerMinor2,
BUILD $fgModuleKernelBuild2)
\4\Policy name:\0\ $fgStrPolicyName
\4\Install. date:\0\ $fgInstallTime
\4\Number If.:\0\ $fgNumInterfaces
\4\FG If. Table:\0\ $FgIfEntry
<!-- the HA status --> \IB5\$haProdName\P0\ (ver.: $haVerMajor2.$haVerMinor2)
\4\Mode:\0\ $haWorkMode \I3\(proto. ver.: $haProtoVersion2\I3\)\P\
\4\State:\0\ \B\$haState\P\
\4\Status:\0\ \B\$haStatShort\P\
<!-- the dtps status --> \IB5\$dtpsProdName\P0\ (ver.:
$dtpsVerMajor2.$dtpsVerMinor2)
\4\Status:\0\ \B\$dtpsStatShortDescr\P\ \I3\($dtpsStatLongDescr)\P\
\4\Licensed users:\0\ ${chartable:"%3d":$dtpsLicensedUsers}
\4\Connected users:\0\ ${chartable:"%3d":$dtpsConnectedUsers}
</snmp-device-display><!--
################################################################################
#
#
# InterMapper SNMP Probe
#
# ----------------------
#
# for: CheckPoint / Security Management /
OpenServer #
#
--------------------------------------------- #
#
#
# Created by: Xavier BENSEMHOUN on august 2011 -
[email protected] #
# Originally for: NES Conseil @ Taores / La Mutuelle Générale
#
#
#
This probe references the following MIB files:
SNMPv2-MIB (already in IM by default)
HOST-RESOURCES-MIB (already in IM by default)
UCD-SNMP-MIB (already in IM by default)
CHECKPOINT-MIB.mib
# Please feel free to use this as the basis for new probes.
#
#
#
# InterMapper Dev. Guide: http://download.intermapper.com/docs/DevGuide/
#
#
#
#################################################################################
-->
<header>
type = "custom-snmp"
package = "net.rhapirou"
probe_name =
"snmp.CheckPoint.Security_Management.OpenServer"
human_name = "CheckPoint / Security Management /
OpenServer"
version = "1.0"
address_type = "IP/AT"
display_name = "Network Devices/CheckPoint/Security
Management/OpenServer"
flags = "MINIMAL,SNMPv2"
</header>
<description>
\GB++\SNMP probe for CheckPoint Security Gateway / UTM-1 Series\P\
This is a system & fonctionalities state probe for CheckPoint Security
Gateways, UTM-1 Series
Status information is queried from:
- All CheckPoint products: Firewall-1, VPN-1, FloodGate-1, High Availability
(ClusterXL), Secure Virtual Network, Management, Web Access Module, Desktop
Policy Server and Log Server
- CPU, RAM & Disks
- Processes, user sessions & basic O.S. informations
Minimum InterMapper version: \B\5.3\!B\ \3I\(for Calculation within on-demand
tables)\P0\
\B-\N.B.\!B\: You will need to access to CHECKPOINT-MIB and HOST-RESOURCES-MIB
on (minimum) SNMP V2c (ie: accessing in v1 will return you errors).
Please refer to \2U=https://supportcenter.checkpoint.com\CheckPoint
UserCenter\P0\ (especially
\2U=https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk41643\sk41643\P0\
or other related SK) to help you implementing that.\+\
This probe has been successfully tested on a SPLAT installed on a HP DL360 G5
server.
\P0--\
\B+\History:\P\
\M3--\ Date | Version | Who | Actions
----------------------------------------------------------------------------------
01/09/2011 | 1.0 | X. BENSEMHOUN | complete layout
22/08/2011 | 0.1 | X. BENSEMHOUN | Creation, first functions
\P0+\
\GB+\Updates & feedback:\P\
\G3-\Do not forget to check for new versions of this probe:
\2U=http://dartware.com/go.php?to=probes.contrib\User Contributed Probes\!U0\.
\3\Also feel free to leave feedback by email:
\2U=mailto:[email protected]?subject=InterMapper_UserContributedProbe_-_net.rhapirou.snmp.CheckPoint.Security_Gateway.UTM-1_Series\post
a message to InterMapper Talk list\!U0\ or
\2U=mailto:[email protected]?subject=InterMapper_UserContributedProbe_-_net.rhapirou.snmp.CheckPoint.Security_Gateway.UTM-1_Series\write
directly to me\!U0\.\P0\
</description>
<parameters>
-- "Firewall[true,false]" = "True"
-- "VPN[true,false]" =
"True"
-- "FloodGate[true,false]" = "True"
"High Availability[true,false]" = "True"
"Management[true,false]" = "True"
-- "Web Access Module[true,false]" = "True"
-- "Desktop Policy Server[true,false]" = "True"
"Log Server[true,false]" = "True"
</parameters>
<snmp-device-variables>
-- MIB Variable -- -- OID --
-- TYPE --
-- LEGEND --
-- SNMPv2-MIB
sysDescr, SNMPv2-MIB::sysDescr.0,
OctetString
-- HOST-RESOURCES-MIB
hrSystemUptime,
HOST-RESOURCES-MIB::hrSystemUptime.0, Timeticks
hrSystemDate,
HOST-RESOURCES-MIB::hrSystemDate.0, OctetString
hrSystemDate_txt, sprintf("%s",$hrSystemDate),
CALCULATION
hrSystemDate2, "$hrSystemDate_txt" =~ "0x(.*)
(.*) (.*) (.*) (.*) (.*) (.*) (.*) (.*) (.*) (.*)", CALCULATION
hrSystemDate_yearTEMP, "${1}${2}",
CALCULATION
hrSystemDate_year,
unpack("${hrSystemDate_yearTEMP}", "H"), CALCULATION
hrSystemDate_month, sprintf( "%0.2d",
unpack("${3}", "H")), CALCULATION
hrSystemDate_day, sprintf( "%0.2d",
unpack("${4}", "H")), CALCULATION
hrSystemDate_hour, sprintf( "%0.2d",
unpack("${5}", "H")), CALCULATION
hrSystemDate_minutes, sprintf( "%0.2d", unpack("${6}", "H")),
CALCULATION
hrSystemDate_seconds, sprintf( "%0.2d", unpack("${7}", "H")),
CALCULATION
hrSystemDate_deci-seconds, sprintf( "%0.2d", unpack("${8}", "H")),
CALCULATION
-- hrSystemDate_dirFromUTC, unpack("${9}", "#H"),
CALCULATION
-- hrSystemDate_hoursFromUTC, sprintf( "%0.2d", unpack("${10}",
"H")), CALCULATION
-- hrSystemDate_hoursFromUTC2, sprintf( "%0.2d", ${10}),
CALCULATION
-- hrSystemDate_hoursFromUTC3, ${10}, CALCULATION
-- hrSystemDate_minFromUTC, sprintf( "%0.2d", unpack("${11}",
"H")), CALCULATION
hrSystemNumUsers,
HOST-RESOURCES-MIB::hrSystemNumUsers.0, Gauge
hrSystemProcesses,
HOST-RESOURCES-MIB::hrSystemProcesses.0, Gauge
-- UCD-SNMP-MIB
laLoad.1, UCD-SNMP-MIB::laLoad.1, OctetString
laLoad.2, UCD-SNMP-MIB::laLoad.2, OctetString
laLoad.3, UCD-SNMP-MIB::laLoad.3, OctetString
-- CHECKPOINT-MIB.mib: SUBTREE: 1.3.6.1.4.1.2620.1
-- iso.org.dod.internet.private.enterprises.checkpoint.products
-- checkpoint OBJECT IDENTIFIER ::= { enterprises 2620 }
-- products OBJECT IDENTIFIER ::= { checkpoint 1 }
-- fw OBJECT IDENTIFIER ::= { products 1 }
-- vpn OBJECT IDENTIFIER ::= { products 2 }
-- fg OBJECT IDENTIFIER ::= { products 3 }
-- ha OBJECT IDENTIFIER ::= { products 5 }
-- svn OBJECT IDENTIFIER ::= { products 6 }
-- mngmt OBJECT IDENTIFIER ::= { products 7 }
-- wam OBJECT IDENTIFIER ::= { products 8 }
-- dtps OBJECT IDENTIFIER ::= { products 9 }
-- ls OBJECT IDENTIFIER ::= { products 11 }
-- the SVN status
svnProdName, CHECKPOINT-MIB::svnProdName.0,
OctetString
svnProdVerMajor,
CHECKPOINT-MIB::svnProdVerMajor.0, Integer
