[mrtg] Re: MIB Files

Saul Gonzalez sgonzalez at henwoodenergy.com
Wed Feb 19 21:30:01 MET 2003


When I got the MIB's from Sonicwall I only got 2.  The Trap and the MIB
I posted earlier.  I didn't get anything w/ values like you mentioned.
Should I be asking them for another MIB file or am I missing something?

Thanks
Saul

-----Original Message-----
From: McDonald, Dan [mailto:Dan.McDonald at austinenergy.com] 
Sent: Wednesday, February 19, 2003 9:49 AM
To: Saul Gonzalez
Subject: RE: [mrtg] MIB Files

-----Original Message-----
From: Saul Gonzalez [mailto:sgonzalez at henwoodenergy.com]
Sent: Wednesday, February 19, 2003 11:01 AM
To: McDonald, Dan
Subject: RE: [mrtg] MIB Files


>Thanks for the info.  Here is another one mib from them that is not a
>trap;
>I am very new to this.  What is a trap snmp trap for?

Traps can be generated by a box on an exception basis.  The trap mib
file is
used by a trap daemon to decode what it has received.

An SMI mib just defines things in a single place so that you don't have
to
put the definitions in over and over 
again.  You would need to use
loadmib: /whatever/your/path/is/SONICWALL-SMI.MIB 
in addition to the mib that has the values you actually want to
monitor...

Then, you can refer to any of the names in the file.  Say there is a
swfwconnections name.  You should be able to create an entry like:
target[connections]:
swfwconnections.0&swfwconnections.0:obscurestring at 1.1.1.1
options[connections]: guage bits

any anything else you want to make it pretty....



Thanks
Saul
-- *****************************************************************
-- SONICWALL-SMI.MIB
--
-- February 2001, Susan Yan
--
-- Copyright (c) 2001 by SonicWall, Inc.
-- All rights reserved.
-- *****************************************************************


SONICWALL-SMI
 
--FORCE-INCLUDE <asn1conf.h>
--FORCE-INCLUDE <mib.h>
--FORCE-INCLUDE <snmpdefs.h>
--FORCE-INCLUDE "swMibhand.h"


DEFINITIONS ::= BEGIN

IMPORTS
	MODULE-IDENTITY,
	OBJECT-IDENTITY,
	enterprises
		FROM SNMPv2-SMI;

sonicwall MODULE-IDENTITY
	LAST-UPDATED "200102230000Z"
	ORGANIZATION "SonicWall, Inc."
	CONTACT-INFO
		"	SonicWall Inc.

		Postal: 1160 Bordeaux Dr.
			Sunnyvale, CA 94089
			USA

		   Tel: +1 408 745 9600
		   Fax: +1 408 745 9300

		E-mail: product at sonicwall.com"
	DESCRIPTION
		"The MIB Module for Sonicwall enterprise."
	REVISION      "200102230000Z"
	DESCRIPTION
		"Initial version."
	::= { enterprises 8741 }
	

sonicwallFw OBJECT-IDENTITY
	STATUS	current
	DESCRIPTION
		"sonicwallFw is the subtree for the sonicwall firewall
production."
	::= { sonicwall 1 }

END


-----Original Message-----
From: McDonald, Dan [mailto:Dan.McDonald at austinenergy.com] 
Sent: Tuesday, February 18, 2003 1:42 PM
To: Saul Gonzalez
Subject: RE: [mrtg] MIB Files

Well, a trap file isn't terribly useful, since mrtg is a poller, not a
trap
daemon....


But you would load the mib using the loadmibs: directive, then refer to
the
mib variables in your target statement (see the post I just did about
hrSystemUptime...)


Daniel J McDonald, CCIE #2495, CNX
Lan/Wan Integrator
Austin Energy
1.512.322.6739
dan.mcdonald at austinenergy.com


-----Original Message-----
From: Saul Gonzalez [mailto:sgonzalez at henwoodenergy.com]
Sent: Tuesday, February 18, 2003 12:40 PM
To: mrtg at list.ee.ethz.ch
Subject: [mrtg] MIB Files


I have several MIB files that I want to use to monitor several things
using MRTG, but I don't know how to use them.  For example I have a mib
file with the following;

How do I use this information to be able to use MRTG?

 

Thanks

Saul

 

 

-- *****************************************************************

-- SONICWALL-FIREWALL-TRAP

--

-- February 2001, Susan Yan

--

-- Copyright (c) 2001 by SonicWall, Inc.

-- All rights reserved.

