Uploaded image for project: 'Observium'
  1. Observium
  2. OBS-3508

CheckPoint firewall sessions missing since 2017

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • None
    • Community Edition, Professional Edition
    • Web Interface
    • None

    Description

      In older versions the firewall graph for checkpoint devices displayed also the number of connections and configured peak which disappeared i think 2018.

      Please bring them back
      fwPeakNumConn - 1.3.6.1.4.1.2620.1.1.25.4
      fwNumConn - 1.3.6.1.4.1.2620.1.1.25.3

      RRDTool Command
      /usr/bin/rrdtool graph /tmp/dxEVJKsbXWr4bHdn.png -Y --lower-limit 0 --alt-autoscale-max --start 1600692396 --end 1600778796 --width 1152 --height 300 -c BACK#EEEEEE00 -c SHADEA#EEEEEE00 -c SHADEB#EEEEEE00 -c FONT#000000 -c CANVAS#FFFFFF00 -c GRID#a5a5a5 -c MGRID#FF9999 -c FRAME#5e5e5e -c ARROW#5e5e5e -R normal --font LEGEND:8:'DroidSansMono,DejaVuSansMono' --font AXIS:7:'DroidSansMono,DejaVuSansMono' --font-render-mode normal -E COMMENT:'Concurrent Connections ' COMMENT:' Now' COMMENT:' Avg' COMMENT:' Min' COMMENT:' Max' COMMENT:'\l' DEF:NumConn=/opt/observium/rrd/cp-node1/checkpoint-mib_fw.rrd:NumConn:AVERAGE DEF:NumConn_min=/opt/observium/rrd/cp-node1/checkpoint-mib_fw.rrd:NumConn:MIN DEF:NumConn_max=/opt/observium/rrd/cp-node1/checkpoint-mib_fw.rrd:NumConn:MAX DEF:PeakNumConn=/opt/observium/rrd/cp-node1/checkpoint-mib_fw.rrd:PeakNumConn:AVERAGE DEF:PeakNumConn_min=/opt/observium/rrd/cp-node1/checkpoint-mib_fw.rrd:PeakNumConn:MIN DEF:PeakNumConn_max=/opt/observium/rrd/cp-node1/checkpoint-mib_fw.rrd:PeakNumConn:MAX LINE:NumConn#1f78b4:"Current " GPRINT:NumConn:LAST:%6.1lf%S GPRINT:NumConn:AVERAGE:%6.1lf%S GPRINT:NumConn_min:MIN:%6.1lf%S GPRINT:NumConn_max:MAX:%6.1lf%S COMMENT:'\l' LINE:PeakNumConn#33a02c:"Peak " GPRINT:PeakNumConn:LAST:%6.1lf%S GPRINT:PeakNumConn:AVERAGE:%6.1lf%S GPRINT:PeakNumConn_min:MIN:%6.1lf%S GPRINT:PeakNumConn_max:MAX:%6.1lf%S COMMENT:'\l'

      Attachments

        Issue Links

          Activity

            [OBS-3508] CheckPoint firewall sessions missing since 2017
            bot Observium Bot made changes -
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            ajoelly.magna Alexander Joelly made changes -
            Link New: This issue is mentioned by OBS-3559 [ OBS-3559 ]

            Please reopen this one and see my last comment - the graphs are still missing on CheckPoint firewalls.

            Thanks

            ajoelly.magna Alexander Joelly added a comment - Please reopen this one and see my last comment - the graphs are still missing on CheckPoint firewalls. Thanks
            ajoelly.magna Alexander Joelly made changes -
            Link Original: This issue mentions OBS-3507 [ OBS-3507 ]
            ajoelly.magna Alexander Joelly made changes -
            Link New: This issue mentions OBS-3507 [ OBS-3507 ]

            Thanks Mike,

            I think you unintentionally mixed up this one with OBS-3507 which is regarding the rates graph for FortiGate devices which were shown on the device summery page on the stable branch but went away when the session counter was moved into the firewall graph on the rolling branch which you thankfully brought back in.

            This one is regarding the missing concurrent connections graphs on CheckPoint devices - i attached the poller debug log and screenshot from the rolling version and i also added the screenshot from the firewall graph from the old CE version to show which one was there before.

            The poller debug log (lines 398-407) shows it get's collected but the graph seems not be created with what is fetched from the device:

            fwNumConn.0 = 318048
            fwPeakNumConn.0 = 1138159

            Looks like this ones are also fetched but not graphed?
            fwPacketsRate.0 = 14575756610
            fwAcceptedBytesTotalRate.0 = 10494335964519
            fwDroppedBytesTotalRate.0 = 1803492671
            fwDroppedTotalRate.0 = 24280746
            fwAccepted.0 = 2237564854
            fwRejected.0 = 3974
            fwDropped.0 = 24147507
            fwLogged.0 = 154468814

            Thanks,
            Alex

            ajoelly.magna Alexander Joelly added a comment - Thanks Mike, I think you unintentionally mixed up this one with OBS-3507 which is regarding the rates graph for FortiGate devices which were shown on the device summery page on the stable branch but went away when the session counter was moved into the firewall graph on the rolling branch which you thankfully brought back in. This one is regarding the missing concurrent connections graphs on CheckPoint devices - i attached the poller debug log and screenshot from the rolling version and i also added the screenshot from the firewall graph from the old CE version to show which one was there before. The poller debug log (lines 398-407) shows it get's collected but the graph seems not be created with what is fetched from the device: fwNumConn.0 = 318048 fwPeakNumConn.0 = 1138159 Looks like this ones are also fetched but not graphed? fwPacketsRate.0 = 14575756610 fwAcceptedBytesTotalRate.0 = 10494335964519 fwDroppedBytesTotalRate.0 = 1803492671 fwDroppedTotalRate.0 = 24280746 fwAccepted.0 = 2237564854 fwRejected.0 = 3974 fwDropped.0 = 24147507 fwLogged.0 = 154468814 Thanks, Alex
            landy Mike Stupalov made changes -
            Assignee Original: Adam Armstrong [ adama ] New: Mike Stupalov [ landy ]
            Resolution New: Fixed [ 1 ]
            Status Original: Pending Response [ 10000 ] New: Resolved [ 5 ]

            Probably I found what you want.

            I enabled Rates graphs in r10803.

            landy Mike Stupalov added a comment - Probably I found what you want. I enabled Rates graphs in r10803.
            landy Mike Stupalov made changes -
            Status Original: In Review [ 10101 ] New: Pending Response [ 10000 ]

            Graphs/Oids you are talking about are already supported and exist, but for complete different device type/os: Fortinet Firewalls by FORTINET-FORTIGATE-MIB.

            This mib not supported by CheckPoint firewall(s).

            landy Mike Stupalov added a comment - Graphs/Oids you are talking about are already supported and exist, but for complete different device type/os: Fortinet Firewalls by FORTINET-FORTIGATE-MIB. This mib not supported by CheckPoint firewall(s).

            People

              landy Mike Stupalov
              ajoelly.magna Alexander Joelly
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: