549 lines
18 KiB
Plaintext
549 lines
18 KiB
Plaintext
-- Copyright (c) 1999-2004, Juniper Networks, Inc.
|
|
-- All rights reserved.
|
|
|
|
NETSCREEN-TRAP-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
netscreenTrap, netscreenTrapInfo
|
|
FROM NETSCREEN-SMI
|
|
MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE
|
|
FROM SNMPv2-SMI
|
|
DisplayString
|
|
FROM SNMPv2-TC
|
|
;
|
|
|
|
netscreenTrapMibModule MODULE-IDENTITY
|
|
LAST-UPDATED "200503032022Z" -- March 03, 2005
|
|
ORGANIZATION
|
|
"Juniper Networks, Inc."
|
|
CONTACT-INFO
|
|
"Customer Support
|
|
|
|
1194 North Mathilda Avenue
|
|
Sunnyvale, California 94089-1206
|
|
USA
|
|
|
|
Tel: 1-800-638-8296
|
|
E-mail: customerservice@juniper.net
|
|
HTTP://www.juniper.net"
|
|
DESCRIPTION
|
|
"Added trap types 15, it is still in use"
|
|
REVISION "200803170000Z" -- Mar 17, 2008
|
|
DESCRIPTION
|
|
"Added 5 new trap types - 800-804. Removed 1000."
|
|
REVISION "200510170000Z" -- Oct 17, 2005
|
|
DESCRIPTION
|
|
"Added 4 new trap types - ipv6 ip conflicts(101), dip util raise(102) and clear(103),
|
|
ids-icmp-ping-id-zero(441)."
|
|
REVISION "200503030000Z" -- March 03, 2005
|
|
DESCRIPTION
|
|
"Trap MIB"
|
|
REVISION "200409100000Z" -- Sep 10, 2004
|
|
DESCRIPTION
|
|
"Removed nsTrapType 3, 15,18,19 and 1000"
|
|
REVISION "200405030000Z" -- May 03, 2004
|
|
DESCRIPTION
|
|
"Modified copyright and contact information"
|
|
REVISION "200403030000Z" -- March 03, 2004
|
|
DESCRIPTION
|
|
"Converted to SMIv2 by Longview Software"
|
|
REVISION "200401230000Z" -- January 23, 2004
|
|
DESCRIPTION
|
|
"Add new traps (430~434)"
|
|
REVISION "200109280000Z" -- September 28, 2001
|
|
DESCRIPTION
|
|
"Add global-report manager specific trap"
|
|
REVISION "200008020000Z" -- August 02, 2000
|
|
DESCRIPTION
|
|
"Creation Date"
|
|
::= { netscreenTrapInfo 0 }
|
|
|
|
netscreenTrapHw NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{ netscreenTrapType, netscreenTrapDesc }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap indicates that some kind of hardware problem has
|
|
occured."
|
|
::= { netscreenTrap 100 }
|
|
|
|
netscreenTrapFw NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{ netscreenTrapType, netscreenTrapDesc }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap indicates that some kind of firewall functions has
|
|
been triggered."
|
|
::= { netscreenTrap 200 }
|
|
|
|
netscreenTrapSw NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{ netscreenTrapType, netscreenTrapDesc }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap indicates that some kind of software problem has
|
|
occured."
|
|
::= { netscreenTrap 300 }
|
|
|
|
netscreenTrapTrf NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{ netscreenTrapType, netscreenTrapDesc }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap indicates that some kind of traffic conditions has
|
|
been triggered."
|
|
::= { netscreenTrap 400 }
|
|
|
|
netscreenTrapVpn NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{ netscreenTrapType, netscreenTrapDesc }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap indicates that VPN tunnel status has occured."
|
|
::= { netscreenTrap 500 }
|
|
|
|
netscreenTrapNsrp NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{ netscreenTrapType, netscreenTrapDesc }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap indicates that NSRP status has occured."
|
|
::= { netscreenTrap 600 }
|
|
|
|
netscreenTrapGPRO NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{ netscreenTrapType, netscreenTrapDesc }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap indicates that some kind of Global PRO problems has
|
|
occurred."
|
|
::= { netscreenTrap 700 }
|
|
|
|
netscreenTrapDrp NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{ netscreenTrapType, netscreenTrapDesc }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap indicates that Drp status has occured."
