1NETRANGER DEFINITIONS ::= BEGIN
2
3--
4--  NetRanger trap definitions
5--
6--  EDIT THIS FILE AT YOUR OWN RISK.
7--  No changes to this file are supported.
8--
9--  Copyright 1996-1998, WheelGroup Corporation
10--  All rights reserved
11--
12
13IMPORTS
14        enterprises, NetworkAddress, IpAddress, Counter, Gauge,
15                TimeTicks
16            FROM RFC1155-SMI
17        OBJECT-TYPE
18            FROM RFC-1212
19        DisplayString
20            FROM RFC1213-MIB;
21
22wheelgroup      OBJECT IDENTIFIER ::= { enterprises 2252 }
23
24securityMgmt    OBJECT IDENTIFIER ::= { wheelgroup 1 }
25networkMgmt     OBJECT IDENTIFIER ::= { wheelgroup 3 }
26
27system          OBJECT IDENTIFIER ::= { networkMgmt 1 }
28ip              OBJECT IDENTIFIER ::= { networkMgmt 3 }
29snmp            OBJECT IDENTIFIER ::= { networkMgmt 5 }
30
31netranger       OBJECT IDENTIFIER ::= { securityMgmt 1 }
32autospa         OBJECT IDENTIFIER ::= { securityMgmt 3 }
33
34nrTrapVars      OBJECT IDENTIFIER ::= { netranger 1 }
35services        OBJECT IDENTIFIER ::= { netranger 3 }
36general         OBJECT IDENTIFIER ::= { netranger 5 }
37
38postoffice      OBJECT IDENTIFIER ::= { services 0 }
39sensor          OBJECT IDENTIFIER ::= { services 1 }
40config          OBJECT IDENTIFIER ::= { services 2 }
41manage          OBJECT IDENTIFIER ::= { services 3 }
42event           OBJECT IDENTIFIER ::= { services 4 }
43logger          OBJECT IDENTIFIER ::= { services 5 }
44smi             OBJECT IDENTIFIER ::= { services 6 }
45sap             OBJECT IDENTIFIER ::= { services 7 }
46packet          OBJECT IDENTIFIER ::= { services 8 }
47commonServices  OBJECT IDENTIFIER ::= { services 9 }
48
49commonVars      OBJECT IDENTIFIER ::= { nrTrapVars 0 }
50command         OBJECT IDENTIFIER ::= { nrTrapVars 1 }
51error           OBJECT IDENTIFIER ::= { nrTrapVars 2 }
52commandLog      OBJECT IDENTIFIER ::= { nrTrapVars 3 }
53alarm           OBJECT IDENTIFIER ::= { nrTrapVars 4 }
54ipLog           OBJECT IDENTIFIER ::= { nrTrapVars 5 }
55redirect        OBJECT IDENTIFIER ::= { nrTrapVars 6 }
56
57addressing      OBJECT IDENTIFIER ::= { alarm 1 }
58tcpip           OBJECT IDENTIFIER ::= { addressing 1 }
59
60--
61-- NetRanger trap variables
62--
63-- These objects cannot be retrieved from the SNMP Agent, but
64-- instead document the objects sent with NetRanger SNMP traps
65--
66
67--
68-- Objects common to all NetRanger messages.
69--
70
71messageType OBJECT-TYPE
72        SYNTAX  INTEGER
73        ACCESS  read-only
74        STATUS  mandatory
75        DESCRIPTION
76                "Identifies the type of message (trap) being sent.
77
78                 Type types are:
79                 1) command
80                 2) error
81                 3) command log
82                 4) alarm
83                 5) IP log
84                 6) redirect
85
86                 This object cannot be retrieved from the SNMP agent."
87        ::= { commonVars 1 }
88
89recordId OBJECT-TYPE
90        SYNTAX  INTEGER
91        ACCESS  read-only
92        STATUS  mandatory
93        DESCRIPTION
94                "An ID that is used along with a timestamp, org, host,
95                 and application ID to uniquiely identify a message
96                 (trap).
97
98                 This object cannot be retrieved from the SNMP agent."
99        ::= { commonVars 2 }
100
101globalTime OBJECT-TYPE
102        SYNTAX  INTEGER
103        ACCESS  read-only
104        STATUS  mandatory
105        DESCRIPTION
106                "The time at which the message was generated, expressed
107                 in number of seconds since the epoch (Jan 1, 1970),
108                 with respect to GMT.
