| messageType |
.1.3.6.1.4.1.2252.1.1.1.0.1 |
|
Identifies the type of message (trap) being sent.
Type types are:
1) command
2) error
3) command log
4) alarm
5) IP log
6) redirect
This object cannot be retrieved from the SNMP agent.
|
| recordId |
.1.3.6.1.4.1.2252.1.1.1.0.2 |
|
An ID that is used along with a timestamp, org, host,
and application ID to uniquiely identify a message
(trap).
This object cannot be retrieved from the SNMP agent.
|
| globalTime |
.1.3.6.1.4.1.2252.1.1.1.0.3 |
|
The time at which the message was generated, expressed
in number of seconds since the epoch (Jan 1, 1970),
with respect to GMT.
This object cannot be retrieved from the SNMP agent.
|
| localTime |
.1.3.6.1.4.1.2252.1.1.1.0.4 |
|
The time at which the message was generated, expressed
in number of seconds since the epoch (Jan 1, 1970),
with respect to the timezone local to the machine
that generated the message. The combination of the
globalTime and the localTime can be used to calculate
the timezone of the source machine.
This object cannot be retrieved from the SNMP agent.
|
| dateString |
.1.3.6.1.4.1.2252.1.1.1.0.5 |
|
The date at which the message was generated, with respect
to the timezone of the source machine, expressed as an
ASCII string in the format yyyy/mm/dd.
This object cannot be retrieved from the SNMP agent.
|
| timeString |
.1.3.6.1.4.1.2252.1.1.1.0.6 |
|
The time at which the message was generated, with respect
to the timezone of the source machine, expressed as an
ASCII string in the format hh:mm:ss.
This object cannot be retrieved from the SNMP agent.
|
| appId |
.1.3.6.1.4.1.2252.1.1.1.0.7 |
|
The application ID of the NetRanger application that
generated the message.
This object cannot be retrieved from the SNMP agent.
|
| hostId |
.1.3.6.1.4.1.2252.1.1.1.0.8 |
|
The host ID of the machine running the NetRanger
application that generated the message.
This object cannot be retrieved from the SNMP agent.
|
| orgId |
.1.3.6.1.4.1.2252.1.1.1.0.9 |
|
An ID that uniquely identifies the organization responsible
for the machine running the NetRanger application that
generated the message.
This object cannot be retrieved from the SNMP agent.
|
| errorMessage |
.1.3.6.1.4.1.2252.1.1.1.2.1 |
|
Describes the error that occurred.
This object cannot be retrieved from the SNMP agent.
|
| sourceAppId |
.1.3.6.1.4.1.2252.1.1.1.3.1 |
|
The application ID of the NetRanger application that
executed the command.
This object cannot be retrieved from the SNMP agent.
|
| sourceHostId |
.1.3.6.1.4.1.2252.1.1.1.3.2 |
|
The host ID of the machine running the NetRanger
application that executed the command.
This object cannot be retrieved from the SNMP agent.
|
| sourceOrgId |
.1.3.6.1.4.1.2252.1.1.1.3.3 |
|
An ID that uniquely identifies the organization responsible
for the machine running the NetRanger application that
generated the command.
This object cannot be retrieved from the SNMP agent.
|
| commandMessage |
.1.3.6.1.4.1.2252.1.1.1.3.4 |
|
Describes the command that was executed.
This object cannot be retrieved from the SNMP agent.
|
| srcDirection |
.1.3.6.1.4.1.2252.1.1.1.4.3 |
|
Describes whether the source of the alarm is inside or
outside the protected network. IN means inside, and OUT
means outside.
This object cannot be retrieved from the SNMP agent.
|
| dstDirection |
.1.3.6.1.4.1.2252.1.1.1.4.5 |
|
Describes whether the destination of the alarm (the
machine being attacked) is inside or outside the
protected network. IN means inside, and OUT means
outside.
This object cannot be retrieved from the SNMP agent.
|
| eventLevel |
.1.3.6.1.4.1.2252.1.1.1.4.7 |
|
An integer that reflects the severity level of the alarm.
The number can range from 1 to 255, but the current
NetRanger system only uses 1 (least severe) to 5
(most severe).
This object cannot be retrieved from the SNMP agent.
|
| sigId |
.1.3.6.1.4.1.2252.1.1.1.4.9 |
|
Describes which signature was detected. The full list
of signatures can be found on a NetRanger system at
/usr/nr/etc/signatures.
This object cannot be retrieved from the SNMP agent.
|
| subSigId |
.1.3.6.1.4.1.2252.1.1.1.4.11 |
|
Provides additional information about an alarm signature.
This object cannot be retrieved from the SNMP agent.
|
| protocol |
.1.3.6.1.4.1.2252.1.1.1.4.13 |
|
Describes the protocol of the attack that was detected.
Usually, this will be TCP/IP.
This object cannot be retrieved from the SNMP agent.
|
| srcIpAddr |
.1.3.6.1.4.1.2252.1.1.1.4.1.1.1 |
|
The IP address of the machine from which the attack
originated.
This object cannot be retrieved from the SNMP agent.
|
| dstIpAddr |
.1.3.6.1.4.1.2252.1.1.1.4.1.1.3 |
|
The IP address of the machine being attacked.
This object cannot be retrieved from the SNMP agent.
|
| srcIpPort |
.1.3.6.1.4.1.2252.1.1.1.4.1.1.5 |
|
The port from which the attack originated.
This object cannot be retrieved from the SNMP agent.
|
| dstIpPort |
.1.3.6.1.4.1.2252.1.1.1.4.1.1.7 |
|
The port that received the attack on the destination
machine. This value may not have significance for
signatures that involve multiple ports (for example,
a port sweep).
This object cannot be retrieved from the SNMP agent.
|
| rtrIpAddr |
.1.3.6.1.4.1.2252.1.1.1.4.1.1.9 |
|
The IP address of the router through which the attack
traveled.
This object cannot be retrieved from the SNMP agent.
|
| alarmMessage |
.1.3.6.1.4.1.2252.1.1.1.4.15 |
|
ASCII string that provides additional information about
an alarm. For instance, this field gives the exact string
that was matched during a string match alarm.
This object cannot be retrieved from the SNMP agent.
|