|
|
::= { netscreenTrap 800 }
|
|
|
|
netscreenTrapIFFailover NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{ netscreenTrapType, netscreenTrapDesc }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap indicates that interface fail over status has
|
|
occured."
|
|
::= { netscreenTrap 900 }
|
|
|
|
netscreenTrapIDPAttack NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{ netscreenTrapType, netscreenTrapDesc }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap indicates that IDP attack status has occured."
|
|
::= { netscreenTrap 1000 }
|
|
|
|
netscreenTrapType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
|
|
-- Traffic per-second threshold
|
|
traffic-sec(1),
|
|
-- Traffic per-minute threshold
|
|
traffic-min(2),
|
|
-- Multiple user auth fail alarm type
|
|
multi-auth-fail(3),
|
|
-- Winnuke pak
|
|
winnuke(4),
|
|
-- Syn attack
|
|
syn-attack(5),
|
|
-- tear-drop attack
|
|
tear-drop(6),
|
|
-- Ping of Death attack
|
|
ping-death(7),
|
|
-- IP spoofing attack
|
|
ip-spoofing(8),
|
|
-- IP source routing attack
|
|
ip-src-route(9),
|
|
-- land attack
|
|
land(10),
|
|
-- ICMP flooding attack
|
|
icmp-flood(11),
|
|
-- UDP flooding attack
|
|
udp-flood(12),
|
|
-- Illegal server IP to connect to CMS port
|
|
illegal-cms-svr(13),
|
|
-- URL blocking server connection alarm
|
|
url-block-srv(14),
|
|
-- high availability
|
|
high-availability(15),
|
|
-- Port Scan attack
|
|
port-scan(16),
|
|
-- address sweep attack
|
|
addr-sweep(17),
|
|
-- deny by policy attack
|
|
deny-policy(18),
|
|
-- device is dead
|
|
device-dead(19)
|
|
-- memory low
|
|
low-memory(20),
|
|
-- DNS server unreachable
|
|
dns-srv-down(21),
|
|
-- Fan, Power Supply failure
|
|
generic-HW-fail(22),
|
|
-- Load balance server unreachable
|
|
lb-srv-down(23),
|
|
-- log buffer overflow
|
|
log-full(24),
|
|
-- X509 related
|
|
x509(25),
|
|
-- VPN and IKE related
|
|
vpn-ike(26),
|
|
-- admin realted
|
|
admin(27),
|
|
-- Illegal src ip to connect to sme port
|
|
sme(28),
|
|
-- DHCP related
|
|
dhcp(29),
|
|
-- CPU usage is high
|
|
cpu-usage-high(30),
|
|
-- Interface IP conflict
|
|
ip-conflict(31),
|
|
-- Microsoft IIS server vulnerability
|
|
attact-malicious-url(32),
|
|
-- session threshold is exceeded
|
|
session-threshold(33),
|
|
-- SSH related alarms
|
|
ssh-alarm(34),
|
|
-- Audit storage related alarms
|
|
audit-storage(35),
|
|
-- memory normal
|
|
memory-normal(36),
|
|
-- cpu usage normal
|
|
cpu-usage-normal(37)
|
|
-- driver's rx bd shortage
|
|
rxbd-low-alarm(39),
|
|
-- VPN tunnel from down to up
|
|
vpn-tunnel-up(40),
|
|
-- VPN tunnel from up to down
|
|
vpn-tunnel-down(41),
|
|
-- VPN replay detected
|
|
vpn-replay-attack(42),
|
|
-- VPN tunnel removed
|
|
vpn-l2tp-tunnel-remove(43),
|
|
-- VPN tunnel removed and error detected
|
|
vpn-l2tp-tunnel-remove-err(44),
|
|
-- VPN call removed
|
|
vpn-l2tp-call-remove(45),
|
|
-- VPN call removed and error detected
|
|
vpn-l2tp-call-remove-err(46),
|
|
-- Number of IAS exceeds configured maximum
|
|
vpn-ias-too-many(47),
|
|
-- Number of IAS crossed configured upper threshold
|
|
vpn-ias-over-threshold(48),
|
|
-- Number of IAS crossed configured lower threshold
|
|
vpn-ias-under-threshold(49),
|
|
-- IKE error occured for the IAS session
|
|
vpn-ias-ike-error(50),
|
|
-- allocated session exceed threshold
|
|
allocated-session-threshold(51),
|
|
-- av-csp related alarm
|
|
av-csp-alarm(52),
|
|
-- av related alarm
|
|
av-alarm(53),
|
|
-- apppry related alarm
|
|
apppry-alarm(54),
|
|
