06-22-2009 08:32 AM - edited 03-10-2019 04:40 AM
Hey everyone,
I'm currently receiving SNMP traps for important alerts from the IPS we have set up. The logs for these traps look something like this:
Ent Value 6: .1.3.6.1.4.1.9.9.383.1.2.3=This signature is a Metacomponent
Ent Value 7: .1.3.6.1.4.1.9.9.383.1.2.4=Visual Studio Msmask32.ocx ActiveX Buffer Overflow
Ent Value 8: .1.3.6.1.4.1.9.9.383.1.2.5=6990
First, how can I find out what strings like "Ent Value 8: .1.3.6.1.4.1.9.9.383.1.2.5" mean? Is it important?
Second, what is the best way to interpret these traps? I'm assuming I need to write a custom script to gather the important details and do what I want with them?
Any pointers would be very helpful! I just want to know what I'm getting myself into. :)
Thanks!
Solved! Go to Solution.
06-24-2009 05:59 AM
You can lookup OIDs at this tool:
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en
There are many free/commercial SNMP trap collectors that would help you in this purpose. Scripting can get really involved sometimes, but of course if you are an expert at it, no need to pay money to achieve your desired objectives.
Regards
Farrukh
06-24-2009 05:59 AM
You can lookup OIDs at this tool:
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en
There are many free/commercial SNMP trap collectors that would help you in this purpose. Scripting can get really involved sometimes, but of course if you are an expert at it, no need to pay money to achieve your desired objectives.
Regards
Farrukh
06-24-2009 06:07 AM
Thanks Farrukh. That's what I was looking for.
Now to either find a good free parser, or figure out the simplest way to do this myself...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: