The following seems to work for us on the Pro version.

Let me know if you have any questions,

Name: Checkpoint HA Status

Message: Checkpoint HA Status Alert

Send Recovery Notification: <selected>

Requires ALL conditions to match: status_event equals alert

Device Match: type equals firewall

Entity Match: status_descr match High Availability*

On Fri, May 13, 2016, at 03:17, Robin Cook wrote:

Hello,

We have a few checkpoint firewalls and I am looking to generate email alerts when the HA status changes from OK to critical.

The Observium logs look a bit like this when it occurs:

2016-05-12 16:58:30	High Availability (standby)	Status Alert: cpnew02 High Availability (standby) entered ALERT state: CRITICAL (previous: OK)
2016-05-12 16:58:28	cpfw04	Features -> ClusterXL inactive or machine is down
2016-05-11 10:30:04	High Availability (standby)	Status updated: checkpoint-ha-state haStatCode.0 High Availability (standby)
2016-05-11 10:28:03	High Availability (standby)	Status Ok: cpnew02 High Availability (down) entered OK state: OK (previous: CRITICAL)

Does anyone have any advice on how to build the alert checker for this? The high Availability icon looks to be a traffic lights one while the devices themselves show as the normal device icon – so I think they may be discovered as separate entities.

I am also a bit unsure on how to filter to the OS “Check Point GAiA R77.45 (standby)” so for now have just been using device type firewall.

Many thanks,

Robin

PLEASE READ: This message is for the designated recipient(s) only and may contain privileged, proprietary, and/or confidential information.
If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Any views or opinions expressed are solely those of the author and do not necessarily represent those of MDSL..

_______________________________________________

observium mailing list