Application monitoring - Check Point VSX R65/R67/R75.40VS/R76/R77

book

Article ID: 167796

calendar_today

Updated On:

Products

XOS

Issue/Introduction

This article presents information on how XOS application monitoring determines if an application is UP or DOWN and provides commands to obtain additional information.N/A

Cause

To describe some aspects of XOS application monitoring and provide commands to obtain additional information about the state of the application.

Resolution

Application Monitoring for Check Point VSX R65/R67/R68/R75.40VS/R76/R77

Check Point VSX R65/R67/R68 application is reported as UP if
  • cpd and fwd processes are running
  • VSX is ready
  • HA is either ready or disabled
Check Point VSX R75.40VS/ R76/R77 adds check for fwk  process.

The HA state is calculated by running the Check Point programs cpprod_util and cphaprob as follows:
cpprod_util FwIsHighAvail -- returns "1" if HA is enabled
cphaprob syncnewver --  returns "sync new ver working" if HA is ready

The VSX state is determined by presence of file /var/lock/subsys/vsx.
This file is created by $FWDIR/bin/syncready after FULL sync is done.

If the application is not declared as UP, you can run the app_status tool from the VSX VAP root user level to obtain more information.

To access the VSX VAP root user level

From the Crossbeam CLI, open a Unix prompt and rsh to the VAP.

# unix su
# rsh <vap_name>


Run the following command:

# /crossbeam/apps/app_status -v

Example Output

If the application is fully UP:

#
cpd is RUNNING
fwd is RUNNING
vsx is READY
HA is READY
#
Reporting application state: UP


or for VSX R75.40VS/R76/R77:

cpd is RUNNING
fwd is RUNNING
fwk is RUNNING
VSX is READY
HA  is READY
 
Reporting application state: UP

If one or more modules is not ready or running:

#
cpd is RUNNING
fwd is RUNNING
vsx is NOT READY
HA is NOT READY


Reporting application state: DOWN
#


identify the aspects that are not running, and investigate further, depending on the failing module. A good place to start might be in Checkpoint daemon's log files on the VAP member, focusing on time when the application down alarm was generated:

$FWDIR/log/fwd.elg 
$CPDIR/log/cpd.elg 
$CPDIR/log/cpwd.elg

Workaround

N/A