# Monitoring Checkpoint firewall with OpenTelemetry

Checkpoint SMB (Spark) offers built-in OpenTelemetry support, enabling users to export logs to OpenTelemetry-compatible servers for monitoring and visualization in tools like Grafana.

[![An OpenTelemetry Pipeline](https://www.dash0.com/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Frdn92ihu%2Fproduction%2Fb1c172e7f1a8895bf3b9a2a6d4ab10f9f93161b5-2902x1398.png%3Fw%3D2902%26h%3D1398%26fit%3Dmax%26auto%3Dformat&w=3840&q=100 align="left")](https://www.dash0.com/guides/opentelemetry-collector)

Source: [https://www.dash0.com/guides/opentelemetry-collector](https://www.dash0.com/guides/opentelemetry-collector)

## Importing the Dashboard

Rather than building a dashboard from scratch, you can import a pre-configured one that includes all the key Checkpoint metrics. The dashboard is available [here](https://grafana.com/grafana/dashboards/24789-checkpoint/) and can be imported directly into Grafana in just a few clicks.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1770143097216/c46c8ad3-c43b-444f-9580-b434dc5125e1.png align="center")

## Receiver Configuration (Prometheus)

For infrastructure simplicity, we'll deploy the Prometheus server using Docker Compose. One critical configuration is required to enable Prometheus as a receiver:

`--web.enable-remote-write-receiver`: This flag enables Prometheus to receive telemetry data remotely.

**Complete docker-compose.yml:**

```yaml
services:
    prometheus:
        image: prom/prometheus:v3.9.0
        container_name: prometheus
        volumes:
          - ./prometheus/:/etc/prometheus
          - ./prometheus-volume:/prometheus
        ports:
          - 9090:9090
        command:
          - '--config.file=/etc/prometheus/prometheus.yml'
          - '--storage.tsdb.path=/prometheus'
          - '--web.console.libraries=/usr/share/prometheus/console_libraries'
          - '--web.console.templates=/usr/share/prometheus/consoles'
          - '--log.level=debug'
          - '--storage.tsdb.retention.time=1y'
          - '--web.enable-admin-api'
          - '--web.enable-remote-write-receiver'
        restart: unless-stopped
```

**Verify Prometheus Installation**

After launching the docker-compose file, verify that Prometheus is running using: `docker compose ps`

## Checkpoint Configuration

Connect on the firewall and Navigate to **Logs and Monitoring → Diagnostics → OpenTelemetry** and configure the following:

1. **Enable OpenTelemetry**: Check the box "Monitor this appliance using OpenTelemetry"
    
2. **Set the Endpoint URL**: Enter `http://<Prometheus_server_IP>:9090/api/v1/write`
    
    * Example: `http://10.10.10.100:9090/api/v1/write`
        
3. **Client Authentication** (optional):
    
    * If authentication is enabled, provide the Username and Password
        
    * If not required, leave these fields blank
        
4. **Server Authentication** (optional):
    
    * Can be ignored when Prometheus is using HTTP (non-TLS)
        

The "Test Connection" feature can be used to validate the configuration. **Note:** A known issue exists where HTTPS connections using domain name will fail the connection test, even though telemetry data is being transmitted successfully.

![Configuration Example](https://cdn.hashnode.com/res/hashnode/image/upload/v1770065437035/d7b0ab96-7503-4ef6-ad7d-ee44f0c53ba6.png align="center")

## Viewing Data in Grafana

With Grafana set up and Prometheus added as a data source, visualizing your Checkpoint telemetry becomes straightforward.

To view the data:

1. Navigate to Drilldown → Metrics in Grafana
    
2. Apply a filter: service\_name = CPviewExporter
    
3. If everything is configured properly, metrics from your Checkpoint firewall should appear
    

This confirms that your OpenTelemetry integration is working as expected.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1770065696933/3a2ca4ef-db91-4558-aeef-9cfa3999aed7.png align="center")

The [Skyline Administration Guide](https://sc1.checkpoint.com/documents/Appliances/Skyline/Content/Topics-Metrics/Skyline-Metrics-Repository.htm?tocpath=Skyline%20Metrics%20Repository%7C_____0) provides detailed information on all available metrics for building Grafana dashboards.

## Debug Mode

If data isn't being transmitted to your receiver, SSH into the gateway and troubleshoot using these commands:

```bash
# Enter expert mode
expert

# Navigate to the collector directory
cd /opt/CPotelcol/

# Monitor logs in real-time
tail -f otelcol.log
```

**Additional troubleshooting steps:**

* Review configuration: `cat config.yaml`
    
* Stop the collector: `./stop`
    
* Start the collector: `./start`