-- *****************************************************************

 

SONICWALL-FIREWALL-TRAP-MIB DEFINITIONS ::= BEGIN

 

IMPORTS

    DisplayString,

    TEXTUAL-CONVENTION                               FROM SNMPv2-TC

 

    IpAddress,

            snmpModules,

    OBJECT-TYPE,

    NOTIFICATION-TYPE,

            MODULE-IDENTITY             FROM SNMPv2-SMI

 

    sonicwallFw                           FROM SONICWALL-SMI;

 

sonicwallFwTrapModule MODULE-IDENTITY

            LAST-UPDATED "200102230000Z"

            ORGANIZATION "SonicWall, Inc."

            CONTACT-INFO

                        "           SonicWall Inc.

 

                        Postal: 1160 Bordeaux Dr.

                                    Sunnyvale, CA 94089

                                    USA

 

                           Tel: +1 408 745 9600

                           Fax: +1 408 745 9300

 

                        E-mail: product at sonicwall.com"

            DESCRIPTION

                        "The MIB Module for SonicWALL Firewall Trap."

            REVISION      "200102230000Z"

            DESCRIPTION

                        "Initial version."

    ::= { sonicwallFw 1 }

 

 

 

-- *********************************************************************

 

--    Standard Traps 

 

-- *********************************************************************

 

snmpTraps      OBJECT IDENTIFIER ::= {snmpModules 1 1 5 }

 

coldStart NOTIFICATION-TYPE 

             STATUS current

             DESCRIPTION

                        "This trap signifies that the SonicWALL
appliance is re-initializing itself 

                         such that the agent's configuration or the
appliance itself 

                         implementation may be altered. "

             ::= { snmpTraps 1 }

 

warmStart NOTIFICATION-TYPE 

             STATUS current

             DESCRIPTION

                        "This trap signifies that the SonicWALL
appliance is re-initializing itself 

                         such that neither the agent configuration nor
the appliance 

                         implementation is altered. "

             ::= { snmpTraps 2 }

 

authenticationFailure NOTIFICATION-TYPE 

             STATUS current

             DESCRIPTION

                        "This trap signifies that the SonicWALL
appliance is the addressee of 

                        a protocol message that is not properly
authenticated. "

             ::= { snmpTraps 5 }

 

 

 

-- *********************************************************************

 

-- Type define

 

 

-- *********************************************************************

MacAddress ::= TEXTUAL-CONVENTION

    STATUS current

    DESCRIPTION

        "ethernet address."

    SYNTAX OCTET STRING (SIZE (6))

 

 

FwTrapType ::= TEXTUAL-CONVENTION

    STATUS current

    DESCRIPTION

        "Trap type of firewall. The type have 4 digitals, ABCD. 

         AB represent trap catalog, CD represent trap type in the
catalog."

    SYNTAX INTEGER {

 

-- =========== Attack =================================================

 

        trapTypePingOfDeathBlocked
(501),  -- Ping of death blocked

        trapTypeIPSpoofDetected
(502),  -- IP spoof detected

        trapTypePossibleSynFlood                         (503),  --
Possible SYN flood attack

        trapTypeProbableSynFlood                         (504),  --
Probable SYN flood attack

        trapTypeLandAttack
(505),  -- Land Attack Dropped

        trapTypeAttemptedAdminLoginFromWAN    (506),  -- Attempted
administrator login from WAN

        trapTypeLogUnknownSpi
(507),  -- Unknown IPSec SPI

        trapTypeLogIpsecAuthFailure
(508),  -- IPSec Authentication Failed

        trapTypeLogIpsecDecryptFailure                  (509),  -- IPSec
Decryption Failed

        trapTypeLogIllegalIpsecPeer
(510),  -- IPSec packet from or to an illegal host

        trapTypeNetBusDropped
(511),  -- NetBus Attack Dropped

        trapTypeBackOrificeDropped
(512),  -- Back Orifice Attack Dropped

        trapTypeNetSpyDropped
(513),  -- Net Spy Attack Dropped

        trapTypeSub7Dropped
(514),  -- Sub Seven Attack Dropped

        trapTypeRipperDropped
(515),  -- Ripper Attack Dropped

        trapTypeStrikerDropped
(516),  -- Striker Attack Dropped

        trapTypeSennaSpyDropped
(517),  -- Senna Spy Attack Dropped

        trapTypePriorityDropped
(518),  -- Priority Attack Dropped

        trapTypeIniKillerDropped                             (519),  --
Ini Killer Attack Dropped

        trapTypeSmurfDropped
(520),  -- Smurf Amplification Attack Dropped

        trapTypePortScanPossible                          (521),  --
Possible Port Scan

        trapTypePortScanProbable                         (522),  --
Probable Port Scan

        trapTypeLogIkeProposalReject                    (523),  -- IKE
Responder: IPSec proposal not acceptable

        trapTypeAVReceivedAlert
(524),  -- Received AV Alert

        trapTypeLogAddTest
(525),  -- Add an attack message

        trapTypeAVExpiredMsg
(526),  -- Received AV Alert: Your SonicWALL Network Anti-Virus
subscription has expired.

