[mrtg] Re: MIB Files
Saul Gonzalez
sgonzalez at henwoodenergy.com
Wed Feb 19 21:30:01 MET 2003
When I got the MIB's from Sonicwall I only got 2. The Trap and the MIB
I posted earlier. I didn't get anything w/ values like you mentioned.
Should I be asking them for another MIB file or am I missing something?
Thanks
Saul
-----Original Message-----
From: McDonald, Dan [mailto:Dan.McDonald at austinenergy.com]
Sent: Wednesday, February 19, 2003 9:49 AM
To: Saul Gonzalez
Subject: RE: [mrtg] MIB Files
-----Original Message-----
From: Saul Gonzalez [mailto:sgonzalez at henwoodenergy.com]
Sent: Wednesday, February 19, 2003 11:01 AM
To: McDonald, Dan
Subject: RE: [mrtg] MIB Files
>Thanks for the info. Here is another one mib from them that is not a
>trap;
>I am very new to this. What is a trap snmp trap for?
Traps can be generated by a box on an exception basis. The trap mib
file is
used by a trap daemon to decode what it has received.
An SMI mib just defines things in a single place so that you don't have
to
put the definitions in over and over
again. You would need to use
loadmib: /whatever/your/path/is/SONICWALL-SMI.MIB
in addition to the mib that has the values you actually want to
monitor...
Then, you can refer to any of the names in the file. Say there is a
swfwconnections name. You should be able to create an entry like:
target[connections]:
swfwconnections.0&swfwconnections.0:obscurestring at 1.1.1.1
options[connections]: guage bits
any anything else you want to make it pretty....
Thanks
Saul
-- *****************************************************************
-- SONICWALL-SMI.MIB
--
-- February 2001, Susan Yan
--
-- Copyright (c) 2001 by SonicWall, Inc.
-- All rights reserved.
-- *****************************************************************
SONICWALL-SMI
--FORCE-INCLUDE <asn1conf.h>
--FORCE-INCLUDE <mib.h>
--FORCE-INCLUDE <snmpdefs.h>
--FORCE-INCLUDE "swMibhand.h"
DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
OBJECT-IDENTITY,
enterprises
FROM SNMPv2-SMI;
sonicwall MODULE-IDENTITY
LAST-UPDATED "200102230000Z"
ORGANIZATION "SonicWall, Inc."
CONTACT-INFO
" SonicWall Inc.
Postal: 1160 Bordeaux Dr.
Sunnyvale, CA 94089
USA
Tel: +1 408 745 9600
Fax: +1 408 745 9300
E-mail: product at sonicwall.com"
DESCRIPTION
"The MIB Module for Sonicwall enterprise."
REVISION "200102230000Z"
DESCRIPTION
"Initial version."
::= { enterprises 8741 }
sonicwallFw OBJECT-IDENTITY
STATUS current
DESCRIPTION
"sonicwallFw is the subtree for the sonicwall firewall
production."
::= { sonicwall 1 }
END
-----Original Message-----
From: McDonald, Dan [mailto:Dan.McDonald at austinenergy.com]
Sent: Tuesday, February 18, 2003 1:42 PM
To: Saul Gonzalez
Subject: RE: [mrtg] MIB Files
Well, a trap file isn't terribly useful, since mrtg is a poller, not a
trap
daemon....
But you would load the mib using the loadmibs: directive, then refer to
the
mib variables in your target statement (see the post I just did about
hrSystemUptime...)
Daniel J McDonald, CCIE #2495, CNX
Lan/Wan Integrator
Austin Energy
1.512.322.6739
dan.mcdonald at austinenergy.com
-----Original Message-----
From: Saul Gonzalez [mailto:sgonzalez at henwoodenergy.com]
Sent: Tuesday, February 18, 2003 12:40 PM
To: mrtg at list.ee.ethz.ch
Subject: [mrtg] MIB Files
I have several MIB files that I want to use to monitor several things
using MRTG, but I don't know how to use them. For example I have a mib
file with the following;
How do I use this information to be able to use MRTG?
