base/protocols/snmp/main.zeek
- SNMP
Enables analysis and logging of SNMP datagrams.
- Namespace:
SNMP
- Imports:
Summary
Redefinable Options
|
Maps an SNMP version integer to a human readable string. |
Types
Information tracked per SNMP session. |
Redefinitions
|
|
Events
Event that can be handled to access the SNMP record as it is sent on to the logging framework. |
Hooks
SNMP finalization hook. |
|
Detailed Interface
Redefinable Options
Types
- SNMP::Info
- Type:
-
- ts:
time
&log
Timestamp of first packet belonging to the SNMP session.
- uid:
string
&log
The unique ID for the connection.
- id:
conn_id
&log
The connection’s 5-tuple of addresses/ports (ports inherently include transport protocol information)
- duration:
interval
&log
&default
=0 secs
&optional
The amount of time between the first packet belonging to the SNMP session and the latest one seen.
- version:
string
&log
The version of SNMP being used.
- community:
string
&log
&optional
The community string of the first SNMP packet associated with the session. This is used as part of SNMP’s (v1 and v2c) administrative/security framework. See RFC 1157 or RFC 1901.
- get_requests:
count
&log
&default
=0
&optional
The number of variable bindings in GetRequest/GetNextRequest PDUs seen for the session.
- get_bulk_requests:
count
&log
&default
=0
&optional
The number of variable bindings in GetBulkRequest PDUs seen for the session.
- get_responses:
count
&log
&default
=0
&optional
The number of variable bindings in GetResponse/Response PDUs seen for the session.
- set_requests:
count
&log
&default
=0
&optional
The number of variable bindings in SetRequest PDUs seen for the session.
- display_string:
string
&log
&optional
A system description of the SNMP responder endpoint.
- up_since:
time
&log
&optional
The time at which the SNMP responder endpoint claims it’s been up since.
- ts:
Information tracked per SNMP session.
Events
- SNMP::log_snmp
- Type:
event
(rec:SNMP::Info
)
Event that can be handled to access the SNMP record as it is sent on to the logging framework.
Hooks
- SNMP::finalize_snmp
- Type:
SNMP finalization hook. Remaining SNMP info may get logged when it’s called.