Tuesday, May 24, 2016

Script - Checkup.sh

#!/bin/bash
#
# CHECKUP.SH
# Script to gather performance and environmental information in order to examine the health and condition of a Check Point system
# Elements of this script are inspired by the information contained within SK33781, sk38992, sk36846, and sk54400
#
# Michael E. Natkin
# This tool is provided on a best-effort basis as-is with no expressed nor implied warrantee or support.
#
# This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License. To view a copy of this license,
# visit http://creativecommons.org/licenses/by-sa/3.0/.
#
# PLEASE BE SURE TO CHECK THE WIKI OR WITH THE AUTHOR TO ENSURE YOU ARE RUNNING THE MOST CURRENT VERSION OF THIS SCRIPT
#
# TO:DOs: Add logic in script, check for disk space prior to writing to output directory, add NIC checks to ignore secondary IPs
#
# Version 20150624 - Minor tweak for VPN counts
# Version 20150422 - Add flag allowing for DU bypass
# Version 20150418 - Add alternative method for sourcing CPprofile.sh
# Version 20150416 - Add Monitor Mode interface check
# Version 20150408 - Fixes for improved operation on Solaris
# Version 20150305 - Minor adjustments
# Version 20150202 - Confirm operating MAC Magic numbers
# Version 20141216 - Additional NIC information gathering
# Version 20141126 - Minor programatic improvements, additional appliance definitions
# Version 20140930 - Modify Rulebase counters to include Manual NAT
# Version 20140929 - Rulebase counters (management)
# Version 20140925 - Minor programatic improvements, ensured redirection of stdout and stderr across the entire script
# Version 20140905 - Address some VSX-related inconsistencies
# Version 20140713 - 13800 and 21800
# Version 20140505 - Additional file checks
# Version 20140425 - Revised acceleration functionality, addressed some programatic issues, and tweaked top talkers
# Version 20140424 - Variable cleanup, log cleanup, minor script cleanup and formatting
# Version 20140423 - additional CPU check logic initial implementation
# Version 20140420 - Minor adjustments
# Version 20140219 - Minor cleanup
# Version 20140121 - Additional checks, cleanup
# Version 20140117 - Bond interface checks (SPLAT and GAiA), minor cleanup
# Version 20131118 - Additional UserCheck checks, minor cleanup -- TODO - revise host count
# Version 20131112 - Host count, RAD checks, minor cleanup, additional ID checks
# Version 20131015 - Initial 61000 integration
# Version 20131010 - Additional CPU / IRQ details, partition inode check, cleanup, documentation, and improved user feedback
# Version 20130925 - Minor cleanup and documentation
# Version 20130905 - Minor cleanup and adjsutments
# Version 20130828 - Threat Emulation and MTA
# Version 20130729 - Minor cleanup and adjsutments
# Version 20130724 - Updated SmartEvent checks, addressed SWB detection bug
# Version 20130709 - Added 13500 appliance
# Version 20130610 - Additional file checks
# Version 20130509 - Added array status check, tweaked LOM check, added flags allowing for TOP, IOStat, and VMSTAT bypass
# Version 20130503 - Added MDS checks, added SofaWare LibSW version check
# Version 20130228 - 21700, update LOM detection mechanism
# Version 20130213 - fixes, tweaks, and optimizations, additional cache size checks
# Version 20130206 - Additional ID and blade checks,LOM Check, Fix R76 (and future) VS script support
# Version 20130129 - fixes, tweaks, and optimizations
# Version 20130127 - URLF Stats in 75.* or better (basic today, enhancements planned)
# Version 20130122 - Enhance IPS reporting visibility, add IA checks (following field feedback), added community disclaimer to the output
# Version 20130113 - Address some test issues on legacy versions, enhance VS test criteria
# Version 20121221 - Minor NIC reporting tweaks
# Version 20121210 - minor changes to TOP and IOSTAT output
# Version 20121208 - minor script cleanup and additional documentation, fix 12200 reporting
# Version 20121206 - More stuff!!! Specifically, incorporated blade checks from machine_info.sh... Plus added more complete version history
# Version 20121205 - Additional NIC checks
# Version 20121127 - Additional file checks
# Version 20121107 - More GAiA and dynamic routing stuff
# Version 20121016 - 21600
# Version 20121013 - Fixes and SEM additions
# Version 20121011 - a few more file checks, more documentation
# Version 20121001 - additional IPSO-related tests from sk54400 added
# Version 20120930 - addressed some IPSO-problematic changes, introduced revision history
# Version 20120924 - Script cleanup, additional file checks, improve SecureXL checks
# Version 20120918 - Output cleanup, revision control check, IPS stats, management server checks
# Version 20120907 - Add GAiA checks, improve VSX checks
# Version 20120905 - Improve and simplify scripting, improve VSX checks, improve memory checks, add housekeeping
# Version 20120830 - Improve scripting, reduce non-applicable checks
# Version 20120823 - Simplify and expand file and process checks, improve end-user feedback
# Version 20120821 - Script cleanup, tweak Crossbeam-specific checks
# Version 20120802 - Add user interaction, minor cosmetic changes
# Version 20120702 - Add appliance mapping
# Version 20120622 - More IPSO reporting parity information, add user VPN checks
# Version 20120516 - Minor cosmetic changes only
# Version 20120515 - Address IPSO and VSX check issues, add IPSO and VSX reporting parity
# Version 20120410 - (Formerly Version 0.9989) Add scheduled tasks check, more CoreXL checks and logic
# Version 20120315 - (Formerly Version 0.9986) Expand VSX checks.  Add virtual memory / swap checks
# Version 20120306 - (Formerly Version 0.998) Expand IPSO and Crossbeam support, add significant memory and kernel checks.  Begin migration to date-based versioning
# Version 20120207 - (Formerly Version 0.996) Add section comments, add process and file dumps
# Version 20120120 - (Formerly Version 0.995) Script cleanup, address some Crossbeam-problematic changes, more checks
# Version 20120104 - (Formerly Version 0.993) Script cleanup, additional VSX checks
# Version 20111211 - (Formerly Version 0.99) VSX-specific additions and more checks added
# Version 20111205 - (Formerly Version 0.98) Expanded list of checks, script cleanups
# Version 20111010 - (Formerly Version 0.975) Expanded list of checks, script cleanups
# Version 20110909 - The basics start to come into form -- very rough
# Version 0.0.0.0  - Initial stab at automating FW checks

################################################################################
################################################################################
##                           Script start                                     ##
################################################################################
################################################################################

# Script version
SCRVER="Version 20150624"

# By default, the script will execute TOP, VMSTAT, and IOSTAT (where available)
# In order to disable these features, change the following variable from "1" to something else
DOTIMEDCHECKS=1

# By default, the script will execute du (where available)
# In order to disable these features, change the following variable from "1" to something else
DODUCHECK=1


# Define output location.  Default is /var/log
# If you wish to change the output location, this is the place to change it:
OUTTO=/var/log/tmp


# If the chosen output path above doesn't exist, change it to something guaranteed to exist
if [ ! -d "$OUTTO" ]
  then
    OUTTO=/var/log
fi

# Check for the existence of $TMP variable.  If it doesn't exist, make it.
CHECKTMP=$TMP

if [ "$CHECKTMP" = "" ]
   then
       TMP=/var/tmp
fi


# Define hostname of the installation and the date and time of execution
HNAME=`hostname`
NOW=$(date +"%F-%H%M")

# Simplify the output variable
# If you wish to change the output file name from the default, this is the place to change it:
OUTFILE=$OUTTO/checkup-$HNAME-$NOW.txt

################################################################################
################################################################################
##                                                                            ##
##             Do not modify anything beyond this point.                      ##
##                                                                            ##
################################################################################
################################################################################

# Provide brief product description and opportunity to cancel execution
echo "##########################################################################"
echo "# This script gathers performance and environmental information in order #"
echo "# to examine the health and condition of a Check Point system.           #"
echo "#                                                                        #"
echo "# Elements of this script are based on  information contained within     #"
echo "# SK33781, sk38992, sk36846, and sk54400                                 #"
echo "#                                                                        #"
echo "# NOTE: This tool is provided on a best-effort basis as-is with no       #"
echo "# expressed nor implied warrantee or support.                            #"
echo "#                                                                        #"
echo "# Executing script $SCRVER                                    #"
echo "#                                                                        #"
echo "##########################################################################"

echo
echo "  ######################################################################"
echo "  ## This work is licensed under the Creative Commons Attribution-    ##"
echo "  ## ShareAlike 3.0 Unported License. To view a copy of this license, ##"
echo "  ## visit http://creativecommons.org/licenses/by-sa/3.0/.            ##"
echo "  ##                                                                  ##"
echo "  ## Press any key to continue                                        ##"
echo "  ## or wait 10 seconds and the script will continue automatically    ##"
echo "  ######################################################################"

read -n1 -t10 $1

echo
echo "#########################################################################"
echo "# Beginning data acquisition.                                           #"
echo "# Data will be collected into $OUTFILE #"
echo "# You may see some messages and errors appear on the screen during the  #"
echo "# script's execution.  These may safely be ignored.                     #"
echo "#########################################################################"

echo "#########################################################################"
echo


################################################################################
################################################################################
##                                                                            ##
##             Function Definintions                                          ##
##                                                                            ##
################################################################################
################################################################################

secbreak()     # Function providing section break -- break up the information for easier digestion
{
echo "" >> $OUTFILE 2>&1
echo "########################################################################" >> $OUTFILE 2>&1
echo "" >> $OUTFILE 2>&1
}

smallbreak()   # Function providing blank line for between checks within the same section
{
echo "" >> $OUTFILE 2>&1
}

warnuser()    # Function providing some user feedback RE warnings that may be displayed during execution
{
echo
echo "##########################################################################"
echo "## You may see some messages and errors appear on the screen during the ##"
echo "## script's execution.  These may safely be ignored.                    ##"
echo "##########################################################################"
echo
}

################################################################################
################################################################################
##                                                                            ##
##             Start of Script                                                ##
##                                                                            ##
################################################################################
################################################################################

secbreak

# Output File header
echo "##########################################################################" > $OUTFILE
echo "### ### Starting checkup script for $HNAME at `date +"%F-%H%M"`         " >> $OUTFILE 2>&1
echo "##########################################################################" >> $OUTFILE 2>&1
echo "# This script gathers performance and environmental information in order #" >> $OUTFILE 2>&1
echo "# to examine the health and condition of a Check Point system.           #"     >> $OUTFILE 2>&1
echo "#                                                                        #"   >> $OUTFILE 2>&1
echo "# Elements of this script are based on information contained within      #"   >> $OUTFILE 2>&1
echo "# SK33781, sk38992, sk36846, and sk54400                                 #"   >> $OUTFILE 2>&1
echo "#                                                                        #"   >> $OUTFILE 2>&1
echo "# NOTE: This tool is provided on a best-effort basis as-is with no       #"   >> $OUTFILE 2>&1
echo "# expressed nor implied warrantee or support.                            #"   >> $OUTFILE 2>&1
echo "##########################################################################"   >> $OUTFILE 2>&1

secbreak

# Kernel version -- Start of logic for IPSO / XBM
smallbreak
RUNOSFULL=`uname -a`
RUNOS=`uname | egrep 'Linux|IPSO|XOS|SunOS' `
# Build a simple variable for Linux-derivatives
if [ "$RUNOS" = "Linux" ]
   then
      ISTORVALDS=1
fi
if [ "$RUNOS" = "XOS" ]
   then
      ISTORVALDS=1
fi
if [ "$RUNOS" = "IPSO" ]
   then
      ISTORVALDS=0
fi
if [ "$RUNOS" = "SunOS" ]
   then
      ISTORVALDS=0
fi

echo "Running checkup script $SCRVER on $RUNOSFULL platform running $RUNOS" >> $OUTFILE 2>&1
smallbreak

##############################################################################
#                                                                            #
#   Hardware determination                                                   #
#                                                                            #
##############################################################################

# create a "product-code to security-gateway" translation-file, based on -
# http://wiki.checkpoint.com/confluence/display/CPPublic/Appliance+Specifications
# Extracted from cpeval and modified to include Crossbeam and new appliances
echo "  *** hardware platform"  >> $OUTFILE 2>&1

# use mktemp to create temp files based on PID
# Inconsistencies in mktemp across platforms, REMMED out mktemp, forcing manual definition
# APPLTMP=`mktemp -t appliance.xxxxxxxx`
# NOCONNTMP=`mktemp -t appnoconn.xxxxxxxx`

APPLTMP=$TMP/appliances
NOCONNTMP=$TMP/noconns

cat<<_ > $APPLTMP

Crossbeam Hardware - X Series
Product Code  Crossbeam
Thurley  Crossbeam-APM 9600
Bridgeport  Crossbeam-APM 8650
XBM-TBD  Crossbeam-APM 8600
XBM-TBD  Crossbeam-APM x700


Armageddon class - Check Point 61000 SGMs
Product Code  Security Gateway Blade
A-20  SGM-220
A-40  SGM-240
A-60  SGM-260


Prometheus class - Check Point 13000 models
Product Code  Security Gateway
P-370  Check Point 13500

Poseidon Class - Check Point 13800
P-380  Check Point 13800


Toxotai class - Check Point 4000 models
Product Code  Security Gateway
T-110  Check Point 2200
T-120  Check Point 4200
T-140  Check Point 4400
T-160  Check Point 4600
T-180  Check Point 4800
T-181  Check Point TE250


Pireus class - Check Point 12000 models
Product Code  Security Gateway  VSX Appliance
P-210  Check Point 12200
P-220  Check Point 12400
P-230  Check Point 12600
P-231  Check Point TE1000


Grizzly class - Check Point 21000 models
Product Code  Security Gateway  VSX Appliance
G-50  Check Point 21400
G-70  Check Point 21600
G-72  Check Point 21700
G-75  Check Point 21800


London class - Series 80 models
Product Code  Security Gateway 80
L-50  Security Gateway 80

Hoverfly class - 11000 models
Product Code  Power-1  VSX-1
P-30  Power-1 11000 Series  VSX-1 11000 Series


Dragonfly class - xx7x models
Product Code  Power-1  UTM-1  Connectra  Smart-1  VSX-1
  Platforms Group  Platforms Group  VPN Group  Platforms Group  High End Gateway
Security Group
U-10    UTM-1 270  Connectra 270
U-15    UTM-1 570
U-20    UTM-1 1070
U-30    UTM-1 2070
U-40    UTM-1 3070  Connectra 3070  Smart-1 3074  VSX-1 3070
P-10  Power-1 5070
P-20  Power-1 9070    Connectra 9072    VSX-1 9070

IP Series
Product Code  IP
IP-150  IP-150
IP-282  IP-282
IP-295  IP-295
IP-380  IP-380
IP-395  IP-395
IP-565  IP-565
IP-695  IP-695
IP-1285  IP-1285
IP-2455  IP-2455

IPS-1
Product Code  IPS-1
U-31  IPS-1 2076
P-11  IPS-1 5076
P-21  IPS-1 9076

DLP-1
DLP-1 specifications
U-42  DLP-1 2571
P-22  DLP-1 9571


Butterfly class - UTM-1 130
Product Code  UTM-1
U-5  UTM-1 130

Stonefly class - Smart-1 models
Product Code  Smart-1
S-10  Smart-1 5
S-20  Smart-1 25
S-21  Smart-1 25b
S-30  Smart-1 50
S-40  Smart-1 150

Socrates class - Smart-1 models
Product Code  Smart-1
ST-5  Smart-1 205
ST-10  Smart-1 210
ST-25  Smart-1 225
ST-50  Smart-1 3050
ST-150  Smart-1 3150

Tombo class - NEC Univerge models
Product Code  UTM-1
BT0161-00001  UNIVERGE UnifiedWall 1000
BT0161-00002  UNIVERGE UnifiedWall 2000
BT0161-00003  UNIVERGE UnifiedWall 4000

Doda class - xx50 models
Product Code  UTM-1
C2_UTM  UTM-1 450
C6_UTM  UTM-1 1050
C6P_UTM  UTM-1 2050

Seattle Class - 600 and 1100 (for reference only)
Product Code  SMB
L-50    SG80
L-61i   CIP 1100
L-62    CIP 1200R

Miscellaneous
VMware Virtual Platform VE

_

# a list of appliance names to exclude from connections-sampling -
# each name (e.g. "UTM-1 130") should be in a separate line, no quotes.
cat<<_ > $NOCONNTMP
_

product_name() # extract "Product Name" from DMI's System Information section:
{
  (dmidecode) 2>&1 \
    | awk '/System Information/,/^Handle/ {if ($2=="Name:") print}' \
    | sed 's/^.*Product Name: //' # e.g. "U-10-00"
}

product_code() # extract an appliance's significant part of a product-name:
{
  product_name | awk -F'-|_' '{print $2 ? $1"-"$2 : "N/A"}' # e.g. 'U-10'
}

security_gateway() # find the first name matching a product-code:
{
  awk -F'  ' "gensub(\"_\", \"-\", 1, \$1)==\"$(product_code)\" {
    for (i=2; i<=NF; i++) if (\$i) {print \$i; exit} # e.g. 'UTM-1 270'
  }" $APPLTMP
}

NAME="{unidentified}"
MEM="{not calculated}"

if [ "$RUNOS" = "Linux" ]
   then
       NAME=`security_gateway`
       if [ "$NAME" ]
         then
           grep -xq "$NAME" $NOCONNTMP && unset CONNS
         else
           NAME=`product_name` # e.g. "VMware Virtual Platform"
       fi
       MEM=`awk '/^MemTotal:/ {printf "%.0f",$2/1024}' /proc/meminfo`
     elif [ "$RUNOS" = "IPSO" ]
       then
           NAME=`(ipsctl -n hw:motherboard:modelname) 2>/dev/null` # e.g. "IP690"
           MEM=`ipsctl -n net:ip:cluster:physical_memory`
fi

echo "   * Appliance: $NAME" >> $OUTFILE 2>&1
echo "   * Total Physical Memory: $MEM MB"   >> $OUTFILE 2>&1

##############################################################################
#                                                                            #
#   Hyper-threading Check                                                    #
#                                                                            #
##############################################################################

if [ $ISTORVALDS = "1" ]
    then
      smallbreak
      cpuinfo >> $OUTFILE 2>&1
      if [ -f /proc/smt_status ]
         then
            SMTSTAT=`cat /proc/smt_status`
            echo "Hyper-Threading (SMT) Status: $SMTSTAT"  >> $OUTFILE 2>&1
      fi
      secbreak
fi

##############################################################################
#                                                                            #
#   LOM Check                                                                #
#                                                                            #
##############################################################################

if [ "$RUNOS" = "Linux" ]
   then
       HASLOM=`lspci | grep -ci aspeed`; export HASLOM
       if [ "$HASLOM" != "0" ] || [ "$lom_exists" = "1" ]
         then
           echo "LOM installed" >> $OUTFILE 2>&1
           secbreak
         else
             echo "LOM possibly not installed" >> $OUTFILE 2>&1
             secbreak
       fi
fi

##############################################################################
#                                                                            #
#   Array Controller Check                                                   #
#                                                                            #
##############################################################################

# Note: Tested on systems with only 1 array

if [ "$RUNOS" = "Linux" ]
   then
       HASMPT=`lspci | grep -ci "mpt sas"`; export HASMPT
       if [ "$HASMPT" != "0" ]
          then
              echo "LSI Array controller installed. Status check: " >> $OUTFILE 2>&1
              HASMPTSTATUS=`type -P mpt-status`
              if [ $HASMPTSTATUS != "" ]
                 then
                     mpt-status  >> $OUTFILE 2>&1
              fi

              HASLSIUTIL=`type -P lsiutil`; export HASLSIUTIL
              if [ $HASLSIUTIL != "" ]
                 then
                     lsiutil -s  >> $OUTFILE 2>&1
                     lsiutil check_state >> $OUTFILE 2>&1
                     secbreak
              fi
       fi
fi



##############################################################################
#                                                                            #
#   END of the appliance stuff                                               #
#                                                                            #
##############################################################################

# Source CP variables -- just in case
# Source CP variables -- just in case
if [ -f /etc/profile.d/CP.sh ]
   then
       echo "....... Sourcing CP Variables file /etc/profile.d/CP.sh" >> $OUTFILE
       source /etc/profile.d/CP.sh
   else
       echo "....... CP Variables file at /etc/profile.d/CP.sh not present. Attempting sourcing of CPprofile.sh" >> $OUTFILE
        if [ -f /opt/CPshared/5.0/tmp/.CPprofile.sh ]
           then
               echo "....... Sourcing CPprofile Variables file /opt/CPshared/5.0/tmp/.CPprofile.sh" >> $OUTFILE
               source /opt/CPshared/5.0/tmp/.CPprofile.sh
           else

       ###
       # Use advanced search to find latest .CPprofile.sh
       ###
       VER=0
       for x in `seq 85 60`;
           do
             if [ -r  "/opt/CPshrd-R$x/tmp/.CPprofile.sh" ]
                then
                    echo "....... Sourcing CPprofile Variables file /opt/CPshrd-R$x/tmp/.CPprofile.sh" >> $OUTFILE
                    source /opt/CPshrd-R$x/tmp/.CPprofile.sh
                    VER=$x
                    break
             fi
       done
       if [ $VER -eq 0 ]
          then
              for x in `seq 85 60`; do for y in `seq 99 1`;
                  do
                    if [ -f "/opt/CPshrd-R$x.$y/tmp/.CPprofile.sh" ]
                       then
                           echo "....... Sourcing CPprofile Variables file /opt/CPshrd-R$x.$y/tmp/.CPprofile.sh" >> $OUTFILE
                           source /opt/CPshrd-R$x.$y/tmp/.CPprofile.sh
                           VER=$x$y
                           break
                    fi
              done
              if [ $VER -ne 0 ]
                 then
                     break
              fi
              done
       fi
       if [ $VER -eq 0 ]
          then
              a=$(echo {85..60})
              b=$(echo {99..1})
              for x in $a;
                  do
                    if [ -r  "/opt/CPshrd-R$x/tmp/.CPprofile.sh" ]
                       then
                           echo "....... Sourcing CPprofile Variables file /opt/CPshrd-R$x/tmp/.CPprofile.sh" >> $OUTFILE
                           source /opt/CPshrd-R$x/tmp/.CPprofile.sh
                           VER=$x
                           break
                    fi
              done
              if [ $VER -eq 0 ] ; then
              for x in $a; do for y in $b
                  do
                        if [ -f "/opt/CPshrd-R$x.$y/tmp/.CPprofile.sh" ]
                           then
                               echo "....... Sourcing CPprofile Variables file /opt/CPshrd-R$x.$y/tmp/.CPprofile.sh" >> $OUTFILE
                               source /opt/CPshrd-R$x.$y/tmp/.CPprofile.sh
                                VER=$x$y
                                break
                        fi
                done
                if [ $VER -ne 0 ]
                   then
                       break
                fi
                done
              fi
        fi
        if [ $VER -eq 0 ]
           then
               echo "!!!!! Warning: can't find either CP.sh nor .CPprofile.sh. Cannot proceed and therefore terminating execution !!!!!" >> $OUTFILE
               echo "!!!!! Warning: can't find either CP.sh nor .CPprofile.sh. Cannot proceed and therefore terminating execution !!!!!"
           exit 1
        fi
    fi
fi
if [ -f /etc/profile.d/vsenv.sh ]
   then
      echo " ...... Sourcing VSX environment shell..." >> $OUTFILE 2>&1
      source /etc/profile.d/vsenv.sh
fi



FWLABEL=`$CPDIR/bin/cpprod_util CPPROD_GetValue CPshared CurrentLabel 1 | sed 's/ //g'` ; export FWLABEL
SWBVER=`echo $FWLABEL |awk 'BEGIN { FS="." } { print $1 }' | sed 's/R//g' | sed 's/ //g'`; export SWBVER
echo "Current FW Version Label is - $FWLABEL" >> $OUTFILE 2>&1

# What version of code?
smallbreak
fw ver  >> $OUTFILE 2>&1

secbreak


# Set some variables for use throughout the script for versioning
ISVSX=0
ISVSXSWB=0
ISSWB=0

##################################################################################
# Start of logic for Provider-1 / Multi-Domain                                   #
#                                                                                #
# Set a variable for use throughout the script in the event that MDM is detected #
##################################################################################

smallbreak
ISMDS=0
CHECKMDS=$MDSDIR
if [ "$CHECKMDS" != "" ]
   then
       ISMDS=1
       echo "   *** This is a Provider-1 / Multi-Domain Management System ***" >> $OUTFILE 2>&1
       # Ensure that environment variables are set properly
       if [ -f $MDS_SYSTEM/shared/OSdependency.sh ]
          then
              echo "....... Sourcing MDS OS Dependency file" >> $OUTFILE
              source $MDS_SYSTEM/shared/OSdependency.sh
          else
              echo "....... MDS OS Dependency file at $MDS_SYSTEM/shared/OSdependency.sh not present. Bypassing sourcing" >> $OUTFILE
       fi

fi



###################################################################################
# Start of logic for GAiA OS                                                      #
#                                                                                 #
# Set a variable for use throughout the script in the event that GAiA is detected #
###################################################################################

ISGAIA=0
if [ -f "/etc/appliance_config.xml" ]
   then
       ISGAIA=1
       echo "   *** System is running GAiA ***" >> $OUTFILE 2>&1
fi

##################################################################################
# Start of logic for VSX                                                         #
#                                                                                #
# Set a variable for use throughout the script in the event that VSX is detected #
# The second should address R75.40VS - future revs to come                       #
# Added a second variable for 75.40VS and later checks                           #
##################################################################################

if [ "$FWLABEL" = "V40" ]
  then
      ISVSX=1
      ISVSXSWB=0
      ISSWB=0
      echo "   *** System is running Legacy VSX ***" >> $OUTFILE 2>&1

  else

    if [ $SWBVER -gt 74 ]
      then
       ISVSX=0
       ISVSXSWB=0
       ISSWB=1
       CHECKVSX=`$CPDIR/bin/cpprod_util FwIsVSX` ; export CHECKVSX
       if [ $CHECKVSX = "1" ]
          then
             ISVSX=1
             ISVSXSWB=1
             echo "   *** System is running Virtual Systems ***" >> $OUTFILE 2>&1
       fi
    else
      ISVSX=0
      ISVSXSWB=0
      ISSWB=1
    fi
fi


##############################################################################
#                                                                            #
#   The Basics                                                               #
#                                                                            #
##############################################################################


secbreak

echo "   ########### Basic stuff ###########" >> $OUTFILE 2>&1
echo "     *** uptime ***" >> $OUTFILE 2>&1
# How long has the installation been running
uptime  >> $OUTFILE 2>&1

secbreak

if [ "$RUNOS" = "IPSO" ]
 then
     echo "     *** Net_Taskq ***" >> $OUTFILE 2>&1
     # How many cpus are dedicated to IO
     ps aux | grep net_taskq  >> $OUTFILE 2>&1
     ipsctl -a net:taskq:dev >> $OUTFILE 2>&1
     echo "     *** fw_worker ***" >> $OUTFILE 2>&1
     # How many cpus are dedicated to IO
     ps aux | grep fw_worker  >> $OUTFILE 2>&1

fi

if [ "$ISTORVALDS" = "1" ]
 then

##############################################################################
# PROCESS CHECKS                                                             #
# Simplifying piping of processes through the use of a file check temp file. #
# Reduces the manual coding and room for error                               #
##############################################################################

# Add any files desired to this list, ending at the "_"


# Simplifying piping of processes through the use of a process check temp file. Reduces the manual coding and room for error
# Add any processes desired to this list, ending at the "_"

# Inconsistencies in mktemp variable, forcing manual intervention
# PROCCHECKS=`mktemp -t proccheck.xxxxxxxx`
PROCCHECKS=$TMP/proccheck

cat<<_ > $PROCCHECKS
/proc/cpuinfo  # How many and what kinds of CPUs are in the installation
/proc/loadavg  # CPU Load Average
/proc/bus/pci/devices # What PCI devices are installed -- important for understanding the platform and NICs
/proc/sys/vm/balance_pgdat_debug  # Verify the new value of the balancing
/proc/sys/vm/balance_pgdat_limit  # Verify the new value of the balancing
/proc/sys/vm/balance_pgdat_order  # Verify the new value of the balancing
/proc/sys/vm/balance_pgdat_zone   # Verify the new value of the balancing
/proc/interrupts         # What Interrupts are being used (and where)
/proc/slabinfo
/proc/sys/net/ipv4/route/max_size  # Linux kernel parameters -- most often important when there's a large network
/proc/sys/net/ipv4/neigh/default/gc_thresh1  # kernel memory garbage collection
/proc/sys/net/ipv4/neigh/default/gc_thresh2  # kernel memory garbage collection
/proc/sys/net/ipv4/neigh/default/gc_thresh3  # kernel memory garbage collection
/proc/sys/net/ipv4/route/gc_timeout          # kernel memory garbage collection
/proc/sys/net/ipv4/route/gc_interval         # kernel memory garbage collection
/proc/sys/net/ipv4/route/gc_elasticity       # kernel memory garbage collection
/proc/sys/net/ipv6/route/max_size  # IPv6 route cache size
/proc/sys/net/ipv6/neigh/default/gc_thresh1  # v6 kernel memory garbage collection
/proc/sys/net/ipv6/neigh/default/gc_thresh2  # v6 kernel memory garbage collection
/proc/sys/net/ipv6/neigh/default/gc_thresh3  # v6 kernel memory garbage collection
/proc/sys/net/ipv6/route/gc_timeout          # v6 kernel memory garbage collection
/proc/sys/net/ipv6/route/gc_interval         # v6 kernel memory garbage collection
/proc/sys/net/ipv6/route/gc_elasticity       # v6 kernel memory garbage collection
/proc/ppk/cpls                               # SecureXL configuration for ClusterXL Load Sharing support
/proc/ppk/erdos                              # SXL Penalty box
_

# end of list of processes.  Start of code to pipe the processes to the checkup file

PROCLIST=`cat $PROCCHECKS | awk '{print $1}' `
echo
echo " ###################################################################"
echo " # Starting process checks...                                      #"
echo " ###################################################################"
echo

echo "#### Process checks ####" >> $OUTFILE 2>&1

 for PROCNAME in $PROCLIST; do
     if [ -e "$PROCNAME" ]; then
        echo " *** $PROCNAME ***" >> $OUTFILE 2>&1
        cat $PROCNAME >> $OUTFILE 2>&1
        smallbreak
    else
        echo " *** Host does not have $PROCNAME present ***" >> $OUTFILE 2>&1
        smallbreak
    fi
done

# End of process pipe.  Grab some specific information below


# More directly map IRQ to CPU
     echo " ##### IRQ to CPU detailed information #####" >> $OUTFILE 2>&1
     echo " IRQ -- CPU" >> $OUTFILE 2>&1
     for i in `ls /proc/irq/`
         do
            echo -n "$i -- " >> $OUTFILE 2>&1
            cat /proc/irq/$i/smp_affinity  >> $OUTFILE 2>&1
     done
     smallbreak

     echo " ##### egrep ip_dst_cache /proc/slabinfo" >> $OUTFILE 2>&1
     egrep ip_dst_cache /proc/slabinfo >> $OUTFILE 2>&1

     secbreak

     echo " ########## LowFree ##########" >> $OUTFILE 2>&1
     cat /proc/meminfo | grep -i lowfree >> $OUTFILE 2>&1
     smallbreak

     echo " ########## VMALLOC ##########" >> $OUTFILE 2>&1
     cat /proc/meminfo | grep -i vmalloc >> $OUTFILE 2>&1
     smallbreak

     echo " ######### CPD Scheduled Tasks ##########" >> $OUTFILE 2>&1
     # What tasks are scheduled using the CP Scheduler?
     cpd_sched_config print >> $OUTFILE 2>&1
     smallbreak
fi

secbreak


##########################################################################
# FILE CHECKS                                                            #
# Simplifying piping of files through the use of a file check temp file. #
# Reduces the manual coding and room for error                           #
##########################################################################

# Add any files desired to this list, ending at the "_"

# Inconsistencies in mktemp variable, forcing manual intervention
# FILECHECKS=`mktemp -t filecheck.xxxxxxxx`
FILECHECKS=$TMP/filecheck

cat<<_ > $FILECHECKS
/etc/resolv.conf    # What's the name resolution config -- sometimes performance is adversely influenced by bad DNS settings
/etc/ntpd.conf      # Time config
/etc/ntp.conf
/etc/hosts          # Local hosts file
/etc/modprobe.conf  # Any NIC or kernel tweaks?
/etc/sysctl.conf    # Any kernel tweaks?
/etc/ssh/sshd_config # Any hacks to sshd?
/etc/issue           # console banner file
/etc/issue.net       # network banner file
/etc/fstab           # File system table
/etc/motd            # message of the day file
/etc/grub.conf       # Grub config -- important to see vmalloc
/etc/gated.ami       # gated config file
/etc/gated_xl.ami    # gated config file
/etc/rc.d/rc.local   # local RC files -- any changes here (such as kernel tweaks)?
/etc/rc.d/rc.local.user   # local RC files -- any changes here (such as kernel tweaks)?
/etc/snmp/snmpd.conf # SNMP server paramters
/etc/snmp/snmpd.users.conf # SNMP users paramters
$FWDIR/boot/boot.conf              # Firewall boot params
/etc/fw.boot/boot.conf             # Firewall boot params
$FWDIR/boot/modules/fwkern.conf    # Any firewall kernel tweaks?
$PPKDIR/boot/modules/simkern.conf  # Any SIM tweaks?
$FWDIR/conf/discntd.if             # ClusterXL Disconnected Interfaces
$FWDIR/conf/cpha_hosts             # ClusterXL Monitored IPs
$FWDIR/conf/cphaprob.conf          # ClusterXL configuration tweaks (timers)
$FWDIR/conf/local.arp              # SPLAT / GAiA manual ARP
$FWDIR/conf/snmp.C                 # Firewall SNMP config
$FWDIR/conf/vsaffinity_exception.conf      # Relevant to R75.40VS and later Virtual systems only
$FWDIR/conf/masters                        # masters file
$MDSDIR/conf/external.if                   # Relevant to P1 / MDSM only
$FWDIR/conf/mta_postfix_options.cf         # R77 and later Postfix MTA custom options
$FWDIR/conf/fwopsec.conf                   # OPSEC / LEA configuration options
_

FILELIST=`cat $FILECHECKS | awk '{print $1}' `

smallbreak

echo
echo " ###################################################################"
echo " # Starting file checks...                                         #"
echo " ###################################################################"
echo

echo "#### File checks ####" >> $OUTFILE 2>&1

 for FILENAME in $FILELIST; do
     if [ -e "$FILENAME" ]
       then
         echo " *** $FILENAME ***" >> $OUTFILE 2>&1
         cat $FILENAME >> $OUTFILE 2>&1
         smallbreak
         secbreak
       else
         echo " *** Host does not have $FILENAME present ***" >> $OUTFILE 2>&1
         smallbreak
         secbreak
      fi
done

secbreak

if [ "$ISGAIA" = "1" ]
   then
      echo " *** GAiA Base OS config ***" >> $OUTFILE 2>&1
      clish -i -c "show configuration" >> $OUTFILE 2>&1
      smallbreak
      echo " *** Monitor Mode configuration ***" >> $OUTFILE 2>&1
      echo "`grep -i monitor /config/active | grep interface`"  >> $OUTFILE 2>&1
      secbreak
fi

##########################################################################
# MEMORY AND DISK CHECKS                                                 #
##########################################################################

echo "     *** Disk (Partition) utilization ***" >> $OUTFILE 2>&1
# Disk partition information
df -h >> $OUTFILE 2>&1
smallbreak


# Solaris doesn't seem to respect the || operand, so let's do it the hard way...
if [ "$ISTORVALDS" = "1" ]
   then
       echo " ########## free ##########" >> $OUTFILE 2>&1
       free >> $OUTFILE 2>&1
       smallbreak

       echo " ####### Disk utilization - file, df and du ########## " >> $OUTFILE 2>&1
       echo "     *** Files open currently: {# of allocated file handles} {# of free file handles} {system-wide limit} ***" >> $OUTFILE 2>&1
       cat /proc/sys/fs/file-nr >> $OUTFILE 2>&1

       echo "     *** Partition iNode utilization ***" >> $OUTFILE 2>&1
       # iNode utilization information
       df -i >> $OUTFILE 2>&1
       smallbreak
fi

if [ "$DODUCHECK" = "1" ]
   then
       echo "     *** du ***" >> $OUTFILE 2>&1
       # Disk Utilization information
       if [ "$ISTORVALDS" = "1" ]
          then
              du -h / --max-depth=2 >> $OUTFILE 2>&1
          else
              if [ "$RUNOS" = "IPSO" ]
                 then
                     du -h -d 2 / >> $OUTFILE 2>&1
                 else
                     du -sh /* >>  $OUTFILE 2>&1
              fi
       fi
   else
       echo "     *** du check being bypassed ***" >> $OUTFILE 2>&1
fi

smallbreak
secbreak


##########################################################################
# KERNEL BUFFER AND MODULE CHECKS                                        #
##########################################################################


echo "##########  DMESG ############" >> $OUTFILE 2>&1
dmesg >> $OUTFILE 2>&1

smallbreak
secbreak

# Module usage and alloc
if [ "$ISTORVALDS" = "1" ]
   then
       echo "##########  LSMOD  ############" >> $OUTFILE 2>&1
       lsmod >> $OUTFILE 2>&1
fi

smallbreak
secbreak

echo " ##### arp -an | wc -l: `arp -an | wc -l`" >> $OUTFILE 2>&1
# Number of ARP entries

secbreak

##############################################################################
##############################################################################
##                                                                          ##
##   Check Point Software Checks                                            ##
##                                                                          ##
##############################################################################
##############################################################################

echo
echo " ###################################################################"
echo " # Starting Check Point product checks...                          #"
echo " ###################################################################"
echo

echo "   ########### Check Point Software stuff ###########" >> $OUTFILE 2>&1

#############################################################################
#  FFEATURE CHECKS                                                          #
#############################################################################

echo "   ### Basic installed feature check ### " >> $OUTFILE 2>&1
$CPDIR/bin/cpprod_util CPPROD_GetKeyValues Products 0 >> $OUTFILE 2>&1

smallbreak


if [ "$ISMDS" != "1" ]
  then
      ##############################################################################
      #                                                                            #
      # Check what features (blades) are running (detailed check)                  #
      # This section was extracted from machine_info.sh (Eyal Sher, Raz Amir,      #
      # Eitan Lugassi)                                                             #
      #                                                                            #
      ##############################################################################

      # blades - format is: "short name for user" property-name [inner set-name]
      BLADECHECK=$TMP/blade_names
      BLADESTAT=$TMP/blade_disabled

      cat<<_ > $BLADECHECK
FW             firewall
MGMT           management
MNTR           monitor_blade
UDIR           user_dir_blade
VPN            VPN_1
QOS            floodgate
MAB            connectra
URLF           uf_integrated
A_URLF         advanced_uf_blade
AV             anti_virus_blade
ASPM           antispam_integrated
APP_CTL        application_firewall_blade
IPS            Name                      SD_profile
DLP            data_loss_prevention_blade
IA             identity_aware_blade_installed  identity_aware_blade
SSL_INSPECT    ssl_inspection_enabled
ANTB       anti_malware_blade
MON       real_time_monitor
EVNT           event_analyzer
RPTR           reporting_server
EVCOR          ips_event_correlator
EVNT           ips_event_manager
EVIN           smartevent_intro
MTA            mta_enabled
TED            threat_emulation_blade
_

      # property values that indicate a disabled blade:
       cat<<_ > $BLADESTAT
No_protection
not-installed
false
_

       # Run as function to support return codes

       activeblades() {
       # print a line, e.g. "Enabled Blades: FW MGMT VPN IPS":
       echo -n "* Active blades:" >> $OUTFILE 2>&1   # start a single line ...

       OBJ_FILE=$FWDIR/database/objects.C
       if ! [ -r $OBJ_FILE ] 2>/dev/null
          then
          echo " N/A - cannot read file: $OBJ_FILE"
            return 1
       fi

       REG_FILE=$CPDIR/registry/HKLM_registry.data
       if [ ! -r $REG_FILE ] 2>/dev/null
           then
            echo " N/A - cannot read file: $REG_FILE"
            return 1
       fi

       SIC_NAME=$(
        awk -F\" '
/^[[:blank:]]+:MySICname \("/ {
print toupper($2) # case-insensitive
exit              # one match only
}
' $REG_FILE
        )

        if [ -z "$SIC_NAME" ]
             then
              echo ' N/A - failed to retrieve SIC name'
              return 1
        fi

        OBJ_NAME=$(
        awk -F\( "
/^\t\t: \(/ {
# save current set's name as object's context:
obj=\$2
}
/^\t\t\t:sic_name \(/ {
# match the saved SIC name with current set's:
if (toupper(\$2)~/^\"$SIC_NAME\"/) {
print obj
exit
}
}
" $OBJ_FILE
        )

        if [ -z "$OBJ_NAME" ]
             then
              echo ' N/A - failed to match an object to SIC name'
              return 1
        fi

        # dump the local object:
        cat $OBJ_FILE | tr '\t' ' ' | sed -n "/^  : ($OBJ_NAME$/,/^  )/p" > $TMP/local_obj

        # go over the blades file, skip empty lines:
        grep -v "^[[:blank:]]*$" $BLADECHECK | while read LINE
        do
        eval "set -- $LINE" # set positional parameters ("eval" preserves quotes)
# try to find a blade's value - if unavailable, skip to next blade:
        sed -n "/^   :${3-$2} (/,/^   )/p" $TMP/local_obj | \
grep "^   ${3+ }:$2 (" > $TMP/blade_val || continue
# match value for "disabled" - if unmatched, assume enabled:
        grep -wqf $BLADESTAT $TMP/blade_val || \
echo -n " $1"  # append the blade's name to line, e.g. " MGMT"
        done
        echo # end the blades line (carriage-return)
        }

        activeblades >> $OUTFILE 2>&1
        smallbreak

        if [ -z "$SIC_NAME" ]
           then
                echo "Unable to determine SIC name of module" >> $OUTFILE 2>&1
           else
                echo "SIC Name of module: $SIC_NAME" >> $OUTFILE 2>&1
        fi
        smallbreak

        if [ -z "$OBJ_NAME" ]
             then
                echo "Unable to determine object name of module" >> $OUTFILE 2>&1
             else
                echo "Object name: $OBJ_NAME" >> $OUTFILE 2>&1
        fi
        smallbreak
        # Cleanup temporary files
        rm $TMP/local_obj
        rm $TMP/blade_val
        rm $BLADECHECK
        rm $BLADESTAT
fi

#############################################################################
#  STATUS CHECKS                                                            #
#############################################################################

# Not all the commands work on all platforms.  Giving some feedback to the end user pacifies concerns
warnuser

# Firewall-1 Process list - Run only if not on an MDS
if [ "$ISMDS" != "1" ]
   then
       echo " ########## cpwd_admin list ##########" >> $OUTFILE 2>&1
       cpwd_admin list >> $OUTFILE 2>&1
       smallbreak
fi

echo " ########## cpstat stuff ##########" >> $OUTFILE 2>&1
echo "     *** -f cpu os ***" >> $OUTFILE 2>&1
cpstat -f cpu os >> $OUTFILE 2>&1
echo "     *** -f memory os ***" >> $OUTFILE 2>&1
cpstat -f memory os >> $OUTFILE 2>&1
echo "     *** -f multi_cpu os ***" >> $OUTFILE 2>&1
cpstat -f multi_cpu os >> $OUTFILE 2>&1
echo "     *** -f all os ***" >> $OUTFILE 2>&1
cpstat -f all os >> $OUTFILE 2>&1

secbreak

# Run some feature checks if on a gateway
if [ `cpprod_util FwIsFirewallModule` = "1" ] && [ "$ISVSX" != "1" ]
  then
   # Check for the presence of the new ips command
   IPSPROGCHK=`type -P ips`

   echo " ########## Gateway checks ##########"  >> $OUTFILE 2>&1
   echo "     *** -f all fw ***"  >> $OUTFILE 2>&1
   cpstat -f all fw >> $OUTFILE 2>&1
   echo "     *** -f sysinfo cvpn ***" >> $OUTFILE 2>&1
   cpstat -f sysinfo cvpn >> $OUTFILE 2>&1
   echo "     *** -f all vpn ***"  >> $OUTFILE 2>&1
   cpstat -f all vpn >> $OUTFILE 2>&1
   smallbreak
   echo "     *** ASM / IPS ***"  >> $OUTFILE 2>&1
   cpstat -f default asm >> $OUTFILE 2>&1
   cpstat -f WS asm >> $OUTFILE 2>&1

   # Basic URLF cache check -- can use refinement
   if [ "$ISSWB" = "1" ]
      then
          echo "     ### URL Filtering Cache Status ###"  >> $OUTFILE 2>&1
          fw tab -t urlf_cache_tbl -s >> $OUTFILE 2>&1
          smallbreak
          APURCACHE=( `grep cache_max_hash_size $FWDIR/database/rad_services.C | awk '{print $2}' `)
          echo "     *** URLF Cache table size: ${APURCACHE[4]} " >> $OUTFILE 2>&1
          smallbreak
          echo "     ### Application Control Status ###"  >> $OUTFILE 2>&1
          fw tab -t appi_connections -t appi_session_table -s >> $OUTFILE 2>&1
          smallbreak
          echo "     *** Application Control Cache table size: ${APURCACHE[3]} " >> $OUTFILE 2>&1


          smallbreak
          echo "  ### Usercheck configuration parameters ###" >> $OUTFILE 2>&1
          echo "    *** UserCheck HTTPD.CONF *** " >> $OUTFILE 2>&1
          echo "  `grep ServerLimit /opt/CPUserCheckPortal/conf/httpd.conf` " >> $OUTFILE 2>&1
          echo "  `grep MaxClients /opt/CPUserCheckPortal/conf/httpd.conf` " >> $OUTFILE 2>&1
          echo "  `grep MinSpareServers /opt/CPUserCheckPortal/conf/httpd.conf` " >> $OUTFILE 2>&1
          echo "  `grep StartServers /opt/CPUserCheckPortal/conf/httpd.conf` " >> $OUTFILE 2>&1
          smallbreak
          echo "    *** UserCheck PHP.INI *** " >> $OUTFILE 2>&1
          echo "  `grep session.gc_maxlife /opt/CPUserCheckPortal/conf/php.ini` " >> $OUTFILE 2>&1
          smallbreak
   fi

   if [ "$IPSPROGCHK" != "" ]
      then
         echo "     *** IPS Configuration ***"  >> $OUTFILE 2>&1
         ips stat >> $OUTFILE 2>&1
         smallbreak
   fi
   echo "     *** FloodGate ***"  >> $OUTFILE 2>&1
   cpstat -f all fg >> $OUTFILE 2>&1

   # Check for the presence of the IA command for AD
   ADPROGCHK=`type -P adlog`
   if [ "$ADPROGCHK" != "" ]
      then
         echo "    #### Identity Awareness Active Directory ####"  >> $OUTFILE 2>&1
         cpstat -f default identityServer >> $OUTFILE 2>&1
         smallbreak
         echo "     *** DC Connectivity ***"  >> $OUTFILE 2>&1
         adlog a dc  >> $OUTFILE 2>&1
         smallbreak
         echo "     *** DC statistics ***"  >> $OUTFILE 2>&1
         adlog a statistics >> $OUTFILE 2>&1
         smallbreak
         echo "     *** IA Suspected Service Accounts ***"  >> $OUTFILE 2>&1
         adlog a service_accounts >> $OUTFILE 2>&1
         smallbreak
         echo "     *** IA Authentication Metrics ***"  >> $OUTFILE 2>&1
         cpstat identityServer -f authentication >> $OUTFILE 2>&1
   fi

   # Check for the presence of the IA command for PDP
   PDPPROGCHK=`type -P pdp`
   if [ "$PDPPROGCHK" != "" ]
      then
         echo "    #### Identity Awareness Personality Detection (PDP) ####"  >> $OUTFILE 2>&1
         pdp status show >> $OUTFILE 2>&1
         smallbreak
         echo "     *** PDP connections to enforcement points ***"  >> $OUTFILE 2>&1
         pdp connections pep >> $OUTFILE 2>&1
         smallbreak
         echo "     *** PDP connections to terminal servers ***"  >> $OUTFILE 2>&1
         pdp connections ts >> $OUTFILE 2>&1
         smallbreak
         echo "     *** PDP tables ***"  >> $OUTFILE 2>&1
         fw tab -t pdp_sessions -t pdp_super_sessions -t pdp_super_sessions -t pdp_encryption_keys -t pdp_whitelist -t pdp_timers -t pdp_expired_timers -t pdp_ip -t pdp_net_db -t pdp_cluster_stat  -s >> $OUTFILE 2>&1
         smallbreak
   fi

   # Check for the presence of the IA command for PEP
   PEPPROGCHK=`type -P pep`
   if [ "$PEPPROGCHK" != "" ]
      then
         echo "    #### Identity Awareness Personality Enforcement (PEP) ####"  >> $OUTFILE 2>&1
         pep show stat >> $OUTFILE 2>&1
         smallbreak
         echo "     *** PEP connections to Detection points (PDP) ***"  >> $OUTFILE 2>&1
         pep show pdp all >> $OUTFILE 2>&1
         smallbreak
         echo "     *** PEP tables ***"  >> $OUTFILE 2>&1
         fw tab -t pep_pdp_db -t pep_networks_to_pdp_db -t pep_net_reg -t pep_reported_network_masks_db -t pep_port_range_db -t pep_async_id_calls -t pep_client_db -t pep_identity_index -t pep_revoked_key_clients -t pep_src_mapping_db -t pep_log_completion -s >> $OUTFILE 2>&1
         smallbreak
   fi

   # Check for the presence of TED commands
   TEDPROGCHK=`type -P tecli`
   if [ "$TEDPROGCHK" != "" ]
      then
         echo "    #### Threat Emulation Basic Statistics ####"  >> $OUTFILE 2>&1
         tecli s s >> $OUTFILE 2>&1
         smallbreak
         echo "    #### Threat Emulation Cloud Information ####"  >> $OUTFILE 2>&1
         tecli s c i >> $OUTFILE 2>&1
         smallbreak
         echo "    #### Threat Emulation Cloud Quota Status ####"  >> $OUTFILE 2>&1
         tecli s c q >> $OUTFILE 2>&1
         smallbreak

   fi

   echo "     *** Provisioning Agent ***"  >> $OUTFILE 2>&1
   cpstat -f default PA >> $OUTFILE 2>&1
   echo "     *** LS ***"  >> $OUTFILE 2>&1
   cpstat -f default ls >> $OUTFILE 2>&1
   echo "     *** High Availability ***"  >> $OUTFILE 2>&1
   cpstat -f default ha >> $OUTFILE 2>&1

   unset IPSPROGCHK
   unset TEDPROGCHK
   unset PDPPROGCHK
   unset PEPPROGCHK
  else
   echo "### Node is not a gateway or is a VSX system. FW Module checks bypassed ###"  >> $OUTFILE 2>&1
fi

secbreak

# Run some feature checks if on a manager and NOT P1
if [ "$ISMDS" != "1" ]
   then
       if [ `cpprod_util FwIsFirewallMgmt` = "1" ]
         then
            echo " ### Management checks ###"  >> $OUTFILE 2>&1
            echo "     *** Management ***"  >> $OUTFILE 2>&1
            cpstat -f default mg >> $OUTFILE 2>&1
            echo "     *** Cert Authority ***"  >> $OUTFILE 2>&1
            cpstat -f default ca >> $OUTFILE 2>&1
            smallbreak
            echo "     *** Policies ***" >> $OUTFILE 2>&1
            echo "       *** Number of policies: `grep rule-base $FWDIR/conf/rulebases_5_0.fws | wc -l`" >> $OUTFILE 2>&1
            RULELIST=`grep rule-base $FWDIR/conf/rulebases_5_0.fws | awk 'BEGIN { FS="##" } { print $2 }' | awk 'BEGIN { FS="\"" } { print $1 }' `
            for RULENAME in $RULELIST; do
                 echo "       *** Policy Name: $RULENAME" >> $OUTFILE 2>&1
                   if [ -f $FWDIR/conf/$RULENAME.W ]
                        then
                            echo "            --- Number of rules in $RULENAME (compiled): `grep ":unified_rulenum (" $FWDIR/conf/$RULENAME.W | tail -n 1 | awk ' BEGIN { FS = "(" } { print $2 } ' | awk ' BEGIN { FS = ")" } { print $1 } '` " >> $OUTFILE
                            echo "            --- Number of Manual NAT rules in $RULENAME (compiled): `grep rule_adtr $FWDIR/conf/$RULENAME.W | wc -l` " >> $OUTFILE
                        else
                            echo "            --- Rulebase not compiled for installation" >> $OUTFILE
                   fi              
            done
            smallbreak
            echo "     *** revision control ***" >> $OUTFILE 2>&1
            if [ -d $FWDIR/conf/db_versions/repository/ ]
               then
                    echo "        *** Number of database revisions: `ls $FWDIR/conf/db_versions/repository/ | wc -l` " >> $OUTFILE 2>&1
               else
                    echo "        *** No Database revision directory." >> $OUTFILE 2>&1
            fi
            unset RULELIST
            unset RULENAME
            smallbreak
            # Some basic SmartEvent checks
            CHECKRTDIR=$RTDIR
            if [ "$CHECKRTDIR" = "" ]
               then
                  echo "     *** SmartEvent Stats ***" >> $OUTFILE 2>&1
                  echo "        *** Number of unprocessed records  `ls -l $RTDIR/distrib/* | wc -l` "  >> $OUTFILE 2>&1
                  smallbreak
            fi
            unset CHECKRTDIR
            smallbreak
            if [ ! -z "$(pgrep "cpsead")"  ]
               then
                   echo "     *** CPSEAD Stats ***" >> $OUTFILE 2>&1
                   cpstat cpsead >> $OUTFILE 2>&1
                   smallbreak
            fi
            if [ ! -z "$(pgrep "cpsemd")"  ]
               then
                   echo "     *** CPSEMD Stats ***" >> $OUTFILE 2>&1
                   cpstat cpsemd >> $OUTFILE 2>&1
                   smallbreak
            fi


