This is a troubleshooting and FAQ guide for the Skyline solution, which quickly and efficiently monitors your Check Point servers. For more details about Skyline, see sk178566.
An "environment" allows you to group machines under a common name. For example, you can set the environment "Cluster1" to "GW-A" and "GW-B", and they appear under the environment "Cluster1" in the dashboard.
To set the environment:
Log into the Expert mode.
Run this command to get your current environment: cat /opt/CPotelcol/config.yaml | grep -o -E "environment: [A-Za-z0-9_]+" | awk '{ printf $2 }'
Run this command: sed -i 's/environment: <YourCurrrnetEnvironmentHere>/environment: <YourEnvironmentHere>/g' /opt/CPotelcol/config.yaml
The hostname of the machine automatically sets the name on Skyline. To change the name, set the reporting machine's name to the desired hostname. See the above instructions on how to set the environment.
This issue occurs when you change certain data (for example, the policy name after a policy installation). After five minutes, the duplication should disappear.
Use the Prometheus graph tool to see the metrics received from the machine. Usually, the tool sits on port 9090, by default, or on the port configured for Prometheus.
Click on Graph to see all the records over time. A common example of a testing metric is "hardware.model".
If the data is not there, examine the OpenTelemetry collector logs:
Ignore lines with the “Error” prefix that have a date before the current run.
If there is a syntax error or a severe issue, the log should start with the prefix “Error:".
If you do not see a log with the "Error:" prefix, examine the CPView exporter logs.
Similarly to the Open Telemetry collector, you are not required to make any changes on /opt/CPviewExporter/config.yml.
Make sure to revert the changes and set is as supplied with the jumbo. If there is a severe error, the line starts with the prefix “Error:"
If there is no issue on the CPView exporter or the OpenTelemetry collector, run this command: cpview -m
If there is no response or an invalid response (usually, an empty response), then contact Check Point Support.
You can use the "cpwd_admin list" command to monitor the CPviewExporter (to see if it is active):
Example:
cpwd_admin list
APP PID STAT #START START_TIME MON COMMAND
FWK_FORKER 9996 E 1 [18:23:37] 27/10/2022 N fwk_forker
FWK_WD 10005 E 1 [18:23:37] 27/10/2022 N fwk_wd -i 14 -i6 0
CPVIEWD 10263 E 1 [18:23:49] 27/10/2022 N cpviewd
CPVIEWS 10268 E 1 [18:23:49] 27/10/2022 N cpview_services
CVIEWAPIS 18917 E 1 [10:33:13] 28/10/2022 N cpview_api_service
SXL_STATD 10279 E 1 [18:23:50] 27/10/2022 N sxl_statd
CPD 10291 E 1 [18:23:51] 27/10/2022 Y cpd
MPDAEMON 10319 E 1 [18:23:51] 27/10/2022 N mpdaemon /opt/CPshrd-R81.10/log/mpdaemon.elg /opt/CPshrd-R81.10/conf/mpdaemon.conf
TP_CONF_SERVICE 6083 E 1 [18:27:02] 27/10/2022 N tp_conf_service --conf=tp_conf.json --log=error
CI_CLEANUP 10424 E 1 [18:23:54] 27/10/2022 N avi_del_tmp_files
CIHS 10431 E 1 [18:23:54] 27/10/2022 N ci_http_server -j -f /opt/CPsuite-R81.10/fw1/conf/cihs.conf
FWD 10456 E 1 [18:23:54] 27/10/2022 N fwd
SPIKE_DETECTIVE 10461 E 1 [18:23:54] 27/10/2022 N spike_detective
MDPSD 10463 E 1 [18:23:54] 27/10/2022 N mdpsd
LPD 10966 E 1 [18:24:00] 27/10/2022 N lpd
DASERVICE 14903 E 1 [18:24:17] 27/10/2022 N DAService_script
AUTOUPDATER 14916 E 1 [18:24:17] 27/10/2022 N AutoUpdaterService.sh
OTLPAGENT 31399 E 1 [19:19:05] 27/10/2022 N cpview_exporter
Skyline redirects the traffic automatically to the Management interface.
To make sure traffic passes to the external IP, run this command:
add mdps task address
If there are issues in configuring Skyline from the GAIA REST API or /opt/CPotelcol/REST.py, skip the REST API and make sure that you are running /opt/CPotelcol/REST.py from the data plane.
Give us Feedback
Thanks for your feedback!
Are you sure you want to rate this stars?