        trapTypeForbiddenAttachment
(527),  -- Forbidden E-mail attachment altered

        trapTypeTcpFinScanDropped
(528),  -- Probable TCP FIN scan

        trapTypeTcpXmasScanDropped                               (529),
-- Probable TCP XMAS scan 

        trapTypeTcpNullScanDropped
(530),  -- Probable TCP NULL scan 

        trapTypeReplayDetected
(531),  -- IPSEC Replay Detected

        trapTypeFakeCertFound
(532),    -- Fraudulent Microsoft Certificate Blocked

        trapTypeDhcpRelayIpSpoof                         (533),    -- IP
spoof detected on packet to Central Gateway, packet dropped

 

 

-- =========== System Errors
=================================================

        trapTypeLogFull
(601), -- Log full; deactivating SonicWALL

        trapTypeLogProblemLoadingCheckSettings  (602), -- Problem
loading the Filter list; check Filter settings

        trapTypeLogProblemLoadingCheckDNS                   (603), --
Problem loading the Filter list; check your DNS server

        trapTypeLogProblemEmailingCheckSettings (604), -- Problem
sending log email; check log settings

        trapTypeIllegalLanAddressInUse
(605), -- Illegal LAN address in use

        trapTypeNATCouldntRemap
(606), -- NAT could not remap incoming packet

        trapTypeCacheFull
(607), -- The cache is full; %d open connections; some will be dropped

        trapTypeConnDroppedTooManyIP                            (608),
-- License exceeded: Connection dropped because too many IP addresses
are in use on your LAN

        trapTypeLogOutOfMemory
(609), -- Diagnostic Code E

        trapTypeInternalErr
(610), -- Diagnostic Code D

        trapTypeLogSuspendReboot
(611), -- Diagnostic Code A

        trapTypeLogDeadlockReboot
(612), -- Diagnostic Code B

        trapTypeLogLowMemReboot
(613), -- Diagnostic Code C

        trapTypeHaIdlePrimary
(614), -- Primary firewall has transitioned to Idle

        trapTypeHaMissedHeartbeatPrimary                        (615),
-- Primary missed heartbeats from Active Backup: Primary going Active

        trapTypeHaMissedHeartbeatBackup
(616), -- Backup missed heartbeats from Active Primary: Backup going
Active

        trapTypeHaErrorReceivedPrimary                            (617),
-- Primary received error signal from Active Backup: Primary going
Active

        trapTypeHaErrorReceivedBackup                             (618),
-- Backup received error signal from Active Primary: Backup going Active

        trapTypeHaBackupPreempt
(619), -- Backup firewall being preempted by Primary

        trapTypeHaPrimaryPreempt
(620), -- Primary firewall preempting Backup

        trapTypeLogHttpServerReboot
(621), -- Diagnostic Code F

        trapTypeBackupActivePreempt
(622), -- Backup going Active in preempt mode after reboot

        trapTypeCflUpdateApplianceNotRegistered   (623), -- Problem
loading the Filter list; Appliance not registered.

        trapTypeCflUpdateSubscriptionExpired         (624), -- Problem
loading the Filter list; Subscription expired.

        trapTypeCflUpdateErrorTransient
(625), -- Problem loading the Filter list; Try loading it again.

        trapTypeCflUpdateErrorTransientAuto                       (626),
-- Problem loading the Filter list; Retrying later.

        trapTypeCflUpdateErrorInternal
(627), -- Problem loading the Filter list; Flash write failure.

        trapTypeCflApplianceCflExpired
(628), -- The loaded content filter list has expired.

        trapTypeHaSetError
(629), -- Error setting the IP address of the backup, please manually
set to backup LAN IP

        trapTypeHaSyncError
(630), -- Error updating HA peer configuration

        trapTypeCflSubscriptionExpiredEmail                       (631),
-- Content filter subscription expired.

        trapTypeDhcpRelayTableSyncFailure                       (632),
-- Failed to synchronize Relay IP Table

 

-- =========== Blocked Web Sites
=================================================

        trapTypeWebSiteBlocked
(701), -- Web site blocked

        trapTypeNewsgroupBlocked
(702), -- Newsgroup blocked

        trapTypeWebSiteAccessed
(703), -- Web site accessed

        trapTypeNewsgroupAccessed
(704), -- Newsgroup accessed

        trapTypeProxyAccessBlocked
(705) -- Access to Proxy Server Blocked

            }

 

-- ****************************  Enterprise Specific Traps Information
*******************************

 

sonicwallFwTrapInfo OBJECT IDENTIFIER ::= {sonicwallFwTrapModule 1}

 

 

--
************************************************************************
******************

--

-- The swTrapInfoTable

--

-- This table contains information that is

-- for the basic event on the firewall. 

