RFC 1757
Remote Network Monitoring Management Information Base
-- The Filter Group
-- Implementation of the Filter group is optional.
--
-- The Filter group allows packets to be captured with an
-- arbitrary filter expression. A logical data and
-- event stream or "channel" is formed by the packets
-- that match the filter expression.
--
-- This filter mechanism allows the creation of an arbitrary
-- logical expression with which to filter packets. Each
-- filter associated with a channel is OR'ed with the others.
-- Within a filter, any bits checked in the data and status
-- are AND'ed with respect to other bits in the same filter.
-- The NotMask also allows for checking for inequality.
-- Finally, the channelAcceptType object allows for
-- inversion of the whole equation.
--
-- If a management station wishes to receive a trap to alert
-- it that new packets have been captured and are available
-- for download, it is recommended that it set up an alarm
-- entry that monitors the value of the relevant
-- channelMatches instance.
--
-- The channel can be turned on or off, and can also
-- generate events when packets pass through it.
filterTable OBJECT-TYPE
SYNTAX SEQUENCE OF FilterEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A list of packet filter entries."
::= { filter 1 }
filterEntry OBJECT-TYPE
SYNTAX FilterEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A set of parameters for a packet filter applied on a
particular interface. As an example, an instance of
the filterPktData object might be named
filterPktData.12"
INDEX { filterIndex }
::= { filterTable 1 }
FilterEntry ::= SEQUENCE {
filterIndex INTEGER (1..65535),
filterChannelIndex INTEGER (1..65535),
filterPktDataOffset INTEGER,
filterPktData OCTET STRING,
filterPktDataMask OCTET STRING,
filterPktDataNotMask OCTET STRING,
filterPktStatus INTEGER,
filterPktStatusMask INTEGER,
filterPktStatusNotMask INTEGER,
filterOwner OwnerString,
filterStatus EntryStatus
}
filterIndex OBJECT-TYPE
SYNTAX INTEGER (1..65535)
ACCESS read-only
STATUS mandatory
DESCRIPTION
"An index that uniquely identifies an entry
in the filter table. Each such entry defines
one filter that is to be applied to every packet
received on an interface."
::= { filterEntry 1 }
filterChannelIndex OBJECT-TYPE
SYNTAX INTEGER (1..65535)
ACCESS read-write
STATUS mandatory
DESCRIPTION
"This object identifies the channel of which this
filter is a part. The filters identified by a
particular value of this object are associated with
the same channel as identified by the same value of
the channelIndex object."
::= { filterEntry 2 }
filterPktDataOffset OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The offset from the beginning of each packet where
a match of packet data will be attempted. This offset
is measured from the point in the physical layer
packet after the framing bits, if any. For example,
in an Ethernet frame, this point is at the beginning
of the destination MAC address.
This object may not be modified if the associated
filterStatus object is equal to valid(1)."
DEFVAL { 0 }
::= { filterEntry 3 }
filterPktData OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The data that is to be matched with the input
packet. For each packet received, this filter and
the accompanying filterPktDataMask and
filterPktDataNotMask will be adjusted for the
offset. The only bits relevant to this match
algorithm are those that have the corresponding
filterPktDataMask bit equal to one. The following
three rules are then applied to every packet:
(1) If the packet is too short and does not have data
corresponding to part of the filterPktData, the
packet will fail this data match.
(2) For each relevant bit from the packet with the
corresponding filterPktDataNotMask bit set to
zero, if the bit from the packet is not equal to
the corresponding bit from the filterPktData,
then the packet will fail this data match.
(3) If for every relevant bit from the packet with the
corresponding filterPktDataNotMask bit set to one,
the bit from the packet is equal to the
corresponding bit from the filterPktData, then
the packet will fail this data match.
Any packets that have not failed any of the three
matches above have passed this data match. In
particular, a zero length filter will match any
packet.
This object may not be modified if the associated
filterStatus object is equal to valid(1)."
::= { filterEntry 4 }
filterPktDataMask OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The mask that is applied to the match process.
After adjusting this mask for the offset, only those
bits in the received packet that correspond to bits
set in this mask are relevant for further processing
by the match algorithm. The offset is applied to
filterPktDataMask in the same way it is applied to the
filter. For the purposes of the matching algorithm,
if the associated filterPktData object is longer
than this mask, this mask is conceptually extended
with '1' bits until it reaches the length of the
filterPktData object.
This object may not be modified if the associated
filterStatus object is equal to valid(1)."
::= { filterEntry 5 }
filterPktDataNotMask OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The inversion mask that is applied to the match
process. After adjusting this mask for the offset,
those relevant bits in the received packet that
correspond to bits cleared in this mask must all be
equal to their corresponding bits in the
filterPktData object for the packet to be accepted.
In addition, at least one of those relevant bits in
the received packet that correspond to bits set in
this mask must be different to its corresponding bit
in the filterPktData object.
For the purposes of the matching algorithm, if the
associated filterPktData object is longer than this
mask, this mask is conceptually extended with '0'
bits until it reaches the length of the
filterPktData object.
This object may not be modified if the associated
filterStatus object is equal to valid(1)."
::= { filterEntry 6 }
filterPktStatus OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The status that is to be matched with the input
packet. The only bits relevant to this match
algorithm are those that have the corresponding
filterPktStatusMask bit equal to one. The following
two rules are then applied to every packet:
(1) For each relevant bit from the packet status
with the corresponding filterPktStatusNotMask bit
set to zero, if the bit from the packet status is
not equal to the corresponding bit from the
filterPktStatus, then the packet will fail this
status match.
(2) If for every relevant bit from the packet status
with the corresponding filterPktStatusNotMask bit
set to one, the bit from the packet status is
equal to the corresponding bit from the
filterPktStatus, then the packet will fail this
status match.
Any packets that have not failed either of the two
matches above have passed this status match. In
particular, a zero length status filter will match any
packet's status.
The value of the packet status is a sum. This sum
initially takes the value zero. Then, for each
error, E, that has been discovered in this packet,
2 raised to a value representing E is added to the
sum. The errors and the bits that represent them are
dependent on the media type of the interface that
this channel is receiving packets from.
The errors defined for a packet captured off of an
Ethernet interface are as follows:
bit # Error
0 Packet is longer than 1518 octets
1 Packet is shorter than 64 octets
2 Packet experienced a CRC or Alignment
error
For example, an Ethernet fragment would have a
value of 6 (2^1 + 2^2).
As this MIB is expanded to new media types, this
object will have other media-specific errors
defined.
For the purposes of this status matching algorithm,
if the packet status is longer than this
filterPktStatus object, this object is conceptually
extended with '0' bits until it reaches the size of
the packet status.
This object may not be modified if the associated
filterStatus object is equal to valid(1)."
::= { filterEntry 7 }
filterPktStatusMask OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The mask that is applied to the status match
process. Only those bits in the received packet
that correspond to bits set in this mask are
relevant for further processing by the status match
algorithm. For the purposes of the matching
algorithm, if the associated filterPktStatus object
is longer than this mask, this mask is conceptually
extended with '1' bits until it reaches the size of
the filterPktStatus. In addition, if a packet
status is longer than this mask, this mask is
conceptually extended with '0' bits until it reaches
the size of the packet status.
This object may not be modified if the associated
filterStatus object is equal to valid(1)."
::= { filterEntry 8 }
filterPktStatusNotMask OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The inversion mask that is applied to the status
match process. Those relevant bits in the received
packet status that correspond to bits cleared in
this mask must all be equal to their corresponding
bits in the filterPktStatus object for the packet to
be accepted. In addition, at least one of those
relevant bits in the received packet status that
correspond to bits set in this mask must be
different to its corresponding bit in the
filterPktStatus object for the packet to be
accepted.
For the purposes of the matching algorithm, if the
associated filterPktStatus object or a packet status
is longer than this mask, this mask is conceptually
extended with '0' bits until it reaches the longer
of the lengths of the filterPktStatus object and the
packet status.
This object may not be modified if the associated
filterStatus object is equal to valid(1)."
::= { filterEntry 9 }
filterOwner OBJECT-TYPE
SYNTAX OwnerString
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The entity that configured this entry and is
therefore using the resources assigned to it."
::= { filterEntry 10 }
filterStatus OBJECT-TYPE
SYNTAX EntryStatus
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The status of this filter entry."
::= { filterEntry 11 }
channelTable OBJECT-TYPE
SYNTAX SEQUENCE OF ChannelEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A list of packet channel entries."
