1NETRANGER DEFINITIONS ::= BEGIN 2 3-- 4-- NetRanger trap definitions 5-- 6-- EDIT THIS FILE AT YOUR OWN RISK. 7-- No changes to this file are supported. 8-- 9-- Copyright 1996-1998, WheelGroup Corporation 10-- All rights reserved 11-- 12 13IMPORTS 14 enterprises, NetworkAddress, IpAddress, Counter, Gauge, 15 TimeTicks 16 FROM RFC1155-SMI 17 OBJECT-TYPE 18 FROM RFC-1212 19 DisplayString 20 FROM RFC1213-MIB; 21 22wheelgroup OBJECT IDENTIFIER ::= { enterprises 2252 } 23 24securityMgmt OBJECT IDENTIFIER ::= { wheelgroup 1 } 25networkMgmt OBJECT IDENTIFIER ::= { wheelgroup 3 } 26 27system OBJECT IDENTIFIER ::= { networkMgmt 1 } 28ip OBJECT IDENTIFIER ::= { networkMgmt 3 } 29snmp OBJECT IDENTIFIER ::= { networkMgmt 5 } 30 31netranger OBJECT IDENTIFIER ::= { securityMgmt 1 } 32autospa OBJECT IDENTIFIER ::= { securityMgmt 3 } 33 34nrTrapVars OBJECT IDENTIFIER ::= { netranger 1 } 35services OBJECT IDENTIFIER ::= { netranger 3 } 36general OBJECT IDENTIFIER ::= { netranger 5 } 37 38postoffice OBJECT IDENTIFIER ::= { services 0 } 39sensor OBJECT IDENTIFIER ::= { services 1 } 40config OBJECT IDENTIFIER ::= { services 2 } 41manage OBJECT IDENTIFIER ::= { services 3 } 42event OBJECT IDENTIFIER ::= { services 4 } 43logger OBJECT IDENTIFIER ::= { services 5 } 44smi OBJECT IDENTIFIER ::= { services 6 } 45sap OBJECT IDENTIFIER ::= { services 7 } 46packet OBJECT IDENTIFIER ::= { services 8 } 47commonServices OBJECT IDENTIFIER ::= { services 9 } 48 49commonVars OBJECT IDENTIFIER ::= { nrTrapVars 0 } 50command OBJECT IDENTIFIER ::= { nrTrapVars 1 } 51error OBJECT IDENTIFIER ::= { nrTrapVars 2 } 52commandLog OBJECT IDENTIFIER ::= { nrTrapVars 3 } 53alarm OBJECT IDENTIFIER ::= { nrTrapVars 4 } 54ipLog OBJECT IDENTIFIER ::= { nrTrapVars 5 } 55redirect OBJECT IDENTIFIER ::= { nrTrapVars 6 } 56 57addressing OBJECT IDENTIFIER ::= { alarm 1 } 58tcpip OBJECT IDENTIFIER ::= { addressing 1 } 59 60-- 61-- NetRanger trap variables 62-- 63-- These objects cannot be retrieved from the SNMP Agent, but 64-- instead document the objects sent with NetRanger SNMP traps 65-- 66 67-- 68-- Objects common to all NetRanger messages. 69-- 70 71messageType OBJECT-TYPE 72 SYNTAX INTEGER 73 ACCESS read-only 74 STATUS mandatory 75 DESCRIPTION 76 "Identifies the type of message (trap) being sent. 77 78 Type types are: 79 1) command 80 2) error 81 3) command log 82 4) alarm 83 5) IP log 84 6) redirect 85 86 This object cannot be retrieved from the SNMP agent." 87 ::= { commonVars 1 } 88 89recordId OBJECT-TYPE 90 SYNTAX INTEGER 91 ACCESS read-only 92 STATUS mandatory 93 DESCRIPTION 94 "An ID that is used along with a timestamp, org, host, 95 and application ID to uniquiely identify a message 96 (trap). 97 98 This object cannot be retrieved from the SNMP agent." 99 ::= { commonVars 2 } 100 101globalTime OBJECT-TYPE 102 SYNTAX INTEGER 103 ACCESS read-only 104 STATUS mandatory 105 DESCRIPTION 106 "The time at which the message was generated, expressed 107 in number of seconds since the epoch (Jan 1, 1970), 108 with respect to GMT. 109 110 This object cannot be retrieved from the SNMP agent." 111 ::= { commonVars 3 } 112 113localTime OBJECT-TYPE 114 SYNTAX INTEGER 115 ACCESS read-only 116 STATUS mandatory 117 DESCRIPTION 118 "The time at which the message was generated, expressed 119 in number of seconds since the epoch (Jan 1, 1970), 120 with respect to the timezone local to the machine 121 that generated the message. The combination of the 122 globalTime and the localTime can be used to calculate 123 the timezone of the source machine. 