Thanks
Saul
-- *****************************************************************
-- SONICWALL-FIREWALL-TRAP
--
-- February 2001, Susan Yan
--
-- Copyright (c) 2001 by SonicWall, Inc.
-- All rights reserved.
-- *****************************************************************
SONICWALL-FIREWALL-TRAP-MIB DEFINITIONS ::= BEGIN
IMPORTS
DisplayString,
TEXTUAL-CONVENTION FROM SNMPv2-TC
IpAddress,
snmpModules,
OBJECT-TYPE,
NOTIFICATION-TYPE,
MODULE-IDENTITY FROM SNMPv2-SMI
sonicwallFw FROM SONICWALL-SMI;
sonicwallFwTrapModule MODULE-IDENTITY
LAST-UPDATED "200102230000Z"
ORGANIZATION "SonicWall, Inc."
CONTACT-INFO
" SonicWall Inc.
Postal: 1160 Bordeaux Dr.
Sunnyvale, CA 94089
USA
Tel: +1 408 745 9600
Fax: +1 408 745 9300
E-mail: product at sonicwall.com"
DESCRIPTION
"The MIB Module for SonicWALL Firewall Trap."
REVISION "200102230000Z"
DESCRIPTION
"Initial version."
::= { sonicwallFw 1 }
-- *********************************************************************
-- Standard Traps
-- *********************************************************************
snmpTraps OBJECT IDENTIFIER ::= {snmpModules 1 1 5 }
coldStart NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"This trap signifies that the SonicWALL
appliance is re-initializing itself
such that the agent's configuration or the
appliance itself
implementation may be altered. "
::= { snmpTraps 1 }
warmStart NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"This trap signifies that the SonicWALL
appliance is re-initializing itself
such that neither the agent configuration nor
the appliance
implementation is altered. "
::= { snmpTraps 2 }
authenticationFailure NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"This trap signifies that the SonicWALL
appliance is the addressee of
a protocol message that is not properly
authenticated. "
::= { snmpTraps 5 }
-- *********************************************************************
-- Type define
-- *********************************************************************
MacAddress ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"ethernet address."
SYNTAX OCTET STRING (SIZE (6))
FwTrapType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Trap type of firewall. The type have 4 digitals, ABCD.
AB represent trap catalog, CD represent trap type in the
catalog."
SYNTAX INTEGER {
-- =========== Attack =================================================
trapTypePingOfDeathBlocked
(501), -- Ping of death blocked
trapTypeIPSpoofDetected
(502), -- IP spoof detected
trapTypePossibleSynFlood (503), --
Possible SYN flood attack
trapTypeProbableSynFlood (504), --
Probable SYN flood attack
trapTypeLandAttack
(505), -- Land Attack Dropped
trapTypeAttemptedAdminLoginFromWAN (506), -- Attempted
administrator login from WAN
trapTypeLogUnknownSpi
(507), -- Unknown IPSec SPI
trapTypeLogIpsecAuthFailure
(508), -- IPSec Authentication Failed
trapTypeLogIpsecDecryptFailure (509), -- IPSec
Decryption Failed
trapTypeLogIllegalIpsecPeer
(510), -- IPSec packet from or to an illegal host
trapTypeNetBusDropped
(511), -- NetBus Attack Dropped
trapTypeBackOrificeDropped
(512), -- Back Orifice Attack Dropped
trapTypeNetSpyDropped
(513), -- Net Spy Attack Dropped
trapTypeSub7Dropped
(514), -- Sub Seven Attack Dropped
trapTypeRipperDropped
(515), -- Ripper Attack Dropped
trapTypeStrikerDropped
(516), -- Striker Attack Dropped
trapTypeSennaSpyDropped
(517), -- Senna Spy Attack Dropped
trapTypePriorityDropped
(518), -- Priority Attack Dropped
trapTypeIniKillerDropped (519), --
Ini Killer Attack Dropped
trapTypeSmurfDropped
(520), -- Smurf Amplification Attack Dropped
trapTypePortScanPossible (521), --
Possible Port Scan
trapTypePortScanProbable (522), --
Probable Port Scan
trapTypeLogIkeProposalReject (523), -- IKE
Responder: IPSec proposal not acceptable
trapTypeAVReceivedAlert
(524), -- Received AV Alert
trapTypeLogAddTest
(525), -- Add an attack message
trapTypeAVExpiredMsg
(526), -- Received AV Alert: Your SonicWALL Network Anti-Virus
subscription has expired.
