×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

2 MIBS in same folder doesn't work

2 MIBS in same folder doesn't work

2 MIBS in same folder doesn't work

(OP)
Okay strange I got several mib files from Forescout to monitor and for the life of me I couldn't figure out why they wouldn't work. Then I removed all of them except one and it worked, no clue why. Yet there is an older server that was here before I got here where they are in the same folder and work just fine.

I pasted the only two files (MIB1 and MIB2) I need below. I'd appreciate any help.

***Here's MIB1--***

-- File Name : ForeScout.mib
-- Date : Tue Oct 30 11:44:06 IST 2001
-- File Name : ForeScout.mib
-- Author : Ori Naishtein
ForeScout DEFINITIONS ::= BEGIN
IMPORTS
DisplayString
FROM RFC1213-MIB
OBJECT-TYPE
FROM RFC-1212
enterprises, TimeTicks, IpAddress, Counter
FROM RFC1155-SMI;

org OBJECT IDENTIFIER
::= { iso 3 }

dod OBJECT IDENTIFIER
::= { org 6 }

internet OBJECT IDENTIFIER
::= { dod 1 }

private OBJECT IDENTIFIER
::= { internet 4 }

enterprises OBJECT IDENTIFIER
::= { private 1 }

forescout OBJECT IDENTIFIER
::= { enterprises 11789 }

general OBJECT IDENTIFIER
::= { forescout 1 }

intrusion OBJECT IDENTIFIER
::= { forescout 2 }

scout OBJECT IDENTIFIER
::= { forescout 3 }

organization OBJECT IDENTIFIER
::= { forescout 4 }

fsGenId OBJECT-TYPE
SYNTAX INTEGER { scout ( 1 ) , ccu ( 2 ) , unknown ( 0 ) }
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Identifies forescout agent - scout / CCU"
DEFVAL { unknown }
::= { general 1 }

fsGenVersion OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The current installed version"
DEFVAL { "unknown" }
::= { general 2 }

fsGenLicenseExpirationDate OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"License expiration date represented as string"
::= { general 3 }


database OBJECT IDENTIFIER
::= { general 4 }

intrudBlockedNumber OBJECT-TYPE
SYNTAX INTEGER ( 0 .. 2147483647 )
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Number of currently blocked addresses"
::= { intrusion 1 }

intrudOffensiveNumber OBJECT-TYPE
SYNTAX INTEGER ( 0 .. 2147483647 )
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Number of currently offensive addresses"
::= { intrusion 2 }

intrudBiteEventsTable OBJECT-TYPE
SYNTAX SEQUENCE OF IntrudBiteEventsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Table of last 100 bite events"
::= { intrusion 3 }

intrudBiteEventsEntry OBJECT-TYPE
SYNTAX IntrudBiteEventsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A single bite event"
INDEX { biteEventIndex }
::= { intrudBiteEventsTable 1 }

IntrudBiteEventsEntry ::= SEQUENCE {
biteEventIndex INTEGER,
biteEventintruderAddress IpAddress,
biteEventTime TimeTicks,
biteEventType OCTET STRING,
biteScoutOperation INTEGER
}


biteEventIndex OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The index of the bite event"
::= { intrudBiteEventsEntry 1 }


biteEventintruderAddress OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The address of the intuder"
::= { intrudBiteEventsEntry 2 }


biteEventTime OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Time of the bite event"
::= { intrudBiteEventsEntry 3 }


biteEventType OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Bite type"
::= { intrudBiteEventsEntry 4 }


biteScoutOperation OBJECT-TYPE
SYNTAX INTEGER { default ( 0 ) , ignore ( 1 ) , block ( 2 ) , monitor ( 3 ) }
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The action took place in the scout as a respond to the bite event"
::= { intrudBiteEventsEntry 5 }

intrudTotlaActiveNumber OBJECT-TYPE
SYNTAX INTEGER ( 0 .. 2147483647 )
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Total number of active hosts"
::= { intrusion 4 }

sctEngineLastStart OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Last time engine was started"
DEFVAL { 0 }
::= { scout 1 }

sctEngineLastShutdown OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Last time engine was shutdown"
DEFVAL { 0 }
::= { scout 2 }

sctCurrentPolicyName OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The current defined policy name"
::= { scout 3 }

