PDA

View Full Version : Modifying the UTM-1 LCD display



banduraj
2009-03-06, 15:46
After much digging around, I thought I would post what I found playing with our UTM-1 270's. I will point out that what I did only works on this model as far as I know, maybe some of you others can test and say otherwise. But my guess is that this should work on at least all UTM-1 models.

There are 2 tools of interest here. The /bin/lcdpanel and /bin/lcdutil programs. The lcdpanel tool is what is used to to display what you see on your UTM-1 normally. In the /etc/rc.d/init.d folder are two init scripts for switching the display. While the UTM-1 is loading just after boot, the lcdpanel_init script is run. All this does is execute the /bin/lcdpanel command with the parameter 'init', such as:

/bin/lcdpanel init

The other script is called lcdpanel as well, this is run once the UTM-1 is finished loading. It just kills the existing lcdpanel process and starts it again with no parameters. This is the normal display you see while the UTM-1 is running normally.

There is one other parameter that the /bin/lcdpanel program takes and is 'single'. All this does is show the standard running message without the anamation. If you want to test this out, then first you need to kill any running lcdpanel process. Just execute the init script with the stop parameter as such:

/etc/rc.d/init.d/lcdpanel stop

Once the lcdpanel app is stopped, you can then test what the /bin/lcdpanel program does. There are three ways to run it as far as i can tell:

/bin/lcdpanel
/bin/lcdpanel init
/bin/lcdpanel single

Use ^C to kill it.

The other program is the one of most interest. Once the lcdpanel program is stopped, you can use the /bin/lcdutil program to display your own messages. It takes two parameters as far as I can tell:

/bin/lcdutil "Line 1 text here" "line 2 text here"

You can clear the panel this way:

/bin/lcdutil "" ""

I wrote my own script and replaced the lcdpanel startup script with mine. I now have the hostname, cluster status, and other info scrolling on the display panel. Hope someone finds this useful.

ETA: I should note that I took my own effort and time to do this with no input from Check Point. I did my own digging to figure this out. So, I seriously doubt this is supported in any way.

banduraj
2009-03-08, 12:39
Because I have been asked for this script at least a few times, I am attaching it here.

Please use this as an example or at your own risk. I take no responsibility for it's use. :)

banduraj
2009-07-14, 10:27
I have been making regular changes to the script and so I thought I would post up the one I am using now. If anyone else is making changes or have their own they are using, please, post it up so we can all benefit from this. Thanks.

cpguy
2010-04-26, 15:30
How can I get the LCD app.? I upgraded/downgraded our appliances to R65 without messaging security and would like to get the LCD to work again. Any help would be appreciated.

belvdr
2010-04-26, 16:22
How can I get the LCD app.? I upgraded/downgraded our appliances to R65 without messaging security and would like to get the LCD to work again. Any help would be appreciated.

It should already exist in /bin.

cpguy
2010-04-26, 16:28
I don't see it. When I installed the new OS it wiped it out I'm assuming.

belvdr
2010-04-26, 16:54
I don't see it. When I installed the new OS it wiped it out I'm assuming.

You need to be in expert mode. It comes with the OS, so it's not wiping it out:



# ls -la /bin/lcd*
-r-xr-xr-x 1 root root 353 Oct 26 17:54 /bin/lcd_menu
-rwxr-xr-x 1 root root 7413 Oct 26 17:54 /bin/lcdgetkey
-rwxr-xr-x 1 root root 71281 Oct 26 17:54 /bin/lcdpanel
-rwxr-xr-x 1 root root 68502 Oct 26 17:54 /bin/lcdutil


I added load average and CPU util to my R70.30 272. Note CPU1 and CPU5 are 1 and 5 minute load averages:



CPU1=`uptime | awk '{print $(NF-2)}' | cut -f1 -d','`
CPU5=`uptime | awk '{print $(NF-1)}' | cut -f1 -d','`

/bin/lcdutil "CPU 1 min: $CPU1" "CPU 5 min: $CPU5"
sleep $SLEEPTIME

CPU_USAGE=`cpstat -f cpu os | grep Usage | awk '{print $NF}'`
CPU_IDLE=`cpstat -f cpu os | grep Idle | awk '{print $NF}'`

/bin/lcdutil "CPU Used: $CPU_USAGE" "CPU Idle: $CPU_IDLE"
sleep $SLEEPTIME

marklar
2010-04-27, 18:21
FWIW, this works on a 9070 as well, it just needs some updates for displaying VSX status.

m.

danielstf
2010-06-27, 22:41
For me its working too using UTM 1070!

