Support needs a plethora of system information about the Check Point products running on a given device. This can be obtained with a single data collection action: Generating a CPinfo.
Note: If you need the configuration of a given device, then you must get the CPinfo from the management server. In a standalone deployment, the firewall and management server are on the same device, so only requires the one CPinfo from that device.
Please see related Checkpoint SKs on collecting a cpinfo in special environment (such as in an environment with MDS management).
Quick Syntax Reference:
When collecting for analysis, please use following (both append .gz to output <filename>):
R77+ : cpinfo -z -d -o /var/log/<filename>
Pre-r77 : cpinfo -n -z -o /var/log/<filename>
CPinfo collects the entire firewall installation directory, including $FWDIR/log/* files (but not all logs). Some of the other viewable information includes:
Output of the netstat command.
Output of ipconfig /all command.
OS and service-patch levels.
CPUs and memory.
Output of fw ctl pstat command.
System message logs IMPORTANT: this only collects the first /var/log/messages file, if troubleshooting a system issue please also collect (ASAP) messages.0 – messages.X on the gateway.
Determine the version of cpinfo first as they have released one that has a different command line structure. This is in R77+ but if cust manually updated it will still be the newer utility that has different syntax.
run from expert mode:
cpvinfo /opt/CPinfo-10/bin/cpinfo | grep Build
For version 9120000xxx (R77+):
This version COMBINES cpinfo AND the cp_uploader utility:
The major changes here is as follows:
1) You no longer have to specify “Does not resolve network addresses (faster)” (as it is by default) as the -n now is only used for uploader for “Don’t create CPinfo file (used in combination with “-f” flag)”. DO NOT USE -n in cpinfo command for this version as apparently you won’t get a cpinfo file!
2) SmartUpdate no longer just generates a cpinfo file, it automatically uploads it to CHECK POINT, so not to us, IE is useless to us (SmartUpdate option has changed from “Generate CPinfo” to “Upload diagnostics (CPinfo) to Check Point”)
When obtaining the CP info for Nexum. Please use the command ‘cpinfo -z -d -o <filename>’ (in expert mode if running Secureplatform, but expert is not required in Gaia Clish), and answer no to questions it asks…
The flags -n, -f, -s, -u, and -e are used for the uploader utility (uploads to Check Point), so should not be used by Nexum unless assisting CP in collecting data from customer.
# cpinfo [-v] [-l] [-a] [-z] [-k] [-n] [-i] [-f <FILE1> <FILE2> … ] [-s <SR_Number>] [-u <username>] [-y all | <product>] [-o <filename>] [-c <Domain> | -x <VSID>] [-e <e-mail1>,<e-mail2>,<e-mail3>,…] [-d] [-h]
-v – Show CPinfo version information
-l – Include Log files
-n – Don’t create CPinfo file (used in combination with “-f” flag)
-z – Output is gzipped
-k – Include FireWall Kernel Tables dump
-i – Non-interactive mode
-f <FILE> – Upload additional files (separated with space) to Check Point server
-s <SR_Number> – Specifies the ticket number
-u <username> – Connects to User Center with username and password
-y – Show Installed hotfixes
-o – Specifies CPinfo output file name
-c <Domain> – Generate CPinfo for a certain Domain (Multi-Domain Management only)
-x <VSID> – Generate CPinfo for a certain VSID (VSX mode only)
-e <e-mail> – Specifies e-mail addresses (separated by comma) to notify about upload status
-d – Don’t check for updates
-a – Force update check (the check is weekly by default)
-h – Display this help and exit
For versions 9110000xxx (pre-R77):
When obtaining the CP info for Nexum. Please use the command ‘cpinfo -n -z -o <filename>’ (in expert mode if running Secureplatform or Gaia)…
Alternatively (more user friendly), you can also have customer open SmartUpdate > “Packages ” tab, then right-click on the gateway in question and select “Generate CPinfo…” This will provide a “save as” option so can save directly to the users client system.
cpinfo [-v] [-l] [-n] [-o ] [-r | -t [tablename]] [-c cma … | -x vs]
-z: Output gzipped (effective with -o option).
-r: Includes the registry (Windows – very large output).
-v: Prints version information.
-l: Embeds log records (very large output).
-n: Does not resolve network addresses (faster)
-t: Output consists of tables only (SR only).
-c: Get information about the specified CMA (Provider-1).
-x: Get information about the specified VS (VSX).
Gets information regarding CMAs My_Cma and Your_Cma (Provider-1):
cpinfo -c My_Cma -c Your_Cma -o cpinfo.out
Gets information regarding VS number 5 (VSX):
cpinfo -x 5 -o cpinfo.out
(2012) When requesting a cpinfo have the customer use the command ‘cpinfo -n -z -o <filename>’ (in expert mode if running Secureplatform or Gaia)… Running cpinfo without the -o and an output file causes it to print to screen, and though they can capture and give that to us, this doesn’t let us use the “InfoView” tool which parses the cpinfo into quickly usable data. -n = no translations, which makes it quicker to process the command (this is practically a must on management servers that can take 30min – 1 hr to process even with the -n) and -z simply gunzips it (it will automatically pend .gz to the given filename).
(Jan2013) Alternatively (more user friendly), you can also have customer open SmartUpdate > “Packages ” tab, then right-click on the gateway in question and select “Generate CPinfo…”
(Same) Edits: Renamed FAQ for clearer definition of FAQ’s purpose.
(3/5/2013) – Josh L. – Added IMPORTANT note about system logs.
(Oct2013) – Josh L. – Completely rewrote. Included instructions and clarifications for the new cpinfo (ver 9120000xxx).
(Jan2014) – Josh L. – Updated syntax for 9120000xxx ver + additional notes.
(Apr2015) – JL – Changed so R77+ was on top, and added quick reference on top of the detailed info