--
************************************************************************
******************

 

swTrapInfoTable OBJECT IDENTIFIER ::= { sonicwallFwTrapInfo 1 }

 

swTrapInfoTrapType OBJECT-TYPE

        SYNTAX     FwTrapType

        MAX-ACCESS accessible-for-notify

        STATUS     current

        DESCRIPTION

            "trap type ."

    ::= { swTrapInfoTable 1 }

 

 

swTrapInfoTrapDescription OBJECT-TYPE

                        SYNTAX DisplayString 

        MAX-ACCESS accessible-for-notify

        STATUS     current

        DESCRIPTION

            "The description of the trap. "

    ::= { swTrapInfoTable 2 }

 

swTrapInfoSrcIpAddress OBJECT-TYPE

                        SYNTAX IpAddress 

        MAX-ACCESS accessible-for-notify

        STATUS     current

        DESCRIPTION

            "The source ip address. "

    ::= { swTrapInfoTable 3 }

 

swTrapInfoDstIpAddress OBJECT-TYPE

                        SYNTAX IpAddress 

        MAX-ACCESS accessible-for-notify

        STATUS     current

        DESCRIPTION

            "The destination ip address. "

    ::= { swTrapInfoTable 4 }

 

swTrapInfoSrcPort OBJECT-TYPE

                        SYNTAX INTEGER 

        MAX-ACCESS accessible-for-notify

        STATUS     current

        DESCRIPTION

            "The destination port. "

    ::= { swTrapInfoTable 5 }

 

swTrapInfoDstPort OBJECT-TYPE

                        SYNTAX INTEGER 

        MAX-ACCESS accessible-for-notify

        STATUS     current

        DESCRIPTION

            "The destination port. "

    ::= { swTrapInfoTable 6 }

 

swTrapInfoSrcMacAddress OBJECT-TYPE

                        SYNTAX MacAddress 

        MAX-ACCESS accessible-for-notify

        STATUS     current

        DESCRIPTION

            "The source MAC address. "

    ::= { swTrapInfoTable 7 }

 

swTrapInfoDstMacAddress OBJECT-TYPE

                        SYNTAX MacAddress 

        MAX-ACCESS accessible-for-notify

        STATUS     current

        DESCRIPTION

            "The destination MAC address. "

    ::= { swTrapInfoTable 8 }

 

swTrapInfoIpType OBJECT-TYPE

                        SYNTAX INTEGER 

        MAX-ACCESS accessible-for-notify

        STATUS     current

        DESCRIPTION

            "The ip type. "

    ::= { swTrapInfoTable 9 }

 

swTrapInfoPrivMsg OBJECT-TYPE

                        SYNTAX DisplayString 

        MAX-ACCESS accessible-for-notify

        STATUS     current

        DESCRIPTION

            "The additional message. "

    ::= { swTrapInfoTable 10 }

 

swTrapInfoIpAddress OBJECT-TYPE

                        SYNTAX IpAddress 

        MAX-ACCESS accessible-for-notify

        STATUS     current

        DESCRIPTION

            "The ip address. "

    ::= { swTrapInfoTable 11 }

 

 

 

--
************************************************************************
******************

--

-- sonicwall firewall trap group

--

-- This group defines the trap which sonicwall firewall generated

--
************************************************************************
******************

 

sonicwallFwTrapRoot OBJECT IDENTIFIER ::= {sonicwallFwTrapModule 2}

 

 

swFwTrapAttack NOTIFICATION-TYPE

        OBJECTS {

            swTrapInfoTrapType,

            swTrapInfoTrapDescription

        }

        STATUS current

        DESCRIPTION

            "This trap indicates that the firewall have detected a
attack. 

             The bound objects provide more detailed information about
this problem."

    ::= { sonicwallFwTrapRoot 0 1 }

 

swFwTrapSysError NOTIFICATION-TYPE

        OBJECTS {

            swTrapInfoTrapType,

            swTrapInfoTrapDescription

        }

        STATUS current

        DESCRIPTION

            "This trap indicates that there is a system problem with the
SonicWALL appliance. 

             The bound objects provide more detailed information about
this problem."

    ::= { sonicwallFwTrapRoot 0 2 }

 

swFwTrapBlkWebSite NOTIFICATION-TYPE

        OBJECTS {

            swTrapInfoTrapType,

            swTrapInfoTrapDescription

        }

        STATUS current

        DESCRIPTION

            "This trap indicates that there is a web site was blocked by
the firewall.

             The bound objects provide more detailed information about
this problem."

    ::= { sonicwallFwTrapRoot 0 3}

 

END


--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi



More information about the mrtg mailing list