I'm using this:

#!/bin/sh
#
# LCD Display Script
#
# Initial - 27 June, 2010
# 1) Place lcd_info.sh file in /etc/rc.d/init.d
# 2) chmod 755 /etc/rc.d/init.d/lcd_info.sh
# 3) Update /etc/rc.d/rc.local
#
# ****** Use in rc.local ******
# /usr/bin/killall lcdpanel >/dev/null 2>1
# /etc/rc.d/init.d/lcd_info.sh > /dev/null 2>1 &
#

COMPANY="COMPANY"
SLEEPTIME=4

while [ 1 ]; do
/bin/lcdutil "$COMPANY" "$HOSTNAME"
sleep $SLEEPTIME

CPU1=`uptime | awk '{print $(NF-2)}' | cut -f1 -d','`
CPU5=`uptime | awk '{print $(NF-1)}' | cut -f1 -d','`

/bin/lcdutil "CPU 1 min: $CPU1" "CPU 5 min: $CPU5"
sleep $SLEEPTIME

CPU_USAGE=`cpstat -f cpu os | grep Usage | awk '{print $NF}'`
CPU_IDLE=`cpstat -f cpu os | grep Idle | awk '{print $NF}'`

/bin/lcdutil "CPU Used: $CPU_USAGE" "CPU Idle: $CPU_IDLE"
sleep $SLEEPTIME

RUNNING=`cphaprob stat | grep HA | cut -f1 -d' '`

if [ "$RUNNING" = "HA" ]; then
/bin/lcdutil "Cluster: Down" "HA Not Running"
else
CLUSTER=`cphaprob stat | awk '/\(local\)/ {print $5}'`
LOAD=`cphaprob stat | awk '/\(local\)/ {print $4}'`
IF=`cphaprob -e if | grep -m 1 DOWN | cut -f1 -d' '`
DEV=`cphaprob -e list | awk '(/Device Name:/ || /Current state:/) {status[dev++] = $3} END {for (i=dev-1; i >=0; i--) if (status[i]=="problem") print status[i-1]}'`

if [ $CLUSTER = "Down" ]; then
if [ $IF ]; then
/bin/lcdutil "Cluster: $CLUSTER" "if: $IF"
elif [ $DEV ]; then
/bin/lcdutil "Cluster: $CLUSTER" "pn: $DEV"
fi
else
/bin/lcdutil "Cluster: $CLUSTER" "Load: $LOAD"
fi
fi
sleep $SLEEPTIME

DATE=`getdate| awk '{print $1}'`
TIME=`getdate| awk '{print $2" "$3}'`

/bin/lcdutil " $DATE " " $TIME "
sleep $SLEEPTIME


done




Thanks !!! :)

DZelenak
2010-06-30, 10:38
Ok. Looks like I'm the only one having difficulty with this!

Edited lcd_info.sh to display my company name. Placed lcd_info.sh in my /etc/rc.d/init.d folder, chmod +755 on the file, and edited rc.local to reflect what was in the comments at the top of lcd_info.sh.

My LCD goes from Loading [XXXXX] to blank at startup.

If I do ps -aux I can see "Sleep 7" as one of the processes running.

If I execute "/etc/rc.d/init.d/lcd_info.sh > /dev/null 2>1 &" from the expert shell, it runs just fine and in the background.

This is on a UTM-1 2070. Any ideas?

belvdr
2010-06-30, 11:29
Did you stop lcdpanel?

DZelenak
2010-06-30, 13:42
I would assume the '/usr/bin/killall lcdpanel > /dev/null 2>1' that is ran before '/etc/rc.d/init.d/lcd_info.sh >/dev/null 2>1 &' command does this? Do I need to maybe put a sleep inbetween the two commands to allow the first process to be successfully killed?

belvdr
2010-06-30, 13:52
Do it manually before scripting it to ensure it actually works.

