Allot SNMP Integration (16.5 and NW-S 15.3) v10 b9

Allot SNMP Integration
Integration Guide
AOS, NX, DM, SMP, CS 16.5
NW-S 15.3
Document Version History
Doc Date Author Revisions Added

Version
V10b9 21.05.20 Dan Shalem MIB versioning and compatibility details updated
V10b8 16.05.20 Dan Shalem More details added about ALLOT-NX-MIB. Name of
MIB corrected (from ALLOT-NX-MIB-16_5)
V10b7 27.04.20 Dan Shalem Updated to ALLOT-MIB rev 202005021700Z for 16.5
Added alIntegratedServiceServerUpVer2Trap,
alIntegratedServiceServerDownVer2Trap,
alDataSourceDownV2Trap and alDataSourceUpV2Trap
all with IPv6 support (s2.2.1.1)
Updated to ALLOT-MD-MIB to 202005041700Z for 16.5
Added alSmpFupConnectLossAlarmDownTrap and
alSmpFupConnectLossAlarmUpTrap. Fixed typo in
alSMPcrfConnectAlarmUpTrap
Updated to ALLOT-DATAMED-MIB rev 202005011700Z
Updated to ALLOT-NX-MIB rev 202005031200Z for
16.5 with support for IPv6
Removed support for SNMP v1.
Added procedure for setting SNMP version for NX trap
forwarding, as well as User, Authentication and Privacy
for SNMPv3.
SG-HA (AOS-RP) Traps added (s2.2.1.1)
NHR-NA (ID 168) added to NX trap forwarding table
(s2.1.3.3)
V10b6 09.01.20 Dan Shalem Updated to ALLOT-MIB rev 201912241600Z
V10b5 25.11.19 Ben Gold Consolidated CPU, Storate and Memory in Health
Monitoring
Updated command to change the version of SNMP
that NX uses to send traps
Added a note in the Health Monitoring >
NetworkSecure section about not using special
characters in, for example, server names.
SNMP Integration i
Overview
V10b4 29.10.19 Dan Shalem Limitation on SMP KPIs in PCC mode only removed.
(From 15.1, SMP only works in PCC mode, even when
managing subscribers)
V10b3 23.10.19 Dan Shalem Updated to 16.1.50: Allot-MIB rev 201909191600Z

Old “Statistics Monitoring” Chapter merged into
Chapter 4 under: S4.1.1 (Throughput) & S4.1.3
(Number of Connections)
Table of traps forwarded from NetXplorer (s2.1.3.3)
fully updated including new events (e.g: 420: SMP FUP
Connection Established)
VideoClass KPIs deprecated
Example added for output of
alsmpSpNumOfActiveSubs
V10b2 18.7.19 Ben Gold Added NetworkSecure SNMP Integration 15.3
• NW-S Traps (s2.1.2 and 2.2.7)

• NW-S Health Monitoring (s3.3)
• NW-S KPIs (s4.7)
Previous Chapter 6 (listing select OIDs) removed.
Removed Non-Supported DM KPIs (related to
processed records)
V10b1 30.6.19 Dan Shalem Updated to 16.1.10: ALLOT-MIB rev 201904211400Z

Added ability to change NX traps from SNMP v2 to
SNMP v3. Added clarification about adding SNMPv3
user to same SNMP group.
v9b7 25.3.19 Dan Shalem Section on Unix Based Traps (2.3.7) added. Section on
Management Platform Health Monitoring (3.2)
amended.
v9b6 11.3.19 Dan Shalem Expanded scope of section on IBM IMM traps to cover
all Remote Management of COTS servers.
v9b5 10.3.19 Dan Shalem Removed section on “Polling NX for Policy Level
Statistics (MRTG only)
v9b4 03.9.18 Dan Shalem Updated relevant Allot MIB for 15.1.60
• ALLOT-MIB rev 201809021600Z
• Added SG-9700, SG-VE 200 virtual board
types and ASP (Network Secure) entities
Clarified procedure for changing SNMPv2c community
on intel-based SGs.
ii
Overview
v9b3 12.7.18 Robert Schenck New branding
v9b2 10.6.18 Dan Shalem Fixed error with documentation of 2603.5.4.3 to 5.4.8
v9b1 31.10.17 Dan Shalem Updated relevant Allot MIBs for SW version 15.1:
• ALLOT-MIB rev 201710241400Z
• ALLOT-MD-MIB rev 201710241400Z
Traps Added:
• SMP Active Directory Trap added
• 6 new traps added to Allot-MIB
• AOS alApplicationInfoTrap – new usage for
exceeding host catalog capacities.
Updated Important Notices section
v8b6 01.10.17 Dan Shalem Added polling memory for non-intel platforms (SG-
9x00)
v8b5 28.09.17 Dan Shalem Fixed typing error in command for changing default
communities
v8b4 26.09.17 Dan Shalem Updated relevant Allot MIBs for SW version 14.7:
• Allot-MIB rev 201705291400Z
(no significant changes)
• Allot-CLEARSEE-MIB rev 201706011400Z (no
significant changes)
• Allot-DATAMED-MIB rev 201706011700Z (no
significant changes)
Update of ClearSee traps
v8b3 08.07.17 Dan Shalem Additional information added about changing SNMPv2
communities and adding SNMPv3 users.
v8b2 14.03.17 Dan Shalem Added clarification about CPU Health Monitoring for
in-line platforms.
v8b1 14.06.16 Dan Shalem Updated to relevant Allot MIBs for SW 14.5:
(new licenses added to alLicenseInfoTable)
• Allot-DATAMED-MIB rev 201606131700Z
(new bucket types identified in DM KPIs)
• Allot-MD-MIB (no change)
• Allot-CLEARSEE-MIB (no change)
v7b5 23.05.16 Dan Shalem Updated to Allot-MIB rev201605221700Z to include

SG-9500.
Added an example for polling statistics per port.
Updated Health Monitoring for SFB-420.
iii
Overview
Added clarification for setting SNMP port to be used

when sending traps to additional server.
Updated Health Monitoring for SG-9500.
v7b4 06.12.15 Dan Shalem Fixed error in description of throughput KPI.

AC-6000 temperature KPI added.
Added SG-Tera Interface numbers (5.3)
Added additional standard MIB for polling interfaces.
v7b3 20.09.15 Dan Shalem Fixed error with SNMPv3 user name to read MD5
v7b2 22.06.15 Dan Shalem Updated to relevant Allot MIBs for SW 14.1:
• Allot-MD-MIB rev 201506211700Z
Including new dynamic rule KPIs
Including additional DM KPIs and new traps
• Allot-CLEARSEE-MIB
v7b1 01.02.15 Dan Shalem New CS MIB added:

• 201411041400Z
v6b4 10.12.14 Dan Shalem Ch3 (Health Monitoring) updated with SG-Tera blades
and sensors.
v6b3 11.11.14 Dan Shalem Added VDO MIB and associated VDC KPIs (13.1.450)
v6b2 13.10.14 Dan Shalem Added clarification about alOptIfInputTrap
v6b1 02.10.14 Dan Shalem Updated to relevant Allot MIBs for SW 13.4.
v5b3 03.07.14 Dan Shalem Updated to reflect new Allot-MIB rev201407011800Z

which replaces the previous revision.
v5b2 21.05.14 Dan Shalem Updated to relevant Allot MIBs for SW 13.3
• Allot-MD-MIB rev 201402221100Z
Allot-MD-MIB updated to include new Sd KPIs and new
"Peak Average" KPIs for Gx, Gy and Sd.
v5b1 12.12.13 Dan Shalem Updated to Allot.mib rev201310131100Z including

VDC blades for AOS13.1.400
v4b11 09.12.13 Dan Shalem Further clarifications on active subscribers
iv
Overview
Clarifications about the KPIs measuring active and

v4b10 20.10.13 Dan Shalem
registered subscribers.
Added information about alPolicyModificationTag
v4b9 10.10.13 Dan Shalem
v4b8 01.10.13 Dan Shalem Clarification about average calculation for throughput
statistics
V4b7 08.08.13 Dan Shalem Setting additional trap destinations command fixed.
V4b6 19.06.13 Dan Shalem Clarified definition of cold start.
V4b5 07.04.13 Dan Shalem Updated list of trappable events.
V4b4 11.03.13 Dan Shalem Updated to Allot.mib rev201301311500Z and Allot-

MD-MIB rev201301141000Z. HTTP CDR and Binary
CDR KPIs added for In-line platforms.
V4b3 26.12.12 Dan Shalem Fixed typos and AC-3000 port number error. Fixed text
describing how to view trap server configured.
V4b2 25.11.12 Dan Shalem Added clarification about communities
V4b1 15.11.12 Dan Shalem Added new KPIs for In-Line Platforms, SMP and STC.
Reformatted Guide. Separation between KPIs and
Health Monitoring sections.
Updated to MIBs supporting version 13.1:
• ALLOT-MIB: 201209271600Z
• ALLOT-MD: 201208151600Z
• ALLOT-DATAMED-MIB: 201205281600Z
V3b4 06.05.12 Dan Shalem Updated with new Allot-Datamed-mib rev

201204301500Z
V3b3 06.05.12 Dan Shalem Updated to Allot.mib rev201204081845Z
V3b2 31.01.12 Dan Shalem Added note on inability to use SNMPv1 to poll NX
Updated to Allot.mib rev201201301000Z Allot-
MD.mib updated (alProvsioningType)
V3b1 15.12.11 Dan Shalem Updated for SG-Sigma E and AOS NetEnforcers
Updated to Allot.mib rev 201111201400Z
V2b11 04.09.11 Dan Shalem AC-3000 Port Statistics added
V2b10 14.08.11 Dan Shalem Updated Allot-MD-MIB to 201105291800Z
V2b9 10.08.11 Dan Shalem Updated to Allot.mib rev 201108091100Z
v
Overview
V2b7 04.03.11 Dan Shalem Updated to AOS11.2 and NX11.2; Statistics features
added.
V2b5 13.09.10 Dan Shalem Updated to AOS11.1 and NX11.1
V2b4 12.09.10 Dan Shalem Interface statistics on SG-Sigma added

Trap Forwarding Section updated
V2b3 17.08.10 Dan Shalem Missing SMP KPI added
V2b2 22.07.10 Dan Shalem Additional Events
V2b1 10.05.10 Dan Shalem Updated with new SNMP features for AOS10.2.1
V1b14 04.02.10 Dan Shalem Updated to Allot.mib rev from 04.02.2010; Fixed
syntax errors on p9
V1b12 14.12.09 Dan Shalem Updated to Allot.mib rev 200912011518
V1b11 09.11.09 Dan Shalem Minor Errors fixed
V1b10 05.11.09 Dan Shalem Updated to Allot.Mib rev 200910290948Z New KPIs
added.
V1b9 28.10.09 Dan Shalem Updated to Allot.Mib rev 200909021333Z
V1b8 27.10.09 Dan Shalem alUserDefinedSignature, extra alSMPSystemTrap for

PCRF integration and examples of SG KPIs
V1b7 14.07.09 Dan Shalem Procedure for NX KPIs updated
V1b6 12.07.09 Dan Shalem More information about statistics
V1b5 22.06.09 Dan Shalem How to set devices (NE, NX, SG, SMP, STC) to send
traps to external server & how to set NX to send traps
to external server both added.
V1b4 11.06.09 Dan Shalem IBM DS-3200 trap added
V1b3 02.06.09 Dan Shalem IBM RSA-II traps added
V1b2 May 2009 Dan Shalem SMP Traps and KPIs

NX Mib Structure
V1b1 May 2009 Dan Shalem -
vi
Overview
Product Versions Covered

This SNMP integration guide is verified as correct for the following product versions:
Product SW Versions
Covered in
this Guide
NetXplorer NX16.5
Data Mediator MED16.5
SMP SMP16.5
Short-Term Collector MD16.5
SG-VE AOS16.5
SG-9x00 AOS16.5
(SG-9008, SG-9100,
SG-9500, SG-9700)
SG-Tera AOS16.5
NetworkSecure NWS15.3
SG-Sigma E AOS14.1
SG-Sigma AOS13.3
NetEnforcer AOS13.1
Note: In some cases, KPIs and traps described in this document may be available only for some of the
products listed above. Wherever this is the case, a note is added in the document
vii
Overview
MIB Versions Covered

This SNMP integration guide is verified as correct for the following MIB files:
Allot MIBs Revision Supported Backwards Compatibility of

Software this latest MIB file Revision
ALLOT-MIB.mib 202005021700Z AOS16.5 Works with all previous AOS

software versions
ALLOT-MD.MIB 202005041700Z MD15.3 Works will all previous SMP

and STC software versions
ALLOT-DATAMED-MIB 202005011700Z DM15.3 Works will all previous DM

software versions
OPTENETv2-MIB 201601120000Z NWS15.3 Works with all previous NW-S

software verisons
ALLOT-ASP-CM-MIB 201711211000Z NWS15.3 Used only from NWS15.3

onwards
ALLOT-ASP-FILTER-MIB 201801231000Z NWS15.3 Used only from NWS15.3

onwards
ALLOT-TOPOLOGY-MIB 201903101200Z NWS15.3 Used only from NWS15.3

onwards
ALLOT-CLEARSEE-MIB 201706011400Z CS16.5 Works with all previous CS

software versions
ALLOT-NX-MIB.MIB 202005031200Z NX16.5 Works with all previous NX

software versions
NOTES:
• All of the latest MIB files above can be downloaded from the Allot Knowledge Base,
with the exception of the OPTENETv2-MIB. This file can be downloaded from each
NWS server once the solution has been installed and configured. It is available from
the path:
• MIB files are accumulative. If in the backwards compatibility column it is written
“works with all previous Software versions”, this means that you can take the latest
MIB file revision, use it with older software versions and maintain all previous SNMP
functionality. Additional functionalities supported in the latest MIB revision, will not
be supported.
viii
Overview
Contents
Document Version History ................................................................................................. i
Product Versions Covered ................................................................................................vii
MIB Versions Covered ..................................................................................................... viii
Contents ........................................................................................................................... ix
1 Overview .............................................................................................................. 1-1
1.1 Available MIB Files ................................................................................... 1-2
1.2 MIB File Structure .................................................................................... 1-2
1.3 Supported SNMP Types............................................................................ 1-4
1.3.1 SNMPv2c ..................................................................................... 1-4
1.3.2 SNMPv3 ...................................................................................... 1-6
2 SNMP Traps .......................................................................................................... 2-1
2.1 How to Send Traps to an External Server ................................................. 2-1
2.1.1 Service Gateway ......................................................................... 2-1
2.1.2 NetworkSecure ........................................................................... 2-5
2.1.3 NetXplorer (Trap Forwarding) ..................................................... 2-7
2.2 List of Traps Sent from Allot Network Elements..................................... 2-16
2.2.1 Service Gateway Traps .............................................................. 2-16
2.2.2 SMP Traps ................................................................................. 2-24
2.2.3 Data Mediator Traps ................................................................. 2-27
2.2.4 ClearSee Traps .......................................................................... 2-27
2.2.5 NX Trap Forwarding .................................................................. 2-31
2.2.6 COTS Hardware Traps ............................................................... 2-34
2.2.7 NetworkSecure Traps................................................................ 2-35
2.2.8 ACP (Unix) Traps ..................................................................... 2-123
3 Health Monitoring ................................................................................................ 3-1
3.1 Service Gateway (and NetEnforcer) ......................................................... 3-1
3.1.1 Temperature ............................................................................... 3-2
3.1.2 Fans............................................................................................. 3-6
ix
Overview
3.1.3 Power Supply .............................................................................. 3-7

3.1.4 CPU (All SG Platforms) .............................................................. 3-10
3.1.5 CPU (Intel-Based Platforms) ...................................................... 3-11
3.1.7 Memory (Non-Intel Based Platforms) ....................................... 3-13
3.1.8 Memory (Intel-Based Platforms) ............................................... 3-15
3.1.9 Storage (Non-Intel Based Platforms) ........................................ 3-17
3.1.10 Storage (Intel-Based Platforms) ................................................ 3-18
3.1.11 Software Status ......................................................................... 3-21
3.1.12 Hardware Status ....................................................................... 3-22
3.2 Management Platforms (NX/SMP/DM/STC/ClearSee) ........................... 3-22
3.2.1 CPU ........................................................................................... 3-23
3.2.2 Memory .................................................................................... 3-24
3.2.3 Storage...................................................................................... 3-25
3.3 NetworkSecure ...................................................................................... 3-27
3.3.1 Deriving NetworkSecure Health Monitoring OIDs .................... 3-27
3.3.2 CPU Indicator ............................................................................ 3-29
3.3.3 Memory Indicator ..................................................................... 3-30
3.3.4 Server Hard Disk Usage ............................................................. 3-32
3.3.5 Server Network Usage .............................................................. 3-32
3.3.6 Module Internal and External Interface Usage ......................... 3-34
4 Key Performance Indicators ................................................................................. 4-1
4.1 Service Gateway (and NetEnforcer) ......................................................... 4-1
4.1.1 Throughput ................................................................................. 4-1
4.1.2 Active Subscriber Sessions ........................................................ 4-10
4.1.3 Number of Connections ............................................................ 4-10
4.1.4 Number of Lines........................................................................ 4-12
4.1.5 Number of Pipes ....................................................................... 4-13
4.1.6 Number of Virtual Channels (VCs) ............................................ 4-13
4.1.7 Monitoring Rules ...................................................................... 4-13
x
Overview
4.1.8 Dropped Frames ....................................................................... 4-14

4.1.9 HTTP CDRs ................................................................................ 4-14
4.1.10 Binary CDRs ............................................................................... 4-14
4.1.11 Video Detail Records (VDR) ....................................................... 4-15
4.1.12 Connection Establishment Rate (CER)....................................... 4-15
4.1.13 Number of Active Subscribers................................................... 4-15
4.2 Subscriber Management Platform ......................................................... 4-16
4.2.1 Subscribers and Sessions .......................................................... 4-16
4.2.2 RADIUS Messages ..................................................................... 4-17
4.2.3 FUP Messages ........................................................................... 4-17
4.2.4 Gx DIAMETER Messages ........................................................... 4-18
4.2.5 Gy DIAMETER Messages ........................................................... 4-20
4.2.6 Gz CDRs ..................................................................................... 4-22
4.2.7 Sd DIAMETER Messages ............................................................ 4-22
4.2.8 Dynamic Rules........................................................................... 4-24
4.3 STC ......................................................................................................... 4-25
4.3.1 Incoming Records ..................................................................... 4-25
4.3.2 Processed Records .................................................................... 4-26
4.4 Data Mediator ........................................................................................ 4-27
4.4.1 Incoming Records ..................................................................... 4-27
4.4.2 Incoming Files ........................................................................... 4-28
4.4.3 Output Records ......................................................................... 4-29
4.4.4 Output Files .............................................................................. 4-29
4.5 ClearSee ................................................................................................. 4-31
4.5.1 Records ..................................................................................... 4-31
4.5.2 Files ........................................................................................... 4-31
4.6 NetworkSecure ...................................................................................... 4-33
4.6.1 Central Manager ....................................................................... 4-33
4.6.2 NetworkSecure Topology .......................................................... 4-35
xi
Overview
4.6.3 Filter.......................................................................................... 4-36

5 Appendices ........................................................................................................... 5-1
5.1 Appendix A: KPIs Per SG Blade ................................................................. 5-1
5.1.1 Examples ..................................................................................... 5-2
5.2 Appendix B: SNMP Glossary ..................................................................... 5-4
xii
Overview
1 Overview
The Allot solution typically requires the deployment of equipment at the Network
Element Layer and the Element Management System layer of the service provider
or carrier network.
At the Network Element Layer, the Service Gateway (SG) platforms are responsible
for implementing application control and subscriber management policies and
collecting network usage data.
At the Element Management System Layer, the NetXplorer (NX) manages and
communicates with the different clients that access the system. It facilitates
Service Gateway configuration, policy provisioning and alarms. Data Mediator
collects data from the different data sources (Service Gateway, SMP,
NetworkSecure) and performs ETL functions - extract and transforming the data
before loading it to the ClearSee analytics system. Depending on the services
deployed, NetworkSecure and DDoS Secure may also be part of the network
architecture. Finally, when the Subscriber Management Platform (SMP) is
deployed, an SMP server integrates with the Service Provider’s IP allocation
system, as well as billing, charging and rules functions to ensure subscriber-level
awareness and policy enforcement for the Allot solution.
At the Network Element layer, the Service Gateways run standard SNMP Agents
which communicate over SNMP V2c or V3 and maintain standard MIB-II
information together with Allot MIB extensions.
1-1
Overview
Note: When polling the NetXplorer server for KPIs, you cannot use SNMPv1. The
NetXplorer server can only be polled using later versions of SNMP.
These MIB extensions maintain information on the device such as alarms, statistics
and status. The SNMP Agent enables the in-line platform to be remotely configured
and controlled, and includes the ability to set traps on major KPI values.
1.1 Available MIB Files

Several different Allot MIB files are available for use as needed:
Name Description
MIB file for use with all Service Gateway using
ALLOT-MIB.mib NetXplorer management as well as the older
NetEnforcer platforms.
MIB file used for SNMP communication with NetXplorer
ALLOT-NX-MIB.mib
server. The NetXplorer forwards various alarms
collected from its managed nodes.
MIB file used for SNMP communication with the Allot
ALLOT-DATAMED-MIB.mib
Data Mediator
MIB file for use with SMP and STC devices.
ALLOT-MD.mib
NOTE: This file replaces the previous ALLOT-SMP-
SNMP-MIB file.
MIB file for NetworkSecure, including alarms and
OPTENETv1-MIB.txt
performance KPIs such as memory, CPU and disk. This
MIB has been replaced by OPTENETv2-MIB, however it
is still used by some customers and is kept alive for
backwards compatibility purposes.
MIB file for NetworkSecure, including alarms and
OPTENETv2-MIB.txt
performance KPIs such as memory, CPU and disk
Available in NetworkSecure 15.3, MIB file for
ALLOT-ASP-CM-MIB.mib
NetworkSecure provisioning, policy and service KPIs
ALLOT-ASP-FILTER-MIB.mib
NetworkSecure filtering KPIs, including those related to
HTTP, HTTPS, SMTP, POP3 and IMAP requests
ALLOT-TOPOLOGY-MIB.mib
NetworkSecure solution configuration KPIs
MIB file used with Allot ClearSee to provide KPIs and
ALLOT-CLEARSEE-MIB.mib
Traps for Allot’s analytics solution.
1.2 MIB File Structure

The Allot private MIB is at 1.3.1.4.1.2603
1-2
Overview
As can be seen in the figure above, the Allot-MIB MIB file consists of 4 groups:
• alEvents Group (1.3.6.1.4.1.2603.0)
• alActivation Group (1.3.6.1.4.1.2603.4)
• alObjects Group (1.3.6.1.4.1.2603.5)
• alConf Group (1.3.6.1.4.1.2603.6)
An additional fifth group, the Allot NX MIB (1.3.6.1.4.1.2603.10) is added when the
Allot-NX-MIB.mib file is loaded.
An additional sixth group, the Allot MD MIB (1.3.6.1.4.1.2603.11) is added when
the Allot-MD-MIB.mib file is loaded.
1-3
Overview
An additional seventh group, the Allot DmMibModule (1.3.6.1.4.1.2603.12) is

added when the ALLOT-DATAMED-MIB.mib file is loaded.
An additional eighth group, the Allot AlCsMibModule (1.3.6.1.4.1.2603.14) is added
when the ALLOT-CLEARSEE-MIB.mib file is loaded.
An additional ninth group, the Allot AlAspFilterMibModule (1.3.6.1.4.1.2603.15) is
added when the ALLOT-ASP-FILTER-MIB.mib file is loaded.
An additional tenth group, the Allot AlAspCmMibModule (1.3.6.1.4.1.2603.16) is
added when the ALLOT-ASP-CM-MIB.mib file is loaded.
An additional eleventh group, the Allot AlTopologyMibModule (1.3.6.1.4.1.2603.17)
is added when the ALLOT-TOPOLOGY-MIB.mib file is loaded.
The OPTENETv2-MIB file, which supports the NetworkSecure family opens under a
different leaf - 1.3.6.1.4.1.30738.
1.3 Supported SNMP Types

Allot MIBs support SNMP versions 2c and 3. SNMPv1 is not supported.
1.3.1 SNMPv2c
When working with SNMPv2c, the default community settings are as follows:
SG-Tera SG-9x00 NX STC, SMP, NetworkSecure
NetEnforcers SG-VE DM
SSG
Read allotcomm allotcomm allotcomm allotcomm allotcomm
Write allotcomm N/A N/A allotcomm N/A
The default SNMPv2c communities can be changed by following the procedures

below.
To Change Default Communities on SG-Tera and NetEnforcers
To change the SNMPv2c community on non-Intel based in-line platforms (e.g: SG-
Tera, all NetEnforcers), follow the steps below:
1. Use an external application that is able to run snmpset (E.g: Net-SNMP on
a Windows PC)
2. Open the Windows command line window
3. Go to the /usr/bin directory
4. In order to change read-only community string on the in-line platform at
IP address 10.4.40.2 to ThisIsATest99 enter the following command
(NOTE: allotcomm is the current write community that is being used for
execution of the command):
1-4
Overview
snmpset -v 2c -c allotcomm
10.4.40.2 .1.3.6.1.6.3.18.1.1.1.8.\'v1v2Config\' i 2
.1.3.6.1.6.3.18.1.1.1.2.\'v1v2Config\'
s ThisIsATest99 .1.3.6.1.6.3.18.1.1.1.8.\'v1v2Config\' i 1
5. In order to change read-write community string on Sigma at IP address
10.4.40.2 to ThisIsATest99 do the following command (NOTE: allotcomm
is the current write community that is being used for execution of the
command):
snmpset -v 2c -c allotcomm
10.4.40.2 .1.3.6.1.6.3.18.1.1.1.8.'v1v2Admin' i 2
.1.3.6.1.6.3.18.1.1.1.2.'v1v2Admin'
s ThisIsATest99 .1.3.6.1.6.3.18.1.1.1.8.'v1v2Admin' i 1
To Change Default Communities on SG-9x00, SG-VE and SSG

A different procedure is required for changing the SNMPv2c community on the
intel-based platforms (SG-9x00, SG-VE and SSG) because these platforms do not
support a “write-level” community. To change the SNMPv2c community on one of
these platforms (e.g: SG-9x00, SG-VE, SSG), you need to use a command based on
SNMP v3. Follow the steps below:
1. Use the standard snmpset command to change AOS AllSnmpAgent
community.
Note: If you are using Linux to issue snmpset, each ‘ needs to be preceded by a \
Below is an example of Linux snmpset:
snmpset -v 3 -u MD5 -a MD5 -A MD5UserAuthPassword12 -l
authNoPriv 192.168.12.17
.1.3.6.1.6.3.18.1.1.1.8.\'v1v2Config\' i 2
.1.3.6.1.6.3.18.1.1.1.2.\'v1v2Config\' s new_comm
.1.3.6.1.6.3.18.1.1.1.8.\'v1v2Config\' i 1
2. Edit /etc/snmp/snmpd.conf and change the community and proxy lines

The two lines that in snmpd.conf should by default appear as below:
# sec.name source community
com2sec notConfigUser default allotcomm
proxy -v 2c -c allotcomm localhost:1161 .1.3
Edit these two lines as shown below:

# sec.name source community
com2sec notConfigUser default new_comm
proxy -v 2c -c new_comm localhost:1161 .1.3
3. Stop snmpd (service snmpd stop)

4. Start snmpd (service snmpd start)
1-5
Overview
5. Verify that the community change has been successful, by entering the
following command:
snmpwalk -v 2c -c new_comm 192.168.12.17
.1.3.6.1.6.3.18.1.1.1.8
If the community change was unsuccessful, you will receive a no response timeout.
If the community was successfully changed, you will receive the output below:
SNMP-COMMUNITY-MIB::snmpCommunityStatus.'allotcomm' =
INTEGER: active(1)
To Change Default Communities on NetXplorer

To change the SNMPv2c read-only community on the NetXplorer, enter the new
community in the NX Agent area in the SNMP tab of the NetXplorer User Interface
below:
The NetXplorer does not allow write-access via SNMPv2c.

The STC, SMP, and DM platfoms are based on Linux. SNMPv2 access credentials are
defined in the standard configuration file of the SNMP Daemon which is part of the
Linux installation package. The recommended way to define access is via the
snmpd.conf file.
1.3.2 SNMPv3
SNMPv3 provides extra security with its built-in authentication and encryption
functions.
1-6
Overview
1.3.2.1 Internal Communication with SNMPv3

SNMPv3 is used for constant internal communication between the Service Gateway
and the NetXplorer server. The default SNMPv3 credentials cannot therefore be
changed. The default credentials are as follows:
SECURITY LEVEL AUTHNOPRIV
User MD5
Security Name MD5
Authentication Protocol MD5
Authentication Passphrase MD5UserAuthPassword12
An additional SNMPv3 user can be added to the same SNMP group using the go
config snmp command. This command can be used on non-intel platforms (e.g:
SG-Tera, NetEnforcers). It will not work on intel-based AOS platforms (e.g: SG-9x00
series, SG-VE, SSG). It is fully documented in the AOS Operation Guide.
As an example, to add a user called “test” to the “admin” group which already has
an authentication and privacy (authPriv) security level, you should follow the
procedure below:
go config snmp -snmpLogin admin:authPriv:usmHMACMD5:usmDES -
users +test:usm:admin:usmHMACMD5:usmDES
Please Enter admin's Login Authentication PassPhrase: \\
adminPassPhraseAuth
Please Enter admin's Login Privacy PassPhrase: \\
adminPassPhrasePriv
Please Enter prieltest's Authentication PassPhrase: \\
Whatever you want as long as it is sufficiently long.
Please Enter prieltest's Privacy PassPhrase: \\
Whatever you want as long as it is sufficiently long.
Request completed successfully.
After executing the command above, you can use the newly added user to perform
SNMP queries:
root@SBR-SBH[1/7/14]: ~ # snmpget -v 3 -u test -a MD5 -A
pass_i_chose_12345 -l authPriv -x DES -X pass_i_chose_12345
localhost 1.3.6.1.4.1.2603.5.2.6.21.5.0
iso.3.6.1.4.1.2603.5.2.6.21.5.0 = INTEGER: 2
1.3.2.2 External Communication (Northbound Traps) with SNMPv3

The ALLOT-NX-MIB.MIB provides the ability for the NetXplorer to aggregate traps
from all Allot elements it manages, and then to forward these traps to a trap
receiver.
1-7
Overview
When using the NX as a trap forwarder, you can decide whether to use SNMPv2,
SNMPv3 or SNMP v2 and v3. By default, SNMPv2 is used.
The following NetXplorer Server CLI command can be used to change the SNMP
version used for the traps forwarded from the NetXplorer.
NOTE: Please refer to the NetXplorer Installation & Administration Guide Chapter
6 for full instructions on how to run CLI commands on the NX server.
ConfigurationCLI.sh -setParam -paramName ENTERPRISE_SNMP_TOPIC
-paramSubName traps_security_mode -setIntegerParam 3
In the command above, the following values are available for -setIntegerParam:
Parameter SNMP version
1 SNMP v2
2 SNMP v3
3 SNMP v2 and v3
NOTE: After running this command you will need to reboot the NetXplorer!
In addition, you can setup an SNMPv3 user with different combinations of

Authentication and Encryption by using the NetXplorer Server CLI command below:
ConfigurationCLI.sh -setSnmpv3User -v3secName snmpv3user
-snmpv3authPass snmpv3Auth -v3encPass snmpv3Enc -
v3authProtocol 5 -v3privProtocol 4
NOTE: Please refer to the NetXplorer Installation & Administration Guide Chapter
6 for full instructions on how to run CLI commands on the NX server.
In the command above, the following values are available for -v3authProtocol (the
authentication)
Parameter Authentication
1 MD5
2 SHA-1 (160 bit)
3 HMAC128SHA224
4 HMAC192SHA256
5 HMAC256SHA384
1-8
Overview
The following values are available for -v3privProtocol (the encryption):
Parameter Authentication
1 DES
2 AES128
3 AES192
4 AES256
NOTE: After running this command you will need to reboot the NetXplorer!
1-9
SNMP Traps
2 SNMP Traps
The Allot Network elements (NetEnforcer and/or Service Gateway) send standard
SNMP traps both to the NetXplorer and to the Service Provider or Carrier’s
monitoring system. The SMP server, which is part of the Element Management
System Layer also sends traps to the NX server and to a third party server where
defined. In addition, the NetXplorer can serve as a single point of integration for
system administrators. Its SNMP agent forwards traps to the NOC collected from
the managed entities.
2.1 How to Send Traps to an External Server

2.1.1 Service Gateway
The procedure below outlines how to set up a Service Gateway to send SNMP traps
to an external server in addition to the NetXplorer server. In each of the cases
described below, the snmpset command should be executed from an external
application that has the option to run snmpset on SNMPv3.
Note: The Allot SGSV blade is capable of running snmpset commands for the SG-
Sigma. In this case, there is no need for an external application to run
snmpset.
Note: When running snmpset from any Linux machine (including when snmpset is
run from the SG-Sigma SGSV blade, you need to add \ (backslash) before any
apostrophe (‘). For example:
Windows: .1.3.6.1.6.3.12.1.3.1.2.'send_all_v1' would become:
Linux (or SGSV): .1.3.6.1.6.3.12.1.3.1.2.\'send_all_v1\'
Note: All snmpset commands below need to fit on a single line. Instead of
performing copy/paste from this document, it is advised to copy into notepad,
ensure that there are no line breaks, and paste from there.
2.1.1.1 Sending SG Traps in SNMPv3 format

The snmpset command below shows how using a machine that can run snmpset
v3, you can set the SG to send SNMPv3 traps.
The command input is written below. Insert the IP address of the NE, SG, SMP or
STC instead of <ALLOT-IP>. Insert the IP address of the server to which you require
traps to be sent instead of <SERVER-IP>.
2-1
SNMP Traps
snmpset -v 3 -u MD5 -a MD5 -A MD5UserAuthPassword12 -l authNoPriv <ALLOT-IP>

.1.3.6.1.6.3.12.1.2.1.2.66 o .1.3.6.1.6.1.1 .1.3.6.1.6.3.12.1.2.1.3.66 d <SERVER-
IP>.0.162 .1.3.6.1.6.3.12.1.2.1.6.66 s v3trap .1.3.6.1.6.3.12.1.2.1.7.66 s send_all
.1.3.6.1.6.3.12.1.2.1.9.66 i 4

The instructions below show how using a machine that can run snmpset v3, you
can set the SG to send SNMPv2 traps.
1. Add a row to snmpTargetParamsTable
snmpset -v 3 -u MD5 -a MD5 -A MD5UserAuthPassword12 -l authNoPriv <ALLOT-

IP> .1.3.6.1.6.3.12.1.3.1.2.'send_all_v1' i 1 .1.3.6.1.6.3.12.1.3.1.3.'send_all_v1' i
2 .1.3.6.1.6.3.12.1.3.1.4.'send_all_v1' s v1v2Config .1.3.6.1.6.3.12.1.3.1.5.'send_all_v1' i
1 .1.3.6.1.6.3.12.1.3.1.7.'send_all_v1' i 4
2. Add new entry to NotifyAddrTable

IP> .1.3.6.1.6.3.12.1.2.1.2.'B' o .1.3.6.1.6.1.1 .1.3.6.1.6.3.12.1.2.1.3.'B' d <SERVER-
IP>.0.162 .1.3.6.1.6.3.12.1.2.1.6.'B' s v3trap .1.3.6.1.6.3.12.1.2.1.7.'B' s send_all_v1
.1.3.6.1.6.3.12.1.2.1.9.'B' i 4
3. Add row in snmpNotifyFilterProfileTable

IP> .1.3.6.1.6.3.13.1.2.1.1.'send_all_v1' s send_all_filter
.1.3.6.1.6.3.13.1.2.1.3.'send_all_v1' i 4

The instructions below show how using a machine that can run snmpset v3, you
can set the SG to send SNMPv1 traps.
1. Add a row to snmpTargetParamsTable

IP> .1.3.6.1.6.3.12.1.3.1.2.'send_all_v1' i 0 .1.3.6.1.6.3.12.1.3.1.3.'send_all_v1' i 1
.1.3.6.1.6.3.12.1.3.1.4.'send_all_v1' s v1v2Config .1.3.6.1.6.3.12.1.3.1.5.'send_all_v1' i 1
.1.3.6.1.6.3.12.1.3.1.7.'send_all_v1' i 4
2. Add new entry to NotifyAddrTable
2-2
SNMP Traps

.1.3.6.1.6.3.12.1.2.1.2.'B' o .1.3.6.1.6.1.1 .1.3.6.1.6.3.12.1.2.1.3.'B' d <SERVER-
IP>.0.162 .1.3.6.1.6.3.12.1.2.1.6.'B' s v3trap .1.3.6.1.6.3.12.1.2.1.7.'B' s send_all_v1
.1.3.6.1.6.3.12.1.2.1.9.'B' i 4
3. Add row in snmpNotifyFilterProfileTable

.1.3.6.1.6.3.13.1.2.1.1.'send_all_v1' s send_all_filter .1.3.6.1.6.3.13.1.2.1.3.'send_all_v1'
i4
2.1.1.4 Sending Traps to Additional Servers

If you wish the Service Gateway to send traps to more than one SNMP server, the
same command must be entered with a different index number. The index number
of the NetXplorer is 65.83. The index number used in all of the examples above is
66. When sending traps to additional servers, make sure that the index is not less
than 66. The index can for example be 67, 68 etc.
In the example below we use an index of 67. Note that the index appears in 5
different places in the snmpset command. For additional trap destinations in the
in-line platform use:

.1.3.6.1.6.3.12.1.2.1.2.67 o .1.3.6.1.6.1.1 .1.3.6.1.6.3.12.1.2.1.3.67 d <SERVER-
IP>.0.<PORT> .1.3.6.1.6.3.12.1.2.1.6.67 s v3trap .1.3.6.1.6.3.12.1.2.1.7.67 s send_all
.1.3.6.1.6.3.12.1.2.1.9.67 i 4
For additional trap destinations in an SMP or STC server, use:

snmpset -v 3 -u MD5 -a MD5 -A MD5UserAuthPassword12 -l authNoPriv
<ALLOT-IP> .1.3.6.1.6.3.12.1.2.1.2.67 o .1.3.6.1.6.1.1
.1.3.6.1.6.3.12.1.2.1.3.67 d <SERVER-IP>.0.<PORT>
.1.3.6.1.6.3.12.1.2.1.6.67 s internal0 .1.3.6.1.6.3.12.1.2.1.7.67 s internal0
.1.3.6.1.6.3.12.1.2.1.9.67 i 4
In the section of the snmpset command labeled “port”, you should enter the SNMP
port number to be used (e.g: 162)
2.1.1.5 Deleting the SG Trap Server

If you wish the Service Gateway to stop sending traps to an additional trap server,
use the following snmpset command. Replace <INDEX> with the index number (or
ASCII notation string value) of that particular external trap server. E.g: in the
example above where we added an additional trap server with an index of 67, we
2-3
SNMP Traps
would insert in the command below 67.

