smilint output for ./INTRUSION-DETECTION-SENSOR-ALERT-MIB
| Message Severities |
|---|
| Severity | Count |
|---|
| error | 3 |
| minor error | 1 |
| warning | 9 |
| Message Types |
|---|
| Type | Count |
|---|
| import-unused (warning) | 4 |
| index-element-accessible (warning) | 1 |
| integer-misuse (warning) | 4 |
| object-identifier-not-prefix (error) | 1 |
| revision-missing (minor error) | 1 |
| sequence-type-mismatch (error) | 2 |
Messages:
INTRUSION-DETECTION-SENSOR-ALERT-MIB
1: -- extracted from draft-glenn-id-sensor-alert-mib-01.txt
2: -- at Sat Nov 25 16:04:49 2000
3:
4: INTRUSION-DETECTION-SENSOR-ALERT-MIB DEFINITIONS ::= BEGIN
5:
6: IMPORTS
7: MODULE-IDENTITY, Counter32, Gauge32, OBJECT-TYPE,
7: warning -
warning: identifier `Counter32' imported from module `SNMPv2-SMI' is never used
7: warning -
warning: identifier `Gauge32' imported from module `SNMPv2-SMI' is never used
8: OBJECT-IDENTITY, mib-2 FROM SNMPv2-SMI
9: DateAndTime, TimeStamp
9: warning -
warning: identifier `TimeStamp' imported from module `SNMPv2-TC' is never used
10: FROM SNMPv2-TC
11: MODULE-COMPLIANCE, OBJECT-GROUP
12: FROM SNMPv2-CONF
13: SnmpEngineID, SnmpAdminString
13: warning -
warning: identifier `SnmpEngineID' imported from module `SNMP-FRAMEWORK-MIB' is never used
14: FROM SNMP-FRAMEWORK-MIB
15: InetAddressType, InetAddress
16: FROM INET-ADDRESS-MIB
17: URLString
18: FROM NETWORK-SERVICES-MIB;
19:
20: idsaMIB MODULE-IDENTITY
21: LAST-UPDATED "200011160000Z" -- 16th November 2000
22: ORGANIZATION "IETF Intrusion Detection Message Exchange Format
23: Working Group"
24: CONTACT-INFO
25: " Glenn Mansfield
26: Postal: Cyber Solutions Inc.
27: 6-6-3, Minami Yoshinari
28: Aoba-ku, Sendai, Japan 989-3204.
29:
30: Tel: +81-22-303-4012
31: Fax: +81-22-303-4015
32: E-mail: glenn@cysols.com
33:
34: Dipankar Gupta
35: Postal: Hewlett Packard Company
36: 690 East Middlefield Road, MS 31R
37: Mountain View California 94043.
38:
39: Tel: +1-650-919-8066
40: Fax: +1-650-919-8540
41: E-mail: dipankar_gupta@hp.com
42:
43: Working Group E-mail: idwg-public@zurich.ibm.com
44: To subscribe: idwg-public-request@zurich.ibm.com"
45:
46: DESCRIPTION
47: " The MIB for Intrusion Detection Messages."
48: ::= { mib-2 xxx } -- to be assigned by IANA
48: minor error -
revision for last update is missing
48: error -
Object identifier element `xxx' name only allowed as first element
49:
50: idsaSensorObjects OBJECT-IDENTITY
51: STATUS current
52: DESCRIPTION
53: " This is the base object for the objects used in the
54: notifications."
55: ::= {idsaMIB 1}
56:
57: idsaSensorID OBJECT-TYPE
58: SYNTAX SnmpAdminString
59: MAX-ACCESS read-only
60: STATUS current
61: DESCRIPTION
62: " An identifier to uniquely identify the Analyzer
63: in the domain."
64: ::= { idsaSensorObjects 1 }
65:
66: idsaSensorDescription OBJECT-TYPE
67: SYNTAX SnmpAdminString
68: MAX-ACCESS read-only
69: STATUS current
70: DESCRIPTION
71: " A short description of the Sensor."
