base/protocols/snmp/main.bro

SNMP

Enables analysis and logging of SNMP datagrams.

Namespace:SNMP

Summary

Redefinable Options

SNMP::version_map: table &redef &default = "unknown" &optional Maps an SNMP version integer to a human readable string.

Types

SNMP::Info: record Information tracked per SNMP session.

Events

SNMP::log_snmp: event Event that can be handled to access the SNMP record as it is sent on to the logging framework.

Detailed Interface

Redefinable Options

SNMP::version_map
Type:table [count] of string
Attributes:&redef &default = "unknown" &optional
Default:
{
   [1] = "2c",
   [0] = "1",
   [3] = "3"
}

Maps an SNMP version integer to a human readable string.

Types

SNMP::Info
Type:

record

ts: time &log

Timestamp of first packet belonging to the SNMP session.

uid: string &log

The unique ID for the connection.

id: conn_id &log

The connection’s 5-tuple of addresses/ports (ports inherently include transport protocol information)

duration: interval &log &default = 0 secs &optional

The amount of time between the first packet beloning to the SNMP session and the latest one seen.

version: string &log

The version of SNMP being used.

community: string &log &optional

The community string of the first SNMP packet associated with the session. This is used as part of SNMP’s (v1 and v2c) administrative/security framework. See RFC 1157 or RFC 1901.

get_requests: count &log &default = 0 &optional

The number of variable bindings in GetRequest/GetNextRequest PDUs seen for the session.

get_bulk_requests: count &log &default = 0 &optional

The number of variable bindings in GetBulkRequest PDUs seen for the session.

get_responses: count &log &default = 0 &optional

The number of variable bindings in GetResponse/Response PDUs seen for the session.

set_requests: count &log &default = 0 &optional

The number of variable bindings in SetRequest PDUs seen for the session.

display_string: string &log &optional

A system description of the SNMP responder endpoint.

up_since: time &log &optional

The time at which the SNMP responder endpoint claims it’s been up since.

Information tracked per SNMP session.

Events

SNMP::log_snmp
Type:event (rec: SNMP::Info)

Event that can be handled to access the SNMP record as it is sent on to the logging framework.