svnProdVerMajor2, sprintf("%s",$svnProdVerMajor),
CALCULATION
svnProdVerMinor,
CHECKPOINT-MIB::svnProdVerMinor.0, Integer
svnProdVerMinor2, sprintf("%s",$svnProdVerMinor),
CALCULATION
svnVersion,
CHECKPOINT-MIB::svnVersion.0, OctetString
svnBuild,
CHECKPOINT-MIB::svnBuild.0, Counter
svnBuild2,
sprintf("%s",$svnBuild),
CALCULATION
osName,
CHECKPOINT-MIB::osName.0,
OctetString
procUsage,
CHECKPOINT-MIB::procUsage.0, Integer
procNum,
CHECKPOINT-MIB::procNum.0, Integer
procNum2, sprintf("%s",$procNum),
CALCULATION
diskPercent, CHECKPOINT-MIB::diskPercent.0,
Integer
diskTotal,
CHECKPOINT-MIB::diskTotal.0, OctetString
diskTotal2,
sprintf("%.2f",$diskTotal/1000000000), CALCULATION
svnDisk,
CHECKPOINT-MIB::svnDisk.7.0, OctetString
memTotalReal64,
CHECKPOINT-MIB::memTotalReal64.0, OctetString
memTotalReal642,
sprintf("%.2f",$memTotalReal64/1000000000), CALCULATION
memActiveReal64,
CHECKPOINT-MIB::memActiveReal64.0, OctetString
memFreeReal64,
CHECKPOINT-MIB::memFreeReal64.0, OctetString
svnStatCode, CHECKPOINT-MIB::svnStatCode.0,
Counter
svnStatShortDescr,
CHECKPOINT-MIB::svnStatShortDescr.0, OctetString
svnStatLongDescr,
CHECKPOINT-MIB::svnStatLongDescr.0, OctetString
deviceSerialNumber, CHECKPOINT-MIB::svn.13.0,
OctetString
deviceSerialNumber_length,
strlen(sprintf("%s",$deviceSerialNumber)), CALCULATION
-- the Managment status
mgProdName,
CHECKPOINT-MIB::mgProdName.0, OctetString
mgVerMajor,
CHECKPOINT-MIB::mgVerMajor.0, Integer
mgVerMajor2, sprintf("%s",$mgVerMajor),
CALCULATION
mgVerMinor,
CHECKPOINT-MIB::mgVerMinor.0, Integer
mgVerMinor2, sprintf("%s",$mgVerMinor),
CALCULATION
mgBuildNumber,
CHECKPOINT-MIB::mgBuildNumber.0, Integer
mgBuildNumber2, sprintf("%s",$mgBuildNumber),
CALCULATION
mgActiveStatus,
CHECKPOINT-MIB::mgActiveStatus.0, OctetString
mgFwmIsAlive, CHECKPOINT-MIB::mgFwmIsAlive.0,
Integer
mgStatCode,
CHECKPOINT-MIB::mgStatCode.0, Integer
mgStatShortDescr,
CHECKPOINT-MIB::mgStatShortDescr.0, OctetString
mgStatLongDescr,
CHECKPOINT-MIB::mgStatLongDescr.0, OctetString
</snmp-device-variables>
<autorecord>
</autorecord>
<snmp-device-variables-ondemand>
HrSWRun,
1.3.6.1.2.1.25.4.2.1, TABLE
HrSWRun/hrSWRunIndex, HrSWRun.1,
INTEGER
HrSWRun/hrSWRunName, HrSWRun.2,
OctetString
HrSWRun/hrSWRunPath, HrSWRun.4,
OctetString
HrSWRun/hrSWRunParameters, HrSWRun.5,
OctetString
HrSWRun/hrSWRunType, HrSWRun.6,
INTEGER, "Type: unknown=1,
operatingSystem=2, deviceDriver=3, application=4"
HrSWRun/hrSWRunStatus, HrSWRun.7,
INTEGER, "Status: running=1,
runnable=2, notRunnable=3, invalid=4"
--HrSWRun/hrSWRunType, HrSWRun.6,
INTEGER { unknown(1), operatingSystem(2),
deviceDriver(3), application(4) }
--HrSWRun/hrSWRunStatus, HrSWRun.7,
INTEGER { running(1), runnable(2),
notRunnable(3), invalid(4) }
IpRoute,
1.3.6.1.2.1.4.21.1, TABLE
IpRoute/ipRouteDest, IpRoute.1,
IpAddress, "Destination"
IpRoute/ipRouteMask, IpRoute.11,
IpAddress, "Netmask"
IpRoute/ipRouteNextHop, IpRoute.7,
IpAddress, "Gateway"
IpRoute/ipRouteMetric, IpRoute.3,
Integer, "Metric"
IpRoute/ipRouteIfIndex, IpRoute.2,
Integer, "Interface ID"
-- IpRoute/ipRouteIfDescr,
1.3.6.1.4.1.2620.1.6.6.1.5, DisplayString, "Interface"
ARPTable, .1,
TABLE,
"ARP Table"
