Application Monitoring for Check Point VSX R65/R67/R68/R75.40VS/R76/R77
Check Point VSX R65/R67/R68
application is reported as UP if
-
cpd and fwd processes are running
-
VSX is ready
-
HA is either ready or disabled
Check Point VSX R75.40VS/ R76/R77 adds check for
fwk process.
The
HA state is calculated by running the Check Point programs
cpprod_util and
cphaprob as follows:
cpprod_util FwIsHighAvail -- returns
"1" if HA is
enabledcphaprob syncnewver -- returns
"sync new ver working" if HA is
readyThe
VSX state is determined by presence of file
/var/lock/subsys/vsx.This file is created by
$FWDIR/bin/syncready after FULL sync is done.
If the application is not declared as UP, you can run the
app_status tool from the VSX VAP root user level to obtain more information.
To access the VSX VAP root user level
From the Crossbeam CLI, open a Unix prompt and rsh to the VAP.
# unix su
# rsh <vap_name>Run the following command:
# /crossbeam/apps/app_status -v
Example Output
If the application is fully UP:
#
cpd is RUNNING
fwd is RUNNING
vsx is READY
HA is READY
#
Reporting application state: UPor for VSX R75.40VS/R76/R77:
cpd is RUNNING
fwd is RUNNING
fwk is RUNNING
VSX is READY
HA is READY
Reporting application state: UP
If one or more modules is not ready or running:
#
cpd is RUNNING
fwd is RUNNING
vsx is NOT READY
HA is NOT READY
Reporting application state: DOWN
#identify the aspects that are not running, and investigate further, depending on the failing module. A good place to start might be in Checkpoint daemon's log files on the VAP member, focusing on time when the application down alarm was generated:
$FWDIR/log/fwd.elg
$CPDIR/log/cpd.elg
$CPDIR/log/cpwd.elg
Workaround
N/A