            smallbreak
            # Edge checks
            echo "    *** Edge LibSW Version Check *** " >> $OUTFILE 2>&1
            LIBSWPATH=`$CPDIR/bin/cpprod_util CPPROD_GetProdDir EdgeCmp | sed 's/ //g'` ; export LIBSWPATH
            grep -i "version" $LIBSWPATH/libsw/version.txt >> $OUTFILE 2>&1
       else
           echo "### Node is not a manager. FW management checks bypassed ###"  >> $OUTFILE 2>&1
       fi
    else
        echo "### Provider-1 / MDSM Checks ###" >> $OUTFILE 2>&1
        echo "    *** MDS Stat ***" >> $OUTFILE 2>&1
        mdsstat >> $OUTFILE 2>&1
        for CMANAME in $($MDSVERUTIL AllCMAs)
            do
                mdsenv $CMANAME
                secbreak
                echo "   *** Checks for Domain $CMANAME *** " >> $OUTFILE 2>&1
                if [ `$CPDIR/bin/cpprod_util FwIsActiveManagement` = '1' ]
                    then
                        echo "     *** This CMA is the ACTIVE CMA for this customer" >> $OUTFILE 2>&1
                    else
                        echo "     *** This CMA is the BACKUP CMA for this customer" >> $OUTFILE 2>&1
                fi
                echo "     *** Management ***"  >> $OUTFILE 2>&1
                cpstat -f default mg >> $OUTFILE 2>&1
                smallbreak
                echo "     *** Policies ***" >> $OUTFILE 2>&1
                echo "       *** Number of policies: `grep rule-base $FWDIR/conf/rulebases_5_0.fws | wc -l`" >> $OUTFILE 2>&1
                RULELIST=`grep rule-base $FWDIR/conf/rulebases_5_0.fws | awk 'BEGIN { FS="##" } { print $2 }' | awk 'BEGIN { FS="\"" } { print $1 }' `
                for RULENAME in $RULELIST; do
                    echo "       *** Policy Name: $RULENAME" >> $OUTFILE 2>&1
                   if [ -f $FWDIR/conf/$RULENAME.W ]
                        then
                            echo "            --- Number of rules in $RULENAME (compiled): `grep ":unified_rulenum (" $FWDIR/conf/$RULENAME.W | tail -n 1 | awk ' BEGIN { FS = "(" } { print $2 } ' | awk ' BEGIN { FS = ")" } { print $1 } '` " >> $OUTFILE
                            echo "            --- Number of Manual NAT rules in $RULENAME (compiled): `grep rule_adtr $FWDIR/conf/$RULENAME.W | wc -l` " >> $OUTFILE
                        else
                            echo "            --- Rulebase not compiled for installation" >> $OUTFILE
                   fi
                done
                unset RULELIST
                unset RULENAME

                smallbreak
                echo "     *** revision control ***" >> $OUTFILE 2>&1
               if [ -d $FWDIR/conf/db_versions/repository/ ]
                  then
                      echo "        *** Number of database revisions: `ls $FWDIR/conf/db_versions/repository/ | wc -l` " >> $OUTFILE 2>&1
                  else
                      echo "        *** No Database revision directory." >> $OUTFILE 2>&1
               fi
                smallbreak
                echo "    *** Edge LibSW Version Check *** " >> $OUTFILE 2>&1
                LIBSWPATH=`$CPDIR/bin/cpprod_util CPPROD_GetProdDir EdgeCmp | sed 's/ //g'` ; export LIBSWPATH
                grep -i "version" $LIBSWPATH/libsw/version.txt >> $OUTFILE 2>&1
                smallbreak
                echo "    *** CMA Disk Utilization Check ***" >> $OUTFILE 2>&1
                du --max-depth=1 -h $FWDIR >> $OUTFILE 2>&1
                smallbreak
            done
        unset CMANAME
        mdsenv
fi


secbreak

############################################################################################
#  FW Acceleration Stuff                                                                   #
############################################################################################

# Not all the commands work on all platforms.  Giving some feedback to the end user pacifies concerns
warnuser

if [ `cpprod_util FwIsFirewallModule` = "1" ]
  then
      echo " ######## fwaccel stuff ########## " >> $OUTFILE 2>&1
      # VSX STUFF
      if [ "$ISVSX" = "1" ]
          # Begin VSX-specific logic for FWACCEL stuff
             then
                echo "############# THIS IS A VSX System ############" >> $OUTFILE 2>&1

                echo " ######## Connections ##########" >> $OUTFILE 2>&1
                cpstat -f conns vsx >> $OUTFILE 2>&1
                smallbreak

                echo " ######## fw ctl pstat ##########" >> $OUTFILE 2>&1
                fw ctl pstat >> $OUTFILE 2>&1
                smallbreak

                echo "     *** VSX STAT ***" >> $OUTFILE 2>&1
                vsx stat -v -l >> $OUTFILE 2>&1

                if [ "$ISVSXSWB" = "1" ]
                   then
                        echo "   *** 75.40VS or newer Virtual System Checks ***" >> $OUTFILE 2>&1
                        echo "       *** MSTAT ***" >> $OUTFILE 2>&1
                        fw vsx mstat >> $OUTFILE 2>&1
                        echo "       *** Resource Control ***" >> $OUTFILE 2>&1
                        fw vsx resctrl monitor show >> $OUTFILE 2>&1
                        fw vsx resctrl stat >> $OUTFILE 2>&1
                        echo "       *** Basic SIM Affinity settings ***" >> $OUTFILE 2>&1
                        fw ctl affinity -l >> $OUTFILE 2>&1
                        smallbreak
                fi

                echo "     *** VSX FWACCEL STAT ***" >> $OUTFILE 2>&1
                if [ "$ISVSXSWB" = "1" ]
                    then
                        fwaccel stat -a >> $OUTFILE 2>&1
                        smallbreak
                    else
                        fwaccel stat -all >> $OUTFILE 2>&1
                        smallbreak
                fi


                echo "--------------- CPHAPROB SYNCSTAT for VS0 ---------------" >> $OUTFILE 2>&1
                cphaprob -all syncstat >> $OUTFILE 2>&1
                smallbreak

                # Pipe the list of virtual devices to a temp file for parsing
                vsx stat -v | grep "|" | grep [1-9] | awk 'BEGIN { FS="|" } { print $1 $2} ' | awk 'BEGIN { FS=" " } { print $1, $2, $3 }' > $TMP/vsobjs


                # Run commands on all VS's (but not VR's or VSw's)
                 while IFS=: read VSLINE
                       do
                       VSNUM=`echo $VSLINE | awk 'BEGIN { FS=" " } { print $1 }'`
                       VSTYPE=`echo $VSLINE | awk 'BEGIN { FS=" " } { print $2 }'`
                       VSNAME=`echo $VSLINE | awk 'BEGIN { FS=" " } { print $3 }'`
                           if [ "$VSTYPE" = "S" ] || [ "$VSTYPE" = "B" ]
                             then

                                if [ "$ISVSXSWB" = "1" ]
                                   then
                                       smallbreak
                                       vsenv $VSNUM >> $OUTFILE 2>&1     # R75.40VS and later require some commands to be run from the VS context
                                       echo "  *** 75.40VS or newer Virtual System Checks for VS $VSNUM ***" >> $OUTFILE 2>&1
                                       echo "     *** VSX STAT ***" >> $OUTFILE 2>&1
                                       fw vsx stat -l -vsid $VSNUM >> $OUTFILE 2>&1
                                       smallbreak
                                       echo "     *** Detailed Affinity Settings ***" >> $OUTFILE 2>&1
                                       fw ctl affinity -l -x -vsid $VSNUM -flags tne >> $OUTFILE 2>&1
                                       smallbreak

                                       # Check SecureXL Status.
                                       ISFWACCEL=`fwaccel stat | grep Status | awk 'BEGIN { FS=" : " } { print $2}'`

                                       if [ "$ISFWACCEL" = "on" ]
                                          then
                                              echo "     *** FWACCEL Stat ***" >> $OUTFILE 2>&1
                                              fwaccel stats -s >> $OUTFILE 2>&1
                                              smallbreak
                                          else
                                              echo "    ** SecureXL Acceleration is disabled on this VS. **" >> $OUTFILE 2>&1
                                       fi

                                       echo "     *** FW Affinity Config ***" >> $OUTFILE 2>&1
                                       fw ctl affinity -l -x -vsid $VSNUM -flags tne  >> $OUTFILE 2>&1
                                       smallbreak
                                          # Check for the presence of the new ips command
                                             IPSPROGCHK=`type -P ips`

                                                echo " ########## Gateway checks ##########"  >> $OUTFILE 2>&1
                                                echo "     *** -f all fw ***"  >> $OUTFILE 2>&1
                                                cpstat -f all fw >> $OUTFILE 2>&1
                                                smallbreak
                                                echo "     *** -f sysinfo cvpn ***" >> $OUTFILE 2>&1
                                                cpstat -f sysinfo cvpn >> $OUTFILE 2>&1
                                                smallbreak
                                                echo "     *** -f all vpn ***"  >> $OUTFILE 2>&1
                                                cpstat -f all vpn >> $OUTFILE 2>&1
                                                smallbreak
                                                echo "     *** ASM / IPS ***"  >> $OUTFILE 2>&1
                                                cpstat -f default asm >> $OUTFILE 2>&1
                                                cpstat -f WS asm >> $OUTFILE 2>&1

                                                if [ "$IPSPROGCHK" != "" ]
                                                   then
                                                        echo "     *** IPS Configuration ***"  >> $OUTFILE 2>&1
                                                        ips stat >> $OUTFILE 2>&1
                                                        smallbreak
                                                fi
                                   else
                                       smallbreak
                                       vsx set $VSNUM >> $OUTFILE 2>&1

                                       # Check SecureXL Status.
                                       ISFWACCEL=`fwaccel stat | grep Status | awk 'BEGIN { FS=" : " } { print $2}'`

                               fi

                             echo "--------------- CPHAPROB SYNCSTAT for VS $VSNUM ---------------" >> $OUTFILE 2>&1
                             cphaprob syncstat >> $OUTFILE 2>&1
                             smallbreak

                              if [ "$ISFWACCEL" = "on" ]
                                 then
                                     echo "--------------- FWACCEL STATS for Virtual System # $VSNUM ---------------" >> $OUTFILE 2>&1
                                     echo "fwaccel conns count at `$DATEFUNC` is `fwaccel -vs $VSNUM conns | wc -l` " >> $OUTFILE 2>&1
                                     echo "fwaccel templates count at `$DATEFUNC` is `fwaccel -vs $VSNUM templates | wc -l` " >> $OUTFILE 2>&1
                                     smallbreak
                                     echo "     *** stat ***" >> $OUTFILE 2>&1
                                     fwaccel stat >> $OUTFILE 2>&1
                                     smallbreak
                                     echo "     *** stats ***" >> $OUTFILE 2>&1
                                     fwaccel stats >> $OUTFILE 2>&1
                                     smallbreak
                                     echo "     *** stats -s ***" >> $OUTFILE 2>&1
                                     fwaccel stats -s >> $OUTFILE 2>&1
                                     smallbreak
                                     echo "     *** stats -p ***" >> $OUTFILE 2>&1
                                     fwaccel stats -p >> $OUTFILE 2>&1
                                     smallbreak
                                  else
                                      echo "    ** SecureXL Acceleration is disabled on this VS. **" >> $OUTFILE 2>&1
                               fi

                               echo "--------------- TOP CONNECTIONS for Virtual System # $VSNUM ---------------" >> $OUTFILE 2>&1
                               fw -vs $VSNUM tab -t connections -t fwx_alloc -t fwx_cache -t frag_table -s  >> $OUTFILE 2>&1
                               if [ "$ISFWACCEL" = "on" ]
                                  then
                                       # If acceleration is enabled, we can leverage the SecureXL table for connections information
                                       echo " Count | Source IP | Destination IP | Destination Port" >> $OUTFILE 2>&1
                                       fwaccel conns |  awk '{printf "%-16s %-15s %-15s\n", $1,$3,$4}' | sort | uniq -c | sort -n -r | head -n 10 >> $OUTFILE 2>&1
                                       smallbreak
                               fi

                               # Without acceleration, we have to rely on the connections table
                               fw -vs $VSNUM tab -t connections -u | grep \; | awk '{print $9}' | sort -bg | uniq -c | sort -bg | head -n 10 >> $OUTFILE 2>&1

                               smallbreak
                               echo "-------------- INTERFACE INFORMATION FOR Virtual System # $VSNUM ---------------" >> $OUTFILE 2>&1
                               ifconfig -s  >> $OUTFILE 2>&1

                               smallbreak
                           fi
                         
                           # Reset back to VS 0
                           if [ "$ISVSXSWB" = "1" ]
                              then
                                  vsenv 0 >> $OUTFILE 2>&1     # R75.40VS and later require some commands to be run from the VS context
                              else
                                  vsx set 0 >> $OUTFILE 2>&1
                           fi

                 done < $TMP/vsobjs

          else
              # Check SecureXL Status.
              ISFWACCEL=`fwaccel stat | grep Status | awk 'BEGIN { FS=" : " } { print $2}'`
           
              if [ "$ISFWACCEL" = "on" ]
                  then
                     # FWACCEL Stuff on non-VSX/VS systems
                     echo "     *** stat ***" >> $OUTFILE 2>&1
                     fwaccel stat >> $OUTFILE 2>&1
                     echo "     *** stats ***" >> $OUTFILE 2>&1
                     fwaccel stats >> $OUTFILE 2>&1
                     echo "     *** stats -s ***" >> $OUTFILE 2>&1
                     fwaccel stats -s >> $OUTFILE 2>&1
                     echo "     *** stats -p ***" >> $OUTFILE 2>&1
                     fwaccel stats -p >> $OUTFILE 2>&1
                     echo "--------------- FWACCEL STATS  ----------------" >> $OUTFILE 2>&1
                     echo "fwaccel conns count at `$DATEFUNC` is `fwaccel conns | wc -l` " >> $OUTFILE 2>&1
                     echo "fwaccel templates count at `$DATEFUNC` is `fwaccel templates | wc -l` " >> $OUTFILE 2>&1
                     smallbreak
                  else
                     echo "    ** SecureXL Acceleration is disabled **" >> $OUTFILE 2>&1
              fi
       fi
      secbreak
      if [ "$ISVSX" != "1" ]
         then
           #CoreXL Stuff
           echo " ##### Multi-CPU #####" >> $OUTFILE 2>&1
           echo "     *** Licensed CPU Count ***" >> $OUTFILE 2>&1
           $FWDIR/bin/fw ctl get int fwlic_num_of_allowed_cpus >> $OUTFILE 2>&1
           echo "     *** multik ***"  >> $OUTFILE 2>&1
           fw ctl multik stat >> $OUTFILE 2>&1
           echo "     *** fw ctl affinity ***"  >> $OUTFILE 2>&1
           fw ctl affinity -l -r -v -a  >> $OUTFILE 2>&1
      fi
      smallbreak
      # SIM commands don't work in IPSO or Solaris
      if [ "ISTORVALDS" != "1" ]
         then
          echo " ##### sim affinity #####" >> $OUTFILE 2>&1
          echo "     *** -l ***" >> $OUTFILE 2>&1
          sim affinity -l >> $OUTFILE 2>&1
          echo "     *** -l -r -v -a ***" >> $OUTFILE 2>&1
          sim affinity -l -r -v -a >> $OUTFILE 2>&1
          smallbreak
         else
            if [ "$RUNOS" = "IPSO" ]
               then
                   echo " ##### IPSO Flow stat #####" >> $OUTFILE 2>&1
                   ipsofwd list >> $OUTFILE 2>&1
            fi
      fi
   else
      echo " ##### Node is not a gateway.  Acceleration and SIM checks bypassed #####" >> $OUTFILE 2>&1
      smallbreak
fi

#############################################################################
#  TABLES CHECKS                                                            #
#############################################################################


# Run certain commands if on a gateway but not running VSX
if [ `cpprod_util FwIsFirewallModule` = "1" ] && [ "$ISVSX" != "1" ]
  then
      echo " ######## fw tab ##########" >> $OUTFILE 2>&1
      echo "      *** connections and stuff ***" >> $OUTFILE 2>&1
      fw tab -t host_ip_addrs -t connections -t fwx_alloc -t fwx_cache -t frag_table -s  >> $OUTFILE 2>&1

      echo "      *** remote users ***" >> $OUTFILE 2>&1
      fw tab -t userc_users -s -t sslt_om_ip_params -t L2TP_tunnels -t om_assigned_ips -s  >> $OUTFILE 2>&1
      smallbreak

      echo " ######## fw ctl pstat ##########" >> $OUTFILE 2>&1
      fw ctl pstat >> $OUTFILE 2>&1
      smallbreak
   else
      echo " ### Node is not a gateway or is a VSX system.  Table and pstat checks bypassed." >> $OUTFILE 2>&1
      smallbreak
fi

#############################################################################
#  HIGH AVAILABILITY CHECKS                                                 #
#############################################################################


# Run certain commands only if the gateway thinks it's running in HA mode
if [ `cpprod_util FwIsHighAvail` = "1" ]
  then
     echo " ############# cphaprob stuff ##########" >> $OUTFILE 2>&1
     echo "     *** -a if ***" >> $OUTFILE 2>&1
     cphaprob -a if >> $OUTFILE 2>&1
     echo "     *** stat ***" >> $OUTFILE 2>&1
     cphaprob stat >> $OUTFILE 2>&1
     echo "     *** syncstat ***" >> $OUTFILE 2>&1
     cphaprob syncstat >> $OUTFILE 2>&1
     echo "     *** cpstat ***" >> $OUTFILE 2>&1
     cpstat ha -f all  >> $OUTFILE 2>&1
     echo "     *** list ***" >> $OUTFILE 2>&1
     cphaprob list >> $OUTFILE 2>&1
     echo "     *** MAC MAGIC NUMBERS AS CURRENTLY CONFIGURED ***" >> $OUTFILE 2>&1
     echo "         -- MAC MAGIC: `fw ctl get int fwha_mac_magic` " >> $OUTFILE 2>&1
     echo "         -- MAC FORWARD MAGIC: `fw ctl get int fwha_mac_forward_magic` " >> $OUTFILE 2>&1
     smallbreak
  else
     echo " #### Node is not running HA feature. cphaprob checks bypassed ####" >> $OUTFILE 2>&1
     smallbreak
fi

#############################################################################
#############################################################################
##  NETWORKING CHECKS                                                      ##
#############################################################################
#############################################################################

secbreak
echo
echo " ###################################################################"
echo " # Starting networking checks...                                   #"
echo " ###################################################################"
echo

echo "  #######################################################################"
echo "  ## NOTE: Not all network checks function on all systems. Some checks ##"
echo "  ## may result in warnings of Operation not supported. These warnings ##"
echo "  ## can be safely ignored.                                            ##"
echo "  ##                                                                   ##"
echo "  ## Press any key to continue                                         ##"
echo "  ## or wait 5 seconds and the script will continue automatically      ##"
echo "  #######################################################################"
read -n1 -t5 $1

warnuser

if [ "$ISMDS" = "1" ]
   then
       echo "## NOTE: Some network tests on Provider-1 or MDSM may return warnings ##"
fi


echo "####### netstat ########## " >> $OUTFILE 2>&1
echo "    *** -ni ***" >> $OUTFILE 2>&1
netstat -ni >> $OUTFILE 2>&1
smallbreak
echo "    *** -s ***" >> $OUTFILE 2>&1
netstat -s >> $OUTFILE 2>&1
smallbreak
echo "    *** -anp ***" >> $OUTFILE 2>&1
if [ "$RUNOS" = "IPSO" ]
   then
     netstat -an >> $OUTFILE 2>&1
     smallbreak
     echo "    *** -m ***" >> $OUTFILE 2>&1
     netstat -m  >> $OUTFILE 2>&1
   
     # Run checks for IPSO flows
     IPSOFLOWS=`ipsctl -n net:ip:forward:available_modes | grep -q -s flowpath`
     if [ "$IPSOFLOWS" -eq 0 ]
       then
         echo "    *** host is running IPSO Flows ***" >> $OUTFILE 2>&1
         echo "Flows active: $((`netstat -nF | wc -l`-2))" >> $OUTFILE 2>&1
         echo "   ***Flow stats***" >> $OUTFILE 2>&1
         ipsctl -a net:ip:flow >> $OUTFILE 2>&1
         smallbreak
       else
         echo "    *** host is not running IPSO Flows, bypassing flow checks ***"
     fi
     unset IPSOFLOWS
   else
     netstat -anp >> $OUTFILE 2>&1
     smallbreak
fi

secbreak

echo " ######## Interface stuff ########" >> $OUTFILE 2>&1
# Gather various interface statistics
if [ "$RUNOS" = "IPSO" ]
   then
       echo "     *** Basic IPSO NIC stats metrics ***" >> $OUTFILE 2>&1
       ipsctl -a net:ip:rxstats net:ip:txstat net:ip:misc:stats net:ip:frag:stats >> $OUTFILE 2>&1
       smallbreak

       if [ "ipsctl -n net:dev:adp_detect | egrep -v '0'" = "1" ]
          then
              echo "     *** ADP metrics ***" >> $OUTFILE 2>&1
              ipsctl -a net:dev:adp >> $OUTFILE 2>&1
              smallbreak
       fi
       echo "    *** Interface information ***" >> $OUTFILE 2>&1
       ifconfig -v -a >> $OUTFILE 2>&1
       smallbreak
     
       # REMmed OUT CONTENT REQUIRES ADDITIONAL LOGIC. MAY BE REDUNDANT TO -v -a ABOVE
       # echo "   *** IPSCTL metrics for $IFN ***" >> $OUTFILE 2>&1
       # ipsctl -a ifphys:$IFN:errors ifphys:$IFN:stats ifphys:$IFN:dev >> $OUTFILE 2>&1

   else
       if [ "$ISTORVALDS" = "1" ]
          then
              echo "     *** ifconfig -s ***"  >> $OUTFILE 2>&1
              ifconfig -s  >> $OUTFILE 2>&1
              smallbreak
              LIST=`ifconfig -s | grep -Ev "Iface|lo" | awk '{print $1}' `
              for IFN in $LIST; do
                  echo " ### Interface information for $IFN ###" >> $OUTFILE 2>&1
                  echo "   *** basics ***" >> $OUTFILE 2>&1
                  ifconfig -v $IFN >> $OUTFILE 2>&1
                  smallbreak

                  # Bonded Interface check
                  if [ ${IFN:0:4} = "bond" ]
                     then
                         cphaconf show_bond $IFN >> $OUTFILE 2>&1
                         cat /proc/interfaces/bond/$IFN >> $OUTFILE 2>&1
                         smallbreak
                  fi

                  echo "   *** settings ***" >> $OUTFILE 2>&1
                  ethtool $IFN >> $OUTFILE 2>&1
                  smallbreak
                  echo "   *** driver and firmware for $IFN ***" >> $OUTFILE 2>&1
                  ethtool -i $IFN >> $OUTFILE 2>&1
                  smallbreak
                  echo "   *** statistics for $IFN ***" >> $OUTFILE 2>&1
                  ethtool -S $IFN >> $OUTFILE 2>&1
                  smallbreak
                  echo "   *** Flow control for $IFN ***" >> $OUTFILE 2>&1
                  ethtool -a $IFN >> $OUTFILE 2>&1
                  smallbreak
                  echo "   *** ring settings for $IFN ***" >> $OUTFILE 2>&1
                  ethtool -g $IFN >> $OUTFILE 2>&1
                  echo "   *** TSO settings for $IFN ***" >> $OUTFILE 2>&1
                  ethtool -k $IFN >> $OUTFILE 2>&1
                  echo "   *** coalesce settings for $IFN ***" >> $OUTFILE 2>&1
                  ethtool -c $IFN >> $OUTFILE 2>&1
                  smallbreak
             done
       fi
fi

secbreak

#############################################################################
#############################################################################
##  FINAL CHECKS                                                           ##
#############################################################################
#############################################################################


echo
echo " ###################################################################"
echo " # Starting final checks...                                        #"
echo " ###################################################################"
echo

# Not all the commands work on all platforms.  Giving some feedback to the end user pacifies concerns
warnuser

#############################################################################
#  PROCESS CHECKS                                                           #
#############################################################################

echo " ########## process information ##########" >> $OUTFILE 2>&1
if [ "$ISTORVALDS" = "1" ]
   then
       ps -AFHwww >> $OUTFILE 2>&1
   else
       if [ "$RUNOS" = "IPSO" ]
          then
              ps auxwwwlSHmf >> $OUTFILE 2>&1
       fi
fi
smallbreak
if [ "$RUNOS" != "SunOS" ]
   then
       ps auxwwwf >> $OUTFILE 2>&1
   else
       ps -elf >>  $OUTFILE 2>&1
fi

secbreak


#############################################################################
#  TIME-REPEATED CHECKS (vmstat, iostat, top                                #
#############################################################################

if [ "$DOTIMEDCHECKS" = "1" ]
   then
       echo
       echo " ###################################################################"
       echo " ###################################################################"
       echo " ## Beginning Time-repeated checks. These checks each take a few  ##"
       echo " ## moments to execute...                                         ##"
       echo " ###################################################################"
       echo " ###################################################################"
       echo

       echo " ######### CPU Utilization Stuff #########" >> $OUTFILE 2>&1

       echo " ###################################################################"
       echo " # Running vmstat collection. This will take a few moments...      #"
       echo " ###################################################################"

       echo "     *** vmstat ***" >> $OUTFILE 2>&1
       vmstat 2 20 >> $OUTFILE 2>&1
       smallbreak

       if [ "$RUNOS" = "IPSO" ]
          then
             echo "        *** -i ***" >> $OUTFILE 2>&1
             vmstat -i >> $OUTFILE 2>&1
             smallbreak
             echo "        *** -z ***" >> $OUTFILE 2>&1
             vmstat -z >> $OUTFILE 2>&1
             smallbreak
       fi


       # Check for the presence of iostat
       IOCHECK=`type -P iostat`
       if [ "$IOCHECK" = "" ]
         then
            smallbreak
            echo "     *** bypassing IOSTAT collection ***" >> $OUTFILE 2>&1
         else
            echo
            echo " ###################################################################"
            echo " # Running IO statistics collection. This will take a few moments..#"
            echo " ###################################################################"
            echo "     *** iostat ***" >> $OUTFILE 2>&1
            iostat -x 2 10 >> $OUTFILE 2>&1
       fi

       secbreak

       #check for dumb terminal
       if [ ! -e /usr/share/terminfo/d/dumb ]
        then
          echo " ##### making dumb terminal symlink" >> $OUTFILE 2>&1
          mkdir /usr/share/terminfo/d > /dev/null 2>&1
          ln -s /usr/share/terminfo/x/xterm /usr/share/terminfo/d/dumb > /dev/null 2>&1
       fi


       if [ "$RUNOS" != "SunOS" ]
          then
              echo "     *** top ***" >> $OUTFILE 2>&1
              echo
              echo " ###################################################################"
              echo " # Running TOP. This will take a few moments...                    #"
              echo " ###################################################################"

              # CPULOOP is mentioned in top's manual to increase 1st-iteration accuracy
              # COLUMNS is used to allow showing longer command-lines on terminal output

              if [ "$RUNOS" != "IPSO" ]
                 then
                     COLUMNS=512 LINES=256 CPULOOP=1 top -bcSH -n 5 >> $OUTFILE 2>&1
                 else
                     top -mio -bSH -d 5  >> $OUTFILE 2>&1
              fi
       else
           echo "     *** prstat ***" >> $OUTFILE
           echo
           echo " ###################################################################"
           echo " # Running PRSTAT. This will take a few moments...                 #"
           echo " ###################################################################"

           prstat 3 5 >> $OUTFILE
     fi


     echo " ###################################################################"
     echo " # Gathering some additional CPU Load information.                 #"
     echo " # This will take a few moments...                                 #"
     echo " ###################################################################"

       # MPSTAT exists in GAiA but not SPLAT
       MPSCHECK=`type -P mpstat`
       if [ "$MPSCHECK" = "" ]
         then
            smallbreak
            echo "     *** bypassing mpstat collection ***" >> $OUTFILE 2>&1
         else
           echo "     *** MPSTAT metrics ***" >> $OUTFILE 2>&1
           # Linux and Solaris have different CLI switch requirements
           if [ "$ISTORVALDS" = "1" ]
              then
                  mpstat -P ALL 2 5 >> $OUTFILE 2>&1
              else
                  mpstat -p 2 5 >> $OUTFILE 2>&1
           fi
     fi

     smallbreak

     if [ "$RUNOS" != "SunOS" ]
        then
            echo "     *** /proc/stat metrics ***" >> $OUTFILE 2>&1
            # Plan to add logic to calculate per-CPU information soon. For now, it'll be manual
            echo "------- Columns --------" >> $OUTFILE 2>&1
            echo "CPU | user | nice | system | idle | iowait | irq | softirq " >> $OUTFILE 2>&1

            # Number of polling iterations to run
            LOOPEND=5
            LOOPTIME=1
            # Delay time -- how long to sleep between polling intervals
            SNOOZETIME=5

            while [ $LOOPTIME -le $LOOPEND ]
                  do
                    cat /proc/stat >> $OUTFILE 2>&1
                    # Increment the loop counter
                    (( LOOPTIME++ ))
                    # Take a nap
                    sleep $SNOOZETIME
            done
     fi

else
     echo " ###################################################################"
     echo " # Bypassing timed checks...                                       #"
     echo " ###################################################################"

fi

secbreak
echo "###### Completed checkup script for $HNAME at `date +"%F-%H%M"` ######" >> $OUTFILE 2>&1
secbreak


################################################################################
################################################################################
##                           SCRIPT CLEANUP                                   ##
################################################################################
################################################################################


# Clean up temp files
rm $APPLTMP
rm $NOCONNTMP
rm $PROCCHECKS
rm $FILECHECKS

# Clean up variables
unset HASMPTSTATUS
unset HASLSIUTIL
unset CHECKTMP
unset CHECKMDS
unset CHECKVSX
unset HASLOM
unset HASMPT
unset SCRVER
unset RUNOS
unset RUNOSFULL
unset ISTORVALDS
unset ISMDS
unset APPLTMP
unset NOCONNTMP
unset PROCLIST
unset PROCCHECKS
unset PROCNAME
unset IOCHECK
unset MPSCHECK
unset FWLABEL
unset BLADECHECK
unset BLADESTAT
unset SIC_NAME
unset OBJ_NAME
unset OBJ_FILE
unset REG_FILE
unset ISVSX
unset ISVSXSWB
unset ISGAIA
unset ISFWACCEL
unset FILELIST
unset VSNUM
unset VSLINE
unset VSTYPE
unset VSNAME
unset DODUCHECK
unset DOTIMEDCHECKS



# COMPLETED
echo
echo "#########################################################################"
echo "#########################################################################"
echo "  Data was collected into $OUTFILE"
echo "  The output file is `ls -lah $OUTFILE | awk '{ print $5 }'` in size.   "
echo "#########################################################################"
echo "#########################################################################"
echo
echo "#########################################################################"
echo "# Completed data acquisition. Thank you. Have a nice day.               #"
echo "#########################################################################"
echo
echo

# Clean up final variables - these couldn't be unset until the end
unset HNAME
unset NOW
unset OUTTO
unset OUTFILE

exit 0