1379 lines
51 KiB
Plaintext
1379 lines
51 KiB
Plaintext
-- *****************************************************************
|
|
-- CISCO-FIREWALL-MIB
|
|
--
|
|
-- April, 1999 Jim Fitzgerald
|
|
--
|
|
-- Copyright (c) 1999-2005, 2020 by cisco Systems Inc.
|
|
-- All rights reserved.
|
|
-- *****************************************************************
|
|
|
|
CISCO-FIREWALL-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
OBJECT-GROUP,
|
|
NOTIFICATION-GROUP,
|
|
MODULE-COMPLIANCE
|
|
FROM SNMPv2-CONF
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
NOTIFICATION-TYPE,
|
|
Counter32,
|
|
Gauge32,
|
|
Unsigned32,
|
|
IpAddress
|
|
FROM SNMPv2-SMI
|
|
DateAndTime,
|
|
TEXTUAL-CONVENTION,
|
|
RowPointer
|
|
FROM SNMPv2-TC
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
InterfaceIndexOrZero
|
|
FROM IF-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
|
|
ciscoFirewallMIB MODULE-IDENTITY
|
|
LAST-UPDATED "202010010000Z"
|
|
ORGANIZATION "Cisco Systems, Inc."
|
|
CONTACT-INFO
|
|
"Cisco Systems
|
|
Customer Service
|
|
|
|
Postal: 170 W Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
|
|
Tel: +1 800 553-NETS
|
|
|
|
E-mail: cs-pix@cisco.com
|
|
cs-iosfw@cisco.com"
|
|
DESCRIPTION
|
|
"MIB module for monitoring Cisco Firewalls."
|
|
REVISION "202010010000Z"
|
|
DESCRIPTION
|
|
"Added the cps current and cps Peak under cfwSystem as
|
|
scalars."
|
|
REVISION "200512060000Z"
|
|
DESCRIPTION
|
|
"Added the copyright statement and updated the imports
|
|
such that Unsigned32 is imported from SNMPv2-SMI instead
|
|
of CISCO-TC. Added a new NOTIFICATION-GROUP
|
|
ciscoFirewallMIBNotificationGroupRev1 to include all the
|
|
notifications defined in the MIB. Obsoleted the
|
|
OBJECT-GROUP ciscoFirewallMIBNotificationGroup. Deprecated
|
|
the MODULE-COMPLIANCE ciscoFirewallMIBCompliance and added
|
|
a new MODULE-COMPLIANCE ciscoFirewallMIBComplianceRev1."
|
|
REVISION "9904291200Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { ciscoMgmt 147 }
|
|
|
|
|
|
ciscoFirewallMIBObjects OBJECT IDENTIFIER
|
|
::= { ciscoFirewallMIB 1 }
|
|
|
|
cfwEvents OBJECT IDENTIFIER
|
|
::= { ciscoFirewallMIBObjects 1 }
|
|
|
|
cfwBasicEvents OBJECT IDENTIFIER
|
|
::= { cfwEvents 1 }
|
|
|
|
cfwNetEvents OBJECT IDENTIFIER
|
|
::= { cfwEvents 2 }
|
|
|
|
cfwSystem OBJECT IDENTIFIER
|
|
::= { ciscoFirewallMIBObjects 2 }
|
|
|
|
cfwStatus OBJECT IDENTIFIER
|
|
::= { cfwSystem 1 }
|
|
|
|
cfwStatistics OBJECT IDENTIFIER
|
|
::= { cfwSystem 2 }
|
|
|
|
|
|
-- Textual Conventions
|
|
|
|
ResourceStatistics ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention is used to identify various statistics
|
|
that are related to the resources on a firewall.
|
|
|
|
highUse : The highest load the resource has had for a
|
|
time period. The time period will be
|
|
implementation dependent.
|
|
highLoad : The highest load the resource has had since
|
|
startup.
|
|
maximum : The maximum amount of the resource that is
|
|
available.
|
|
minimum : The minimum amount of the resource that is
|
|
available.
|
|
low : The lowest amount of the resource that has been
|
|
available since startup.
|
|
high : The highest amount of the resource that has been
|
|
available since startup.
|
|
average : The average amount of the resource that has been
|
|
available since startup.
|
|
free : The amount of the resource that is currently
|
|
available since startup.
|
|
inUse : The amount of the resource that is currently
|
|
in use, eg. CPU usage, memory usage."
|
|
SYNTAX INTEGER {
|
|
highUse(1),
|
|
highLoad(2),
|
|
maximum(3),
|
|
minimum(4),
|
|
low(5),
|
|
high(6),
|
|
average(7),
|
|
free(8),
|
|
inUse(9)
|
|
}
|
|
|
|
Hardware ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention is used to describe various hardware
|
|
resouces that can be monitored by the firewall.
|
|
|
|
memory - identifies memory.
|
|
disk - identifies disk.
|
|
power - identifies power.
|
|
netInterface - identifies a network interface.
|
|
tape - identifies a tape drive.
|
|
controller - identifies hardware controller.
|
|
cpu - identifies CPU.
|
|
primaryUnit - identifies the primary unit of the two
|
|
identical firewalls configured redundancy.
|
|
secondaryUnit - identifies the secondary unit of the two
|
|
identical firewalls configured redundancy.
|
|
other - identifies other hardware."
|
|
SYNTAX INTEGER {
|
|
memory(1),
|
|
disk(2),
|
|
power(3),
|
|
netInterface(4),
|
|
cpu(5),
|
|
primaryUnit(6),
|
|
secondaryUnit(7),
|
|
other(8)
|
|
}
|
|
|
|
Services ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention is used to describe various services
|
|
that are monitored by the firewall.
|
|
|
|
otherFWService - a service that does not fit into any
|
|
other category.
|
|
fileXferFtp - identifies FTP, File Transfer Protocol.
|
|
fileXferTftp - identifies TFTP, Trivial File
|
|
Transfer Protocol
|
|
fileXferFtps - identifies FTP, File Transfer
|
|
Protocol running over Secure Sockets Layer.
|
|
loginTelnet - identifies telnet
|
|
loginRlogin - identifies rlogin.
|
|
loginTelnets - identifies telnet over
|
|
Secure Sockets Layer(SSL).
|
|
remoteExecSunRPC - identifies Sun Remote
|
|
Procedure Call Protocol.
|
|
remoteExecMSRPC - identifies Microsoft Remote
|
|
Procedure Call Protocol.
|
|
remoteExecRsh - identifies the remote shell.
|
|
remoteExecXserver - identifies the Xwindows server.
|
|
webHttp - identifies Hyper Text Transfer Protocol.
|
|
webHttps - identifies the secure HTTP protocol.
|
|
mailSmtp - identifies SMTP, Simple Mail Transfer Protocol.
|
|
mailSmtps - identifies SMTP, Simple Mail Transfer Protocol
|
|
running over Secure Sockets Layer (SSL).
|
|
multimediaStreamworks - identifies streamworks.
|
|
multimediaH323 - identifies H323.
|
|
multimediaNetShow - identifies NetShow.
|
|
multimediaVDOLive - identifies vDOLive.
|
|
multimediaRealAV - identifies RealAV.
|
|
multimediaRTSP - identifies Real Time Streaming Protocol
|
|
dbOracle - identifies Oracle's SQL*Net.
|
|
dbMSsql - identifies MicroSoft SQL.
|
|
contInspProgLang - identifies a payload as a programming
|
|
language such as Java or ActiveX.
|
|
contInspUrl - identifies a payload as a URL.
|
|
directoryNis - identifies NIS, Network Information Service.
|
|
directoryDns - identifies DNS, Domain Name Service.
|
|
directoryNetbiosns - identifies NetBIOSNS - NetBIOS Name Service.
|
|
directoryNetbiosdgm - identifies NetBIOSNS - NetBIOS
|
|
datagram Service.
|
|
directoryNetbiosssn - identifies NetBIOSNS - NetBIOS
|
|
Session Service.
|
|
directoryWins - identifies Windows Internet Naming
|
|
Service (WINS).
|
|
qryWhois - identifies WhoIs service.
|
|
qryFinger - identifies finger.
|
|
qryIdent - identifies Ident.
|
|
fsNfsStatus - identifies Network File System (NFS) Status.
|
|
fsNfs - identifies Network File System (NFS).
|
|
fsCifs - identifies CIFS, Common Internet
|
|
File Service.
|
|
protoIcmp - identifies ICMP, Internet Control Message Protocol.
|
|
protoTcp - identifies TCP, Transmission Control Protocol.
|
|
protoUdp - identifies UDP, User Datagram Protocol.
|
|
protoIp - identifies IP, Internet Protocol.
|
|
protoSnmp - identifies SNMP, Simple Network Management Protocol."
|
|
SYNTAX INTEGER {
|
|
otherFWService(1),
|
|
fileXferFtp(2),
|
|
fileXferTftp(3),
|
|
fileXferFtps(4),
|
|
loginTelnet(5),
|
|
loginRlogin(6),
|
|
loginTelnets(7),
|
|
remoteExecSunRPC(8),
|
|
remoteExecMSRPC(9),
|
|
remoteExecRsh(10),
|
|
remoteExecXserver(11),
|
|
webHttp(12),
|
|
webHttps(13),
|
|
mailSmtp(14),
|
|
multimediaStreamworks(15),
|
|
multimediaH323(16),
|
|
multimediaNetShow(17),
|
|
multimediaVDOLive(18),
|
|
multimediaRealAV(19),
|
|
multimediaRTSP(20),
|
|
dbOracle(21),
|
|
dbMSsql(22),
|
|
contInspProgLang(23),
|
|
contInspUrl(24),
|
|
directoryNis(25),
|
|
directoryDns(26),
|
|
directoryNetbiosns(27),
|
|
directoryNetbiosdgm(28),
|
|
directoryNetbiosssn(29),
|
|
directoryWins(30),
|
|
qryWhois(31),
|
|
qryFinger(32),
|
|
qryIdent(33),
|
|
fsNfsStatus(34),
|
|
fsNfs(35),
|
|
fsCifs(36),
|
|
protoIcmp(37),
|
|
protoTcp(38),
|
|
protoUdp(39),
|
|
protoIp(40),
|
|
protoSnmp(41)
|
|
}
|
|
|
|
HardwareStatus ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention is used to describe various events
|
|
that are related to the resources on a firewall.
|
|
other : Generic resource event.
|
|
up : The resource is in service.
|
|
down : The resource is not in service.
|
|
error : There has been an error for this resource.
|
|
overTemp : The resource is overheating.
|
|
busy : The resource is busy.
|
|
noMedia : A device doesn't have its needed media.
|
|
backup : Processing has switched to the backup.
|
|
active : This is the active unit.
|
|
standby : This is the standby unit."
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
up(2),
|
|
down(3),
|
|
error(4),
|
|
overTemp(5),
|
|
busy(6),
|
|
noMedia(7),
|
|
backup(8),
|
|
active(9),
|
|
standby(10)
|
|
}
|
|
|
|
SecurityEvent ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention is used to describe various
|
|
security-related events and statistics on a firewall.
|
|
|
|
other : Generic attack event.
|
|
none : No attack is occurring, an informational
|
|
event.
|
|
dos : A denial of service attack has been detected.
|
|
recon : A pattern of reconnaissance activity has been
|
|
detected.
|
|
pakFwd : A packet forwarding attack has been detected.
|
|
addrSpoof : A spoofed address has been detected.
|
|
svcSpoof : A spoofed service (eg., DNS) has been detected.
|
|
thirdParty : This site is being used as a third-party for
|
|
an attack on another network. For example, the
|
|
'smurf' attack or email spamming.
|
|
complete : An attack has terminated
|
|
invlPak : An invalid packet with attack characteristics
|
|
has been detected.
|
|
illegCmd : An illegal command has been found.
|
|
policy : An attempt has reen made to violate a security
|
|
policy."
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
none(2),
|
|
dos(3),
|
|
recon(4),
|
|
pakFwd(5),
|
|
addrSpoof(6),
|
|
svcSpoof(7),
|
|
thirdParty(8),
|
|
complete(9),
|
|
invalPak(10),
|
|
illegCom(11),
|
|
policy(12)
|
|
}
|
|
|
|
ContentInspectionEvent ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Content inspection events, these events report that
|
|
something was found in the application payload. The
|
|
details entry in the event can report on what was
|
|
found (eg., virus, company private info., etc), what it
|
|
was found in (eg., html, win32 executable, e-mail), and
|
|
what was done with it (eg., the quarantine location).
|
|
|
|
other : A content inspection event. Used to indicate
|
|
that some content inspection has occurred that
|
|
is not covered by the other content inspection
|
|
enumerations.
|
|
okay : The check of the content was okay, nothing 'bad'
|
|
was found.
|
|
error : There was an error while checking the content.
|
|
found : Something was found that the content inspection
|
|
engine has determined merits attention.
|
|
clean : The content inspection engine has found something
|
|
that violates the security policy and has
|
|
neutralized the content in the data flow.
|
|
reject : The content inspection engine has found something
|
|
that violates the security policy and has discarded
|
|
the content.
|
|
saved : The content inspection engine has found something
|
|
that violates the security policy and has stored
|
|
it in a quarentine storage area."
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
okay(2),
|
|
error(3),
|
|
found(4),
|
|
clean(5),
|
|
reject(6),
|
|
saved(7)
|
|
}
|
|
|
|
ConnectionEvent ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention is used to describe various events
|
|
and statistics that are related to the connections that
|
|
occur on a firewall.
|
|
|
|
other : A generic connection event.
|
|
accept : A connection has been acccepted.
|
|
error : An error has occurred for a connection.
|
|
drop : The connection has been dropped.
|
|
close : A connection has been closed.
|
|
timeout : A connection has been timed out.
|
|
refused : A connection has been refused.
|
|
reset : A connection has been reset.
|
|
noResp : A connection has received no response."
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
accept(2),
|
|
error(3),
|
|
drop(4),
|
|
close(5),
|
|
timeout(6),
|
|
refused(7),
|
|
reset(8),
|
|
noResp(9)
|
|
}
|
|
|
|
ConnectionStat ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention is used to describe various
|
|
connections statistics.
|
|
|
|
other : A generic connection event.
|
|
totalOpen : Total open connections since reboot.
|
|
currentOpen : The number of connections currently open.
|
|
currentClosing : The number of connections currently closing.
|
|
currentHalfOpen : The number of connections currently half-open.
|
|
currentInUse : The number of connections currently in use.
|
|
high : The highest number of connections in use at
|
|
any one time since system startup."
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
totalOpen(2),
|
|
currentOpen(3),
|
|
currentClosing(4),
|
|
currentHalfOpen(5),
|
|
currentInUse(6),
|
|
high(7)
|
|
}
|
|
|
|
AccessEvent ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention is used to describe various events
|
|
and statistics that are related to the access control on a
|
|
firewall.
|
|
|
|
other : Miscellaneous access event.
|
|
grant : A service has allowed access based on all
|
|
of its access checks.
|
|
deny : a client was denied use of a service.
|
|
denyMult : A client was denied use of a service
|
|
multiple times.
|
|
error : An error has ocurred during the access
|
|
control process."
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
grant(2),
|
|
deny(3),
|
|
denyMult(4),
|
|
error(5)
|
|
}
|
|
|
|
AuthenticationEvent ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention is used to describe various events
|
|
and statistics that are related to authorization.
|
|
|
|
other : Miscellaneous authentication event.
|
|
succ : A client successfuly authenticated.
|
|
error : Error while authenticating.
|
|
fail : A client failed an authenticating.
|
|
succPriv : A client accessed a service with special
|
|
privileges.
|
|
failPriv : A client failed to access a service with
|
|
special privileges.
|
|
failMult : Multiple failed authentication attempts by
|
|
a client."
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
succ(2),
|
|
error(3),
|
|
fail(4),
|
|
succPriv(5),
|
|
failPriv(6),
|
|
failMult(7)
|
|
}
|
|
|
|
GenericEvent ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Generic Events - events for which there is no more specific
|
|
enumeration
|
|
abnormal : An abnormal event has occurred that is neither
|
|
'okay' nor an 'error'.
|
|
okay : A normal event occurred or the system has changed
|
|
from an abnormal state to a normal state
|
|
error : An error event occurred"
|
|
SYNTAX INTEGER {
|
|
abnormal(1),
|
|
okay(2),
|
|
error(3)
|
|
}
|
|
|
|
-- The cfwBasicEventsGroup
|
|
--
|
|
-- This group defines the table containing information that is
|
|
-- for every logged event on the firewall. The table is
|
|
-- defined along with one variable to obtain the index value of
|
|
-- the last row in the table. The table is indexed by the
|
|
-- integer-valued cfwBasicEventIndex which is assigned to events
|
|
-- in ascending chronological order, such that the oldest event
|
|
-- stored in the table has the numerically smallest value of
|
|
-- cfwBasicEventIndex."
|
|
--
|
|
-- The index of the last row also indicates the total number
|
|
-- modulo 2**32 of events logged in the table since reboot.
|
|
-- Events are not retained across reboots.
|
|
|
|
cfwBasicEventsTableLastRow OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index value of the most recently created row
|
|
in the cfwBasicEventsTable. This number starts at
|
|
1 and increase by one with each new log entry. When
|
|
this number wraps, all events are deleted."
|
|
::= { cfwBasicEvents 1 }
|
|
|
|
cfwBasicEventsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CfwBasicEventsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table of basic data for firewall events. The agent
|
|
may choose to delete the instances of cfwBasicEventsEntry
|
|
as required because of lack of memory. The oldest Events
|
|
will be selected first for deletion."
|
|
::= { cfwBasicEvents 2 }
|
|
|
|
cfwBasicEventsEntry OBJECT-TYPE
|
|
SYNTAX CfwBasicEventsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the table, containing general information
|
|
about an event. This table will always be sparse, i.e.,
|
|
each row will instanciate only a subet of the columnar
|
|
objects."
|
|
INDEX { cfwBasicEventIndex }
|
|
::= { cfwBasicEventsTable 1 }
|
|
|
|
CfwBasicEventsEntry ::= SEQUENCE {
|
|
cfwBasicEventIndex Unsigned32,
|
|
cfwBasicEventTime DateAndTime,
|
|
cfwBasicSecurityEventType SecurityEvent,
|
|
cfwBasicContentInspEventType ContentInspectionEvent,
|
|
cfwBasicConnectionEventType ConnectionEvent,
|
|
cfwBasicAccessEventType AccessEvent,
|
|
cfwBasicAuthenticationEventType AuthenticationEvent,
|
|
cfwBasicGenericEventType GenericEvent,
|
|
cfwBasicEventDescription SnmpAdminString,
|
|
cfwBasicEventDetailsTableRow RowPointer
|
|
}
|
|
|
|
cfwBasicEventIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that uniquely identifies an entry in the
|
|
log table. These indices are assigned beginning
|
|
with 1 and increase by one with each new event logged."
|
|
::= { cfwBasicEventsEntry 1 }
|
|
|
|
cfwBasicEventTime OBJECT-TYPE
|
|
SYNTAX DateAndTime
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time that the event occurred."
|
|
::= { cfwBasicEventsEntry 2 }
|
|
|
|
cfwBasicSecurityEventType OBJECT-TYPE
|
|
SYNTAX SecurityEvent
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of security-related event that this row contains.
|
|
If the event is not security-related this object will not
|
|
be instantiated."
|
|
::= { cfwBasicEventsEntry 3 }
|
|
|
|
cfwBasicContentInspEventType OBJECT-TYPE
|
|
SYNTAX ContentInspectionEvent
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of content inspection-related event that this row
|
|
contains. If the event is not content inspection-related
|
|
this object will not be instantiated."
|
|
::= { cfwBasicEventsEntry 4 }
|
|
|
|
cfwBasicConnectionEventType OBJECT-TYPE
|
|
SYNTAX ConnectionEvent
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of connection-related event that this row contains.
|
|
If the event is not connection-related this object will not
|
|
be instantiated."
|
|
::= { cfwBasicEventsEntry 5 }
|
|
|
|
cfwBasicAccessEventType OBJECT-TYPE
|
|
SYNTAX AccessEvent
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of access-related event that this row contains.
|
|
If the event is not access-related this object will not be
|
|
instantiated."
|
|
::= { cfwBasicEventsEntry 6 }
|
|
|
|
cfwBasicAuthenticationEventType OBJECT-TYPE
|
|
SYNTAX AuthenticationEvent
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of authentication-related event that this row
|
|
contains. If the event is not authentication-related this
|
|
object will not be instantiated."
|
|
::= { cfwBasicEventsEntry 7 }
|
|
|
|
cfwBasicGenericEventType OBJECT-TYPE
|
|
SYNTAX GenericEvent
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of generic event that this row contains. If the
|
|
event does not fall into one of the other categories this
|
|
object will be populated. Otherwise, this object will not
|
|
be instantiated."
|
|
::= { cfwBasicEventsEntry 8 }
|
|
|
|
cfwBasicEventDescription OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A description of the event. The value of the object may
|
|
be a zero-length string."
|
|
::= { cfwBasicEventsEntry 9 }
|
|
|
|
cfwBasicEventDetailsTableRow OBJECT-TYPE
|
|
SYNTAX RowPointer
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A pointer to a row in the table containing details
|
|
about this event. Generally, the table will be the
|
|
cfwNetEventsTable but a Cisco-defined table may also
|
|
appear here. If there there is no more detailed
|
|
information for this event the value of this object
|
|
will have the value {0 0}."
|
|
::= { cfwBasicEventsEntry 10 }
|
|
|
|
|
|
|
|
-- Network Events
|
|
--
|
|
-- A details table with information related to network events
|
|
-- or events involving "users" of the firewall resources and services
|
|
-- (eg., traffic flows through the firewall or a user authenticating
|
|
-- to use a firewall service).
|
|
|
|
cfwNetEventsTableLastRow OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index value of the last row in the
|
|
cfwNetEventsTable. This number starts at 1 and
|
|
increase by one with each new log entry. When this
|
|
number wraps, all events are deleted."
|
|
::= { cfwNetEvents 1 }
|
|
|
|
cfwNetEventsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CfwNetEventsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table of detailed data for network events. The
|
|
agent may choose to delete the instances of
|
|
cfwBasicEventsEntry as required because of lack of
|
|
memory. It is an implementation-specific matter as
|
|
to when this deletion may occur. It is recommended
|
|
that the oldest log instances are deleted first."
|
|
::= { cfwNetEvents 2 }
|
|
|
|
cfwNetEventsEntry OBJECT-TYPE
|
|
SYNTAX CfwNetEventsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the table, containing detailed information
|
|
about an event. Note that this table may be sparse.
|
|
If Network Address Translation is not enabled
|
|
cfwNetEventInsideSrcIpAddress and
|
|
cfwNetEventInsideDstIpAddress will not be instantiated
|
|
in the row. If Port Address Translation is not enabled
|
|
cfwNetEventInsideSrcIpPort and
|
|
cfwNetEventInsideDstIpPort will not be instantiated
|
|
in the row. Entries are added to this table at the
|
|
same time that events are added to the cfwBasicEventsTable.
|
|
These two tables may be configured to be different
|
|
sizes so there may not be a one-to-one correspondence
|
|
between rows in the two tables."
|
|
INDEX { cfwNetEventIndex }
|
|
::= { cfwNetEventsTable 1 }
|
|
|
|
CfwNetEventsEntry ::= SEQUENCE {
|
|
cfwNetEventIndex Unsigned32,
|
|
cfwNetEventInterface InterfaceIndexOrZero,
|
|
cfwNetEventSrcIpAddress IpAddress,
|
|
cfwNetEventInsideSrcIpAddress IpAddress,
|
|
cfwNetEventDstIpAddress IpAddress,
|
|
cfwNetEventInsideDstIpAddress IpAddress,
|
|
cfwNetEventSrcIpPort INTEGER,
|
|
cfwNetEventInsideSrcIpPort INTEGER,
|
|
cfwNetEventDstIpPort INTEGER,
|
|
cfwNetEventInsideDstIpPort INTEGER,
|
|
cfwNetEventService Services,
|
|
cfwNetEventServiceInformation SnmpAdminString,
|
|
cfwNetEventIdentity SnmpAdminString,
|
|
cfwNetEventDescription SnmpAdminString
|
|
}
|
|
|
|
cfwNetEventIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index that uniquely identifies an entry in the
|
|
log table. These indices are assigned beginning with
|
|
one and increase by one with each new log entry. When
|
|
this number wraps, all events are deleted in order to
|
|
allow the NMS to differentiate between old and new
|
|
events."
|
|
::= { cfwNetEventsEntry 1 }
|
|
|
|
cfwNetEventInterface OBJECT-TYPE
|
|
SYNTAX InterfaceIndexOrZero
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interface most closely associated with this event.
|
|
For example, for an event that relates to the receipt of
|
|
a packet, this object identifies the interface on which
|
|
the packet was received. If there are multiple interfaces
|
|
associated with an event, the interface most closely
|
|
associated with the cause of the event will be used.
|
|
For example, for an event for the setup of a TCP
|
|
connection, the interface on the initiator's side
|
|
of the connection would be preferred. If there is no
|
|
associated interface, then this object has the value zero."
|
|
::= { cfwNetEventsEntry 2 }
|
|
|
|
cfwNetEventSrcIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP address in the IP packet that caused the
|
|
event. If there is no packet associated with the
|
|
event this object has the value of zero. If the event is
|
|
the result of multiple packets with different source
|
|
addresses, this value may be zero or an address taken
|
|
from an arbitrarily chosen packet in the sequence of
|
|
packets causing the event."
|
|
::= { cfwNetEventsEntry 3 }
|
|
|
|
cfwNetEventInsideSrcIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP address after Network Address Translation
|
|
has been applied. If NAT has not been applied to the
|
|
source address in this packet this object will not
|
|
be instantiated, resulting in a sparse table. If the
|
|
event is the result of multiple packets with different
|
|
source addresses, this value may be zero or an address
|
|
taken from an arbitrarily chosen packet in the sequence
|
|
of packets causing the event."
|
|
::= { cfwNetEventsEntry 4 }
|
|
|
|
cfwNetEventDstIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP address in the IP packet that caused
|
|
the event. If there is no packet associated with
|
|
the event this object has the value of zero. If the event
|
|
is the result of multiple packets with different destination
|
|
addresses, this value may be zero or an address taken
|
|
from an arbitrarily chosen packet in the sequence of
|
|
packets causing the event."
|
|
::= { cfwNetEventsEntry 5 }
|
|
|
|
cfwNetEventInsideDstIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP address after Network Address Translation
|
|
has been applied. If NAT has not been applied to the
|
|
destination address in this packet this object will not
|
|
be instantiated, resulting in a sparse table. If the event
|
|
is the result of multiple packets with different destination
|
|
addresses, this value may be zero or an address taken
|
|
from an arbitrarily chosen packet in the sequence of
|
|
packets causing the event."
|
|
::= { cfwNetEventsEntry 6 }
|
|
|
|
cfwNetEventSrcIpPort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source UDP/TCP port in the IP packet that caused
|
|
the event. If there is no packet associated with the
|
|
event this object has the value of zero. If the event
|
|
is the result of multiple packets with different source
|
|
ports, this value may be zero or a port taken from an
|
|
arbitrarily chosen packet in the sequence of packets
|
|
causing the event."
|
|
::= { cfwNetEventsEntry 7 }
|
|
|
|
cfwNetEventInsideSrcIpPort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source UDP/TCP port after Port Address Translation
|
|
has been applied. If PAT has not been applied to the
|
|
source port in this packet this object will not be
|
|
instantiated, resulting in a sparse table. If the
|
|
event is the result of multiple packets with different
|
|
source ports, this value may be zero or a port taken
|
|
from an arbitrarily chosen packet in the sequence of
|
|
packets causing the event."
|
|
::= { cfwNetEventsEntry 8 }
|
|
|
|
cfwNetEventDstIpPort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination UDP/TCP port in the IP packet that caused
|
|
the event. If there is no packet associated with the
|
|
event this object has the value of zero. If the event is
|
|
the result of multiple packets with different destination
|
|
ports, this value may be zero or a port taken from an
|
|
arbitrarily chosen packet in the sequence of packets
|
|
causing the event."
|
|
::= { cfwNetEventsEntry 9 }
|
|
|
|
cfwNetEventInsideDstIpPort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination UDP/TCP port after Port Address Translation
|
|
has been applied. If PAT has not been applied to the
|
|
Destination port in this packet this object will not be
|
|
instantiated, resulting in a sparse table. If the event
|
|
is the result of multiple packets with different
|
|
destination ports, this value may be zero or a port
|
|
taken from an arbitrarily chosen packet in the sequence
|
|
of packets causing the event."
|
|
::= { cfwNetEventsEntry 10 }
|
|
|
|
cfwNetEventService OBJECT-TYPE
|
|
SYNTAX Services
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The identification of the type of service involved
|
|
with this event."
|
|
::= { cfwNetEventsEntry 11 }
|
|
|
|
cfwNetEventServiceInformation OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specific service information. This can be used to
|
|
describe the particular service indentified by
|
|
cfwNetEventService and can reflect whether the service
|
|
is a local service or a gateway service. For example,
|
|
if the value for cfwNetEventService is loginTelnet
|
|
then the string provided might be 'local telnet'."
|
|
::= { cfwNetEventsEntry 12 }
|
|
|
|
cfwNetEventIdentity OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object will contain a description of the entity that
|
|
caused the event. The entity could be a userid, username,
|
|
processid or other identifier for the entity using the service.
|
|
If there is no such information then this object will contain
|
|
a zero-length string."
|
|
::= { cfwNetEventsEntry 13 }
|
|
|
|
cfwNetEventDescription OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A detailed description of the event."
|
|
::= { cfwNetEventsEntry 14 }
|
|
|
|
|
|
-- The cfwHardwareStatus
|
|
--
|
|
-- The resource information related queries, this table is for
|
|
-- providing the status of the resources on the firewall. Resources
|
|
-- can include hardware or software modules on the firewall.
|
|
|
|
cfwHardwareStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CfwHardwareStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table of firewall cfwHardwareStatusEntry entries."
|
|
::= { cfwStatus 1 }
|
|
|
|
cfwHardwareStatusEntry OBJECT-TYPE
|
|
SYNTAX CfwHardwareStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the table, containing status information
|
|
about a resource."
|
|
INDEX { cfwHardwareType }
|
|
::= { cfwHardwareStatusTable 1 }
|
|
|
|
CfwHardwareStatusEntry ::= SEQUENCE {
|
|
cfwHardwareType Hardware,
|
|
cfwHardwareInformation SnmpAdminString,
|
|
cfwHardwareStatusValue HardwareStatus,
|
|
cfwHardwareStatusDetail SnmpAdminString
|
|
}
|
|
|
|
cfwHardwareType OBJECT-TYPE
|
|
SYNTAX Hardware
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The hardware type for which this row provides
|
|
status information."
|
|
::= { cfwHardwareStatusEntry 1 }
|
|
|
|
cfwHardwareInformation OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A detailed textual description of the resource
|
|
identified by cfwHardwareType."
|
|
::= { cfwHardwareStatusEntry 2 }
|
|
|
|
cfwHardwareStatusValue OBJECT-TYPE
|
|
SYNTAX HardwareStatus
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object contains the current status of the resource."
|
|
::= { cfwHardwareStatusEntry 3 }
|
|
|
|
cfwHardwareStatusDetail OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A detailed textual description of the current status of
|
|
the resource which may provide a more specific description
|
|
than cfwHardwareStatusValue."
|
|
::= { cfwHardwareStatusEntry 4 }
|
|
|
|
|
|
-- The cfwBufferStatistics
|
|
--
|
|
-- This table is for providing the statistics for the buffers
|
|
-- on the firewall.
|
|
|
|
cfwBufferStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CfwBufferStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table conatining status information about a firewall's
|
|
buffers."
|
|
::= { cfwStatistics 1 }
|
|
|
|
cfwBufferStatsEntry OBJECT-TYPE
|
|
SYNTAX CfwBufferStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the table, containing status information
|
|
about a particular statistic for the set of buffers
|
|
of a particular size."