::= { filter 2 }
channelEntry OBJECT-TYPE
SYNTAX ChannelEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A set of parameters for a packet channel applied on a
particular interface. As an example, an instance of
the channelMatches object might be named
channelMatches.3"
INDEX { channelIndex }
::= { channelTable 1 }
ChannelEntry ::= SEQUENCE {
channelIndex INTEGER (1..65535),
channelIfIndex INTEGER (1..65535),
channelAcceptType INTEGER,
channelDataControl INTEGER,
channelTurnOnEventIndex INTEGER (0..65535),
channelTurnOffEventIndex INTEGER (0..65535),
channelEventIndex INTEGER (0..65535),
channelEventStatus INTEGER,
channelMatches Counter,
channelDescription DisplayString (SIZE (0..127)),
channelOwner OwnerString,
channelStatus EntryStatus
}
channelIndex OBJECT-TYPE
SYNTAX INTEGER (1..65535)
ACCESS read-only
STATUS mandatory
DESCRIPTION
"An index that uniquely identifies an entry in the
channel table. Each such entry defines one channel,
a logical data and event stream.
It is suggested that before creating a channel, an
application should scan all instances of the
filterChannelIndex object to make sure that there
are no pre-existing filters that would be
inadvertently be linked to the channel."
::= { channelEntry 1 }
channelIfIndex OBJECT-TYPE
SYNTAX INTEGER (1..65535)
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The value of this object uniquely identifies the
interface on this remote network monitoring device
to which the associated filters are applied to allow
data into this channel. The interface identified by
a particular value of this object is the same
interface as identified by the same value of the
ifIndex object, defined in RFC 1213 and RFC 1573
[4,6].
The filters in this group are applied to all packets
on the local network segment attached to the
identified interface.
An agent may or may not be able to tell if
fundamental changes to the media of the interface
have occurred and necessitate an invalidation of
this entry. For example, a hot-pluggable ethernet
card could be pulled out and replaced by a
token-ring card. In such a case, if the agent has
such knowledge of the change, it is recommended that
it invalidate this entry.
This object may not be modified if the associated
channelStatus object is equal to valid(1)."
::= { channelEntry 2 }
channelAcceptType OBJECT-TYPE
SYNTAX INTEGER {
acceptMatched(1),
acceptFailed(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"This object controls the action of the filters
associated with this channel. If this object is equal
to acceptMatched(1), packets will be accepted to this
channel if they are accepted by both the packet data
and packet status matches of an associated filter. If
this object is equal to acceptFailed(2), packets will
be accepted to this channel only if they fail either
the packet data match or the packet status match of
each of the associated filters.
In particular, a channel with no associated filters
will match no packets if set to acceptMatched(1)
case and will match all packets in the
acceptFailed(2) case.
This object may not be modified if the associated
channelStatus object is equal to valid(1)."
::= { channelEntry 3 }
channelDataControl OBJECT-TYPE
SYNTAX INTEGER {
on(1),
off(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"This object controls the flow of data through this
channel. If this object is on(1), data, status and
events flow through this channel. If this object is
off(2), data, status and events will not flow
through this channel."
DEFVAL { off }
::= { channelEntry 4 }
channelTurnOnEventIndex OBJECT-TYPE
SYNTAX INTEGER (0..65535)
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The value of this object identifies the event
that is configured to turn the associated
channelDataControl from off to on when the event is
generated. The event identified by a particular value
of this object is the same event as identified by the
same value of the eventIndex object. If there is no
corresponding entry in the eventTable, then no
association exists. In fact, if no event is intended
for this channel, channelTurnOnEventIndex must be
set to zero, a non-existent event index.
This object may not be modified if the associated
channelStatus object is equal to valid(1)."
::= { channelEntry 5 }
channelTurnOffEventIndex OBJECT-TYPE
SYNTAX INTEGER (0..65535)
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The value of this object identifies the event
that is configured to turn the associated
channelDataControl from on to off when the event is
generated. The event identified by a particular value
of this object is the same event as identified by the
same value of the eventIndex object. If there is no
corresponding entry in the eventTable, then no
association exists. In fact, if no event is intended
for this channel, channelTurnOffEventIndex must be
set to zero, a non-existent event index.
This object may not be modified if the associated
channelStatus object is equal to valid(1)."
::= { channelEntry 6 }
channelEventIndex OBJECT-TYPE
SYNTAX INTEGER (0..65535)
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The value of this object identifies the event
that is configured to be generated when the
associated channelDataControl is on and a packet
is matched. The event identified by a particular
value of this object is the same event as identified
by the same value of the eventIndex object. If
there is no corresponding entry in the eventTable,
then no association exists. In fact, if no event is
intended for this channel, channelEventIndex must be
set to zero, a non-existent event index.
This object may not be modified if the associated
channelStatus object is equal to valid(1)."
::= { channelEntry 7 }
channelEventStatus OBJECT-TYPE
SYNTAX INTEGER {
eventReady(1),
eventFired(2),
eventAlwaysReady(3)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The event status of this channel.
If this channel is configured to generate events
when packets are matched, a means of controlling
the flow of those events is often needed. When
this object is equal to eventReady(1), a single
event may be generated, after which this object
will be set by the probe to eventFired(2). While
in the eventFired(2) state, no events will be
generated until the object is modified to
eventReady(1) (or eventAlwaysReady(3)). The
management station can thus easily respond to a
notification of an event by re-enabling this object.
If the management station wishes to disable this
flow control and allow events to be generated
at will, this object may be set to
eventAlwaysReady(3). Disabling the flow control
is discouraged as it can result in high network
traffic or other performance problems."
DEFVAL { eventReady }
::= { channelEntry 8 }
channelMatches OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of times this channel has matched a
packet. Note that this object is updated even when
channelDataControl is set to off."
::= { channelEntry 9 }
channelDescription OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..127))
ACCESS read-write
STATUS mandatory
DESCRIPTION
"A comment describing this channel."
::= { channelEntry 10 }
channelOwner OBJECT-TYPE
SYNTAX OwnerString
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The entity that configured this entry and is
therefore using the resources assigned to it."
::= { channelEntry 11 }
channelStatus OBJECT-TYPE
SYNTAX EntryStatus
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The status of this channel entry."
::= { channelEntry 12 }
-- The Packet Capture Group
-- Implementation of the Packet Capture group is optional.
--
-- The Packet Capture Group requires implementation of the
-- Filter Group.
--
-- The Packet Capture group allows packets to be captured
-- upon a filter match. The bufferControlTable controls
-- the captured packets output from a channel that is
-- associated with it. The captured packets are placed
-- in entries in the captureBufferTable. These entries are
-- associated with the bufferControlEntry on whose behalf they
-- were stored.
bufferControlTable OBJECT-TYPE
SYNTAX SEQUENCE OF BufferControlEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A list of buffers control entries."
::= { capture 1 }
bufferControlEntry OBJECT-TYPE
SYNTAX BufferControlEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A set of parameters that control the collection of
a stream of packets that have matched filters. As
an example, an instance of the
bufferControlCaptureSliceSize object might be named
bufferControlCaptureSliceSize.3"
INDEX { bufferControlIndex }
::= { bufferControlTable 1 }
BufferControlEntry ::= SEQUENCE {
bufferControlIndex INTEGER (1..65535),
bufferControlChannelIndex INTEGER (1..65535),
bufferControlFullStatus INTEGER,
bufferControlFullAction INTEGER,
bufferControlCaptureSliceSize INTEGER,
bufferControlDownloadSliceSize INTEGER,
bufferControlDownloadOffset INTEGER,
bufferControlMaxOctetsRequested INTEGER,
bufferControlMaxOctetsGranted INTEGER,
bufferControlCapturedPackets INTEGER,
bufferControlTurnOnTime TimeTicks,
bufferControlOwner OwnerString,
bufferControlStatus EntryStatus
}
bufferControlIndex OBJECT-TYPE
SYNTAX INTEGER (1..65535)
ACCESS read-only
STATUS mandatory
DESCRIPTION
"An index that uniquely identifies an entry
in the bufferControl table. The value of this
index shall never be zero. Each such
entry defines one set of packets that is
captured and controlled by one or more filters."
::= { bufferControlEntry 1 }
bufferControlChannelIndex OBJECT-TYPE
SYNTAX INTEGER (1..65535)
ACCESS read-write
STATUS mandatory
DESCRIPTION
"An index that identifies the channel that is the
source of packets for this bufferControl table.
The channel identified by a particular value of this
index is the same as identified by the same value of
the channelIndex object.
This object may not be modified if the associated
bufferControlStatus object is equal to valid(1)."
::= { bufferControlEntry 2 }
bufferControlFullStatus OBJECT-TYPE
SYNTAX INTEGER {
spaceAvailable(1),
full(2)
}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"This object shows whether the buffer has room to
accept new packets or if it is full.
If the status is spaceAvailable(1), the buffer is
accepting new packets normally. If the status is
full(2) and the associated bufferControlFullAction
object is wrapWhenFull, the buffer is accepting new
packets by deleting enough of the oldest packets
to make room for new ones as they arrive. Otherwise,
if the status is full(2) and the
bufferControlFullAction object is lockWhenFull,
then the buffer has stopped collecting packets.
