How is the best way to read the following counter from a TE appliance with an external script?
Malicious Files Detected
Probably you can find what you need with snmp starting from point 23
ATRG: Threat Emulation
Is there a mib file for this, they are not in the one I have found.
you should be able to add a custom snmp sensor with the reported oid this will work for sure , for mib file you can look at realtive sk
Check Point SNMP MIB files
I put together a document:
Using SNMP with SandBlast Network
I have been testing the OID's, and they do not return the values as the CLI commands.
the CLI values are changing, the OID values do not change.
are the values 0 or do they not match ?
HiI get something like this
[Expert@TE-box:0]# cpstat threat-emulation -f scanned_files
TE Scanned Files: 2416
TE Scanned Files Last Day: 1824
TE Scanned Files Last Week: 11526
TE Scanned Files Last Month: 60923
[Expert@TE-box:0]# snmpwalk -v 2c -c Public localhost .188.8.131.52.4.1.26184.108.40.206
SNMPv2-SMI::enterprises.26220.127.116.11.1.0 = Gauge32: 2309
SNMPv2-SMI::enterprises.2618.104.22.168.2.0 = Gauge32: 1388
SNMPv2-SMI::enterprises.2622.214.171.124.3.0 = Gauge32: 11818
SNMPv2-SMI::enterprises.26126.96.36.199.4.0 = Gauge32: 61755
Slight mismatch :-)
Please open a TAC ticket if you want to get a reason for it ... I am not sure if SNMP values are counters directly from "tecli s s"
Retrieving data ...