72: ::= { idsaSensorObjects 2 }
73:
74: idsaSensorProductID OBJECT-TYPE
75: SYNTAX SnmpAdminString
76: MAX-ACCESS read-only
77: STATUS current
78: DESCRIPTION
79: "A reference to MIB definitions specific to the
80: analyzer generating the message. If this information
81: is not present, its value should be set to the OBJECT
82: IDENTIFIER { 0 0 }, which is a syntatically valid
83: object identifier."
84: ::= { idsaSensorObjects 3 }
85:
86: idsaSensorAddressType OBJECT-TYPE
87: SYNTAX InetAddressType
88: MAX-ACCESS read-only
89: STATUS current
90: DESCRIPTION
91: "The type of the address which follows."
92: ::= { idsaSensorObjects 4}
93:
94: idsaSensorAddress OBJECT-TYPE
95: SYNTAX InetAddress
96: MAX-ACCESS read-only
97: STATUS current
98: DESCRIPTION
99: "The Internet address of the sensor."
100: ::= { idsaSensorObjects 5}
101:
102: idsaSensorManufacturer OBJECT-TYPE
103: SYNTAX SnmpAdminString
104: MAX-ACCESS read-only
105: STATUS current
106: DESCRIPTION
107: " the Manufacturer of the sensor that detected the event."
108: ::= { idsaSensorObjects 6}
109:
110: idsaSensorProductName OBJECT-TYPE
111: SYNTAX SnmpAdminString
112: MAX-ACCESS read-only
113: STATUS current
114: DESCRIPTION
115: " the name of the product that detected the event."
116: ::= { idsaSensorObjects 7}
117:
118: idsaSensorVersion OBJECT-TYPE
119: SYNTAX SnmpAdminString
120: MAX-ACCESS read-only
121: STATUS current
122: DESCRIPTION
123: " the version number of the sensor that detected the event."
124: ::= { idsaSensorObjects 8}
125:
126:
127: idsaSensorLocation OBJECT-TYPE
128: SYNTAX SnmpAdminString
129: MAX-ACCESS read-only
130: STATUS current
131: DESCRIPTION
132: " the location of the tool that detected the event."
133: ::= { idsaSensorObjects 9}
134:
135:
136: idsaAlerts OBJECT-IDENTITY
137: STATUS current
138: DESCRIPTION
139: " This is the base object for the subtree of objects defining
140: the alerts."
141: ::= {idsaMIB 2}
142:
143: -- idsaAlertTable: The Table of Alerts. Each row represents an Alert.
144: -- idsaAlertID is the key to the table. The size of this table will be
145: -- implementation dependent - some implementors may choose to keep
146: -- a maximum of one messages in this table.
147:
148: idsaAlertTable OBJECT-TYPE
149: SYNTAX SEQUENCE OF IdsaAlertEntry
150: MAX-ACCESS not-accessible
151: STATUS current
152: DESCRIPTION
153: " Each row of this table contains information
154: about an alert indexed by idsaAlertID."
155: ::= { idsaAlerts 1 }
156:
157: idsaAlertEntry OBJECT-TYPE
157: warning -
warning: index element `idsaAlertID' of row `idsaAlertEntry' should be not-accessible in SMIv2 MIB
158: SYNTAX IdsaAlertEntry
159: MAX-ACCESS not-accessible
160: STATUS current
161: DESCRIPTION
162: " Entry containing information pertaining to
163: an alert."
164: INDEX { idsaAlertID}
165: ::= { idsaAlertTable 1 }
166:
167: IdsaAlertEntry ::= SEQUENCE {
168: idsaAlertID
169: INTEGER,
170: idsaAlertLocalAddressType
171: InetAddressType,
172: idsaAlertLocalAddress
173: InetAddress,
174: idsaAlertInterfaceIndex
175: INTEGER,
176: idsaAlertTimeStamp
177: DateAndTime,
178: idsaAlertActionsTaken
179: INTEGER,
180: idsaAlertAttackName
181: SnmpAdminString,
182: idsaAlertMoreInfo
183: URLString,
184: idsaAlertSrcAddressType
185: InetAddressType,
186: idsaAlertSrcAddress
187: InetAddress,
188: idsaAlertDstAddressType
189: InetAddressType,
190: idsaAlertDstAddress
191: InetAddress,
192:
193: idsaAlertSrcPort
194: INTEGER,
195: idsaAlertDstPort
196: INTEGER
197: }
198:
199:
200: idsaAlertID OBJECT-TYPE
201: SYNTAX INTEGER (1..65535)
201: warning -
warning: use Integer32 instead of INTEGER in SMIv2
202: MAX-ACCESS read-only
203: STATUS current
204: DESCRIPTION
205: " The AlertID uniquely identifies each alert generated
206: by the sensor."
