I'm not sure if this is the right group for this, so if not, please advise on the proper group and I'll post there.
I have a number of scripts that I am using to poll our firewalls for various metric information. This info I then feed into a RRDtool database. My scripts make use of the snmpget.pl and snmpwalk.pl, which are part of the CPAN Net::Snmp package. I use these because I need the flexibility of specifying the target port...the Check Point SNMP agent is listening on port 260 rather than the traditional port 161.
A few of the OID's began returning some unexpected data. Two successive polling cycles, which are five minutes a part, returned 325535997 and -3964693308. These values are from counters that are counting the number of accepted packets. I had been specifying SNMP v 1 in my "get" commands, and I thought I would see if I received the same results if I used v 2c. When I attempted to execute the command, I get this:
# /usr/local/bin/snmpget.pl -v 2c -c public -p 260 188.8.131.52 184.108.40.206.4.1.26220.127.116.11.3.1.0
snmpget: No response from remote host '18.104.22.168'
However, if I specify v 1:
# /usr/local/bin/snmpget.pl -v 1 -c public -p 260 22.214.171.124 126.96.36.199.4.1.26188.8.131.52.3.1.0
184.108.40.206.4.1.26220.127.116.11.3.1.0 = INTEGER: -516928233
So, why can I not access the fw using v 2c? Is this setup in the agent configuration, and would the results I obtained trying to use v 2c imply that it was not active on the machine?
And how about counters? Are they a function of the OS or of the agent? Check Point's documentation doesn't state if the counters are 32 or 64 bit, but I'm beginning to think they may be 64bit, and that I need to use SNMP v 2c and not 1...or do I?
If anyone could shed some light on this I would greatly appreciate it. Oh, BTW these are all Solaris SPARC v9.