ARPTable/ipNetToMediaIfIndex, ipNetToMediaType[0:1],
DEFAULT, "Interface index"
ARPTable/ipNetToMediaNetAddress, ipNetToMediaType[1:4],
DEFAULT, "IP Address"
ARPTable/ipNetToMediaPhysAddress, ipNetToMediaPhysAddress,
HEXADECIMAL, "MAC Address"
ARPTable/ipNetToMediaType, ipNetToMediaType,
STRING, "Type"
-- the SVN status
PartTable,
CHECKPOINT-MIB::svnPerf.6.1, TABLE
PartTable/index,
PartTable.1, INTEGER
PartTable/mountPoint,
PartTable.2, OctetString
PartTable/Size,
PartTable.3, OctetString
PartTable/Used,
PartTable.4, OctetString
PartTable/Free,
PartTable.5, OctetString
PartTable/perCentFree,
PartTable.6, Integer
-- the Managment status
-- CHECKPOINT-MIB, mgConnectedClientsTable
MgConnectedClientsEntry,
1.3.6.1.4.1.2620.1.7.7, TABLE
MgConnectedClientsEntry/mgIndex,
MgConnectedClientsEntry.1, INTEGER
MgConnectedClientsEntry/mgClientName,
MgConnectedClientsEntry.2, DisplayString
MgConnectedClientsEntry/mgClientHost,
MgConnectedClientsEntry.3, DisplayString
MgConnectedClientsEntry/mgClientDbLock,
MgConnectedClientsEntry.4, DisplayString
MgConnectedClientsEntry/mgApplicationType,
MgConnectedClientsEntry.5, DisplayString
</snmp-device-variables-ondemand>
<snmp-device-thresholds>
-- order: down, critical, alarm, warning
-- ex.: critical: ${hrProcessorLoad_3} > ${load
DP Critical} "DataProcessor Packet load: ${hrProcessorLoad_3}%"
critical: $svnStatCode > 0
"SVN Status $svnStatShortDescr: $svnStatLongDescr"
critical: $mgFwmIsAlive != 1 and $mgStatCode > 0
"Management status $mgStatShortDescr: $mgStatLongDescr"
</snmp-device-thresholds>
<snmp-device-display>
\B5\Host Resources General Information\P0\
\IB5\Hardware\P0\
\4\Ser. # Server:\0\ ${eval: ($deviceSerialNumber_length != 1) ?
'$deviceSerialNumber' : "\I3\not available\P\"}
\4\Memory:\0\ $memTotalReal642 GBytes\P\
\4\Processor usage:\0\ ${procUsage}% \I3\($procNum2\I3\ processor)\P\
\4\Load Average:\0\ ${chartable:"%3.2f":${laLoad.1}} (last 1 min),
${chartable:"%3.2f":${laLoad.2}} (last 5 min), ${chartable:"%3.2f":${laLoad.3}}
(last 15 min),
\4\System Uptime:\0\ $hrSystemUptime
\4\System Date:\0\
${hrSystemDate_year}-${hrSystemDate_month}-${hrSystemDate_day},
${hrSystemDate_hour}:${hrSystemDate_minutes}:${hrSystemDate_seconds}.${hrSystemDate_deci-seconds}
\IB5\Operating System\P0\
\4\Description:\0\ $sysDescr
\4\Partition table:\0\ $PartTable, \4\Sys. partition:\0\ ${diskPercent}%
\3I\(\$ $svnDisk size: $diskTotal2 GBytes)\P\
\4\User logged on:\0\ $hrSystemNumUsers ${eval: $hrSystemNumUsers > 0 ?
"\3I\(look after 'sshd' process into \$HrSWRun)\P0\" : ""}
\4\Process list:\0\ $hrSystemProcesses \3I\(complete list: $HrSWRun)\P0\
\B5\CheckPoint Security Gateway / UTM-1 Series\P0\<!-- the eval function cannot
be more that approx. 250 character :( -->
<!-- the SVN status --> \IB5\$svnProdName\P0\ (ver.:
$svnProdVerMajor2.$svnProdVerMinor2)
\4\Version:\0\ $svnVersion BUILD $svnBuild2
\4\Platform:\0\ $osName
\4\Status:\0\ \B\$svnStatShortDescr\P\
\4\Routing table:\0\ $IpRoute / \4\ARP Table:\0\ $ARPTable
<!-- the Managment status --> \IB5\$mgProdName\P0\ (ver.:
$mgVerMajor2.$mgVerMinor2, BUILD $mgBuildNumber2)
\4\Status:\0\ \B\$mgActiveStatus\P\
</snmp-device-display>
