1) CPView.
sk101878 | CPView Utility
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk101878&partition=General&product=Security
1a] To view a timestamp in history. We can also use this to verify against the
times that the issue was reported.
# cpview -t <timestamp>
Example:
# cpview -t 01Mar2015 10:54:15
1b] When we are experiencing an issue with high CPU on a firewall worker.
Identify the worker.
# top
Go to CPView
# cpview
Advanced > CoreXL > Instances > Find the particular instance that we
are seeing high CPU
'Statistics are NOT active (may affect performance). Press 'a' to activate.
You will then be prompted to type 'y' to proceed.
You should be able to scroll down in the instance pane and find the devices
that are being handled by this firewall worker instance.
You can deactivate it by following the same steps to activate it.
1c] We can also look at the following areas to see what services may be causing
this issue.
CPU > Top-Protocols > Instances > Find the particular instance that we
are seeing high CPU
Network > Top-Connections (OR) Top-Protocols
2) CPKstats
Should we not be able to access CPView again, we can follow the below SK to get
the same results.
sk103293 | How to get per CPU statistics and TOP FW-lock consumers with
cpkstats
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103293&partition=Expert&product=CoreXL%22
3) The CPView database failed to upload for some reason and I was hoping that
we could upload that one more time from each firewall.
# tar czvf /var/log/cpview_`hostname`.tgz /var/log/CPView_history/CPViewDB.dat
# cpinfo -n -f /var/log/cpview* -s 1-8319371181 -u <UserCenter Username>
4) The core dump that was generated was a User Check core dump and I'm not sure
that it would cause the issue that we saw as the failover time where we lost
all connections to the gateways did not add up to when the core dump was
generated.
-----------------------
User Mode Core Dumps
-----------------------
total 45868
-rw-r--r-- 1 admin root 46912760 Jul 29 15:32 usrchkd.28001.core.gz
