Help with alert rule Checkpoint HA Cluster status

Hi,
I’m looking for the best way to create a rule to alert from HA state changes on a Checkpoint / Gaia cluster.
I tried with check_snmp_cpfw.pl Nagios plugin from my Nagios deployment but did’t work.
I need help to configure an alert rule using sensors.
I searched a lot but didn’t find what sensor or macro could I use.
Please help.

====================================

Component Version
LibreNMS 1.58.1
DB Schema 2019_08_10_223200_add_enabled_to_users (147)
PHP 7.2.19
MySQL 5.5.60-MariaDB
RRDTool 1.4.8
SNMP NET-SNMP 5.7.2

====================================

[OK] Composer Version: 1.9.1
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct

Hi,

As far as I can see, the only supported sensors in libre are the temperature, fan and voltage ones.

So you need to make support for the ones you need and then you can alert on them.

If corresponds to your checkpoint device, look at https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk90860&partition=General&product=Security for mibs definitions and search then update includes/definitions/discovery/gaia.yaml accordingly

Remember to submit your code!!

I have a script in cron on checkpoint that checks “cphaprob state” and send a syslog if something goes wrong with “logger” command

I have an alert on syslog

It seems it would be easier to use new feature custom graph .iso.org.dod.internet.private.enterprises.checkpoint.products.ha.haState
.1.3.6.1.4.1.2620.1.5.6
and create an alert on the state https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk90860&partition=General&product=Security#Common%20used%20SNMP%20OIDs%20-%20Check%20Point%20Software%20Blades%20counters%20-%20Cluster

If can do a pull request to github librenms to add this oid polling, it would be even better

Might work with these:
-
oid: haStarted
num_oid: ‘.1.3.6.1.4.1.2620.1.5.5’
index: ‘haStarted’
descr: “Cluster mechanism started”
group: HA
value: haStarted
states:
- { value: yes, descr: Yes , graph: 1, generic: 0 }
- { value: no, descr: No, graph: 0, generic: 2 }
-
oid: haState
num_oid: ‘.1.3.6.1.4.1.2620.1.5.6’
index: ‘haState’
descr: “Cluster member state”
group: HA
value: haState
states:
- { value: active, descr: Active , graph: 3, generic: 0 }
- { value: standby, descr: Standby, graph: 2, generic: 0 }
- { value: ‘active attention’, descr: Attention, graph: 1, generic: 1 }
- { value: down, descr: Down, graph: 0, generic: 2 }
-
oid: haStatCode
num_oid: ‘.1.3.6.1.4.1.2620.1.5.101’
index: ‘haStatCode’
descr: “Cluster member status code”
group: HA
value: haStatCode
states:
- { value: 0, descr: Up , graph: 2, generic: 0 }
- { value: 1, descr: Attention, graph: 1, generic: 3 }
- { value: 2, descr: Down, graph: 0, generic: 1 }

Indentation is of course now broken, no clue if there is some markup :stuck_out_tongue:

After a lot of tests and research, I think I found the way:

Add the follow at: "./includes/definitions/discovery/gaia.yaml"
        -
            oid: haStatCode
            num_oid: '.1.3.6.1.4.1.2620.1.5.101.{{ $index }}'
            descr: HA Status
            group: HA
            states:
                - { value: 0, generic: 0, graph: 0, descr: OK }
                - { value: 1, generic: 1, graph: 0, descr: 'Needs Atention' }
                - { value: 2, generic: 2, graph: 0, descr: 'HA Down' }	
Create the sensor state: "./includes/discovery/sensors/state/gaia.inc.php"
<?php
$states = [
        ['value' => 0, 'generic' => 0, 'graph' => 0, 'descr' => 'Active'],
        ['value' => 1, 'generic' => 3, 'graph' => 0, 'descr' => 'Standby'],
        ['value' => 2, 'generic' => 1, 'graph' => 0, 'descr' => 'Active Attention'],
        ['value' => 3, 'generic' => 2, 'graph' => 0, 'descr' => 'Down'],
];

$temp = snmpwalk_cache_multi_oid($device, 'haState', [], 'CHECKPOINT-MIB');

if (is_array($temp)) {
    echo 'Gaia Cluster HA State: ';
    //Create State Index
    $state_name = 'haState';
    create_state_index($state_name, $states);

    foreach ($temp as $index => $data) {
		//Convert string value to integer LibreNMS value
		if ($currentstr == 'active') {
				$value = 0;
		if ($currentstr == 'standby') {
				$value = 1;
		if ($currentstr == 'Active Attention') {
				$value = 2;
		if ($currentstr == 'Down') {
				$value = 3;
		}
		}
		}
		}		
        $descr = 'Cluster HA State';
        $group = 'HA';
        $current = $value;
        $oid = '.1.3.6.1.4.1.2620.1.5.6.' . $index;
        discover_sensor($valid['sensor'], 'state', $device, $oid, $index, $state_name, $descr, 1, 1, null, null, null, null, $current, 'snmp', $index, null, null, $group);

        //Create Sensor To State Index
        create_sensor_to_state_index($device, $state_name, $index);
    } // End foreach (array_keys($temp) as $index)
} // End if (is_array($temp))

$states = [
        ['value' => 0, 'generic' => 3, 'graph' => 0, 'descr' => 'Disabled'],
        ['value' => 1, 'generic' => 0, 'graph' => 1, 'descr' => 'Enabled'],
];

$temp = snmpwalk_cache_multi_oid($device, 'fwSXLStat', [], 'CHECKPOINT-MIB');

if (is_array($temp)) {
    echo 'SecureXL current status: ';
    //Create State Index
    $state_name = 'fwSXLStat';
    create_state_index($state_name, $states);

    foreach ($temp as $index => $data) {
        $descr = 'SecureXL current status';
        $group = 'HA';
        $current = $data['fwSXLStat'];
        $oid = '.1.3.6.1.4.1.2620.1.36.1.1.' . $index;
        discover_sensor($valid['sensor'], 'state', $device, $oid, $index, $state_name, $descr, 1, 1, null, null, null, null, $current, 'snmp', $index, null, null, $group);

        //Create Sensor To State Index
        create_sensor_to_state_index($device, $state_name, $index);
    } // End foreach (array_keys($temp) as $index)
} // End if (is_array($temp))

Active Member:
image

Standby Member:
image

Hi @rpardim
Could you please submit your changes in a pull request in GitHub. This will ensure everybody get your patch, and that your LibreNMS instance continues to receive updates (manual changes breaks auto updates).
Bye