When this object is set to full(2) the probe must
not later set it to spaceAvailable(1) except in the
case of a significant gain in resources such as
an increase of bufferControlOctetsGranted. In
particular, the wrap-mode action of deleting old
packets to make room for newly arrived packets
must not affect the value of this object."
::= { bufferControlEntry 3 }
bufferControlFullAction OBJECT-TYPE
SYNTAX INTEGER {
lockWhenFull(1),
wrapWhenFull(2) -- FIFO
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Controls the action of the buffer when it
reaches the full status. When in the lockWhenFull(1)
state and a packet is added to the buffer that
fills the buffer, the bufferControlFullStatus will
be set to full(2) and this buffer will stop capturing
packets."
::= { bufferControlEntry 4 }
bufferControlCaptureSliceSize OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The maximum number of octets of each packet
that will be saved in this capture buffer.
For example, if a 1500 octet packet is received by
the probe and this object is set to 500, then only
500 octets of the packet will be stored in the
associated capture buffer. If this variable is set
to 0, the capture buffer will save as many octets
as is possible.
This object may not be modified if the associated
bufferControlStatus object is equal to valid(1)."
DEFVAL { 100 }
::= { bufferControlEntry 5 }
bufferControlDownloadSliceSize OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The maximum number of octets of each packet
in this capture buffer that will be returned in
an SNMP retrieval of that packet. For example,
if 500 octets of a packet have been stored in the
associated capture buffer, the associated
bufferControlDownloadOffset is 0, and this
object is set to 100, then the captureBufferPacket
object that contains the packet will contain only
the first 100 octets of the packet.
A prudent manager will take into account possible
interoperability or fragmentation problems that may
occur if the download slice size is set too large.
In particular, conformant SNMP implementations are not
required to accept messages whose length exceeds 484
octets, although they are encouraged to support larger
datagrams whenever feasible."
DEFVAL { 100 }
::= { bufferControlEntry 6 }
bufferControlDownloadOffset OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The offset of the first octet of each packet
in this capture buffer that will be returned in
an SNMP retrieval of that packet. For example,
if 500 octets of a packet have been stored in the
associated capture buffer and this object is set to
100, then the captureBufferPacket object that
contains the packet will contain bytes starting
100 octets into the packet."
DEFVAL { 0 }
::= { bufferControlEntry 7 }
bufferControlMaxOctetsRequested OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The requested maximum number of octets to be
saved in this captureBuffer, including any
implementation-specific overhead. If this variable
is set to -1, the capture buffer will save as many
octets as is possible.
When this object is created or modified, the probe
should set bufferControlMaxOctetsGranted as closely
to this object as is possible for the particular probe
implementation and available resources. However, if
the object has the special value of -1, the probe
must set bufferControlMaxOctetsGranted to -1."
DEFVAL { -1 }
::= { bufferControlEntry 8 }
bufferControlMaxOctetsGranted OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The maximum number of octets that can be
saved in this captureBuffer, including overhead.
If this variable is -1, the capture buffer will save
as many octets as possible.
When the bufferControlMaxOctetsRequested object is
created or modified, the probe should set this object
as closely to the requested value as is possible for
the particular probe implementation and available
resources.
However, if the request object has the special value
of -1, the probe must set this object to -1.
The probe must not lower this value except as a result
of a modification to the associated
bufferControlMaxOctetsRequested object.
When this maximum number of octets is reached
and a new packet is to be added to this
capture buffer and the corresponding
bufferControlFullAction is set to wrapWhenFull(2),
enough of the oldest packets associated with this
capture buffer shall be deleted by the agent so
that the new packet can be added. If the
corresponding bufferControlFullAction is set to
lockWhenFull(1), the new packet shall be discarded.
In either case, the probe must set
bufferControlFullStatus to full(2).
When the value of this object changes to a value less
than the current value, entries are deleted from
the captureBufferTable associated with this
bufferControlEntry. Enough of the
oldest of these captureBufferEntries shall be
deleted by the agent so that the number of octets
used remains less than or equal to the new value of
this object.
When the value of this object changes to a value
greater than the current value, the number of
associated captureBufferEntries may be allowed to
grow."
::= { bufferControlEntry 9 }
bufferControlCapturedPackets OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of packets currently in this
captureBuffer."
::= { bufferControlEntry 10 }
bufferControlTurnOnTime OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The value of sysUpTime when this capture buffer was
first turned on."
::= { bufferControlEntry 11 }
bufferControlOwner OBJECT-TYPE
SYNTAX OwnerString
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The entity that configured this entry and is
therefore using the resources assigned to it."
::= { bufferControlEntry 12 }
bufferControlStatus OBJECT-TYPE
SYNTAX EntryStatus
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The status of this buffer Control Entry."
::= { bufferControlEntry 13 }
captureBufferTable OBJECT-TYPE
SYNTAX SEQUENCE OF CaptureBufferEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A list of packets captured off of a channel."
::= { capture 2 }
captureBufferEntry OBJECT-TYPE
SYNTAX CaptureBufferEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A packet captured off of an attached network. As an
example, an instance of the captureBufferPacketData
object might be named captureBufferPacketData.3.1783"
INDEX { captureBufferControlIndex, captureBufferIndex }
::= { captureBufferTable 1 }
CaptureBufferEntry ::= SEQUENCE {
captureBufferControlIndex INTEGER (1..65535),
captureBufferIndex INTEGER (1..2147483647),
captureBufferPacketID INTEGER,
captureBufferPacketData OCTET STRING,
captureBufferPacketLength INTEGER,
captureBufferPacketTime INTEGER,
captureBufferPacketStatus INTEGER
}
captureBufferControlIndex OBJECT-TYPE
SYNTAX INTEGER (1..65535)
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The index of the bufferControlEntry with which
this packet is associated."
::= { captureBufferEntry 1 }
captureBufferIndex OBJECT-TYPE
SYNTAX INTEGER (1..2147483647)
ACCESS read-only
STATUS mandatory
DESCRIPTION
"An index that uniquely identifies an entry
in the captureBuffer table associated with a
particular bufferControlEntry. This index will
start at 1 and increase by one for each new packet
added with the same captureBufferControlIndex.
Should this value reach 2147483647, the next packet
added with the same captureBufferControlIndex shall
cause this value to wrap around to 1."
::= { captureBufferEntry 2 }
captureBufferPacketID OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"An index that describes the order of packets
that are received on a particular interface.
The packetID of a packet captured on an
interface is defined to be greater than the
packetID's of all packets captured previously on
the same interface. As the captureBufferPacketID
object has a maximum positive value of 2^31 - 1,
any captureBufferPacketID object shall have the
value of the associated packet's packetID mod 2^31."
::= { captureBufferEntry 3 }
captureBufferPacketData OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The data inside the packet, starting at the
beginning of the packet plus any offset specified in
the associated bufferControlDownloadOffset,
including any link level headers. The length of the
data in this object is the minimum of the length of
the captured packet minus the offset, the length of
the associated bufferControlCaptureSliceSize minus
the offset, and the associated
bufferControlDownloadSliceSize. If this minimum is
less than zero, this object shall have a length of
zero."
::= { captureBufferEntry 4 }
captureBufferPacketLength OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The actual length (off the wire) of the packet stored
in this entry, including FCS octets."
::= { captureBufferEntry 5 }
captureBufferPacketTime OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The number of milliseconds that had passed since
this capture buffer was first turned on when this
packet was captured."
::= { captureBufferEntry 6 }
captureBufferPacketStatus OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"A value which indicates the error status of this
packet.
The value of this object is defined in the same way as
filterPktStatus. The value is a sum. This sum
initially takes the value zero. Then, for each
error, E, that has been discovered in this packet,
2 raised to a value representing E is added to the
sum.
The errors defined for a packet captured off of an
Ethernet interface are as follows:
bit # Error
0 Packet is longer than 1518 octets
1 Packet is shorter than 64 octets
2 Packet experienced a CRC or Alignment
error
3 First packet in this capture buffer after
it was detected that some packets were
not processed correctly.
4 Packet's order in buffer is only
approximate (May only be set for packets
sent from the probe)
For example, an Ethernet fragment would have a
value of 6 (2^1 + 2^2).
As this MIB is expanded to new media types, this
object will have other media-specific errors defined."
::= { captureBufferEntry 7 }
-- The Event Group
-- Implementation of the Event group is optional.
--
-- The Event group controls the generation and notification
-- of events from this device. Each entry in the eventTable
-- describes the parameters of the event that can be
-- triggered. Each event entry is fired by an associated
-- condition located elsewhere in the MIB. An event entry
-- may also be associated- with a function elsewhere in the
-- MIB that will be executed when the event is generated. For
-- example, a channel may be turned on or off by the firing
-- of an event.
