-- ============================================================================ -- Copyright (c) 2004-2022 New H3C Tech. Co., Ltd. All rights reserved. -- Description: The purpose of this MIB file is to provide the definition of -- the SECDIAG(Security Diagnostic) trap. -- Reference: -- Version: V1.0 -- History: -- V1.0 2022/07/15 created by suncao -- The initial revision of this MIB module. -- Add the hh3cSecDiagTrapConcurrencyExceed, -- hh3cSecDiagTrapConcurrencyBelow, -- hh3cSecDiagTrapConnectionExceed, -- hh3cSecDiagTrapConnectionBelow, -- hh3cSecDiagTrapSecpIpv4Exceed, -- hh3cSecDiagTrapSecpIpv4Below, -- hh3cSecDiagTrapSecpIpv6Exceed, -- hh3cSecDiagTrapSecpIpv6Below, -- hh3cSecDiagTrapContextExceed, -- hh3cSecDiagTrapContextBelow, -- hh3cSecDiagTrapNatExceed, -- hh3cSecDiagTrapNatBelow, -- hh3cSecDiagTrapBaggExceed, -- hh3cSecDiagTrapBaggBelow, -- hh3cSecDiagTrapRaggExceed, -- hh3cSecDiagTrapRaggBelow, -- hh3cSecDiagTrapThroughputExceed, -- hh3cSecDiagTrapThroughputBelow, -- hh3cSecDiagTrapQaclExceed, -- hh3cSecDiagTrapQaclBelow, -- hh3cSecDiagTrapBandwidthExceed, -- hh3cSecDiagTrapBandwidthBelow, -- hh3cSecDiagTrapBldContextExceed, -- hh3cSecDiagTrapBldContextBelow, -- hh3cSecDiagTrapBldContextClose, -- hh3cSecDiagTrapContextClose. -- ============================================================================ HH3C-SECDIAG-MIB DEFINITIONS ::= BEGIN IMPORTS hh3cCommon FROM HH3C-OID-MIB OBJECT-TYPE, Unsigned32, MODULE-IDENTITY, NOTIFICATION-TYPE FROM SNMPv2-SMI; hh3cSecDiag MODULE-IDENTITY LAST-UPDATED "202207151011Z" -- July 15, 2022 at 10:11 GMT ORGANIZATION "New H3C Tech. Co., Ltd." CONTACT-INFO "Platform Team New H3C Tech. Co., Ltd. Hai-Dian District Beijing P.R. China http://www.h3c.com Zip:100085" DESCRIPTION "The initial revision of this MIB module. Add the hh3cSecDiagTrapConcurrencyExceed, hh3cSecDiagTrapConcurrencyBelow, hh3cSecDiagTrapConnectionExceed, hh3cSecDiagTrapConnectionBelow, hh3cSecDiagTrapSecpIpv4Exceed, hh3cSecDiagTrapSecpIpv4Below, hh3cSecDiagTrapSecpIpv6Exceed, hh3cSecDiagTrapSecpIpv6Below, hh3cSecDiagTrapContextExceed, hh3cSecDiagTrapContextBelow, hh3cSecDiagTrapNatExceed, hh3cSecDiagTrapNatBelow, hh3cSecDiagTrapBaggExceed, hh3cSecDiagTrapBaggBelow, hh3cSecDiagTrapRaggExceed, hh3cSecDiagTrapRaggBelow, hh3cSecDiagTrapThroughputExceed, hh3cSecDiagTrapThroughputBelow, hh3cSecDiagTrapQaclExceed, hh3cSecDiagTrapQaclBelow, hh3cSecDiagTrapBandwidthExceed, hh3cSecDiagTrapBandwidthBelow, hh3cSecDiagTrapBldContextExceed, hh3cSecDiagTrapBldContextBelow, hh3cSecDiagTrapBldContextClose, hh3cSecDiagTrapContextClose." REVISION "202207151011Z" -- July 15, 2022 at 10:11 GMT DESCRIPTION "The initial revision of this MIB module." ::= { hh3cCommon 238 } -- -- Node definitions -- -- Global Variants hh3cSecDiagTraps OBJECT IDENTIFIER ::= { hh3cSecDiag 1 } -- **************Global Variants*************** -- Describe objects for secdiag trap hh3cSecDiagTrapsMonitorPrefix OBJECT IDENTIFIER ::= { hh3cSecDiagTraps 0 } hh3cSecDiagTrapConcurrencyExceed NOTIFICATION-TYPE OBJECTS { hh3cSecDiagConcurrencyThreshold, hh3cSecDiagConcurrencyDeviceId } STATUS current DESCRIPTION "Send trap when the number of session connections reached the alarm threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 1 } hh3cSecDiagTrapConcurrencyBelow NOTIFICATION-TYPE OBJECTS { hh3cSecDiagConcurrencyDeviceId } STATUS current DESCRIPTION "Send trap when the number of session connections fell below the threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 2 } hh3cSecDiagTrapConnectionExceed NOTIFICATION-TYPE OBJECTS { hh3cSecDiagConnectionThreshold, hh3cSecDiagConnectionDeviceId } STATUS current DESCRIPTION "The new session creation rate reached the alarm threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 