-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -c -- -- Trend Micro, Inc. -- Copyright information is in the DESCRIPTION section of the MODULE-IDENTITY. -- -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - TPT-NGFW-LOGGING-MIB DEFINITIONS ::= BEGIN IMPORTS InetAddress, InetAddressType FROM INET-ADDRESS-MIB MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP FROM SNMPv2-CONF MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI SnmpAdminString FROM SNMP-FRAMEWORK-MIB DateAndTime, TEXTUAL-CONVENTION FROM SNMPv2-TC tptNgfwSystemSerial FROM TPT-NGFW-SYSTEM-INFO-MIB tpt-ngfw-compls, tpt-ngfw-groups, tpt-ngfw-objs, tpt-ngfw-eventsV2, tpt-ngfw-params, Severity FROM TPT-NGFW-REG-MIB ; tptNgfwLogging MODULE-IDENTITY LAST-UPDATED "201605251854Z" -- May 25, 2016 ORGANIZATION "Trend Micro, Inc." CONTACT-INFO "www.trendmicro.com" DESCRIPTION " Logging information and notifications for TippingPoint Next-Generation Firewall products. Copyright (C) 2016 Trend Micro Incorporated. All Rights Reserved. Trend Micro makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Trend Micro shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material. This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of Trend Micro. The information is provided 'as is' without warranty of any kind and is subject to change without notice. The only warranties for Trend Micro products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Trend Micro shall not be liable for technical or editorial errors or omissions contained herein. TippingPoint(R), the TippingPoint logo, and Digital Vaccine(R) are registered trademarks of Trend Micro. All other company and product names may be trademarks of their respective holders. All rights reserved. This document contains confidential information, trade secrets or both, which are the property of Trend Micro. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from Trend Micro or one of its subsidiaries. All other company and product names may be trademarks of their respective holders. " REVISION "201605251854Z" -- May 25, 2016 DESCRIPTION "Updated copyright information. Minor MIB syntax fixes." REVISION "201303131200Z" -- March 13, 2013 DESCRIPTION "Initial version of NGFW Logging MIB." ::= { tpt-ngfw-objs 5 } -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- -- Textual Conventions -- -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - AuditLogResult ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The result of an audit check: success, or fail. " SYNTAX INTEGER { success(1), failed(2) } AuditLogCategory ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The functional location of where an audit check was made and generated a log entry. " SYNTAX INTEGER { undefined(1), general(2), login(3), logout(4), user(5), time(6), policy(7), update(8), boot(9), report(10), host(11), cfg(12), device(13), sms(14), server(15), segment(16), license(17), ha(18), monitor(19), ipFilter(20), connTable(21), hostComm(22), tse(23), cf(24) } -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- -- System Log Notification -- -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - tptNgfwSysLogNotify NOTIFICATION-TYPE OBJECTS { tptNgfwSystemSerial, tptNgfwLogNotifyTime, tptNgfwLogNotifyHost, tptNgfwLogNotifySource, tptNgfwLogNotifySeverity, tptNgfwLogNotifyText } STATUS current DESCRIPTION "System log notification. " ::= { tpt-ngfw-eventsV2 15 } tptNgfwLogNotifyTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The date and time when the entry was logged. " ::= { tpt-ngfw-params 60 } tptNgfwLogNotifyHost OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..255)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The host name that generated the system log. " ::= { tpt-ngfw-params 61 } tptNgfwLogNotifySource OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..80)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The component that generated the system log. " ::= { tpt-ngfw-params 62 } tptNgfwLogNotifySeverity OBJECT-TYPE SYNTAX Severity MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The severity of the logged event. " ::= { tpt-ngfw-params 63 } tptNgfwLogNotifyText OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..4096)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The full log text. " ::= { tpt-ngfw-params 64 } -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- -- Audit Log Notification -- -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - tptNgfwAuditLogNotify NOTIFICATION-TYPE OBJECTS { tptNgfwSystemSerial, tptNgfwLogNotifyTime, tptNgfwAuditLogNotifyAccess, tptNgfwAuditLogNotifyType, tptNgfwAuditLogNotifyIpAddrType, tptNgfwAuditLogNotifyIpAddr, tptNgfwAuditLogNotifyCategory, tptNgfwAuditLogNotifyResult, tptNgfwAuditLogNotifyUser, tptNgfwAuditLogNotifyMessage } STATUS current DESCRIPTION "Audit-log notification. " ::= { tpt-ngfw-eventsV2 16 } tptNgfwAuditLogNotifyAccess OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The access level of the user initiating the audit check and generating the log. This is a bit field with the following mapping: 0x0 - normal 0x1 - operator 0x4 - administrator 0x8 - super-user " ::= { tpt-ngfw-params 65 } tptNgfwAuditLogNotifyType OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..40)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The interface source of the audit log action. " ::= { tpt-ngfw-params 66 } tptNgfwAuditLogNotifyIpAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The type of IP address from which the user connected. " ::= { tpt-ngfw-params 67 } tptNgfwAuditLogNotifyIpAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The IP address from which the user connected. " ::= { tpt-ngfw-params 68 } tptNgfwAuditLogNotifyCategory OBJECT-TYPE SYNTAX AuditLogCategory MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The functional area where the audit log was generated. " ::= { tpt-ngfw-params 69 } tptNgfwAuditLogNotifyResult OBJECT-TYPE SYNTAX AuditLogResult MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The result, pass or fail, of an audit check. " ::= { tpt-ngfw-params 70 } tptNgfwAuditLogNotifyUser OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..80)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The user initiating the audit check and generating the log. " ::= { tpt-ngfw-params 71 } tptNgfwAuditLogNotifyMessage OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..4096)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "A description of what configuration change was attempted (and possibly succeeded) by the user. " ::= { tpt-ngfw-params 72 } -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- -- VPN Log Notification -- -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - tptNgfwVpnLogNotify NOTIFICATION-TYPE OBJECTS { tptNgfwSystemSerial, tptNgfwLogNotifyTime, tptNgfwLogNotifySeverity, tptNgfwLogNotifySource, tptNgfwLogNotifyText } STATUS current DESCRIPTION "A notification for VPN log information. " ::= { tpt-ngfw-eventsV2 17 } -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- -- Groups -- -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - tptNgfwLoggingGroup OBJECT-GROUP OBJECTS { tptNgfwLogNotifyTime, tptNgfwLogNotifyHost, tptNgfwLogNotifySource, tptNgfwLogNotifySeverity, tptNgfwLogNotifyText, tptNgfwAuditLogNotifyAccess, tptNgfwAuditLogNotifyType, tptNgfwAuditLogNotifyIpAddrType, tptNgfwAuditLogNotifyIpAddr, tptNgfwAuditLogNotifyCategory, tptNgfwAuditLogNotifyResult, tptNgfwAuditLogNotifyUser, tptNgfwAuditLogNotifyMessage } STATUS current DESCRIPTION "Logging group consisting of system, audit, and VPN log objects. " ::= { tpt-ngfw-groups 9 } tptNgfwLoggingNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { tptNgfwSysLogNotify, tptNgfwAuditLogNotify, tptNgfwVpnLogNotify } STATUS current DESCRIPTION "NGFW Logging notifications. " ::= { tpt-ngfw-groups 10 } -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- -- Compliances -- -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - tptNgfwLoggingCompl MODULE-COMPLIANCE STATUS current DESCRIPTION "Compliance for TippingPoint Next-generation Firewall logging MIB. " MODULE MANDATORY-GROUPS { tptNgfwLoggingGroup, tptNgfwLoggingNotificationGroup } ::= { tpt-ngfw-compls 3 } END