.1.3.6.1.6.3.12.1.2.1.9.<INDEX> i 6
2.1.1.6 Viewing the SG Trap Server Currently Configured

If you wish to view which devices the ServiceGateway is configured to send traps
to, use the following snmpwalk command (the example given is for snmpv3).
snmpwalk -v 3 -u MD5 -a MD5 -A MD5UserAuthPassword12 -l authNoPriv 127.0.0.1

.1.3.6.1.6.3.12.1.2.1
The output will look something like this:
iso.3.6.1.6.3.12.1.2.1.2.66 = OID: iso.3.6.1.6.1.1
iso.3.6.1.6.3.12.1.2.1.2.65.83 = OID: iso.3.6.1.6.1.1
iso.3.6.1.6.3.12.1.2.1.3.66 = Hex-STRING: CB 50 7B 4F00 B2

iso.3.6.1.6.3.12.1.2.1.3.65.83 = Hex-STRING: CB 50 7A 34 00 A2
iso.3.6.1.6.3.12.1.2.1.4.66 = INTEGER: 1500
iso.3.6.1.6.3.12.1.2.1.4.65.83 = INTEGER: 1500
iso.3.6.1.6.3.12.1.2.1.5.66 = INTEGER: 3
iso.3.6.1.6.3.12.1.2.1.5.65.83 = INTEGER: 1
iso.3.6.1.6.3.12.1.2.1.6.66 = STRING: "v3trap"
iso.3.6.1.6.3.12.1.2.1.6.65.83 = STRING: "v3trap"
iso.3.6.1.6.3.12.1.2.1.7.66 = STRING: "send_all_v1"
iso.3.6.1.6.3.12.1.2.1.7.65.83 = STRING: "send_all"
iso.3.6.1.6.3.12.1.2.1.8.66 = INTEGER: 3
iso.3.6.1.6.3.12.1.2.1.8.65.83 = INTEGER: 3
iso.3.6.1.6.3.12.1.2.1.9.66 = INTEGER: 1
iso.3.6.1.6.3.12.1.2.1.9.65.83 = INTEGER: 1
In the third line in the output above, the 4 left hexa octets (CB 50 7B 4F) are the IP
of the NX server. In the fourth line of the output above, the 4 left hexa octets (CB
50 7A 34) represent the IP address of the additional trap server.
2-4
SNMP Traps
2.1.2 NetworkSecure
The following sections describe how to define NetworkSecure’s performance
thresholds and configure NetworkSecure traps.
2.1.2.1 Defining NetworkSecure Performance Thresholds

An object sends a traps after exceeding a threshold. This section describes how to
define NetworkSecure’s performance thresholds.
To define NetworkSecure performance thresholds, do the following:
• Module thresholds: In the NetworkSecure Administration Guide, see 6.5
Alert Configuration. This section describes how, from the NetworkSecure
Administration GUI, to activate logs for a module and configure
performance thresholds. See especially the following:
⧫ 6.5.1 Activating Performance Logs for a Module: This section
describes how to activate logs for a NetworkSecure module. If logs are
not activated, then they cannot be sent as SNMP traps.
⧫ 6.5.2 Configuring Performance Logs for a Module: This section
describes how to define performance thresholds, exceeding which
NetworkSecure may send SNMP traps.
• Server thresholds: In NetworkSecure 15.3, you change a server threshold
using configtool, as follows:
./configtool --cm-data [CM IP]:10500 --op WriteKey --config-file
etc/ProcessMonitor/ProcessMonitor.conf --config-key
Monitor#Performance#[THRESHOLD]#[KEY] --config-value [VALUE]
Where:
⧫ [CM IP] is the IP of the Central Manager.
⧫ [THRESHOLD] is the type of server threshold that you want to change,
as follows:
Enter this as [THRESHOLD]: Which you can monitor as described here:
CPU usage: CPU CPU Indicator
Memory usage: MEM Memory Indicator
Server Hard Disk Usage: Server Hard Disk Usage
Disk#default
Network errors: Server Network Usage
NIC#default#RX
NIC#default#TX
2-5
SNMP Traps
⧫ [KEY] is the key that you want to change, either Max for the threshold
or Time for the length of time above which the alarm is sent.
⧫ [VALUE] is the value that to which you want to change the threshold.
Use the following rules of thumb:
⧫ A server’s CPU maximum should be 90% of its total amount of CPUs.
For example, if the server has 14 CPUs, the total CPU equal to 1400,
then the maximum should be 1260.
⧫ A server’s memory maximum should be 90% of its total memory. For
example, if the server has 48137 in total, then the maximum should
be 43323.
2.1.2.2 Configuring NetworkSecure Traps

To configure NetworkSecure traps, see the following sections from the
NetworkSecure Administration Guide:
• 6.10.8 SNMP Clusters and Servers: This section describes how to configure
an external SNMP server or cluster from the NetworkSecure Administration
GUI.
• 6.7 Alert Configuration: This section describes how, from the
NetworkSecure Administration GUI, to have NetworkSecure alerts recorded
in the NetworkSecure logs, defined as SNMP traps and sent as emails. See
especially the following:
⧫ 6.7.1 Defining the Default Alert Configuration: This section describes
how to define the default alert configuration according to the severity
level. For example, you can define all critical alerts as SNMP traps.
⧫ 6.7.3 Defining an Alert Exception: This section describes how you can
define the alert configuration for a specific alert. The following alerts
are frequently defined as traps:
Alert Description
4589 %s has exceeded its CPU limit (%s %%) to reach at: %s %%
4590 %s was killed to exceed its CPU limit (%s %%) to reach at: %s %%
4591 %s has exceeded its Memory limit (%s MB) to reach at: %s MB
4592 %s was killed to exceed its Memory limit (%s MB) to reach at: %s MB
4593 %s has exceeded its Virtual Memory limit (%s MB) to reach at: %s MB
%s was killed to exceed its Virtual Memory limit (%s MB) to reach at: %s
4594
MB
2-6
SNMP Traps
4595 Machine has recovered its used CPU limit (%s %%) to reach at: %s %%
4596 Machine has recovered its free Memory limit (%s MB) to reach at: %s MB
Machine has recovered its free Disk limit (%s MB) to reach at: %s MB (file
4597
system %s)
4598 %s has recovered its CPU limit (%s %%) to reach at: %s %%
4599 %s has recovered its Memory limit (%s MB) to reach at: %s MB
4600 %s has recovered its Virtual Memory limit (%s MB) to reach at: %s MB
5066 There were lost %s packet(s) at interface %s
2.1.3 NetXplorer (Trap Forwarding)

The following steps describe how to configure the NetXplorer server to forward
certain predefined events collected from the different Service Gateway, SMP, DM
and STC platforms to an external server.
2.1.3.1 Where to Send the Traps

To configure the external server to which traps from the NetXplorer should be sent,
follow the procedure below:
1. From the network pane
in the NetXplorer GUI,
choose Network
2. Right click and select
Configuration
3. Select the SNMP Tab
4. Set the appropriate
community for the
external trap server by
filling in the
Community field in the
NX Agent window. The
default community is
Figure 2-1: Setting External Trap Server
allotcomm.
5. Click on “Add” and enter the target IP address of the external trap server
and the target port. The default target port is 162.
6. Choose OK. The chosen external trap server will appear in the Trap Target
dialog. Up to 5 trap servers can be configured.
2-7
SNMP Traps
2.1.3.2 Which SNMP Version to Use

By default, traps will be sent from NetXplorer using SNMP v2. This can be changed
to v3 by using the following CLI command on the NetXplorer:
ConfigurationCLI.sh -setParam -paramName ENTERPRISE_SNMP_TOPIC -
paramSubName traps_security_mode -setIntegerParam [VALUE]
Where [VALUE] may be one of the following:
• 1: Only v2
• 2: Only v3
• 3: Both v2 and v3
For a full explanation of how to run the ConfigurationCLI.sh commands, refer to the
NetXplorer Installation and Admin Guide Chapter 7 (Command Line Interface)
Note that after the command is executed, NetXplorer should be restarted.
2.1.3.3 Which Traps To Send

All events created by the Allot SG, DM, ClearSee, SMP and STC are automatically
sent to the Allot NetXplorer Server, and appear in the server events log. If an
external trap server has been defined, some of these events are automatically sent
to it. For other events, the administrator can decide whether to send traps or not.
This is done by clicking the “External Trap” checkboxes in the “Event Types
Configuration” screen which is accessed from the Events/Alarms pane in the
NetXplorer GUI, as shown below.
2-8
SNMP Traps
Figure 2-2: Event Types Configuration

Consult with the table below.
• Events marked “By Default” will be sent automatically as traps to an
external trap receiver configured in 2.1.3.1 above
• For events marked “Configurable”, the NX administrator may manually
determine if they will be sent to an external trap receiver from the event
types configuration screen on the NetXplorer Management Interface
• All of the events in the table below are sent to the NetXplorer User
Interface and are recorded in the events log.
Trap Sent to External Server Event Sent
to NX UI
ID Event By Default Configurable
1 Rising TCA (Threshold Crossing Alarm) X X X

2 Falling TCA (Threshold Crossing Alarm) X
3 Device Configuration X X
4 Line Policy Change X X
5 Pipe Policy Change X X
6 Virtual Channel Policy Change X X
2-9
SNMP Traps
to NX UI
7 Catalog Entry Change X X

8 Suspected DoS Attack Started (Not supported on AOS) X X X
9 Suspected DoS Attack Stopped (Not supported on AOS) X
10 External Data Source Down X X X
11 External Data Source Up X
12 Software Problem X X
13 NetEnforcer Access Violation X X
14 Link Down X X X
15 Link Up X
16 Cold Start X X
17 Warm Start X X
18 Authentication Failure X X
19 NetEnforcer IP Address Change X X
20 Connection Routing Configuration X X
21 Device Status Down X X X
22 Device Status Up X
23 Application Info X X X
24 Protocol Update Installation X
25 Board status changed X X
26 Input optical signal status changed X X
27 Output optical signal status changed X X
28 Input frame error rate status changed X X
29 Output frame error rate status changed X X
30 Link Down X X X
31 Link Up X
100 Server Unreachable X X X
101 Server Reachable X
102 Device Unreachable X X X
103 Device Reachable X
104 User Forced Clear Alarm X
2-10
SNMP Traps
to NX UI
107 Device Hardware Change X X
108 User Force Clear All Alarms X
109 User Logged In X X
110 User Logged Out X X
111 Catalogs Synchronization Problem X X
112 Catalog Rejected by NetEnforcer X X
113 Automatic Alarm Purge X
114 Policy and Catalogs Export X X
115 NetEnforcer Configuration Import X X
116 Server Management Ownership Taken from Device X X X
117 Server Management Ownership of Device Taken X X X
Missing Events were not Found on Device Trap Table X X

118
During Synchronization
119 Device Add X X
120 License expiration warning (NX Old License - Obsolete) X X X
121 License is expired (NX Old License - Obsolete) X X
122 Server license registered X X
123 Clear license expiration warning X
124 Device invalid policy received X X
125 Policy data is not synchronized on device X X
126 AS does not support device software version X X X
127 Device was deleted from system X
128 Server was deleted from system X
129 Catalog action failed X X X
130 Configuration Database Incremental Backup failed X X
131 Configuration Database Full Backup failed X X
132 Country classification file updated X X X
133 New Protocol updates are available X X X
134 Install new protocol updates to AS X X X
135 Install new protocol updates to device X X X
136 Scheduler forced clear alarms X X
2-11
SNMP Traps
to NX UI
Device license expiration warning (NE Old License - X X X

137
Obsolete)
138 Device license is expired (NE Old License - Obsolete) X X X
139 Clear device expiration warning X
140 Rollback AS protocol updates X X X
141 Rollback device protocol updates X X X
142 Asymmetric remote device configuration changed X X
143 Asymmetric remote device HealthCheckStatus changed X X
144 Blacklist source up X
145 Blacklist source down X X X
146 Blacklist server status up X
147 Blacklist server down X X X
148 License warning (for NE/SG and NX) X X X
149 License critical (for NE/SG and NX) X X X
150 Board temperature status X X
151 WebSafe update trap X X
152 Generic trap X X
153 Board status changed extended X X
154 No updated Blacklist File X X X
155 Updated Blacklist File X X
156 Board host activity status changed X X
157 Integrated Service is Up X
158 Integrated Service is Down X X X
159 Integrated Service Server is Up X
160 Integrated Service Server is Down X X X
161 Board is up X
162 Board is down X X X
163 Server of Integrated Service is Overloaded X X X
164 Server of Integrated Service is Overloaded X
165 Geo Redundancy backup failed X X X
166 Geo Redundancy backup resumed X
2-12
SNMP Traps
to NX UI
167 Facebook Configuration Event X X
168 NHR NA is Down X X X
200 Collector Reported Device Unreachable X X X
201 Collector Reported Device Reachable X
202 Invalid Bucket Time in Collector X X X
203 Valid Bucket Time in Collector X
204 Invalid Bucket Time in Collector X X
205 Real Time Bucket Overload in Collector X X
206 Short Term Bucket Overload in Collector X X
207 Bucket Validated in Collector X
210 Real-Time and Short-Term Bucket Overload in Collector X X
211 Bucket Overload in Collector Finished X
212 Collector Reported Disk has reached 70% Utilization X X X
213 Collector Reported Disk Utilization Problem Fixed X
Short Term Collector Reported Database Full Backup X X

214
Failed
Long Term Collector Reported Short Term Collector X X X
300
Unreachable
Long Term Collector Reported Short Term Collector X
301
Reachable
Long Term Collector Reported Disk has reached 70% X X X

304
Utilization
Long Term Collector Reported Disk Utilization Problem X
305
Fixed
Long Term Collector Reported Database Full Backup X X
306
failed
401 Quota violation X X
402 Quota recovery X
2-13
SNMP Traps
to NX UI
403 Domain not found X X
404 SMP provision error trap X X
405 SMP multi fail trap X X
406 SMP High Availability Trap X X
407 SMP System Trap X X
408 SMP provisioning error trap X X
409 SMP multi-fail trap X X
410 SMP system trap X X
411 SMP net aware trap X X
412 SMP provisioning error trap Ipv6 X X
413 SMP lost connection with PCRF X X
414 SMP reestablished connection with PCRF X
415 SMP lost connection with OCS X X
416 SMP reestablished connection with OCS X
417 Domain Controller connection lost X X X
418 Domain Controller connection established X
419 SMP FUP connection lost X X X
420 SMP FUP connection established X
450 DM Copy To Failure Up trap X X X
451 DM Record Rate Up trap X X X
452 DM Record Rate Down X X
453 DM Copy to Failure Down X X
454 DM Get File Failure Up trap X X X
500 Disk Storage Trap X X X
600 Reaching 70 percents storage utilization Up trap X X X
601 Storage Utilization above 70 percents Down trap X
2-14
SNMP Traps
to NX UI
606 DM Communication Loss Up trap X X X
607 DM Communication Loss Down trap X
608 No Data Uploaded Up trap X X X
609 No Data Uploaded Down trap X
610 Over 30 percents Total Corrupted files (based in KPI) X X X
611 Total Corrupted files below 30 percents X
612 BI Failover Occurred X X X
613 Passive BI is Up Event X
614 Failure to push configuration X X X
615 Push configuration succeed X
616 BI cluster servers are out of sync up X X X
617 BI servers are now in-sync X
618 ClearSee Reports are unavailable X X X
619 ClearSee Reports are now available X
620 ClearSee Reports High-Availability is down X X X
621 ClearSee Reports High-Availability restored X
622 ClearSee system is down X X X
623 ClearSee system active X
624 ClearSee Data-Warehouse High-Availability is down X X X
625 ClearSee Data-Warehouse High-Availability restored X
626 ClearSee system-wide High-Availability is down X X X
627 ClearSee system-wide High-Availability restored X
628 ClearSee system is down X X X
629 ClearSee system active X
630 ClearSee system - file backlog occured X X X
631 ClearSee system - file backlog cleared X
632 ClearSee system - aggregation backlog occured X X X
633 ClearSee system - aggregation backlog cleared X
634 ClearSee system - connection to CDC lost X X X
635 ClearSee system - connection to CDC is up X
2-15
SNMP Traps
If you wish traps to be sent (either manually or automatically) for additional events, please
contact support@allot.com . A full list of events can be found in Appendix C of the NetXplorer
Installation and Administration Guide.
2.2 List of Traps Sent from Allot Network Elements

2.2.1 Service Gateway Traps
The traps that are sent are listed below are divided into traps which are part of the
private Allot MIB, and standard traps. For each trap, the name, OID and an
explanation are listed in the tables below.
2.2.1.1 Allot’s Private MIB

Each of the traps below begins with the OID: 1.3.6.1.4.1.2603.0
Name Description OID
alDeviceConfChangeTrap This trap is sent when 1.3.6.1.4.1.2603.0.1
one of generic status
variables on the Service
Gateway is changed. (e.g:
change to host name of
device). The generic
status variable is defined
in the MIB table
alGenericLastChangeVar
alCatalogConfChangeTrap This trap is sent if a
1.3.6.1.4.1.2603.0.2
configuration change has
been made on one of the
catalogs (e.g: a new
catalog has been added
or an existing catalog has
been modified.
alLineConfChangeTrap This trap is sent if a 1.3.6.1.4.1.2603.0.3
lines (e.g: a line has been
added, or a catalog has
been assigned to an
existing line)
alPipeConfChangeTrap This trap is sent if a 1.3.6.1.4.1.2603.0.4
2-16
SNMP Traps
pipes (e.g: a pipe has
been added, or a catalog
has been assigned to an
existing pipe)
alVCConfChangeTrap This trap is sent if a
1.3.6.1.4.1.2603.0.5
virtual channels (e.g: a VC
has been added, or a
catalog has been
assigned to an existing
VC)
alAlertRisingTrap This trap is sent if one of
1.3.6.1.4.1.2603.0.6
the alerts crossed the
defined threshold. For
the SG, only “disk
overflow” and “memory
overflow” can be defined.
alAlertFallingTrap This trap is sent if the 1.3.6.1.4.1.2603.0.7
alert value returned
below the normal
threshold
alDataSourceDownTrap This trap is sent if the
1.3.6.1.4.1.2603.0.10
data source is
unreachable (e.g: NTP
server is unreachable).
The relevant data source
is listed in the trap and
list of data sources is
contained in
alDataSourceType.
Currently the trap will
only be sent for the NTP
data source.
Replaced by …2603.0.48
alDataSourceUpTrap This trap is sent once the
1.3.6.1.4.1.2603.0.11
data source is reachable
again (e.g: NTP server can
now be reached)
Replaced by …2603.0.49
alSoftwareProblemTrap This trap is sent in the
1.3.6.1.4.1.2603.0.12
event of an internal
software problem. (e.g: If
a blade reboots). If you
2-17
SNMP Traps
receive this trap you
should contact
support@allot.com for
assistance.
alAccessViolationTrap This trap is sent if an
1.3.6.1.4.1.2603.0.13
access violation attempt
is discovered at the Linux
level.
alIpAddrConfChangeTrap This trap is sent if the IP
1.3.6.1.4.1.2603.0.14
Address of the
management port has
been added, removed or
modified.
alConnRouteConfChangeTrap This trap is sent if there
1.3.6.1.4.1.2603.0.15
has been a change in the
connection routing
configuration.
alDeviceStatusUpTrap
This trap is sent if any of 1.3.6.1.4.1.2603.0.16
the following device
status changed from
down to up:
• Bypass Setting (for
parallel redundancy
only)
• Power Status
• Fan Status
• Remote Bypass
• Bypass
The reading is taken from
the alSystemStatus table.
alDeviceStatusDownTrap
This trap is sent if any of 1.3.6.1.4.1.2603.0.17
the device status listed
above have changed
from up to down.
alApplicationInfoTrap This trap is for
1.3.6.1.4.1.2603.0.18
information only, and is
reserved for
customization as per
requirements. From
AOS15.1, this trap will be
sent should the 5,000
maximum addresses /
2-18
SNMP Traps
ranges limit of IPv4 and
IPv6 traffic be breached.
(NOTE: the 5,000 max is
based on the assumption
of 1000 addresses/ranges
for user defined lists and
4000 for Facebook
control traffic)
alBoardStatusChangeTrap This trap is sent if the
1.3.6.1.4.1.2603.0.19
hardware or software
status of any of the cards
in an AOS in-line platform
has been changed
(including platforms
based on a single card
such as AC-3000). The
trap will list the
following:
- Board ID. This indicates
the slot number of the
card
- Board Type. This can be
any of the following:
• third party
• apc (SGCC)
• dpic (SGFP)
• host (SGSV-110)
• byc (SGBP)
• spider (CC-220)
• scorpion (N/A)
• switch (SFC-200)
• dispatcher (FB-200)
• bypass (BP-204)
• VAS (NSS-MS/SP)
• exc-CC (CC-300
• exc-SBH (SFB-300)
• nex-1 (N/A)
• hsfb (1GE-300)
• vdc (VideoClass)
• vdcAPD (APD)
• vdcITR (ITR)
• smp
• vdcMGMT (MGMT)
• cc400 (CC-400)
• sfb400rio8c (SFB-400)
2-19
SNMP Traps
• sfb420rio24c
• sfb420rio102c
• shelfManager
• sfb420rio102cf
• sg9500
• sgve
• sg9500A
• sg9100
• vasType2 (Artysen)
• sg9008
• ssg400
• Virtual Host (SG-VE
200)
• VirtualCC (SG-VE 200)
• Virtual FB (SG-VE 200)
• sg-9700
• ssg200
- Board SW Status (SGFP)
• not active (SGFP
bypass)
• active
• standby
• NA
- Board HW status
• Off
• On
alWebUpdateTrap This trap will be sent for
1.3.6.1.4.1.2603.0.20
each attempted web
update.
alAsymmetricRemoteDeviceConfTrap This trap will be sent
1.3.6.1.4.1.2603.0.21
when the configuration
of an asymmetric remote
device is changed or if
such a device has been
added or removed.
alAsymmetricRemoteDeviceStatusTrap This trap will be sent
1.3.6.1.4.1.2603.0.22
when the health check of
an asymmetric remote
device changes.
alLicenseWarnEventTrap This trap will be sent for
1.3.6.1.4.1.2603.0.23
warning level states of
the license. The trap
includes details about the
license parameter and its
value.
2-20
SNMP Traps
alLicenseCritEventTrap This trap will be sent for
1.3.6.1.4.1.2603.0.24
critical level states of the
license. The trap includes
details about the license
parameter and its value.
alBoardTemperatureStatusTrap This trap is sent when
1.3.6.1.4.1.2603.0.25
temperature crosses the
range border
alURLFilteringUpdateTrap This trap will be sent for
1.3.6.1.4.1.2603.0.26
each attempted websafe
update
alGenericTrap This is for internal use
1.3.6.1.4.1.2603.0.27
only (communication
between AOS and NX)
alBoardHostActivityStatusChangeTrap This trap is sent when the
1.3.6.1.4.1.2603.0.28
host activity status of a
particular blade changes.
The possible options are:
-1- Not Ready (Host
status is neither active
nor on standby)
-2- Active (This blade is
currently being used as a
host)
-3- Standby (This blade is
ready to become an
active host)
-100-This blade does not
contain a host functional
element
alBoardStatusChangeExTrap This trap is identical to
1.3.6.1.4.1.2603.0.29
the
alBoardStatusChangeTrap
with the exception that
the board ID is also given
within a dedicated
varbind.
alOptIfInputTrap This trap is sent when the
1.3.6.1.4.1.2603.0.30
input optical signal alarm
status changes.
NOTE: this trap is
configured using the CLI
command:
2-21
SNMP Traps
go config
optical_if_alarm
For more details see the
AOS Operation Guide.
alOptIfOutputTrap This trap is sent when the
1.3.6.1.4.1.2603.0.31
output optical signal
alarm status changes.
NOTE: this trap is
configured using the CLI
command
go config
optical_if_alarm
For more details see the
AOS Operation Guide.
alIfXInFrameErrorRateTrap This trap is sent when the
1.3.6.1.4.1.2603.0.32
input frame error rate
alarm status changes
alIfXOutFrameErrorRateTrap This trap is sent when the
1.3.6.1.4.1.2603.0.33
output frame error rate
alarm status changes
alLinkDown Link Down trap. May be
1.3.6.1.4.1.2603.0.34
used as an alternative to
the standard SNMPv2
linkDown trap
alLinkUp Link Up trap. May be
1.3.6.1.4.1.2603.0.35
used as an alternative to
the standard SNMPv2
linkUp trap
alIntegratedServiceServerUpTrap Integrated service server
1.3.6.1.4.1.2603.0.36
(steering server) is up
alIntegratedServiceServerDownTrap Integrated service server
1.3.6.1.4.1.2603.0.37
(steering server) is down
alIntegratedServiceUpTrap Connection to the
1.3.6.1.4.1.2603.0.38
integrated service cluster
is up
alIntegratedServiceDownTrap Connection to the
1.3.6.1.4.1.2603.0.39
integrated service cluster
is down
alBoardUpTrap Board is up. HW & SW
1.3.6.1.4.1.2603.0.40
are active
alBoardDownTrap Board is down. HW/SW
1.3.6.1.4.1.2603.0.41
failure
alSgNhrHaUpTrap SG Redundancy (AOSRP)
1.3.6.1.4.1.2603.0.42
is up
2-22
SNMP Traps
alSgNhrHaDownTrap SG Redundancy (AOSRP)
1.3.6.1.4.1.2603.0.43
is down
alIntegratedServiceServerUpVer2Trap Same as …2603.0.36 with
1.3.6.1.4.1.2603.0.44
the addition of server
state reason (L2
Tracking/BFD, IPv4
Tracking, IPv6 Tracking)
alIntegratedServiceServerDownVer2Trap Same as …2603.0.37 with
1.3.6.1.4.1.2603.0.45
the addition of server
state reason (L2
Tracking/BFD, IPv4
Tracking, IPv6 Tracking)
alDataSourceDownV2Trap Replaces …2603.0.10
1.3.6.1.4.1.2603.0.46
Includes IPv6 addresses
alDataSourceUpV2Trap Replaces …2603.0.11
1.3.6.1.4.1.2603.0.47
Includes IPv6 addresses
2.2.1.2 SNMP Standard Traps

Each of the traps below are not part of the Allot private MIB, but belong to the standard
SNMPv2 MIB. Each one begins with the OID: 1.3.6.1.6.3.1.1.5
coldStart This trap is sent if the SNMP agent 1.3.6.1.6.3.1.1.5.1
process on the NE/SG re-initializes
itself or the device itself reboots.
linkDown This trap is sent if one of the 1.3.6.1.6.3.1.1.5.3
communication links on the NE or SG
is about to go down. E.g: when
disconnecting internal or external
interfaces
linkUp This trap is sent if one of the 1.3.6.1.6.3.1.1.5.4
communication links on the NE or SG
is about to go up. E.g: when
connecting internal and external
interfaces
authenticationFailure This trap is sent if the NE or SG has 1.3.6.1.6.3.1.1.5.5
received a protocol message that is
not properly authenticated. (e.g:
request for wrong community
2-23
SNMP Traps
2.2.2 SMP Traps
The SMP server sends 9 different types of traps to the NetXplorer. These traps can
also be sent to the Service Provider’s NOC.
SMPProvisionErrTrap This provision error trap is 1.3.6.1.4.1.2603.11.3.1
now deprecated and is
superceded by
alSMPProvisionErrTrapIpv6
SMPMultiFailTrap This trap is sent whenever 1.3.6.1.4.1.2603.11.3.2
the same provision errors are
received for multiple
subscribers. It includes the
following details:
• Initiating Process (see
below)
• Fail Cause (see below)
SMPSystemTrap This communication trap is 1.3.6.1.4.1.2603.11.3.3
now deprecated and is
superceded by traps
…2603.11.3.6/7/8/9
alNetAwareTrap This trap is sent upon cell 1.3.6.1.4.1.2603.11.3.4
congestion or when
congestion in a cell is cleared
alSMPProvisionErrTrapIpv6 This trap is sent whenever 1.3.6.1.4.1.2603.11.3.5
the SMP server fails to
provision a particular
subscriber. The details
included in the trap are:
• Initiating Process (see
below)
• Provisioning Type (see
below)
• Fail Cause (see below)
• Subscriber Name
• Subscriber IP
• Subscriber IPv6
Address
• Subscriber IPv6 Prefix
This trap replaces the now
deprecated
alSMPProvisionErrTrap
2-24
SNMP Traps
alSMPcrfConnectAlarmUpTrap This trap is sent to indicate 1.3.6.1.4.1.2603.11.3.6
that the SMP has lost
connection with the PCRF
alSmpPcrfConnectLossAlarmDownTrap This "clear" trap is sent to 1.3.6.1.4.1.2603.11.3.7
indicate that the SMP has re-
established its connection
with the PCRF
alSmpOcsConnectLossAlarmUpTrap This trap is sent to indicate 1.3.6.1.4.1.2603.11.3.8
that the SMP has lost
connection with the OCS
alSmpOcsConnectLossAlarmDownTrap This "clear" trap is sent to 1.3.6.1.4.1.2603.11.3.9
indicate that the SMP has re-
established its connection
with the OCS
alSmpAdDcConnectLossAlarmDownTrap SMP lost connection with 1.3.6.1.4.1.2603.11.3.10
Active Directory Domain
Controller
alSmpAdDcConnectLossAlarmUpTrap SMP re-established 1.3.6.1.4.1.2603.11.3.11
connection with Active
Directory Domain Controller
alSmpFupConnectLossAlarmDownTrap SMP lost FUP connection 1.3.6.1.4.1.2603.11.3.12
with Service Gateway
alSmpFupConnectLossAlarmUpTrap SMP reestablished FUP 1.3.6.1.4.1.2603.11.3.13
connection with Service
Gateway
2.2.2.1 Initiating Process

The SMPProvisionErr and SMPMultiFail traps detail the process which initiated the error. The
process can be any of the following:
• 10: FastUpdate Process (responsible for communication between the SMP Server and
SG/NE
• 50: SMF (responsible for mapping of IP address, subscriber name and service plan)
• 60: SMP Router (responsible for routing RADIUS or DHCP messages to the smf function,
and in a distributed environment, for routing these messages to different SMP servers)
• 70: Quota Management (responsible for calculating the subscriber’s quota usage)
• 80: Event Distributor (responsible for sending updates with subscriber data from the
SMP to the NX)
• 90: High Availability (responsible for the high availability cluster)
• 100: pcc (when SMP is integrated with an external PCRF)
2-25
SNMP Traps
2.2.2.2 Provisioning Type

In an SMPProvisionErr, the provisioning type information is also given. This indicates whether
the error for a subscriber was any of the following:
• Undefined (0)
• Start message (1)
• Stop message (2)
• Timeout (3)
• An “add event” trigger (4)
• An “enhanced start” message (5)
• A “remove event” trigger (6)
2.2.2.3 Fail Cause

The SMPProvisionErr and SMPMultiFail traps detail the cause of the failure. The cause recorded
can be any of the following:
0. Unknown Cause
1. Invalid Parameter
2. Subscriber Limit Has Been Reached
3. Domain Not Found
4. Unknown Subscriber
5. Communication Error
6. Subscriber Timeout
7. SMP Node StartUp
8. HeartBeat SwitchOver (for high availability configurations)
9. Passive Node Not Synched (for high availability configurations)
10. Passive Node Down (for high availability configurations)
11. Host Not Active
12. IP Not Assigned to Host
13. Unknown IP
2-26
SNMP Traps
2.2.3 Data Mediator Traps

The Data Mediator (DM) sends 7 different types of traps to the Service Provider’s
NOC.
alDmCopyToFailureUp This trap is sent whenever a file 1.3.6.1.4.1.2603.1
push failed. The alarm is raised 2.4.1
provided that a configured
interval has passed since the last
time a copytofailure alarm was
raised towards the same target.
alDmRecordRateUp This trap is sent if the rate of 1.3.6.1.4.1.2603.1
CDRs processed per second 2.4.2
passes the configured threshold
for each interval.
alDmRecordRateDown This trap is sent if the rate of 1.3.6.1.4.1.2603.1
CDRs processed per second 2.4.3
returns to below the configured
threshold for each interval.
alDmCopytoFailureDown This trap is sent if there was a 1.3.6.1.4.1.2603.1
failure to push a file to the target 2.4.4
host.
The trap will include the failed
target host.
alDmGetFileFailureUp This trap is sent if the “get file” 1.3.6.1.4.1.2603.1
operation from the in-line 2.4.5
platform failed. The trap will
include the relevant in-line
platform and the relevant
filename.
alDmKpiFilesIncomingCorrupte Triggered when the percentage 1.3.6.1.4.1.2603.1
dLastIntervalPercentTcaRisingT of corrupted incoming files in the 2.4.6
rap last interval crosses a threshold.
alDmKpiFilesIncomingCorrupte Triggered when the percentage 1.3.6.1.4.1.2603.1
dLastIntervalPercentTcaFallingT of corrupted incoming files in the 2.4.7
rap last interval is no longer above
the threshold.
2.2.4 ClearSee Traps

ClearSee sends the following different traps to the Service Provider’s NOC.
2-27
SNMP Traps
alCsStorageUtilAbove70Ala This trap is sent if storage 1.3.6.1.4.1.2603.14.4.1
rmRisingTrap utilization reaches 70%, until it
reaches 80%.
rmFallingTrap utilization drops below 70%.
rmRisingTrap utilization reaches 80%, until it
reaches 90%.
rmRisingTrap utilization reaches 90%.
alCsDmCommLossAlarmRis This trap is sent immediately if 1.3.6.1.4.1.2603.14.4.7
ingTrap a communication loss is
detected with the DM,
whether for communication
issues or the DM is down.
alCsDmCommLossAlarmFal This trap is sent after 1.3.6.1.4.1.2603.14.4.8
lingTrap communication is
reestablished with the DM,
which is determined by five
minutes without
communication loss.
alCsNoDataUploadedAlarm This trap is sent if no data is 1.3.6.1.4.1.2603.14.4.9
RisingTrap uploaded to ClearSee for three
consecutive intervals. ClearSee
finds files but fails to
extract/copy them, for
example, on account of an FTP
problem.
alCsNoDataUploadedAlarm This trap is sent after data is 1.3.6.1.4.1.2603.14.4.10
FallingTrap uploaded again to ClearSee for
three consecutive intervals.
alCsInCorruptedLastInterva This trap is sent if over 30% of 1.3.6.1.4.1.2603.14.4.11
lPercentAbove30RisingTra the incoming files since the
p last interval are corrupted.
alCsInCorruptedLastInterva This trap is sent if the number 1.3.6.1.4.1.2603.14.4.12
lPercentAbove30FallingTra of corrupted incoming files
p falls below 30%.
alCsHaFailoverEventTrap This trap is sent upon the 1.3.6.1.4.1.2603.14.4.13
event of a failover, which is
when a unit changes HA status
2-28
SNMP Traps
from passive to active.
Applicable for BI only.
alCsHaPassiveAvailableEve This trap is sent by the active 1.3.6.1.4.1.2603.14.4.14
ntTrap unit when it connects to a
passive unit in HA mode.
Applicable for BI only.
alCsConfigurationFileDown This trap is sent by the 1.3.6.1.4.1.2603.14.4.15
loadFailedTrap ClearSee active unit when
Configuration File Download
has Failed
alCsConfigurationFileDown This trap is sent by the 1.3.6.1.4.1.2603.14.4.16
loadFailedClearTrap ClearSee active unit when a
Configuration File Download
has succeeded after a failure
alCsBIsyncErrorSetTrap This trap is sent by the 1.3.6.1.4.1.2603.14.4.17
ClearSee active unit when
connectivity is restored to
secondary unit and units are
out of sync
alCsBIsyncErrorClearTrap This trap is sent by the 1.3.6.1.4.1.2603.14.4.18
ClearSee active unit when both
BI units are in sync after sync
loss
alCsReportsUnavailableSet This trap is sent by the 1.3.6.1.4.1.2603.14.4.19
Trap ClearSee active unit when the
Report Service (MSTR) is down
on both BIs
alCsReportsUnavailableCle This trap is sent by the 1.3.6.1.4.1.2603.14.4.20
arTrap ClearSee active unit when
Report Service is restored on
at least a single BI node
alCsReportsHAdownSetTra This trap is sent by the 1.3.6.1.4.1.2603.14.4.21
p ClearSee active unit when One
of the BI servers is down and
the other is up (i.e: Report
Service (MSTR) is down on a BI
server)
alCsReportsHAdownClearT This trap is sent by the 1.3.6.1.4.1.2603.14.4.22
rap ClearSee active unit when the
Report Service on both BI
nodes is active
alCsSystemDownSetTrap This trap is sent by the 1.3.6.1.4.1.2603.14.4.23
ClearSee active unit when:
1. Data-Warehouse service is
down (Standalone Mode).
2-29
SNMP Traps
2. Data-Warehouse service is
down on 2 or more Data-
Warehouse nodes (Cluster
Mode)
alCsSystemDownClearTrap This trap is sent by the 1.3.6.1.4.1.2603.14.4.24
ClearSee active unit when all
services are active in BI and
Data-Warehouse nodes after
System Down status
alCsDataWarehouseHADo This trap is sent by the 1.3.6.1.4.1.2603.14.4.25
wnSetTrap ClearSee active unit when
Data-Warehouse service is
down on one of the DWH
servers. This trap is relevant in
cluster mode only.
alCsDataWarehouseHADo This trap is sent by the 1.3.6.1.4.1.2603.14.4.26
wnClearTrap ClearSee active unit when all
Data-Warehouse servers are
up (Data-Warehouse Database
service is active) after one of
them was previously down
alCsSystemHADownSetTra This trap is sent by the 1.3.6.1.4.1.2603.14.4.27
p ClearSee active unit when the
Management Database Service
is down on one of the BI nodes
(Postgres DB is down). This
trap is relevant in cluster mode
only.
alCsSystemHADownClearTr This trap is sent by the 1.3.6.1.4.1.2603.14.4.28
ap ClearSee active unit when the
management Database Service
on both BI servers is active
(Postgres DB is active) after
one of them was previously
down. This trap is relevant in
cluster mode only.
alCsPDBDownSetTrap This trap is sent by the 1.3.6.1.4.1.2603.14.4.29
ClearSee active unit when:
1. Postgres DB is down
(Standalone Mode)
2. Postgres DB is down on
both BIs (Cluster Mode)
alCsPDBDownClearTrap This trap is sent by the 1.3.6.1.4.1.2603.14.4.30
ClearSee active unit when all
services are active in BI and
2-30
SNMP Traps
Data-Warehouse nodes after a
System Down status.
2.2.5 NX Trap Forwarding

Instead of receiving separate traps from each Allot network element, the customer
may prefer to aggregate all traps and send them from a single source – the
NetXplorer. This is done using the ALLOT-NX-MIB.mib MIB file.
The NetXplorer forwards trappable alarms and sends them to the NOC. There are
two types of traps which are forwarded:
alAlarmRisingTrap This trap is sent when an alarm is 1.3.6.1.4.1.2603.10.0.1
raised
alAlarmFallingTrap This trap is sent when an alarm is 1.3.6.1.4.1.2603.10.0.2
cleared
For a full list of the traps which can be forwarded, refer to Appendix C of the
NetXplorer Installation and Administration Guide. Note the Event ID for each one.
This event ID appears in the details for each trap.
If you wish traps to be forwarded for additional events, please contact
support@allot.com .
The trap received will also include the following four OIDs which provide the
administrator with information about the alarm which has been raised or cleared:
• AlSeverity: 1.3.6.1.4.1.2603.10.2.1.1.6
• AlDescription: 1.3.6.1.4.1.2603.10.2.1.1.7
• AlTimestamp: 1.3.6.1.4.1.2603.10.2.1.1.8
• AlIndex: 1.3.6.1.4.1.2603.10.2.1.1.9
We will examine each one of these in turn.
2.2.5.1 AlSeverity
The OID which will be displayed is as follows:
1.3.6.1.4.1.2603.10.2.1.1.6.a.b.c.d.alarm.x.y.z = integer N
Where:
a.b.c.d IP address of the element from which the alarm was received.
NOTE: The IP address may be IPv4 or IPv6. For IPv4
addresses, the a.b.c.d will be the standard dotted-decimal
2-31
SNMP Traps
notation, where each decimal is an octet of the address. With
IPv6 it is a non-standard representation where each decimal is
a 32-bit unsigned integer of the address.
You can recognize the the trap contains an IPv4 or IPv6
address by looking at the “a” value If “a” is <=255 then it is an
IPv4 address. Otherwise it is an IPv6 address.
alarm Alarm ID (as per table above)
x Card ID (0 by default)
y Source ID (0 by default)
z TCA – threshold crossing alarm ID
N Alarm severity (as per table below)
The alarm severity values which will be displayed in the trap are as follows
Value Meaning
0 Unknown
1 Cleared
2 Indeterminate
3 Critical
4 Major
5 Minor
6 Warning
2.2.5.2 AlDescription
1.3.6.1.4.1.2603.10.2.1.1.7.a.b.c.d.alarm.x.y.z = STRING
The fields a.b.c.d.alarm.x.y.z are as described in AlSeverity above. The STRING here
will contain a description of the alarm, which will only be seen for a rising trap.
2.2.5.3 AlTimestamp
1.3.6.1.4.1.2603.10.2.1.1.8.a.b.c.d.alarm.x.y.z = Counter 64
The fields a.b.c.d.alarm.x.y.z are as described in AlSeverity above. The timestamp
for the alarm is presented here in UTC format.
2.2.5.4 AlIndex
2-32
SNMP Traps
1.3.6.1.4.1.2603.10.2.1.1.9.a.b.c.d.alarm.x.y.z = STRING
The fields a.b.c.d.alarm.x.y.z are as described in AlSeverity above. The string here
displays the alarm index (no new information is added here).
2.2.5.5 Example
A rising trap is forwarded to the trap receiver by NX 10.4.70.20. The forwarded trap
contains the details below:
2010-07-07 16:51:17 10.4.70.20 [UDP: [10.4.70.20]:161]:

DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (144080) 0:24:00.80
SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.2603.10.0.1
SNMPv2-SMI::enterprises.2603.10.2.1.1.6.10.4.60.234.100.0.0.0 = INTEGER: 3
SNMPv2-SMI::enterprises.2603.10.2.1.1.7.10.4.60.234.100.0.0.0 = STRING: "Test-STC is
unreachable"
SNMPv2-SMI::enterprises.2603.10.2.1.1.8.10.4.60.234.100.0.0.0 = Counter64:
1278514270000
From this trap we can learn the following:
SNMPv2-MI::enterprises.2603.10.2.1.1.9.10.4.60.234.100.0.0.0 = STRING:
"10.4.60.234.100.0.0"
• The trap is for a rising alarm (2603.10.0.1)
• The trap was received from a device with IP address 10.4.60.234. (in this
case an external collector)
• The alarm ID of the trap is 100 (server is unreachable)
• The description of the alarm tells us that the “Test-STC is unreachable”
• The severity of the alarm is critical (indicated by Integer 3)
Subsequently, a falling trap is forwarded to the trap receiver by the same NX
(10.4.70.20). This time the forwarded trap contains the details below:
2010-07-07 16:55:53 10.4.70.20 [UDP: [10.4.70.20]:161]:

DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (171737) 0:28:37.37
SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.2603.10.0.2
SNMPv2-SMI::enterprises.2603.10.2.1.1.6.10.4.60.234.100.0.0.0 = INTEGER: 1
SNMPv2-SMI::enterprises.2603.10.2.1.1.7.10.4.60.234.100.0.0.0 = ""
SNMPv2-SMI::enterprises.2603.10.2.1.1.8.10.4.60.234.100.0.0.0 = Counter64:
1278514546915
SNMPv2-SMI::enterprises.2603.10.2.1.1.9.10.4.60.234.100.0.0.0 = STRING:
"10.4.60.234.100
.0.0"
From this trap we can learn the following:
2-33
SNMP Traps
• The trap is for a falling alarm (2603.10.0.2)
• The trap was received from a device with IP address 10.4.60.234. (as in the
rising alarm)
• The alarm ID of the trap is 100 (server is unreachable)
• As this is a falling alarm, the description of the alarm is empty “”, however we
can clearly tell to which alarm this refers from the alarm ID (100)
• The severity of the alarm provides a further indication that this is a “cleared
alarm” (indicated by Integer 1)
2.2.6 COTS Hardware Traps

2.2.6.1 Remote Management Traps
Different Allot Servers are based on different Commercial Off-The-Shelf (COTS)
hardware. Each COTS hardware type, typically has its own remote management
system.
Allot System COTS Server on which it is Based Remote
Management
NetXplorer IBM / Lenovo IMM
Data Mediator System X (Mx)
ClearSee
SMP
DDoS Secure Controller
NetworkSecure
SG-9100 v1 Lenovo ThinkServer (RDxxx) TSM
SSG600 v1
SSG800 v1
SG-9100 v2 Lenovo ThinkSystem (SRxxx) XCC
SSG600 v2
SG-9700 HP Proliant (DLxxx) iLO
SG-9500
SG-9008
SSG800 v2
SSG400
SSG200
Gateway Manager
Using the respective remote management mechanism (IMM, TSM, XCC, iLO), each
COTS server can be configured to generate and send traps on different hardware
events.
2-34
SNMP Traps
2.2.6.2 Storage Device Traps
When Allot management (NX, SMP, DM) is deployed as a High Avaialbility Platform
(HAP), in some cases, a separate storage device is deployed in addition to two
server node.
The storage device may be based on different Commercial Off the Shelf hardware.
For example, depending on the generation of server shipped to the customer, the
storage sever in a HAP may be based on:
• IBM Storwize V5000 Family - V5010
• IBM Storwize V3000 Family - V3700
• IBM System Storage DS3200
In each case, the COTS Storage server can be configured to send traps to an
external NOC. Each storage type provides its own MIB files. Instructions on how to
configure each storage server to send traps can be found in the relevant Allot
Installation and Administration Guide.
2.2.7 NetworkSecure Traps

The traps in the following sections are from versions 1 and 2 of the NetworkSecure
MIB, and from the NetworkSecure Topology MIB. See NetworkSecure Topology for
the Topology MIB’s topology KPIs.
2.2.7.1 Critical
These critical traps are from versions 1 and 2 of the NetworkSecure MIB.
NAME DESCRIPTION OID (NETWORKSECURE MIB V2 / V1)
event1 Unable to load [S]. Exiting program
This error is produced when an Operation module
cannot load a critical resource. Without it, the 1.3.6.1.4.1.30738.0.0.0.1 /
program must exit. The parameter is the critical 1.3.6.1.4.1.30738.5.1
resource name. Check that this resource exists and
that the module has rights to access it.
event2 Unable to reload [S]. Exiting program.
cannot reload a critical resource. Without it, the 1.3.6.1.4.1.30738.0.0.0.2 /
program must exit. The parameter is the critical 1.3.6.1.4.1.30738.5.2
resource name. Check that this resource exists and
that the module has rights to access it.
event3 Unable to start [S]. Exiting program.
cannot start some critical subprocesses (e.g. threads).
1.3.6.1.4.1.30738.0.0.0.3 /
Without them, the program must exit. Check that the
server has enough resources (disk space, RAM,
1.3.6.1.4.1.30738.5.3
available socket descriptors).
Modules: All
2-35
SNMP Traps
event4 Unable to start up MFCs. Exiting program
cannot start MFC´s library. Without these objects, 1.3.6.1.4.1.30738.0.0.0.4 /
windows sockets do not work and the program must 1.3.6.1.4.1.30738.5.4
exit. Only for Windows OS.
Modules: WF
event5 Thread [S] throws an exception that cannot be caught.
This error is produced when a thread launches an
exception the program does not catch. An uncaught 1.3.6.1.4.1.30738.0.0.0.5 /
exception is a critical error. The parameter is the name 1.3.6.1.4.1.30738.5.5
or the number of the thread.
Modules: WF
event6 Unable to get install directory. Exiting program.
cannot ask for its install directory. Without this 1.3.6.1.4.1.30738.0.0.0.6 /
parameter, the program does not work properly and 1.3.6.1.4.1.30738.5.6
must exit.
Modules: PM, CM, WF, RM
event7 Unable to check program license. Exiting program
1.3.6.1.4.1.30738.0.0.0.7 /
cannot check its license against remote license
servers.
1.3.6.1.4.1.30738.5.7
Modules: CT, CM, AS, WF, RM
event8 Invalid SOAP Port: [N]. Exiting program.
Some Operation modules need a SOAP
communication channel. This error appears when the
configured port cannot be used or it is busy. The 1.3.6.1.4.1.30738.0.0.0.8 /
parameter is the port number. Check that no other 1.3.6.1.4.1.30738.5.8
application is using that port or change the port
number in the configuration files.
Modules: CT
event9 [S] signal received. [S]
This error appears when an external signal is received
by the program. The first parameter is the signal 1.3.6.1.4.1.30738.0.0.0.9 /
received and the second is the description of that 1.3.6.1.4.1.30738.5.9
signal.
Modules: CT, CM
event10 Unable to set [S] service [S]. Exiting program.
The process cannot run as a service due to some
1.3.6.1.4.1.30738.0.0.0.10 /
reason (access denied, invalid name, invalid
parameter, service already exist…)
1.3.6.1.4.1.30738.5.10
Only in case of PC-Windows version.Modules: PM, WS
event11 Unable to get [S] port. Exiting program.
This error appears when the configured server port
cannot be used or is busy, for example. The parameter 1.3.6.1.4.1.30738.0.0.0.11 /
is the port number or the interface name that uses 1.3.6.1.4.1.30738.5.11
that port. Check that no other application is using that
port or change the port number in the configuration
2-36
SNMP Traps
files.
Modules: AS
event12 Unable to get [S]. Exiting program

cannot reload a critical resource (a parameter, a 1.3.6.1.4.1.30738.0.0.0.12 /
configuration value, etc.). Without it, the program 1.3.6.1.4.1.30738.5.12
must exit. The parameter is the critical resource name.
Modules: WF
event13 Wrong transaction. Please restart the program.
Only in case of PC-Windows version.
1.3.6.1.4.1.30738.0.0.0.13 /
Modules: QM 1.3.6.1.4.1.30738.5.13
event14 Unable to treat unhandled exception. Exiting program.
Error during module starts when the module cannot
1.3.6.1.4.1.30738.0.0.0.14 /
create the service and the exception cannot be
handled.
1.3.6.1.4.1.30738.5.14
Modules: AS, PM
event15 Unable to restore last backup: [S]. Exiting program
This error appears when a backup operation fails. The
program must exit. The parameter is the backup file 1.3.6.1.4.1.30738.0.0.0.15 /
name. Check this backup file exists and that the 1.3.6.1.4.1.30738.5.15
module has rights to access it.
Deprecated
event16 Invalid Allot License [S], the Internet connection may
be cut, please contact [S] to renew it!
This error appears when there is no internet 1.3.6.1.4.1.30738.0.0.0.16 /
connection to check the license or when the solution 1.3.6.1.4.1.30738.5.16
is not configured as a ISP or Enterprise solution
Modules: LIB, WF, CM
event17 Invalid Allot License [S], Allot products will not work,
please contact [S] to renew it!
1.3.6.1.4.1.30738.0.0.0.17 /
This error appears when the License Check failed for
more than 180 times.
1.3.6.1.4.1.30738.5.17
Modules: LIB, CM
event18 Allot License [S]
This error appears when the License Check fails.
1.3.6.1.4.1.30738.0.0.0.18 /
Modules: LIB, CM 1.3.6.1.4.1.30738.5.18
event19 Unable to create [S]. Exiting program
CCOTTA module cannot create the number of files 1.3.6.1.4.1.30738.0.0.0.19 /
descriptors (256) 1.3.6.1.4.1.30738.5.19
Modules: CT
event20 [S] is too old. [S] must be updated. Exiting program
Deprecated
1.3.6.1.4.1.30738.0.0.0.20 /
1.3.6.1.4.1.30738.5.20
event21 [S] consolidation
Deprecated
1.3.6.1.4.1.30738.0.0.0.21 /
1.3.6.1.4.1.30738.5.21
2-37
SNMP Traps
event22 Master doesnt respond to heartbeats. Backup
activated.
1.3.6.1.4.1.30738.0.0.0.22 /
Deprecated 1.3.6.1.4.1.30738.5.22
event23 FATAL: no OptenetWebFilter running. Do
/etc/init.d/optenetOF restart ( or equivalent). If not 1.3.6.1.4.1.30738.0.0.0.23 /
working, check OptenetWebFilters log. 1.3.6.1.4.1.30738.5.23
Deprecated
event24 Interface [S] is just used by the operating system.
Exiting program.
Appears when CCOTTA cannot use the network 1.3.6.1.4.1.30738.0.0.0.24 /
interface to start up the bridge because it is already in 1.3.6.1.4.1.30738.5.24
use.
Modules: CT
event25 The bridge [S] is using more than one CCOTTAs
interfaces. Exiting program.
This error appears when there is more than one bridge
1.3.6.1.4.1.30738.0.0.0.25 /
with the same network interface configured. To solve
this, review CCOTTA configuration and use a different
1.3.6.1.4.1.30738.5.25
network interface for each bridge.
Modules: CT
event26 [P]1 No Servers are available
Modules: LIB
1.3.6.1.4.1.30738.0.0.0.26 /
1.3.6.1.4.1.30738.5.26
event27 [P]1 There are no configured Servers
Modules: LIB
1.3.6.1.4.1.30738.0.0.0.27 /
1.3.6.1.4.1.30738.5.27
event28 [P]1 There are no configured Primary Servers
Modules: LIB
1.3.6.1.4.1.30738.0.0.0.28 /
1.3.6.1.4.1.30738.5.28
event29 Module health check failed: cavium bypass triggered
at [S]
1.3.6.1.4.1.30738.0.0.0.29 /
Modules: CT 1.3.6.1.4.1.30738.5.29
event30 Thread [P]1 stalled for [P]2 milliseconds
Modules: CT
1.3.6.1.4.1.30738.0.0.0.30 /
1.3.6.1.4.1.30738.5.30
event31 Processing [S] queue is full for the last [N] seconds
Modules: CT
1.3.6.1.4.1.30738.0.0.0.31 /
1.3.6.1.4.1.30738.5.31
event32 This module is not compatible with [S]. Exiting
program
1.3.6.1.4.1.30738.0.0.0.32 /
Modules: CT 1.3.6.1.4.1.30738.5.32
event33 Unable to allocate memory for [S] pool. Existing
program
1.3.6.1.4.1.30738.0.0.0.33 /
Modules: CT 1.3.6.1.4.1.30738.5.33
2-38
SNMP Traps
event34 [S] Antivirus bases are older than [N] hours. Bases UTC
date is [S]
This happens the antivirus engine couldn’t be updated
for configured number of hours (default value 96 1.3.6.1.4.1.30738.0.0.0.34 /
hours, key: etc/Global.conf 1.3.6.1.4.1.30738.5.34
Content#AntiVirusEngines#TimeDiffZ 345600)
Antitrap: 5228Related messages: 2086, 4653,
5250Modules: WF, CM
event35 File system has not passed DiskIO Health test ([S]).
Code: [S]. Action taken: [S]
1.3.6.1.4.1.30738.0.0.0.35 /
This message appears if there are HD failures (for
instance, it is not possible to write/read from a file)
1.3.6.1.4.1.30738.5.35
Antitrap: 7008Module: PM
event36 External message: [S]
This is a message that the Central Manager writes for
external modules in case there is a Critical Error. An
external script can call the SOAP
“WriteMessageAtInternalLog” to write this message in 1.3.6.1.4.1.30738.0.0.0.36 /
the Central Manager. Thus we could have internal 1.3.6.1.4.1.30738.5.36
messages in the Central Manager in case an external
Tool needs them.
Related messages:36: critical2087: error4654:
warning5243: infoModule: CM
event37 License status has changed to [S]
This message appears when there is a change in the 1.3.6.1.4.1.30738.0.0.0.37 /
license status from NORMAL to a different status. 1.3.6.1.4.1.30738.5.37
Antitrap: 7019Module: CM
event38 Unable to load [S]. Reporter cannot execute reports.
The reporter was not able to load one resource to
1.3.6.1.4.1.30738.0.0.0.38 /
execute reports. Check that the resource is
available/cofigurable
1.3.6.1.4.1.30738.5.38
Module: Central Reporter
event39 Cannot create directory [S]. [S]
This message appears when the module cannot create 1.3.6.1.4.1.30738.0.0.0.39 /
the directory specify in the message. 1.3.6.1.4.1.30738.5.39
Modules: SF
event40 Unable to load [S]. [S]
1.3.6.1.4.1.30738.0.0.0.40 /
1.3.6.1.4.1.30738.5.40
event41 Local RM-5 DB encryption configuration does not
match with current configuration. Exiting program
1.3.6.1.4.1.30738.0.0.0.41 /
1.3.6.1.4.1.30738.5.41
event42 Local RM-5 DB is already encrypted. Exiting program
1.3.6.1.4.1.30738.0.0.0.42 /
1.3.6.1.4.1.30738.5.42
2-39
SNMP Traps
2.2.7.2 Error
These error traps are from versions 1 and 2 of the NetworkSecure MIB.
Cannot open [S] file
This error appears when the program cannot open
a file. This event stops the program working
event501 1.3.6.1.4.1.30738.0.0.0.501
properly. The parameter is the file name. Check this
file exists and the module has rights to access it.
Modules: CT, CM, AS, QM, RA, RM
Cannot close [S] file
This error appears when the program cannot close
a file. This event stops the program working
event502 1.3.6.1.4.1.30738.0.0.0.502
file exists and the module has rights to write it.
Modules: AS
Cannot create [S] file.
This error appears when the program cannot create
a new file. This event stops the program working
event503 1.3.6.1.4.1.30738.0.0.0.503
file exists and the module has rights to create it.
Modules: LIB, CM
Cannot load [S] file
This error appears when the program cannot load a
file. This event stops the program working properly.
event504 1.3.6.1.4.1.30738.0.0.0.504
The parameter is the file name. Check this file exists
and the module has rights to read it.
Modules: CM, AS, WF
Cannot read at [S] file
This error appears when the program cannot read a
file. This event stops the program working properly.
event505 1.3.6.1.4.1.30738.0.0.0.505
The parameter is the file name. Check this file exists
and the module has rights to read it.
Modules: CT, AS, QM, RA
Cannot write at [S] file
This error appears when the program cannot write
in a file. This event stops the program working
event506 1.3.6.1.4.1.30738.0.0.0.506
Modules: CT, CM, AS, RA
Bad content in [S] file
This error appears when the program expects
different content from a file. This event stops the
event507 program working properly. The parameter is the file 1.3.6.1.4.1.30738.0.0.0.507
name. Check that this file exists, the module has
rights to read it and it is not corrupt.
Modules: CM, AS,
2-40
SNMP Traps
Unable to find [S] file
This error appears when the program cannot find a
file on the disk. This event stops the program
event508 working properly. The parameter is the file name. 1.3.6.1.4.1.30738.0.0.0.508
Check this file exists and the module has rights to
read it
Modules: PM
Cannot parse line at [S] file correctly. Ignoring data.
This error appears when the program cannot
understand a line in a file. The program will ignore
event509 the line, but it can stop the program working 1.3.6.1.4.1.30738.0.0.0.509
properly. The parameter is the file name. Check file
content and syntax of the line.
Deprecated
Cannot parse line at [S] file correctly. Bad field: [S].
understand a line in a file because it contains an
incorrect field. The program will ignore the line, but
event510 it can stop the program working properly. The first 1.3.6.1.4.1.30738.0.0.0.510
parameter is the file name and the second is the
bad field data name. Check file content and syntax
of the field in the line.
Deprecated
Cannot save data correctly at [S] file
This error appears when the program cannot save
data in a file. It can stop the program working
event511 1.3.6.1.4.1.30738.0.0.0.511
Modules: AS
Cannot reload [S] file
This error appears when the program cannot reload
data from a file. It can stop the program working
event512 1.3.6.1.4.1.30738.0.0.0.512
file exists and the module has rights to read it.
Deprecated
Error appending line in %s file, line: %s.
This error appears when the module cannot add a
event513 line to a file used for caching results (LDAP users for 1.3.6.1.4.1.30738.0.0.0.513
CM or antispam analysis results for AS for instance)
Modules: CM, AS
Corrupted line: [[S]] [S], in file [S].
This error appears when the module cannot read a
line from a caching file (LDAP users for CM or
event514 1.3.6.1.4.1.30738.0.0.0.514
antispam analysis results for AS for instance). This
line from the file will be ignored.
Modules: CM, AS
2-41
SNMP Traps
Bad line length in [S] file, line: [S].
This error appears when the module read a line
event515 from a caching file which is shorter than it should 1.3.6.1.4.1.30738.0.0.0.515
be. This line from the file will be ignored.
Modules: CM, AS
Bad key in [S] file, line: [S].
This error appears when the key read from a
caching file which is not properly written (it should
event516 1.3.6.1.4.1.30738.0.0.0.516
be Hex digit key). This line from the file will be
ignored.
Modules: CM, AS
Bad key or line length in [S] file, line: [S].
This error appears when the key read from a
event517 caching file which is as long as it should be (32). This 1.3.6.1.4.1.30738.0.0.0.517
line from the file will be ignored.
Modules: CM, AS
Bad line length reading timestamp in [S] file, line:
[S].
This error appears when the module cannot read a
event518 1.3.6.1.4.1.30738.0.0.0.518
timestamp from a caching file. This line from the file
will be ignored.
Modules: CM, AS
Couldnt open file ([S]) for writing.
This error appears when the module cannot open
event519 1.3.6.1.4.1.30738.0.0.0.519
the caching file for writing.
Modules: CM, AS
Error encoding file (%s) for writing.
This error appears when writing the caching file, the
event520 1.3.6.1.4.1.30738.0.0.0.520
line to write cannot be encoded.
Modules: CM, AS
Error renaming file (%s) to (%s).
This error appears when the caching file cannot be
event521 1.3.6.1.4.1.30738.0.0.0.521
renamed
Modules: CM, AS
event522 Cannot truncate [S] file in [S] bytes 1.3.6.1.4.1.30738.0.0.0.522

Deprecated
event523 Cannot get [S] file size 1.3.6.1.4.1.30738.0.0.0.523

Deprecated
event524 Cannot erase file [S]: [S] 1.3.6.1.4.1.30738.0.0.0.524

Deprecated
event525 Path size [S] is higher than max allowed [S] 1.3.6.1.4.1.30738.0.0.0.525
Deprecated
2-42
SNMP Traps
event526 Error on stat(%s):%s. 1.3.6.1.4.1.30738.0.0.0.526

Deprecated
Cannot open [S] directory. Check file system and
event527 permissions 1.3.6.1.4.1.30738.0.0.0.527
Deprecated
Memory pool: malloc required of size [S] but
event528 ChunkSize=[S] 1.3.6.1.4.1.30738.0.0.0.528
Deprecated
event529 Memory pool: no free one 1.3.6.1.4.1.30738.0.0.0.529

Deprecated
Very unclear case, surely due to previous crash, or
event530 shortage of electricity : [S][S] 1.3.6.1.4.1.30738.0.0.0.530
Deprecated
event531 Memory pool: bad alloc([S]):[S] 1.3.6.1.4.1.30738.0.0.0.531

Deprecated
Failed to consolidate database [S] into [S].
This appears when there is an error while
event532 1.3.6.1.4.1.30738.0.0.0.532
calculating the accumulated data for one log.
Modules: RM
event533 Failed to add [S] - [S] to memory database. 1.3.6.1.4.1.30738.0.0.0.533

Deprecated
Failed to add record to dynamic database [S].
This appears when there is an error while trying to
event534 add new records to the accumulated data for one 1.3.6.1.4.1.30738.0.0.0.534
log.
Modules: RM
Failed to add record to table [S] of memory
event535 database. 1.3.6.1.4.1.30738.0.0.0.535
Deprecated
Failed to add value [S] to dynamic database [S].
event536 add a new value to the accumulated data for one 1.3.6.1.4.1.30738.0.0.0.536
log.
Modules: RM
Failed to accumulate backup database [S] into [S].
event537 1.3.6.1.4.1.30738.0.0.0.537
accumulate the backup database.
Modules: RM
Failed to create dynamic database [S].
This appears when trying to create a new database
event538 1.3.6.1.4.1.30738.0.0.0.538
of accumulated data.
Modules: RM
2-43
SNMP Traps
Failed to create static database [S].
This appears when trying to create a new static
event539 1.3.6.1.4.1.30738.0.0.0.539
database of accumulated data.
Modules: RM
Failed to check integrity of just accumulated
database [S].
event540 This appears when trying to open an accumulated 1.3.6.1.4.1.30738.0.0.0.540
database.
Modules: RM
Failed to dump accumulation to static database [S].
This appears when trying add new register to the
event541 1.3.6.1.4.1.30738.0.0.0.541
accumulated database
Modules: RM
Failed to dump static database [S].
This appears when trying add new register to the
event542 1.3.6.1.4.1.30738.0.0.0.542
database
Modules: RM
Failed to flush dynamic database [S].
event543 If it wasn’t possible to flush the dynamic database 1.3.6.1.4.1.30738.0.0.0.543
Modules: RM
Failed to get [S] value cursor from database [S].
Fails if it was not possible to get the cursor from a
event544 1.3.6.1.4.1.30738.0.0.0.544
database while creating a report
Modules: RM
Failed to get next [S] value from database [S].
Fails if it was not possible to get a value from a
event545 1.3.6.1.4.1.30738.0.0.0.545
database while creating a report
Modules: RM
Failed to get next record from table [S] from
database [S].
event546 Fails if it was not possible to get the next record 1.3.6.1.4.1.30738.0.0.0.546
cursor from a database while creating a report
Modules: RM
Failed to get table [S] record cursor from database
[S].
event547 Fails if it was not possible to get the cursor from a 1.3.6.1.4.1.30738.0.0.0.547
table from a database while creating a report
Modules: RM
Failed to open static database [S].
event548 It was not possible to open a static BBDD 1.3.6.1.4.1.30738.0.0.0.548
Modules: RM
Failed to populate navigation times from [S] into
[S].
event549 This error appears when the record was 1.3.6.1.4.1.30738.0.0.0.549
accumulated in a superior unit
Modules: RM
2-44
SNMP Traps
Failed to move accumulated database from [S] to
[S].
This error appears when it was not possible to
event550 1.3.6.1.4.1.30738.0.0.0.550
move the accumulated record from one database
to another
Modules: RM
Failed to rebuild dynamic database [S] from detail
file.
event551 1.3.6.1.4.1.30738.0.0.0.551
create again the dynamic database from the
detailed logs
Modules: RM
Hour change failed, workmode [S] not found.
This error appears when it was not possible to read
event552 1.3.6.1.4.1.30738.0.0.0.552
the workmode to change the hour
Modules: RM
Failed to set core limit.
This error appears during the startup of the module
event553 if it was not possible to set the core limit. If it’s 1.3.6.1.4.1.30738.0.0.0.553
configured Exit on limit error, the module will exit
Modules: RM
Failed to set file limit.
This error appears during the startup of the module
event554 if it was not possible to set the file limit. If it’s 1.3.6.1.4.1.30738.0.0.0.554
configured Exit on limit error, the module will exit
Modules: RM
Error performing migration
This error appears if there is an error during a
event555 1.3.6.1.4.1.30738.0.0.0.555
migration from an old database to the current one.
Modules: RM
Failed to migrate database [S], unknown work
mode [S].
event556 1.3.6.1.4.1.30738.0.0.0.556
migration from an old database to the current due
to one work mode
Modules: RM
Failed to create table [S] migrating database [S].
event557 migration from an old database to the current one 1.3.6.1.4.1.30738.0.0.0.557
while creating a table.
Modules: RM
Failed to add value [S] to value table [S] migrating
database [S].
event558 1.3.6.1.4.1.30738.0.0.0.558
migration from an old database to the current one
while adding a value to a table in the new BBDD.
Modules: RM
2-45
SNMP Traps
Failed to add record to table [S] migrating database
[S].
event559 1.3.6.1.4.1.30738.0.0.0.559
migration from an old database to the current one
while adding a record.
Modules: RM
Failed to read programmed report instance [S].
This error appears if there is an error reading the
event560 programmed report instance (it was not possible to 1.3.6.1.4.1.30738.0.0.0.560
open the file)
Modules: RM
Failed to load programmed report instance [S].
This error appears if there is an error loading the
event561 1.3.6.1.4.1.30738.0.0.0.561
programmed report instance
Modules: RM
Failed to create programmed report instance [S].
This error appears if there is an error creating the
event562 1.3.6.1.4.1.30738.0.0.0.562
Modules: RM
Failed to save programmed report instance [S].
This error appears if there is an error writing the
event563 1.3.6.1.4.1.30738.0.0.0.563
Modules: RM
Failed to open programmed report instance [S].
This error appears if there is an error open the
event564 1.3.6.1.4.1.30738.0.0.0.564
Modules: RM
Failed to migrate file [S].
This error appears if there is an error migrating a
event565 1.3.6.1.4.1.30738.0.0.0.565
file to the current format
Modules: RM
Failed to copy detail file [S].
This error appears in a migration, if there is an error
event566 1.3.6.1.4.1.30738.0.0.0.566
copying a detailed file from the old database.
Modules: RM
Failed to move detail file [S].
This error appears in a migration, if there is an error
event567 1.3.6.1.4.1.30738.0.0.0.567
moving a detailed file from the old database.
Modules: RM
Failed to sort database [S] in [S].
event568 This error appears if the database is not sorted. 1.3.6.1.4.1.30738.0.0.0.568
Modules: RM
Failed to upgrade: Unknown work mode [S].
This error appears if it’s not possible to know the
event569 1.3.6.1.4.1.30738.0.0.0.569
work modes while starting an upgrade
Modules: RM
2-46
SNMP Traps
Error performing upgrade.
event570 1.3.6.1.4.1.30738.0.0.0.570
upgrade the database
Modules: RM
Failed to upgrade database [S], backup file [S]
already exists.
event571 This error appears while trying to upgrade a 1.3.6.1.4.1.30738.0.0.0.571
database and the backup file already exist
Modules: RM
Failed to open database [S].
This error appears while trying to upgrade a
event572 database and it was not possible to open the 1.3.6.1.4.1.30738.0.0.0.572
database
Modules: RM
Failed to create database [S].
event573 database and it was not possible to create a 1.3.6.1.4.1.30738.0.0.0.573
database.
Modules: RM
Failed to upgrade database [S].
event574 database and it was not possible to upgrade one 1.3.6.1.4.1.30738.0.0.0.574
database.
Modules: RM
Failed to upgrade detailed log [S], backup file [S]
already exists.
event575 1.3.6.1.4.1.30738.0.0.0.575
database and it was not possible to upgrade
detailed log because the backup file already exists.
Modules: RM
Failed to open detailed log [S].
event576 database and it was not possible to open the 1.3.6.1.4.1.30738.0.0.0.576
detailed log file.
Modules: RM
Failed to create detailed log [S].
event577 database and it was not possible to create the new 1.3.6.1.4.1.30738.0.0.0.577
detailed log file.
Modules: RM
Table definition [S] not found in schema.
This message appears when the Central Reporter
event578 1.3.6.1.4.1.30738.0.0.0.578
cannot get the schema from Vertica database.
Modules: Central Reporter
Unexpected workmode [S]
event579 This message appears when the Central Reporter 1.3.6.1.4.1.30738.0.0.0.579
cannot find the work mode requested in the Vertica
2-47
SNMP Traps
database.
[S] is deprecated
This message appears when some parameters in
event580 1.3.6.1.4.1.30738.0.0.0.580
the query are deprecated.
[S] is no longer available
This message appears when some parameters in
event581 1.3.6.1.4.1.30738.0.0.0.581
the query are no longer available.
Cannot create socket [N]
a communication socket. It can stop the program
working properly. The parameter is the socket
event1001 1.3.6.1.4.1.30738.0.0.0.1001
number. Check that no other application is using
that port or change the port number in the
configuration files.
Modules: CT, AS, RA
Cannot create socket listening at [N] port.
a communication socket listening at a port. It can
stop the program working properly. The parameter
event1002 1.3.6.1.4.1.30738.0.0.0.1002
is the port number. Check that no other application
is using that port or change the port number in the
Modules: CT
Cannot connect at socket [N].
connect with a communication socket. It can stop
event1003 the program working properly. The parameter is the 1.3.6.1.4.1.30738.0.0.0.1003
socket number. Check that the socket is listening
and that the module can access it (no firewall).
Deprecated
Cannot accept communication with socket [N]
This error appears when the program cannot accept
a communication with a socket. It can stop the
event1004 1.3.6.1.4.1.30738.0.0.0.1004
program working properly. The parameter is the
socket number.
Deprecated
event1005 [S] RPC service not available. 1.3.6.1.4.1.30738.0.0.0.1005

Deprecated
Cannot listen at socket [N]
This error appears when the program cannot listen
event1006 1.3.6.1.4.1.30738.0.0.0.1006
at a communication socket. It can stop the program
2-48
SNMP Traps
number.
Modules: AS, WF
Cannot read at socket [N]

This error appears when the program cannot read
event1007 1.3.6.1.4.1.30738.0.0.0.1007
number. Check that the other end has not closed
the socket before the communication has been
completed.
Deprecated
Cannot read at socket [N]. Socket exception [S]
This error appears when the program cannot read
event1008 working properly. The first parameter is the socket 1.3.6.1.4.1.30738.0.0.0.1008
number and the second is the description of the
socket error.
Deprecated
Cannot write at socket [N]
This error appears when the program cannot write
event1009 1.3.6.1.4.1.30738.0.0.0.1009
number. Check that the other end has not closed
the socket before the communication has been
completed.
Modules: WF
Cannot write at socket %d
This error appears when the program cannot bind
with a communication socket. It can stop the
event1010 1.3.6.1.4.1.30738.0.0.0.1010
socket number. Check that no other application is
using that port or change the port number in the
Modules: CT, AS, WF
[S] request is ill formed at server [S]
This error appears when the program finds ill-
formed requests for a server. It can stop the
program working properly. The first parameter is
event1011 1.3.6.1.4.1.30738.0.0.0.1011
the request name and the second is the server
name that receives the request. Check that the
protocol syntax used by the other end is correct.
Modules: QM
Unexpected response received from server. [S]
This error appears when the program receives an
unexpected response from a server. It can stop the
event1012 1.3.6.1.4.1.30738.0.0.0.1012
server name that responds.
Modules: PM, QM
2-49
SNMP Traps
[S] server bad configured
This error appears if using the old license control
when trying to send an email informing about
event1013 1.3.6.1.4.1.30738.0.0.0.1013
License expiration and in the SMT server returns a
Warning message (between 200 and 400)
Modules: CM
setsockopt() failed. [S]
This error appears when trying to modify the
event1014 options of a socket reused in ICAP server of the WF 1.3.6.1.4.1.30738.0.0.0.1014
module
Modules: WF
Cannot enable address reuse at socket [N]
event1015 activate the socket address reuse flag. The 1.3.6.1.4.1.30738.0.0.0.1015
parameter is the number of the specified socket.
Deprecated
event1016 Unable to get [N] port 1.3.6.1.4.1.30738.0.0.0.1016

Deprecated
Cannot establish communication with [S] server.
establish communication with a server. It can stop
the program working properly. The parameter is the
event1017 1.3.6.1.4.1.30738.0.0.0.1017
server name. Check that the specified server is up
and running and that it can be accessed from this
server.
Modules: LIB, CT, CM, AS, WF, RA
Cannot disable Nagles algorithm at socket [N]
disable the Nagle’s algorithm at a socket. This
event1018 1.3.6.1.4.1.30738.0.0.0.1018
algorithm reduces the bandwidth used. The
parameter is the number of the specified socket.
Deprecated
RpcServerUseProtseq() failed. [S]
Unable to listen to TCP/IP protocol using RPC. Check
event1019 1.3.6.1.4.1.30738.0.0.0.1019
that the RPC service is running.
Modules: WF
RpcEpRegister() failed. [S]
Unable to register to RPC server. Check that the RPC
event1020 1.3.6.1.4.1.30738.0.0.0.1020
service is running
Modules: WF
RpcServerInqBindings() failed. [S]
Unable to register interface and binding endpoints
event1021 with the endpoint mapper. Check that the RPC 1.3.6.1.4.1.30738.0.0.0.1021
service is running
Modules: WF
2-50
SNMP Traps
RpcServerListen() failed. [S]
Unable to listen RPC requests. Check that the RPC
event1022 1.3.6.1.4.1.30738.0.0.0.1022
service is running
Modules: WF
RpcServerRegisterAuthInfo() failed. [S]
Unable to register authentication service. Check
event1023 1.3.6.1.4.1.30738.0.0.0.1023
that the RPC service is running
Modules: WF
RpcServerRegisterIf() failed. [S]
Unable to register RPC server. Check that the RPC
event1024 1.3.6.1.4.1.30738.0.0.0.1024
service is running.
Modules: WF
fcntl F_GETFL
Unable to get information about the socket
event1025 1.3.6.1.4.1.30738.0.0.0.1025
descriptor.
Modules: AS, WF
fcntl F_SETFL
event1026 Unable to set socket descriptor information. 1.3.6.1.4.1.30738.0.0.0.1026
Modules: AD, WF
event1027 Cannot make socket [N] non-blocking. 1.3.6.1.4.1.30738.0.0.0.1027

Deprecated
Communication
This error appears when the program has an error
during communication with a server. It can stop the
program working properly. The first parameter is
event1028 1.3.6.1.4.1.30738.0.0.0.1028
the server type and the second is its name. Check
that the specified server is up and running and can
be accessed from this server.
Modules: CT, CM
IPv6 is not supporting for SNMPv1. You must use as
event1029 a minimum SNMPv2 1.3.6.1.4.1.30738.0.0.0.1029
event1030 [S] email discarded for client [S]: [S] 1.3.6.1.4.1.30738.0.0.0.1030
Cannot create [S] thread

a thread. It can stop the program working properly.
event1501 The parameter is the thread number. Check that 1.3.6.1.4.1.30738.0.0.0.1501
the server has enough resources (disk space, RAM,
available socket descriptors).
Modules: LIB, CT
Cannot create [S] thread pool.
event1502 a threadpool. It can stop the program working 1.3.6.1.4.1.30738.0.0.0.1502
properly. The parameter is the thread number.
Check that the server has enough resources (disk
2-51
SNMP Traps
space, RAM, available socket descriptors).
Modules: CT, RM, WS
Cannot init [S] thread

initialize a single thread. It can stop the program
event1503 1.3.6.1.4.1.30738.0.0.0.1503
working properly. The parameter is the thread
number.
Deprecated
Cannot start [S] thread.
This error appears when the program cannot start a
event1504 single thread. It can stop the program working 1.3.6.1.4.1.30738.0.0.0.1504
properly. The parameter is the thread number.
Modules: CM
Cannot get stack size at [S] thread
This error appears when the program cannot get
the stack size of a thread. It can stop the program
event1505 1.3.6.1.4.1.30738.0.0.0.1505
working properly. The parameter is the thread
number.
Deprecated
Cannot set stack size at [S] thread
change the stack size of a thread. It can stop the
event1506 1.3.6.1.4.1.30738.0.0.0.1506
thread number.
Deprecated
Cannot find a free thread to handle web request.
event1507 Not processed. 1.3.6.1.4.1.30738.0.0.0.1507
Deprecated
Cannot get enough memory for [S]
allocate enough memory for an internal variable. It
event1508 can stop the program working properly. The 1.3.6.1.4.1.30738.0.0.0.1508
parameter is the variable name. Check that the
server has enough resources (disk space, RAM).
Modules: CT, AS, WF
event1509 Cannot format [S] to [S] data types. 1.3.6.1.4.1.30738.0.0.0.1509

Deprecated
Cannot load LDAP settings: server [S] ill formed at
event1510 file [S] 1.3.6.1.4.1.30738.0.0.0.1510
Deprecated
Thread [S] throws an exception that cannot be
caught.
event1511 This error is produced when a thread launches an 1.3.6.1.4.1.30738.0.0.0.1511
exception the program does not catch. It can stop
the program working properly but it does not exit.
2-52
SNMP Traps
The parameter is the thread name or number.
Modules: PM
Connection dropped because all thread are busy.

This error appears when the program cannot get a
event1512 free thread for a connection. The connection will be 1.3.6.1.4.1.30738.0.0.0.1512
dropped. It can stop the program working properly.
Modules: AS
event1513 Error querying LDAP: %s 1.3.6.1.4.1.30738.0.0.0.1513

Deprecated
event1514 Out of memory. 1.3.6.1.4.1.30738.0.0.0.1514

Deprecated
Thread pool [S] timeout expired. Connection
event1515 refused. 1.3.6.1.4.1.30738.0.0.0.1515
Deprecated
Cannot create threads
event1516 one or more required threads. It can stop the 1.3.6.1.4.1.30738.0.0.0.1516
program working properly.
Modules: WF
event1517 Cannot renew Kerberos certificate [S] :[S] 1.3.6.1.4.1.30738.0.0.0.1517

Modules: CM
event1518 Interface [S] not optimized: 1.3.6.1.4.1.30738.0.0.0.1518

Modules: CT
event1519 Interface [S] not fully optimized: 1.3.6.1.4.1.30738.0.0.0.1519

Modules: CT
Interface [S] not fully optimized: the number of RSS
event1520 queues doesnt match the number of threads 1.3.6.1.4.1.30738.0.0.0.1520
Modules: CT
Sentinel detected that thread [S] is stuck. [S] will be
event1521 restarted. 1.3.6.1.4.1.30738.0.0.0.1521
Unable to create [S]

an object (process, internal structure, etc.). It can
event2001 1.3.6.1.4.1.30738.0.0.0.2001
stop the program working properly. The parameter
is the object name.
Modules: PM, CM, CT, AS, QM
Unable to find [S]
This error appears when the program cannot find
event2002 1.3.6.1.4.1.30738.0.0.0.2002
an object (process, internal struct, etc.). It can stop
the program working properly. The parameter is the
2-53
SNMP Traps
object name.
Modules: PM, CM, AS
Unable to kill [S]

This error appears when the program cannot kill a
process or subprocess. It can stop the program
event2003 working properly. The parameter is the process 1.3.6.1.4.1.30738.0.0.0.2003
name. Check the module has rights to perform this
operation.
Modules: PM
Unable to launch [S]
This error appears when the program cannot launch
a subprocess. It can stop the program working
event2004 properly. The parameter is the subprocess name. 1.3.6.1.4.1.30738.0.0.0.2004
Check the module has rights to perform this
operation.
Modules: PM
Unable to load [S]
This error appears when the program cannot load
an object (process, internal struct, datafile, etc.). It
event2005 1.3.6.1.4.1.30738.0.0.0.2005
can stop the program working properly. The
parameter is the object name.
Modules: LIB, PM, CT, CM, AS, WF
Unable to reload [S]
This error appears when the program cannot reload
an object (process, internal struct, datafile, etc.). It
event2006 1.3.6.1.4.1.30738.0.0.0.2006
can stop the program working properly. The
parameter is the object name.
Modules: PM, CM, AS, WF
Unable to open [S]
This error appears when the program cannot open
event2007 1.3.6.1.4.1.30738.0.0.0.2007
a disk cache.
Modules: AS
Unable to start [S]
This error appears when the program cannot start a
event2008 subprocess. It can stop the program working 1.3.6.1.4.1.30738.0.0.0.2008
properly. The parameter is the subprocess name.
Modules: PM, AS, WF, WS
Unable to set [S]
This error appears when the program cannot set
the value of an object. This error appears when the
program cannot load an object (process, internal
event2009 1.3.6.1.4.1.30738.0.0.0.2009
struct, datafile, etc.). It can stop the program
working properly. The parameter is the object
name.
Modules: AS
2-54
SNMP Traps
event2010 Unable to decode analyzer [S] file 1.3.6.1.4.1.30738.0.0.0.2010

Deprecated
event2011 Cannot start [S] service 1.3.6.1.4.1.30738.0.0.0.2011

Deprecated
Cannot create [S] service
This error appears when an Optenet module cannot
create a system service (TCP, UDP, etc.). The
event2012 1.3.6.1.4.1.30738.0.0.0.2012
parameter is the name of the service. Only for
Windows OS.
Modules: WF
Bad number of parameter received by [S] function
This error appears when a function in the program
event2013 receives a bad number of parameters. The 1.3.6.1.4.1.30738.0.0.0.2013
parameter is the function name.
Deprecated
Bad parameter received by [S] function
This error appears when a function in the program
event2014 receives a parameter that the function does not 1.3.6.1.4.1.30738.0.0.0.2014
expect. The para meter is the function name.
Modules: AS
event2015 Cannot accumulate log data from [S] server. 1.3.6.1.4.1.30738.0.0.0.2015

Deprecated
event2016 Unable to continue [S] 1.3.6.1.4.1.30738.0.0.0.2016

Modules: LIB, PM
event2017 License [S] has expired, please contact [S] to renew 1.3.6.1.4.1.30738.0.0.0.2017
Deprecated
event2018 LsaEnumerateTrustedDomains failed. [S] 1.3.6.1.4.1.30738.0.0.0.2018

Deprecated
event2019 OpenPolicy Failed. [S] 1.3.6.1.4.1.30738.0.0.0.2019

Deprecated
event2020 OpenSCManager failed. [S] 1.3.6.1.4.1.30738.0.0.0.2020

Deprecated
event2021 OpenService failed. [S] 1.3.6.1.4.1.30738.0.0.0.2021

Deprecated
event2022 Parameter too long for string buffer 1.3.6.1.4.1.30738.0.0.0.2022

Deprecated
2-55
SNMP Traps
Registering sig handler: [S]
Unable to register this signal handle. The process
event2023 1.3.6.1.4.1.30738.0.0.0.2023
could not capture it.
Modules: WF
[S] service failed. [S]
This error appears when the service in the SOAP call
event2024 1.3.6.1.4.1.30738.0.0.0.2024
is not the correct one.
Modules: CM
RegisterServiceCtrlHandler failed [S]
Unable to register the service in the Service Control
event2025 1.3.6.1.4.1.30738.0.0.0.2025
Manager
Modules: PM, WF, QM, WS
SetServiceStatus failed. [S]
The service could not report its status to the Service
event2026 1.3.6.1.4.1.30738.0.0.0.2026
Control Manager.
StartServiceCtrlDispatcher failed. [S]
Unable to start the service control dispatcher due
event2027 1.3.6.1.4.1.30738.0.0.0.2027
to reported error.
DeleteService failed. [S]
event2028 Unable to delete this service. 1.3.6.1.4.1.30738.0.0.0.2028
Deprecated
event2029 Cannot load filter [S] settings: ill formed at file [S] 1.3.6.1.4.1.30738.0.0.0.2029
Deprecated
Cannot load quarantine [S] settings: ill formed at
event2030 file [S] 1.3.6.1.4.1.30738.0.0.0.2030
Deprecated
Cannot load reporter [S] settings: ill formed at file
event2031 [S] 1.3.6.1.4.1.30738.0.0.0.2031
Deprecated
event2032 [S] server isnt configured. 1.3.6.1.4.1.30738.0.0.0.2032

Deprecated
event2033 Cannot start synchronization server: [S] 1.3.6.1.4.1.30738.0.0.0.2033

Deprecated
event2034 Cannot get line from file while loading [S] 1.3.6.1.4.1.30738.0.0.0.2034
Deprecated
Cannot read mail from disk: [S]
This error appears when it was not possible to read
event2035 1.3.6.1.4.1.30738.0.0.0.2035
one mail from disk
Modules: QM
2-56
SNMP Traps
event2036 Unable to reload [S]. [S] 1.3.6.1.4.1.30738.0.0.0.2036

Deprecated
event2037 Unable to register [S] service for [S] client. 1.3.6.1.4.1.30738.0.0.0.2037

Deprecated
Flush-Fail to create the crash file.
This error appears when it was not possible to flush
event2038 1.3.6.1.4.1.30738.0.0.0.2038
the messages for debugging to a debug file log.
Modules: QM, RA
Unable to send mail through server [S]. [S]
This error appears when it was not possible to send
event2039 an unblocked email using the SMTP server 1.3.6.1.4.1.30738.0.0.0.2039
configured
Modules: QM
event2040 Cannot get mail message from [S] user 1.3.6.1.4.1.30738.0.0.0.2040

Deprecated
License [S]
could not check its license. The first parameter is
event2041 the description of the error produced. The second 1.3.6.1.4.1.30738.0.0.0.2041
one is the action of the module that reported the
message (e.g. connection closed).
Deprecated
License [S] exceeded. [S].
tries to check its license and its limits are exceeded.
event2042 1.3.6.1.4.1.30738.0.0.0.2042
The parameter is the description of the error
produced.
Deprecated
Unable to register [S]
This error appears when an Operation module
cannot register some services (TCP, UDP, etc.) in
event2043 1.3.6.1.4.1.30738.0.0.0.2043
the system. The parameter is the name of the
service. Only for Windows OS.
Modules: WF
Cannot bind params at Soap request [S]
This error appears when the parameters received in
a SOAP communication do not match with the Soap
event2044 1.3.6.1.4.1.30738.0.0.0.2044
request specification. It causes the requests to be
discarded. The parameter is the request name.
Modules: RM
Error code %s received at Soap Request %s
This error appears when a Soap request made by
event2045 1.3.6.1.4.1.30738.0.0.0.2045
the program is answered by the server with an
error code. The first parameter is the error code
2-57
SNMP Traps
and the second is the request name.
Modules: RM, SMTP Filter
Error: Unable to restore backup: [S]

restore a backup. It can stop the program working
event2046 1.3.6.1.4.1.30738.0.0.0.2046
properly. The parameter is a test explaining the
error produced during the restoration.
Deprecated
Error starting event buffer thread for the module:
event2047 %s 1.3.6.1.4.1.30738.0.0.0.2047
Deprecated
event2048 Error loading configuration for the module: %s 1.3.6.1.4.1.30738.0.0.0.2048

Deprecated
event2049 Error allocating event buffer for the module: %s 1.3.6.1.4.1.30738.0.0.0.2049

Deprecated
event2050 Overwriting event buffer for the module: [S] 1.3.6.1.4.1.30738.0.0.0.2050

Deprecated
Error inserting event (priority [%s], count [%s]) for
the module: %s
event2051 This error appears when the module cannot add an 1.3.6.1.4.1.30738.0.0.0.2051
event for one module
Modules: CM
Previous
This error appears when the module cannot
event2052 1.3.6.1.4.1.30738.0.0.0.2052
allocate memory for the event
Modules: CM
Stopping [S] module because [S]
Only for BGP mode. This error appears when there
was a reloading while running and failed stop
event2053 1.3.6.1.4.1.30738.0.0.0.2053
everything or in case of manual stop of the BGP
mode
Modules: CT
Cannot start [S] module because [S]
Only applies to BGP deployment mode when it was
event2054 1.3.6.1.4.1.30738.0.0.0.2054
not possible to start the BGP thread.
Modules: CT
Cannot add sender to White List: [S]
This error appears when the module was not able
event2055 to add the sender to a white list after unblocking 1.3.6.1.4.1.30738.0.0.0.2055
the email.
Modules: QM
2-58
SNMP Traps
Central Manager [S] is asking for transactions with a
state that this CM cannot assure it will get all
changes that have been made from that state [S]
event2056 If this happens, check the connectivity between the 1.3.6.1.4.1.30738.0.0.0.2056
modules and their transactions states. Execute a
setup, clean database and profiles.
Modules: CM
event2057 Unable to finalize [S] Antivirus 1.3.6.1.4.1.30738.0.0.0.2057

Deprecated
event2058 Error scanning for viruses 1.3.6.1.4.1.30738.0.0.0.2058

Deprecated
event2059 Unable to load the [S] Antivirus database 1.3.6.1.4.1.30738.0.0.0.2059

Deprecated
event2060 Unable to initialize the [S] Antivirus engine 1.3.6.1.4.1.30738.0.0.0.2060

Deprecated
event2061 [S] Antivirus Shared Memory initialization failed 1.3.6.1.4.1.30738.0.0.0.2061

Deprecated
event2062 Unable to load the [S] Antivirus dll 1.3.6.1.4.1.30738.0.0.0.2062

Deprecated
Unable to initialize [S] Antivirus
This error appears when the module cannot load
event2063 1.3.6.1.4.1.30738.0.0.0.2063
one AV engine
Modules: AS
Unable to update the [S] antivirus database
This error appears when the module cannot
event2064 download the AV updates file from the Central 1.3.6.1.4.1.30738.0.0.0.2064
Manager
Modules: AS
Parameter [S] does not exist
This error appears when the arguments in a DKIM
event2065 1.3.6.1.4.1.30738.0.0.0.2065
sign (AS module) or in the License (CM) are not OK
Modules: LIB, CM, AS
Parameter [S] has an invalid value
This error appears when the module if the DKIM
event2066 1.3.6.1.4.1.30738.0.0.0.2066
sign has a bad prívate key
Modules: LIB, AS
event2067 Error deleting resolved host: %s 1.3.6.1.4.1.30738.0.0.0.2067

Deprecated
2-59
SNMP Traps
event2068 Timeout to remove element = [[S]] 1.3.6.1.4.1.30738.0.0.0.2068

Deprecated
event2069 Communication 1.3.6.1.4.1.30738.0.0.0.2069

Deprecated
ResDir does not have a MANAGER classname
event2070 instance defined to communicate with. 1.3.6.1.4.1.30738.0.0.0.2070
Deprecated
Unable to read Global.conf configuration file from
event2071 declared Manager. 1.3.6.1.4.1.30738.0.0.0.2071
Deprecated
Unable to read Local Configuration file from
event2072 declared Manager. 1.3.6.1.4.1.30738.0.0.0.2072
Deprecated
event2073 Unable to read OWS identifier from Local.conf file. 1.3.6.1.4.1.30738.0.0.0.2073

Deprecated
event2074 External tool [S] failed. See log [S]. Additional 1.3.6.1.4.1.30738.0.0.0.2074
Deprecated
No users analyzed in directories of Directories.conf.
Please check config and file systems. Reattempting
event2075 1.3.6.1.4.1.30738.0.0.0.2075
soon to read data.
Deprecated
event2076 [P]1 No Primary Servers are available. 1.3.6.1.4.1.30738.0.0.0.2076

Modules: LIB
[P]4:[P]2 Server has not been responding for a long
event2077 time.[P]5 1.3.6.1.4.1.30738.0.0.0.2077
Modules: LIB
event2078 Antivirus module couldnt load. [S] 1.3.6.1.4.1.30738.0.0.0.2078

Deprecated
event2079 Antivirus inactive. No analysis done. 1.3.6.1.4.1.30738.0.0.0.2079

Deprecated
event2080 Unable to update antivirus. 1.3.6.1.4.1.30738.0.0.0.2080

Deprecated
event2081 Unable to start antivirus file monitor. 1.3.6.1.4.1.30738.0.0.0.2081

Deprecated
2-60
SNMP Traps
event2082 Unable to perform software upgrade [S] 1.3.6.1.4.1.30738.0.0.0.2082

Modules: LIB
The number of clients has reached an intolerable
not permitted amount for your license. The correct
event2083 1.3.6.1.4.1.30738.0.0.0.2083
operation of the system is not guaranteed.
Modules: CM
The license control key has been tampered with.
The correct operation of the system isnt guaranteed
event2084 1.3.6.1.4.1.30738.0.0.0.2084
any longer.
Modules: CM
Module [S] is asking for transactions with a state
that this CM cannot assure it will get all changes
that have been made from that state [S]
event2085 This happens if there has been a rotation in the 1.3.6.1.4.1.30738.0.0.0.2085
transaction file and the module is asking for old
transactions.
Modules: CM
[S] Antivirus bases are older than [N] hours. Bases
UTC date is [S]
This happens the antivirus engine couldn’t be
updated for configured number of hours (default
event2086 1.3.6.1.4.1.30738.0.0.0.2086
value 48 hours, key: etc/Global.conf
Content#AntiVirusEngines#TimeDiffY 172800)
Antitrap: 5228Modules: WF, CM5243: infoModule:
CM
External message: [S]
This is a message that the Central Manager writes
for external modules in case there is a Critical Error.
An external script can call the SOAP
“WriteMessageAtInternalLog” to write this message
event2087 1.3.6.1.4.1.30738.0.0.0.2087
in the Central Manager. Thus, we could have
internal messages in the Central Manager in case an
external Tool needs them.
warning
Unable to enforce CPU Affinity [S]
This message appears when the module is not able
to enforce CPU affinity. The module works without
event2088 CPU affinity, sharing it with other 1.3.6.1.4.1.30738.0.0.0.2088
modules/processes.
Related messages: 4656, 5246, 5247, 5248,
5249Module: CCOTTA, Web Filter, SMTP Filter
This module is not compatible with [S]. [S]
The module logs this message in case it sends to CM
event2089 a SOAP call, and it responds as this SOAP is not 1.3.6.1.4.1.30738.0.0.0.2089
implemented
Module: CM, Web Filter, SMTP Filter
2-61
SNMP Traps
Exception captured. [S]
The module logs this error each time it is not
event2090 1.3.6.1.4.1.30738.0.0.0.2090
possible to access McAfee backend.
Module: CM
Unable to remove [S]
The module logs this error each time it is not
event2091 possible to remove McAfee data from a client 1.3.6.1.4.1.30738.0.0.0.2091
provisioned in the solution.
Module: CM
Query syntax
The module logs this error when the query sent to
event2092 the reporter is not correct. When received, check 1.3.6.1.4.1.30738.0.0.0.2092
the syntax.
Field [S] is not valid for workmode [S]
The module logs this error when the field requested
event2093 in the query is not valid for the work mode 1.3.6.1.4.1.30738.0.0.0.2093
requested
event2094 Unable to download clients. 1.3.6.1.4.1.30738.0.0.0.2094
2.2.7.3 Warning
These warning traps are from versions 1 and 2 of the NetworkSecure MIB.
Cannot open [S] file
This warning appears when the program cannot
open a file. If this event occurs repeatedly, the
event3001 1.3.6.1.4.1.30738.0.0.0.3001
program may stop working properly. The parameter
is the file name.
Modules: AS, RM
Cannot close [S] file
close a file. If this event occurs repeatedly, the
event3002 1.3.6.1.4.1.30738.0.0.0.3002
is the file name.
Modules: RM
Cannot create [S] file.
create a file. If this event occurs repeatedly, the
event3003 1.3.6.1.4.1.30738.0.0.0.3003
is the file name.
Modules: AS, WF
2-62
SNMP Traps
Cannot delete [S] file
delete a file. If this event occurs repeatedly, the
event3004 1.3.6.1.4.1.30738.0.0.0.3004
is the file name.
Modules: RA, RM
Cannot load [S] file
This warning appears when the program cannot load
a file. If this event occurs repeatedly, the program
event3005 1.3.6.1.4.1.30738.0.0.0.3005
may stop working properly. The parameter is the file
name.
Modules: LIB, CT, WF
Cannot move [S] file
move a file. If this event occurs repeatedly, the
event3006 1.3.6.1.4.1.30738.0.0.0.3006
is the file name.
Modules: RM
Cannot rename [S] file
rename a file. If this event occurs repeatedly, the
event3007 1.3.6.1.4.1.30738.0.0.0.3007
is the file name.
Modules: AS
Cannot read at [S] file
event3008 1.3.6.1.4.1.30738.0.0.0.3008
Deprecated
Cannot write at [S] file
write in a file. If this event occurs repeatedly, the
event3009 1.3.6.1.4.1.30738.0.0.0.3009
is the file name.
Modules: CM, AS, WF, RM
Unable to find [S] file
This warning appears when the program cannot find
a file on the disk. If this event occurs repeatedly, the
event3010 1.3.6.1.4.1.30738.0.0.0.3010
is the file name.
Modules: PM, AS
Carriage-return linefeed not found at [S] file

event3011 1.3.6.1.4.1.30738.0.0.0.3011
Deprecated
Blank line close at [S] file

event3012 1.3.6.1.4.1.30738.0.0.0.3012
Deprecated
Permission denied to [S] file

event3013 1.3.6.1.4.1.30738.0.0.0.3013
Deprecated
2-63
SNMP Traps
Cannot parse [S] files line correctly.
parse a line in a file. If this event occurs repeatedly,
event3014 1.3.6.1.4.1.30738.0.0.0.3014
the program may stop working properly. The
parameter is the file name.
Modules: CM, RM
Access to [S] file must be exclusive
event3015 1.3.6.1.4.1.30738.0.0.0.3015
Deprecated
Bad content for [S] file.
This warning appears when the content of a file is
different to what the program expects. If this event
event3016 1.3.6.1.4.1.30738.0.0.0.3016
occurs repeatedly, the program may stop working
properly. The parameter is the file name.
Modules: AS
Cannot open [S] directory
event3017 1.3.6.1.4.1.30738.0.0.0.3017
Deprecated
Cannot close [S] directory

event3018 1.3.6.1.4.1.30738.0.0.0.3018
Deprecated
Cannot create [S] directory

event3019 1.3.6.1.4.1.30738.0.0.0.3019
Deprecated
Cannot delete [S] directory

event3020 1.3.6.1.4.1.30738.0.0.0.3020
Deprecated
Cannot move [S] directory

event3021 1.3.6.1.4.1.30738.0.0.0.3021
Deprecated
Cannot rename [S] directory

event3022 1.3.6.1.4.1.30738.0.0.0.3022
Deprecated
Cannot read at [S] directory

event3023 1.3.6.1.4.1.30738.0.0.0.3023
Deprecated
Cannot write at [S] directory

event3024 1.3.6.1.4.1.30738.0.0.0.3024
Deprecated
Unable to find [S] directory

event3025 1.3.6.1.4.1.30738.0.0.0.3025
Deprecated
Not a valid directory

event3026 1.3.6.1.4.1.30738.0.0.0.3026
Deprecated
2-64
SNMP Traps
Cannot get list of files at [S] directory

event3027 1.3.6.1.4.1.30738.0.0.0.3027
Deprecated
Access violation. [S]

event3028 1.3.6.1.4.1.30738.0.0.0.3028
Deprecated
[S] signal received.
This warning appears when the program receives an
external signal from the OS or from another
event3029 1.3.6.1.4.1.30738.0.0.0.3029
program. The parameter is the signal type (SIGTERM,
SIGINT, etc.)
Modules: CM
Cannot load [S] or [S]
This warning is produced when an Operation module
tries to load two related resources (e.g. two files)
event3030 1.3.6.1.4.1.30738.0.0.0.3030
and one or both of them cannot be loaded. The
parameters are the names of the resources.
Modules: WF
Unable to reload database
This warning is produced when a Filtering Module
cannot reload the database used during traffic
event3031 1.3.6.1.4.1.30738.0.0.0.3031
analysis. The filtering module will use the old
database.
Modules: WF
Exception [S] raised in communication with [S]
This warning is produced when an exception is
thrown by an Operation module during a
communication. The first parameter is the name or
event3032 1.3.6.1.4.1.30738.0.0.0.3032
the type of exception thrown. The second one is the
name of the server to which the module was
connected.
Modules: CM
Cannot read [S] in file [S]
cannot read an argument from a file. The first
event3033 1.3.6.1.4.1.30738.0.0.0.3033
parameter is the name of the missing argument and
the second is the name of the file.
Modules: LIB, WF
Unacceptable configuration in [S]. Discarding
event3034 changes 1.3.6.1.4.1.30738.0.0.0.3034
Deprecated
Cannot get [S] groups from [S].
This warning is produced when a filtering module
cannot get user groups in a LDAP server. The first
event3035 parameter is the name of the group, the second is 1.3.6.1.4.1.30738.0.0.0.3035
the name of the LDAP server and the third is the
received warning message.
Modules: CM, WS
2-65
SNMP Traps
Unable to create process [S]
This warning appears when an Operation module
cannot create a subprocess. If this event occurs
event3036 1.3.6.1.4.1.30738.0.0.0.3036
repeatedly, the program may stop working properly.
The parameter is the subprocess name.
Modules: PM, WF
Wrong group_membership_query for user [S] from
[S].
The LDAP query for searching user groups (first %s)
event3037 in LDAP server (second %s) is wrong. Please check 1.3.6.1.4.1.30738.0.0.0.3037
LDAP configuration parameters, especially
GroupMembershipQuery parameter.
Modules: CM, WS
Wrong user_membership_query for user [S] from
[S].
The LDAP query for searching user groups (first %s)
event3038 in LDAP server (second %s) is wrong. Please check 1.3.6.1.4.1.30738.0.0.0.3038
LDAP configuration parameters, especially the
UserMembershipQuery parameter.
Modules: CM, WS
Wrong nested group_membership_query for user
[S] from [S].
The LDAP query for searching nested groups of user
event3039 groups (first %s) in LDAP server (second %s) is wrong. 1.3.6.1.4.1.30738.0.0.0.3039
Please check LDAP configuration parameters,
especially the GroupMembershipQuery parameter.
Modules: CM, WS
Discarding URL [S] in Heritrix job [S]
This warning appears when the URL to insert is not
event3040 1.3.6.1.4.1.30738.0.0.0.3040
well formed
Modules: WF
mywrite:
This warning appears when the module cannot write
event3041 1.3.6.1.4.1.30738.0.0.0.3041
the translated html line to the language desired
Modules: WF
Unable to start [S]
This warning appears when the program cannot start
event3042 a non-critical subprocess. The parameter is the 1.3.6.1.4.1.30738.0.0.0.3042
subprocess name
Modules: PM
Cannot open [S] process
event3043 open a non-critical subprocess. The parameter is the 1.3.6.1.4.1.30738.0.0.0.3043
subprocess name.
Modules: PM
Unable to set value into [S] registry key.
event3044 1.3.6.1.4.1.30738.0.0.0.3044
Deprecated
2-66
SNMP Traps
Unable to read [S] flag from [S]

event3045 1.3.6.1.4.1.30738.0.0.0.3045
Deprecated
fcntl F_GETFL
Unable to get information about the socket
event3046 1.3.6.1.4.1.30738.0.0.0.3046
descriptor.
Modules: WF
fcntl F_SETFL
event3047 Unable to set information of socket descriptor. 1.3.6.1.4.1.30738.0.0.0.3047
Modules: WF
This warning appears when a module cannot

event3048 perform an operation in a thread. The parameter is 1.3.6.1.4.1.30738.0.0.0.3048
the description of the operation
Modules: LIB, WF
Thread pool incomplete. [N] threads created.
event3049 finish creating a threadpool. The parameter is the 1.3.6.1.4.1.30738.0.0.0.3049
number of threads already created.
Modules: WF
This warning appears when a module receives an

error while working with the LDAP server. The first
event3050 1.3.6.1.4.1.30738.0.0.0.3050
parameter is the description of the error and the
second is the name of the LDAP server.
Modules: CM, WS
This warning appears when a module receives an

error while working with LDAP server with DN. The
event3051 first parameter is the description of the error, the 1.3.6.1.4.1.30738.0.0.0.3051
second is the name of LDAP server and the third is
the name of the DN
Modules: CM, WS
License [S]
receives a warning during its license check. The
event3052 1.3.6.1.4.1.30738.0.0.0.3052
parameter is the description of the received warning
(license period expired, too many users, etc.).
Modules: LIB, CM
glob()
This warning appears when the glob method does
not work properly. Glob is used in Linux systems to
event3053 1.3.6.1.4.1.30738.0.0.0.3053
find all the entries in a directory. If glob’s search fails,
some internal processes will not be executed.
Modules: PM, CT, CM, WF, QM, RM, WS
Unable to read line
event3054 1.3.6.1.4.1.30738.0.0.0.3054
2-67
SNMP Traps
cannot read a line of the transaction state file.
Modules: CM, WF,
Cannot contact URL database server [S].

This warning appears when a Filtering Module
cannot contact the URL database server (the URL
database is used by the filtering module to find out if
event3055 it should allow or deny a request). The first 1.3.6.1.4.1.30738.0.0.0.3055
parameter is the name of the server. The second one
is the description of the warning.
Check the connectivity between the module and the
Central ManagerModules: WF
Receiving URL database.
event3056 1.3.6.1.4.1.30738.0.0.0.3056
Deprecated
Unable to receive URL database.

event3057 1.3.6.1.4.1.30738.0.0.0.3057
Deprecated

detects a problem in a request made to it. The
event3058 1.3.6.1.4.1.30738.0.0.0.3058
parameter is the description of the problem (bad
arguments, message too long, etc.).
Modules: PM, CT, CM, WF, WS
Unable to continue manager
Only when running the Web Filter under Windows.
This warning appears when the Web Filter attempts
event3059 1.3.6.1.4.1.30738.0.0.0.3059
to start up a WebServer but it’s not possible to
create the main thread.
Modules: WF
[S] content exceeds 16 KB
Only in ICAP deployment mode. This warning
appears when a Filtering Module receives a
event3060 1.3.6.1.4.1.30738.0.0.0.3060
RESPMOD ICAP preview message that exceeds 16KB.
The message will be dropped.
Modules:WF
Processing
event3061 1.3.6.1.4.1.30738.0.0.0.3061
Deprecated
In case the file is not compulsory for running

properly, the process will continue considering the
event3062 file as empty. If the file is required, a critical alert will 1.3.6.1.4.1.30738.0.0.0.3062
appear and process will be restarted. Check the file
and do a setup of the module.
Modules: LIB, CM
2-68
SNMP Traps
IP address: [[S]].
Only un Proxy deployment mode. This warning
appears when an Operation module finds something
event3063 wrong with an IP address. The first parameter is the 1.3.6.1.4.1.30738.0.0.0.3063
bad IP address. The second one is the description of
the problem (bad format, too long, etc.).
Modules: WF
Username: [[S]].
finds something wrong with a user name. The first
event3064 parameter is the bad user name. The second one is 1.3.6.1.4.1.30738.0.0.0.3064
the description of the problem (bad format, too long,
etc.).
Modules: WF
Unable to connect to transaction server.
cannot connect with the transaction server. This
event3065 1.3.6.1.4.1.30738.0.0.0.3065
server is used by the module to receive all new
updates.
Modules: AS, WF
Unable to write url database.
cannot write the URL database received from a
event3066 1.3.6.1.4.1.30738.0.0.0.3066
server. The filtering module will use the old URL
database.
Check space disk and write permissionsModules: WF
event3067 1.3.6.1.4.1.30738.0.0.0.3067
Deprecated

cannot understand an update package for its URL
event3068 1.3.6.1.4.1.30738.0.0.0.3068
database. The parameter is the description of the
problem at the package
Modules: AS, WF
Line [S] cannot be accumulated. [S] field missing.
event3069 1.3.6.1.4.1.30738.0.0.0.3069
Deprecated
Line [S] cannot be accumulated.

event3070 1.3.6.1.4.1.30738.0.0.0.3070
Deprecated
Unable to find [S] configuration key.
This warning appears when a configuration key does
event3071 not appear in the configuration files. The parameter 1.3.6.1.4.1.30738.0.0.0.3071
is the key name.
Modules: LIB, CT, RM
2-69
SNMP Traps
Line [S] cannot be computed. [S] field missing.

event3072 1.3.6.1.4.1.30738.0.0.0.3072
Deprecated
Report Query ill formed. No [S] Specified.

event3073 1.3.6.1.4.1.30738.0.0.0.3073
Modules: RM
Unable to seek end of file [S]

event3074 1.3.6.1.4.1.30738.0.0.0.3074
Deprecated
Unable to seek begin of file [S]

event3075 1.3.6.1.4.1.30738.0.0.0.3075
Deprecated
Unable to seek start point of file [S]

event3076 1.3.6.1.4.1.30738.0.0.0.3076
Deprecated
Unable to insert [N] message in message exception

event3077 list 1.3.6.1.4.1.30738.0.0.0.3077
Deprecated
Socket accept
This warning appears when the Web Filter runs a
event3078 1.3.6.1.4.1.30738.0.0.0.3078
WebServer but there is a socket accept exception.
Modules: WF
Cannot check user [S] from [S].
This warning appears when a module is unable to
validate a user in an LDAP server. The first parameter
event3079 1.3.6.1.4.1.30738.0.0.0.3079
is the user name and the second is the name of the
LDAP server.
Modules: CM, WS
Line [S] cannot be computed.
This warning appears when there is an error parsing
event3080 1.3.6.1.4.1.30738.0.0.0.3080
a log line received from a module
Modules: RM
Event buffer length for the module [[S]]: [S]
This warning appears when the module is writing
event3081 1.3.6.1.4.1.30738.0.0.0.3081
more than 50% of the buffer size for repeated times
Modules: CM
Too many lines discarded while processing log file
event3082 [S] 1.3.6.1.4.1.30738.0.0.0.3082
Deprecated
Discarded programmed report [S] wrong parameters
in file [S]
event3083 This warning appears when the Reporter.conf file 1.3.6.1.4.1.30738.0.0.0.3083
has a wrong parameter in the programmed report.
Modules: RM
Unable to truncate [S] file in [S] bytes
event3084 This warning appears when the Web Filter tries to 1.3.6.1.4.1.30738.0.0.0.3084
read the “redir.html” file but its length is bigger than
2-70
SNMP Traps
a specified value
Modules: WF
External tool [S] failed. See in log [S]. Additional

event3085 1.3.6.1.4.1.30738.0.0.0.3085
Deprecated
inconsistency in internal computing: [S]

event3086 1.3.6.1.4.1.30738.0.0.0.3086
Modules: LIB
Accumulated file [S] has an invalid name.

This warning appears when the accumulated file
event3087 1.3.6.1.4.1.30738.0.0.0.3087
name is properly formed
Modules: RM
Failed to open database [S] to process report.
This warning appears when it is not possible to open
event3088 1.3.6.1.4.1.30738.0.0.0.3088
a database to process a report
Modules: RM
Failed to execute report [S] with id [S].
This warning appears when the Reporter cannot
event3089 1.3.6.1.4.1.30738.0.0.0.3089
execute the report specified
Modules: RM
Failed to load report result file [S].
This warning appears when the Reporter module
event3090 1.3.6.1.4.1.30738.0.0.0.3090
cannot load a file with the results
Modules: RM
Failed to create report instance based on [S].
event3091 1.3.6.1.4.1.30738.0.0.0.3091
cannot create a report instance
Modules: RM
Failed to create report instance based on [S] for
client [S].
event3092 This warning appears when the Reporter module 1.3.6.1.4.1.30738.0.0.0.3092
cannot create a report instance a certain client
Modules: RM
Failed to execute report [S] with id [S] for client [S].
event3093 1.3.6.1.4.1.30738.0.0.0.3093
cannot execute a report from a client
Modules: RM
Failed to send mail for programmed report [S] to
receivers [S].
event3094 1.3.6.1.4.1.30738.0.0.0.3094
cannot send an email for a programmed report to a
set of receivers
Modules: RM
Failed to send mail for programmed report [S] for
event3095 client [S] to receivers [S]. 1.3.6.1.4.1.30738.0.0.0.3095
2-71
SNMP Traps
cannot send an email for a client programmed report
Modules: RM
Failed to execute programmed report [S].

event3096 1.3.6.1.4.1.30738.0.0.0.3096
cannot execute a programmed report
Modules: RM
Failed to execute programmed report [S] for client
[S].
event3097 This warning appears when the Reporter module 1.3.6.1.4.1.30738.0.0.0.3097
cannot execute a programmed report for a client
Modules: RM
Programmed report [S] does not have a known
legacy format, skipping migration.
event3098 1.3.6.1.4.1.30738.0.0.0.3098
cannot migrate a programmed report (old format)
because it has an unknown format.
Modules: RM
Scripting engine exception [S] executing script [S]
event3099 from configuration file [S]. 1.3.6.1.4.1.30738.0.0.0.3099
Modules: RM, WS
Cannot execute script [S], scripting engine has not
been configured.
event3100 This warning appears when the module cannot 1.3.6.1.4.1.30738.0.0.0.3100
execute a script because it is not configured
Modules: RM, WS
Ignoring workmode [S] found at [S] because it is not
present in the current configuration.
event3101 1.3.6.1.4.1.30738.0.0.0.3101
ignores a workmode because it is not present in the
current configuration
Modules: RM
The number of clients created has surpassed the
event3102 permitted amount for your license. 1.3.6.1.4.1.30738.0.0.0.3102
Deprecated
The number of clients is still far above the permitted
amount for your license. The correct operation of
event3103 1.3.6.1.4.1.30738.0.0.0.3103
the system might still be affected.
Deprecated
Inconsistency detected while processing lines from
[S]. Line [S] has been modified.
Logs Integrity. Prevention from detailed logs
modification. In the case the logs that the Reporter is
event3104 1.3.6.1.4.1.30738.0.0.0.3104
processing don’t have a correct Hash, this means
that the line has been modified and send this
warning
Module: RM
2-72
SNMP Traps
[S]. Line [S] does not have consecutive numbering.
modification. In the case the logs that the Reporter is
event3105 1.3.6.1.4.1.30738.0.0.0.3105
processing don’t have a correct Num Line, this
means that there have been added/removed lines to
the log file
Module: RM
[S]. Line [S] does no have integrity fields.
event3106 1.3.6.1.4.1.30738.0.0.0.3106
modification. The reporter shows this message in the
case the log line process doesn’t have integrity
Module: RM
Failed to provision device [S] [S].

event3107 1.3.6.1.4.1.30738.0.0.0.3107
Device [S] provisioned [S].

event3108 1.3.6.1.4.1.30738.0.0.0.3108
Cannot create socket [N]

event3501 1.3.6.1.4.1.30738.0.0.0.3501
Deprecated
Cannot create socket listening at [N] port.

event3502 1.3.6.1.4.1.30738.0.0.0.3502
Deprecated
Cannot accept at socket [N]

event3503 1.3.6.1.4.1.30738.0.0.0.3503
Deprecated
Cannot bind at socket [N]. Rebinding.

event3504 1.3.6.1.4.1.30738.0.0.0.3504
Deprecated
Cannot connect at socket [N].

event3505 1.3.6.1.4.1.30738.0.0.0.3505
Deprecated
Cannot read at socket [N]

event3506 1.3.6.1.4.1.30738.0.0.0.3506
Deprecated
Cannot write at socket [N]
This warning appears when it is not possible to write
event3507 1.3.6.1.4.1.30738.0.0.0.3507
some data in a socket
Modules: LIB
Socket [N] timeout expired
event3508 1.3.6.1.4.1.30738.0.0.0.3508
Deprecated
2-73
SNMP Traps
Suspicious socket [N] write 0 bytes.
This warning appears when the program writes 0
bytes at a socket. If this event occurs repeatedly, the
event3509 1.3.6.1.4.1.30738.0.0.0.3509
is the socket number.
Modules: WF
Cannot establish communication with [S]. [S].
establish communication with a server. The first
event3510 1.3.6.1.4.1.30738.0.0.0.3510
parameter is the server name and the second is the
connection error description.
Modules: CM, QM, RA, RM
Request [S] to [S] ill formed.
This warning appears when the program finds an ill-
formed request for a specific server. The request will
event3511 be discarded by the program. The first parameter is 1.3.6.1.4.1.30738.0.0.0.3511
the request name and the second is the server name
that receives the request.
Modules: QM, WS
Request [S] to [S] is unknown
This warning appears when the program finds an
unknown request for a specific server. The request
event3512 will be discarded by the program. The first 1.3.6.1.4.1.30738.0.0.0.3512
parameter is the request name and the second is the
server name which receives the request.
Modules: AS, RA
Request [S] to [S] is missing
event3513 1.3.6.1.4.1.30738.0.0.0.3513
Deprecated
Request [S] is too long.

event3514 1.3.6.1.4.1.30738.0.0.0.3514
Deprecated
Request [S] is too short.

event3515 1.3.6.1.4.1.30738.0.0.0.3515
Deprecated
Response [S] from [S] ill formed.
This warning appears when there is an error in the
event3516 CM response because it is ill formed for GetUser 1.3.6.1.4.1.30738.0.0.0.3516
SOAP
Modules: CT
Response [S] from [S] is unknown
This warning appears when there is an unknown
event3517 answer in the response for downloading the logs 1.3.6.1.4.1.30738.0.0.0.3517
from a module to the Reporter
Modules: RM
Response [S] from [S] is missing
event3518 This warning appears when there is a missing 1.3.6.1.4.1.30738.0.0.0.3518
parameter in the license check or while trying to
2-74
SNMP Traps
update the software (update only available in OSE
solution)
Modules: CT, CM
Response [S] is too long.

event3519 1.3.6.1.4.1.30738.0.0.0.3519
Deprecated
Response [S] is too short.

event3520 1.3.6.1.4.1.30738.0.0.0.3520
Deprecated
Response from [S] server has been ignored.

This warning appears when there is no response
event3521 1.3.6.1.4.1.30738.0.0.0.3521
from a server.
Modules: CM
Response [S] from [S] server unexpected.
This warning appears when the answer to a call has
event3522 wrong number of parameters, or the type is not the 1.3.6.1.4.1.30738.0.0.0.3522
expected.
Modules: CT, CM, WF, QM, RM
Cannot parse [S] response correctly.
This warning appears when the answer to a call
event3523 cannot be parsed properly because there are missing 1.3.6.1.4.1.30738.0.0.0.3523
parameters
Modules: CM, AS, QM, RA, RM
Command [S] to [S] ill formed.
event3524 1.3.6.1.4.1.30738.0.0.0.3524
Deprecated
Command [S] to [S] is unknown

event3525 1.3.6.1.4.1.30738.0.0.0.3525
Deprecated
Command [S] to [S] is missing

event3526 1.3.6.1.4.1.30738.0.0.0.3526
Modules: PM
Too few parameters for command [S]

event3527 1.3.6.1.4.1.30738.0.0.0.3527
Deprecated
Command [S] is too long.

event3528 1.3.6.1.4.1.30738.0.0.0.3528
Deprecated
Command [S] is too short.

event3529 1.3.6.1.4.1.30738.0.0.0.3529
Deprecated
Reply [S] from [S] ill formed.

event3530 1.3.6.1.4.1.30738.0.0.0.3530
Deprecated
2-75
SNMP Traps
Reply [S] from [S] is unknown

event3531 1.3.6.1.4.1.30738.0.0.0.3531
Deprecated
Cannot listen at socket [N]

event3532 1.3.6.1.4.1.30738.0.0.0.3532
Deprecated
Reply [S] from [S] is missing

event3533 1.3.6.1.4.1.30738.0.0.0.3533
Deprecated
Too few parameters for reply [S]

This warning appears there is no response or is
event3534 1.3.6.1.4.1.30738.0.0.0.3534
empty.
Modules: CM
Reply [S] is too long.
event3535 1.3.6.1.4.1.30738.0.0.0.3535
Deprecated
Reply [S] is too short.

event3536 1.3.6.1.4.1.30738.0.0.0.3536
Deprecated
Reply from [S] server has been ignored.

event3537 1.3.6.1.4.1.30738.0.0.0.3537
Deprecated
Cannot send packet [S]

event3538 1.3.6.1.4.1.30738.0.0.0.3538
Deprecated
Cannot receive the packets body [S]

event3539 1.3.6.1.4.1.30738.0.0.0.3539
Deprecated
Cannot receive the packets header: [S]

event3540 1.3.6.1.4.1.30738.0.0.0.3540
Deprecated
Bad packet length ([N])

event3541 1.3.6.1.4.1.30738.0.0.0.3541
Deprecated
Connection to [S] server lost before receiving a

event3542 complete body 1.3.6.1.4.1.30738.0.0.0.3542
Deprecated
Connection to [S] server lost before the end of the
transaction
This warning appears when the connection with a
event3543 1.3.6.1.4.1.30738.0.0.0.3543
server was down before the end of the
communication
Modules: LIB
Connection closed by server [S].
event3544 1.3.6.1.4.1.30738.0.0.0.3544
This warning appears when the connection to a
2-76
SNMP Traps
server was closed without response
Modules: QM
Communication to [S] undefined

event3545 1.3.6.1.4.1.30738.0.0.0.3545
Deprecated
Parameter [S] not found

event3546 1.3.6.1.4.1.30738.0.0.0.3546
Deprecated
Cannot get event from [S] server: [S]

event3547 1.3.6.1.4.1.30738.0.0.0.3547
Deprecated
Received event from unknown [S] server [S]

event3548 1.3.6.1.4.1.30738.0.0.0.3548
Deprecated
ICAP modify_respmod not implemented

event3549 1.3.6.1.4.1.30738.0.0.0.3549
Deprecated
ICAP preview_reqmod not implemented

event3550 Applies only to ICAP deployment mode 1.3.6.1.4.1.30738.0.0.0.3550
Modules: CM
Received RESPMOD without body
RESPMOD ICAP message dropped because it has no
event3551 1.3.6.1.4.1.30738.0.0.0.3551
body.
Modules: WF
Received ICAP_REQMOD with preview without body

event3552 1.3.6.1.4.1.30738.0.0.0.3552
Deprecated
[S] ldap_search_s failed. [S]

event3553 This warning appears if the CM cannot find an LDAP. 1.3.6.1.4.1.30738.0.0.0.3553
Modules: CM
[S] ldap_simplebind failed. [S]

event3554 1.3.6.1.4.1.30738.0.0.0.3554
Deprecated
[S] field cannot exist for ICAP 1.0

event3555 1.3.6.1.4.1.30738.0.0.0.3555
Deprecated
[S] NetGetDCName cannot be found. [S]

event3556 1.3.6.1.4.1.30738.0.0.0.3556
Deprecated
[S] NetGetDCName failed. [S]

event3557 1.3.6.1.4.1.30738.0.0.0.3557
Deprecated
2-77
SNMP Traps
[S] NetGetDCName get an invalid name. [S]

event3558 1.3.6.1.4.1.30738.0.0.0.3558
Deprecated
Cannot get groups from [S].
This warning appears when an Operation module is
unable to get groups from the LDAP server. The first
event3559 1.3.6.1.4.1.30738.0.0.0.3559
parameter is the user name and the second is the
warning message received.
Modules: WS
Cannot get users from [S].
This warning appears when an Operation module is
unable to get users from the LDAP server. The first
event3560 1.3.6.1.4.1.30738.0.0.0.3560
parameter is the name of the LDAP server and the
second is the warning message.
Modules: CM, WS
[S] NetQueryDisplayInformation failed. [S]
event3561 1.3.6.1.4.1.30738.0.0.0.3561
Deprecated
[S] NetUserGetGroups cannot get groups. [S]

event3562 1.3.6.1.4.1.30738.0.0.0.3562
Deprecated
[S] NetUserGetGroups failed. [S]

event3563 1.3.6.1.4.1.30738.0.0.0.3563
Deprecated
[S] size exceeds [S]

event3564 1.3.6.1.4.1.30738.0.0.0.3564
Deprecated
Cannot delete [S] server [S]: it doesnt exist

event3565 1.3.6.1.4.1.30738.0.0.0.3565
Deprecated
Cannot add [S] server [S]
This warning appears when the program must add a
server to a list of servers of the same type (e.g. log
event3566 servers, quarantine servers) and it cannot be 1.3.6.1.4.1.30738.0.0.0.3566
inserted. The first parameter is the type of server
and the second is its name.
Modules: CM
Cannot modify [S] server [S]

event3567 1.3.6.1.4.1.30738.0.0.0.3567
Deprecated
Cannot get new logons from DCAgent [S]
This warning appears when a module is unable to get
the last logged on users in Windows Domains
event3568 1.3.6.1.4.1.30738.0.0.0.3568
controlled by the DCAgent. The parameter is the
name of the DCAgent
Modules: CM
2-78
SNMP Traps
Cannot get new logs from filter [S]
This warning appears when the module request is
event3569 1.3.6.1.4.1.30738.0.0.0.3569
too long
Modules: CM
Cannot get host by name: [S].
event3570 1.3.6.1.4.1.30738.0.0.0.3570
Deprecated
Connection TCP closed (partial chunk)!

event3571 1.3.6.1.4.1.30738.0.0.0.3571
Deprecated
Cannot read pipe from process [S]

event3572 1.3.6.1.4.1.30738.0.0.0.3572
Deprecated
event3573 1.3.6.1.4.1.30738.0.0.0.3573
Deprecated
No group received from [S]

event3574 1.3.6.1.4.1.30738.0.0.0.3574
Deprecated
No user received from [S]

event3575 1.3.6.1.4.1.30738.0.0.0.3575
Deprecated
Received event Registration for [S] server.

event3576 1.3.6.1.4.1.30738.0.0.0.3576
Deprecated
Received event Deregistration for [S] server but not

event3577 exists [S] 1.3.6.1.4.1.30738.0.0.0.3577
Deprecated
Received [S] update package damage. [S]
receives a damaged update package. The first
event3578 parameter is the type of package (the resource must 1.3.6.1.4.1.30738.0.0.0.3578
be updated) and the second is the description of the
problem at the package.
Modules: WF
Received a corrupted notification from [S]
event3579 1.3.6.1.4.1.30738.0.0.0.3579
Deprecated
TCP/IP
This warning appears when the Radius module
event3580 cannot write in the SMTP socket due to several 1.3.6.1.4.1.30738.0.0.0.3580
reasons
Modules: RA
Authentication
event3581 1.3.6.1.4.1.30738.0.0.0.3581
This warning appears when the authentication fails
2-79
SNMP Traps
with the QSyncClient
Modules: QM
Response doesnt begin with [S] protocol signature

This warning appears when the program receives a
response from a server that does not begin with the
event3582 correct protocol start. The response will be discarded 1.3.6.1.4.1.30738.0.0.0.3582
by the program. The parameter is the protocol
name.
Modules: LIB
Illegal [S] protocol version
response from a server using an unexpected version
event3583 1.3.6.1.4.1.30738.0.0.0.3583
of the protocol. The response will be discarded by
the program. The parameter is the protocol name.
Modules: LIB, RA
Response doesnt have a complete [S] protocol
header
event3584 response from a server with an incomplete protocol 1.3.6.1.4.1.30738.0.0.0.3584
header. The response will be discarded by the
program. The parameter is the protocol name.
Modules: LIB
Response length doesnt match with declared length
in [S] protocol header.
response from a server whose length does not match
event3585 1.3.6.1.4.1.30738.0.0.0.3585
the length declared inside the protocol header. The
response will be discarded by the program. The
parameter is the protocol name.
Modules: LIB
Request [S] received from an unauthenticated [S]
server
event3586 This warning appears when received a SendMail 1.3.6.1.4.1.30738.0.0.0.3586
request from an unauthenticated quarantine node
Modules: QM
Cannot read communication channel with [S]. [S].
event3587 1.3.6.1.4.1.30738.0.0.0.3587
Deprecated
Cannot write communication channel with [S]. [S].

event3588 1.3.6.1.4.1.30738.0.0.0.3588
Deprecated
Bad sequence of commands at [S] server

event3589 1.3.6.1.4.1.30738.0.0.0.3589
Deprecated
2-80
SNMP Traps
Cannot reload [S] log workmode. Work mode hasnt
been modified.
event3591 This warning appears when it was not possible to 1.3.6.1.4.1.30738.0.0.0.3591
load a workmode.
Modules: RM
Cannot get remote file [S] from CentralManager
module
event3592 cannot get a file from the Central Manager. Normally 1.3.6.1.4.1.30738.0.0.0.3592
the file is a configuration file that must be reloaded.
The parameter is the name of the remote file.
Modules: AS, WF
Parameter [S] has an invalid value
Only in BGP deployment mode. This warning appears
event3593 when the parameter read from the config file (for 1.3.6.1.4.1.30738.0.0.0.3593
BGP configuration) has not a valid value
Modules: CT
Cannot get machine identifier
event3594 1.3.6.1.4.1.30738.0.0.0.3594
Deprecated
Dropped radius event due to bad ip [N]

event3595 1.3.6.1.4.1.30738.0.0.0.3595
Deprecated
Cannot contact Icap Service [S] reason [S]

event3596 1.3.6.1.4.1.30738.0.0.0.3596
Deprecated
[S] has exceeded its used sockets limit ([S]) to reach

event3597 at: [S] 1.3.6.1.4.1.30738.0.0.0.3597
Modules: PM
[S] has recovered its used sockets limit ([S]) to reach
event3598 at: [S] 1.3.6.1.4.1.30738.0.0.0.3598
Modules: PM
[S] was killed to exceed its used sockets limit ([S]) to
event3599 reach at: [S] 1.3.6.1.4.1.30738.0.0.0.3599
Modules: PM
[S] has exceeded its used pipes limit ([S]) to reach at:
event3600 [S] 1.3.6.1.4.1.30738.0.0.0.3600
Modules: PM
[S] has recovered its used pipes limit ([S]) to reach
event3601 at: [S] 1.3.6.1.4.1.30738.0.0.0.3601
Modules: PM
[S] was killed to exceed its used pipes limit ([S]) to
event3602 reach at: [S] 1.3.6.1.4.1.30738.0.0.0.3602
Modules: PM
2-81
SNMP Traps
[S] has exceeded its used files limit ([S]) to reach at:
event3603 [S] 1.3.6.1.4.1.30738.0.0.0.3603
Modules: PM
[S] has recovered its used files limit ([S]) to reach at:
event3604 [S] 1.3.6.1.4.1.30738.0.0.0.3604
Modules: PM
[S] was killed to exceed its used files limit ([S]) to
event3605 reach at: [S] 1.3.6.1.4.1.30738.0.0.0.3605
Modules: PM
Cannot close socket [N]: [S]

event3606 1.3.6.1.4.1.30738.0.0.0.3606
Deprecated
NTLM authentication limit exceeded: [S]
This warning appears when using NTLM
authentication and:
event3607 1.3.6.1.4.1.30738.0.0.0.3607
The Server response with error: Too many
useridsThere is an NTLM authentication limit
exceededBack to normal limitModules: CT
NTLM authentication back to normal: [S]

event3608 1.3.6.1.4.1.30738.0.0.0.3608
Deprecated
Cache|MaxFileDescriptors limit [N] reached
This warning appears when the cache service has
event3609 1.3.6.1.4.1.30738.0.0.0.3609
reached the maximum file descriptors configured
Modules: CT
Cache|MaxFileDescriptors back to normal
This warning appears when the cache service
event3610 returned to less than maximum file descriptors 1.3.6.1.4.1.30738.0.0.0.3610
configured
Modules: CT
Cannot send [S] email for client [S]: [S]

event3611 1.3.6.1.4.1.30738.0.0.0.3611
Failed to send SMS for programmed report [S] for

client [S] to receiver [S].
send an SMS with the programmed report of a client
Modules: RM
Failed to send SMS for programmed report [S] to
receiver [S].
send an SMS with the programmed report
Modules: RM
Failed to send SMSs for programmed report [S] for
client [S]. Wrong parameters in programmed report
event3614 1.3.6.1.4.1.30738.0.0.0.3614
configuration.
This warning appears when it was not possible to
2-82
SNMP Traps
send an SMS with the programmed report of a client
because there is a wrong parameter in the
configuration
Modules: RM
Failed to send SMSs for programmed report [S].
Wrong parameters in programmed report
configuration.
event3615 1.3.6.1.4.1.30738.0.0.0.3615
send an SMS with the programmed report of
because there is a wrong parameter in the
configuration
Modules: RM
Could not send SMS to receiver [S].
event3616 1.3.6.1.4.1.30738.0.0.0.3616
send an SMS
Modules: RM
Table [S] does not contain all the required fields
This warning appears when a table is missing a
required field and when an unsupported
event3617 1.3.6.1.4.1.30738.0.0.0.3617
programmed report has been configured. Reporter
logs with:
3546 2 Parameter %s not found
Unsupported programmed report type: [S].
This warning appears when an unsupported
event3618 programmed report has been configured. Reporter 1.3.6.1.4.1.30738.0.0.0.3618
logs with:
3546 2 Parameter %s not found
[S] service failed. [S]
This message appears when reporting a failure to
event3619 1.3.6.1.4.1.30738.0.0.0.3619
contact IsecG SendMessage API
Modules: CM
Cannot get enough memory for [S]
Problems for allocating memory, the process will
event4001 continue running successfully. Check the Memory 1.3.6.1.4.1.30738.0.0.0.4001
available.
Modules: CM, AS, WF
There isnt enough free space in disk
This warning appears when the program cannot find
the necessary space to write some information on
event4002 1.3.6.1.4.1.30738.0.0.0.4002
the disk. If this event occurs repeatedly, the program
may stop working properly.
Modules: AS, QM
Cannot set default thread attributes: [S]
This warning appears when the default thread
event4003 settings cannot be set. The parameter is the problem 1.3.6.1.4.1.30738.0.0.0.4003
description.
Modules: PM, LIB
2-83
SNMP Traps
Cannot get default thread stack size: [S]
This warning appears when the default thread stack
event4004 size cannot be set. The parameter is the problem 1.3.6.1.4.1.30738.0.0.0.4004
description
Modules: PM, LIB
Cannot change default thread stack size: [S]
This warning appears when the default thread stack
event4005 size cannot be changed. The parameter is the 1.3.6.1.4.1.30738.0.0.0.4005
problem description.
Modules: LIB
A detached thread shouldnt be deleted
event4006 1.3.6.1.4.1.30738.0.0.0.4006
Deprecated
Cannot find free socket thread to handle requests
from port [N]. Not processed.
This warning appears when the program does not
have any free threads to receive an external request
event4007 1.3.6.1.4.1.30738.0.0.0.4007
from a port. The requests will not be processed by
the program. The parameter is the number of the
specified port.
Modules: PM, CM, WF, RM, WS
Thread pool empty for 60 seconds. Connection
event4008 rejected. 1.3.6.1.4.1.30738.0.0.0.4008
Deprecated
Cannot convert chunk size ([N])

event4009 1.3.6.1.4.1.30738.0.0.0.4009
Deprecated
Bad signature at [S]

This warning appears when the AntiSpam module
event4010 finds some errors reading the antispam database for 1.3.6.1.4.1.30738.0.0.0.4010
categories, content analysis, md5…
Modules: AS
Cannot create [S] thread
event4011 cannot create a thread that listens to requests from 1.3.6.1.4.1.30738.0.0.0.4011
a service. The parameter is the name of the service.
Modules: WF
Detected inconsistences in the client index list
during integrity check. Starting the process to rebuild
the index client list
event4012 WF writes this message when it detects an error in 1.3.6.1.4.1.30738.0.0.0.4012
the integrity of the client list index, and then
executes the process to rebuild the client list index.
Related message: 5245Module: WF
Unable to get running mode. Running ICAP mode
event4501 1.3.6.1.4.1.30738.0.0.0.4501
Deprecated
2-84
SNMP Traps
Unable to load [S] file. Using default settings.

event4502 1.3.6.1.4.1.30738.0.0.0.4502
Deprecated
Unable to send license [S] expired message.

event4503 1.3.6.1.4.1.30738.0.0.0.4503
Deprecated
Unable to start [S] .Port busy. Waiting up to 5
minutes.
event4504 This warning appears when the port is busy and 1.3.6.1.4.1.30738.0.0.0.4504
cannot start the service.
Modules: PM, WF, RM, WS
Webservers user trying to gain access to forbidden
event4505 path [S]. 1.3.6.1.4.1.30738.0.0.0.4505
Deprecated
[S] server not found. Using 127.0.0.1.

event4506 1.3.6.1.4.1.30738.0.0.0.4506
Deprecated
Unable to get [N] port. Using default

event4507 1.3.6.1.4.1.30738.0.0.0.4507
Deprecated
Timer wait not found. Using [N].

event4508 Deprecated 1.3.6.1.4.1.30738.0.0.0.4508
Cannot open the fileCannot allocate enough memory
Cannot update [S]

event4509 1.3.6.1.4.1.30738.0.0.0.4509
Deprecated
Quarantine [S] disabled: [S]

This warning appears when the quarantine has been
event4510 disable because of: 1.3.6.1.4.1.30738.0.0.0.4510
storage path is too longCannot seek in fileCannot get
file sizeCannot repair broken file
Quarantine node [S] doesnt have the correct
password
event4511 This warning appears when quarantine node doesn’t 1.3.6.1.4.1.30738.0.0.0.4511
have the correct password
Modules: QM
Quarantine node [S] isnt configured
event4512 1.3.6.1.4.1.30738.0.0.0.4512
Deprecated
Quarantine node authenticated as [S] requests a
second authentication
This warning appears when the Quarantine was
event4513 1.3.6.1.4.1.30738.0.0.0.4513
already authenticated and request for a second
authentication
Modules: QM
2-85
SNMP Traps
Filter node [S] doesnt have the correct
event4514 user/password 1.3.6.1.4.1.30738.0.0.0.4514
Deprecated
Filter node [S] isnt configured

event4515 1.3.6.1.4.1.30738.0.0.0.4515
Deprecated
Filter node [S] isnt configured

event4516 1.3.6.1.4.1.30738.0.0.0.4516
Deprecated
User not found for client [S]

event4517 1.3.6.1.4.1.30738.0.0.0.4517
Deprecated
Client [S] not found for email account

event4518 1.3.6.1.4.1.30738.0.0.0.4518
Deprecated
Client [S] not found in provision
This warning appears when the client was not
event4519 1.3.6.1.4.1.30738.0.0.0.4519
provisioned while trying to remove the client
Modules: CM
Received invalid service type [S]
This warning appears when there is service to
event4520 remove is not valid while trying to remove the 1.3.6.1.4.1.30738.0.0.0.4520
service from the client
Modules: CM
Cannot get initial count number for client [S]
This warning appears when there is an error trying to
event4521 1.3.6.1.4.1.30738.0.0.0.4521
get the initial contract units of a client
Modules: CM
Client [S] not found in modification provision
This warning appears when trying to modify a client
event4522 1.3.6.1.4.1.30738.0.0.0.4522
provision but the service type requested is not valid
Modules: CM
Received invalid operation type [S]
This warning appears when trying to execute an
event4523 1.3.6.1.4.1.30738.0.0.0.4523
invalid operation
Modules: CM
Received invalid number of operations: [N]
event4524 1.3.6.1.4.1.30738.0.0.0.4524
invalid number of operations
Modules: CM
Received invalid creation type [S]
This warning appears when trying to provision and
event4525 1.3.6.1.4.1.30738.0.0.0.4525
antispam client with an invalid type
Modules: CM
Received duplicated message [S]
event4526 1.3.6.1.4.1.30738.0.0.0.4526
This warning appears when trying to execute a
2-86
SNMP Traps
duplicated order
Modules: CM
Provisioning message [S] not found

This warning appears when there is not consistent
event4527 1.3.6.1.4.1.30738.0.0.0.4527
info in the historic file of provisioning orders
Modules: CM
Provisioning message [S] not hoped
This warning appears when trying provisioning an
event4528 order with the same identifier but similar type (not 1.3.6.1.4.1.30738.0.0.0.4528
the same)
Modules: CM
Provisioning [S] message [S] not found
event4529 1.3.6.1.4.1.30738.0.0.0.4529
order to remove not found
Modules: CM
Cannot download dictionary.
This warning appears when cannot download the
event4530 1.3.6.1.4.1.30738.0.0.0.4530
content dictionary for Web Filter or Antispam Filter
Modules: CM
Duplicated key [S] loading language [S] file
event4531 1.3.6.1.4.1.30738.0.0.0.4531
Deprecated
Unable to parse line loading language [S] file

event4532 1.3.6.1.4.1.30738.0.0.0.4532
Deprecated
[S] server [S] isnt configured.

This warning appears when the configuration the
event4533 1.3.6.1.4.1.30738.0.0.0.4533
server is not OK (Listening port, IP Address…)
Modules: LIB, AS
Unable to save [S] file. Changes will be lost.
save the new key requested for Kerberos to the
event4534 1.3.6.1.4.1.30738.0.0.0.4534
Global.conf file. This change won’t arrive to the
modules.
Modules: CM
Unable to load quarantined mail. [S]
event4535 1.3.6.1.4.1.30738.0.0.0.4535
Modules: QM
Bad unblock code to quarantined mail.

event4536 1.3.6.1.4.1.30738.0.0.0.4536
Modules: QM
Connection with server [S] but it must be with

event4537 server [S] 1.3.6.1.4.1.30738.0.0.0.4537
Modules: QM
2-87
SNMP Traps
Http
event4538 1.3.6.1.4.1.30738.0.0.0.4538
Modules: LIB, PM
The load is too high in [S] server.

event4539 1.3.6.1.4.1.30738.0.0.0.4539
Modules: LIB
[N] module disabled. License is off.

event4540 1.3.6.1.4.1.30738.0.0.0.4540
Deprecated
Message [S] too long

event4541 1.3.6.1.4.1.30738.0.0.0.4541
Deprecated
[S] data too long

event4542 1.3.6.1.4.1.30738.0.0.0.4542
Modules: RM
Unable to get [N] port. Out of range.

event4543 1.3.6.1.4.1.30738.0.0.0.4543
Deprecated
Parameter [S] out of range. Using [S] value
parameter that is out of range. The program will use
event4544 a default value. The first parameter is the name of 1.3.6.1.4.1.30738.0.0.0.4544
the bad parameter and the second is the default
value used.
Modules: PM, CT, CM, AS, WF, QM, RM
Cannot load authentication cache. [S]
event4545 1.3.6.1.4.1.30738.0.0.0.4545
Deprecated
Cannot download [S] successfully. [S]
event4546 1.3.6.1.4.1.30738.0.0.0.4546
download the file with the updated transactions.
Modules: CT, CM, AS
Cannot scan for viruses current request: [S]
This warning appears when the program cannot scan
event4547 1.3.6.1.4.1.30738.0.0.0.4547
for viruses because the engine is not initialized
Modules: WF
This warning appears when there is an error in the

event4548 SOAP received. The message includes the error 1.3.6.1.4.1.30738.0.0.0.4548
message receive and the SOAP call that fails.
Modules: WF
Unable to process [S] request. [S]
process the request. The message includes a
event4549 1.3.6.1.4.1.30738.0.0.0.4549
description with the reason why this was not
possible.
Modules: CT, RA
2-88
SNMP Traps
Ip [S] was already in use by client [S] now it is
associated to client [S]
This warning message appears when a current IP
event4550 1.3.6.1.4.1.30738.0.0.0.4550
address that was associated to one client now is
associated to another client.
Modules: CM
Over Number of failures while trying to contact
Central Manager
event4551 1.3.6.1.4.1.30738.0.0.0.4551
contact with the Central Manager for a number of
times.
Modules: PM, AS
CCOTTA Under [P] WAP/Mobile Web requests
event4552 1.3.6.1.4.1.30738.0.0.0.4552
Deprecated
CCOTTA Over [P] WAP/Mobile Web requests

event4553 1.3.6.1.4.1.30738.0.0.0.4553
Deprecated
CCOTTA Under Mobile Web URL request per second

event4554 1.3.6.1.4.1.30738.0.0.0.4554
Deprecated
CCOTTA Over Mobile Web URL request per second

event4555 1.3.6.1.4.1.30738.0.0.0.4555
Deprecated
CCOTTA Over Number of lost frames

event4556 1.3.6.1.4.1.30738.0.0.0.4556
Deprecated
CCOTTA Under URL request per second

event4557 1.3.6.1.4.1.30738.0.0.0.4557
Deprecated
CCOTTA Over URL request per second

event4558 1.3.6.1.4.1.30738.0.0.0.4558
Deprecated
CCOTTA Under WAP URL request per second

event4559 1.3.6.1.4.1.30738.0.0.0.4559
Deprecated
CCOTTA Over WAP URL request per second

event4560 1.3.6.1.4.1.30738.0.0.0.4560
Deprecated
CentralManager Under Number of available threads

for SOAP requests: [S]
This warning appears when the Central Manager is
event4561 running out of threads to answer all the SOAP 1.3.6.1.4.1.30738.0.0.0.4561
requests. Check the following parameter:
MaxNumberOfTransactions
Modules: CM
2-89
SNMP Traps
CentralManager Over Number of failures contacting
database: [S]
This warning appears when there were an over
event4562 1.3.6.1.4.1.30738.0.0.0.4562
number of failed attempts to communicate with
provision DB
Modules: CM
CentralManager Over Number of failures contacting
IWF database server: [S]
This warning appears when there were an over
event4563 1.3.6.1.4.1.30738.0.0.0.4563
number of failed attempts to communicate with IWF
Server
Modules: CM
CentralManager Over Number of times core data
was missing in Authentication cache: [S]
This warning appears when the MSISDN username is
event4564 1.3.6.1.4.1.30738.0.0.0.4564
not found in WF cache, so WF asks to CM for the
user
Modules: CM
CentralManager Over Number of wrong user
authentication
This warning appears when there was an over
event4565 1.3.6.1.4.1.30738.0.0.0.4565
number of user login (operator/administrator)
invalid
Modules: CM
CentralManager Over Number of requests for user
This warning appears when there was a client is not
event4566 1.3.6.1.4.1.30738.0.0.0.4566
found in cache for IP assignment
Modules: CM
CentralManager Over Number of authenticated
users in cache: [S]
event4567 This warning appears when there was an over 1.3.6.1.4.1.30738.0.0.0.4567
number of validated users in cache
Modules: CM
CentralManager Over Time between updates from
the IWF server: [S]
event4568 This warning appears when there was an over time 1.3.6.1.4.1.30738.0.0.0.4568
between updates from the IWF
Modules: CM
Reporter Over [P] Log server requests erroneous /
event4569 processed 1.3.6.1.4.1.30738.0.0.0.4569
Deprecated
Reporter Over Total log size

event4570 1.3.6.1.4.1.30738.0.0.0.4570
Deprecated
WebFilter Under [P] of mobile web pages blocked

event4571 1.3.6.1.4.1.30738.0.0.0.4571
Deprecated
2-90
SNMP Traps
WebFilter Over [P] of mobile web pages blocked

event4572 1.3.6.1.4.1.30738.0.0.0.4572
Deprecated
WebFilter Under [P] of total pages blocked

event4573 1.3.6.1.4.1.30738.0.0.0.4573
Deprecated
WebFilter Over [P] of total pages blocked

event4574 1.3.6.1.4.1.30738.0.0.0.4574
Deprecated
WebFilter Under [P] of wap pages blocked

event4575 1.3.6.1.4.1.30738.0.0.0.4575
Deprecated
WebFilter Over [P] of wap pages blocked

event4576 1.3.6.1.4.1.30738.0.0.0.4576
Deprecated
WebFilter Under Number of available threads for

event4577 HTTP requests 1.3.6.1.4.1.30738.0.0.0.4577
Deprecated
event4578 ICAP requests 1.3.6.1.4.1.30738.0.0.0.4578
Deprecated
event4579 WAP requests 1.3.6.1.4.1.30738.0.0.0.4579
Deprecated
ProcessMonitor Under Time between a module
event4580 going down 1.3.6.1.4.1.30738.0.0.0.4580
Deprecated
This warning appears when there is a wrong value in

event4581 one key read from a configuration file. Check the file 1.3.6.1.4.1.30738.0.0.0.4581
and the parameter mentioned
Modules: PM, CT
[S] is running.
This warning appears to notify that the process
event4582 1.3.6.1.4.1.30738.0.0.0.4582
mentioned is running
Modules: PM
[S] is not running.
event4583 1.3.6.1.4.1.30738.0.0.0.4583
mentioned is not running
Modules: PM
[S] is responding.
event4584 mentioned is running and responding (normal 1.3.6.1.4.1.30738.0.0.0.4584
operation)
Modules: PM
2-91
SNMP Traps
[S] is not responding.
event4585 mentioned is not responding. In this case, the PM 1.3.6.1.4.1.30738.0.0.0.4585
will stop the process and restart again.
Modules: PM
Machine has exceeded its used CPU limit ([S] [P]) to
reach at: [S] [P]
event4586 This warning appears to notify that CPU has 1.3.6.1.4.1.30738.0.0.0.4586
exceeded the configured limit.
Modules: PM
Machine has less than its free Memory limit ([S] MB)
to reach at: [S] MB
event4587 This warning appears to notify that free Memory is 1.3.6.1.4.1.30738.0.0.0.4587
less than the configured limit.
Modules: PM
Machine has less than its free Disk limit ([S] MB) to
reach at: [S] MB (file system [S])
event4588 This warning appears to notify that free Disk is less 1.3.6.1.4.1.30738.0.0.0.4588
than the configured limit.
Modules: PM
[S] has exceeded its CPU limit ([S] [P]) to reach at: [S]
[P]
This warning appears to notify that the module
specified has exceeded the CPU limit configured. This
event4589 is a limit for warning. There is another limit that the 1.3.6.1.4.1.30738.0.0.0.4589
module cannot surpass. If the module surpasses this
second limit, it’ll be killed and another message will
be sent (see message 4590)
Modules: PM
[S] was killed to exceed its CPU limit ([S] [P]) to
reach at: [S] [P]
event4590 1.3.6.1.4.1.30738.0.0.0.4590
specified was killed because it has exceeded the CPU
limit configured.
Modules: PM
[S] has exceeded its Memory limit ([S] MB) to reach
at: [S] MB
specified has exceeded the Memory limit configured.
event4591 This is a limit for warning. There is another limit that 1.3.6.1.4.1.30738.0.0.0.4591
the module cannot surpass. If the module surpasses
this second limit, it’ll be killed and another message
will be sent (see message 4592)
Modules: PM
[S] was killed to exceed its Memory limit ([S] MB) to
reach at: [S] MB
event4592 1.3.6.1.4.1.30738.0.0.0.4592
specified was killed because it has exceeded the
2-92
SNMP Traps
Memory limit configured.
Modules: PM
[S] has exceeded its Virtual Memory limit ([S] MB) to

reach at: [S] MB
specified has exceeded the Virtual Memory limit
event4593 configured. This is a limit for warning. There is 1.3.6.1.4.1.30738.0.0.0.4593
another limit that the module cannot surpass. If the
module surpasses this second limit, it’ll be killed and
another message will be sent (see message 4594)
Modules: PM
[S] was killed to exceed its Virtual Memory limit ([S]
MB) to reach at: [S] MB
event4594 1.3.6.1.4.1.30738.0.0.0.4594
specified was killed because it has exceeded the
Virtual Memory limit configured.
Modules: PM
Machine has recovered its used CPU limit ([S] [P]) to
reach at: [S] [P]
event4595 This warning appears to notify that the CPU is again 1.3.6.1.4.1.30738.0.0.0.4595
under the limit configured.
Modules: PM
Machine has recovered its free Memory limit ([S]
MB) to reach at: [S] MB
event4596 This warning appears to notify that the free Memory 1.3.6.1.4.1.30738.0.0.0.4596
is again more than the limit configured.
Modules: PM
Machine has recovered its free Disk limit ([S] MB) to
reach at: [S] MB (file system [S])
event4597 This warning appears to notify that the free Disk is 1.3.6.1.4.1.30738.0.0.0.4597
again under the limit configured.
Modules: PM
[S] has recovered its CPU limit ([S] [P]) to reach at:
[S] [P]
event4598 This warning appears to notify that the module 1.3.6.1.4.1.30738.0.0.0.4598
specified is again under the CPU limit configured.
Modules: PM
[S] has recovered its Memory limit ([S] MB) to reach
at: [S] MB
event4599 1.3.6.1.4.1.30738.0.0.0.4599
specified is again under the Memory limit
configured.
Modules: PM
[S] has recovered its Virtual Memory limit ([S] MB)
to reach at: [S] MB
event4600 1.3.6.1.4.1.30738.0.0.0.4600
specified is again under the Virtual Memory limit
2-93
SNMP Traps
configured.
Modules: PM
Maximum number of [S] connections reached.

Please, raise [S]
event4601 1.3.6.1.4.1.30738.0.0.0.4601
Check the file and the parameter mentioned
Modules: CT
[S] filter is rejecting connections. Transparent proxy
event4602 bypassed. 1.3.6.1.4.1.30738.0.0.0.4602
Deprecated
Line corrupted in file [S]. Checksum: [S]. Line [S]
event4603 Check space disk and write permissions 1.3.6.1.4.1.30738.0.0.0.4603
Modules: LIB, CM, AS, WF
[S] request data
This message appears when Radius is receiving Event
event4604 1.3.6.1.4.1.30738.0.0.0.4604
of no provisioning clients
Modules: RA
Module [S] is asking for transactions with a state
that CM cannot assume it will get all changes that
have been made from that state [S]
event4605 This warning appears when the Central Manager has 1.3.6.1.4.1.30738.0.0.0.4605
rotated the transaction file and the modules are
asking for old transaction.
Modules: CM
CCOTTA Over FTP URL request per second
event4606 1.3.6.1.4.1.30738.0.0.0.4606
Deprecated
CCOTTA Under HTTPS URL request per second

event4607 1.3.6.1.4.1.30738.0.0.0.4607
Deprecated
CCOTTA Over HTTPS URL request per second

event4608 1.3.6.1.4.1.30738.0.0.0.4608
Deprecated
CCOTTA Under FTP URL request per second

event4609 1.3.6.1.4.1.30738.0.0.0.4609
Deprecated
Performance Warn: [S]. See note [S]
This warning appears when the number of
connection that the module is handling are near the
event4610 1.3.6.1.4.1.30738.0.0.0.4610
limit configured (AS) or the MS Domain Server
requires message signing. Read the note indicated.
Modules. PM, CT, AS
Unable to execute transaction [S]
event4611 Related message: 5251, 5252 1.3.6.1.4.1.30738.0.0.0.4611
Modules: All
2-94
SNMP Traps
Cannot parse received Id [S]

event4612 1.3.6.1.4.1.30738.0.0.0.4612
Deprecated
Cannot insert transaction in response

event4613 1.3.6.1.4.1.30738.0.0.0.4613
Deprecated
Cannot parse received transaction [S]

event4614 1.3.6.1.4.1.30738.0.0.0.4614
Deprecated
Cannot insert received transaction [S] in memory

event4615 1.3.6.1.4.1.30738.0.0.0.4615
Deprecated
Unhandled exception in [S] servant: [S]
This warning appears when there was an exception
event4616 in the module. The message indicates the error and 1.3.6.1.4.1.30738.0.0.0.4616
the process that sends the exception.
Modules: LIB, AS
Unhandled exception in [S] servant
This warning appears when there was an undefined
event4617 exception in the module. The message indicates the 1.3.6.1.4.1.30738.0.0.0.4617
error and the process that sends the exception.
Modules: LIB, AS
Over the memory fragment threshold [N]

event4618 1.3.6.1.4.1.30738.0.0.0.4618
Deprecated
Soap Call: Authentication Not accepted by

event4619 AllowedRequests 1.3.6.1.4.1.30738.0.0.0.4619
Deprecated
Response
event4620 1.3.6.1.4.1.30738.0.0.0.4620
Deprecated
no_blocking_write:: [S]
event4621 1.3.6.1.4.1.30738.0.0.0.4621
Deprecated
Exiting in emergency, without doing all users, it is
because there are only [N] seconds left before end of
event4622 1.3.6.1.4.1.30738.0.0.0.4622
allowed range of execution (file Programation.conf)
Deprecated
Machine has more reception
This warning appears to notify that there are more
event4623 1.3.6.1.4.1.30738.0.0.0.4623
receptions errors than the limit configured.
Modules: PM
Machine has recovered its reception
This warning appears to notify that has recover from
event4624 the limit configured of receptions errors (this is the 1.3.6.1.4.1.30738.0.0.0.4624
antitrap of 4623)
Modules: PM
2-95
SNMP Traps
Machine has more transmission
This warning appears to notify that there are more
event4625 1.3.6.1.4.1.30738.0.0.0.4625
transmission errors than the limit configured.
Modules: PM
Machine has recovered its transmission
This warning appears to notify that has recover from
event4626 the limit configured of transmission errors (this is the 1.3.6.1.4.1.30738.0.0.0.4626
antitrap of 4625)
Modules: PM
File system has not pass SMART Health test ([S]) to
reach: [S] (file system [S])
event4627 This warning appears to notify that the filesystem 1.3.6.1.4.1.30738.0.0.0.4627
has not passed the SMART Health test indicated.
Modules: PM
File system has passed SMART Health test ([S]) to
reach: [S] (file system [S])
event4628 This warning appears to notify that the filesystem 1.3.6.1.4.1.30738.0.0.0.4628
has passed the SMART Health test indicated.
Modules: PM
Line [S] discarded in workmode [S], database feeder
event4629 database has not been initialized. 1.3.6.1.4.1.30738.0.0.0.4629
Modules: RM
event4630 mapping has not been initialized. 1.3.6.1.4.1.30738.0.0.0.4630
Modules: RM
event4631 record buffer has not been initialized. 1.3.6.1.4.1.30738.0.0.0.4631
Modules: RM
No suitable record table found in static database [S]
event4632 to feed memory database table [S]. 1.3.6.1.4.1.30738.0.0.0.4632
Deprecated
Interface [S] is just used by the bridge [S].

event4633 1.3.6.1.4.1.30738.0.0.0.4633
Modules: CT
Failed to export results for programmed report [S]

event4634 to the file [S] for client [S]. 1.3.6.1.4.1.30738.0.0.0.4634
Modules: RM
Failed to export results for programmed report [S]
event4635 to the file [S]. 1.3.6.1.4.1.30738.0.0.0.4635
Modules: RM
Couldnt send file to ftp server [S]:[S] with the user
event4636 [S]. 1.3.6.1.4.1.30738.0.0.0.4636
Modules: RM
Couldnt copy file to destination [S].

event4637 1.3.6.1.4.1.30738.0.0.0.4637
Modules: RM
2-96
SNMP Traps
Couldnt sent mail to receivers [S].
Modules: RM
event4638 }The default value is 2secs (if not present). It can be 1.3.6.1.4.1.30738.0.0.0.4638
written in any conf. file.When the connection is
restored writes 5202
Couldnt process task in [S]. [N] attempts left.
event4639 1.3.6.1.4.1.30738.0.0.0.4639
Modules: RM
[P]4:[P]2 Server is not Responding. [P]5
This warning appears when the module cannot
event4640 connect with a remote server. 1.3.6.1.4.1.30738.0.0.0.4640
Review the following key:General{
ServerConnectTimeout = 2 # seg.
DNS resolution
event4641 1.3.6.1.4.1.30738.0.0.0.4641
Modules: CM
None DNS domain could be resolved
This warning appears when the module was not able
event4642 to resolve the DNS. Please check the DNS conf at O.S: 1.3.6.1.4.1.30738.0.0.0.4642
/etc/resolv.conf
Modules: CM
Analysis cancelled, ScanId [N].
event4643 1.3.6.1.4.1.30738.0.0.0.4643
Deprecated
Update cancelled.
event4644 1.3.6.1.4.1.30738.0.0.0.4644
Deprecated
Cannot send snmp trap [N]

This warning appears if the module was not able to
event4645 1.3.6.1.4.1.30738.0.0.0.4645
send a SNMP trap.
Modules: PM
[S] Discarded Jumbo frames at interface [S],
event4646 maximum packet size [S] 1.3.6.1.4.1.30738.0.0.0.4646
Discarded
Interface [S] not optimized: unsupported OS driver
[S]
This warning appears when CCOTTA module doesn’t
event4647 know the interface driver. If this happens CCOTTA 1.3.6.1.4.1.30738.0.0.0.4647
cannot optimize it so will work without any
optimization
Modules: CT
Interface [S] not optimized: the OS doesnt support
receive side scaling queues
event4648 This warning appears if the interface driver doesn’t 1.3.6.1.4.1.30738.0.0.0.4648
support for optimization. If this happens CCOTTA
cannot optimize it so will work without any
2-97
SNMP Traps
optimization.
Modules: CT
event4649 1.3.6.1.4.1.30738.0.0.0.4649
No IP address found for whitelist domain: [S]

event4650 1.3.6.1.4.1.30738.0.0.0.4650
Interface [S] not fully optimized: the number of RSS

queues doesnt match the number of threads
This warning appears if the interface driver is not
event4651 1.3.6.1.4.1.30738.0.0.0.4651
properly configured. Please, review the driver
configuration.
Modules: CT
The administrator [S] has been locked.
This message is written when the administrator has
event4652 been locked after an unsuccessful number of login 1.3.6.1.4.1.30738.0.0.0.4652
attempts.
Modules: CM5243: infoModule: CM
[S] Antivirus bases are older than [N] hours. Bases
UTC date is [S]
This happens the antivirus engine couldn’t be
event4653 updated for configured number of hours (default 1.3.6.1.4.1.30738.0.0.0.4653
value 24 hours, key: etc/Global.conf
Content#AntiVirusEngines#TimeDiffX 86400)
Antitrap: 5228Modules: WF, CM
“WriteMessageAtInternalLog” to write this message
event4654 1.3.6.1.4.1.30738.0.0.0.4654
in the Central Manager. Thus, we could have internal
Tool needs them.
warning
Interface [S] not fully load balanced: [S]
The module will log this message in case the
event4655 1.3.6.1.4.1.30738.0.0.0.4655
interface indicated is not fully load balanced.
Module: CCOTTA
Unable to retrieve CPU Affinity from [S]
The module will appear in case it cannot establish
event4656 connection with CCOTTA (to get the CPU affinity). 1.3.6.1.4.1.30738.0.0.0.4656
5249Module: SMTP Filter
2-98
SNMP Traps
Cannot get from CM bases date for antivirus engine:
[S]
This message appears in case the filtering module is
event4657 not able to download the date for antivirus engine 1.3.6.1.4.1.30738.0.0.0.4657
bases. The module downloads the date in order to
know if it is updated or not.
Module: SMTP Filter, Web Filter
KPI [S] has [S]. Current value is [S]
This message is shown each time a KPI monitored by
event4658 Process Monitor has surpassed the configured 1.3.6.1.4.1.30738.0.0.0.4658
threshold (for example, packets drops, bypasses).
Antitrap: 7020Module: PM
Parameter [S] not found. Falling back to [S]
This parameter was not found. Falling back to
event4659 1.3.6.1.4.1.30738.0.0.0.4659
another value.
Resource [S] has a current limit value of [S] but this
module requires it to be [S]
The module requires a different limit for the
event4660 1.3.6.1.4.1.30738.0.0.0.4660
resource configured. Please check the limits and
update them accordingly.
[S] [S] connect

event4661 1.3.6.1.4.1.30738.0.0.0.4661
Discarded [S] messages to the CentralManager

event4662 during the last [S] seconds. 1.3.6.1.4.1.30738.0.0.0.4662
No clients found in [S] messages during the last [S]

event4663 seconds. 1.3.6.1.4.1.30738.0.0.0.4663
2.2.7.4 Info
These informational traps are from versions 1 and 2 of the NetworkSecure MIB.
[S] license is off.

event5001 1.3.6.1.4.1.30738.0.0.0.5001
Deprecated
[S] server started. Waiting for up to connections.

event5002 1.3.6.1.4.1.30738.0.0.0.5002
Deprecated
[S] shutdown completed.

event5003 1.3.6.1.4.1.30738.0.0.0.5003
Deprecated
2-99
SNMP Traps
[S] closed.
event5004 1.3.6.1.4.1.30738.0.0.0.5004
Deprecated
[S] configuration loaded successfully.

event5005 1.3.6.1.4.1.30738.0.0.0.5005
Modules: PM
[S] configuration updated successfully.

event5006 1.3.6.1.4.1.30738.0.0.0.5006
Deprecated
[S] created successfully.

This info message appears when the item described in
event5007 the message (DKIM signature, Disk cache, Provisioning 1.3.6.1.4.1.30738.0.0.0.5007
report…) was created successfully.
Modules: PM, CM, AS, WS
[S] default configuration loaded.
event5008 1.3.6.1.4.1.30738.0.0.0.5008
Deprecated
[S] finished.
This info message appears when the indicated action
(Kerberos key renewal, AntiVirus update, URLs
event5009 1.3.6.1.4.1.30738.0.0.0.5009
resolution, database CRP update, database
consolidation…) was finished.
Modules: CM, AS, WF, QM
[S] started successfully.
This info message appears when the indicated action
event5010 (Module, URL resolution, Disk cache, database 1.3.6.1.4.1.30738.0.0.0.5010
update…) started successfully
Modules: PM, CT, CM, AS, WF, QM, RA, RM
[S] was killed.
This info message appears to inform that the process
event5011 1.3.6.1.4.1.30738.0.0.0.5011
indicated was killed
Modules: PM
[S] was stopped
This info message appears when the module is
event5012 1.3.6.1.4.1.30738.0.0.0.5012
stopped. After that, the module exists.
Modules: AS, WF, QM, RM, WS
Connection to [S] server [S] established
This info message appears when the module has
event5013 1.3.6.1.4.1.30738.0.0.0.5013
established connection with the server indicated
Modules: CT, QM
Connection to [S] server [S] finished
This info message appears when the module loses the
event5014 1.3.6.1.4.1.30738.0.0.0.5014
connection with the server indicated
Modules: CT, QM, RM
Connection to [S] server [S] restored
event5015 1.3.6.1.4.1.30738.0.0.0.5015
This info message appears when the module was able
2-100
SNMP Traps
to restore a connection with the server indicated
Modules: CM, AS, WF, QM, RM
Loaded all the messages from filter [S]

event5016 1.3.6.1.4.1.30738.0.0.0.5016
loaded all the mails from the filter indicated.
Modules: QM
New [S] server connection defined:[S]
This info message appears when there is a new
event5017 1.3.6.1.4.1.30738.0.0.0.5017
connection to the Quarantine server
Modules: QM
[S] server [S] updated successfully
event5018 1.3.6.1.4.1.30738.0.0.0.5018
Deprecated
[S] server listening at [S].

event5019 1.3.6.1.4.1.30738.0.0.0.5019
Deprecated
user/groups from ip successfully

event5020 1.3.6.1.4.1.30738.0.0.0.5020
Deprecated
[S] loaded
event5021 loaded the info indicated in the message (client info, 1.3.6.1.4.1.30738.0.0.0.5021
user info, client package, configuration file…)
Modules: CT, CM, AS, QM
License [S] checked successfully.
event5022 1.3.6.1.4.1.30738.0.0.0.5022
Deprecated
Commutation [S] server

event5023 1.3.6.1.4.1.30738.0.0.0.5023
Deprecated
[S] reloaded successfully.
event5024 1.3.6.1.4.1.30738.0.0.0.5024
reloaded the lists
Modules: AS, WF
[S] removed from disk.
This info message appears when the module remove
from disk a client (because of timeout expiration (CM),
event5025 1.3.6.1.4.1.30738.0.0.0.5025
the stale messages from quarantine file (AS) or the
stale indexes (QM)
Modules: CM, AS, QM
Exception captured. [S]
event5026 1.3.6.1.4.1.30738.0.0.0.5026
Deprecated
Created thread for [S] successfully

event5027 1.3.6.1.4.1.30738.0.0.0.5027
Deprecated
2-101
SNMP Traps
Created thread pool for [S] successfully

event5028 1.3.6.1.4.1.30738.0.0.0.5028
Deprecated
[S] loaded successfully
event5029 loaded the lists successfully (AS), or the AntiVirus 1.3.6.1.4.1.30738.0.0.0.5029
Engine (WF) or another list indicated in the message.
Modules: AS, WF
[S] contacted successfully
event5030 1.3.6.1.4.1.30738.0.0.0.5030
contacted successfully with the URL database server.
Modules: WF
[S] was stopped
This info message appears when the module was
event5031 1.3.6.1.4.1.30738.0.0.0.5031
stopped
Modules: PM, CT, WF
Closing ICAP server
Only in ICAP deployment mode. This info message
event5032 1.3.6.1.4.1.30738.0.0.0.5032
appears when the module close the I server.
Modules: WF
Exiting [S]. All owned threads destroyed
This info message appears when the module is going
event5033 1.3.6.1.4.1.30738.0.0.0.5033
to exit and close all the threads.
Modules: WF
Starting Consolidation.
event5034 1.3.6.1.4.1.30738.0.0.0.5034
started a database consolidation
Modules: WF
Consolidation terminated.
event5035 1.3.6.1.4.1.30738.0.0.0.5035
finished the database consolidation
Modules: WF
ADMIN-ACTION: [S]
This info message appears when the module has a
event5036 1.3.6.1.4.1.30738.0.0.0.5036
request to the compress file log
Modules: WF
SOAP request: [S]
This info message appears when the module receives
event5037 1.3.6.1.4.1.30738.0.0.0.5037
a SOAP request for exiting. The module will exist.
Modules: CM, WF
[S] already running.
This info message appears to notify that there is
already running the URLs resolution, upgrade of the
event5038 1.3.6.1.4.1.30738.0.0.0.5038
software (only enterprise solution) or provisioning
report,
Modules: CM
2-102
SNMP Traps
Process [S] has to wait for other processes to be
event5039 started. 1.3.6.1.4.1.30738.0.0.0.5039
Deprecated
Process [S] suspended
This info message appears when CT cannot connect
event5040 1.3.6.1.4.1.30738.0.0.0.5040
with the filter to send the traffic (ping action fails).
Modules: CT
Process [S] resumed
This info message appears when CT reconnect with
event5041 1.3.6.1.4.1.30738.0.0.0.5041
the filter to send the traffic (ping action fails).
Modules: CT
Process suspension for more than 8 minutes detected
event5042 for [S] 1.3.6.1.4.1.30738.0.0.0.5042
Deprecated
Process [S] has PID=[S]

event5043 1.3.6.1.4.1.30738.0.0.0.5043
Deprecated
Process [S] is set to EXHAUSTED MODE. Maximum
number of retries to be started within allowed
event5044 1.3.6.1.4.1.30738.0.0.0.5044
seconds reached.
Deprecated
Starting [S] accumulation
The reporter module has started to accumulate the
event5045 1.3.6.1.4.1.30738.0.0.0.5045
data specified
Modules: RM
[S] accumulation terminated.
The reporter module has finished to accumulate the
event5046 1.3.6.1.4.1.30738.0.0.0.5046
data specified
Modules: RM
[S] index load is up to date.
The module is loading the info requested (detailed or
event5047 1.3.6.1.4.1.30738.0.0.0.5047
accumulated logs) or if the list is already updated
Modules: CM, RM
Received transaction for SMS: [S]
This info message appears when the CM has received
event5048 a transaction for sending SMS with the parameters to 1.3.6.1.4.1.30738.0.0.0.5048
send
Modules: CM
SMS successfully sent: [S]
This info message appears when the CM has sent the
event5050 1.3.6.1.4.1.30738.0.0.0.5050
SMS successfully
Modules: CM
No transactions.
This info message appears when the Unified Server
event5051 1.3.6.1.4.1.30738.0.0.0.5051
has no transactions to the CM.
Modules: CM
2-103
SNMP Traps
[S] successfully updated.
This info message appears when it was updated the
event5052 1.3.6.1.4.1.30738.0.0.0.5052
AV in the module
Modules: CM, AS, WF
Couldnt download list: [S]
This info message appears when it was not possible to
event5053 1.3.6.1.4.1.30738.0.0.0.5053
download the list indicated in the message
Modules: CM, AS, WF
Possible
This info message appears when there could be an
event5054 1.3.6.1.4.1.30738.0.0.0.5054
integrity error in the list updated.
Modules: CM, AS
File [S] has been successfully downloaded.
event5055 1.3.6.1.4.1.30738.0.0.0.5055
downloaded the list indicated in the message
Modules: CM, AS, WF
Unblocking Request: [S]
This info message appears when the module receives
event5056 1.3.6.1.4.1.30738.0.0.0.5056
an unblocking request from the user.
Modules: CM
[S] removed from memory.
event5057 1.3.6.1.4.1.30738.0.0.0.5057
Deprecated
Some packets lost

event5058 1.3.6.1.4.1.30738.0.0.0.5058
Deprecated
[S] has been detected.
This info message appears when the module detects a
event5059 1.3.6.1.4.1.30738.0.0.0.5059
custom kernel
Modules: CT
[S] actual version is [S]
This info message appears to show the current version
event5060 1.3.6.1.4.1.30738.0.0.0.5060
of the module
Modules: CT
[S] download in progress.
This info message appears when the module is
event5061 currently downloading the AntiVirus database or the 1.3.6.1.4.1.30738.0.0.0.5061
list database
Modules: CM
SMS not sent: [S]
This info message appears when it was not possible to
event5062 1.3.6.1.4.1.30738.0.0.0.5062
send the SMS
Modules: CM
Packet processing time avg=[S]us max=[S]us
This info message appears to inform about the
event5063 1.3.6.1.4.1.30738.0.0.0.5063
average and the maximum time of package processing
Modules: CT
2-104
SNMP Traps
DNS lookup time avg=[S]us max=[S]us
This info message appears to inform about the
event5064 1.3.6.1.4.1.30738.0.0.0.5064
average and the maximum time of DNS lookup
Modules: CT
Key [S] is obsolete, use [S] instead.
event5065 1.3.6.1.4.1.30738.0.0.0.5065
Deprecated
There were lost [S] packet(s) at interface [S]
This info message appears to inform that there were
some packet loses in the indicated interface. This loses
event5066 1.3.6.1.4.1.30738.0.0.0.5066
could be due to High traffic volume (CCOTTA cannot
process the traffic)
Modules: CT
Before: [S]
This message appears to:
event5067 Indicate the accumulated activation 1.3.6.1.4.1.30738.0.0.0.5067
requestsAccumulated SMS requestsCompacting the
databaseBefore starting a processModules: CM
After: [S]
This message appears to:
event5068 Indicate the accumulated activation 1.3.6.1.4.1.30738.0.0.0.5068
requestsAccumulated SMS requestsCompacting the
databaseAfter finishing a processModules: LIB, CM
[N][P] Filtered
event5069 This message appears to indicate the port filtered 1.3.6.1.4.1.30738.0.0.0.5069
Modules: WF
Transaction not processed: [S]
This message appears to indicate that the transaction
event5070 1.3.6.1.4.1.30738.0.0.0.5070
indicated was not processed
Modules: CM, AS
Statistics dump: [S]
This message appears to present statistics about the
event5071 1.3.6.1.4.1.30738.0.0.0.5071
cps received, cps sent…
Modules: RA
[S] Antivirus initialized
event5072 1.3.6.1.4.1.30738.0.0.0.5072
Deprecated
[S] Antivirus finalized

event5073 1.3.6.1.4.1.30738.0.0.0.5073
Deprecated
Invalid connection to [S] server
This message appears to indicate that it was not
event5074 possible to connect to the license server or to the 1.3.6.1.4.1.30738.0.0.0.5074
proxy to check the license
Modules: CM
2-105
SNMP Traps
Cannot parse [S] response correctly.
Only for the Enterprise solution. This message appears
during the software update to indicate that it was not
event5075 1.3.6.1.4.1.30738.0.0.0.5075
possible to check the status of the installation update
when asking to the OSSInstaller
Modules: LIB, CM
File [S] has been requested by [S]
This message appears to indicate the file that was
event5076 1.3.6.1.4.1.30738.0.0.0.5076
requested by SOAP call
Modules: CM
[S] checked
Only for the Enterprise solution. This message appears
event5077 to indicate that there are no newer versions to 1.3.6.1.4.1.30738.0.0.0.5077
update.
Modules: CM
File [S] has not changed at [S] server. Download not
event5078 needed 1.3.6.1.4.1.30738.0.0.0.5078
Deprecated
[S] consolidation successfully

event5079 1.3.6.1.4.1.30738.0.0.0.5079
Deprecated
Master restored, backup deactivated.

event5080 1.3.6.1.4.1.30738.0.0.0.5080
Deprecated
Icap Service [S] contacted successfully

event5081 1.3.6.1.4.1.30738.0.0.0.5081
Deprecated
Bad DatosAdicionales parameter type, a RECORD with

event5082 two element is required. 1.3.6.1.4.1.30738.0.0.0.5082
Deprecated
Bad parameter type datosAdicionales-
event5083 OCTO_NU_ADMINS = [S] 1.3.6.1.4.1.30738.0.0.0.5083
Deprecated
Add lstOperaciones - [S] = [S]

event5084 1.3.6.1.4.1.30738.0.0.0.5084
Deprecated
AdditionalData-OCTO_NU_ADMINS = [S]
event5085 1.3.6.1.4.1.30738.0.0.0.5085
Deprecated
AdditionalData-NUM_OCURRENCIAS = [S]
event5086 1.3.6.1.4.1.30738.0.0.0.5086
Deprecated
AdditionalData-DIRECCION_CORREO_1 = [S]
event5087 1.3.6.1.4.1.30738.0.0.0.5087
Deprecated
2-106
SNMP Traps
AdditionalData-TIPO_CREACION = [S]
event5088 1.3.6.1.4.1.30738.0.0.0.5088
Deprecated
Add codServicio- [S] = [S]

event5089 1.3.6.1.4.1.30738.0.0.0.5089
Deprecated
AdditionalData-USER_ID_COL = [S]
event5090 1.3.6.1.4.1.30738.0.0.0.5090
Deprecated
Add Units Provision- [S] = [S]

event5091 1.3.6.1.4.1.30738.0.0.0.5091
Deprecated
AdditionalData-OPERACIONES(0) = [S]
event5092 1.3.6.1.4.1.30738.0.0.0.5092
Deprecated
AdditionalData-OPERACIONES(1) = [S]
event5093 1.3.6.1.4.1.30738.0.0.0.5093
Deprecated
AdditionalData-Equipos(0) = [S]
event5094 1.3.6.1.4.1.30738.0.0.0.5094
Deprecated
AdditionalData-Equipos(1) = [S]
event5095 1.3.6.1.4.1.30738.0.0.0.5095
Deprecated
AdditionalData-Cantidades(0) = [N]
event5096 1.3.6.1.4.1.30738.0.0.0.5096
Deprecated
AdditionalData-Cantidades(1) = [N]
event5097 1.3.6.1.4.1.30738.0.0.0.5097
Deprecated
Sending response ([N]) to AXIS-TdE initial request

event5098 1.3.6.1.4.1.30738.0.0.0.5098
Deprecated
Result sent to Central Manger ERR = [N]

event5099 1.3.6.1.4.1.30738.0.0.0.5099
Deprecated
External Execute
event5100 1.3.6.1.4.1.30738.0.0.0.5100
Deprecated
Getting response from AXIS

event5101 1.3.6.1.4.1.30738.0.0.0.5101
Deprecated
Not connected ... retrying connection with AXIS

event5102 1.3.6.1.4.1.30738.0.0.0.5102
Deprecated
2-107
SNMP Traps
Connection refused with AXIS

event5103 1.3.6.1.4.1.30738.0.0.0.5103
Deprecated
Receiving response from AXIS

event5104 1.3.6.1.4.1.30738.0.0.0.5104
Deprecated
Issue arise due to: [S] - [S]

event5105 1.3.6.1.4.1.30738.0.0.0.5105
Deprecated
Data Received from AXIS - MENS_NO_MENSA = [S],

event5106 MENS_NU_MENSA = [S], MENS_IN_TIPMEN = [S] 1.3.6.1.4.1.30738.0.0.0.5106
Deprecated
Error in %s
This message appears to indicate a general error
event5107 described in the message: 1.3.6.1.4.1.30738.0.0.0.5107
“IP notification address max retries exceeded”“BGP
FSM neighbor state – event”Modules: CT
Request data - assigned
event5108 1.3.6.1.4.1.30738.0.0.0.5108
Deprecated
Complementary data - assigned

event5109 1.3.6.1.4.1.30738.0.0.0.5109
Deprecated
Processing values of: -[S]-.

event5110 1.3.6.1.4.1.30738.0.0.0.5110
Deprecated
Sending request to Central Manager

event5111 1.3.6.1.4.1.30738.0.0.0.5111
Deprecated
Communication
event5112 1.3.6.1.4.1.30738.0.0.0.5112
Deprecated
Response sent to AXIS-TdE

event5113 1.3.6.1.4.1.30738.0.0.0.5113
Deprecated
Issue creation AXIS-TdE

event5114 1.3.6.1.4.1.30738.0.0.0.5114
Deprecated
MARCADO request sent to AXIS-TdE

event5115 1.3.6.1.4.1.30738.0.0.0.5115
Deprecated
-Cumplimentation- request sent to a AXIS-TdE

event5116 1.3.6.1.4.1.30738.0.0.0.5116
Deprecated
2-108
SNMP Traps
-Cumplimentation-
event5117 1.3.6.1.4.1.30738.0.0.0.5117
Deprecated
Central Manager requests issue creation [S]

event5118 1.3.6.1.4.1.30738.0.0.0.5118
Deprecated
SendERROR
event5119 1.3.6.1.4.1.30738.0.0.0.5119
Deprecated
Issue creation finished ok AXIS-TdE

event5120 1.3.6.1.4.1.30738.0.0.0.5120
Deprecated
Communication
event5121 1.3.6.1.4.1.30738.0.0.0.5121
Deprecated
Provisioning finished
event5122 1.3.6.1.4.1.30738.0.0.0.5122
Deprecated
SOAP Request: Stop service.

event5123 1.3.6.1.4.1.30738.0.0.0.5123
Deprecated
SOAP Request: Start service.

event5124 1.3.6.1.4.1.30738.0.0.0.5124
Deprecated
SOAP Request: Deleting cache.

event5125 1.3.6.1.4.1.30738.0.0.0.5125
Deprecated
SOAP Request: Reload configuration file.

event5126 1.3.6.1.4.1.30738.0.0.0.5126
Deprecated
SOAP Request: Exit.

event5127 1.3.6.1.4.1.30738.0.0.0.5127
Deprecated
ITR: [S]
event5128 1.3.6.1.4.1.30738.0.0.0.5128
Deprecated
HTMOPT ReadFile - File not found: [S] -

event5129 1.3.6.1.4.1.30738.0.0.0.5129
Deprecated
Error OWS: ReplaceAddressInStack not possible

event5130 1.3.6.1.4.1.30738.0.0.0.5130
Deprecated
TemplateFile: [S]
event5131 1.3.6.1.4.1.30738.0.0.0.5131
Deprecated
2-109
SNMP Traps
ERROR: Template: [S],

event5132 1.3.6.1.4.1.30738.0.0.0.5132
Deprecated
HTTPCleanRequest = [S]
event5133 1.3.6.1.4.1.30738.0.0.0.5133
Deprecated
HTTPRequestAuth = [S]
event5134 1.3.6.1.4.1.30738.0.0.0.5134
Deprecated
OWS Version [S] (build date - [S]) for WINDOWS

event5135 XP,NT,2000 1.3.6.1.4.1.30738.0.0.0.5135
Deprecated
OWS Version [S] (build date - [S]) for LINUX Red Hat
event5136 9.x 1.3.6.1.4.1.30738.0.0.0.5136
Deprecated
Timeout in Request (Now-Time From Request)=[S]

event5137 1.3.6.1.4.1.30738.0.0.0.5137
Deprecated
Number of available threads PORT([S]) = [S]

event5138 1.3.6.1.4.1.30738.0.0.0.5138
Deprecated
[N] Threads created.

event5139 1.3.6.1.4.1.30738.0.0.0.5139
Deprecated
AXIS Request: [S]

event5140 1.3.6.1.4.1.30738.0.0.0.5140
Deprecated
Manager Request to complete PROVISION:[S]

event5141 1.3.6.1.4.1.30738.0.0.0.5141
Deprecated
Received an undefined provision result: [N]

event5142 1.3.6.1.4.1.30738.0.0.0.5142
Deprecated
ATLAS: servicioSincrono received.

event5143 1.3.6.1.4.1.30738.0.0.0.5143
Deprecated
SincronousService NOT authenticated.

event5144 1.3.6.1.4.1.30738.0.0.0.5144
Deprecated
SincronousService authenticated.
event5145 1.3.6.1.4.1.30738.0.0.0.5145
Deprecated
Parameter interpretation begin.

event5146 1.3.6.1.4.1.30738.0.0.0.5146
Deprecated
2-110
SNMP Traps
RequestData-NumeroOrden = [S]
event5147 1.3.6.1.4.1.30738.0.0.0.5147
Deprecated
RequestData-tipoJalon = [S]
event5148 1.3.6.1.4.1.30738.0.0.0.5148
Deprecated
RequestData-codInt1Uo = [S]
event5149 1.3.6.1.4.1.30738.0.0.0.5149
Deprecated
RequestData-codInt2Uo = [S]
event5150 1.3.6.1.4.1.30738.0.0.0.5150
Deprecated
RequestData-intCentro = [S]
event5151 1.3.6.1.4.1.30738.0.0.0.5151
Deprecated
RequestData-intLocalizacion = [S]
event5152 1.3.6.1.4.1.30738.0.0.0.5152
Deprecated
RequestData-secuenciaActuacion = [S]
event5153 1.3.6.1.4.1.30738.0.0.0.5153
Deprecated
RequestData-versionActuacion = [S]
event5154 1.3.6.1.4.1.30738.0.0.0.5154
Deprecated
RequestData-unidadOperativa = [S]
event5155 1.3.6.1.4.1.30738.0.0.0.5155
Deprecated
RequestData-grupoOperativo = [S]
event5156 1.3.6.1.4.1.30738.0.0.0.5156
Deprecated
Page not found, path relative to ROOT = [S]

event5157 1.3.6.1.4.1.30738.0.0.0.5157
Deprecated
[S] Packet Lost events happened at interface [S] Total

event5158 Packet Lost [S] 1.3.6.1.4.1.30738.0.0.0.5158
Deprecated
INFOrmation about configuration: [S]
This message appears to indicate:
The number of dynamic packet allocated and the total
event5159 1.3.6.1.4.1.30738.0.0.0.5159
usedInfo about the use of SSL (if using SSL
acceleration, SSL engine, if there is an error in the
engine, if its cavium engine…)Modules: CT
Unknown file [S]
event5160 1.3.6.1.4.1.30738.0.0.0.5160
Deprecated
2-111
SNMP Traps
Report event: [S]
Only for BGP deployment mode. This message appears
to indicate info about the status of BGP:
event5161 1.3.6.1.4.1.30738.0.0.0.5161
BGP WF communication is establishedBGP Default GW
is reachableDefault GW reachability has been
lostModules: CT
Unclear case, surely due to previous crash, or shortage
event5162 of electricity : [S][S]. Can cope with it. 1.3.6.1.4.1.30738.0.0.0.5162
Deprecated
[S] alive
event5163 1.3.6.1.4.1.30738.0.0.0.5163
Deprecated
Executing ssl acceleration [S]

event5164 1.3.6.1.4.1.30738.0.0.0.5164
Deprecated
[S]
This message appears to indicate that there were
event5165 errors writing a packet. Indicates the interfaces and 1.3.6.1.4.1.30738.0.0.0.5165
the maximum packet size
Modules: CT
Accumulation dumped to static database [S].
This message appears to indicate that the
event5166 accumulation calculated has been saved in the 1.3.6.1.4.1.30738.0.0.0.5166
database
Modules: RM
Database [S] consolidated into [S].
This message appears to indicate the database that
event5167 1.3.6.1.4.1.30738.0.0.0.5167
was consolidated and the destination path
Modules: RM
Removed old database [S].
event5168 1.3.6.1.4.1.30738.0.0.0.5168
has been removed
Modules: RM
Removed temporal database [S].
This message appears to indicate that it was remove a
event5169 1.3.6.1.4.1.30738.0.0.0.5169
temporal database
Modules: RM
Temporal database [S] is not corrupted, moving to its
final destination and removing old fragments.
This message appears to indicate after a fall of the
event5170 module, that the temporal database used before the 1.3.6.1.4.1.30738.0.0.0.5170
fall is OK so that the Reporter process it to a final
destination
Modules: RM
Database fragment [S] removed.
event5171 This message appears to indicate after a fall of the 1.3.6.1.4.1.30738.0.0.0.5171
module that the fragments detected could not be
2-112
SNMP Traps
used so they are removed
Modules: RM
Database [S] backed up to [S].

This message appears to indicate the indicated
event5172 1.3.6.1.4.1.30738.0.0.0.5172
database was backed up
Modules: RM
Backup accumulation result dumped to [S].
This message appears to indicate that the
event5173 1.3.6.1.4.1.30738.0.0.0.5173
accumulated results were saved in a destination path
Modules: RM
Dynamic database [S] rebuilt from detail file.
This message appears to indicate that the database is
event5174 1.3.6.1.4.1.30738.0.0.0.5174
built with the data from a detail file
Modules: RM
Started consistency check of [S].
This message appears to indicate that the Reporter is
event5175 1.3.6.1.4.1.30738.0.0.0.5175
checking the consistency of the indicated database
Modules: RM
Finished consistency check of [S].
This message appears to indicate that the consistency
event5176 1.3.6.1.4.1.30738.0.0.0.5176
check has finished
Modules: RM
Executed report [S] with id [S].
This message appears to indicate that the reporter is
event5177 1.3.6.1.4.1.30738.0.0.0.5177
executing a defined report.
This message appears to indicate Modules: RM
Executed report [S] with id [S] for client [S].
This message appears to indicate the reporter is
event5178 1.3.6.1.4.1.30738.0.0.0.5178
executing a defined report for a certain client
Modules: RM
Executed programmed report [S].
event5179 1.3.6.1.4.1.30738.0.0.0.5179
executing a programmed report
Modules: RM
Executed programmed report [S] for client [S].
event5180 1.3.6.1.4.1.30738.0.0.0.5180
executing a programmed report for a certain client
Modules: RM
Static database [S] dumped.
This message appears to indicate the static database
event5181 1.3.6.1.4.1.30738.0.0.0.5181
was dumped
Modules: RM
Starting accumulation on database [S].
event5182 1.3.6.1.4.1.30738.0.0.0.5182
starting the accumulation on a certain database
Modules: RM
2-113
SNMP Traps
Enlisting [S] to be accumulated over [S].
This message appears to indicate that the indicated
event5183 1.3.6.1.4.1.30738.0.0.0.5183
database was enlisted to be accumulated
Modules: RM
Database [S] moved to [S].
This message appears to indicate that the database
event5184 1.3.6.1.4.1.30738.0.0.0.5184
indicated was moved to another path
Modules: RM
Starting migration
This message appears to indicate that the reported
event5185 1.3.6.1.4.1.30738.0.0.0.5185
has started a new migration
Modules: RM
Migration completed
This message appears to indicate that the migration
event5186 1.3.6.1.4.1.30738.0.0.0.5186
was completed
Modules: RM
Migrating databases
This message appears to indicate that the reporter is
event5187 1.3.6.1.4.1.30738.0.0.0.5187
migrating all the databases
Modules: RM
Migrating database [S]
event5188 1.3.6.1.4.1.30738.0.0.0.5188
the reporter is migrating
Modules: RM
Migrating programmed report instances
This message appears to indicate it is migrating
event5189 1.3.6.1.4.1.30738.0.0.0.5189
programmed report to the current version
Modules: RM
Migrating programmed report instance [S]
This message appears to indicate the programmed
event5190 1.3.6.1.4.1.30738.0.0.0.5190
report that is currently migrating
Modules: RM
Migrating file [S].
This message appears to indicate the file that the
event5191 1.3.6.1.4.1.30738.0.0.0.5191
reporter is currently migrating
Modules: RM
Migrating detail [S] (copy).
This message appears to indicate the detail file that is
event5192 1.3.6.1.4.1.30738.0.0.0.5192
migrating to another copy
Modules: RM
Migrating detail [S] (move).
This message appears to indicate the detail file that is
event5193 1.3.6.1.4.1.30738.0.0.0.5193
migrating to another path
Modules: RM
Scripting engine message [S] received executing script
[S] from configuration file [S].
event5194 1.3.6.1.4.1.30738.0.0.0.5194
This message appears to indicate that the scripting
engine is running a script from the indicated
2-114
SNMP Traps
configuration file
Modules: RM, WS
Scripting engine output [S] received executing script

[S] from configuration file [S].
event5195 This message appears to indicate the output of the 1.3.6.1.4.1.30738.0.0.0.5195
script executed by the scripting engine
Modules: RM, WS
Workmode [S] ignored. Unable to load Reporter
configuration.
This message appears to indicate that one workmode
event5196 1.3.6.1.4.1.30738.0.0.0.5196
is ignored because it was not possible to load from the
configuration file
Modules: RM
Received DCAgent response ([S]) with more than [S]
event5197 bytes. 1.3.6.1.4.1.30738.0.0.0.5197
Deprecated
[P]1 At least a Primary Server is available again.

event5198 1.3.6.1.4.1.30738.0.0.0.5198
Modules: LIB
[P]1 At least a Server is available again.

event5199 1.3.6.1.4.1.30738.0.0.0.5199
Modules: LIB
[P]1 Has been re-configured properly.

event5200 1.3.6.1.4.1.30738.0.0.0.5200
Modules: LIB
[P]4:[P]2 Connection to Server has been restored.

event5201 1.3.6.1.4.1.30738.0.0.0.5201
Modules: LIB
[P]4:[P]2 Connection to Server has been restored.

event5202 This warning appears if the connection with the 1.3.6.1.4.1.30738.0.0.0.5202
remote server restored. Modules: LIB
Download limit reached for [S].
This message appears to indicate that is was reached
event5203 1.3.6.1.4.1.30738.0.0.0.5203
the download limited in a LDAP query.
Modules: CM
Starting upgrade.
This message appears to indicate that an upgrade
event5204 1.3.6.1.4.1.30738.0.0.0.5204
process has been started
Modules: RM
Upgrade completed.
This message appears to indicate that the upgrade
event5205 1.3.6.1.4.1.30738.0.0.0.5205
process has been completed
Modules: RM
Upgrading databases.
event5206 1.3.6.1.4.1.30738.0.0.0.5206
This message appears to indicate the databases are
2-115
SNMP Traps
being upgraded during the upgrade process.
Modules: RM
Database [S] is up to date.

This message appears to indicate that the database is
event5207 1.3.6.1.4.1.30738.0.0.0.5207
updated
Modules: RM
Database [S] successfully upgraded.
This message appears to indicate that the database
event5208 1.3.6.1.4.1.30738.0.0.0.5208
has been successfully upgraded
Modules: RM
Detailed log [S] is up to date.
This message appears to indicate the indicated log is
event5209 1.3.6.1.4.1.30738.0.0.0.5209
updated
Modules: RM
Detailed log [S] successfully upgraded.
This message appears to indicate that the detailed log
event5210 1.3.6.1.4.1.30738.0.0.0.5210
has been upgraded
Modules: RM
Antivirus module loaded.
event5211 1.3.6.1.4.1.30738.0.0.0.5211
Deprecated
Analysis started, ScanId [N].

event5212 1.3.6.1.4.1.30738.0.0.0.5212
Deprecated
Analysis done, ScanId [N].

event5213 1.3.6.1.4.1.30738.0.0.0.5213
Deprecated
Update finished.
event5214 1.3.6.1.4.1.30738.0.0.0.5214
Deprecated
System analyzed: [S] objects analyzed, [S] infected.

event5215 1.3.6.1.4.1.30738.0.0.0.5215
Deprecated
AV Library Version [S]; AV Engine Version [S]; AV

event5216 Updater Version [S]; SW Version [S]; Num.virus [S] 1.3.6.1.4.1.30738.0.0.0.5216
Deprecated
[N][P] Filtered by cpu[N]

event5217 1.3.6.1.4.1.30738.0.0.0.5217
Deprecated
The service [S] changed its status to [S]

event5218 1.3.6.1.4.1.30738.0.0.0.5218
Not implemented yet
Interface [S] optimized: [S]

event5219 This message appears to indicate that the network 1.3.6.1.4.1.30738.0.0.0.5219
interface driver is known and that CCOTTA has
2-116
SNMP Traps
optimized it
Module: CT
The IP address [S] from blacklist has been removed

because it belongs to whitelist: [S]
event5220 1.3.6.1.4.1.30738.0.0.0.5220
Not implemented yet
Only for WOLF solution.Module: CM
The IP address [S] from blacklist has been removed
because it exceeds the maximum traffic threshold
event5221 1.3.6.1.4.1.30738.0.0.0.5221
Only for WOLF solution.
Module: CM
[S] email discarded for client [S]: [S]
The oldest email for a client is discarded because a
event5222 new email for that client is pending to send (welcome 1.3.6.1.4.1.30738.0.0.0.5222
to the service email)
Module: CM
Redirection to to proxy activated
Mobile EndPoint Logs. Indicates that the connection is
event5223 not filtered by default so the EndPoint has activated 1.3.6.1.4.1.30738.0.0.0.5223
the proxy navigation to be filtered with the Proxy
Module: OMF
Redirection to to proxy deactivated
Mobile EndPoint Logs. Indicates that the connection is
event5224 again filtered by default so the EndPoint has 1.3.6.1.4.1.30738.0.0.0.5224
deactivated the proxy navigation
Module: OMF
The administrator [S] has been unlocked
This message appears when an Administrator that was
locked previously due to a number of unsuccessful
event5225 1.3.6.1.4.1.30738.0.0.0.5225
login attempts, has been unlocked and can login
again.
Module: CM
[S] Antivirus bases recovered from local backup
This message appears when the module found an
error in the internal AntiVirus bases (and cannot start
event5226 1.3.6.1.4.1.30738.0.0.0.5226
the local engine) but was recovered automatically
with the local backup copy.
Module: WF
Antivirus engines recovered from Central Manager
This message appears when the module found an
error in the internal AntiVirus bases (and cannot start
the local engine) couldn’t recovered automatically
event5227 1.3.6.1.4.1.30738.0.0.0.5227
with the local backup copy and has been recovered
automatically getting the bases from the Central
Manager
Module: WF
2-117
SNMP Traps
[S] Antivirus engine successfully updated. Bases UTC
date is [S]
event5228 This message appears when the module could update 1.3.6.1.4.1.30738.0.0.0.5228
the AntiVirus bases successfully
Module: WF, CM
TCP Connections over the limit ([N])
The TCP connections have reach the top limit. This is
event5229 just informative. CCOTTA is not going to drop traffic. 1.3.6.1.4.1.30738.0.0.0.5229
The default configuration is the following:
Traps{ TCPConnectionsLive { Limit = 10000 Interval = 5
TCP Connections under the limit ([N])
TCP connections are now under the limit and CCOTTA
event5230 1.3.6.1.4.1.30738.0.0.0.5230
are accepting all the connections.
Module: CT
HTTP Parser pool empty, [N] used
The pool size is full and the parser cannot accept more
traffic. It is not going to filter that traffic. Please,
event5231 1.3.6.1.4.1.30738.0.0.0.5231
review the key: PoolSize at CCOTTA.conf –Antitrap:
5232
Module: CT
HTTP Parser pool recovered, [N] used
The pool size has been recovered and it’s down the
event5232 1.3.6.1.4.1.30738.0.0.0.5232
limit.
Module: CT
[N][P] Filtered by cpu[N]
Replaces to 5217 message. This message appears if
the CPU usage is over the limit. In that case, CCOTTA
event5233 1.3.6.1.4.1.30738.0.0.0.5233
will bypass the traffic to prevent from packet loses.
Antitrap: 5234
Module: CT
No packets lost at interface [S]
event5234 CCOTTA has recovered from the CPU usage. 1.3.6.1.4.1.30738.0.0.0.5234
Module: CT
HTTPS Parser pool empty, [N] used
This message appears in case CT has used completely
event5235 1.3.6.1.4.1.30738.0.0.0.5235
the pool for HTTPS and no more is available
Antitrap: 5235Module: CT
HTTPS Parser pool recovered, [N] used
This message appears in case CT recovers the pool for
event5236 1.3.6.1.4.1.30738.0.0.0.5236
HTTPS (is under the maximum)
Module: CT
FTP Parser pool empty, [N] used
event5237 1.3.6.1.4.1.30738.0.0.0.5237
the pool for FTP and no more is available
FTP Parser pool recovered, [N] used
event5238 1.3.6.1.4.1.30738.0.0.0.5238
2-118
SNMP Traps
FTP (is under the maximum)
Module: CT
HTTPProxyListener Parser pool empty, [N] used

event5239 the pool for HTTPProxyListener and no more is 1.3.6.1.4.1.30738.0.0.0.5239
available
HTTPProxyListener Parser pool recovered, [N] used
event5240 1.3.6.1.4.1.30738.0.0.0.5240
HTTPProxyListener (is under the maximum)
Module: CT
DNS Parser pool empty, [N] used
event5241 1.3.6.1.4.1.30738.0.0.0.5241
the pool for DNS and no more is available
DNS Parser pool recovered, [N] used
event5242 1.3.6.1.4.1.30738.0.0.0.5242
DNS (is under the maximum)
Module: CT
“WriteMessageAtInternalLog” to write this message in
event5243 1.3.6.1.4.1.30738.0.0.0.5243
the Central Manager. Thus, we could have internal
Tool needs them.
warning5243: infoModule: CM
[S] download will be executed in [N] seconds
This message is sent when the module must download
event5244 a. crp from CM and it calculates that it is better to wait 1.3.6.1.4.1.30738.0.0.0.5244
some time so as not to overload the CM.
Modules: WF
Rebuilding process of the client list completed
This message appears when the rebuilding process has
event5245 1.3.6.1.4.1.30738.0.0.0.5245
finished.
Related message: 4012Modules: WF
[S] threads bound to cpus [S]
This message appears to inform about the thread CPU
event5246 affinity. 1.3.6.1.4.1.30738.0.0.0.5246
5249Modules: WF
Thread [S] TID bound to cpus [S]
event5247 This message appears to inform about the thread CPU 1.3.6.1.4.1.30738.0.0.0.5247
affinity.
2-119
SNMP Traps
5249Modules: WF
[S] established from [S]

event5248 affinity. 1.3.6.1.4.1.30738.0.0.0.5248
5249Modules: WF
CPU Affinity [S] established from [S]
event5249 affinity. 1.3.6.1.4.1.30738.0.0.0.5249
5248Modules: WF
Bases UTC date of Antivirus engine [S] is [S]
event5250 This message shows the AV bases internal date. 1.3.6.1.4.1.30738.0.0.0.5250
Modules: WF, SF and CM
Transaction [S] received
This message is logged when processing transaction
event5251 1.3.6.1.4.1.30738.0.0.0.5251
40. If the processing fails, the following message is
logged:
Transaction [S] successfully processed
This message is logged when processing transaction
event5252 1.3.6.1.4.1.30738.0.0.0.5252
40. If the processing fails, the following message is
logged:
Retention values for workmode [S] (in hours): [S].
This message shows the retention values in hours for
event5253 1.3.6.1.4.1.30738.0.0.0.5253
the described work mode.
User [S] is erasing
This message appears when the Reporter is at this
event5254 moment erasing info from the database, as requested 1.3.6.1.4.1.30738.0.0.0.5254
for GDPR purposes.
Related messages: 5255 and 10002Modules: RM
User [S] is retrieving
This message appears when the Reporter is at this
event5255 moment retrieving info from the database, as 1.3.6.1.4.1.30738.0.0.0.5255
requested for GDPR purposes.
Related messages: 5254 and 10002Modules: RM
Fields [S] of workmode [S] will be encrypted
This message is logged by the modules with the field
event5256 1.3.6.1.4.1.30738.0.0.0.5256
of each type that will be encrypted.
Modules: RM
Starting [S] compression
This message appears when a log file is to be
event5257 1.3.6.1.4.1.30738.0.0.0.5257
compressed.
Related messages: 5258Modules: RM
2-120
SNMP Traps
[S] compression terminated
This message appears when log file compression has
event5258 1.3.6.1.4.1.30738.0.0.0.5258
terminated.
Related messages: 5257Modules: RM
User [S] is encrypting the database
This message is logged by RM5 when encrypting the
event5259 1.3.6.1.4.1.30738.0.0.0.5259
database.
Modules: RM
Starting export
This message is logged by RM5 when commencing the
event5260 1.3.6.1.4.1.30738.0.0.0.5260
export of client data.
Related messages: 5261, 5262Modules: RM
Export completed
This message is logged by RM5 when the module has
event5261 1.3.6.1.4.1.30738.0.0.0.5261
finished exporting the data.
Database [S] successfully exported
This message is logged by RM5 when the module has
event5262 1.3.6.1.4.1.30738.0.0.0.5262
finished exporting the database.
No more [S] connect

event5263 1.3.6.1.4.1.30738.0.0.0.5263
There were bypassed [S] connection(s) at thread [S]

event5264 1.3.6.1.4.1.30738.0.0.0.5264
[S] SOAP service restored

event7001 1.3.6.1.4.1.30738.0.0.0.7001
[S] HTTP service restored

event7002 1.3.6.1.4.1.30738.0.0.0.7002
The created number of clients has reached the

permitted amount for your license. The correct
event7003 1.3.6.1.4.1.30738.0.0.0.7003
operation of the system should have been recovered.
The license control key has been restored. The correct

event7004 operation of the system should have been recovered. 1.3.6.1.4.1.30738.0.0.0.7004
[S] email for client [S] sent successfully

event7005 1.3.6.1.4.1.30738.0.0.0.7005
Test trap sent successfully

event7006 1.3.6.1.4.1.30738.0.0.0.7006
2-121
SNMP Traps
Test antitrap sent successfully

event7007 1.3.6.1.4.1.30738.0.0.0.7007
File system has passed DiskIO Health test ([S])

event7008 1.3.6.1.4.1.30738.0.0.0.7008
Tampering detected for [S]

event7009 1.3.6.1.4.1.30738.0.0.0.7009
Missing parameter [S] in resource [S] for [S]

event7010 1.3.6.1.4.1.30738.0.0.0.7010
Client [S] is not connected to the Tunnel. Reason [S]

event7011 1.3.6.1.4.1.30738.0.0.0.7011
Client [S] has established a new Tunnel connection

event7012 1.3.6.1.4.1.30738.0.0.0.7012
Client [S] completed activation request with PIN [S]

event7013 1.3.6.1.4.1.30738.0.0.0.7013
Client [S] completed activation validation

event7014 1.3.6.1.4.1.30738.0.0.0.7014
Client [S] deactivated the [S]

event7015 1.3.6.1.4.1.30738.0.0.0.7015
Client [S] activated the [S]

event7016 1.3.6.1.4.1.30738.0.0.0.7016
SMS code [S] not accepted for client [S] . Reason: [S]
event7017 1.3.6.1.4.1.30738.0.0.0.7017
AMFId received [S] does not match with the one for
event7018 [S] 1.3.6.1.4.1.30738.0.0.0.7018
License status has changed to [S]

Antitrap. The module will log this message when the
event7019 1.3.6.1.4.1.30738.0.0.0.7019
license returns to NORMAL status.
Related message: 37Module: CM
KPI [S] has recovered ([S]). Current value is [S]
Antirap. The module will log this message when the
event7020 1.3.6.1.4.1.30738.0.0.0.7020
monitored KPI is below the threshold configured.
Module: PM
2-122
SNMP Traps
2.2.7.5 Debug
These debugging traps are from versions 1 and 2 of the NetworkSecure MIB.
OWS
event10001 1.3.6.1.4.1.30738.0.0.0.10001
Not implemented yet
Processing file [S]
This message appears when processing a file for
event10002 1.3.6.1.4.1.30738.0.0.0.10002
erasure or retrieving data from a subscriber by RM5.
Related messages: 5254, 5255Module: RM
2.2.7.6 Topology Traps

These traps are from the ALLOT- TOPOLOGY-MIB, and they include
alTopoManagedNodesTAddress to show the node to which the trap refers. For
more about the Topology MIB, see Topology.
NAME DESCRIPTION OID
This trap is sent when a node is

alTopoNodeUnreachableAlarmUp 1.3.6.1.4.1.2603.17.0.1
down.
This trap is sent when a node is back

alTopoNodeUnreachableAlarmDown 1.3.6.1.4.1.2603.17.0.2
up.
2.2.8 ACP (Unix) Traps

The Allot Common Platform (ACP) includes several standard SNMP tool-sets
including net-snmp, net-snmp-libs, net-snmp-utils and lm_sensors-libs. These tools
enable Allot products based on ACP to send standard Unix-level traps, when
configured to do so.
The following Allot products are based on the Allot Common Platform (ACP)
• SG-9x00 family
• SG-VE
• SSG
• NetXplorer
• ClearSee
• Data Mediator
• SMP
2-123
SNMP Traps
• DDoS Secure (from 15.1 onwards)
2.2.8.1 Configuration Example

In order to configure standard Unix based traps to notify on link-up and link-down,
on a NetXplorer server or any of the products listed above, edit the
etc/snmpd.conf file by adding the following lines:
createUser watchdog
iquerySecName watchdog
rouser watchdog
trap2sink 172.19.2.57 public
linkUpDownNotifications yes
Regarding the text above, please see the following explanations:

• Watchdog is an internal user who will have access to the whole MIB
structure of this Unix machine. Any name can be picked for the user,
however the same chosen name must be configured in all 3 lines.
• 172.19.2.57 is the IP address of destination SNMP traps. SNMPv2 will be
used for sending traps
• Public is the community string used for the authorization of traps. Any
ASCII word can be picked.
• LinkUpDownNotifications is one of the built-in monitoring entries of this
standard SNMP tool.
2-124
Health Monitoring
3 Health Monitoring
Health monitoring metrics used to reflect the health of key elements of Allot
network equipment (e.g: Service Gateway) and their component parts (e.g: SFB
blades).
The Service Provider or Carrier can poll Allot Network Elements to monitor the
health status of different parameters including the following:
• Temperature
• Fans
• Power Supply
• CPU
• Memory usage
• Disk usage
• Hardware Status
• Software Status
3.1 Service Gateway (and NetEnforcer)

