Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Thomas_Werner
Employee Alumnus
Employee Alumnus

Using SNMP with SandBlast Network

Hi SandBlasters,

if you want to monitor e.g. a SandBlast appliance via external SNMP queries you can find the relevant OIDs here. Also at the end I will show you how you can add your own script based SNMP values.

TE SNMP OIDs

Currently these values can be queried by SNMP but are not part of the official Check Point MIB:

Name OID Blade

TE General

Threat Emulation Status Fields 1.3.6.1.4.1.2620.1.49
Threat Emulation Status Code 1.3.6.1.4.1.2620.1.49.101 TE
Threat Emulation Status Short Description 1.3.6.1.4.1.2620.1.49.102 TE
Threat Emulation Status Long Description 1.3.6.1.4.1.2620.1.49.103 TE
Threat Emulation Engine Major Version 1.3.6.1.4.1.2620.1.49.29 TE
Threat Emulation Engine Minor Version 1.3.6.1.4.1.2620.1.49.30 TE
Threat Emulation Mode .1.3.6.1.4.1.2620.1.49.19.0 TE
Threat Emulation Queue Information 1.3.6.1.4.1.2620.1.49.1 TE
Threat Emulation Download Information 1.3.6.1.4.1.2620.1.49.2 TE
Threat Emulation Average Download Percentage 1.3.6.1.4.1.2620.1.49 TE
Threat Emulation Download Percentage 1.3.6.1.4.1.2620.1.49.3 TE
Threat Emulation Update Status 1.3.6.1.4.1.2620.1.49 TE
Threat Emulation Status 1.3.6.1.4.1.2620.1.49.16 TE
Threat Emulation Status Description 1.3.6.1.4.1.2620.1.49.17 TE
Threat Emulation Queue Info 1.3.6.1.4.1.2620.1.49.1 TE
1.3.6.1.4.1.2620.1.49.1.1.1.0 TE
Threat Emulation Download Info 1.3.6.1.4.1.2620.1.49.2 TE
.1.3.6.1.4.1.2620.1.49.2.1.2.x.0
Threat Emulation Download Percentage 1.3.6.1.4.1.2620.1.49.3 TE
Threat Emulation Scanned Files (Quantity) 1.3.6.1.4.1.2620.1.49.4 TE
Threat Emulation Scanned Files Total Count 1.3.6.1.4.1.2620.1.49.4.1 TE
Threat Emulation Scanned Files Count Last Day 1.3.6.1.4.1.2620.1.49.4.2 TE
Threat Emulation Scanned Files Count Last Week 1.3.6.1.4.1.2620.1.49.4.3 TE
Threat Emulation Scanned Files Count Last Month 1.3.6.1.4.1.2620.1.49.4.4 TE
Threat Emulation Malware Detected (Quantity) 1.3.6.1.4.1.2620.1.49.5 TE
Threat Emulation Malware Detected Total Count 1.3.6.1.4.1.2620.1.49.5.1 TE
Threat Emulation Malware Detected Count Last Day 1.3.6.1.4.1.2620.1.49.5.2 TE
Threat Emulation Malware Detected Count Last Week 1.3.6.1.4.1.2620.1.49.5.3 TE
Threat Emulation Malware Detected Count Last Month 1.3.6.1.4.1.2620.1.49.5.4 TE
Threat Emulation Scanned Files On Threat Cloud (Quantity) 1.3.6.1.4.1.2620.1.49.6 TE
Threat Emulation Scanned Files On Threat Cloud Total Count 1.3.6.1.4.1.2620.1.49.6.1 TE
Threat Emulation Scanned Files On Threat Cloud Last Day 1.3.6.1.4.1.2620.1.49.6.2 TE
Threat Emulation Scanned Files On Threat Cloud Last Week 1.3.6.1.4.1.2620.1.49.6.3 TE
Threat Emulation Scanned Files On Threat Cloud Last Month 1.3.6.1.4.1.2620.1.49.6.4 TE
Threat Emulation Malware Detected On ThreatCloud (Quantity) 1.3.6.1.4.1.2620.1.49.7 TE
Threat Emulation Malware Detected On ThreatCloud Total Count 1.3.6.1.4.1.2620.1.49.7.1 TE
Threat Emulation Malware Detected On ThreatCloud Last Day 1.3.6.1.4.1.2620.1.49.7.2 TE
Threat Emulation Malware Detected On ThreatCloud Last Week 1.3.6.1.4.1.2620.1.49.7.3 TE
Threat Emulation Malware Detected On ThreatCloud Last Month 1.3.6.1.4.1.2620.1.49.7.4 TE
Threat Emulation Average Process Time (Quantity) 1.3.6.1.4.1.2620.1.49.8 TE
Threat Emulation Average Process Time Total Count 1.3.6.1.4.1.2620.1.49.8.1 TE
Threat Emulation Average Process Time Last Day 1.3.6.1.4.1.2620.1.49.8.2 TE
Threat Emulation Average Process Time Last Week 1.3.6.1.4.1.2620.1.49.8.3 TE
Threat Emulation Average Process Time Last Month 1.3.6.1.4.1.2620.1.49.8.4 TE
Threat Emulation Emulated File Size (File size - bytes) 1.3.6.1.4.1.2620.1.49.9 TE
Threat Emulation Emulated File Size Total 1.3.6.1.4.1.2620.1.49.9.1 TE
Threat Emulation Emulated File Size Last Day 1.3.6.1.4.1.2620.1.49.9.2 TE
Threat Emulation Emulated File Size Last Week 1.3.6.1.4.1.2620.1.49.9.3 TE
Threat Emulation Emulated File Size Last Month 1.3.6.1.4.1.2620.1.49.9.4 TE
Threat Emulation Queue Size (Quantity) 1.3.6.1.4.1.2620.1.49.10 TE
Threat Emulation Queue Size Total Count 1.3.6.1.4.1.2620.1.49.10.1 TE
Threat Emulation Queue Size Last Day 1.3.6.1.4.1.2620.1.49.10.2 TE
Threat Emulation Queue Size Last Week 1.3.6.1.4.1.2620.1.49.10.3 TE
Threat Emulation Queue Size Last Month 1.3.6.1.4.1.2620.1.49.10.4 TE
Threat Emulation Peak Size (Quantity) 1.3.6.1.4.1.2620.1.49.11 TE
Threat Emulation Peak Size Total Count 1.3.6.1.4.1.2620.1.49.11.1 TE
Threat Emulation Peak Size Last Day 1.3.6.1.4.1.2620.1.49.11.2 TE
Threat Emulation Peak Size Last Week 1.3.6.1.4.1.2620.1.49.11.3 TE
Threat Emulation Peak Size Last Month 1.3.6.1.4.1.2620.1.49.11.4 TE