sctCurrentBitePolicy OBJECT-TYPE
SYNTAX INTEGER { Unknown( 0 ) ,Block ( 1 ) ,Monitor ( 2 ) , Mixed ( 3 )}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The current bite policy - how do the scout handle detected bite "
::= { scout 4 }

sctHandeledPackets OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Total number of packets being handeled by the scout"
::= { scout 5 }

sctHandeledBytes OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Total number of bytes being handeled by the scout"
::= { scout 6 }

sctEngineCpuUsage OBJECT-TYPE
SYNTAX INTEGER ( 0 .. 100 )
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Precentage of engine's CPU usage"
DEFVAL { 0 }
::= { scout 7 }

sctTotalCpuUsage OBJECT-TYPE
SYNTAX INTEGER ( 0 .. 100 )
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Total CPU usage at the scout's machine"
DEFVAL { 0 }
::= { scout 8 }

sctTotalMemUsage OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Amount of memory (in Kb) currently used at the scout machine"
DEFVAL { 0 }
::= { scout 9 }



sctEngineMemUsage OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Amount of memory (in Kb) currently used by the engine process"
DEFVAL { 0 }
::= { scout 10 }

sctAcuMemUsage OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Amount (in Kb) of memory used by the ACU process"
::= { scout 11 }

sctPhysicalMem OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The physical memory (in Kb) capacity at the scout's machine"
::= { scout 12 }

sctSwapMem OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The available swap memory (in Kb) capacity at the scout's machine"
::= { scout 13 }

sctDiskPartitionTable OBJECT-TYPE
SYNTAX SEQUENCE OF SctDiskPartitionEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Disk partisions at the scout's machine"
::= { scout 14 }

sctDiskPartitionEntry OBJECT-TYPE
SYNTAX SctDiskPartitionEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Single partition"
INDEX { name }
::= { sctDiskPartitionTable 1 }

SctDiskPartitionEntry ::= SEQUENCE {
name OCTET STRING,
totalSpace INTEGER,
usedSpace INTEGER
}


name OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Name of the partition"
::= { sctDiskPartitionEntry 1 }


totalSpace OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Total amount of disk space (in Kb) under this partition"
::= { sctDiskPartitionEntry 2 }


usedSpace OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Amount of disk space (in Kb) currently used under this partition"
::= { sctDiskPartitionEntry 3 }


orgRegisteredScoutsTable OBJECT-TYPE
SYNTAX SEQUENCE OF orgRegisteredScoutsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Current registered scouts"
::= { organization 1 }

orgRegisteredScoutsEntry OBJECT-TYPE
SYNTAX orgRegisteredScoutsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A single registered scout"
INDEX { scoutId }
::= { orgRegisteredScoutsTable 1 }

orgRegisteredScoutsEntry ::= SEQUENCE {
scoutId OCTET STRING,
scoutAddress IpAddress,
scoutConnectionStatus INTEGER,
scoutLastConnectionStatusTime TimeTicks
}


scoutId OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Scout identifier"
::= { orgRegisteredScoutsEntry 1 }


scoutAddress OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Scout's address"
::= { orgRegisteredScoutsEntry 2 }


scoutConnectionStatus OBJECT-TYPE
SYNTAX INTEGER { unknown ( 0 ) , connected ( 1 ) , disconnected ( 2 ) }
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Scout's connection to the CCU status"
::= { orgRegisteredScoutsEntry 3 }


scoutLastConnectionStatusTime OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Last time connection status was changed"
::= { orgRegisteredScoutsEntry 4 }

dbType OBJECT-TYPE
SYNTAX DisplayString ( SIZE ( 0 .. 255 ) )
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The installed database type and version"
::= { database 1 }

dbWriteQuerySize OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Number of insert / update statement waiting to be executed"
DEFVAL { ok }
::= { database 2 }


sctLogPartitionName OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The name of the disk partition inwhich ForeScout logs reside"
::= { scout 15 }

sctDbPartitionName OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The disk partition inwhich the database resides"
::= { scout 16 }

sctFloodMode OBJECT-TYPE
SYNTAX INTEGER { No-Flood ( 1 ) ,Syn-Flood ( 2 ) ,Probe-Flood (3) ,Syn-Probe-Flood(4)}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Indicates whether the ActiveScout is being flooded"
::= { scout 17 }


scoutStartTrap TRAP-TYPE
ENTERPRISE forescout
VARIABLES { sctEngineLastStart }
DESCRIPTION "ActiveScout was started"
::= 1

scoutShutDownTrap TRAP-TYPE
ENTERPRISE forescout
VARIABLES { sctEngineLastShutdown }
DESCRIPTION "ActiveScout was stopped"
::= 2

policyChangeTrap TRAP-TYPE
ENTERPRISE forescout
VARIABLES { sctCurrentPolicyName }
DESCRIPTION "Current policy was modified"
::= 3


biteEventTrap TRAP-TYPE
ENTERPRISE forescout
VARIABLES { intrudBiteEventsEntry }
DESCRIPTION "Bite attempt detection notification"
::= 4

scoutConnectionStatusChange TRAP-TYPE
ENTERPRISE forescout
VARIABLES { orgRegisteredScoutsEntry}
DESCRIPTION "Scout is connected to / disconnected from CC"
::= 5

scoutFloodModeChange TRAP-TYPE
ENTERPRISE forescout
VARIABLES { sctFloodMode}
DESCRIPTION "Scout has detected start/end of flood attack"
::= 6


END


***Here's MIB2***
-- File Name : ForeScout.mib
-- Date : Tue Oct 30 11:44:06 IST 2001
-- File Name : ForeScout.mib
-- Author : Ori Naishtein
ForeScout DEFINITIONS ::= BEGIN
IMPORTS
DisplayString
FROM RFC1213-MIB
OBJECT-TYPE
FROM RFC-1212
enterprises, TimeTicks, IpAddress, Counter
FROM RFC1155-SMI;

org OBJECT IDENTIFIER
::= { iso 3 }

dod OBJECT IDENTIFIER
::= { org 6 }

internet OBJECT IDENTIFIER
::= { dod 1 }

private OBJECT IDENTIFIER
::= { internet 4 }

enterprises OBJECT IDENTIFIER
::= { private 1 }

forescout OBJECT IDENTIFIER
::= { enterprises 11789 }

general OBJECT IDENTIFIER
::= { forescout 1 }

intrusion OBJECT IDENTIFIER
::= { forescout 2 }

counterACT OBJECT IDENTIFIER
::= { forescout 3 }

organization OBJECT IDENTIFIER
::= { forescout 4 }

fsGenId OBJECT-TYPE
SYNTAX INTEGER { counterACT ( 1 ) , ManagementServer ( 2 ) , unknown ( 0 ) }
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Identifies forescout agent - counterACT / Management Server"
DEFVAL { unknown }
::= { general 1 }

fsGenVersion OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The current installed version"
DEFVAL { "unknown" }
::= { general 2 }

fsGenLicenseExpirationDate OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"License expiration date represented as string"
::= { general 3 }


database OBJECT IDENTIFIER
::= { general 4 }

intrudBlockedNumber OBJECT-TYPE
SYNTAX INTEGER ( 0 .. 2147483647 )
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Number of currently blocked addresses"
::= { intrusion 1 }

intrudOffensiveNumber OBJECT-TYPE
SYNTAX INTEGER ( 0 .. 2147483647 )
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Number of currently offensive addresses"
::= { intrusion 2 }



intrudBiteEventsTable OBJECT-TYPE
SYNTAX SEQUENCE OF IntrudBiteDetectionEventsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Table of last bite events"
::= { intrusion 3 }

intrudBiteEventsEntry OBJECT-TYPE
SYNTAX IntrudBiteDetectionEventsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A single detection event"
INDEX { eventIndex }
::= { intrudBiteEventsTable 1 }

IntrudBiteDetectionEventsEntry ::= SEQUENCE {
eventIndex INTEGER,
eventSourceAddress IpAddress,
eventTime TimeTicks,
eventType OCTET STRING,
eventcounterACTOperation INTEGER,
eventcounterACTOperationDuration TimeTicks,
eventSpecificDetails OCTET STRING,
eventDestinationAddress IpAddress,
eventDestinationPort INTEGER,
eventProtocol INTEGER
}


eventIndex OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The index of the referenced event"
::= { intrudBiteEventsEntry 1 }

eventTime OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Time of the detection event"
::= { intrudBiteEventsEntry 3 }



eventSourceAddress OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The address of the intruder"
::= { intrudBiteEventsEntry 2 }


eventType OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Attack method (e.g. port bite)"
::= { intrudBiteEventsEntry 4 }


eventcounterACTOperation OBJECT-TYPE
SYNTAX INTEGER { default ( 0 ) , ignore ( 1 ) , block ( 2 ) , monitor ( 3 ) }
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The action took place in CounterACT as a respond to the detected event"
::= { intrudBiteEventsEntry 5 }

eventcounterACTOperationDuration OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Period in which CounterACT action will be effective"
::= { intrudBiteEventsEntry 6 }


eventSpecificDetails OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Event specific attributes (e,g. user name)"
::= { intrudBiteEventsEntry 7 }

eventDestinationAddress OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The address of the attacked host"
::= { intrudBiteEventsEntry 8 }

eventDestinationPort OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The port used by this event"
::= { intrudBiteEventsEntry 9 }

eventProtocol OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Protocol used (e.g. TCP, UDP, ICMP)"
::= { intrudBiteEventsEntry 10 }

intrudScanEventsTable OBJECT-TYPE
SYNTAX SEQUENCE OF IntrudScanDetectionEventsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Table of last scan events"
::= { intrusion 5 }

intrudScanEventsEntry OBJECT-TYPE
SYNTAX IntrudScanDetectionEventsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A single detection event"
INDEX { eventIndex }
::= { intrudScanEventsTable 1 }

IntrudScanDetectionEventsEntry ::= SEQUENCE {
eventIndex INTEGER,
eventSourceAddress IpAddress,
eventTime TimeTicks,
eventType OCTET STRING,
eventcounterACTOperation INTEGER,
eventcounterACTOperationDuration TimeTicks
}


eventIndex OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The index of the referenced event"
::= { intrudScanEventsEntry 1 }


eventSourceAddress OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The address of the intruder"
::= { intrudScanEventsEntry 2 }

eventTime OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Time of the detection event"
::= { intrudScanEventsEntry 3 }


eventType OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Scan method (e.g. port scan)"
::= { intrudScanEventsEntry 4 }


eventcounterACTOperation OBJECT-TYPE
SYNTAX INTEGER { default ( 0 ) , ignore ( 1 ) , block ( 2 ) , monitor ( 3 ) }
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The action took place in CounterACT as a respond to the detected event"
::= { intrudScanEventsEntry 5 }

eventcounterACTOperationDuration OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Period in which CounterACT action will be effective"
::= { intrudScanEventsEntry 6 }


intrudProbeEventsTable OBJECT-TYPE
SYNTAX SEQUENCE OF IntrudProbeEventsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Table of last probe events"
::= { intrusion 6 }

intrudProbeEventsEntry OBJECT-TYPE
SYNTAX IntrudProbeEventsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A single detection event"
INDEX { eventIndex }
::= { intrudProbeEventsTable 1 }

IntrudProbeEventsEntry ::= SEQUENCE {
eventIndex INTEGER,
eventSourceAddress IpAddress,
eventTime TimeTicks,
eventType OCTET STRING,
eventScanIndex INTEGER,
eventDestinationAddress IpAddress,
eventDestinationPort INTEGER,
eventProtocol INTEGER,
eventSpecificDetails OCTET STRING
}


eventIndex OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The index of the referenced event"
::= { intrudProbeEventsEntry 1 }



eventSourceAddress OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The address of the intruder"
::= { intrudProbeEventsEntry 2 }

eventTime OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Time of the detection event"
::= { intrudProbeEventsEntry 3 }


eventType OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The used probe method (e.g. port scan)"
::= { intrudProbeEventsEntry 4 }


eventScanIndex OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The index of the attached detected scan event "
::= { intrudProbeEventsEntry 5 }

eventDestinationAddress OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The address of the attacked host"
::= { intrudProbeEventsEntry 6 }

eventDestinationPort OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The port used by this event"
::= { intrudProbeEventsEntry 7 }

eventProtocol OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Protocol used (e.g. TCP, UDP, ICMP)"
::= { intrudProbeEventsEntry 8 }


eventSpecificDetails OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Event specific attributes (e,g. user name)"
::= { intrudProbeEventsEntry 9 }




intrudTotlaActiveNumber OBJECT-TYPE
SYNTAX INTEGER ( 0 .. 2147483647 )
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Total number of active hosts"
::= { intrusion 4 }


intrudServiceAttackEventsTable OBJECT-TYPE
SYNTAX SEQUENCE OF IntrudServiceAttackEventsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Table of last service scan detected events"
::= { intrusion 7 }


intrudServiceAttackEventsEntry OBJECT-TYPE
SYNTAX IntrudServiceAttackEventsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A single service scan detection event"
INDEX { eventIndex }
::= { intrudServiceAttackEventsTable 1 }



