cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Read counters from the TE appliance.

Hi

How is the best way to read the following counter from a TE appliance with an external script?

Scanned File

Malicious Files Detected

Queue Size

Greetings

Søren Kristensen

8 Replies

Re: Read counters from the TE appliance.

Probably you can find what you need with snmp starting from point 23

ATRG: Threat Emulation 

0 Kudos

Re: Read counters from the TE appliance.

Hi 

Thanks

Is there a mib file for this, they are not in the one I have found.

Greetings 

Søren

0 Kudos

Re: Read counters from the TE appliance.

you should be able to add a custom snmp sensor with the reported oid this will work for sure , for mib file you can look at realtive sk

Check Point SNMP MIB files 

0 Kudos
Employee++
Employee++

Re: Read counters from the TE appliance.

Hi Søren,

I put together a document:

Using SNMP with SandBlast Network 

Regards Thomas

Re: Read counters from the TE appliance.

Hi Thomas

I have been testing the OID's, and they do not return the values as the CLI commands.

the CLI values are changing, the OID values do not change.

0 Kudos
Employee++
Employee++

Re: Read counters from the TE appliance.

Hi Soren,

are the values 0 or do they not match ?


Regards Thomas

0 Kudos

Re: Read counters from the TE appliance.

Hi
I get something like this

[Expert@TE-box:0]# cpstat threat-emulation -f scanned_files

TE Scanned Files:            2416

TE Scanned Files Last Day:   1824

TE Scanned Files Last Week:  11526

TE Scanned Files Last Month: 60923

 

[Expert@TE-box:0]# snmpwalk -v 2c -c Public  localhost .1.3.6.1.4.1.2620.1.49.4

SNMPv2-SMI::enterprises.2620.1.49.4.1.0 = Gauge32: 2309

SNMPv2-SMI::enterprises.2620.1.49.4.2.0 = Gauge32: 1388

SNMPv2-SMI::enterprises.2620.1.49.4.3.0 = Gauge32: 11818

SNMPv2-SMI::enterprises.2620.1.49.4.4.0 = Gauge32: 61755

0 Kudos
Employee++
Employee++

Re: Read counters from the TE appliance.

Slight mismatch 🙂

Please open a TAC ticket if you want to get a reason for it ... I am not sure if SNMP values are counters directly from "tecli s s"

Regards Thomas