109
110                 This object cannot be retrieved from the SNMP agent."
111        ::= { commonVars 3 }
112
113localTime OBJECT-TYPE
114        SYNTAX  INTEGER
115        ACCESS  read-only
116        STATUS  mandatory
117        DESCRIPTION
118                "The time at which the message was generated, expressed
119                 in number of seconds since the epoch (Jan 1, 1970),
120                 with respect to the timezone local to the machine
121                 that generated the message.  The combination of the
122                 globalTime and the localTime can be used to calculate
123                 the timezone of the source machine.
124
125                 This object cannot be retrieved from the SNMP agent."
126        ::= { commonVars 4 }
127
128dateString OBJECT-TYPE
129        SYNTAX  DisplayString
130        ACCESS  read-only
131        STATUS  mandatory
132        DESCRIPTION
133                "The date at which the message was generated, with respect
134                 to the timezone of the source machine, expressed as an
135                 ASCII string in the format yyyy/mm/dd.
136
137                 This object cannot be retrieved from the SNMP agent."
138        ::= { commonVars 5 }
139
140timeString OBJECT-TYPE
141        SYNTAX  DisplayString
142        ACCESS  read-only
143        STATUS  mandatory
144        DESCRIPTION
145                "The time at which the message was generated, with respect
146                 to the timezone of the source machine, expressed as an
147                 ASCII string in the format hh:mm:ss.
148
149                 This object cannot be retrieved from the SNMP agent."
150        ::= { commonVars 6 }
151
152appId OBJECT-TYPE
153        SYNTAX  INTEGER
154        ACCESS  read-only
155        STATUS  mandatory
156        DESCRIPTION
157                "The application ID of the NetRanger application that
158                 generated the message.
159
160                 This object cannot be retrieved from the SNMP agent."
161        ::= { commonVars 7 }
162
163hostId OBJECT-TYPE
164        SYNTAX  INTEGER
165        ACCESS  read-only
166        STATUS  mandatory
167        DESCRIPTION
168                "The host ID of the machine running the NetRanger
169                 application that generated the message.
170
171                 This object cannot be retrieved from the SNMP agent."
172        ::= { commonVars 8 }
173
174orgId OBJECT-TYPE
175        SYNTAX  INTEGER
176        ACCESS  read-only
177        STATUS  mandatory
178        DESCRIPTION
179                "An ID that uniquely identifies the organization responsible
180                 for the machine running the NetRanger application that
181                 generated the message.
182
183                 This object cannot be retrieved from the SNMP agent."
184        ::= { commonVars 9 }
185
186--
187-- Objects for Errors
188--
189
190errorMessage OBJECT-TYPE
191        SYNTAX  DisplayString
192        ACCESS  read-only
193        STATUS  mandatory
194        DESCRIPTION
195                "Describes the error that occurred.
196
197                 This object cannot be retrieved from the SNMP agent."
198        ::= { error 1 }
199
200--
201-- Objects for CommandLogs
202--
203
204sourceAppId OBJECT-TYPE
205        SYNTAX  INTEGER
206        ACCESS  read-only
207        STATUS  mandatory
208        DESCRIPTION
209                "The application ID of the NetRanger application that
210                 executed the command.
211
212                 This object cannot be retrieved from the SNMP agent."
213        ::= { commandLog 1 }
214
215sourceHostId OBJECT-TYPE
216        SYNTAX  INTEGER
217        ACCESS  read-only
218        STATUS  mandatory
219        DESCRIPTION
220                "The host ID of the machine running the NetRanger
221                 application that executed the command.
222
223                 This object cannot be retrieved from the SNMP agent."
224        ::= { commandLog 2 }
225
226sourceOrgId OBJECT-TYPE
227        SYNTAX  INTEGER
228        ACCESS  read-only
229        STATUS  mandatory
230        DESCRIPTION
231                "An ID that uniquely identifies the organization responsible
232                 for the machine running the NetRanger application that
233                 generated the command.
234
235                 This object cannot be retrieved from the SNMP agent."
236        ::= { commandLog 3 }
237
238commandMessage OBJECT-TYPE
239        SYNTAX  DisplayString
240        ACCESS  read-only
241        STATUS  mandatory
242        DESCRIPTION
243                "Describes the command that was executed.
244
245                 This object cannot be retrieved from the SNMP agent."
246        ::= { commandLog 4 }
247
248--
249-- Objects for Alarms
250--
251
252srcDirection OBJECT-TYPE
253        SYNTAX  DisplayString
254        ACCESS  read-only
255        STATUS  mandatory
256        DESCRIPTION
257                "Describes whether the source of the alarm is inside or
258                 outside the protected network.  IN means inside, and OUT
259                 means outside.