207: ::= {idsaAlertEntry 1}
208:
209: idsaAlertLocalAddressType OBJECT-TYPE
210: SYNTAX InetAddressType
211: MAX-ACCESS read-only
212: STATUS current
213: DESCRIPTION
214: "The type of the address which follows."
215: ::= { idsaAlertEntry 2}
216:
217: idsaAlertLocalAddress OBJECT-TYPE
218: SYNTAX InetAddress
219: MAX-ACCESS read-only
220: STATUS current
221: DESCRIPTION
222: "The Internet address associated with the alert ."
223: ::= { idsaAlertEntry 3}
224:
225: idsaAlertInterfaceIndex OBJECT-TYPE
226: SYNTAX INTEGER (1..65535)
226: warning -
warning: use Integer32 instead of INTEGER in SMIv2
227: MAX-ACCESS read-only
228: STATUS current
229: DESCRIPTION
230: " The ifIndex of the interface on which the event was
231: detected by the sensor."
232: ::= {idsaAlertEntry 4}
233:
234: idsaAlertTimeStamp OBJECT-TYPE
235: SYNTAX DateAndTime
236: MAX-ACCESS read-only
237: STATUS current
238: DESCRIPTION
239: " The local date and time when this alert was generated."
240: ::= { idsaAlertEntry 5}
241:
242: -- the actions will probably be a comma separated list of action
243: -- codes or a pointer to another MIB table from which the actions
244: -- may be fetched.
245: --
246: idsaAlertActionsTaken OBJECT-TYPE
247: SYNTAX SnmpAdminString
248: MAX-ACCESS read-only
249: STATUS current
250: DESCRIPTION
251: " The list of automatic actions taken by the sensor"
252: ::= { idsaAlertEntry 6}
252: error -
type of `idsaAlertActionsTaken' in sequence and object type definition do not match
253:
254: -- SnmpAdminString length is 255 characters max. It contains
255: -- information represented using the ISO/IEC IS 10646-1 character
256: -- set, encoded using the UTF-8 transformation format to facilitate
257: -- internationalization.
258:
259: idsaAlertAttackName OBJECT-TYPE
260: SYNTAX SnmpAdminString
261: MAX-ACCESS read-only
262: STATUS current
263: DESCRIPTION
264: " the name of the atack, if known. If not known this field will
265: be inaccessile."
266: ::= { idsaAlertEntry 7}
267:
268: idsaAlertMoreInfo OBJECT-TYPE
269: SYNTAX OBJECT IDENTIFIER
270: MAX-ACCESS read-only
271: STATUS current
272: DESCRIPTION
273: "A reference to MIB definitions specific to this
274: message. If this information is not
275: present, its value should be set to the OBJECT
276: IDENTIFIER { 0 0 }, which is a syntatically valid
277: object identifier."
278: ::= { idsaAlertEntry 8}
278: error -
type of `idsaAlertMoreInfo' in sequence and object type definition do not match
279:
280: idsaAlertSrcAddressType OBJECT-TYPE
281: SYNTAX InetAddressType
282: MAX-ACCESS read-only
283: STATUS current
284: DESCRIPTION
285: "The type of the Internet address that was the attack source."
286: ::= { idsaAlertEntry 9}
287:
288: idsaAlertSrcAddress OBJECT-TYPE
289: SYNTAX InetAddress
290: MAX-ACCESS read-only
291: STATUS current
292: DESCRIPTION
293: " The Internet addresses of the entity from which the attack
294: originated, if known. "
295: ::= { idsaAlertEntry 10}
296:
297: idsaAlertDstAddressType OBJECT-TYPE
298: SYNTAX InetAddressType
299: MAX-ACCESS read-only
300: STATUS current
301: DESCRIPTION
302: "The type of the Internet address that was the attack target."
303: ::= { idsaAlertEntry 11}
304:
305: idsaAlertDstAddress OBJECT-TYPE
306: SYNTAX InetAddress
307: MAX-ACCESS read-only
308: STATUS current
309: DESCRIPTION
310: " The Internet address of the entity to which the attack
311: was destined, if known."
312: ::= { idsaAlertEntry 12}
313:
314: idsaAlertSrcPort OBJECT-TYPE
315: SYNTAX INTEGER
316: MAX-ACCESS read-only
316: warning -
warning: use Integer32 instead of INTEGER in SMIv2
317: STATUS current
318: DESCRIPTION
319: " The port number from where the attack has originated "
320: ::= { idsaAlertEntry 13}
321:
322: idsaAlertDstPort OBJECT-TYPE
323: SYNTAX INTEGER
324: MAX-ACCESS read-only
324: warning -
warning: use Integer32 instead of INTEGER in SMIv2
325: STATUS current
326: DESCRIPTION
327: " The port number to which the attack is destined "
328: ::= { idsaAlertEntry 14}
329:
330: -- Conformance information
331:
332: idsaConformance OBJECT IDENTIFIER ::= {idsaMIB 3 }
333:
334: idsaGroups OBJECT IDENTIFIER ::= { idsaConformance 1 }
335: idsaCompliances OBJECT IDENTIFIER ::= { idsaConformance 2 }
336:
337: -- Compliance statements
338:
339: idsaAlertCompliance MODULE-COMPLIANCE
340: STATUS current
341: DESCRIPTION
342: "The compliance statement for SNMP entities
343: which implement the
344: INTRUSION-DETECTION-SENSOR-ALERT-MIB."
345:
346: MODULE -- this module
347: MANDATORY-GROUPS { idsaAlertGroup }
348:
349: ::= { idsaCompliances 1 }
350:
351: -- Units of conformance
352:
353: idsaAlertGroup OBJECT-GROUP
354: OBJECTS {
355: idsaSensorID,
356: idsaSensorDescription,
357: idsaSensorProductID,
358: idsaSensorAddressType,
359: idsaSensorAddress,
360: idsaSensorManufacturer,
361: idsaSensorProductName,
362: idsaSensorVersion,
363: idsaSensorLocation,
364: idsaAlertID,
365: idsaAlertLocalAddressType,
366: idsaAlertLocalAddress,
367: idsaAlertInterfaceIndex,
368: idsaAlertTimeStamp,
369: idsaAlertActionsTaken,
370: idsaAlertAttackName,
371: idsaAlertMoreInfo,
372: idsaAlertSrcAddressType,
373: idsaAlertSrcAddress,
374: idsaAlertDstAddressType,
375: idsaAlertDstAddress,
376: idsaAlertSrcPort,
377: idsaAlertDstPort
378:
379: }
380: STATUS current
381: DESCRIPTION
382: " A collection of objects for generation and despatch of
383: alerts pertaining to intrusions detected."
384: ::= { idsaGroups 1 }
385:
386: END
387:
388: --
389: -- "Copyright (C) The Internet Society (date). All Rights
390: -- Reserved.
391: --
392: -- This document and translations of it may be copied and
393: -- furnished to others, and derivative works that comment on or
394: -- otherwise explain it or assist in its implmentation may be
395: -- prepared, copied, published and distributed, in whole or in
396: -- part, without restriction of any kind, provided that the above
397: -- copyright notice and this paragraph are included on all such
398: -- copies and derivative works. However, this document itself may
399: -- not be modified in any way, such as by removing the copyright
400: -- notice or references to the Internet Society or other Internet
401: -- organizations, except as needed for the purpose of developing
402: -- Internet standards in which case the procedures for copyrights
403: -- defined in the Internet Standards process must be followed, or
404: -- as required to translate it into languages other than English.
405: --
406: -- The limited permissions granted above are perpetual and will
407: -- not be revoked by the Internet Society or its successors or
408: -- assigns.
409: --
410: -- This document and the information contained herein is provided
411: -- on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
412: -- ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
413: -- IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
414: -- OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
415: -- IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
416: -- PARTICULAR PURPOSE."
417: