So… you want see what happened at 3am on the firewall but don’t have the money for orion, or other expensive monitoring software? Check out this bash script to monitor processes on your Check Point Firewall:
Ok, this is really basic, but you get the idea:
#!/bin/bash
# Warning:
#
# * Scripting is not a supported feature. The user
# should implement scripts with care. This is
# only a demo of how sample code might work.
#
# The script should be something like, overtime.sh and
#
# first, make sure that it's executable:
# chmod u+x overtime.sh
#
# then, run it:
# ./overtime.sh
#
# You'll get a file that has date time stamps in it.
#
# use common sense so that scripts do not run forever
# don't let a script fill your hard drive. /var usually
# has the most space available for running scripts like this
#
# If you are getting timed out, run from a cron job without
# the while loop, or increase/remove idle time
#
# It should contain the following:
#
while true; do
# adjust the date output to something like: 200707071200
DATE=`/bin/date +%Y%m%d%H%M`
# do your commands. Note > overwrites, while >> appends
echo $DATE >> SR-NUMBER.debug
echo '------------------------------------' >> SR-NUMBER.debug
vmstat -n 3 5 >> SR-NUMBER.debug
echo '------------vmstat------------------' >> SR-NUMBER.debug
cat /proc/meminfo >> SR-NUMBER.debug
echo '-------procmeminfo------------------' >> SR-NUMBER.debug
fw tab -t connections -s >> SR-NUMBER.debug
echo '-------------fwtab------------------' >> SR-NUMBER.debug
top -n 1 >> SR-NUMBER.debug
echo '--------------top-------------------' >> SR-NUMBER.debug
fw ctl pstat >> SR-NUMBER.debug
echo '--------------free------------------' >> SR-NUMBER.debug
free >> SR-NUMBER.debug
echo '------------------------------------' >> SR-NUMBER.debug
# sleep is measured in seconds, 1200 = 10 minutes.
sleep 2400
done
If you are looking for more commands for specific types of things to monitor, refer to the Check Point Splat Commands list.