3 } hh3cSecDiagTrapConnectionBelow NOTIFICATION-TYPE OBJECTS { hh3cSecDiagConnectionDeviceId } STATUS current DESCRIPTION "Session creation rate drops below the threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 4 } hh3cSecDiagTrapSecpIpv4Exceed NOTIFICATION-TYPE OBJECTS { hh3cSecDiagSecpIpv4Threshold } STATUS current DESCRIPTION "The number of IPv4 security policy rules has reached the alarm threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 5 } hh3cSecDiagTrapSecpIpv4Below NOTIFICATION-TYPE STATUS current DESCRIPTION "The number of IPv4 security policy rules has fallen below the threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 6 } hh3cSecDiagTrapSecpIpv6Exceed NOTIFICATION-TYPE OBJECTS { hh3cSecDiagSecpIpv6Threshold } STATUS current DESCRIPTION "The number of IPv6 security policy rules has reached the alarm threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 7 } hh3cSecDiagTrapSecpIpv6Below NOTIFICATION-TYPE STATUS current DESCRIPTION "The number of IPv6 security policy rules has fallen below the threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 8 } hh3cSecDiagTrapContextExceed NOTIFICATION-TYPE OBJECTS { hh3cSecDiagContextThreshold } STATUS current DESCRIPTION "The number of context has reached the alarm threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 9 } hh3cSecDiagTrapContextBelow NOTIFICATION-TYPE STATUS current DESCRIPTION "The number of contexts has fallen below the threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 10 } hh3cSecDiagTrapNatExceed NOTIFICATION-TYPE OBJECTS { hh3cSecDiagNatThreshold } STATUS current DESCRIPTION "The number of configured NAT entries has reached the alarm threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 11 } hh3cSecDiagTrapNatBelow NOTIFICATION-TYPE STATUS current DESCRIPTION "The number of NAT entries has fallen below the threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 12 } hh3cSecDiagTrapBaggExceed NOTIFICATION-TYPE OBJECTS { hh3cSecDiagBaggThreshold } STATUS current DESCRIPTION "The number of layer-2 aggregation interfaces has reached the alarm threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 13 } hh3cSecDiagTrapBaggBelow NOTIFICATION-TYPE STATUS current DESCRIPTION "The number of layer-2 aggregation interfaces has fallen below the threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 14 } hh3cSecDiagTrapRaggExceed NOTIFICATION-TYPE OBJECTS { hh3cSecDiagRaggThreshold } STATUS current DESCRIPTION "The number of three-layer aggregation interfaces has reached the alarm threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 15 } hh3cSecDiagTrapRaggBelow NOTIFICATION-TYPE STATUS current DESCRIPTION "The number of three-layer aggregation interfaces has fallen below the threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 16 } hh3cSecDiagTrapThroughputExceed NOTIFICATION-TYPE OBJECTS { hh3cSecDiagThroughputThreshold, hh3cSecDiagThroughputDeviceId } STATUS current DESCRIPTION "The throughput of the internal interface has reached the alarm threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 17 } hh3cSecDiagTrapThroughputBelow NOTIFICATION-TYPE OBJECTS { hh3cSecDiagThroughputDeviceId } STATUS current DESCRIPTION "The throughput of the internal interface drops below the threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 18 } hh3cSecDiagTrapQaclExceed NOTIFICATION-TYPE OBJECTS { hh3cSecDiagQaclThreshold, hh3cSecDiagQaclDeviceId, hh3cSecDiagQaclTotalSlices, hh3cSecDiagQaclSingleSlices, hh3cSecDiagQaclDoubleSlices, hh3cSecDiagQaclMQCEntries, hh3cSecDiagQaclOpenFlowEntries } STATUS current DESCRIPTION "The percentage of QACL resource utilization has reached the alarm threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 19 } hh3cSecDiagTrapQaclBelow NOTIFICATION-TYPE OBJECTS { hh3cSecDiagQaclDeviceId } STATUS current DESCRIPTION "The percentage of QACL resource utilization has fallen below the threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 20 } hh3cSecDiagTrapBandwidthExceed NOTIFICATION-TYPE OBJECTS { hh3cSecDiagBandwidthThreshold } STATUS current DESCRIPTION "The incoming traffic is always greater than or equal to the bandwidth alarm threshold within the duration." ::= { hh3cSecDiagTrapsMonitorPrefix 21 } hh3cSecDiagTrapBandwidthBelow NOTIFICATION-TYPE STATUS current DESCRIPTION "The incoming traffic falls below the bandwidth alarm threshold within the duration." ::= { hh3cSecDiagTrapsMonitorPrefix 22 } hh3cSecDiagTrapBldContextExceed NOTIFICATION-TYPE OBJECTS { hh3cSecDiagBladeEngineGroupId, hh3cSecDiagBladeThresholdLevel, hh3cSecDiagBladeThreshold } STATUS current DESCRIPTION "The number of context in a security engine group reaches the first threshold alarm or the second threshold alarm." ::= { hh3cSecDiagTrapsMonitorPrefix 23 } hh3cSecDiagTrapBldContextBelow NOTIFICATION-TYPE OBJECTS { hh3cSecDiagBladeEngineGroupId, hh3cSecDiagBladeThresholdLevel, hh3cSecDiagBladeThreshold } STATUS current DESCRIPTION "The number of context on the engine group drops below the first level threshold or below the second threshold." ::= { hh3cSecDiagTrapsMonitorPrefix 24 } hh3cSecDiagTrapBldContextClose NOTIFICATION-TYPE STATUS current DESCRIPTION "Turn off the context monitoring alarm based on the engine group." ::= { hh3cSecDiagTrapsMonitorPrefix 25 } hh3cSecDiagTrapContextClose NOTIFICATION-TYPE STATUS current DESCRIPTION "Close the context number monitoring alarm." ::= { hh3cSecDiagTrapsMonitorPrefix 26 } hh3cSecDiagTrapsMonitorObjects OBJECT IDENTIFIER ::= { hh3cSecDiagTraps 1 } hh3cSecDiagConcurrencyThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Threshold value of session connections." ::= { hh3cSecDiagTrapsMonitorObjects 1 } hh3cSecDiagConcurrencyDeviceId OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..64)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "1.The slot number of the board, such as slot XX. If the slot supports multiple CPUs, it is like slot XX CPU XX. (Distributed device,independent operation mode). 2.The member number of the equipment in IRF, such as slot XX. If the slot supports multiple CPUs, it is like slot XX CPU XX. (Centralized IRF equipment). 3.The slot number of the board in the IRF, such as chassis XX slot XX. If the slot supports multiple CPUs, the form is chassis XX slot XX CPU XX. (Distributed device,IRF mode)." ::= { hh3cSecDiagTrapsMonitorObjects 2 } hh3cSecDiagConnectionThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Threshold of session creation rate." ::= { hh3cSecDiagTrapsMonitorObjects 3 } hh3cSecDiagConnectionDeviceId OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..64)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "1.The slot number of the board, such as slot XX. If the slot supports multiple CPUs, it is like slot XX CPU XX. (Distributed device,independent operation mode). 2.The member number of the equipment in IRF, such as slot XX. If the slot supports multiple CPUs, it is like slot XX CPU XX. (Centralized IRF equipment). 