The Service Provider or Carrier can poll Allot Network Elements for health metrics
such as memory usage, disk usage, temperature and CPU usage
The Allot Service Gateway products are based on a 14 slot ATCA chassis (SG-Tera),
the COTS-based SG-9x00 family (each one, a single appliance), or a virtualized
platform (SG-VE). The older, ATCA based SG-Sigma E14, SG-Sigma E6 and SG-Sigma
are also supported.
When working with multi-blade platforms (SG-Tera, and the older SG-Sigma E and
SG-Sigma), different metrics poll sensors on different blades. You will need to know
in which slot of the chassis the blade you wish to poll is inserted. The table below
shows the different boards (blades) which are housed in the different slots,
depending on the type of multi-blade SG deployed.
SLOT SG-TERA BLADE SG-SIGMA E14 SG-SIGMA E6 SG-SIGMA
BLADE BLADE BLADE
1 CC-400 CC-300 SFB-300 SGSV-110
2 CC-400 CC-300 SFB-300 CC-220
3 CC-400 CC-300 CC-300
4 CC-400 CC-300 CC-300 CC-220
3-1
Health Monitoring
SLOT SG-TERA BLADE SG-SIGMA E14 SG-SIGMA E6 SG-SIGMA
BLADE BLADE BLADE
5 CC-400 CC-300 CC-300
6 SFB-400 / SFB-420 SFB-300 FB-200
7 SFB-400 / SFB-420 SFB-300 SFC-200
8 SFB-400 / SFB-420 SFB-300 SFC-200
9 SFB-400 / SFB-420 SFB-300 FB-200
10 CC-400 CC-300 CC-220*
11 CC-400 CC-300
12 CC-400 CC-300 CC-220*
13 CC-400 CC-300
14 CC-400 CC-300 BP-204
For a full description of which KPIs can be polled on which blades, see the
reference table in the Appendix.
3.1.1 Temperature
This KPI measures the temperature in key sensors on different blades on the
Service Gateway and NetEnforcer.
Note: For the SG-9x00 family, the temperature cannot be polled via the Allot-MIB
file. You can access this information directly from the iLO interface (SG-9700,
9500 and 9008) under System Information – Temperature Information or from
the TSM (SG-9100 v1) or XCC/BMC (SG-9100 v2) interfaces as shown below.
3.1.1.1 Board Temperature Range

A sophisticated system which monitors all of the sensors on all of the blades
mentioned above. Each sensor has a built-in set of thresholds:
• Upper Non-Critical Threshold
• Upper Critical Threshold
• Upper Non-Recoverable Threshold
The in-line platform measures the temperature on each of the sensors on each
blade and checks if any of the built-in thresholds have been crossed. It then assigns
each blade one of three statuses as shown below:
• Low (1): If temperature of all sensors on this blade are below the non-
critical threshold
3-2
Health Monitoring
• Middle (2): If temperature of at least one sensor on this blade is between
the non-critical and the critical threshold
• High (3): If the temperature of at least one sensor on this blade is between
the critical and non-recoverable threshold
3.1.1.2 OIDs to Poll

The board temperature range can be checked by polling the OID below, where Slot
is the slot number of the blade whose temperature range is being polled (1-14).
Board Temperature Range: 1.3.6.1.4.1.2603.5.2.6.20.1.1.8.Slot
If nonetheless, you wish to poll each individual sensor on each card for its
temperature reading, you can do this by using the OIDs in the table below:
CARD NAME SENSOR NAME (ID) OID TO POLL

CC-400 Temp SBR-AMB 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1002
and Temp RIO-AMB (SFB only) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1003
SFB-400 or SFB- Temp XLP1-AMB 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1004
420 Temp XLP1 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1005
Temp XLP2-AMB 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1006
(SG-Tera)
Temp XLP2 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1007
NOTE: Sensors Temp TD2-AMB 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1008
1008 and 1009 Temp OPHY-A 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1009
are not present Temp VRMctl C 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1015
on the SFB-420. Temp VRMctk NR 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1016
Instead you will Temp VRMfet NR 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1017
find 1013 and Temp TD2 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1018
1014.
CC-300 Board AMB (007) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1007
and XLR1-AMB (008) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1008
SFB-300 XLR1 (009) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1009
XLR2-AMB (010) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1010
(SG-Sigma E)
XLR2 (011) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1011
XLS-AMB (012) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1012
XLS (013) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1013
FM3224-AMB (014) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1014
FM3224 (015) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1015
FM3410-AMB (016) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1016
FM3410 (017) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1017
CC-220 (SG- Base Card 1 (007) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1007
Sigma) Base Card 2 (008) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1008
Base Card 3 (009) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1009
3-3
Health Monitoring
Host PRC (010) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1010
Target PRC (011) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1011
SGSV-110 (SG- SBC Temp 1 (048) 1.3.6.1.4.1.2603.5.5.18.1.3.1.1048
Sigma) SBC Temp 2 (049) 1.3.6.1.4.1.2603.5.5.18.1.3.1.1049
SBC Temp 3 (050) 1.3.6.1.4.1.2603.5.5.18.1.3.1.1050
CPU 1 Temp (146) 1.3.6.1.4.1.2603.5.5.18.1.3.1.1046
SFC-200 (SG- Power Module (007) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1007
Sigma) CNODE Ambient (008) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1008
CNODE Airflow (009) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1009
440 Ambient (010) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1010
440 Core (011) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1011
Base Ambient (013) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1013
Base Core (014) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1014
Fabric Ambient (015) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1015
Fabric Core (016) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1016
FB-200 (SG- Pwr Module (007) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1007
Sigma) CNODE Ambient (008) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1008
XLR0 Ambient (010) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1010
XLR0 Core (011) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1011
XLR1 Ambient (014) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1014
XLR1 Core (015) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1015
FM3112 Ambient (017) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1017
FM3112 Core (018) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1018
BP-204 (SG- Bypass Sensor (007) 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1007
Sigma or SG-
Sigma E)
AC-6000 XLR1-AMB 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1001
XLR1 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1002
XLR2-AMB 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1003
XLR2 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1004
XLS-AMB 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1005
XLS 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1006
FM3224-AMB 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1007
FM3224 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.1008
AC-1400, 3000 Temperature (A) 1.3.6.1.4.1.2603.5.5.18.1.3.1.1001
or 500 Temperature (B) 1.3.6.1.4.1.2603.5.5.18.1.3.1.1002
3.1.1.3 Expected Output and Recommended Action

When polling the board temperature range (1.3.6.1.4.1.2603.5.2.6.20.1.1.8.Slot), the output will
be as follows:
3-4
Health Monitoring
Output Meaning Recommended Action
1 Low No Action is necessary
2 Middle • Monitor the sensor temperature for an extended period of time (e.g:
sampling every 15mins for 2-3 hours) to see if the threshold breach is
repeated
• If threshold breach is constant, check if any change has been made to
the physical operating environment of the in-line platform
3 High • Monitor the sensor temperature for an extended period of time (e.g:
sampling every 5mins for 1 hour) to see if the threshold breach is
repeated
• If threshold breach is constant, check if any change has been made to
the physical operating environment of the in-line platform
• If the breach is constant and no operating environment change can be
found, contact support@allot.com
3.1.1.4 Temperature Indication via iLO Interface (SG-9700, SG-9500, SG-9008 Only)
For the SG-9700, 9500 and 9008 products an overview of system status (including temperature)
can be viewed under System Information in the Summary tab. A detailed view of the
temperatures of each sensor on the Service Gateway can be accessed from the Temperatures
tab as shown in the example below.
Figure 3-1: Temperature Indication on the SG-9500

For details on how to access and login to the iLO Interface, refer to the relevant Hardware
Guide.
3-5
Health Monitoring
A similar procedure exists for accessing the XCC/BMC interface for SG-9100 v2 or the TSM
interface for SG-9100 v1. Refer to the SG-9100 Hardware Guide for more details.
3.1.2 Fans
The status of each of the fan trays in the chassis can be polled as shown in the table
below. For example, the 14 slot SG-Tera contains 2 fan trays - upper and lower (ID 1
and 2). The SG-Sigma and SG-Sigma E14 chassis both contain 3 front pluggable fan
trays (ID 1, 2 and 3). Each fan tray can be polled separately.
Note: For the SG-9x00 family, the fan-tray status cannot be polled via the Allot-MIB
file. You can access this information directly from the iLO interface (SG-9700,
9500 and 9008) under System Information – Fans or from the TSM (SG-9100
v1) or XCC/BMC (SG-9100 v2) interfaces as shown above.
.
PRODUCT FAN ID OID TO POLL
SG-Tera 001 1.3.6.1.4.1.2603.5.5.18.1.3.0.2001
002 1.3.6.1.4.1.2603.5.5.18.1.3.0.2002
SG-Sigma or SG-Sigma E14 001 1.3.6.1.4.1.2603.5.5.18.1.3.0.2001
002 1.3.6.1.4.1.2603.5.5.18.1.3.0.2002
003 1.3.6.1.4.1.2603.5.5.18.1.3.0.2003
SG-Sigma E6 001 1.3.6.1.4.1.2603.5.5.18.1.3.0.2001
002 1.3.6.1.4.1.2603.5.5.18.1.3.0.2002
NetEnforcer 001 1.3.6.1.4.1.2603.5.5.18.1.3.0.2001
002 1.3.6.1.4.1.2603.5.5.18.1.3.0.2002
003 1.3.6.1.4.1.2603.5.5.18.1.3.0.2003
004 1.3.6.1.4.1.2603.5.5.18.1.3.0.2004
3.1.2.1 Expected Output

The output is an integer value which represents the status of the fan:
VALUE MEANING
2 OK
3 Failure
3.1.2.2 RAG Values

For interpreting fan status output, refer to the table below
3-6
Health Monitoring
RAG VALUE FAN SPEED RECOMMENDED ACTION
Green 2 None. Fans are working normally
Amber N/A N/A
Red 3 • Check the display module on the SG chassis fan tray
(See Service Gateway Hardware Guide).
• If the red Fan Tray alarm LED is lit, open a support
incident with support@allot.com
3.1.2.3 Fans Indication via iLO Interface (SG-9700, 9500 and 9008 Only)
For the SG-9700, 9500 and 9008 an overview of system status (including fans) can
be viewed under System Information in the Summary tab. A detailed view of the
status and speed of each one of the fans on the Service Gateway can be accessed
from the Fans tab as shown in the example below.
Figure 3-2: Fans Indication on the SG-9500

For details on how to access and login to the iLO Interface, refer to the relevant
Hardware Guide.
A similar procedure exists for accessing the XCC/BMC interface for SG-9100 v2 or
the TSM interface for SG-9100 v1. Refer to the SG-9100 Hardware Guide for more
details.
3.1.3 Power Supply

The status of each of power entry modules in the chassis can be polled as shown in
the table below. For example, The 14 slot SG-Tera, SG-Sigma E14 and SG-Sigma
chassis each contain two pluggable redundant PEMs (Power Entry Module) at the
rear bottom side of the Chassis.
3-7
Health Monitoring
PRODUCT PEM ID OID TO POLL
SG-Tera, 001 1.3.6.1.4.1.2603.5.5.18.1.3.0.3001
SG-Sigma E14
002 1.3.6.1.4.1.2603.5.5.18.1.3.0.3002
or SG-Sigma
SG-Sigma E6 001 1.3.6.1.4.1.2603.5.5.18.1.3.0.3001
002 1.3.6.1.4.1.2603.5.5.18.1.3.0.3002
003 1.3.6.1.4.1.2603.5.5.18.1.3.0.3003
004 1.3.6.1.4.1.2603.5.5.18.1.3.0.3004
005 1.3.6.1.4.1.2603.5.5.18.1.3.0.3005
006 1.3.6.1.4.1.2603.5.5.18.1.3.0.3006
NetEnforcer 001 1.3.6.1.4.1.2603.5.5.18.1.3.0.3001
002 1.3.6.1.4.1.2603.5.5.18.1.3.0.3002

The output is an integer value which represents the status of the power supply:
PS STATUS MEANING
0 OK
7 Not Working or not existing
3.1.3.2 RAG Values

For interpreting power supply output, refer to the table below
RAG VALUE PS STATUS RECOMMENDED ACTION

Green 0 No action is required. Power supply is working normally
Amber N/A N/A
Red 7 • Check if the PEM is connected
• Check the PEM LED on the rear of the chassis SG-Sigma
Hardware Guide Fig 2-11). If the RED power failure LED is
lit, contact support@allot.com
3-8
Health Monitoring
3.1.3.3 Power Supply Indication via iLO Interface (SG-9700, 9500 and 9008 Only)
For the SG-9700, 9500 and 9008, an overview of system status (including power)
can be viewed under System Information in the Summary tab. A detailed view of
the status of the power supplies on these platforms can be accessed from the
Power tab as shown in the example below.
Figure 3-3: Power Indication on the SG-9500

Hardware Guide.
details.
3-9
Health Monitoring
3.1.4 CPU (All SG Platforms)
This KPI measures the load on the system (including, but not limited to CPU usage).
You can use it on all SG platforms, both Intel-based and non-Intel based.
3.1.4.1 OID to Poll

System Load can be checked by polling the OIDs below:
Per Blade: 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.4001
Per SG: 1.3.6.1.4.1.2603.5.5.15
On the SG-Tera CC-400 and SFB-400 blades there are two internal processors (XLPs)
with separate OIDs to poll for System Load per blade:
XLP1: 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.4001.
XLP2: 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.4002
Note: On the SFB-400 you will expect to see results for both sensors 4001 and 4002.
However on the SFB-420 blades, where only a single CPU is running Linux, you
should expect to see results on sensor 4001 only. Likewise, on the SFB-300, CC-
300 and the AC-6000 you should only expect to see a result on sensor 4001.

The output is an integer representing the system load as a percentage of the
maximum.
Note: For the device-level OID, the output represents the highest CPU measured on
each of the blades that can be polled.
3.1.4.3 RAG Values

For interpreting system load output, refer to the table below
RAG VALUE SYSTEM RECOMMENDED ACTION
LOAD %GE
Green 0-90% Normal functioning. No action necessary
Amber 90–95% • Monitor the system load output over an extended
period of time (e.g: sampling every 15mins for 2-3 hours)
to see if the value returns to the normal range
Red 95-100% • Monitor the system load output over an extended
• If system load is over 95% for over 50% of the time open
a support incident with support@allot.com
3-10
Health Monitoring
3.1.5 CPU (Intel-Based Platforms)
You can use the HOST-RESOURCES MIB to poll Intel-based SG platforms for CPU
usage of each of the server cores.
3.1.5.1 OID to Poll

You can poll either of the following:
• 1.3.6.1.2.1.25.5.1 (hrSWRunPerfTable): This OID returns a table containing
the number of centi-seconds of the total system’s resources consumed by
each process.
• 1.3.6.1.2.1.25.3.3 (hrProcessorTable): This OID returns a table containing
the average over the last minute of the percentage of time that each
processor was not idle.

Output for 1.3.6.1.2.1.25.3.3 is similar to the following:
HOST-RESOURCES-MIB::hrProcessorLoad.196608 = INTEGER: 9
3.1.5.3 RAG Values

For interpreting the CPU Usage Output, calculate the average CPU usage for all of
the CPUs over the past minute and then refer to the table below:
RAG VALUE AVERAGE RECOMMENDED ACTION
CPU USAGE
Amber 90 - 95% • Monitor the CPU average usage output over an extended
3-11
Health Monitoring
Red 95 – 100% • Monitor the CPU average usage output over an extended
• If CPU usage is over 95% for over 50% of the time open a
support incident with support@allot.com
3-12
Health Monitoring
3.1.7 Memory (Non-Intel Based Platforms)
This KPI measures the RAM used on the various Service Gateway blades or on the
NetEnforcer. It can be polled on the following:
• SG-Tera: SFB-400, SFB-420 and CC-400
• SG-Sigma E: SFB-300 and CC-300
• SG-Sigma: SGSV-110 and CC-220
• Entire Device: NetEnforcer or Service Gateway
3.1.7.1 OID to Poll

Memory usage can be checked by polling the OIDs below:
Per Blade: 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.5001
Per Device: 1.3.6.1.4.1.2603.5.5.4
On the SG-Tera there are two internal processors (XLPs) with separate OIDs to poll
for memory usage per blade:
XLP1: 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.5001
XLP2: 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.5002
However on the SFB-420 blades, where only a single CPU is present, you
should expect to see results on sensor 5001 only.

The output is an integer representing the device RAM usage in %. Note: for device
level OID, the output represents the highest RAM usage % measured on each of the
blades that can be polled.
3.1.7.3 RAG Values

For interpreting memory usage output, refer to the table below
RAG VALUE MEMORY RECOMMENDED ACTION
Amber 90–95% • Monitor the memory usage output over an extended
Red 95-100% • Monitor the memory usage output over an extended
• If memory usage is over 95% for over 50% of the time
open a support incident with support@allot.com
3-13
Health Monitoring
Memory on Intel-Based Platforms

On the SG-9x00 platforms, Memory Usage cannot be polled via the Allot-MIB file.
Instead, you should use the HOST-RESOURCES standard MIB.
Polling the hrStorageDescr OID (1.3.6.1.2.1.25.2.3.1.3), returns a code for each type
of memory in the SG-9x00. For example, on the SG-9500 the codes returned will
be:
• (1) Physical memory
• (3) Virtual memory
• (6) Memory buffers
• (7) Cached memory
• (8) Shared memory
Subsequently polling the hrStorageSize OID (1.3.6.1.2.1.25.2.3.1.5), will return the
size of storage represented by this entity. The units in which the result is displayed
are defined in hrStorageAllocationUnits (1.3.6.1.2.1.25.2.3.1.4)
In addition, note the following two OIDs:
• 1.3.6.1.2.1.25.5.1.1.2 This OID returns the total amount of real system
memory allocated per each process
• 1.3.6.1.2.1.25.2.2.0 This OID returns the amount of physical read-
write main memory, typically RAM, contained by the host.
Note: You can also view information a graphical representation of memory status via
the iLO interface (SG-9700, 9500 and 9008) or via the XCC/BMC or TSM
interfaces (SG-9100) as shown below.
3.1.7.4 Memory Status Indication via iLO Interface (SG-9700, 9500 and 9008 Only)
For the SG-9700, 9500 and 9008 an overview of system status (including Memory
Status) can be viewed under System Information in the Summary tab. A detailed
view of the status of the memory status on these platforms can be accessed from
the Memory tab as shown in the example below.
3-14
Health Monitoring
Figure 3-4: Memory Status on SG-9500

Hardware Guide.
details.
3.1.8 Memory (Intel-Based Platforms)

You can use the UCD-SNMP-MIB MIB to poll Intel-Based SG platforms for a number
of used memory parameters.
3.1.8.1 OID to Poll

The OID to poll from the UCD-SNMP-MIB MIB is: 1.3.6.1.4.1.2021.4

Output is similar to the following:
UCD-SNMP-MIB::memIndex.0 = INTEGER: 0
UCD-SNMP-MIB::memErrorName.0 = STRING: swap
UCD-SNMP-MIB::memTotalSwap.0 = INTEGER: 10237948 kB
UCD-SNMP-MIB::memAvailSwap.0 = INTEGER: 10237948 kB
UCD-SNMP-MIB::memTotalReal.0 = INTEGER: 16265776 kB
UCD-SNMP-MIB::memAvailReal.0 = INTEGER: 8322196 kB
UCD-SNMP-MIB::memTotalFree.0 = INTEGER: 18560144 kB
UCD-SNMP-MIB::memMinimumSwap.0 = INTEGER: 16000 kB
UCD-SNMP-MIB::memShared.0 = INTEGER: 211132 kB
UCD-SNMP-MIB::memBuffer.0 = INTEGER: 133592 kB
UCD-SNMP-MIB::memCached.0 = INTEGER: 4431912 kB
UCD-SNMP-MIB::memSwapError.0 = INTEGER: noError(0)
UCD-SNMP-MIB::memSwapErrorMsg.0 = STRING:
3-15
Health Monitoring
These parameters are as follows:
• memTotalSwap: The total amount of swap space configured for this host.
• memAvailSwap: The amount of swap space currently unused or available.
• memTotalReal: The total amount of real/physical memory installed.
• memAvailReal: The amount of real/physical memory currently unused or
available.
• memTotalFree: The total amount of memory free or available for use on
this host. This value typically covers both real memory and swap space or
virtual memory.
• memMinimumSwap: The minimum amount of swap space expected to be
kept free or available during normal operation of this host. If this value (as
reported by 'memAvailSwap(4)') falls below the specified level, then
'memSwapError(100)' will be set to 1 and an error message made available
via 'memSwapErrorMsg(101)'.
• memShared: The total amount of real or virtual memory currently
allocated for use as shared memory. This object will not be implemented
on hosts where the underlying operating system does not explicitly identify
memory as specifically reserved for this purpose.
• memBuffer: The total amount of real or virtual memory currently allocated
for use as memory buffers. This object will not be implemented on hosts
where the underlying operating system does not explicitly identify memory
as specifically reserved for this purpose.
• memCached: The total amount of real or virtual memory currently
allocated for use as cached memory. This object will not be implemented
• memSwapError: Indicates whether the amount of available swap space (as
reported by 'memAvailSwap(4)'), is less than the desired minimum
(specified by 'memMinimumSwap(12)').
• memSwapErrorMsg: Describes whether the amount of available swap
space (as reported by 'memAvailSwap(4)'), is less than the desired
minimum (specified by 'memMinimumSwap(12)').
3-16
Health Monitoring
3.1.9 Storage (Non-Intel Based Platforms)
This KPI measures the disk storage space used on the various Service Gateway
blades or on the NetEnforcer. It can be polled on the following:
• SG-Tera: SFB-400, SFB-420 and CC-400
• SG-Sigma E: SFB-300 and CC-300
• SG-Sigma: SGSV-110 and CC-220
• Entire Device: NetEnforcer or Service Gateway
3.1.9.1 OID to Poll

Disk Usage (storage) can be checked by polling the OIDs below:
Per Blade: 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.6001
Per Device: 1.3.6.1.4.1.2603.5.5.5
On the SG-Tera there are two internal processors (XLPs) with separate OIDs to poll
for memory usage per blade:
XLP1: 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.6001
XLP2: 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.6002
However on the SFB-420 blades, where only a single CPU is present, you
should expect to see results on sensor 6001 only.

The output is an integer representing the percentage of disk space used from the
total 1Gbyte compact flash card. Note: for device level OID, the output represents
the highest disk usage % measured on each of the blades that can be polled.
3.1.9.3 RAG Values

For interpreting storage output, refer to the table below
RAG VALUE STORAGE RECOMMENDED ACTION

Amber 90–95% • Continue to monitor the situation to see speed at which
storage usage is rising.
Red 95-100% • Login to the blade in question and check disk utilization using
the df command
3-17
Health Monitoring
• Open a support incident with support@allot.com attaching
the output of the df command.
3.1.10 Storage (Intel-Based Platforms)

On the Intel-based SG platforms, Storage / Disk Usage cannot be polled via the
Allot-MIB file. Instead, you should use the HOST-RESOURCES standard MIB.
Note: You can also view information a graphical representation of storage
information via the iLO interface (SG-9700, 9500 and 9008) and the XCC/BMC
or TSM interface (SG-9100) as shown below.
The HOST-RESOURCES MIB polls devices for available disk space in the disk
relevant disk partitions:
• /
• /opt
• /sybase/data

You can poll hrStorageTable, 1.3.6.1.2.1.25.2.3, which yields a table based on the
following entries:
hrStorageDescr Describes the type and instance of each storage. 1.3.6.1.2.1.25.2.3.1.3
You should look here for the indexes for the 3
relevant partitions (/, /opt and /sybase/data)
hrStorageSize Shows the size of the storage for each of the 1.3.6.1.2.1.25.2.3.1.5
relevant partitions
hrStorageUsed Shows the amount of storage used for each of the 1.3.6.1.2.1.25.2.3.1.6
relevant partitions

The output for hrStorageSize and hrStorageUsed is presented in units defined by
hrStorageAllocationUnits (1.3.6.1.2.1.25.2.3.1.4).
The figure below shows a table with typical outputs:
3-18
Health Monitoring
3.1.10.3 RAG Values

For interpreting the Disk Usage Output, divide the storage used by the storage size
to produce a percentage disk usage for each partition. Then refer to the table
below:
RAG VALUE DISK USAGE RECOMMENDED ACTION
PER PARTITION
Amber 85-95% • Login to the NX Partition and check disk utilization
using the df command
Red 95-100%
• Open a support incident with support@allot.com
attaching the output of the df command.
3.1.10.4 Storage Indication via iLO Interface (SG-9700, 9500 and 9008 Only)
For the SG-9700, 9500 and 9008, an overview of system status (including Storage)
can be viewed under System Information in the Summary tab. A detailed view of
the status of the storage status on these platforms can be accessed from the
Storage tab as shown in the example below.
3-19
Health Monitoring
Figure 3-5: Storage Information for SG-9500

Hardware Guide. A similar procedure exists for accessing the XCC/BMC interface
for SG-9100 v2 or the TSM interface for SG-9100 v1. Refer to the SG-9100
Hardware Guide for more details.
3-20
Health Monitoring
3.1.11 Software Status
This KPI shows the status of the software on each of the boards of the Service
Gateway or on the NetEnforcer as a whole
3.1.11.1 OID to Poll

The software status can be checked by polling the OID below, where Slot is the slot
number of the blade whose software status is being polled (1-14).
1.3.6.1.4.1.2603.5.2.6.20.1.1.6.Slot

The output will be as follows:
OUTPUT MEANING RECOMMENDED ACTION
1 Not Active (Bypass If the particular blade has not been manually moved to
for SGFP) bypass by the system administrator, open an incident with
Allot support at support@allot.com
2 Active No action necessary
3 Standby This blade has been configured as standby. No action
necessary
4 Not Applicable If a blade is inserted in this slot and is expected to be
operational, open a support incident with Allot at
support@allot.com
3-21
Health Monitoring
3.1.12 Hardware Status
This KPI shows the status of the hardware on each of the boards of the Service
Gateway or on the NetEnforcer as a whole.
3.1.12.1 OID to Poll

The hardware status can be checked by polling the OID below, where Slot is the
slot number of the blade whose hardware status is being polled (1-14).
1.3.6.1.4.1.2603.5.2.6.20.1.1.7.Slot

The output will be as follows:
OUTPUT MEANING RECOMMENDED ACTION
1 Off (no power on inserted • Check if a blade has been inserted in
blade or no blade exists in this slot
this slot)
• Check if the blade has been powered up
• If the blade is inserted in the slot and
powered up, open a support incident
with Allot: support@allot.com
2 On No action necessary
3.2 Management Platforms

(NX/SMP/DM/STC/ClearSee)
All of the management servers which are based on the Allot Common Platform
(ACP) include an SNMP tools agent (net-snmp) and can be polled by an external
SNMP server for the purpose of health monitoring.
These management servers include NetXplorer, SMP, Data Mediator, ClearSee and
the DDoS Secure Controller.
Note: When polling the management servers for KPIs, you cannot use SNMPv1. The
servers can only be polled using later versions of SNMP!
Using the standard HOST-RESOURCES MIB, you can poll each SMP, Data Mediator,
ClearSee and the DDoS Secure Controller appliance for health monitoring and key
performance indicators using SNMP v3. NX specifically uses SNMP v2 on port 1161.
The standard LINUX Host-Resources MIB has the OID of 1.3.6.1.2.1.25. It can be
polled for information about:
• System Parameters (1.3.6.1.2.1.25.1)
3-22
Health Monitoring
• Storage Parameters (1.3.6.1.2.1.25.2). This contains information about the
storage.
• Device Parameters (1.3.6.1.2.1.25.3). This contains information about the
devices including processor table and disk storage table.
Note: Polling for memory usage is not relevant to the operation of the NetXplorer
Server. From NX10.2.1: The NX automatically allocates memory according to
the system capabilities
3.2.1 CPU
You can use the HOST-RESOURCES MIB to poll the management platform for CPU
usage of each of the server cores.
3.2.1.1 OID to Poll

You can poll either of the following:
• 1.3.6.1.2.1.25.5.1 (hrSWRunPerfTable): This OID returns a table containing
the number of centi-seconds of the total system’s resources consumed by
each process.
• 1.3.6.1.2.1.25.3.3 (hrProcessorTable): This OID returns a table containing
the average over the last minute of the percentage of time that each
processor was not idle.

Output for 1.3.6.1.2.1.25.3.3 is similar to the following:
3.2.1.3 RAG Values

For interpreting the CPU Usage Output, calculate the average CPU usage for all of
the CPUs over the past minute and then refer to the table below:
3-23
Health Monitoring
RAG VALUE AVERAGE RECOMMENDED ACTION
CPU USAGE
Amber 90 - 95% • Monitor the CPU average usage output over an extended
Red 95 – 100% • Monitor the CPU average usage output over an extended
• If CPU usage is over 95% for over 50% of the time open a
support incident with support@allot.com
3.2.2 Memory
You can use the UCD-SNMP-MIB MIB to poll the management platform for a
number of used memory parameters.
3.2.2.1 OID to Poll

The OID to poll from the UCD-SNMP-MIB MIB is: 1.3.6.1.4.1.2021.4

Output is similar to the following:
UCD-SNMP-MIB::memIndex.0 = INTEGER: 0
UCD-SNMP-MIB::memErrorName.0 = STRING: swap
UCD-SNMP-MIB::memTotalSwap.0 = INTEGER: 10237948 kB
UCD-SNMP-MIB::memAvailSwap.0 = INTEGER: 10237948 kB
UCD-SNMP-MIB::memTotalReal.0 = INTEGER: 16265776 kB
UCD-SNMP-MIB::memAvailReal.0 = INTEGER: 8322196 kB
UCD-SNMP-MIB::memTotalFree.0 = INTEGER: 18560144 kB
UCD-SNMP-MIB::memMinimumSwap.0 = INTEGER: 16000 kB
UCD-SNMP-MIB::memShared.0 = INTEGER: 211132 kB
UCD-SNMP-MIB::memBuffer.0 = INTEGER: 133592 kB
UCD-SNMP-MIB::memCached.0 = INTEGER: 4431912 kB
UCD-SNMP-MIB::memSwapError.0 = INTEGER: noError(0)
UCD-SNMP-MIB::memSwapErrorMsg.0 = STRING:
These parameters are as follows:

• memTotalSwap: The total amount of swap space configured for this host.
• memAvailSwap: The amount of swap space currently unused or available.
• memTotalReal: The total amount of real/physical memory installed.
• memAvailReal: The amount of real/physical memory currently unused or
available.
3-24
Health Monitoring
• memTotalFree: The total amount of memory free or available for use on
this host. This value typically covers both real memory and swap space or
virtual memory.
• memMinimumSwap: The minimum amount of swap space expected to be
kept free or available during normal operation of this host. If this value (as
reported by 'memAvailSwap(4)') falls below the specified level, then
'memSwapError(100)' will be set to 1 and an error message made available
via 'memSwapErrorMsg(101)'.
• memShared: The total amount of real or virtual memory currently
allocated for use as shared memory. This object will not be implemented
• memBuffer: The total amount of real or virtual memory currently allocated
for use as memory buffers. This object will not be implemented on hosts
where the underlying operating system does not explicitly identify memory
as specifically reserved for this purpose.
• memCached: The total amount of real or virtual memory currently
allocated for use as cached memory. This object will not be implemented
• memSwapError: Indicates whether the amount of available swap space (as
reported by 'memAvailSwap(4)'), is less than the desired minimum
(specified by 'memMinimumSwap(12)').
• memSwapErrorMsg: Describes whether the amount of available swap
space (as reported by 'memAvailSwap(4)'), is less than the desired
minimum (specified by 'memMinimumSwap(12)').
3.2.3 Storage
You can use the HOST-RESOURCES MIB to poll the management platform for
available disk space in the disk relevant disk partitions:
• /
• /opt
• /sybase/data
3-25
Health Monitoring
The OID to poll from the HOST-RESOURCES MIB is: hrStorageEntry:
1.3.6.1.2.1.25.2.3.1.1
Specifically, you can extract a table based on the following entries:
hrStorageDescr Describes the type and instance of each storage. 1.3.6.1.2.1.25.2.3.1.3
You should look here for the indexes for the 3
relevant partitions (/, /opt and /sybase/data)
hrStorageSize Shows the size of the storage for each of the 1.3.6.1.2.1.25.2.3.1.5
relevant partitions
hrStorageUsed Shows the amount of storage used for each of the 1.3.6.1.2.1.25.2.3.1.6
relevant partitions

The output for hrStorageSize and hrStorageUsed is presented in units defined by
hrStorageAllocationUnits (1.3.6.1.2.1.25.2.3.1.4).
The figure below shows a table with typical outputs:
3.2.3.3 RAG Values

For interpreting the Disk Usage Output, divide the storage used by the storage size
to produce a percentage disk usage for each partition. Then refer to the table
below:
RAG VALUE DISK USAGE RECOMMENDED ACTION
PER PARTITION
Amber 85-95% • Login to the NX Partition and check disk utilization
using the df command
Red 95-100%
• Open a support incident with support@allot.com
attaching the output of the df command.
3-26
Health Monitoring
3.3 NetworkSecure
In NetworkSecure, you can monitor the health of a server and of a module on a
server.
To define the thresholds on which the status polls are based, see Defining
NetworkSecure Performance Thresholds.
3.3.1 Deriving NetworkSecure Health Monitoring OIDs

This procedure describes how to derive the NetworkSecure health monitoring
OIDs.
In NetworkSecure, the OID for a health monitoring poll includes a sub-OID of the
server or module that you want to poll. The OIDs make use of sub-OIDs for the
server, the module name and the module type.
To derive the relevant sub-OIDs:
• [MODULE TYPE SUB-OID]: This sub-OID depends on the type of module
that you are polling, and may be one of the following:
⧫ CCOTTA:100
⧫ Central Manager: 110
⧫ Process Monitor: 130
⧫ Quarantine: 140
⧫ Radius: 150
⧫ Reporter: 160
⧫ SMTP Filter: 170
⧫ Web Filter: 180
⧫ WebServer.CLI: 190
⧫ WebServer.ISP: 200
• [MODULE NAME SUB-OID]: Derive this sub-OID with the following
command:
./bin/ProcessMonitor -snmphash CRC16 "[MODULE TYPE]:[MODULE NAME]"
Where:
⧫ [MODULE TYPE] indicates the type of the module on that you want to
poll on the NetworkSecure server, for example, CCOTTA.
⧫ [MODULE NAME] indicates the name of the module that you want to
poll on the NetworkSecure server.
The following is returned:
3-27
Health Monitoring
[USED] Generated sub-OID for module instance string [[MODULE
TYPE][MODULE NAME]| [MODULE TYPE]]: [MODULE NAME SUB-OID]
An example of deriving a module’s sub-OID:

./bin/ProcessMonitor -snmphash CRC16 "CCOTTA:CT1"
[USED] Generated sub-OID for module instance string [CCOTTACT1|CCOTTA]:
21178
• [SERVER SUB-OID]: Derive this sub-OID with the following command:

./bin/ProcessMonitor -snmphash CRC16 "pp[SERVER]"
Where [SERVER] indicates the name of the server in the NetworkSecure

solution, for example OSS1 or OSS2
[USED] Generated sub-OID for module instance string [[SERVER]]: [SERVER
SUB-OID]
An example of deriving a server’s sub-OID:

./bin/ProcessMonitor -snmphash CRC16 "WebFilter:WF1"
[USED] Generated sub-OID for module instance string
[WebFilterWF1|WebFilter]: 4349
• [DEVICE SUB-OID]: Derive this sub-OID with the following command:

./bin/ProcessMonitor -snmphash CRC16 "[DEVICE]"
Where [DEVICE] indicates the name of the device or partition that you
want to poll, for example devsda2 or devsda3
[USED] Generated sub-OID for module instance string [[DEVICE]]: [DEVICE
SUB-OID]
An example of deriving a device’s OID:

./bin/ProcessMonitor -snmphash CRC16 "devsda2"
[USED] Generated sub-OID for raw string [devsda2]: 3790
• [INTERFACE SUB-OID]: Derive this sub-OID with the following command:

./bin/ProcessMonitor -snmphash CRC16 "[INTERFACE]"
Where [INTERFACE] indicates the name of the interface that you want to
poll, for example eth0 or eth1
[USED] Generated sub-OID for module instance string [[INTERFACE]]:
[INTERFACE SUB-OID]
An example of deriving an interface’s OID:

./bin/ProcessMonitor -snmphash CRC16 "eth0"
[USED] Generated sub-OID for raw string [eth0]: 1234
3-28
Health Monitoring
3.3.2 CPU Indicator
You can poll the CPU monitors for a server or a single module.
3.3.2.1 Server CPU

This section describes polling the CPU monitors for a server.
In the following, [SERVER] indicates the name of the server in the NetworkSecure
solution, for example OSS1 or OSS2.
NOTE: Remove special characters such as hyphens, if any, from the name of the
server.
You can poll the server for the following CPU health monitors:
• CPU usage percentage:
⧫ MIB1: PP[SERVER]CPUCurValue
⧫ MIB2: pp[SERVER]CPUCurValue
⧫ OID: 1.3.6.1.4.1.30738.12.[SERVER SUB-OID].10.1.1
Example for NetworkSecure MIB V2:
snmpget -v2c -c allotcomm localhost OPTENETv2-MIB::ppOSS1CPUCurValue
OPTENETv2-MIB::ppOSS1CPUCurValue = STRING: 99.80
• CPU status:
⧫ MIB1: PP[SERVER]MEMSttValue
⧫ MIB2: pp[SERVER]CPUSttValue
If the status is between the configured minimum and maximum levels, then
the response is OK. Otherwise, the status is an error.
snmpget -v2c -c allotcomm localhost OPTENETv2-MIB:: PPOSS1CPUSttValue
OPTENETv2-MIB::ppOSS1CPUSttValue = STRING: OK
3.3.2.2 Module CPU

This section describes polling the CPU monitors for a module.
In the following:
• [MODULE TYPE] indicates the type of the module on that you want to poll
on the NetworkSecure server, for example, CCOTTA.
• [MODULE NAME] indicates the name of the module that you want to poll
on the NetworkSecure server.
module.
You can poll the module for the following CPU health monitors:
3-29
Health Monitoring
• CPU usage percentage:
⧫ MIB1: PP[MODULE TYPE][MODULE NAME]CPUCurValue
⧫ MIB2: pp[MODULE TYPE][MODULE NAME]CPUCurValue
⧫ OID: 1.3.6.1.4.1.30738.12.[MODULE TYPE SUB-OID].[MODULE NAME
SUB-OID].10.1.1
snmpget -v2c -c allotcomm localhost OPTENETv2-
MIB::ppCCOTTACT1CPUCurValue
OPTENETv2-MIB::ppCCOTTACT1CPUCurValue = STRING: 99.80
• CPU status:
⧫ MIB1: PP[MODULE TYPE][MODULE NAME]CPUSttValue
⧫ MIB2: pp[MODULE TYPE][MODULE NAME]CPUSttValue
SUB-OID].10.4.1
MIB::ppWebFilterWF1CPUSttValue
OPTENETv2-MIB::ppWebFilterWF1CPUSttValue = STRING: OK
3.3.3 Memory Indicator

You can poll the memory monitors for a server or a single module.
3.3.3.1 Server Memory

This section describes polling the memory monitors for a server.
In the following, [SERVER] indicates the name of the server in the NetworkSecure
solution, for example OSS1 or OSS2.
server.
You can poll the server for the following memory health monitors:
• RAM memory usage (in MB):
⧫ MIB1: PP[SERVER]MEMCurValue
⧫ MIB2: pp[SERVER]MEMCurValue
snmpget -v2c -c allotcomm localhost OPTENETv2-MIB::ppOSS1MEMCurValue
3-30
Health Monitoring
OPTENETv2-MIB::ppOSS1MEMCurValue = STRING: 150.94
• Memory status:
⧫ MIB1: PP[SERVER]MEMSttValue
⧫ MIB2: pp[SERVER]MEMSttValue
snmpget -v2c -c allotcomm localhost OPTENETv2-MIB:ppOSS1MEMSttValue
OPTENETv2-MIB::ppOSS1MEMSttValue = STRING: OK
3.3.3.2 Module Memory

This section describes polling the memory monitors for a module.
In the following:
module.
You can poll the module for the following memory health monitors:
• RAM memory usage (in MB):
⧫ MIB1: PP[MODULE TYPE][MODULE NAME]MEMCurValue
⧫ MIB2: pp[MODULE TYPE][MODULE NAME]MEMCurValue
SUB-OID].12.1.1
MIB::ppWebFilterWF1MEMCurValue
OPTENETv2-MIB::ppWebFilterWF1MEMCurValue = STRING: 150.94
• Memory status:
⧫ MIB1: PP[MODULE TYPE][MODULE NAME]MEMSttValue
⧫ MIB2: pp[MODULE TYPE][MODULE NAME]MEMSttValue
SUB-OID].12.4.1
3-31
Health Monitoring
MIB::ppWebFilterWF1MEMSttValue
OPTENETv2-MIB::ppWebFilterWF1MEMSttValue = STRING: OK
3.3.4 Server Hard Disk Usage

You can poll the hard disk monitors for a device on a server.
In the following:
• [SERVER] indicates the name of the server in the NetworkSecure solution,
for example OSS1 or OSS2.
• [DEVICE] indicates the name of the device or partition you want to inspect.
NOTE: Remove special characters such as hyphens, if any, from the names of the
server and the device.
You can poll the device for the following hard disk usage health monitors:
• Free hard disk space (in MB):
⧫ MIB1: PP[SERVER][DEVICE]CurValue
⧫ MIB2: pp[SERVER][DEVICE]CurValue
⧫ OID: 1.3.6.1.4.1.30738.12.[SERVER SUB-OID].[DEVICE SUB-OID].1.1
MIB::ppOSS1devsda2CurValue
OPTENETv2-MIB::ppOSS1devsda2CurValue = STRING: 1638.07
• Hard disk status:

