PDA

View Full Version : Uptime Conflicts



avilT
2011-05-20, 03:11
On my UTM 1070 applicance, web console/CLI shows uptime as 90 days where as smart view monitor says its 10 hours. I have not restarted the server or checkpoint service. Is it a bug in the UTM? I would like to get notified whenever there is a restart of the service/server. How can I configure this?


During the vulnerability scan is there any possibility of service getting restarted?

capital-p
2011-05-20, 07:13
The difference is that CLI shows uptime of the operating system, and SmartView Monitor shows uptime of Check Point processes.

You can set a SNMP trap to trigger when FW module goes down by polling for example fwModuleState OID.

Vunerability scan shouldn't cause CP processes to restart.

avilT
2011-05-21, 08:39
I did not restart the checkpoint service, how can I trace the reason for service restart. Only thing I am aware is we run vulnerability scan against the firewall.

northlandboy
2011-05-22, 22:01
Did you install policy around then?

avilT
2011-05-22, 22:03
No policy install, just VA scan.

serlud
2011-05-23, 02:35
No policy install, just VA scan.

Please provide us with output for following command:

cpwd_admin list

This command provide an start time of any CP daemons. example R75.10 :
[Expert@XXXX]# cpwd_admin list
cpwd_admin:
APP PID STAT #START START_TIME COMMAND MON
CPD 7328 E 1 [11:19:07] 20/5/2011 cpd Y
MPDAEMON 7358 E 1 [11:19:09] 20/5/2011 mpdaemon /opt/multiportal/log/mpdaemon.elg /opt/multiportal/conf/mpdaemon.conf N
CI_CLEANUP 7403 E 1 [11:19:11] 20/5/2011 avi_del_tmp_files N
CIHS 7415 E 1 [11:19:11] 20/5/2011 ci_http_server -j -f /opt/CPsuite-R75/fw1/conf/cihs.conf N
FWD 7417 E 1 [11:19:11] 20/5/2011 fwd N
RTMD 8186 E 1 [11:19:24] 20/5/2011 rtmd N

avilT
2011-05-23, 03:12
[Expert@EXT-FW2]# cpwd_admin list
cpwd_admin:
APP PID STAT #START START_TIME COMMAND MON
CPD 15183 E 1 [04:31:45] 20/5/2011 cpd Y
CI_CLEANUP1511 E 1 [21:06:27] 9/10/2009 avi_del_tmp_files N
FWD 1521 E 1 [21:06:27] 9/10/2009 fwd N
[Expert@EXT-FW2]#

ShadowPeak.com
2011-05-23, 10:44
[Expert@EXT-FW2]# cpwd_admin list
cpwd_admin:
APP PID STAT #START START_TIME COMMAND MON
CPD 15183 E 1 [04:31:45] 20/5/2011 cpd Y
CI_CLEANUP1511 E 1 [21:06:27] 9/10/2009 avi_del_tmp_files N
FWD 1521 E 1 [21:06:27] 9/10/2009 fwd N
[Expert@EXT-FW2]#

Looks like cpd choked. Check out the $CPDIR/log/cpd.elg file around 5/20 04:31. cpd handles licensing, SIC and a bunch of other functions and definitely should not have restarted on its own.

serlud
2011-05-23, 10:59
[Expert@EXT-FW2]# cpwd_admin list
cpwd_admin:
APP PID STAT #START START_TIME COMMAND MON
CPD 15183 E 1 [04:31:45] 20/5/2011 cpd Y
CI_CLEANUP1511 E 1 [21:06:27] 9/10/2009 avi_del_tmp_files N
FWD 1521 E 1 [21:06:27] 9/10/2009 fwd N
[Expert@EXT-FW2]#

You gateway works since (at least) 21:06:27 9/10/2009 - you can check it with uptime command.

Normaly if any processes crashed and restarted you should see the number of starts , probably this number has also limit (less than 10 - do not known ) and that is why you see only 1 start.

Please see our result R75.1 in just 30 min of uptime..cpd has been crashed 3 times all others daemon only 1 time has been crashed..

STAT -means :current status: E- working , T -terminated
#START -means : how much starts has this application

[Expert@XXX]# cpwd_admin list
cpwd_admin:
APP PID STAT #START START_TIME COMMAND MON
CPD 0 T 2 [10:38:46] 20/5/2011 cpd N
MPDAEMON 5117 E 2 [10:50:48] 20/5/2011 mpdaemon /opt/multiportal/log/mpdaemon.elg /opt/multiportal/conf/mpdaemon.conf N
CI_CLEANUP 5123 E 2 [10:51:00] 20/5/2011 avi_del_tmp_files N
CIHS 5124 E 2 [10:51:00] 20/5/2011 ci_http_server -j -f /opt/CPsuite-R75/fw1/conf/cihs.conf N
FWD 0 T 1 [10:31:47] 20/5/2011 fwd N
RAD 0 T 1 [10:31:49] 20/5/2011 rad N
RTMD 0 T 1 [10:32:24] 20/5/2011 rtmd N