Ender519
2010-08-05, 15:22
Guys this is more awesome than I can properly convey here. The only thing that stops me from putting this in production right this minute is that the buttons on the front no longer function when this script is running.

Now that wouldn't be such a big deal, but there has been one case where a firewall in a remote datacenter had to be rebooted and hands/eyes had to do it because we couldn't reach the firewall any longer. The buttons provided a way to cleanly reboot the firewall.. without that, the only option is to pull power from the device which is a little messy.

Not sure if this is able to be scripted in, but it would sure be a nice touch.. this way it completely replaces the functionality of lcdpanel

belvdr
2010-08-09, 15:04
I checked a 270 and sure enough, you're right!

One thing I can think of is to loop between the two:



TIMER=60
while true; do
/bin/lcdpanel &
sleep ${TIMER}
killall lcdpanel

/path/to/lcd_info.sh
sleep ${TIMER}
killall lcd_info.sh
done


This would alternate between the two every 60 seconds.

Ender519
2010-08-09, 21:38
That's a hell of an idea.. but rather than switch between the two every 60 seconds, I would display the custom LCD info for 2 minutes and then display the standard LCD info for 30 seconds.. that way you are seeing the custom info most of the time, and you have a window every 2 minutes during which time the buttons will be functional..

There is only one other minor thing I'm seeing is CPU spiking 5-15% higher when it pulls the info to display on the LCD. If I watch vmstat 1 while the LCD info is being displayed, sure enough each time the display changes I see a small spike in CPU. I don't know yet if it's a *material* impact under load but thought I would let people know I'm seeing some CPU cycles burning to display this info. If you're running close to the mark you may want to keep an eye on it.

Ender519
2010-08-12, 11:07
I checked a 270 and sure enough, you're right!

One thing I can think of is to loop between the two:



TIMER=60
while true; do
/bin/lcdpanel &
sleep ${TIMER}
killall lcdpanel

/path/to/lcd_info.sh
sleep ${TIMER}
killall lcd_info.sh
done


This would alternate between the two every 60 seconds.


I've been playing around with this for awhile, and I don't think a loop like what you suggested will work. Certainly not for rc.local, because the firewall won't finish booting, it will stay in that loop forever. Instead, I think the best way to do this is create two "lcd swap" scripts to go between the two, and then use crontab to switch between them.

So for instance, lcd_swap1.sh will kill lcdpanel and start lcd_info.sh for the custom info:



#!/bin/sh
#
# LCD Swap Script

# Kill standard lcd panel
/usr/bin/killall lcdpanel

# Enable custom lcd panel
/etc/rc.d/init.d/lcd_info.sh


And then lcd_swap2.sh will kill lcd_info.sh and re-enable lcdpanel for the button functionality:



#!/bin/sh
#
# LCD Swap Script

# Kill custom lcd panel
/usr/bin/killall lcd_info.sh

# Enable standard lcd panel
/etc/rc.d/init.d/lcdpanel start


And then you use "crontab -e" as follows to have the custom info display for 2 minutes, and then the standard LCD panel display for 1 minute:



1,4,7,10,13,16,19,22,25,28,31,34,37,40,43,46,49,52 ,55,58 * * * * /etc/rc.d/init.d/lcd_swap1.sh
3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54 ,57,60 * * * * /etc/rc.d/init.d/lcd_swap2.sh



This is the best way I can think of to do this.

belvdr
2010-08-12, 12:18
That would work too. If you were to do it my way, you'd have to launch the script with an & at the end so that it is thrown into the background.

Naegele
2011-03-18, 12:06
Hi,

the lcd_info.sh script is a really great tool. But as I tried it, it works only if I call it on the command line. If the script is executed from cron (as mentioned to switch back to the lcdpanel command) the display shows nothing. I tried this also with a simple test script called by cron, which only shows some text like
/bin/lcdutil "test" "1234", it shows the text only if called from command line and not from cron. Needs lcdutil some special environment, tty or something else?

Regards,
Ralf