124 125 This object cannot be retrieved from the SNMP agent." 126 ::= { commonVars 4 } 127 128dateString OBJECT-TYPE 129 SYNTAX DisplayString 130 ACCESS read-only 131 STATUS mandatory 132 DESCRIPTION 133 "The date at which the message was generated, with respect 134 to the timezone of the source machine, expressed as an 135 ASCII string in the format yyyy/mm/dd. 136 137 This object cannot be retrieved from the SNMP agent." 138 ::= { commonVars 5 } 139 140timeString OBJECT-TYPE 141 SYNTAX DisplayString 142 ACCESS read-only 143 STATUS mandatory 144 DESCRIPTION 145 "The time at which the message was generated, with respect 146 to the timezone of the source machine, expressed as an 147 ASCII string in the format hh:mm:ss. 148 149 This object cannot be retrieved from the SNMP agent." 150 ::= { commonVars 6 } 151 152appId OBJECT-TYPE 153 SYNTAX INTEGER 154 ACCESS read-only 155 STATUS mandatory 156 DESCRIPTION 157 "The application ID of the NetRanger application that 158 generated the message. 159 160 This object cannot be retrieved from the SNMP agent." 161 ::= { commonVars 7 } 162 163hostId OBJECT-TYPE 164 SYNTAX INTEGER 165 ACCESS read-only 166 STATUS mandatory 167 DESCRIPTION 168 "The host ID of the machine running the NetRanger 169 application that generated the message. 170 171 This object cannot be retrieved from the SNMP agent." 172 ::= { commonVars 8 } 173 174orgId OBJECT-TYPE 175 SYNTAX INTEGER 176 ACCESS read-only 177 STATUS mandatory 178 DESCRIPTION 179 "An ID that uniquely identifies the organization responsible 180 for the machine running the NetRanger application that 181 generated the message. 182 183 This object cannot be retrieved from the SNMP agent." 184 ::= { commonVars 9 } 185 186-- 187-- Objects for Errors 188-- 189 190errorMessage OBJECT-TYPE 191 SYNTAX DisplayString 192 ACCESS read-only 193 STATUS mandatory 194 DESCRIPTION 195 "Describes the error that occurred. 196 197 This object cannot be retrieved from the SNMP agent." 198 ::= { error 1 } 199 200-- 201-- Objects for CommandLogs 202-- 203 204sourceAppId OBJECT-TYPE 205 SYNTAX INTEGER 206 ACCESS read-only 207 STATUS mandatory 208 DESCRIPTION 209 "The application ID of the NetRanger application that 210 executed the command. 211 212 This object cannot be retrieved from the SNMP agent." 213 ::= { commandLog 1 } 214 215sourceHostId OBJECT-TYPE 216 SYNTAX INTEGER 217 ACCESS read-only 218 STATUS mandatory 219 DESCRIPTION 220 "The host ID of the machine running the NetRanger 221 application that executed the command. 222 223 This object cannot be retrieved from the SNMP agent." 224 ::= { commandLog 2 } 225 226sourceOrgId OBJECT-TYPE 227 SYNTAX INTEGER 228 ACCESS read-only 229 STATUS mandatory 230 DESCRIPTION 231 "An ID that uniquely identifies the organization responsible 232 for the machine running the NetRanger application that 233 generated the command. 234 235 This object cannot be retrieved from the SNMP agent." 236 ::= { commandLog 3 } 237 238commandMessage OBJECT-TYPE 239 SYNTAX DisplayString 240 ACCESS read-only 241 STATUS mandatory 242 DESCRIPTION 243 "Describes the command that was executed. 244 245 This object cannot be retrieved from the SNMP agent." 246 ::= { commandLog 4 } 247 248-- 249-- Objects for Alarms 250-- 251 252srcDirection OBJECT-TYPE 253 SYNTAX DisplayString 254 ACCESS read-only 255 STATUS mandatory 256 DESCRIPTION 257 "Describes whether the source of the alarm is inside or 258 outside the protected network. IN means inside, and OUT 259 means outside. 260 261 This object cannot be retrieved from the SNMP agent." 262 ::= { alarm 3 } 263 264dstDirection OBJECT-TYPE 265 SYNTAX DisplayString 266 ACCESS read-only 267 STATUS mandatory 268 DESCRIPTION 269 "Describes whether the destination of the alarm (the 270 machine being attacked) is inside or outside the 271 protected network. IN means inside, and OUT means 272 outside. 273 274 This object cannot be retrieved from the SNMP agent." 275 ::= { alarm 5 } 276 277eventLevel OBJECT-TYPE 278 SYNTAX INTEGER 279 ACCESS read-only 280 STATUS mandatory 281 DESCRIPTION 282 "An integer that reflects the severity level of the alarm. 283 The number can range from 1 to 255, but the current 284 NetRanger system only uses 1 (least severe) to 5 285 (most severe). 286 287 This object cannot be retrieved from the SNMP agent." 288 ::= { alarm 7 } 289 290sigId OBJECT-TYPE 291 SYNTAX INTEGER 292 ACCESS read-only 293 STATUS mandatory 294 DESCRIPTION 295 "Describes which signature was detected. The full list 296 of signatures can be found on a NetRanger system at 297 /usr/nr/etc/signatures. 298 299 This object cannot be retrieved from the SNMP agent." 300 ::= { alarm 9 } 301 302subSigId OBJECT-TYPE 303 SYNTAX INTEGER 304 ACCESS read-only 305 STATUS mandatory 306 DESCRIPTION 307 "Provides additional information about an alarm signature. 308 309 This object cannot be retrieved from the SNMP agent." 310 ::= { alarm 11 } 311 312protocol OBJECT-TYPE 313 SYNTAX DisplayString 314 ACCESS read-only 315 STATUS mandatory 316 DESCRIPTION 317 "Describes the protocol of the attack that was detected. 318 Usually, this will be TCP/IP. 319 320 This object cannot be retrieved from the SNMP agent." 321 ::= { alarm 13 } 322 323srcIpAddr OBJECT-TYPE 324 SYNTAX DisplayString 325 ACCESS read-only 326 STATUS mandatory 327 DESCRIPTION 328 "The IP address of the machine from which the attack 329 originated. 330 331 This object cannot be retrieved from the SNMP agent." 332 ::= { tcpip 1 } 333 334dstIpAddr OBJECT-TYPE 335 SYNTAX DisplayString 336 ACCESS read-only 337 STATUS mandatory 338 DESCRIPTION 339 "The IP address of the machine being attacked. 340 341 This object cannot be retrieved from the SNMP agent." 342 ::= { tcpip 3 } 343 344srcIpPort OBJECT-TYPE 345 SYNTAX INTEGER 346 ACCESS read-only 347 STATUS mandatory 348 DESCRIPTION 349 "The port from which the attack originated. 350 351 This object cannot be retrieved from the SNMP agent." 352 ::= { tcpip 5 } 353 354dstIpPort OBJECT-TYPE 355 SYNTAX INTEGER 356 ACCESS read-only 357 STATUS mandatory 358 DESCRIPTION 359 "The port that received the attack on the destination 360 machine. This value may not have significance for 361 signatures that involve multiple ports (for example, 362 a port sweep). 363 364 This object cannot be retrieved from the SNMP agent." 365 ::= { tcpip 7 } 366 367rtrIpAddr OBJECT-TYPE 368 SYNTAX DisplayString 369 ACCESS read-only 370 STATUS mandatory 371 DESCRIPTION 372 "The IP address of the router through which the attack 373 traveled. 374 375 This object cannot be retrieved from the SNMP agent." 376 ::= { tcpip 9 } 377 378alarmMessage OBJECT-TYPE 379 SYNTAX DisplayString 380 ACCESS read-only 381 STATUS mandatory 382 DESCRIPTION 383 "ASCII string that provides additional information about 384 an alarm. For instance, this field gives the exact string 385 that was matched during a string match alarm. 386 387 This object cannot be retrieved from the SNMP agent." 388 ::= { alarm 15 } 389 390END 391