SNMP Information

In order to issue SNMP alerts, a list of SNMP receivers and their respective IP addresses must be specified. The SNMP time status indicator can also be enabled by setting the SNMP timer interval in minutes. These parameters are set in the configuration editor with the SNMP and SNMP_TIMER keywords, or in the administration GUI under the SNMP tab of the Screen object.

The following SNMP traps are supported:

• An action on a packet that matches a particular rule

• A default drop action on an interface

• Time status indicator traps

The first two types include the following data:

• interface - The SunScreen network interface number on which the packet was received.

• interfaceName - The SunScreen network interface name on which the packet was received.

• errorReason - The reason the alert was generated. (See the sunscreen.mib file for a complete list of reasons.)

• packetLength - The actual length of the packet in bytes.

• lengthLogged - The length of the data logged in bytes.

• packetData - The packet data.

The SNMP timed status indicator trap uses the same receivers database as other types of SNMP traps. There is only one database with a maximum of five receivers. These receivers are specified as variable to the screen object.

The following data are in the SNMP timed status indicator. These data cannot be modified and new data cannot be added:

• cpuUsage - Average percentile CPU usage

• memoryAvail - Current swap space available, in kilobytes

• swapIn - Current swap ins

• swapOut - Current swap outs

• scanRate - Current scan rate

• tcpUsage - Current number TCP connections in the SunScreen state table

• ipUsage - Current number IP connections in the SunScreen state table

• udpUsage - Current number UDP connections in the SunScreen state table

• rootUsage - Disk usage of the root partition, /

• varUsage - Disk usage of the var partition, /var

• etcUsage - Disk usage of the etc partition, /etc

• tmpUsage - Disk usage at the tmp partition, /tmp

Only these SNMP traps are supported. No get or set operations are supported.

If you want the Screen to use SNMP time status indicator, you must set the SNMP_TIMER keyword with a time value in minutes. You must have defined the SNMP receivers to use this feature. If it is not set, it is not enabled.

SunScreen 3.2 supports four syntaxes for ranges:

• STEALTH_NET a.b.c.d e.f.g.h

• STEALTH_NET a.b.c.d - e.f.g.h (same as above, spaces optional around '-')

• STEALTH_NET a.b.c.d/m.n.o.p (m.n.o.p is the network+subnet mask)

• STEALTH_NET a.b.c.d/# (# is CIDR, number of network+subnet bits)