cpstat

Description

Shows the status and statistics information for Check Point applications.

Syntax on a Management Server in Gaia Clish or the Expert mode

cpstat [-d] [-h <Host>] [-p <Port>] [-s <SICname>] [-f <Flavor>] [-o <Polling Interval> [-c <Count>] [-e <Period>]] <Application Flag>

Syntax on a Security Gateway / Cluster Member in Gaia Clish or the Expert mode

cpstat [-d] [-h <Host>] [-p <Port>] [-s <SICname>] [-f <Flavor>] [-o <Polling Interval> [-c <Count>] [-e <Period>]] <Application Flag>

Syntax on a Scalable Platform Security Group in Gaia gClish

cpstat [-d] [-h <Host>] [-p <Port>] [-s <SICname>] [-f <Flavor>] [-o <Polling Interval> [-c <Count>] [-e <Period>]] <Application Flag>

Syntax on a Scalable Platform Security Group in the Expert mode

g_all cpstat [-d] [-h <Host>] [-p <Port>] [-s <SICname>] [-f <Flavor>] [-o <Polling Interval> [-c <Count>] [-e <Period>]] <Application Flag>

Note - You can write the parameters in the syntax in any order.

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

The output shows the SNMP queries and SNMP responses for the applicable SNMP OIDs.

-h <Host>

Optional.

When you run this command on a Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server., this parameter specifies the managed Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / ClusterXL Cluster of Check Point Security Gateways that work together in a redundant configuration. The ClusterXL both handles the traffic and performs State Synchronization. These Check Point Security Gateways are installed on Gaia OS: (1) ClusterXL supports up to 5 Cluster Members, (2) VRRP Cluster supports up to 2 Cluster Members, (3) VSX VSLS cluster supports up to 13 Cluster Members. Note: In ClusterXL Load Sharing mode, configuring more than 4 Cluster Members significantly decreases the cluster performance due to amount of Delta Sync traffic. object.

<Host> is an IPv4 address, a resolvable hostname, or a DAIP object name.

The default is localhost.

Note - On a Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS., you must run this command in the context of the applicable Domain Management Server Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS.:mdsenv <IP Address or Name of Domain Management Server>.

-p <Port>

Optional.

Port number of the Application Monitoring (AMON) server.

The default port is 18192.

-s <SICname>

Optional.

Secure Internal Communication (SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.) name of the Application Monitoring (AMON) server.

-f <Flavor>

Optional.

Specifies the type of the information to collect.

If you do not specify a flavor explicitly, the command uses the first flavor in the <Application Flag>. To see all flavors, run the cpstat command without any parameters.

-o <Polling Interval>

Optional.

Specifies the polling interval (in seconds) - how frequently the command collects and shows the information.

Examples:

0 - The command shows the results only once and the stops (this is the default value).
5 - The command shows the results every 5 seconds in the loop.
30 - The command shows the results every 30 seconds in the loop.
N - The command shows the results every N seconds in the loop.

Use this parameter together with the "-c <Count>" parameter and the "-e <Period>" parameter.

Example:

cpstat os -f perf -o 2

-c <Count>

Optional.

Specifies how many times the command runs and shows the results before it stops.

You must use this parameter together with the "-o <Polling Interval>" parameter.

Examples:

0 - The command shows the results repeatedly every <Polling Interval> (this is the default value).
10 - The command shows the results 10 times every <Polling Interval> and then stops.
20 - The command shows the results 20 times every <Polling Interval> and then stops.
N - The command shows the results N times every <Polling Interval> and then stops.

Example:

cpstat os -f perf -o 2 -c 2

-e <Period>

Optional.

Specifies the time (in seconds), over which the command calculates the statistics.

You must use this parameter together with the "-o <Polling Interval>" parameter.

You can use this parameter together with the "-c <Count>" parameter.

Example:

cpstat os -f perf -o 2 -c 2 -e 60

<Application Flag>

Mandatory.

See the table below with flavors for the application flags.

These flavors are available for the application flags

Note - The available flags depend on the enabled Software Blades. Some flags are supported only by a Security Gateway / ClusterXL, and some flags are supported only by a Management Server.

Feature or Software Blade	Flag	Flavors
List of enabled Software Blades	`blades`	`fw, ips, av, urlf, vpn, cvpn, aspm, dlp, appi, anti_bot, default, content_awareness, threat-emulation, default`
Operating System	`os`	`default, ifconfig, routing, routing6, memory, old_memory, cpu, disk, perf, multi_cpu, multi_disk, raidInfo, sensors, power_supply, hw_info, all, average_cpu, average_memory, statistics, updates, licensing, connectivity, vsx`
Firewall	`fw`	`default, interfaces, policy, perf, hmem, kmem, inspect, cookies, chains, fragments, totals, totals64, ufp, http, ftp, telnet, rlogin, smtp, pop3, sync, log_connection, all`
HTTPS Inspection Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi.	`https_inspection`	`default, hsm_status, all`
Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA.	`identityServer`	`default, authentication, logins, ldap, components, adquery, idc, muh`
Application Control Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI.	`appi`	`default, subscription_status, update_status, RAD_status, top_last_hour, top_last_day, top_last_week, top_last_month`
URL Filtering Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF.	`urlf`	`default, subscription_status, update_status, RAD_status, top_last_hour, top_last_day, top_last_week, top_last_month`
IPS Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System).	`ips`	`default, statistics, all`
Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV.	`ci`	`default`
Threat Prevention	`antimalware`	`default, scanned_hosts, scanned_mails, subscription_status, update_status, ab_prm_contracts, av_prm_contracts, ab_prm_contracts, av_prm_contracts`
Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE.	`threat-emulation`	default, general_statuses, update_status, scanned_files, malware_detected, scanned_on_cloud, malware_on_cloud, average_process_time, emulated_file_size, queue_size, peak_size, file_type_stat_file_scanned, file_type_stat_malware_detected, file_type_stat_cloud_scanned, file_type_stat_cloud_malware_scanned, file_type_stat_filter_by_analysis, file_type_stat_cache_hit_rate, file_type_stat_error_count, file_type_stat_no_resource_count, contract, downloads_information_current, downloading_file_information, queue_table, history_te_incidents, history_te_comp_hosts
Threat Extraction Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX.	`scrub`	`default, subscription_status, threat_extraction_statistics`
Mobile Access Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB.	`cvpn`	`cvpnd, sysinfo, products, overall`
VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts.	`vsx`	`default, stat, traffic, conns, cpu, all, memory, cpu_usage_per_core`
IPsec VPN Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access.	`vpn`	`default, product, IKE, ipsec, traffic, compression, accelerator, nic, statistics, watermarks, all`
Data Loss Prevention Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP.	`dlp`	`default, dlp, exchange_agents, fingerprint`
Content Awareness Check Point Software Blade on a Security Gateway that provides data visibility and enforcement. See sk119715. Acronym: CTNT.	`ctnt`	`default`
QoS Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency.	`fg`	`all`
High Availability A redundant cluster mode, where only one Cluster Member (Active member) processes all the traffic, while other Cluster Members (Standby members) are ready to be promoted to Active state if the current Active member fails. In the High Availability mode, the Cluster Virtual IP address (that represents the cluster on that network) is associated: (1) With physical MAC Address of Active member (2) With virtual MAC Address. Synonym: Active/Standby. Acronym: HA.	`ha`	`default, all`
Policy Server for Remote Access VPN An encrypted tunnel between remote access clients (such as Endpoint Security VPN) and a Security Gateway. clients	`polsrv`	`default, all`
Desktop Policy Server for Remote Access VPN clients	`dtps`	`default, all`
LTE / GX	`gx`	`default, contxt_create_info, contxt_delete_info, contxt_update_info, contxt_path_mng_info, GXSA_GPDU_info, contxt_initiate_info, gtpv2_create_info, gtpv2_delete_info, gtpv2_update_info, gtpv2_path_mng_info, gtpv2_cmd_info, all`
Management Server	`mg`	`default, log_server, indexer`
Certificate Authority	`ca`	`default, crl, cert, user, all`
SmartEvent	`cpsemd`	`default`
SmartEvent Correlation Unit SmartEvent software component on a SmartEvent Server that analyzes logs and detects events.	`cpsead`	`default`
Log Server Dedicated Check Point server that runs Check Point software to store and process logs.	`ls`	`default`
CloudGuard Controller	`vsec`	`default`
SmartReporter	`svr`	`default`
Provisioning Check Point Software Blade on a Management Server that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: SmartProvisioning, SmartLSM, Large-Scale Management, LSM. Agent	`PA`	`default`
Thresholds configured with the "`threshold_config`" command	`thresholds`	`default, active_thresholds, destinations, error`
Historical status values	`persistency`	`product, TableConfig, SourceConfig`

Examples

Example - Performance

[Expert@HostName:0]# cpstat os -f perf -o 2 -c 2 -e 60

Total Virtual Memory (Bytes):            12417720320

Active Virtual Memory (Bytes):           3741331456

Total Real Memory (Bytes):               8231063552

Active Real Memory (Bytes):              3741331456

Free Real Memory (Bytes):                4489732096

Memory Swaps/Sec:                        -

Memory To Disk Transfers/Sec:            -

CPU User Time (%):                       0

CPU System Time (%):                     0

CPU Idle Time (%):                       100

CPU Usage (%):                           0

CPU Queue Length:                        -

CPU Interrupts/Sec:                      135

CPUs Number:                             8

Disk Servicing Read\Write Requests Time: -

Disk Requests Queue:                     -

Disk Free Space (%):                     61

Disk Total Free Space (Bytes):           12659716096

Disk Available Free Space (Bytes):       11606188032

Disk Total Space (Bytes):                20477751296

Total Virtual Memory (Bytes):            12417720320

Active Virtual Memory (Bytes):           3741556736

Total Real Memory (Bytes):               8231063552

Active Real Memory (Bytes):              3741556736

Free Real Memory (Bytes):                4489506816

Memory Swaps/Sec:                        -

Memory To Disk Transfers/Sec:            -

CPU User Time (%):                       3

CPU System Time (%):                     0

CPU Idle Time (%):                       97

CPU Usage (%):                           3

CPU Queue Length:                        -

CPU Interrupts/Sec:                      140

CPUs Number:                             8

Disk Servicing Read\Write Requests Time: -

Disk Requests Queue:                     -

Disk Free Space (%):                     61

Disk Total Free Space (Bytes):           12659716096

Disk Available Free Space (Bytes):       11606188032

Disk Total Space (Bytes):                20477751296

[Expert@HostName:0]#