NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > ISS> 2005-q2

RE: [ISSForum] SNMP Trap breakdown

From: Duncanson, Robert (robert.duncansongb.unisys.com)
Date: Fri Jun 10 2005 - 07:23:00 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tim,

Can't remember where I originally found this, but:

"This trap is sent from a RealSecure engine whenever a medium priority
event is encountered that the RealSecure engine is configured to send
traps for. The details of the event are contained in the trap."

Variables:
  1: eventEntryName25
     Syntax="Display String"
     Descr="The name of the decode/event for this trap."
  2: eventEntryTime25
     Syntax="Display String"
     Descr="The time the event was discovered relative to the RealSecure
engine."
  3: eventEntryProtocol25
     Syntax="Display String"
     Descr="Protocol type for this event."
  4: eventEntrySourceIpAddress25
     Syntax="Display String"
     Descr="Source Ip Address"
  5: eventEntryDestinationIpAddress25
     Syntax="Display String"
     Descr="Destination Ip Address"
  6: eventEntryIcmpType25
     Syntax="Display String"
     Descr="ICMP Type"
  7: eventEntryIcmpCode25
     Syntax="Display String"
     Descr="ICMP Code"
  8: eventEntrySourcePort25
     Syntax="Display String"
     Descr="Source Port"
  9: eventEntryDestinationPort25
     Syntax="Display String"
     Descr="Destination Port"
10: eventEntryUserActionList25
     Syntax="Display String"
     Descr="A string which indicates what actions are configured for
this event.
Currently available actions:
KILL (Kill Session - ends a tcp-based session)
VIEW_SESS (Send Stream to Console for View Session)
EMAIL (Send an e-mail message to a configured email account)
LOG_RAW (Record stream data for later analysis or viewing)
DISPLAY (Send event to console)
LOG_DB (Record the event to database)
FIREWALL (Send message to lock firewall)
SNMP_TRAP (Send SNMP Trap to configured SNMP manager)
USER_SPECIFIED1 (User Specified 1 - launch a program as configured per
engine setup)
USER_SPECIFIED2 (User Specified 2)
USER_SPECIFIED3 (User Specified 3)
USER_SPECIFIED4 (User Specified 4)"
11: eventEntryEventSpecificInfo25
     Syntax="Display String"
     Descr="This variable contains a listing of other variables:values
which are specific to the given event."

Chers,
Robert
-----Original Message-----
From: issforum-bouncesiss.net [mailto:issforum-bouncesiss.net] On
Behalf Of Tim Beatty
Sent: 09 June 2005 14:11
To: issforumiss.net
Subject: [ISSForum] SNMP Trap breakdown

Could someone please provide a breakdown of the fields contained in
Proventia's SNMP traps?

Thank you!

Tim Beatty

_______________________________________________
ISSForum mailing list
ISSForumiss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforumiss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForumiss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforumiss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]