trapTypeForbiddenAttachment
(527), -- Forbidden E-mail attachment altered
trapTypeTcpFinScanDropped
(528), -- Probable TCP FIN scan
trapTypeTcpXmasScanDropped (529),
-- Probable TCP XMAS scan
trapTypeTcpNullScanDropped
(530), -- Probable TCP NULL scan
trapTypeReplayDetected
(531), -- IPSEC Replay Detected
trapTypeFakeCertFound
(532), -- Fraudulent Microsoft Certificate Blocked
trapTypeDhcpRelayIpSpoof (533), -- IP
spoof detected on packet to Central Gateway, packet dropped
-- =========== System Errors
=================================================
trapTypeLogFull
(601), -- Log full; deactivating SonicWALL
trapTypeLogProblemLoadingCheckSettings (602), -- Problem
loading the Filter list; check Filter settings
trapTypeLogProblemLoadingCheckDNS (603), --
Problem loading the Filter list; check your DNS server
trapTypeLogProblemEmailingCheckSettings (604), -- Problem
sending log email; check log settings
trapTypeIllegalLanAddressInUse
(605), -- Illegal LAN address in use
trapTypeNATCouldntRemap
(606), -- NAT could not remap incoming packet
trapTypeCacheFull
(607), -- The cache is full; %d open connections; some will be dropped
trapTypeConnDroppedTooManyIP (608),
-- License exceeded: Connection dropped because too many IP addresses
are in use on your LAN
trapTypeLogOutOfMemory
(609), -- Diagnostic Code E
trapTypeInternalErr
(610), -- Diagnostic Code D
trapTypeLogSuspendReboot
(611), -- Diagnostic Code A
trapTypeLogDeadlockReboot
(612), -- Diagnostic Code B
trapTypeLogLowMemReboot
(613), -- Diagnostic Code C
trapTypeHaIdlePrimary
(614), -- Primary firewall has transitioned to Idle
trapTypeHaMissedHeartbeatPrimary (615),
-- Primary missed heartbeats from Active Backup: Primary going Active
trapTypeHaMissedHeartbeatBackup
(616), -- Backup missed heartbeats from Active Primary: Backup going
Active
trapTypeHaErrorReceivedPrimary (617),
-- Primary received error signal from Active Backup: Primary going
Active
trapTypeHaErrorReceivedBackup (618),
-- Backup received error signal from Active Primary: Backup going Active
trapTypeHaBackupPreempt
(619), -- Backup firewall being preempted by Primary
trapTypeHaPrimaryPreempt
(620), -- Primary firewall preempting Backup
trapTypeLogHttpServerReboot
(621), -- Diagnostic Code F
trapTypeBackupActivePreempt
(622), -- Backup going Active in preempt mode after reboot
trapTypeCflUpdateApplianceNotRegistered (623), -- Problem
loading the Filter list; Appliance not registered.
trapTypeCflUpdateSubscriptionExpired (624), -- Problem
loading the Filter list; Subscription expired.
trapTypeCflUpdateErrorTransient
(625), -- Problem loading the Filter list; Try loading it again.
trapTypeCflUpdateErrorTransientAuto (626),
-- Problem loading the Filter list; Retrying later.
trapTypeCflUpdateErrorInternal
(627), -- Problem loading the Filter list; Flash write failure.
trapTypeCflApplianceCflExpired
(628), -- The loaded content filter list has expired.