260
261                 This object cannot be retrieved from the SNMP agent."
262        ::= { alarm 3 }
263
264dstDirection OBJECT-TYPE
265        SYNTAX  DisplayString
266        ACCESS  read-only
267        STATUS  mandatory
268        DESCRIPTION
269                "Describes whether the destination of the alarm (the
270                 machine being attacked) is inside or outside the
271                 protected network.  IN means inside, and OUT means
272                 outside.
273
274                 This object cannot be retrieved from the SNMP agent."
275        ::= { alarm 5 }
276
277eventLevel OBJECT-TYPE
278        SYNTAX  INTEGER
279        ACCESS  read-only
280        STATUS  mandatory
281        DESCRIPTION
282                "An integer that reflects the severity level of the alarm.
283                 The number can range from 1 to 255, but the current
284                 NetRanger system only uses 1 (least severe) to 5
285                 (most severe).
286
287                 This object cannot be retrieved from the SNMP agent."
288        ::= { alarm 7 }
289
290sigId OBJECT-TYPE
291        SYNTAX  INTEGER
292        ACCESS  read-only
293        STATUS  mandatory
294        DESCRIPTION
295                "Describes which signature was detected.  The full list
296                 of signatures can be found on a NetRanger system at
297                 /usr/nr/etc/signatures.
298
299                 This object cannot be retrieved from the SNMP agent."
300        ::= { alarm 9 }
301
302subSigId OBJECT-TYPE
303        SYNTAX  INTEGER
304        ACCESS  read-only
305        STATUS  mandatory
306        DESCRIPTION
307                "Provides additional information about an alarm signature.
308
309                 This object cannot be retrieved from the SNMP agent."
310        ::= { alarm 11 }
311
312protocol OBJECT-TYPE
313        SYNTAX  DisplayString
314        ACCESS  read-only
315        STATUS  mandatory
316        DESCRIPTION
317                "Describes the protocol of the attack that was detected.
318                 Usually, this will be TCP/IP.
319
320                 This object cannot be retrieved from the SNMP agent."
321        ::= { alarm 13 }
322
323srcIpAddr OBJECT-TYPE
324        SYNTAX  DisplayString
325        ACCESS  read-only
326        STATUS  mandatory
327        DESCRIPTION
328                "The IP address of the machine from which the attack
329                 originated.
330
331                 This object cannot be retrieved from the SNMP agent."
332        ::= { tcpip 1 }
333
334dstIpAddr OBJECT-TYPE
335        SYNTAX  DisplayString
336        ACCESS  read-only
337        STATUS  mandatory
338        DESCRIPTION
339                "The IP address of the machine being attacked.
340
341                 This object cannot be retrieved from the SNMP agent."
342        ::= { tcpip 3 }
343
344srcIpPort OBJECT-TYPE
345        SYNTAX  INTEGER
346        ACCESS  read-only
347        STATUS  mandatory
348        DESCRIPTION
349                "The port from which the attack originated.
350
351                 This object cannot be retrieved from the SNMP agent."
352        ::= { tcpip 5 }
353
354dstIpPort OBJECT-TYPE
355        SYNTAX  INTEGER
356        ACCESS  read-only
357        STATUS  mandatory
358        DESCRIPTION
359                "The port that received the attack on the destination
360                 machine.  This value may not have significance for
361                 signatures that involve multiple ports (for example,
362                 a port sweep).
363
364                 This object cannot be retrieved from the SNMP agent."
365        ::= { tcpip 7 }
366
367rtrIpAddr OBJECT-TYPE
368        SYNTAX  DisplayString
369        ACCESS  read-only
370        STATUS  mandatory
371        DESCRIPTION
372                "The IP address of the router through which the attack
373                 traveled.
374
375                 This object cannot be retrieved from the SNMP agent."
376        ::= { tcpip 9 }
377
378alarmMessage OBJECT-TYPE
379        SYNTAX  DisplayString
380        ACCESS  read-only
381        STATUS  mandatory
382        DESCRIPTION
383                "ASCII string that provides additional information about
384                 an alarm.  For instance, this field gives the exact string
385                 that was matched during a string match alarm.
386
387                 This object cannot be retrieved from the SNMP agent."
388        ::= { alarm 15 }
389
390END
391