IntrudServiceAttackEventsEntry ::= SEQUENCE {
eventIndex INTEGER,
eventDetectionTime TimeTicks,
eventDetectionMode INTEGER,
eventDestinationPort INTEGER,
eventDestinationProtocol INTEGER,
eventcounterACTOperation INTEGER,
eventcounterACTOperationDuration TimeTicks
}

eventIndex OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The index of the referenced event"
::= { intrudServiceAttackEventsEntry 1 }

eventDetectionTime OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Time of the detection event"
::= { intrudServiceAttackEventsEntry 2 }

eventDetectionMode OBJECT-TYPE
SYNTAX INTEGER { counterACT ( 0 ) , manual ( 1 )}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Was the service scan detected by CounterACT or added manualy by the user "
::= { intrudServiceAttackEventsEntry 3 }

eventDestinationPort OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The scanned port"
::= { intrudServiceAttackEventsEntry 4 }

eventDestinationProtocol OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The scanned protocol"
::= { intrudServiceAttackEventsEntry 5 }


eventcounterACTOperation OBJECT-TYPE
SYNTAX INTEGER { default ( 0 ) , ignore ( 1 ) , block ( 2 ) , monitor ( 3 ) }
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The action took place in CounterACT as a respond to the detected event"
::= { intrudServiceAttackEventsEntry 6 }

eventcounterACTOperationDuration OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Period in which CounterACT action will be effective"
::= { intrudServiceAttackEventsEntry 7 }


cactEngineLastStart OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Last time engine was started"
DEFVAL { 0 }
::= { counterACT 1 }

cactEngineLastShutdown OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Last time engine was shutdown"
DEFVAL { 0 }
::= { counterACT 2 }

cactCurrentPolicyName OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The current defined policy name"
::= { counterACT 3 }

cactCurrentBitePolicy OBJECT-TYPE
SYNTAX INTEGER { Unknown( 0 ) ,Block ( 1 ) ,Monitor ( 2 ) , Mixed ( 3 )}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The current bite policy - how do CounterACT handle detected bite "
::= { counterACT 4 }

cactHandeledPackets OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Total number of packets being handeled by CounterACT"
::= { counterACT 5 }

cactHandeledBytes OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Total number of bytes being handeled by CounterACT"
::= { counterACT 6 }

cactEngineCpuUsage OBJECT-TYPE
SYNTAX INTEGER ( 0 .. 100 )
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Precentage of engine's CPU usage"
DEFVAL { 0 }
::= { counterACT 7 }

cactTotalCpuUsage OBJECT-TYPE
SYNTAX INTEGER ( 0 .. 100 )
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Total CPU usage at CounterACT's machine"
DEFVAL { 0 }
::= { counterACT 8 }

cactTotalMemUsage OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Amount of memory (in Kb) currently used at CounterACT machine"
DEFVAL { 0 }
::= { counterACT 9 }



cactEngineMemUsage OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Amount of memory (in Kb) currently used by the engine process"
DEFVAL { 0 }
::= { counterACT 10 }

cactAcuMemUsage OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Amount (in Kb) of memory used by the ACU process"
::= { counterACT 11 }

cactPhysicalMem OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The physical memory (in Kb) capacity at CounterACT's machine"
::= { counterACT 12 }

cactSwapMem OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The available swap memory (in Kb) capacity at CounterACT's machine"
::= { counterACT 13 }

cactDiskPartitionTable OBJECT-TYPE
SYNTAX SEQUENCE OF cactDiskPartitionEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Disk partisions at CounterACT's machine"
::= { counterACT 14 }

cactDiskPartitionEntry OBJECT-TYPE
SYNTAX cactDiskPartitionEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Single partition"
INDEX { name }
::= { cactDiskPartitionTable 1 }

cactDiskPartitionEntry ::= SEQUENCE {
name OCTET STRING,
totalSpace INTEGER,
usedSpace INTEGER
}


name OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Name of the partition"
::= { cactDiskPartitionEntry 1 }


totalSpace OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Total amount of disk space (in Kb) under this partition"
::= { cactDiskPartitionEntry 2 }