trapTypeHaSetError
(629), -- Error setting the IP address of the backup, please manually
set to backup LAN IP
trapTypeHaSyncError
(630), -- Error updating HA peer configuration
trapTypeCflSubscriptionExpiredEmail (631),
-- Content filter subscription expired.
trapTypeDhcpRelayTableSyncFailure (632),
-- Failed to synchronize Relay IP Table
-- =========== Blocked Web Sites
=================================================
trapTypeWebSiteBlocked
(701), -- Web site blocked
trapTypeNewsgroupBlocked
(702), -- Newsgroup blocked
trapTypeWebSiteAccessed
(703), -- Web site accessed
trapTypeNewsgroupAccessed
(704), -- Newsgroup accessed
trapTypeProxyAccessBlocked
(705) -- Access to Proxy Server Blocked
}
-- **************************** Enterprise Specific Traps Information
*******************************
sonicwallFwTrapInfo OBJECT IDENTIFIER ::= {sonicwallFwTrapModule 1}
--
************************************************************************
******************
--
-- The swTrapInfoTable
--
-- This table contains information that is
-- for the basic event on the firewall.
--
************************************************************************
******************
swTrapInfoTable OBJECT IDENTIFIER ::= { sonicwallFwTrapInfo 1 }
swTrapInfoTrapType OBJECT-TYPE
SYNTAX FwTrapType
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"trap type ."
::= { swTrapInfoTable 1 }
swTrapInfoTrapDescription OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The description of the trap. "
::= { swTrapInfoTable 2 }
swTrapInfoSrcIpAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The source ip address. "
::= { swTrapInfoTable 3 }
swTrapInfoDstIpAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The destination ip address. "
::= { swTrapInfoTable 4 }
swTrapInfoSrcPort OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The destination port. "
::= { swTrapInfoTable 5 }
swTrapInfoDstPort OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The destination port. "
::= { swTrapInfoTable 6 }
swTrapInfoSrcMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The source MAC address. "
::= { swTrapInfoTable 7 }
swTrapInfoDstMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The destination MAC address. "
::= { swTrapInfoTable 8 }
swTrapInfoIpType OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The ip type. "
::= { swTrapInfoTable 9 }
swTrapInfoPrivMsg OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The additional message. "
::= { swTrapInfoTable 10 }
swTrapInfoIpAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The ip address. "
::= { swTrapInfoTable 11 }
--
************************************************************************
******************
--
-- sonicwall firewall trap group
--
-- This group defines the trap which sonicwall firewall generated
--
************************************************************************
******************
sonicwallFwTrapRoot OBJECT IDENTIFIER ::= {sonicwallFwTrapModule 2}
swFwTrapAttack NOTIFICATION-TYPE
OBJECTS {
swTrapInfoTrapType,
swTrapInfoTrapDescription
}
STATUS current
DESCRIPTION
"This trap indicates that the firewall have detected a
attack.
The bound objects provide more detailed information about
this problem."
::= { sonicwallFwTrapRoot 0 1 }
swFwTrapSysError NOTIFICATION-TYPE
OBJECTS {
swTrapInfoTrapType,
swTrapInfoTrapDescription
}
STATUS current
DESCRIPTION
"This trap indicates that there is a system problem with the
SonicWALL appliance.
The bound objects provide more detailed information about
this problem."
::= { sonicwallFwTrapRoot 0 2 }
swFwTrapBlkWebSite NOTIFICATION-TYPE
OBJECTS {
swTrapInfoTrapType,
swTrapInfoTrapDescription
}
STATUS current
DESCRIPTION
"This trap indicates that there is a web site was blocked by
the firewall.
The bound objects provide more detailed information about
this problem."
::= { sonicwallFwTrapRoot 0 3}
END
--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive http://www.ee.ethz.ch/~slist/mrtg
FAQ http://faq.mrtg.org Homepage http://www.mrtg.org
WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive http://www.ee.ethz.ch/~slist/mrtg
FAQ http://faq.mrtg.org Homepage http://www.mrtg.org
WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
More information about the mrtg
mailing list