Threat Emulation General Status Fields
Threat Emulation Email Scanned 1.3.6.1.4.1.2620.1.49.12 TE
Threat Emulation Downloaded Files Scanned 1.3.6.1.4.1.2620.1.49.13 TE
Threat Emulation Files In Queue 1.3.6.1.4.1.2620.1.49.14 TE
Threat Emulation Number Of Emulation Environments 1.3.6.1.4.1.2620.1.49.15 TE

Threat Emulation Contract Status Fields
Contract Name 1.3.6.1.4.1.2620.1.49.19 TE
Cloud Subscription Expire Date 1.3.6.1.4.1.2620.1.49.20 TE
TE Cloud Hourly Quota 1.3.6.1.4.1.2620.1.49.21 TE
TE Cloud Monthly Quota 1.3.6.1.4.1.2620.1.49.22 TE
TE Cloud Remaining Quota 1.3.6.1.4.1.2620.1.49.23 TE
TE Maximal VMs Number 1.3.6.1.4.1.2620.1.49.24 TE
TE Subscription Status 1.3.6.1.4.1.2620.1.49.25 TE
TE Cloud Quota Status 1.3.6.1.4.1.2620.1.49.26 TE
TE Subscription Description 1.3.6.1.4.1.2620.1.49.27 TE
TE Cloud Quota Description 1.3.6.1.4.1.2620.1.49.28 TE
TE Cloud Quota Identifier 1.3.6.1.4.1.2620.1.49.31 TE
TE Cloud Monthly Quota Period Start 1.3.6.1.4.1.2620.1.49.32 TE
TE Cloud Monthly Quota Period End 1.3.6.1.4.1.2620.1.49.33 TE
TE Cloud Monthly Quota Usage for This GW 1.3.6.1.4.1.2620.1.49.34 TE
TE Cloud Hourly Quota Usage for this GW 1.3.6.1.4.1.2620.1.49.35 TE
Threat Emulation Is First Download 1.3.6.1.4.1.2620.1.49.36 TE
TE Cloud Monthly Quota Usage for Quota ID 1.3.6.1.4.1.2620.1.49.37 TE
TE Cloud Hourly Quota Usage for Quota ID 1.3.6.1.4.1.2620.1.49.38 TE
TE Cloud Monthly Quota Exceeded 1.3.6.1.4.1.2620.1.49.39 TE
TE Cloud Hourly Quota Exceeded 1.3.6.1.4.1.2620.1.49.40 TE
TE Cloud Last Quota Update GMT Time 1.3.6.1.4.1.2620.1.49.41 TE

