base/protocols/snmp/main.bro

SNMP

Enables analysis and logging of SNMP datagrams.

Namespace:	SNMP
Source File:	`/scripts/base/protocols/snmp/main.bro`

Summary

Options

SNMP::version_map: table &redef &default = "unknown" &optional Maps an SNMP version integer to a human readable string.

Types

SNMP::Info: record Information tracked per SNMP session.

Redefinitions

`Log::ID`: `enum`
`connection`: `record`
`likely_server_ports`: `set` `&redef`

Events

SNMP::log_snmp: event Event that can be handled to access the SNMP record as it is sent on to the logging framework.

Detailed Interface

Options

SNMP::version_map

Type:	`table` [`count`] of `string`
Attributes:	`&redef` `&default` = `"unknown"` `&optional`
Default:

{
   [1] = "2c",
   [3] = "3",
   [0] = "1"
}

Maps an SNMP version integer to a human readable string.

Types

SNMP::Info

Type:

Type:	`record` ts: `time` `&log` Timestamp of first packet belonging to the SNMP session. uid: `string` `&log` The unique ID for the connection. id: `conn_id` `&log` The connection’s 5-tuple of addresses/ports (ports inherently include transport protocol information) duration: `interval` `&log` `&default` = `0 secs` `&optional` The amount of time between the first packet beloning to the SNMP session and the latest one seen. version: `string` `&log` The version of SNMP being used. community: `string` `&log` `&optional` The community string of the first SNMP packet associated with the session. This is used as part of SNMP’s (v1 and v2c) administrative/security framework. See RFC 1157 or RFC 1901. get_requests: `count` `&log` `&default` = `0` `&optional` The number of variable bindings in GetRequest/GetNextRequest PDUs seen for the session. get_bulk_requests: `count` `&log` `&default` = `0` `&optional` The number of variable bindings in GetBulkRequest PDUs seen for the session. get_responses: `count` `&log` `&default` = `0` `&optional` The number of variable bindings in GetResponse/Response PDUs seen for the session. set_requests: `count` `&log` `&default` = `0` `&optional` The number of variable bindings in SetRequest PDUs seen for the session. display_string: `string` `&log` `&optional` A system description of the SNMP responder endpoint. up_since: `time` `&log` `&optional` The time at which the SNMP responder endpoint claims it’s been up since.

record

ts: time &log: Timestamp of first packet belonging to the SNMP session.
uid: string &log: The unique ID for the connection.
id: conn_id &log: The connection’s 5-tuple of addresses/ports (ports inherently include transport protocol information)
duration: interval &log &default = 0 secs &optional: The amount of time between the first packet beloning to the SNMP session and the latest one seen.
version: string &log: The version of SNMP being used.
community: string &log &optional: The community string of the first SNMP packet associated with the session. This is used as part of SNMP’s (v1 and v2c) administrative/security framework. See RFC 1157 or RFC 1901.
get_requests: count &log &default = 0 &optional: The number of variable bindings in GetRequest/GetNextRequest PDUs seen for the session.
get_bulk_requests: count &log &default = 0 &optional: The number of variable bindings in GetBulkRequest PDUs seen for the session.
get_responses: count &log &default = 0 &optional: The number of variable bindings in GetResponse/Response PDUs seen for the session.
set_requests: count &log &default = 0 &optional: The number of variable bindings in SetRequest PDUs seen for the session.
display_string: string &log &optional: A system description of the SNMP responder endpoint.
up_since: time &log &optional: The time at which the SNMP responder endpoint claims it’s been up since.

Information tracked per SNMP session.

Events

SNMP::log_snmp

Type:	`event` (rec: `SNMP::Info`)

Event that can be handled to access the SNMP record as it is sent on to the logging framework.

base/protocols/snmp/main.bro

Summary

Options

Types

Redefinitions

Events

Detailed Interface

Options

Types

Events

Table of Contents

Next Page

Previous Page

base/protocols/snmp/main.bro

Summary

Options

Types

Redefinitions

Events

Detailed Interface

Options

Types

Events

Table of Contents

Next Page

Previous Page

Search