-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -c
--
-- Trend Micro, Inc.
-- Copyright information is in the DESCRIPTION section of the MODULE-IDENTITY.
-- 
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

TPT-NGFW-LOGGING-MIB

DEFINITIONS ::= BEGIN

IMPORTS
  InetAddress,
  InetAddressType
    FROM INET-ADDRESS-MIB
    
  MODULE-COMPLIANCE,
  NOTIFICATION-GROUP,
  OBJECT-GROUP
    FROM SNMPv2-CONF

  MODULE-IDENTITY,
  NOTIFICATION-TYPE,
  OBJECT-TYPE,
  Unsigned32
    FROM SNMPv2-SMI

  SnmpAdminString
    FROM SNMP-FRAMEWORK-MIB

  DateAndTime,
  TEXTUAL-CONVENTION
    FROM SNMPv2-TC
    
  tptNgfwSystemSerial
    FROM TPT-NGFW-SYSTEM-INFO-MIB
    
  tpt-ngfw-compls,
  tpt-ngfw-groups,
  tpt-ngfw-objs,
  tpt-ngfw-eventsV2,
  tpt-ngfw-params,
  Severity
    FROM TPT-NGFW-REG-MIB
;

tptNgfwLogging MODULE-IDENTITY
  LAST-UPDATED "201605251854Z" -- May 25, 2016
  ORGANIZATION "Trend Micro, Inc."
  CONTACT-INFO "www.trendmicro.com"
  DESCRIPTION
    "
     Logging information and notifications for TippingPoint Next-Generation Firewall
     products.

     Copyright (C) 2016 Trend Micro Incorporated. All Rights Reserved.
     
     Trend Micro makes no warranty of any kind with regard to this material,
     including, but not limited to, the implied warranties of merchantability
     and fitness for a particular purpose. Trend Micro shall not be liable for
     errors contained herein or for incidental or consequential damages in
     connection with the furnishing, performance, or use of this material. This
     document contains proprietary information, which is protected by copyright. No
     part of this document may be photocopied, reproduced, or translated into
     another language without the prior written consent of Trend Micro. The
     information is provided 'as is' without warranty of any kind and is subject to
     change without notice. The only warranties for Trend Micro products and
     services are set forth in the express warranty statements accompanying such
     products and services. Nothing herein should be construed as constituting an
     additional warranty. Trend Micro shall not be liable for technical or editorial
     errors or omissions contained herein. TippingPoint(R), the TippingPoint logo, and
     Digital Vaccine(R) are registered trademarks of Trend Micro. All other company
     and product names may be trademarks of their respective holders. All rights
     reserved. This document contains confidential information, trade secrets or
     both, which are the property of Trend Micro. No part of this documentation may
     be reproduced in any form or by any means or used to make any derivative work
     (such as translation, transformation, or adaptation) without written permission
     from Trend Micro or one of its subsidiaries. All other company and product
     names may be trademarks of their respective holders.
    "

  REVISION "201605251854Z" -- May 25, 2016 
  DESCRIPTION "Updated copyright information. Minor MIB syntax fixes."
  
  REVISION    "201303131200Z" -- March 13, 2013
  DESCRIPTION "Initial version of NGFW Logging MIB."

::= { tpt-ngfw-objs 5 }

-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
--
-- Textual Conventions
--
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                        
AuditLogResult ::= TEXTUAL-CONVENTION
  STATUS      current
  DESCRIPTION "The result of an audit check: success, or fail.
              "
  SYNTAX      INTEGER { success(1), failed(2) }

AuditLogCategory ::= TEXTUAL-CONVENTION
  STATUS      current
  DESCRIPTION "The functional location  of where an audit check was made and generated
               a log entry.
              "
  SYNTAX      INTEGER { 
          undefined(1),
          general(2),
          login(3),
          logout(4),
          user(5),
          time(6),
          policy(7),
          update(8),
          boot(9),
          report(10),
          host(11),
          cfg(12),
          device(13),
          sms(14),
          server(15),
          segment(16),
          license(17),
          ha(18),
          monitor(19),
          ipFilter(20),
          connTable(21),
          hostComm(22),
          tse(23),
          cf(24)
}
  
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
--
-- System Log Notification
--
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

tptNgfwSysLogNotify NOTIFICATION-TYPE
  OBJECTS     {
                tptNgfwSystemSerial,
                tptNgfwLogNotifyTime,
                tptNgfwLogNotifyHost,
                tptNgfwLogNotifySource,
                tptNgfwLogNotifySeverity,
                tptNgfwLogNotifyText
              }
  STATUS      current
  DESCRIPTION "System log notification.
              "
::= { tpt-ngfw-eventsV2 15 }

tptNgfwLogNotifyTime OBJECT-TYPE
  SYNTAX      DateAndTime 
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The date and time when the entry was logged.
              "
::= { tpt-ngfw-params 60 }

tptNgfwLogNotifyHost OBJECT-TYPE
  SYNTAX      SnmpAdminString (SIZE(0..255))
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The host name that generated the system log.
              "
::= { tpt-ngfw-params 61 }

tptNgfwLogNotifySource OBJECT-TYPE
  SYNTAX      SnmpAdminString (SIZE(0..80)) 
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The component that generated the system log.
              "
::= { tpt-ngfw-params 62 }

tptNgfwLogNotifySeverity OBJECT-TYPE
  SYNTAX      Severity 
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The severity of the logged event.
              "
::= { tpt-ngfw-params 63 }

tptNgfwLogNotifyText OBJECT-TYPE
  SYNTAX      SnmpAdminString (SIZE(0..4096))
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The full log text.
              "
::= { tpt-ngfw-params 64 }

-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
--
-- Audit Log Notification
--
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

tptNgfwAuditLogNotify NOTIFICATION-TYPE
  OBJECTS     {
                tptNgfwSystemSerial,
                tptNgfwLogNotifyTime,
                tptNgfwAuditLogNotifyAccess,
                tptNgfwAuditLogNotifyType,
                tptNgfwAuditLogNotifyIpAddrType,
                tptNgfwAuditLogNotifyIpAddr,
                tptNgfwAuditLogNotifyCategory,
                tptNgfwAuditLogNotifyResult,
                tptNgfwAuditLogNotifyUser,
                tptNgfwAuditLogNotifyMessage
              }
  STATUS      current
  DESCRIPTION "Audit-log notification.
              "
::= { tpt-ngfw-eventsV2 16 }

tptNgfwAuditLogNotifyAccess OBJECT-TYPE
  SYNTAX      Unsigned32
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The access level of the user initiating the audit check and generating the log.
               This is a bit field with the following mapping:
               
                     0x0 - normal 
                     0x1 - operator
                     0x4 - administrator
                     0x8 - super-user
              "
::= { tpt-ngfw-params 65 }

tptNgfwAuditLogNotifyType OBJECT-TYPE
  SYNTAX      SnmpAdminString (SIZE(0..40))
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The interface source of the audit log action.
              "
::= { tpt-ngfw-params 66 }

tptNgfwAuditLogNotifyIpAddrType OBJECT-TYPE
  SYNTAX      InetAddressType
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The type of IP address from which the user connected.
              "
::= { tpt-ngfw-params 67 }

tptNgfwAuditLogNotifyIpAddr OBJECT-TYPE
  SYNTAX      InetAddress
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The IP address from which the user connected.
              "
::= { tpt-ngfw-params 68 }

tptNgfwAuditLogNotifyCategory OBJECT-TYPE
  SYNTAX      AuditLogCategory
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The functional area where the audit log was generated.
              "
::= { tpt-ngfw-params 69 }

tptNgfwAuditLogNotifyResult OBJECT-TYPE
  SYNTAX      AuditLogResult
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The result, pass or fail, of an audit check.
              "
::= { tpt-ngfw-params 70 }

tptNgfwAuditLogNotifyUser OBJECT-TYPE
  SYNTAX      SnmpAdminString (SIZE(0..80))
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "The user initiating the audit check and generating the log.
              "
::= { tpt-ngfw-params 71 }

tptNgfwAuditLogNotifyMessage OBJECT-TYPE
  SYNTAX      SnmpAdminString (SIZE(0..4096))
  MAX-ACCESS  accessible-for-notify
  STATUS      current 
  DESCRIPTION "A description of what configuration change was attempted 
               (and possibly succeeded) by the user.
              "
::= { tpt-ngfw-params 72 }

-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
--
-- VPN Log Notification
--
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

tptNgfwVpnLogNotify NOTIFICATION-TYPE
  OBJECTS     {
                tptNgfwSystemSerial,
                tptNgfwLogNotifyTime,
                tptNgfwLogNotifySeverity,
                tptNgfwLogNotifySource,
                tptNgfwLogNotifyText
              }
  STATUS      current
  DESCRIPTION "A notification for VPN log information.
              "
::= { tpt-ngfw-eventsV2 17 }

-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
--
-- Groups
--
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

tptNgfwLoggingGroup OBJECT-GROUP
  OBJECTS     {
                tptNgfwLogNotifyTime,
                tptNgfwLogNotifyHost,
                tptNgfwLogNotifySource,
                tptNgfwLogNotifySeverity,
                tptNgfwLogNotifyText,
                
                tptNgfwAuditLogNotifyAccess,
                tptNgfwAuditLogNotifyType,
                tptNgfwAuditLogNotifyIpAddrType,
                tptNgfwAuditLogNotifyIpAddr,
                tptNgfwAuditLogNotifyCategory,
                tptNgfwAuditLogNotifyResult,
                tptNgfwAuditLogNotifyUser,
                tptNgfwAuditLogNotifyMessage
              }

  STATUS      current
  DESCRIPTION "Logging group consisting of system, audit, and VPN log objects.
              "
::= { tpt-ngfw-groups 9 }

tptNgfwLoggingNotificationGroup NOTIFICATION-GROUP
    NOTIFICATIONS {
                    tptNgfwSysLogNotify, tptNgfwAuditLogNotify, tptNgfwVpnLogNotify
                  }

    STATUS        current
    DESCRIPTION   "NGFW Logging notifications. 
                  "
::= { tpt-ngfw-groups 10 }

-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
--
-- Compliances
--
-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

tptNgfwLoggingCompl MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION "Compliance for TippingPoint Next-generation Firewall logging MIB.
                "
    MODULE
      MANDATORY-GROUPS { tptNgfwLoggingGroup, tptNgfwLoggingNotificationGroup }
::= { tpt-ngfw-compls 3 }

END
