cpstat

Description

Displays the status and statistics information of Check Point applications.

Syntax

cpstat [-d] [-h <Host>] [-p <Port>] [-s <SICname>] [-f <Flavor>] [-o <Polling Interval> [-c <Count>] [-e <Period>]] <Application Flag>

Note - You can write the parameters in the syntax in any order.

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

The output shows the SNMP queries and SNMP responses for the applicable SNMP OIDs.

-h <Host>

Optional.

When you run this command on a Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server., this parameter specifies the managed Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

<Host> is an IPv4 address, a resolvable hostname, or a DAIP object name.

The default is localhost.

Note - On a Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS., you must run this command in the context of the applicable Domain Management ServerClosed Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS.:mdsenv <IP Address or Name of Domain Management Server>.

-p <Port>

Optional.

Port number of the Application Monitoring (AMON) server.

The default port is 18192.

-s <SICname>

Optional.

Secure Internal Communication (SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.) name of the Application Monitoring (AMON) server.

-f <Flavor>

Optional.

Specifies the type of the information to collect.

If you do not specify a flavor explicitly, the command uses the first flavor in the <Application Flag>. To see all flavors, run the cpstat command without any parameters.

-o <Polling Interval>

Optional.

Specifies the polling interval (in seconds) - how frequently the command collects and shows the information.

Examples:

  • 0 - The command shows the results only once and the stops (this is the default value).

  • 5 - The command shows the results every 5 seconds in the loop.

  • 30 - The command shows the results every 30 seconds in the loop.

  • N - The command shows the results every N seconds in the loop.

Use this parameter together with the "-c <Count>" parameter and the "-e <Period>" parameter.

Example:

cpstat os -f perf -o 2

-c <Count>

Optional.

Specifies how many times the command runs and shows the results before it stops.

You must use this parameter together with the "-o <Polling Interval>" parameter.

Examples:

  • 0 - The command shows the results repeatedly every <Polling Interval> (this is the default value).

  • 10 - The command shows the results 10 times every <Polling Interval> and then stops.

  • 20 - The command shows the results 20 times every <Polling Interval> and then stops.

  • N - The command shows the results N times every <Polling Interval> and then stops.

Example:

cpstat os -f perf -o 2 -c 2

-e <Period>

Optional.

Specifies the time (in seconds), over which the command calculates the statistics.

You must use this parameter together with the "-o <Polling Interval>" parameter.

You can use this parameter together with the "-c <Count>" parameter.

Example:

cpstat os -f perf -o 2 -c 2 -e 60

<Application Flag>

Mandatory.

See the table below with flavors for the application flags.

These flavors are available for the application flags

Note - The available flags depend on the enabled Software Blades. Some flags are supported only by a Security Gateway, and some flags are supported only by a Management Server.

Feature or Software Blade

Flag

Flavors

List of enabled Software Blades

blades

fw, ips, av, urlf, vpn, cvpn, aspm, dlp, appi, anti_bot, default, content_awareness, threat-emulation, default

Operating System

os

default, ifconfig, routing, routing6, memory, old_memory, cpu, disk, perf, multi_cpu, multi_disk, raidInfo, sensors, power_supply, hw_info, all, average_cpu, average_memory, statistics, updates, licensing, connectivity, vsx

Firewall

fw

default, interfaces, policy, perf, hmem, kmem, inspect, cookies, chains, fragments, totals, totals64, ufp, http, ftp, telnet, rlogin, smtp, pop3, sync, log_connection, all

HTTPS InspectionClosed Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi.

https_inspection

default, hsm_status, all

Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA.

identityServer

default, authentication, logins, ldap, components, adquery, idc, muh

Application ControlClosed Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI.

appi

default, subscription_status, update_status, RAD_status, top_last_hour, top_last_day, top_last_week, top_last_month

URL FilteringClosed Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF.

urlf

default, subscription_status, update_status, RAD_status, top_last_hour, top_last_day, top_last_week, top_last_month

IPSClosed Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System).

ips

default, statistics, all

Anti-VirusClosed Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV.

ci

default

Threat Prevention

antimalware

default, scanned_hosts, scanned_mails, subscription_status, update_status, ab_prm_contracts, av_prm_contracts, ab_prm_contracts, av_prm_contracts

Threat EmulationClosed Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE.

threat-emulation

default, general_statuses, update_status, scanned_files, malware_detected, scanned_on_cloud, malware_on_cloud, average_process_time, emulated_file_size, queue_size, peak_size, file_type_stat_file_scanned, file_type_stat_malware_detected, file_type_stat_cloud_scanned, file_type_stat_cloud_malware_scanned, file_type_stat_filter_by_analysis, file_type_stat_cache_hit_rate, file_type_stat_error_count, file_type_stat_no_resource_count, contract, downloads_information_current, downloading_file_information, queue_table, history_te_incidents, history_te_comp_hosts

Threat ExtractionClosed Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX.

scrub

default, subscription_status, threat_extraction_statistics

Mobile AccessClosed Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB.

cvpn

cvpnd, sysinfo, products, overall

VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts.

vsx

default, stat, traffic, conns, cpu, all, memory, cpu_usage_per_core

IPsec VPNClosed Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access.

vpn

default, product, IKE, ipsec, traffic, compression, accelerator, nic, statistics, watermarks, all

Data Loss PreventionClosed Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP.

dlp

default, dlp, exchange_agents, fingerprint

Content AwarenessClosed Check Point Software Blade on a Security Gateway that provides data visibility and enforcement. Acronym: CTNT.

ctnt

default

QoSClosed Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency.

fg

all

High AvailabilityClosed A redundant cluster mode, where only one Cluster Member (Active member) processes all the traffic, while other Cluster Members (Standby members) are ready to be promoted to Active state if the current Active member fails. In the High Availability mode, the Cluster Virtual IP address (that represents the cluster on that network) is associated: (1) With physical MAC Address of Active member (2) With virtual MAC Address. Synonym: Active/Standby. Acronym: HA.

ha

default, all

Policy Server for Remote Access VPNClosed An encrypted tunnel between remote access clients (such as Endpoint Security VPN) and a Security Gateway. clients

polsrv

default, all

Desktop Policy Server for Remote Access VPN clients

dtps

default, all

LTE / GX

gx

default, contxt_create_info, contxt_delete_info, contxt_update_info, contxt_path_mng_info, GXSA_GPDU_info, contxt_initiate_info, gtpv2_create_info, gtpv2_delete_info, gtpv2_update_info, gtpv2_path_mng_info, gtpv2_cmd_info, all

Management Server

mg

default, log_server, indexer

Certificate Authority

ca

default, crl, cert, user, all

SmartEvent

cpsemd

default

SmartEvent Correlation UnitClosed SmartEvent software component on a SmartEvent Server that analyzes logs and detects events.

cpsead

default

Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs.

ls

default

CloudGuard Controller

vsec

default

SmartReporter

svr

default

ProvisioningClosed Check Point Software Blade on a Management Server that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: SmartProvisioning, SmartLSM, Large-Scale Management, LSM. Agent

PA

default

Thresholds configured with the threshold_config command

thresholds

default, active_thresholds, destinations, error

Historical status values

persistency

product, TableConfig, SourceConfig

Examples