MIB Study

From OpenNMS
Revision as of 21:05, 16 February 2006 by David (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Understanding MIBs

MIB Studies are a comprehensive review of documents published by Vendors for SNMP enabled systems (having SNMP agents). SNMP is the standard management protocol and a MIB (Management Information Base) is a set of all objects maintained by an agent and accessible via the SNMP protocol. A MIB definition is a file definining the structure of this information and is written using ASN.1 (Abstract Syntax Notation).

<a name="ObjectIds" id="ObjectIDs"></a>

Object Ids

The OpenNMS system has discovered devices with the following Enterprice IDs:

opennms=# select distinct nodesysoid, substr(nodesysdescription, 1, 40) from node;

        nodesysoid          |                  substr                   
. | HP J4813A ProCurve Switch 2524, revision 
.        | Symbol Access Point, S/W rev:- S/W rev: 
.      | CN3500 - Hardware revision 55-01-0007-01 
.      | CN3500 - Hardware revision 55-01-0007-02 
.      | CN3500 - Hardware revision 55-01-0020-00 
.      | CN3200 - Hardware revision 50-00-0009-01 
.      | CN3200 - Hardware revision 50-00-0009-02 
.      | CN3200 - Hardware revision 50-00-0013-01 
.      | CN320 - Hardware revision 50-00-0008-01
.      | CN320 - Hardware revision 50-00-0008-02
.      | CN330 - Hardware revision 50-00-0024-01
.       | CN3000 - Hardware revision 50-00-0002-04 
.       | CN3000 - Hardware revision 50-00-0006-01 
.       | CN3000 - Hardware revision 50-00-0014-01 
.       | CN300 - Hardware revision 50-00-0006-01
.    | LinkProof Branch - 50M

The nodesysoid column from the node table in the OpenNMS database is discovered by OpenNMS during its SNMP communication with the device. This column is a value the is required by all MIB2 compatible SNMP agents and is defined in the MIB2 RFC 1213...

         sysObjectID OBJECT-TYPE
             ACCESS  read-only
             STATUS  mandatory
                     "The vendor's authoritative identification of the
                     network management subsystem contained in the
                     entity.  This value is allocated within the SMI
                     enterprises subtree ( and provides an
                     easy and unambiguous means for determining `what
                     kind of box' is being managed.  For example, if
                     vendor `Flintstones, Inc.' was assigned the
                     subtree, it could assign the
                     identifier to its `Fred
             ::= { system 2 }

The majority of the sysObjectIDs discovered by OpenNMS contains the enterprise 8744. Enterprise numbers are controlled by IANA and 8744 is assigned:

   Colubris Networks Inc.
     Eric Perie

These numbers can be found following this link: http://www.iana.org/assignments/enterprise-numbers (careful, this is a very large page for a browser). Another interesting example is:

   Swisscom AG
     Markus Schuetz

If Swisscom-Eurospot decided to add functionality to an SNMP agent, I suggest using this enterprise ID for the SNMP OBJECT-TYPES.

<a name="ColubrisMIB" id="ColubrisMIB"></a>

Colubris MIB

Interesting TRAPS from the Colubris MIB definition files....

Colubris Traps
MIB File Trap Description from MIB Comments
COLUBRIS-IEEE802DOT11.my coDot11UnauthorizedAPNotification Sent when a new unauthorized AP is detected
COLUBRIS-MAINTENANCE-MIB.my firmwareUpdateNotification Sent when a firmware update was attempted from a remote server Must be enabled with SNMP-Set operation or through config
COLUBRIS-MAINTENANCE-MIB.my configurationUpdateNotification Sent when a configuration update was attempted from a remote server
COLUBRIS-MAINTENANCE-MIB.my configurationUpdateNotification Sent when a configuration update was attempted from a remote server
COLUBRIS-MAINTENANCE-MIB.my configurationLocalUpdateNotification Specifies if configurationLocalUpdateNotification notifications will be generated
COLUBRIS-MAINTENANCE-MIB.my certificateAboutToExpireNotification Sent when a certificate is about to expire
COLUBRIS-MAINTENANCE-MIB.my certificateExpiredNotification Sent when a certificate has expired
COLUBRIS-PUBLIC-ACCESS-MIB.my publicAccessUsersThresholdTrap This notification is sent whenever publicAccessUsersThreshold is exceeded
COLUBRIS-PUBLIC-ACCESS-MIB.my publicAccessUsersSessionFailTrap When a user authentication fail a trap is generated if the publicAccessUsersSessionTrapEnabled is set to True
COLUBRIS-PUBLIC-ACCESS-MIB.my publicAccessUsersLoggedInTrap This is sent when a user is authenticated or periodically (see publicAccessUSersLoggedInTrapInterval) if the publicAccessUsersLoggedInTrapEnabled is set to True
COLUBRIS-PUBLIC-ACCESS-RETENTION-MIB.my publicAccessRetentionSessionMaxCountReachedTrap This notification is sent whenever the number of session exceed the value of publicAccessRetentionSessionsMaxCount
COLUBRIS-SATELLITE-MANAGEMENT-MIB.my satelliteUpNotification Sent when a new satellite is detected
COLUBRIS-SATELLITE-MANAGEMENT-MIB.my satelliteDownNotification Sent when a satellite becomes unreachable
COLUBRIS-SYSTEM-MIB.my adminAccessAuthFailureNotification Sent after an administrator authentication failure
COLUBRIS-SYSTEM-MIB.my adminAccessLoginNotification Sent after an administrator is sucessfully authenticated
COLUBRIS-SYSTEM-MIB.my systemColdStart Sent at system boot up
COLUBRIS-SYSTEM-MIB.my systemHeartbeatNotification Sent every heartbeatPeriod
IF-MIB.my linkDown Indicates whether linkUp/linkDown traps should be generated for this interface. By default, this object should have the value enabled(1) for interfaces which do not operate on 'top' of any other interface (as defined in the ifStackTable), and disabled(2) otherwise
IF-MIB.my linkUp A linkUp trap signifies that the SNMP entity, acting in an agent role, has detected that the ifOperStatus object for one of its communication links left the down state and transitioned into some other state (but not into the notPresent state). This other state is indicated by the included value of ifOperStatus
SNMPv2-MIB.my coldStart A coldStart trap signifies that the SNMPv2 entity, acting in an agent role, is reinitializing itself and that its configuration may have been altered
SNMPv2-MIB.my warmStart A warmStart trap signifies that the SNMPv2 entity, acting in an agent role, is reinitializing itself such that its configuration is unaltered
SNMPv2-MIB.my authenticationFailure (SNMP) An authenticationFailure trap signifies that the SNMPv2 entity, acting in an agent role, has received a protocol message that is not properly authenticated. While all implementations of the SNMPv2 must be capable of generating this trap, the snmpEnableAuthenTraps object indicates whether this trap will be generated

Interesting performance metrics:

Interesting performance metrics for thresholding