usedSpace OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Amount of disk space (in Kb) currently used under this partition"
::= { cactDiskPartitionEntry 3 }


orgRegisteredCounterACTTable OBJECT-TYPE
SYNTAX SEQUENCE OF orgRegisteredcounterACTsEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Current registered appliances"
::= { organization 1 }

orgRegisteredCounterACTEntry OBJECT-TYPE
SYNTAX orgRegisteredCounterACTEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"A single registered counterACT"
INDEX { counterACTId }
::= { orgRegisteredCounterACTTable 1 }

orgRegisteredCounterACTEntry ::= SEQUENCE {
counterACTId OCTET STRING,
counterACTAddress IpAddress,
counterACTConnectionStatus INTEGER,
counterACTLastConnectionStatusTime TimeTicks
}


counterACTId OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"counterACT identifier"
::= { orgRegisteredCounterACTEntry 1 }


counterACTAddress OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-only
STATUS mandatory
DESCRIPTION
"counterACT's address"
::= { orgRegisteredCounterACTEntry 2 }


counterACTConnectionStatus OBJECT-TYPE
SYNTAX INTEGER { unknown ( 0 ) , connected ( 1 ) , disconnected ( 2 ) }
ACCESS read-only
STATUS mandatory
DESCRIPTION
"counterACT's connection to the CCU status"
::= { orgRegisteredCounterACTEntry 3 }


counterACTLastConnectionStatusTime OBJECT-TYPE
SYNTAX TimeTicks
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Last time connection status was changed"
::= { orgRegisteredCounterACTEntry 4 }

dbType OBJECT-TYPE
SYNTAX DisplayString ( SIZE ( 0 .. 255 ) )
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The installed database type and version"
::= { database 1 }

dbWriteQuerySize OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Number of insert / update statement waiting to be executed"
DEFVAL { ok }
::= { database 2 }


cactLogPartitionName OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The name of the disk partition inwhich ForeScout logs reside"
::= { counterACT 15 }

cactDbPartitionName OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The disk partition inwhich the database resides"
::= { counterACT 16 }

cactFloodMode OBJECT-TYPE
SYNTAX INTEGER { No-Flood ( 1 ) ,Syn-Flood ( 2 ) ,Probe-Flood (3) ,Syn-Probe-Flood(4)}
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Indicates whether CounterACT is being flooded"
::= { counterACT 17 }

cactThreatLevel OBJECT-TYPE
SYNTAX INTEGER ( 0 .. 10 )
ACCESS read-only
STATUS mandatory
DESCRIPTION
"counterACT current threat level"
::= { counterACT 18 }

counterACTStartTrap TRAP-TYPE
ENTERPRISE forescout
VARIABLES { cactEngineLastStart }
DESCRIPTION "counterACT was started"
::= 1

counterACTShutDownTrap TRAP-TYPE
ENTERPRISE forescout
VARIABLES { cactEngineLastShutdown }
DESCRIPTION "counterACT was stopped"
::= 2

policyChangeTrap TRAP-TYPE
ENTERPRISE forescout
VARIABLES { cactCurrentPolicyName }
DESCRIPTION "Current policy was modified"
::= 3


biteEventTrap TRAP-TYPE
ENTERPRISE forescout
VARIABLES { intrudBiteEventsEntry }
DESCRIPTION "Bite attempt detection notification"
::= 4

counterACTConnectionStatusChange TRAP-TYPE
ENTERPRISE forescout
VARIABLES { orgRegisteredCounterACTEntry}
DESCRIPTION "counterACT is connected to / disconnected from Management Server"
::= 5

counterACTFloodModeChange TRAP-TYPE
ENTERPRISE forescout
VARIABLES { cactFloodMode}
DESCRIPTION "counterACT has detected start/end of flood attack"
::= 6

scanEventTrap TRAP-TYPE
ENTERPRISE forescout
VARIABLES { intrudScanEventsEntry }
DESCRIPTION "Scan attempt detection notification"
::= 7

probeEventTrap TRAP-TYPE
ENTERPRISE forescout
VARIABLES { intrudProbeEventsEntry }
DESCRIPTION "Probe attempt detection notification"
::= 8

serviceAttackEventTrap TRAP-TYPE
ENTERPRISE forescout
VARIABLES { intrudServiceAttackEventsEntry }
DESCRIPTION "Service scan attempt detection notification"
::= 9



END

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close