-- NSRP rto self unit status change from up to down
|
|
nsrp-rto-up(60),
|
|
-- NSRP rto self unit status change from down to up
|
|
nsrp-rto-down(61),
|
|
-- NSRP track ip successed
|
|
nsrp-trackip-success(62),
|
|
-- NSRP track ip failed
|
|
nsrp-trackip-failed(63),
|
|
-- NSRP track ip fail over
|
|
nsrp-trackip-failover(64),
|
|
-- NSRP inconsistent configuration between master and backup
|
|
nsrp-inconsistent-configuration(65),
|
|
-- track ip status related alarm
|
|
trackip-status(66),
|
|
-- NSRP vsd group status change to elect
|
|
nsrp-vsd-init(70),
|
|
-- NSRP vsd group status change to master
|
|
nsrp-vsd-master(71),
|
|
-- NSRP vsd group status change to primary backup
|
|
nsrp-vsd-pbackup(72),
|
|
-- NSRP vsd group status change to backup
|
|
nsrp-vsd-backup(73),
|
|
-- NSRP vsd group status change to ineligible
|
|
nsrp-vsd-ineligible(74),
|
|
-- NSRP VSD group status change to inoperable
|
|
nsrp-vsd-inoperable(75),
|
|
-- NSRP VSD request heartbeat from 2nd HA path
|
|
nsrp-vsd-req-hearbeat-2nd(76),
|
|
-- NSRP VSD reply to 2nd path request
|
|
nsrp-vsd-reply-2nd(77),
|
|
-- NSRP duplicated RTO group found
|
|
nsrp-rto-duplicated(78),
|
|
-- NSRP duplicated VSD group master
|
|
ip-dup-master(79),
|
|
-- MEM cannot find usable memory for current pool
|
|
di-heap-create-fail(80),
|
|
-- MEM cannot find usable in any pool
|
|
mem-alloc-fail(81),
|
|
-- VRRP status related alarm
|
|
vrrp-status-alarm(82),
|
|
-- SCCP related alarm
|
|
sccp-alarm(83),
|
|
-- MGCP related alarm
|
|
mgcp-reinit(84),
|
|
-- MLFR related alarm
|
|
mlfr-alarm(85),
|
|
-- FR related alarm
|
|
fr-alarm(86),
|
|
-- CISCO HDLC related alarm
|
|
cisco-hdlc-alarm(87),
|
|
-- PPPOW related alarm
|
|
pppow-alarm(88),
|
|
-- H323 related alarm
|
|
h323-alarm(89),
|
|
-- ISDN related alarm
|
|
isdn-alarm(90),
|
|
-- interface backup
|
|
interface-backup(91),
|
|
-- Card function is abnormal
|
|
wan-card-function(92),
|
|
-- A USB key is plug/unplug from USB port
|
|
usb-device-operation(93),
|
|
-- interface failure
|
|
interface-failure(94),
|
|
-- No ppp IP pool configured
|
|
ppp-no-ip-cfg(95),
|
|
-- IP pool exhausted. No ip to assign
|
|
ppp-no-ip-in-pool(96),
|
|
-- Any change to interface IP address can use the type
|
|
ip-addr-event(101),
|
|
-- DIP utilization reaches raised threshold limit
|
|
dip-util-raise(102),
|
|
-- DIP utilization reaches clear threshold limit
|
|
dip-util-clear(103),
|
|
-- DOT1X related alarm
|
|
dot1x-alarm(105),
|
|
-- VPN IAS radius error
|
|
vpn-ias-radius-error(110),
|
|
-- VPN IKEID enum attack
|
|
vpn-ikeid-enum-attack(111),
|
|
-- VPN soft limit reached
|
|
vpn-softlimit-reached(112),
|
|
-- VPN IKE dos attack
|
|
vpn-ikedos-attack(113),
|
|
-- VPN acvpn profile error
|
|
vpn-acvpn-profile-error(114),
|
|
-- exceed maximum routing entry allowed for the system
|
|
route-sys-entry-ex(200),
|
|
-- exceed maximum routing entry allowed for a vr
|
|
route-vr-entry-ex(201),
|
|
-- exceed the hello packet threshold per hello interval
|
|
route-ospf-hello-flood(202),
|
|
-- exceed the lsa packet threshold per lsa threshold
|
|
route-ospf-lsa-flood(203),
|
|
-- exceed the update4 packet threshold per update time in rip
|
|
route-rip-update-flood(204),
|
|
-- Errors in route module (exceed limit, malloc failure, add-perfix failure etc)
|
|
route-alarm(205),
|
|
-- LSA/Hello packets flood in OSPF, route redistribution exceed limit,
|
|
ospf-flood(206),
|
|
-- Update packet floods in RIP
|
|
rip-flood(207),
|
|
-- Peer forms adjacency completely
|
|
bgp-established(208),
|
|
-- Peer's adjacency is torn down, goes to Idle state
|
|
bgp-backwardtransition(209),
|
|
-- change in virtual link's state (down, point-to-point etc)
|
|
ospf-virtifstatechange(210),
|
|
-- change in neighbor's state on regular interface (down, 2way, full etc)
|
|
ospf-nbrstatechange(211),
|
|
-- change in neighbor's state on virtual link (down, full etc)
|
|
ospf-virtnbrstatechange(212),
|
|
-- authentication mismatch/area mismatch etc on regular interface
|
|
ospf-ifconfigerror(213),
|
|
-- authentication mismatch/area mismatch etc on virtual link
|
|
ospf-virtifconfigerror(214),
|
|
-- Authentication eror on regular interface
|
|
ospf-ifauthfailure(215),
|
|
-- Authentication eror on virtual link
|
|
ospf-virtifauthfailure(216),
|
|
-- lsa received with invalid lsa-type on regular interface
|
|
ospf-ifrxbadpacket(217),
|
|
-- lsa received with invalid lsa-type on virtual link
|
|
ospf-virtifrxbadpacket(218),
|
|
-- retransmission to neighbor on regular interface
|
|
ospf-txretransmit(219),
|
|
-- retransmission to neighbor on virtual link
|
|
ospf-virtiftxretransmit(220),
|
|
-- new LSA generated by local router
|
|
ospf-originatelsa(221),
|
|
-- LSA aged out
|
|
ospf-maxagelsa(222),
|
|
-- when total LSAs in database exceed predefined limit
|
|
ospf-lsdboverflow(223),
|
|
-- when total LSAs in database approach predefined limit
|
|
ospf-lsdbapproachingoverflow(224),
|
|
-- change in regular interface state (up/down, dr/bdr etc)
|
|
ospf-ifstatechange(225),
|
|
-- BGP related alarm
|
|
bgp-alarm(226),
|
|
-- packet floods in RIPng
|
|
ripng-flood(227),
|
|
-- exceed the update4 packet threshold per update time in ripng
|
|
route-ripng-update-flood(228),
|
|
-- PBR related alarm
|
|
pbr-alarm(229),
|
|
-- NHRP related alarm
|
|
nhrp-alarm(230),
|
|
-- OSPFV3 related alarm
|
|
ospfv3-alarm(231),
|
|
-- block java/active-x component
|
|
ids-component(400),
|
|
-- icmp flood attack
|
|
ids-icmp-flood(401),
|
|
-- udp flood attack
|
|
ids-udp-flood(402),
|
|
-- winnuke attack
|
|
ids-winnuke(403),
|
|
-- port scan attack
|
|
ids-port-scan(404),
|
|
-- address sweep attack
|
|
ids-addr-sweep(405),
|
|
-- tear drop attack
|
|
ids-tear-drop(406),
|
|
-- syn flood attack
|
|
ids-syn(407),
|
|
-- ip spoofing attack
|
|
ids-ip-spoofing(408),
|
|
-- ping of death attack
|
|
ids-ping-death(409),
|
|
-- filter ip packet with source route option
|
|
ids-ip-source-route(410),
|
|
-- land attack
|
|
ids-land(411),
|
|
-- screen syn fragment attack
|
|
syn-frag-attack(412),
|
|
-- screen tcp packet without flag attack
|
|
tcp-without-flag(413),
|
|
-- screen unknown ip packet
|
|
unknow-ip-packet(414),
|
|
-- screen bad ip option
|
|
bad-ip-option(415),
|
|
-- screen ip option record
|
|
ip-option-record(416),
|
|
-- screen ip option timestamp
|
|
ip-option-timestamp(417),
|
|
-- screen ip option scht
|
|
ip-option-scht(418),
|
|
-- screen ip option lsr
|
|
ip-option-lsr(419),
|
|
-- screen ip option ssr
|
|
ip-option-ssr(420),
|
|
-- screen ip option stream
|
|
ip-option-stream(421),
|
|
-- screen icmp fragment packet
|
|
icmp-fragment(422),
|
|
-- screen too large icmp packet
|
|
too-large-icmp(423),
|
|
-- screen tcp flag syn-fin set
|
|
tcp-syn-fin(424),
|
|
-- screen tcp fin without ack
|
|
tcp-fin-no-ack(425),
|
|
-- screen mal url
|
|
tcp-mal-url(426),
|
|
-- screen sess mal num
|
|
tcp-sess-mal-num(427),
|
|
-- avoid replying to syns after excessive 3 way TCP handshakes from
|
|
-- same src ip but not proceeding with user auth. (not replying to
|
|
-- username/password)..