--
-- Each eventEntry may optionally specify that a log entry
-- be created on its behalf whenever the event occurs.
-- Each entry may also specify that notification should
-- occur by way of SNMP trap messages. In this case, the
-- community for the trap message is given in the associated
-- eventCommunity object. The enterprise and specific trap
-- fields of the trap are determined by the condition that
-- triggered the event. Two traps are defined: risingAlarm
-- and fallingAlarm. If the eventTable is triggered by a
-- condition specified elsewhere, the enterprise and
-- specific trap fields must be specified for traps
-- generated for that condition.
eventTable OBJECT-TYPE
SYNTAX SEQUENCE OF EventEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A list of events to be generated."
::= { event 1 }
eventEntry OBJECT-TYPE
SYNTAX EventEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A set of parameters that describe an event to be
generated when certain conditions are met. As an
example, an instance of the eventLastTimeSent object
might be named eventLastTimeSent.6"
INDEX { eventIndex }
::= { eventTable 1 }
EventEntry ::= SEQUENCE {
eventIndex INTEGER (1..65535),
eventDescription DisplayString (SIZE (0..127)),
eventType INTEGER,
eventCommunity OCTET STRING (SIZE (0..127)),
eventLastTimeSent TimeTicks,
eventOwner OwnerString,
eventStatus EntryStatus
}
eventIndex OBJECT-TYPE
SYNTAX INTEGER (1..65535)
ACCESS read-only
STATUS mandatory
DESCRIPTION
"An index that uniquely identifies an entry in the
event table. Each such entry defines one event that
is to be generated when the appropriate conditions
occur."
::= { eventEntry 1 }
eventDescription OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..127))
ACCESS read-write
STATUS mandatory
DESCRIPTION
"A comment describing this event entry."
::= { eventEntry 2 }
eventType OBJECT-TYPE
SYNTAX INTEGER {
none(1),
log(2),
snmp-trap(3), -- send an SNMP trap
log-and-trap(4)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The type of notification that the probe will make
about this event. In the case of log, an entry is
made in the log table for each event. In the case of
snmp-trap, an SNMP trap is sent to one or more
management stations."
::= { eventEntry 3 }
eventCommunity OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..127))
ACCESS read-write
STATUS mandatory
DESCRIPTION
"If an SNMP trap is to be sent, it will be sent to
the SNMP community specified by this octet string.
In the future this table will be extended to include
the party security mechanism. This object shall be
set to a string of length zero if it is intended that
that mechanism be used to specify the destination of
the trap."
::= { eventEntry 4 }
eventLastTimeSent OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The value of sysUpTime at the time this event
entry last generated an event. If this entry has
not generated any events, this value will be
zero."
::= { eventEntry 5 }
eventOwner OBJECT-TYPE
SYNTAX OwnerString
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The entity that configured this entry and is
therefore using the resources assigned to it.
If this object contains a string starting with
'monitor' and has associated entries in the log
table, all connected management stations should
retrieve those log entries, as they may have
significance to all management stations connected to
this device"
::= { eventEntry 6 }
eventStatus OBJECT-TYPE
SYNTAX EntryStatus
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The status of this event entry.
If this object is not equal to valid(1), all
associated log entries shall be deleted by the
agent."
::= { eventEntry 7 }
--
logTable OBJECT-TYPE
SYNTAX SEQUENCE OF LogEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A list of events that have been logged."
::= { event 2 }
logEntry OBJECT-TYPE
SYNTAX LogEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A set of data describing an event that has been
logged. For example, an instance of the
logDescription object might be named
logDescription.6.47"
INDEX { logEventIndex, logIndex }
::= { logTable 1 }
LogEntry ::= SEQUENCE {
logEventIndex INTEGER (1..65535),
logIndex INTEGER (1..2147483647),
logTime TimeTicks,
logDescription DisplayString (SIZE (0..255))
}
logEventIndex OBJECT-TYPE
SYNTAX INTEGER (1..65535)
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The event entry that generated this log
entry. The log identified by a particular
value of this index is associated with the same
eventEntry as identified by the same value
of eventIndex."
::= { logEntry 1 }
logIndex OBJECT-TYPE
SYNTAX INTEGER (1..2147483647)
ACCESS read-only
STATUS mandatory
DESCRIPTION
"An index that uniquely identifies an entry
in the log table amongst those generated by the
same eventEntries. These indexes are
assigned beginning with 1 and increase by one
with each new log entry. The association
between values of logIndex and logEntries
is fixed for the lifetime of each logEntry.
