Issue/Introduction:
Details of Application Monitoring functionality
N/A
Cause:
This article provides the details of Application Monitoring functionality.
Application Monitoring is different for each ISV, and the app_status file includes the scripts used for application monitoring. For Check Point applications the script checks if the fwd and cpd processes are running or not.
Resolution:
Application monitoring is a little different for each application, but you can better understand what is being checked by examining the contents of the file app_status which is located in one of these locations:
- /crossbeam/apps on each apm
- /tftpbooot/<vap-name_vap-index>/crossbeam/apps
The application monitoring is written by the application vendors, but looking in this file will show you what they are looking for. Here is the app_status from a VPN-1 Power NGX R65, you see the script simply runs
ps and
greps for
fw and
cpd and their state and makes a decision on that.:
CPD_STATE=1
FWD_STATE=1 # Check if cpd process running
ps -e | grep -w cpd > /dev/null
if [ $? -eq 0 ]; then
CPD_STATE=0
fi
# Check if fwd process running (shown as fw)
ps -e | grep -w fw > /dev/null
if [ $? -eq 0 ]; then
FWD_STATE=0
fi # If both running, firewall is UP
if [ ${CPD_STATE.EN_US} -eq 0 ] && [ ${FWD_STATE.EN_US} -eq 0 ]; then
exit 0
fi
exit 1Starting in CBI NGX R65 version 1.1.0.0-12 , we change the way Crossbeam monitors the
fwd and
cpd; the app_status script now looks like this:
# Check if cpd process is running by testing signal delivery
pkill -0 -f ^cpd$ > /dev/null 2>&1 || exit 1
# Check if fwd process is running by testing signal delivery
pkill -0 -f ^fwd$ > /dev/null 2>&1 || exit 1
---
Test the command using the following:
APP1_1 (FWCATL02): root$ pkill -0 -f ^fwd$
APP1_1 (FWCATL02): root$ echo $?
0
Application status:
0=running
1=not running
Workaround
N/A