|
|
ids-tcp-syn-ack-ack(428),
|
|
-- ip fragment
|
|
ids-ip-block-frag(429),
|
|
-- Dst IP-based session limiting
|
|
dst-ip-session-limit(430),
|
|
-- HTTP component blocking for .zip files
|
|
ids-block-zip(431),
|
|
-- HTTP component blocking for Java applets
|
|
ids-block-jar(432),
|
|
-- HTTP component blocking for .exe files
|
|
ids-block-exe(433),
|
|
-- HTTP component blocking for ActiveX controls
|
|
ids-block-activex(434),
|
|
-- screenos tcp syn mac
|
|
tcp-syn-mac(435),
|
|
-- screenos nac attack
|
|
ids-nac-attack(436),
|
|
-- icmp ping id 0
|
|
ids-icmp-ping-id-zero(441),
|
|
-- tcp sweep
|
|
tcp-sweep(442),
|
|
-- udp sweep
|
|
udp-sweep(443),
|
|
-- AV Scan Manager Alarm, sofeware trap
|
|
av-scan-mgr(554),
|
|
-- starting value for multicast alarm
|
|
mcast-base(600),
|
|
-- mcore related alarm
|
|
mcore-alarm(601),
|
|
-- spim related alarm
|
|
spim-alarm(602),
|
|
-- starting value for Security Module alarm
|
|
sm-base(700),
|
|
-- Security Module down detected
|
|
sm-down(701),
|
|
-- Security Module packet droped detected
|
|
sm-packet-drop(702),
|
|
-- Security Module memory, CPU and session detected
|
|
sm-overload(703),
|
|
-- Security Module CPU unresponsive detected
|
|
sm-cpu-unresponsive(704),
|
|
-- Security Module Engine unresponisve
|
|
sm-cpu-unresponsive(705),
|
|
-- Secruity Module Policy Abnormal
|
|
sm-policy-abnormal(706),
|
|
-- switch alarm
|
|
switch(751),
|
|
-- sfp alarm
|
|
sfp(752),
|
|
--Shared to fair transition forced
|
|
cpu-limit-s2f-forced(800),
|
|
--Shared to fair transition auto
|
|
cpu-limit-s2f-auto(801),
|
|
--Fair to shared transition forced
|
|
cpu-limit-f2s-forced(802),
|
|
--Fair to shared transition because of timeout
|
|
cpu-limit-f2s-timeout(803),
|
|
--Fair to shared transition auto
|
|
cpu-limit-f2s-auto(804),
|
|
--Flow potential violation
|
|
sec-potential-voilation(805),
|
|
--Flow session cache alarm
|
|
flow-sess-cache(806),
|
|
--vsys session limit alarm
|
|
vsys-session-limit(850)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The integer value of the raised alarm type. Note that the type
|
|
should be interpreted within a specific trap"
|
|
::= { netscreenTrapInfo 1 }
|
|
|
|
netscreenTrapDesc OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The textual description of the alarm"
|
|
::= { netscreenTrapInfo 3 }
|
|
|
|
END
|
|
|
|
|