The agent may choose to delete the oldest
instances of logEntry as required because of
lack of memory. It is an implementation-specific
matter as to when this deletion may occur."
::= { logEntry 2 }
logTime OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The value of sysUpTime when this log entry was
created."
::= { logEntry 3 }
logDescription OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
ACCESS read-only
STATUS mandatory
DESCRIPTION
"An implementation dependent description of the
event that activated this log entry."
::= { logEntry 4 }
-- These definitions use the TRAP-TYPE macro as
-- defined in RFC 1215 [10]
-- Remote Network Monitoring Traps
risingAlarm TRAP-TYPE
ENTERPRISE rmon
VARIABLES { alarmIndex, alarmVariable, alarmSampleType,
alarmValue, alarmRisingThreshold }
DESCRIPTION
"The SNMP trap that is generated when an alarm
entry crosses its rising threshold and generates
an event that is configured for sending SNMP
traps."
::= 1
fallingAlarm TRAP-TYPE
ENTERPRISE rmon
VARIABLES { alarmIndex, alarmVariable, alarmSampleType,
alarmValue, alarmFallingThreshold }
DESCRIPTION
"The SNMP trap that is generated when an alarm
entry crosses its falling threshold and generates
an event that is configured for sending SNMP
traps."
::= 2
END
6. Acknowledgments This document was produced by the IETF Remote Network Monitoring Working Group. 7. References [1] Cerf, V., "IAB Recommendations for the Development of Internet Network Management Standards", RFC 1052, NRI, April 1988. [2] Cerf, V., "Report of the Second Ad Hoc Network Management Review Group", RFC 1109, NRI, August 1989. [3] Rose M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based internets", STD 16, RFC 1155, Performance Systems International, Hughes LAN Systems, May 1990. [4] McCloghrie K., and M. Rose, Editors, "Management Information Base for Network Management of TCP/IP-based internets", STD 17, RFC 1213, Performance Systems International, March 1991. [5] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, SNMP Research, Performance Systems International, Performance Systems International, MIT Laboratory for Computer Science, May 1990. [6] McCloghrie, K., and F. Kastenholz, "Evolution of the Interfaces Group of MIB-II", RFC 1573, Hughes LAN Systems, FTP Software, January 1994. [7] Information processing systems - Open Systems Interconnection - Specification of Abstract Syntax Notation One (ASN.1), International Organization for Standardization. International Standard 8824, (December, 1987). [8] Information processing systems - Open Systems Interconnection - Specification of Basic Encoding Rules for Abstract Notation One (ASN.1), International Organization for Standardization. International Standard 8825, (December, 1987). [9] Rose, M., and K. McCloghrie, Editors, "Concise MIB Definitions", RFC 1212, Performance Systems International, Hughes LAN Systems, March 1991. [10] Rose, M., Editor, "A Convention for Defining Traps for use with the SNMP", RFC 1215, Performance Systems International, March 1991.
8. Security Considerations Security issues are not discussed in this memo. 9. Author's Address Steven Waldbusser Carnegie Mellon University 5000 Forbes Ave. Pittsburgh, PA 15213 EMail: waldbusser@cmu.edu
10. Appendix: Changes from RFC 1271 The RMON MIB has not been significantly changed since RFC 1271 was issued. Two changes were made to object definitions: 1) A new status bit has been defined for the captureBufferPacketStatus object, indicating that the packet order within the capture buffer may not be identical to the packet order as received off the wire. This bit may only be used for packets transmitted by the probe. Older NMS applications can safely ignore this status bit, which might be used by newer agents. 2) The packetMatch trap has been removed. This trap was never actually 'approved' and was not added to this document along with the risingAlarm and fallingAlarm traps. The packetMatch trap could not be throttled, which could cause disruption of normal network traffic under some circumstances. An NMS should configure a risingAlarm threshold on the appropriate channelMatches instance if a trap is desired for a packetMatch event. Note that logging of packetMatch events is still supported--only trap generation for such events has been removed. In addition, several clarifications to individual object definitions have been added to assist agent and NMS implementors: - global definition of "good packets" and "bad packets" - more detailed text governing conceptual row creation and modification - instructions for probes relating to interface changes and disruptions - clarification of some ethernet counter definitions - recommended formula for calculating network utilization - clarification of channel and captureBuffer behavior for some unusual conditions - examples of proper instance naming for each table