[Expert@XXX]# cpwd_admin list
cpwd_admin:
APP PID STAT #START START_TIME COMMAND MON
CPD 5232 E 3 [11:01:09] 20/5/2011 cpd Y
MPDAEMON 5117 E 2 [10:50:48] 20/5/2011 mpdaemon /opt/multiportal/log/mpdaemon.elg /opt/multiportal/conf/mpdaemon.conf N
CI_CLEANUP 5123 E 2 [10:51:00] 20/5/2011 avi_del_tmp_files N
CIHS 5124 E 2 [10:51:00] 20/5/2011 ci_http_server -j -f /opt/CPsuite-R75/fw1/conf/cihs.conf N
FWD 5229 E 2 [11:01:09] 20/5/2011 fwd N
RAD 5230 E 2 [11:01:09] 20/5/2011 rad N
RTMD 5231 E 2 [11:01:09] 20/5/2011 rtmd N
[Expert@XXX]# cpwd_admin list
cpwd_admin:
APP PID STAT #START START_TIME COMMAND MON
CPD 5232 E 3 [11:01:09] 20/5/2011 cpd Y
MPDAEMON 5117 E 2 [10:50:48] 20/5/2011 mpdaemon /opt/multiportal/log/mpdaemon.elg /opt/multiportal/conf/mpdaemon.conf N
CI_CLEANUP 5123 E 2 [10:51:00] 20/5/2011 avi_del_tmp_files N
CIHS 5124 E 2 [10:51:00] 20/5/2011 ci_http_server -j -f /opt/CPsuite-R75/fw1/conf/cihs.conf N
FWD 5229 E 2 [11:01:09] 20/5/2011 fwd N
RAD 5230 E 2 [11:01:09] 20/5/2011 rad N
RTMD 5231 E 2 [11:01:09] 20/5/2011 rtmd N
[Expert@XXX]# uptime
11:04:07 up 33 min, 2 users, load average: 1.95, 2.16, 1.98

avilT
2011-05-23, 20:55
Followig is the content of $CPDIR/log/cpd.elg file.

[CPD 15183 2002706560]@XXX_XXX_EXT-FW2[20 May 4:37:48] SIC initialization started
[CPD 15183 2002706560]@XXX_XXX_EXT-FW2[20 May 4:37:48] Read the machine's sic name: CN=XXX_XXX_EXT-FW2,O=fwmgr..ezxbx4
[CPD 15183 2002706560]@XXX_XXX_EXT-FW2[20 May 4:37:48] Initialized sic infrastructure
[CPD 15183 2002706560]@XXX_XXX_EXT-FW2[20 May 4:37:48] Initialized SIC authentication methods
[CPD 15183 2002706560]@XXX_XXX_EXT-FW2[20 May 4:37:48] SIC initialization completed
---> Entering addon cts_handler [LSMServerAddon, V_1.0]
<--- Exiting addon cts_handler [LSMServerAddon, V_1.0]
---> Entering addon cts_handler [LSMServerAddon, V_1.0]
<--- Exiting addon cts_handler [LSMServerAddon, V_1.0]
---> Entering addon cts_handler [LSMServerAddon, V_1.0]
<--- Exiting addon cts_handler [LSMServerAddon, V_1.0]
---> Entering addon cts_handler [LSMServerAddon, V_1.0]
<--- Exiting addon cts_handler [LSMServerAddon, V_1.0]
---> Entering addon cts_handler [LSMServerAddon, V_1.0]
<--- Exiting addon cts_handler [LSMServerAddon, V_1.0]
---> Entering addon cts_handler [LSMServerAddon, V_1.0]
<--- Exiting addon cts_handler [LSMServerAddon, V_1.0]
---> Entering addon cts_handler [LSMServerAddon, V_1.0]
<--- Exiting addon cts_handler [LSMServerAddon, V_1.0]
---> Entering addon cts_handler [LSMServerAddon, V_1.0]
<--- Exiting addon cts_handler [LSMServerAddon, V_1.0]
---> Entering addon cts_handler [LSMServerAddon, V_1.0]
<--- Exiting addon cts_handler [LSMServerAddon, V_1.0]
---> Entering addon cts_handler [LSMServerAddon, V_1.0]
<--- Exiting addon cts_handler [LSMServerAddon, V_1.0]
---> Entering addon cts_handler [LSMServerAddon, V_1.0]
<--- Exiting addon cts_handler [LSMServerAddon, V_1.0]
---> Entering addon cts_handler [LSMServerAddon, V_1.0]