Check_mk-if64 for palo alto firewall "packets dropped" not indicated/alarmed by checkmk

Troubleshooting
1

We got reports about packet loss on one of our interfaces.

Checkmk shows no errors on the interface

image
image1171×711 78.5 KB

[ae2.165]
Operational state: up
Speed: unknown
In: 2.02 MB/s
Out: 11.3 MB/s
Errors in: 0%
Multicast in: 0 packets/s
Broadcast in: 0 packets/s
Unicast in: 15554.79 packets/s
Non-unicast in: 0 packets/s
Discards in: 0 packets/s
Errors out: 0%
Multicast out: 0 packets/s
Broadcast out: 0 packets/s
Unicast out: 17206.9 packets/s
Non-unicast out: 0 packets/s
Discards out: 0 packets/s

But in the cli of the firewall we see packets dropped 699808055 for the interface
how can I make checkmk to check/alarm dropped packets as well ?

Or would checkmk report this as output/output error in if “packets dropped” increases ?

show interface ae2.165

--------------------------------------------------------------------------------
Name: ae2.165, ID: 142, 802.1q tag: 165
Operation mode: layer3
Virtual router default-vr
Interface MTU 1500
Interface IP address: 172.xx.xx.xx/29
Interface management profile: ping from any
ping: yes telnet: no ssh: no http: no https: no
snmp: no response-pages: no userid-service: no
Service configured: BGP
Zone: xx-vpn1, virtual system: vsys1
Adjust TCP MSS: no
Policing: no
--------------------------------------------------------------------------------
Logical interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 18783396042456
bytes transmitted 91313987641820
packets received 1982655908
packets transmitted 506245609
receive errors 0
packets dropped 699808055
packets dropped by flow state check 577676
forwarding errors 0
no route 1781814
arp not found 56708
neighbor not found 0
neighbor info pending 0
mac not found 0
packets routed to different zone 1844
land attacks 0
ping-of-death attacks 0
teardrop attacks 0
ip spoof attacks 0
mac spoof attacks 0
ICMP fragment 0
layer2 encapsulated packets 0
layer2 decapsulated packets 0
tcp cps 464
udp cps 559
sctp cps 0
other cps 0

CMK version: Check_MK version 2.0.0p19 CEE

Error message:

Output of “cmk --debug -vvn hostname”: (If it is a problem with checks or plugins)

2

Packet drops on the logical interface indicate traffic that is dropped by the firewall before security rulebase processing due to the received traffic being of a type that the firewall cannot process.

This behavior is to be expected.

Also ist packets dropped gar nicht der richtige conter und checkmk macht alles fein.

3

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.