|
|
INDEX {
|
|
cfwBufferStatSize,
|
|
cfwBufferStatType
|
|
}
|
|
::= { cfwBufferStatsTable 1 }
|
|
|
|
CfwBufferStatsEntry ::= SEQUENCE {
|
|
cfwBufferStatSize Unsigned32,
|
|
cfwBufferStatType ResourceStatistics,
|
|
cfwBufferStatInformation SnmpAdminString,
|
|
cfwBufferStatValue Gauge32
|
|
}
|
|
|
|
cfwBufferStatSize OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object contains the size of the set of buffers
|
|
for which this row contains the statistics given by
|
|
cfwBufferStatType."
|
|
::= { cfwBufferStatsEntry 1 }
|
|
|
|
cfwBufferStatType OBJECT-TYPE
|
|
SYNTAX ResourceStatistics
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the type of statistic given by
|
|
this row for the particular set of buffers identified by
|
|
cfwBufferStatSize."
|
|
::= { cfwBufferStatsEntry 2 }
|
|
|
|
cfwBufferStatInformation OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A detailed textual description of the statistic
|
|
identified by cfwBufferStatType."
|
|
::= { cfwBufferStatsEntry 3 }
|
|
|
|
cfwBufferStatValue OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of the buffer statistic."
|
|
::= { cfwBufferStatsEntry 4 }
|
|
|
|
|
|
-- The Firewall Connection Statistics Table
|
|
--
|
|
-- This table can be used to provide the statistics for firewall
|
|
-- connection events or services. These "connections" can be
|
|
-- connections in a loose sense of the word - a UDP transaction
|
|
-- would qualify as a connection if the firewall maintains
|
|
-- state information to monitor the packets traversing the firewall
|
|
-- for this "connection". A uni-directional UDP "connection" could be
|
|
-- described as being "half-open" by a value of 'halfOpen' in
|
|
-- cfwConnectionStatType.
|
|
--
|
|
-- This table contains multiple rows for each service to which the
|
|
-- statistic applies.
|
|
|
|
cfwConnectionStatTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CfwConnectionStatEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table of firewall statistic instances."
|
|
::= { cfwStatistics 2 }
|
|
|
|
cfwConnectionStatEntry OBJECT-TYPE
|
|
SYNTAX CfwConnectionStatEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the table, containing information about a
|
|
firewall statistic."
|
|
INDEX {
|
|
cfwConnectionStatService,
|
|
cfwConnectionStatType
|
|
}
|
|
::= { cfwConnectionStatTable 1 }
|
|
|
|
CfwConnectionStatEntry ::= SEQUENCE {
|
|
cfwConnectionStatService Services,
|
|
cfwConnectionStatType ConnectionStat,
|
|
cfwConnectionStatDescription SnmpAdminString,
|
|
cfwConnectionStatCount Counter32,
|
|
cfwConnectionStatValue Gauge32
|
|
}
|
|
|
|
cfwConnectionStatService OBJECT-TYPE
|
|
SYNTAX Services
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The identification of the type of connection providing
|
|
statistics."
|
|
::= { cfwConnectionStatEntry 1 }
|
|
|
|
cfwConnectionStatType OBJECT-TYPE
|
|
SYNTAX ConnectionStat
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The state of the connections that this row contains
|
|
statistics for."
|
|
::= { cfwConnectionStatEntry 2 }
|
|
|
|
cfwConnectionStatDescription OBJECT-TYPE
|
|
SYNTAX SnmpAdminString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A detailed textual description of this statistic."
|
|
::= { cfwConnectionStatEntry 3 }
|
|
|
|
cfwConnectionStatCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is an integer that contains the value of the
|
|
resource statistic. If a type of 'gauge' is more
|
|
appropriate this object will be omitted resulting
|
|
in a sparse table."
|
|
::= { cfwConnectionStatEntry 4 }
|
|
|
|
cfwConnectionStatValue OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is an integer that contains the value of the
|
|
resource statistic. If a type of 'counter' is more
|
|
appropriate this object will be omitted resulting
|
|
in a sparse table."
|
|
::= { cfwConnectionStatEntry 5 }
|
|
|
|
cfwConnectionPerSecond OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
UNITS "Connections per second"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current cps rate on the firewall."
|
|
::= { cfwStatistics 3 }
|
|
|
|
cfwConnectionPerSecondPeak OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
UNITS "Connections per second"
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The peak cps rate hit on the firewall."
|
|
::= { cfwStatistics 4 }
|
|
|
|
-- Notifications
|
|
|
|
ciscoFirewallMIBNotificationPrefix OBJECT IDENTIFIER
|
|
::= { ciscoFirewallMIB 2 }
|
|
|
|
ciscoFirewallMIBNotifications OBJECT IDENTIFIER
|
|
::= { ciscoFirewallMIBNotificationPrefix 0 }
|
|
|
|
|
|
cfwSecurityNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
cfwBasicEventTime,
|
|
cfwBasicSecurityEventType,
|
|
cfwBasicEventDescription,
|
|
cfwBasicEventDetailsTableRow
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is used for events involving security
|
|
events. The included objects provide more detailed
|
|
information about the event."
|
|
::= { ciscoFirewallMIBNotifications 2 }
|
|
|
|
cfwContentInspectNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
cfwBasicEventTime,
|
|
cfwBasicContentInspEventType,
|
|
cfwBasicEventDescription,
|
|
cfwBasicEventDetailsTableRow
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is used to notify the NMS of content
|
|
inspection events. The included objects provide more
|
|
detailed information about the event."
|
|
::= { ciscoFirewallMIBNotifications 3 }
|
|
|
|
cfwConnNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
cfwBasicEventTime,
|
|
cfwBasicConnectionEventType,
|
|
cfwBasicEventDescription,
|
|
cfwBasicEventDetailsTableRow
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is used to notify the NMS of
|
|
connection-oriented events. The included objects provide
|
|
more detailed information about the event."
