Tuesday, March 1, 2016

SCRIPT -Firewall Performance

So… you want see what happened at 3am on the firewall but don’t have the money for orion, or other expensive monitoring software? Check out this bash script to monitor processes on your Check Point Firewall:

Ok, this is really basic, but you get the idea:


#!/bin/bash

# Warning:
#
#     * Scripting is not a supported feature. The user
#       should implement scripts with care.  This is
#       only a demo of how sample code might work.
#
#  The script should be something like, overtime.sh and
#
# first, make sure that it's executable:
# chmod u+x overtime.sh
#
# then, run it:
# ./overtime.sh
#
# You'll get a file that has date time stamps in it.
#
# use common sense so that scripts do not run forever
# don't let a script fill your hard drive.  /var usually
# has the most space available for running scripts like this
#
# If you are getting timed out, run from a cron job without
# the while loop, or increase/remove idle time
#
# It should contain the following:
#

while true; do
  # adjust the date output to something like: 200707071200
  DATE=`/bin/date +%Y%m%d%H%M`

  # do your commands.  Note > overwrites, while >> appends
  echo $DATE >> SR-NUMBER.debug

  echo '------------------------------------' >> SR-NUMBER.debug
  vmstat -n 3 5 >> SR-NUMBER.debug

  echo '------------vmstat------------------' >> SR-NUMBER.debug
  cat /proc/meminfo >> SR-NUMBER.debug

  echo '-------procmeminfo------------------' >> SR-NUMBER.debug
  fw tab -t connections -s >> SR-NUMBER.debug

  echo '-------------fwtab------------------' >> SR-NUMBER.debug
  top -n 1 >> SR-NUMBER.debug

  echo '--------------top-------------------' >> SR-NUMBER.debug
  fw ctl pstat >> SR-NUMBER.debug

  echo '--------------free------------------' >> SR-NUMBER.debug
  free >> SR-NUMBER.debug

  echo '------------------------------------' >> SR-NUMBER.debug

  # sleep is measured in seconds, 1200 = 10 minutes.
  sleep 2400

done