base/protocols/snmp/main.bro

SNMP

Enables analysis and logging of SNMP datagrams.

Namespace:SNMP
Source File:/scripts/base/protocols/snmp/main.bro

Summary

Redefinable Options

SNMP::version_map: table &redef &default = "unknown" &optional Maps an SNMP version integer to a human readable string.

Types

SNMP::Info: record Information tracked per SNMP session.

Events

SNMP::log_snmp: event Event that can be handled to access the SNMP record as it is sent on to the logging framework.

Detailed Interface

Redefinable Options

SNMP::version_map
Type:table [count] of string
Attributes:&redef &default = "unknown" &optional
Default:
{
   [3] = "3",
   [1] = "2c",
   [0] = "1"
}

Maps an SNMP version integer to a human readable string.

Types

SNMP::Info
Type:

record

ts: time &log

Timestamp of first packet belonging to the SNMP session.

uid: string &log

The unique ID for the connection.

id: conn_id &log

The connection’s 5-tuple of addresses/ports (ports inherently include transport protocol information)

duration: interval &log &default = 0 secs &optional

The amount of time between the first packet beloning to the SNMP session and the latest one seen.

version: string &log

The version of SNMP being used.

community: string &log &optional

The community string of the first SNMP packet associated with the session. This is used as part of SNMP’s (v1 and v2c) administrative/security framework. See RFC 1157 or RFC 1901.

get_requests: count &log &default = 0 &optional

The number of variable bindings in GetRequest/GetNextRequest PDUs seen for the session.

get_bulk_requests: count &log &default = 0 &optional

The number of variable bindings in GetBulkRequest PDUs seen for the session.

get_responses: count &log &default = 0 &optional

The number of variable bindings in GetResponse/Response PDUs seen for the session.

set_requests: count &log &default = 0 &optional

The number of variable bindings in SetRequest PDUs seen for the session.

display_string: string &log &optional

A system description of the SNMP responder endpoint.

up_since: time &log &optional

The time at which the SNMP responder endpoint claims it’s been up since.

Information tracked per SNMP session.

Events

SNMP::log_snmp
Type:event (rec: SNMP::Info)

Event that can be handled to access the SNMP record as it is sent on to the logging framework.

Copyright 2016, The Bro Project. Last updated on January 10, 2019. Created using Sphinx 1.7.5.