|
|
::= { ciscoFirewallMIBNotifications 4 }
|
|
|
|
cfwAccessNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
cfwBasicEventTime,
|
|
cfwBasicAccessEventType,
|
|
cfwBasicEventDescription,
|
|
cfwBasicEventDetailsTableRow
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is used to notify the NMS of access
|
|
events. The included objects provide more detailed
|
|
information about the event."
|
|
::= { ciscoFirewallMIBNotifications 5 }
|
|
|
|
cfwAuthNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
cfwBasicEventTime,
|
|
cfwBasicAuthenticationEventType,
|
|
cfwBasicEventDescription,
|
|
cfwBasicEventDetailsTableRow
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is used to notify the NMS of
|
|
authentication events. The included objects provide
|
|
more detailed information about the event."
|
|
::= { ciscoFirewallMIBNotifications 6 }
|
|
|
|
cfwGenericNotification NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
cfwBasicEventTime,
|
|
cfwBasicGenericEventType,
|
|
cfwBasicEventDescription,
|
|
cfwBasicEventDetailsTableRow
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is used to notify the NMS of events
|
|
that do not fall into the other categories. The included
|
|
objects provide more detailed information about the event."
|
|
::= { ciscoFirewallMIBNotifications 7 }
|
|
-- Conformance
|
|
|
|
ciscoFirewallMIBConformance OBJECT IDENTIFIER
|
|
::= { ciscoFirewallMIB 3 }
|
|
|
|
ciscoFirewallMIBCompliances OBJECT IDENTIFIER
|
|
::= { ciscoFirewallMIBConformance 1 }
|
|
|
|
ciscoFirewallMIBGroups OBJECT IDENTIFIER
|
|
::= { ciscoFirewallMIBConformance 2 }
|
|
|
|
|
|
-- Conformance
|
|
|
|
ciscoFirewallMIBCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement
|
|
the Cisco FirewallMIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { ciscoFirewallMIBStatisticsGroup }
|
|
::= { ciscoFirewallMIBCompliances 1 }
|
|
|
|
ciscoFirewallMIBComplianceRev1 MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement
|
|
the Cisco FirewallMIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { ciscoFirewallMIBStatisticsGroup }
|
|
|
|
GROUP ciscoFirewallMIBEventsGroup
|
|
DESCRIPTION
|
|
"Implementation of these objects is not required."
|
|
|
|
GROUP ciscoFirewallMIBNotificationGroupRev1
|
|
DESCRIPTION
|
|
"Implementation of these notifications is not required."
|
|
::= { ciscoFirewallMIBCompliances 2 }
|
|
|
|
-- Units of Conformance
|
|
|
|
ciscoFirewallMIBEventsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cfwBasicEventsTableLastRow,
|
|
cfwBasicEventTime,
|
|
cfwBasicSecurityEventType,
|
|
cfwBasicContentInspEventType,
|
|
cfwBasicConnectionEventType,
|
|
cfwBasicAccessEventType,
|
|
cfwBasicAuthenticationEventType,
|
|
cfwBasicGenericEventType,
|
|
cfwBasicEventDescription,
|
|
cfwBasicEventDetailsTableRow,
|
|
cfwNetEventsTableLastRow,
|
|
cfwNetEventInterface,
|
|
cfwNetEventSrcIpAddress,
|
|
cfwNetEventInsideSrcIpAddress,
|
|
cfwNetEventDstIpAddress,
|
|
cfwNetEventInsideDstIpAddress,
|
|
cfwNetEventSrcIpPort,
|
|
cfwNetEventInsideSrcIpPort,
|
|
cfwNetEventDstIpPort,
|
|
cfwNetEventInsideDstIpPort,
|
|
cfwNetEventService,
|
|
cfwNetEventServiceInformation,
|
|
cfwNetEventIdentity,
|
|
cfwNetEventDescription
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Firewall events"
|
|
::= { ciscoFirewallMIBGroups 1 }
|
|
|
|
ciscoFirewallMIBStatisticsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cfwHardwareInformation,
|
|
cfwHardwareStatusValue,
|
|
cfwHardwareStatusDetail,
|
|
cfwBufferStatInformation,
|
|
cfwBufferStatValue,
|
|
cfwConnectionStatDescription,
|
|
cfwConnectionStatCount,
|
|
cfwConnectionStatValue
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Firewall statistics"
|
|
::= { ciscoFirewallMIBGroups 2 }
|
|
|
|
ciscoFirewallMIBNotificationGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cfwBasicEventTime,
|
|
cfwBasicSecurityEventType,
|
|
cfwBasicContentInspEventType,
|
|
cfwBasicConnectionEventType,
|
|
cfwBasicAccessEventType,
|
|
cfwBasicAuthenticationEventType,
|
|
cfwBasicGenericEventType,
|
|
cfwBasicEventDescription,
|
|
cfwBasicEventDetailsTableRow
|
|
}
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"Firewall Notifications"
|
|
::= { ciscoFirewallMIBGroups 3 }
|
|
|
|
ciscoFirewallMIBNotificationGroupRev1 NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
cfwSecurityNotification,
|
|
cfwContentInspectNotification,
|
|
cfwConnNotification,
|
|
cfwAccessNotification,
|
|
cfwAuthNotification,
|
|
cfwGenericNotification
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Firewall Notifications"
|
|
::= { ciscoFirewallMIBGroups 4 }
|
|
|
|
END
|
|
|
|
|