3.The slot number of the board in the IRF, such as chassis XX slot XX. If the slot supports multiple CPUs, the form is chassis XX slot XX CPU XX. (Distributed device,IRF mode)." ::= { hh3cSecDiagTrapsMonitorObjects 4 } hh3cSecDiagSecpIpv4Threshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Threshold value for the number of IPv4 security policy rules." ::= { hh3cSecDiagTrapsMonitorObjects 5 } hh3cSecDiagSecpIpv6Threshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Threshold value for the number of IPv6 security policy rules." ::= { hh3cSecDiagTrapsMonitorObjects 6 } hh3cSecDiagContextThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Context number alarm threshold." ::= { hh3cSecDiagTrapsMonitorObjects 7 } hh3cSecDiagNatThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Threshold value of NAT entries." ::= { hh3cSecDiagTrapsMonitorObjects 8 } hh3cSecDiagBaggThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Threshold value for the number of layer-2 aggregation interfaces." ::= { hh3cSecDiagTrapsMonitorObjects 9 } hh3cSecDiagRaggThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Threshold value for the number of three-tier aggregation interfaces." ::= { hh3cSecDiagTrapsMonitorObjects 10 } hh3cSecDiagThroughputThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Threshold value for the throughput of internal interface." ::= { hh3cSecDiagTrapsMonitorObjects 11 } hh3cSecDiagThroughputDeviceId OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..64)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "1.The slot number of the board, such as slot XX. If the slot supports multiple CPUs, it is like slot XX CPU XX. (Distributed device,independent operation mode). 2.The member number of the equipment in IRF, such as slot XX. If the slot supports multiple CPUs, it is like slot XX CPU XX. (Centralized IRF equipment). 3.The slot number of the board in the IRF, such as chassis XX slot XX. If the slot supports multiple CPUs, the form is chassis XX slot XX CPU XX. (Distributed device,IRF mode)." ::= { hh3cSecDiagTrapsMonitorObjects 12 } hh3cSecDiagQaclThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "QACL resource usage threshold." ::= { hh3cSecDiagTrapsMonitorObjects 13 } hh3cSecDiagQaclDeviceId OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..64)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "1.The slot number of the board, such as slot XX. If the slot supports multiple CPUs, it is like slot XX CPU XX. (Distributed device,independent operation mode). 2.The member number of the equipment in IRF, such as slot XX. If the slot supports multiple CPUs, it is like slot XX CPU XX. (Centralized IRF equipment). 3.The slot number of the board in the IRF, such as chassis XX slot XX. If the slot supports multiple CPUs, the form is chassis XX slot XX CPU XX. (Distributed device,IRF mode)." ::= { hh3cSecDiagTrapsMonitorObjects 14 } hh3cSecDiagQaclTotalSlices OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Total slices value." ::= { hh3cSecDiagTrapsMonitorObjects 15 } hh3cSecDiagQaclSingleSlices OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Number of single-slices remaining." ::= { hh3cSecDiagTrapsMonitorObjects 16 } hh3cSecDiagQaclDoubleSlices OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Number of double-slices remaining." ::= { hh3cSecDiagTrapsMonitorObjects 17 } hh3cSecDiagQaclMQCEntries OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Number of MQC-entries remaining." ::= { hh3cSecDiagTrapsMonitorObjects 18 } hh3cSecDiagQaclOpenFlowEntries OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Number of OpenFlow-entries remaining." ::= { hh3cSecDiagTrapsMonitorObjects 19 } hh3cSecDiagBandwidthThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Overall bandwidth threshold." ::= { hh3cSecDiagTrapsMonitorObjects 20 } hh3cSecDiagBladeEngineGroupId OBJECT-TYPE SYNTAX OCTET STRING(SIZE(0..64)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Engine group ID." ::= { hh3cSecDiagTrapsMonitorObjects 21 } hh3cSecDiagBladeThresholdLevel OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Threshold level." ::= { hh3cSecDiagTrapsMonitorObjects 22 } hh3cSecDiagBladeThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Context number threshold." ::= { hh3cSecDiagTrapsMonitorObjects 23 } END