Extend SNMP Monitoring

Enable SNMP

1. # cpconfig

      a. enable "SNMP Extension"
2. Clish
      • set snmp community <community-name> read-only
      • save config

Check OIDs for TE
TE OIDs => .1.3.6.1.4.1.2620.1.49

Show all TE related OIDs
# snmpwalk -v 2c -c <community-name> localhost .1.3.6.1.4.1.2620.1.49

Enable SNMP Agent
1. Clish
      • set snmp agent on
      • save config

Extend available SNMP OIDs

Select free OID for Postfix queue value
Free OID => .1.3.6.1.4.1.2620.1.250.1

Extend available SNMP values
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...


Add the following lines to /etc/snmp/userDefinedSettings.conf file:
      

      extend .1.3.6.1.4.1.2620.1.250.1 postfix_queue /bin/sh
      /home/admin/mailqueue.sh
      extend .1.3.6.1.4.1.2620.1.250.2 emaild_queue /bin/sh
      /home/admin/emaild_tmpdir.sh
      extend .1.3.6.1.4.1.2620.1.252 vm /bin/sh /home/admin/running_vm.sh

Postfix mailqueue monitoring script
/home/admin/mailqueue.sh

# Extract Postfix queue size value
#!/bin/bash
MAILQ=$(/opt/postfix/usr/sbin/postqueue -c /opt/postfix/etc/postfix/ -p |
egrep '^--.*Request|^Mail.*empty')
if [[ $MAILQ =~ "empty" ]] ; then
RESPONSE=0
echo $RESPONSE
elif [[ $MAILQ =~ "Request" ]] ; then
RESPONSE=$(echo $MAILQ|awk '{print $5}')
echo $RESPONSE
else
RESPONSE=error
fi


Emaild queue monitoring script
/home/admin/emaild_tmpdir.sh

# Extract emaild temp file queue amount
#!/bin/bash
. /opt/CPshared/5.0/tmp/.CPprofile.sh
ls -l $FWDIR/tmp/email_tmp/ |grep emailtemp |wc -l

Running VM instances monitoring script
/home/admin/running_vm.sh

# Extract amount of running VM Instances
#!/bin/bash
. /opt/CPshared/5.0/tmp/.CPprofile.sh
tecli s e e | grep "Running virtual machines"|awk '{print $4}'

Test extended SNMP values

Test new values

MAILQUEUE
snmpwalk -v 2c -c public localhost .1.3.6.1.4.1.2620.1.250.4.1.2.2.109.113.1
EMAILD_TEMPDIR
snmpwalk -v 2c -c public localhost .1.3.6.1.4.1.2620.1.251.4.1.2.3.101.109.102.1

Regards Thomas

4 Replies
Chris_W
Participant

How are the values calculated and formatted?

For example if I query the Threat Emulation Scanned Files Count Last Day at 17.12.2018 at 23:00 do I get the count from all scanned files -24h or from the 16.12.2018 or from the 16.12.2018 23:00 - 24h

And how is the Emulated File Size Last Day formatted? KB or kbit

Chris_W
Participant

I could figure out the SNMP query (last day) returns the values [querytime -24h]

OM
Explorer

Hello!

What information does the script emaild_tmpdir.sh display? I compared the script output and CPVIEW output in MTA-Queues-Emaild queue, they differ.

spiros-p
Participant

👍

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events