⧫ MIB1: PP[SERVER][DEVICE]SttValue
⧫ MIB2: pp[SERVER][DEVICE]SttValue
⧫ OID: 1.3.6.1.4.1.30738.12.[SERVER SUB-OID].[DEVICE SUB-OID].4.1
snmpget -v2c -c allotcomm localhost OPTENETv2-MIB::
ppOSS1devsda2SttValue
OPTENETv2-MIB::ppOSS1devsda2SttValue = STRING: OK
3.3.5 Server Network Usage

You can poll the Transmission (Tx) or Reception (Rx) network monitors for a server.
In the following:
3-32
Health Monitoring
• [SERVER] indicates the name of the server in the NetworkSecure solution,
for example OSS1 or OSS2.
• [INTERFACE] indicates the network interface, for example eth0 or eth1.
NOTE: Remove special characters such as hyphens, if any, from the names of the
server and the interface.
You can poll the module for the following network usage health monitors:
• Number of Rx errors:
⧫ Rx for MIBv1: PP[SERVER][INTERFACE]RxCurValue
⧫ Rx for MIBv2: pp[SERVER][INTERFACE]RxCurValue
⧫ OID: 1.3.6.1.4.1.30738.12.[SERVER SUB-OID].[INTERFACE SUB-
OID].38722.1.1
• Number of Tx errors:
⧫ Tx for MIBv1: PP[SERVER][INTERFACE]TxCurValue
⧫ Tx for MIBv2: pp[SERVER][INTERFACE]TxCurValue
OID].15844.1.1
Tx example for NetworkSecure MIB V2:
snmpget -v2c -c allotcomm localhost OPTENETv2-MIB::ppOSS1eth0TxCurValue
OPTENETv2-MIB::ppOSS1eth0TxCurValue = STRING: 0
• Network interface Rx status:

⧫ Rx for MIBv1: PP[SERVER][INTERFACE]RxSttValue
⧫ Rx for MIBv2: pp[SERVER][INTERFACE]RxSttValue
OID].38722.4.1
• Network interface Tx status:
⧫ Tx for MIBv1: PP[SERVER][INTERFACE]TxSttValue
⧫ Tx for MIBv2: pp[SERVER][INTERFACE]TxSttValue
OID].15844.4.1
Rx example for NetworkSecure MIB V2:
snmpget -v2c -c allotcomm localhost OPTENETv2-MIB::ppOSS1eth0RxSttValue
OPTENETv2-MIB::ppOSS1eth0RxSttValue = STRING: OK
3-33
Health Monitoring
3.3.6 Module Internal and External Interface Usage
This section describes polling a module’s internal interface (interface 0) and
external interface (interface 1) health monitors. These polls return absolute values
that update every 20 seconds.
In the following:
module.
You can poll the module for the following interface health monitors (MIBv2):
• Internal interface polls:
⧫ RxBytes: moduleCounterValue.\" [MODULE TYPE]:[MODULE
NAME]\".\" KPI_IFACE_INTERFACE0_BYTES_RX\"
⧫ RxPackets: moduleCounterValue.\" [MODULE TYPE]:[MODULE
NAME]\".\" KPI_IFACE_INTERFACE0_PACKETS_RX\"
⧫ TxBytes: moduleCounterValue.\" [MODULE TYPE]:[MODULE
NAME]\".\" KPI_IFACE_INTERFACE0_BYTES_TX\"
⧫ TxPackets: moduleCounterValue.\" [MODULE TYPE]:[MODULE
NAME]\".\" KPI_IFACE_INTERFACE0_PACKETS_TX\"
⧫ Interface 0 lost packets: moduleCounterValue.\" [MODULE
TYPE]:[MODULE NAME]\".\" KPI_IFACE_INTERFACE0_LOST\"
Examples of internal Rx polls:
snmpget -v2c -c allot 127.0.0.1 OPTENETv2-
MIB::moduleCounterValue.\"CCOTTA:CT1\".\"KPI_IFACE_INTERFACE0_BYTES_RX\
"
OPTENETv2-
MIB::moduleCounterValue."CCOTTA:CT1"."KPI_IFACE_INTERFACE0_BYTES_RX" =
STRING: 704
snmpget -v2c -c allot 127.0.0.1 OPTENETv2-

MIB::moduleCounterValue.\"CCOTTA:CT1\".\"KPI_IFACE_INTERFACE0_PACKETS_R
X\"
OPTENETv2-
MIB::moduleCounterValue."CCOTTA:CT1"."KPI_IFACE_INTERFACE0_PACKETS_RX"
= STRING: 14
• External interface polls:

⧫ RxBytes: moduleCounterValue.\" [MODULE TYPE]:[MODULE
NAME]\".\" KPI_IFACE_INTERFACE1_BYTES_RX\"
3-34
Health Monitoring
⧫ RxPackets: moduleCounterValue.\" [MODULE TYPE]:[MODULE
NAME]\".\" KPI_IFACE_INTERFACE1_PACKETS_RX\"
⧫ TxBytes: moduleCounterValue.\" [MODULE TYPE]:[MODULE
NAME]\".\" KPI_IFACE_INTERFACE1_BYTES_TX\"
⧫ TxPackets: moduleCounterValue.\" [MODULE TYPE]:[MODULE
NAME]\".\" KPI_IFACE_INTERFACE1_PACKETS_TX\"
⧫ Interface 1 lost packets: moduleCounterValue.\" [MODULE
TYPE]:[MODULE NAME]\".\" KPI_IFACE_INTERFACE1_LOST\"
3-35
Key Performance Indicators
4 Key Performance Indicators

Key Performance Indicators (KPIs) are metrics used to reflect strategic performance
of Allot network equipment (e.g: SG-Tera) and its component parts (e.g: SFB-420
cards).
The Service Provider or Carrier can poll Allot Network Elements for global Key
Performance Indicators (KPIs) related to the following:
• Throughput (per blade, per port, per in-line platform)
• Policy (number of active lines, pipes, vcs, monitoring rules)
• Connections (number of active connections or connection establishment
rate)
• Dropped frames
• Subscribers (active, registered, peak number etc)
• RADIUS messages (message peak rate etc)
• FUP messages (message rate between the SMP and the in-line platform)
• DIAMETER messages (for Gx, Gy and Gz protocols)
Most of the KPIs referred to above are located in the alUnitStatsTable
(1.3.6.1.4.1.2603.5.4.9) of the ALLOT-MIB file and the alSMPMonitor group
(1.3.6.1.4.1.2603.11.2) of the ALLOT-MD-MIB file. A full list is described below.
4.1 Service Gateway (and NetEnforcer)

4.1.1 Throughput
Throughput is calculated based on a sample every 30 seconds. It can be run per
platform, or on multi-blade platforms, per individual blade. The output is an integer
representing the throughput.
4.1.1.1 Throughput Per Whole Chassis

alUsStatValue Received throughput 1.3.6.1.4.1.2603.5.4.9.1.5.1000.1.1000.3
(pre-QoS) in pps
alUsStatValue Received throughput 1.3.6.1.4.1.2603.5.4.9.1.5.1000.1.1000.4
(pre-QoS) in Bps
4-1
4.1.1.2 Throughput Per Blade
On multi-blade platforms, throughput can also be measured on each individual
blade. The slot number needs to be inserted in the OID as per the table below.
alUsStatValue Received throughput 1.3.6.1.4.1.2603.5.4.9.1.5.Slot.1.1000.3
(pre-QoS) in pps
alUsStatValue Received throughput 1.3.6.1.4.1.2603.5.4.9.1.5.Slot.1.1000.4
(pre-QoS) in Bps
4.1.1.3 Throughput Per Policy Element (Line, Pipe, VC)

It is also possible to poll throughput per policy entity (Line, Pipe, VC) as per the
table below. The MIBs which collect network statistics on each policy entity are by
default disabled. In order to enable KPI collection on a specific policy entity, you
must:
1. Create a threshold crossing alarm (TCA). This is done by selecting Alarms
Definition from the Events/Alarms pane in the NetXplorer GUI, and then
filling in the Alarm Definition Entry Properties dialog.
2. Assign the TCA to the policy entities to be monitored. This is done by
right-clicking the relevant Line, Pipe or Virtual Channel, and selecting Alarm
Assignments | Add Alarm Assignment
This process is described fully in Chapter 7 of the NetXplorer Operation Guide.
NOTE: The KPIs which you will be able to poll on the required policy element, are not
limited to the specific threshold defined in the TCA. E.g: After creating a TCA
which is triggered when a particular bandwidth threshold is crossed and
assigning it to Pipe X, you can subsequently poll that same pipe not only for
bandwidth, but also for “live connections” or “dropped connections” etc.
NOTE: If the sole purpose of the TCA created is to activate statistic collection for
external polling, the NetXplorer administrator may wish to define
“unreasonably high” (or low) thresholds that will never be triggered. That way,
statistics for the line/pipe or VC will still be collected, but unnecessary alarms
will not be reported in the NetXplorer every time a TCA is breached.

alStatOctetsIn Ave inbound rate (in 1.3.6.1.4.1.2603.5.4.2.1.8.<line>.<pipe>.<vc>.48
1024 bytes per sec)
4-2
alStatOctetsOut Ave outbound rate 1.3.6.1.4.1.2603.5.4.2.1.9.<line>.<pipe>.<vc>.48
(in 1024 bytes per
sec)
alStatOctetsTotal Ave total rate 1.3.6.1.4.1.2603.5.4.2.1.10.<line>.<pipe>.<vc>.48
(in/outbound in
1024 bytes per sec)
4.1.1.4 Throughput Per Port

Various throughput KPIs can also be polled per port on the Service Gateway. This
can be done either using OIDs from the Allot-MIB or from other standard SNMP
MIB files. In both cases, if you wish to poll for throughput of a particular port, you
must first determine the interface number.
4.1.1.4.1 Determining Interface Number

In order to determine the label for each interface, you can run snmpwalk on the
following alifxlabel OID: 1.3.6.1.4.1.2603.5.2.6.3.1.5
As an example for reference purposes, the interface numbering scheme of the SG-
Tera is presented below. Each interface on the SFB-4x0 blade has an internal port
number which is indicated below. The ifName column shows the Internal SFB
Interface Name. The Interface Number column shows the Interface number which
should be used when polling each interface for statistics.
SFB SLOT SFB-PORT IFNAME INTERFACE
NUMBER
6 L1 SB_6_34 321
6 L2 SB_6_35 322
6 L3 SB_6_37 323
6 L4 SB_6_36 324
6 L5 SB_6_41 325
6 L6 SB_6_40 326
6 L7 SB_6_39 327
6 L8 SB_6_38 328
7 L1 SB_7_34 385
7 L2 SB_7_35 386
7 L3 SB_7_37 387
4-3
SFB SLOT SFB-PORT IFNAME INTERFACE
NUMBER
7 L4 SB_7_36 388
7 L5 SB_7_41 389
7 L6 SB_7_40 390
7 L7 SB_7_39 391
7 L8 SB_7_38 392
8 L1 SB_8_34 449
8 L2 SB_8_35 450
8 L3 SB_8_37 451
8 L4 SB_8_36 452
8 L5 SB_8_41 453
8 L6 SB_8_40 454
8 L7 SB_8_39 455
8 L8 SB_8_38 456
9 L1 SB_9_34 513
9 L2 SB_9_35 514
9 L3 SB_9_37 515
9 L4 SB_9_36 516
9 L5 SB_9_41 517
9 L6 SB_9_40 518
9 L7 SB_9_39 519
9 L8 SB_9_38 520
4-4
4.1.1.4.2 Polling Throughput Per Port Using Allot-MIB
The Allot-MIB.mib file includes several OIDs which can be polled to give system
level throuhgpu statistics for the Service Gateway. These statistics (which unlike
the policy related statistics, do not need to be activated) are summarized in the
table below.

allfxThroughputTX Bytes per Second for Tx 1.3.6.1.4.1.2603.5.2.6.3.1.13
allfxThroughputRX Bytes per Second for Rx 1.3.6.1.4.1.2603.5.2.6.3.1.14
allfxPacketPerSecondTX Packets per Second for 1.3.6.1.4.1.2603.5.2.6.3.1.15
Tx
allfxPacketPerSecondRX Packets per Second for 1.3.6.1.4.1.2603.5.2.6.3.1.16
Rx
allfxHCInTotalPkts Sum of incoming unicast, 1.3.6.1.4.1.2603.5.2.6.3.1.21
broadcast and multicast
packets
allfxHCOutTotalPkts Sum of outgoing unicast, 1.3.6.1.4.1.2603.5.2.6.3.1.22
broadcast and multicast
packets
In the example below, we wish to know the Tx packets per second on the L5
interface on the SFB in slot 7 of a Service Gateway. We first run an snmpwalk on
the alifxlabel OID to determine the label of the appropriate interface.
snmpwalk -v 2c -c v1v2Admin 10.4.41.200 1.3.6.1.4.1.2603.5.2.6.3.1.5
SNMPv2-SMI::enterprises.2603.5.2.6.3.1.5.385 = STRING: "SB_7_L1"
SNMPv2-SMI::enterprises.2603.5.2.6.3.1.5.393 = STRING: "SB_7_C1.1"
4-5
SNMPv2-SMI::enterprises.2603.5.2.6.3.1.5.960 = STRING: "LAG1"
SNMPv2-SMI::enterprises.2603.5.2.6.3.1.5.1056 = ""
SNMPv2-SMI::enterprises.2603.5.2.6.3.1.5.2559 = STRING: "MGMNT"
From the output we see that the label for L5 on the SFB in slot 7 is 389. We can
now find the Packets Per Second on the Tx of this interface by running the
following:
[root@nx ~]# snmpwalk -v 2c -c v1v2Admin 10.4.41.200
1.3.6.1.4.1.2603.5.2.6.3.1.15.389
SNMPv2-SMI::enterprises.2603.5.2.6.3.1.15.389 = Counter64: 154219
We see that the Tx PPS on this interface is 154219 Packets per second.
4-6
4.1.1.4.3 Polling Throughput Per Port Using Standard MIBs
Throughput per port can also be measured using the standard IFMIB KPI.
Note: 32 bit traffic counters are presented in the standard ifTable (RFC1213-
MIB.interfaces.ifTable) 64 bit counters are presented in the standard ifXTable
(RFC1213-MIB.ifMib.ifMIBObjects.ifXTable).
The data will be received once every 5 seconds and the calculation is performed as
an average value for the last 5 seconds. The statistics MIBs which you can poll for
each interface are taken from the standard MIB - SMP MIB-2, (1.3.6.1.2.1).
The relevant OIDs from 1.3.6.1.2.1.31 (IfMIB) are shown in the table below:
ifHCInOctets Total number of bytes 1.3.6.1.2.1.31.1.1.1.6.<Interface
received on the interface Number>
including framing
characters
ifHCInUcastPkts Total number of unicast 1.3.6.1.2.1.31.1.1.1.7.<Interface
packets delivered Number>
ifHCInMulticastPkts Total number of packets 1.3.6.1.2.1.31.1.1.1.8.<Interface
delivered and addressed Number>
to a multicast address
ifHCInBroadcastPkts Total number of packets 1.3.6.1.2.1.31.1.1.1.9.<Interface
delivered and addressed Number>
to a broadcast address
ifHCOutOctets Total number of bytes 1.3.6.1.2.1.31.1.1.1.10.<Interface
transmitted out of the Number>
interface including framing
characters
ifHCOutUcastPkts Total number of unicast 1.3.6.1.2.1.31.1.1.1.11.<Interface
packets requested Number>
ifHCOutMulticastPkts Total number of packets 1.3.6.1.2.1.31.1.1.1.12.<Interface
requested and addressed Number>
to a multicast address
ifHCOutBroadcastPkts Total number of packets 1.3.6.1.2.1.31.1.1.1.13.<Interface
requested and addressed Number>
to a broadcast address
In addition, you may wish to poll the standard ifEntry OIDs of the ifTable, again a
part of the standard MIB-2 interfaces. The OID to poll is: 1.3.6.1.2.1.2.2.1. It
includes the following OIDs:
4-7
ifIndex A unique value for each interface. Its value 1.3.6.1.2.1.2.2.1.1
ranges between 1 and the value of ifNumber.
The value for each interface must remain
constant at least from one re-initialization of the
entity's network management system to the next
re-initialization.
ifDescr A textual string containing information about the 1.3.6.1.2.1.2.2.1.2
interface. This string should include the name of
the manufacturer, the product name and the
version of the hardware interface.
ifType The type of interface, distinguished according to 1.3.6.1.2.1.2.2.1.3
the physical/link protocol(s) immediately `below'
the network layer in the protocol stack.
ifMtu The size of the largest datagram which can be 1.3.6.1.2.1.2.2.1.4
sent/received on the interface, specified in
octets. For interfaces that are used for
transmitting network datagrams, this is the size
of the largest network datagram that can be sent
on the interface.
ifSpeed An estimate of the interface's current bandwidth 1.3.6.1.2.1.2.2.1.5
in bits per second. For interfaces which do not
vary in bandwidth or for those where no
accurate estimation can be made, this object
should contain the nominal bandwidth.
ifPhysAddress The interface's address at the protocol layer 1.3.6.1.2.1.2.2.1.6
immediately `below' the network layer in the
protocol stack. For interfaces which do not have
such an address (e.g., a serial line), this object
should contain an octet string of zero length.
ifAdminStatus The desired state of the interface. The testing(3) 1.3.6.1.2.1.2.2.1.7
state indicates that no operational packets can
be passed.
ifOperStatus The current operational state of the interface. 1.3.6.1.2.1.2.2.1.8
The testing(3) state indicates that no operational
packets can be passed.
ifLastChange The value of sysUpTime at the time the interface 1.3.6.1.2.1.2.2.1.9
entered its current operational state. If the
current state was entered prior to the last re-
initialization of the local network management
subsystem, then this object contains a zero
value.
ifInOctets The total number of octets received on the 1.3.6.1.2.1.2.2.1.10
interface, including framing characters.
ifInUcastPkts The number of subnetwork-unicast packets 1.3.6.1.2.1.2.2.1.11
delivered to a higher-layer protocol.
4-8
ifInNUcastPkts The number of non-unicast (i.e., subnetwork- 1.3.6.1.2.1.2.2.1.12
broadcast or subnetwork-multicast) packets
delivered to a higher-layer protocol.
ifInDiscards The number of inbound packets which were 1.3.6.1.2.1.2.2.1.13
chosen to be discarded even though no errors
had been detected to prevent their being
deliverable to a
higher-layer protocol. One possible reason for
discarding such a packet could be to free up
buffer space.
ifInErrors The number of inbound packets that contained 1.3.6.1.2.1.2.2.1.14
errors preventing them from being deliverable to
a higher-layer protocol.
ifInUnknownProtos The number of packets received via the interface 1.3.6.1.2.1.2.2.1.15
which were discarded because of an unknown or
unsupported protocol.
ifOutOctets The total number of octets transmitted out of 1.3.6.1.2.1.2.2.1.16
the interface, including framing characters.
ifOutUcastPkts The total number of packets that higher-level 1.3.6.1.2.1.2.2.1.17
protocols requested be transmitted to a
subnetwork-unicast address, including those that
were discarded or not sent.
ifOutNUcastPkts The total number of packets that higher-level 1.3.6.1.2.1.2.2.1.18
protocols requested be transmitted to a non-
unicast (i.e., a subnetwork-broadcast or
subnetwork-multicast) address, including those
that were discarded or not sent.
ifOutDiscards The number of outbound packets which were 1.3.6.1.2.1.2.2.1.19
chosen to be discarded even though no errors
had been detected to prevent their being
transmitted. One possible reason for discarding
such a packet could be to free up buffer space.
ifOutErrors The number of outbound packets that could not 1.3.6.1.2.1.2.2.1.20
be transmitted because of errors.
ifOutQLen The length of the output packet queue (in 1.3.6.1.2.1.2.2.1.21
packets).
4-9
ifSpecific A reference to MIB definitions specific to the 1.3.6.1.2.1.2.2.1.22
particular media being used to realize the
interface. For example, if the interface is
realized by an ethernet, then the value of this
object refers to a document defining objects
specific to ethernet. If this information is not
present, its value should be set to the OBJECT
IDENTIFIER { 0 0 }, which is a syntatically valid
object identifier, and any conformant
implementation of ASN.1 and BER must be able
to generate and recognize this value.
4.1.2 Active Subscriber Sessions

This KPI measures the number of subscribers "registered in the in-line platform".
With each subscriber being able to open several simultaneous sessions, this
number in fact represents the number of currently open PDP contexts (in mobile
networks) or the number of subscribers currently logged into the network (in fixed
networks). The value is calculated based on a sample every 30 seconds. It can be
run per Core Controller blade or per platform. The output is an integer
representing the total number of active subscriber sessions (PDP contexts).
DESCRIPTION ENTITY OID
Number of Active For a given CC blade 1.3.6.1.4.1.2603.5.4.9.1.5.Slot.1.1000.5 OR
Subscriber Sessions
1.3.6.1.4.1.2603.5.5.18.1.3.Slot.15001
(the OID uses the word
"registered" in its For the whole chassis 1.3.6.1.4.1.2603.5.4.9.1.5.1000.1.1000.5 OR
internal description) 1.3.6.1.4.1.2603.5.5.18.1.3.0.15001
4.1.3 Number of Connections

The total number of live connections is calculated based on a sample every 30
seconds. It can be run per platform, per core controller blade (on multi-blade
platforms) or per policy entity. The output is an integer representing the total
number of currently live connections.
4.1.3.1 Number of Connections Per Whole Chassis

There are several different ways in which you can poll the number of live
connections on the entire chassis.
4-10
alUsStatValue Number of 1.3.6.1.4.1.2603.5.4.9.1.5.1000.1.1000.6
Connections
alSensorRawValue Number of 1.3.6.1.4.1.2603.5.5.18.1.3.0.11001
Connections
alNumberEstConnections Number of 1.3.6.1.4.1.2603.5.4.6
Connections
4.1.3.2 Number of Connections Per Blade

On multi-blade platforms, the number of live connections can also be measured on
each individual blade. The slot number needs to be inserted in the OID as per the
table below. There are two options for measuring this KPI.

alUsStatValue Number of 1.3.6.1.4.1.2603.5.4.9.1.5.Slot.1.1000.6
Connections
alSensorRawValue Number of 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.11001

Connections
4.1.3.3 Number of Connections Per Policy Element (Line, Pipe, VC)

It is also possible to poll several KPIs related to the number of connections per
policy entity (Line, Pipe, VC) as per the table below. The MIBs which collect
network statistics on each policy entity are by default disabled. In order to enable
KPI collection on a specific policy entity, you must:
1. Create a threshold crossing alarm (TCA). This is done by selecting Alarms
Definition from the Events/Alarms pane in the NetXplorer GUI, and then
filling in the Alarm Definition Entry Properties dialog.
2. Assign the TCA to the policy entities to be monitored. This is done by
right-clicking the relevant Line, Pipe or Virtual Channel, and selecting Alarm
Assignments | Add Alarm Assignment
This process is described fully in Chapter 7 of the NetXplorer Operation Guide.
4-11
NOTE: The KPIs which you will be able to poll on the required policy element, are not
limited to the specific threshold defined in the TCA. E.g: After creating a TCA
which is triggered when a particular bandwidth threshold is crossed and
assigning it to Pipe X, you can subsequently poll that same pipe not only for
bandwidth, but also for “live connections” or “dropped connections” etc.
NOTE: If the sole purpose of the TCA created is to activate statistic collection for
external polling, the NetXplorer administrator may wish to define
“unreasonably high” (or low) thresholds that will never be triggered. That way,
statistics for the line/pipe or VC will still be collected, but unnecessary alarms
will not be reported in the NetXplorer every time a TCA is breached.

alStatLiveConn No. of live 1.3.6.1.4.1.2603.5.4.2.1.5.<line>.<pipe>.<vc>.48
connections
alStatNewConn No. of new 1.3.6.1.4.1.2603.5.4.2.1.6.<line>.<pipe>.<vc>.48
connections
alStatDropConn No. of dropped 1.3.6.1.4.1.2603.5.4.2.1.7.<line>.<pipe>.<vc>.48
connections
For example, to poll the number of live connections (1.3.6.1.4.1.2603.5.4.2.1.5) on

the fallback line (1.0.0) of a Service Gateway with IP 10.17.13.10, run the following
snmpget command:
snmpget -v 3 -u MD5 -a MD5 -A MD5UserAuthPassword12 -l authNoPriv

10.17.13.10 .1.3.6.1.4.1.2603.5.4.2.1.5.1.0.0.48
4.1.4 Number of Lines

The total number of active lines is calculated based on a sample every 30 seconds.
It can be run per Core Controller blade or per platform. The output is an integer
representing the total number of currently active lines.
Number of Active Lines For a given CC blade 1.3.6.1.4.1.2603.5.4.9.1.5.Slot.1.1000.7 OR
1.3.6.1.4.1.2603.5.5.18.1.3.Slot.12001
For the whole chassis 1.3.6.1.4.1.2603.5.4.9.1.5.1000.1.1000.7 OR
1.3.6.1.4.1.2603.5.5.18.1.3.0.12001 OR
1.3.6.1.4.1.2603.5.4.5
4-12
4.1.5 Number of Pipes
The total number of active pipes is calculated based on a sample every 30 seconds.
It can be run per Core Controller blade or per platform. The output is an integer
representing the total number of currently active pipes (including template
instances).
Number of Active For a given CC blade 1.3.6.1.4.1.2603.5.4.9.1.5.Slot.1.1000.8 OR
Pipes
1.3.6.1.4.1.2603.5.5.18.1.3.Slot.13001
1.3.6.1.4.1.2603.5.5.18.1.3.0.13001 OR
1.3.6.1.4.1.2603.5.4.3
4.1.6 Number of Virtual Channels (VCs)

The total number of active Virtual Channels is calculated based on a sample every
30 seconds. It can be run per Core Controller blade or per platform. The output is
an integer representing the total number of currently active VCs (including
template instances).
Number of Active VCs For a given CC blade 1.3.6.1.4.1.2603.5.4.9.1.5.Slot.1.1000.9 OR
1.3.6.1.4.1.2603.5.5.18.1.3.Slot.14001
1.3.6.1.4.1.2603.5.5.18.1.3.0.14001 OR
1.3.6.1.4.1.2603.5.4.4
4.1.7 Monitoring Rules

The total number of registered monitoring rules is calculated based on a sample
every 30 seconds. It can be run per Core Controller or per platform. The output is
an integer representing the total number of registered monitoring rules.
Monitoring Rules For a given CC blade 1.3.6.1.4.1.2603.5.4.9.1.5.Slot.1.1000.10
For the whole chassis 1.3.6.1.4.1.2603.5.4.9.1.5.1000.1.1000.10
4-13
4.1.8 Dropped Frames
The total number of dropped frames is based on a counter which accumulates from
the last boot time of the relevant board. The counter will reset to 0 when the
maximum value is reached. It can be measured for a core controller blade, a host
blade or on the entire platform. The output is an integer representing the total
number of dropped frames since the last reboot.
Dropped Frames For a given blade 1.3.6.1.4.1.2603.5.4.9.1.5.Slot.1.1000.11
4.1.9 HTTP CDRs

The total number of HTTP CDR Records and Files exported is based on a counter
which accumulates from the last boot time of the relevant board. The counter will
reset to 0 when the system reboots.
Number of HTTP CDR For a given blade 1.3.6.1.4.1.2603.5.4.9.1.5.Slot.1.1000.12
Records Exported
Number of HTTP CDR For a given blade 1.3.6.1.4.1.2603.5.4.9.1.5.Slot.1.1000.13
Files Exported
4.1.10 Binary CDRs

The total number of Binary CDR (BDR) Records and Files exported is based on a
counter which accumulates from the last boot time of the relevant board. The
counter will reset to 0 when the system reboots.
Number of BDR For a given blade 1.3.6.1.4.1.2603.5.4.9.1.5.Slot.1.1000.14
Records Exported
Number of BDR Files For a given blade 1.3.6.1.4.1.2603.5.4.9.1.5.Slot.1.1000.15
Exported
4-14
4.1.11 Video Detail Records (VDR)
The total number of Video Detail (VDR) Records and Files exported is based on a
counter which accumulates from the last boot time of the relevant board. The
counter will reset to 0 when the system reboots.
Number of VDR For a given blade 1.3.6.1.4.1.2603.5.4.9.1.5.Slot.1.1000.16
Records Exported
Number of VDR Files For a given blade 1.3.6.1.4.1.2603.5.4.9.1.5.Slot.1.1000.17
Exported
4.1.12 Connection Establishment Rate (CER)

The connection establishment rate is the number of connections established per
second. It can be measured on a Core Controller blade or for the entire platform.
The output is an integer representing the number of new connections established
per second
CER For a given CC blade 1.3.6.1.4.1.2603.5.5.18.1.3.Slot.10001
For the whole chassis 1.3.6.1.4.1.2603.5.5.18.1.3.0.10001 OR
1.3.6.1.4.1.2603.5.4.7
Note: If the CER rises above the defined specification for new connections per sec for
a given CC blade, additional connections opened and dispatched to that CC
will pass through the system without classification or QoS enforcement.
4.1.13 Number of Active Subscribers

The number of active subscribers is relevant when working with SMP only).
NOTE: This OID should be used for single blade appliances only. In multi-blade
platforms (e.g: SG-Tera), this OID will return the number of active subscribers on
the single CC blade with the most active subscribers.
Active Subscribers For the whole chassis 1.3.6.1.4.1.2603.5.4.8
4-15
4.2 Subscriber Management Platform

The SMP KPIs are defined in the Allot-MD-MIB file and are divided here into
different categories.
The KPIs referred to below are located in the alSMPMonitor group
(1.3.6.1.4.1.2603.11.2) of the ALLOT-MD-MIB file
4.2.1 Subscribers and Sessions

SMP can be polled for several different KPIs related to subscribers:
• The number of registered subscribers (calculated by a single sample during
the last logging interval – not the average)
• The number of active subscribers (calculated by a single sample during the
last logging interval – not the average)
• The peak number of active sessions. An active session is described as a
session which had a START but not a STOP message during the logging
interval.
• The number of active subscribers affiliated per service plan (calculated by a
single sample during the last logging interval)
alsmpNumOfSubs Number of registered subscribers 1.3.6.1.4.1.2603.11.2.2
alsmpNumOfActiveSubs Number of active subscribers 1.3.6.1.4.1.2603.11.2.4
alsmpNumOfActiveSess Peak number of active sessions 1.3.6.1.4.1.2603.11.2.5
alsmpSpNumOfActiveSubs Active subscribers per service plan 1.3.6.1.4.1.2603.11.2.6.1.2
4-16
Note: From SMP13.1, the SMP removed the limit on the number of registered
subscribers. When working with SMP13.1 and above, the alsmpNumOfSubs
OID will return a value of "0" unless SMP has been configured to continue
working with the old "allot id"
Note: The output of an SNMPGET command on alsmpSpNumOfActiveSubs will be
the ServicePlan ID followed by decimal values of the ASCII codes for the
Service Plan Name. For example, if there were 50 subscribers in a Service Plan
called “UNLIMITED” (ID#13) and 55 subscribers in a Service Plan called
“DEFAULT” (ID#14) the output would be as follows:
1.3.6.1.4.1.2603.11.2.6.1.2.13.85.78.76.73.77.73.84.69.68 = Gauge32: 50
1.3.6.1.4.1.2603.11.2.6.1.2.14.68.69.70.65.85.76.84 = Gauge32: 55
4.2.2 RADIUS Messages

SMP can be polled for several different KPIs related to incoming RADIUS messages:
• Incoming RADIUS Accounting message (start, stop and interim) peak rate
• Incoming RADIUS Start message peak rate
• Incoming RADIUS Stop message peak rate
• Incoming RADIUS Interim message peak rate
In each of the cases, the message peak rate is measured during a 5 second interval,
seen by the SMP during the last logging interval. When 5 minutes are expired, the
SMP resets the current peak value to 0.
Each KPI is measured in messages per second.
alSmpInRadiusMsgRate Incoming RADIUS Accounting 1.3.6.1.4.1.2603.11.2.7.1
message peak rate
alSmpInRadiusStartMsgRate Incoming RADIUS Start message 1.3.6.1.4.1.2603.11.2.7.2
peak rate
alSmpInRadiusStopMsgRate Incoming RADIUS Stop message 1.3.6.1.4.1.2603.11.2.7.3
peak rate
alSmpInRadiusInterimMsgRate Incoming RADIUS Interim message 1.3.6.1.4.1.2603.11.2.7.4
peak rate
4.2.3 FUP Messages

SMP can be polled for several different KPIs related to incoming Fast Update
Protocol (FUP) messages which run between the SMP and the in-Line platforms:
• Incoming FUP message rate
• Outgoing FUP message rate
4-17
In both cases, the rate is calculated over a 5 minute period divided by the number
of seconds in the period. The counter is reset every 5 minutes after the value is
updated.
NOTE: A single message can carry multiple FUP requests
Each KPI is measured in messages per second.
alSmpInFupMsgRate Incoming FUP message 1.3.6.1.4.1.2603.11.2.8.1
rate
alSmpOutFupMsgRate Outgoing FUP message 1.3.6.1.4.1.2603.11.2.8.2
rate
4.2.4 Gx DIAMETER Messages

SMP can be polled for many different KPIs related to the Gx DIAMETER messages
which run between the SMP and the PCRF. The KPIs measure the number of:
• Gx messages received (all types, CCA-I, CCA-U, CCA-T or RAR)
• Gx messages not processed or timed out (all types, CCA-I, CCA-U, CCA-T or
RAR)
• Gx messages sent (all types, CCR-I, CCR-U, CCR-T or RAA)
• Gx messages which failed to be sent (all types, CCR-I, CCR-U, CCR-T or RAA)
• Peak average of Gx messages received per sec (all types, CCA-I, CCA-U, CCA-
T or RAR)
• Peak average of Gx messages sent per sec (all types, CCR-I, CCR-U, CCR-T or
RAA)
In each of these cases, the calculation is made by a counter which accumulates
since the last SMP boot. This counter is reset to 0 when the maximum value is
reached.
All "peak record" KPIs are measured in messages per second, averaged over a 5
second interval during the last logging interval.
alSMPInGxMsg All incoming Gx messages 1.3.6.1.4.1.2603.11.2.9.1
alSMPInGxCcaiMsg Incoming CCA-I Gx messages 1.3.6.1.4.1.2603.11.2.9.2
alSMPInGxCcauMsg Incoming CCA-U Gx 1.3.6.1.4.1.2603.11.2.9.3
messages
alSMPInGxCcatMsg Incoming CCA-T Gx messages 1.3.6.1.4.1.2603.11.2.9.4
4-18
alSMPOutGxMsg All outgoing Gx messages 1.3.6.1.4.1.2603.11.2.9.5
alSMPOutCcriMsg Outgoing CCR-I Gx messages 1.3.6.1.4.1.2603.11.2.9.6
alSMPOutCcruMsg Outgoing CCR-U Gx 1.3.6.1.4.1.2603.11.2.9.7
messages
alSMPOutCcrtMsg Outgoing CCR-T Gx messages 1.3.6.1.4.1.2603.11.2.9.8
alSMPInGxRarMsg Incoming RAR Gx messages 1.3.6.1.4.1.2603.11.2.9.9
alSMPOutGxRaaMsg Outgoing RAA Gx messages 1.3.6.1.4.1.2603.11.2.9.10
alSMPInFailedGxMsg All failed incoming Gx 1.3.6.1.4.1.2603.11.2.9.11
messages
alSMPInFailedGxCcaiMsg Failed incoming CCA-I Gx 1.3.6.1.4.1.2603.11.2.9.12
messages
alSMPInFailedGxCcauMsg Failed incoming CCA-U Gx 1.3.6.1.4.1.2603.11.2.9.13
messages
alSMPInFailedGxCcatMsg Failed incoming CCA-T Gx 1.3.6.1.4.1.2603.11.2.9.14
messages
alSMPInFailedGxRarMsg Failed incoming RAR Gx 1.3.6.1.4.1.2603.11.2.9.15
messages
alSMPOutFailedGxMsg All failed outgoing Gx 1.3.6.1.4.1.2603.11.2.9.16
messages
alSMPOutFailedGxCcriMsg Failed outgoing CCR-I Gx 1.3.6.1.4.1.2603.11.2.9.17
messages
alSMPOutFailedGxCcruMsg Failed outgoing CCR-U Gx 1.3.6.1.4.1.2603.11.2.9.18
messages
alSMPOutFailedGxCcrtMsg Failed outgoing CCR-T Gx 1.3.6.1.4.1.2603.11.2.9.19
messages
alSMPOutFailedGxRaaMsg Failed outgoing RAA Gx 1.3.6.1.4.1.2603.11.2.9.20
messages
alSMPInGxMsgPeakRate Input Gx messages (total) 1.3.6.1.4.1.2603.11.2.9.21
peak rate in messages per
second
alSMPInGxCcaiMsgPeakRate Input Gx CCA-I messages 1.3.6.1.4.1.2603.11.2.9.22
(total) peak rate in messages
per second
4-19
alSMPInGxCcauMsgPeakRate Input Gx CCA-U messages 1.3.6.1.4.1.2603.11.2.9.23
per second
alSMPInGxCcatMsgPeakRate Input Gx CCA-T messages 1.3.6.1.4.1.2603.11.2.9.24
per second
alSMPOutGxMsgPeakRate Output Gx messages (total) 1.3.6.1.4.1.2603.11.2.9.25
second
alSMPOutGxCcriMsgPeakRate Output Gx CCR-I messages 1.3.6.1.4.1.2603.11.2.9.26
per second
alSMPOutGxCcruMsgPeakRate Output Gx CCR-U messages 1.3.6.1.4.1.2603.11.2.9.27
per second
alSMPOutGxCcrtMsgPeakRate Output Gx CCR-T messages 1.3.6.1.4.1.2603.11.2.9.28
(total) peak rate, in
messages per second
alSMPInGxRarMsgPeakRate Input Gx RAR messages 1.3.6.1.4.1.2603.11.2.9.29
messages per second
alSMPOutGxRaaMsgPeakRate Output Gx RAA messages 1.3.6.1.4.1.2603.11.2.9.30
messages per second
4.2.5 Gy DIAMETER Messages

SMP can be polled for many different KPIs related to the Gx DIAMETER messages
which run between the SMP and the PCRF. The KPIs measure the number of:
• Gy messages received (all types, CCA-I, CCA-U, CCA-T)
• Gy messages not processed or timed out (all types, CCA-I, CCA-U, CCA-T)
• Gy messages sent (all types, CCR-I, CCR-U, CCR-T)
• Gy messages which failed to be sent (all types, CCR-I, CCR-U, CCR-T)
reached.
4-20
alSmpInGyMsg All incoming Gy messages 1.3.6.1.4.1.2603.11.2.10.1
alSmpInGyCcaiMsg Incoming CCA-I Gy messages 1.3.6.1.4.1.2603.11.2.10.2
alSmpInGyCcauMsg Incoming CCA-U Gy 1.3.6.1.4.1.2603.11.2.10.3
messages
alSmpInGyCcatMsg Incoming CCA-T Gy 1.3.6.1.4.1.2603.11.2.10.4
messages
alSmpInFailedGyMsg All failed incoming Gy 1.3.6.1.4.1.2603.11.2.10.5
messages
alSmpInFailedGyCcaiMsg Failed incoming CCA-I Gy 1.3.6.1.4.1.2603.11.2.10.6
messages
alSmpInFailedGyCcauMsg Failed incoming CCA-U Gy 1.3.6.1.4.1.2603.11.2.10.7
messages
alSmpInFailedGyCcatMsg Failed incoming CCA-T Gy 1.3.6.1.4.1.2603.11.2.10.8
messages
alSmpOutGyMsg All outgoing Gy messages 1.3.6.1.4.1.2603.11.2.10.9
alSmpOutGyCcriMsg Outgoing CCR-I Gy messages 1.3.6.1.4.1.2603.11.2.10.10
alSmpOutGyCcruMsg Outgoing CCR-U Gy 1.3.6.1.4.1.2603.11.2.10.11
messages
alSmpOutGyCcrtMsg Outgoing CCR-T Gy 1.3.6.1.4.1.2603.11.2.10.12
messages
alSmpOutFailedGyMsg All failed outgoing Gy 1.3.6.1.4.1.2603.11.2.10.13
messages
alSmpOutFailedGyCcriMsg Failed outgoing CCR-I Gy 1.3.6.1.4.1.2603.11.2.10.14
messages
alSmpOutFailedGyCcruMsg Failed outgoing CCR-U Gy 1.3.6.1.4.1.2603.11.2.10.15
messages
alSmpOutFailedGyCcrtMsg Failed outgoing CCR-T Gy 1.3.6.1.4.1.2603.11.2.10.16
messages
alSMPInGyMsgPeakRate Input Gy messages (total) 1.3.6.1.4.1.2603.11.2.10.17
second
4-21
alSMPInGyCcaiMsgPeakRate Input Gy CCA-I messages 1.3.6.1.4.1.2603.11.2.10.18
(total) peak rate in
messages per second
alSMPInGyCcauMsgPeakRate Input Gy CCA-U messages 1.3.6.1.4.1.2603.11.2.10.19
messages per second
alSMPInGyCcatMsgPeakRate Input Gy CCA-T messages 1.3.6.1.4.1.2603.11.2.10.20
messages per second
alSMPOutGyMsgPeakRate Output Gy messages (total) 1.3.6.1.4.1.2603.11.2.10.21
second
alSMPOutGyCcriMsgPeakRate Output Gy CCR-I messages 1.3.6.1.4.1.2603.11.2.10.22
messages per second
alSMPOutGyCcruMsgPeakRate Output Gy CCR-U messages 1.3.6.1.4.1.2603.11.2.10.23
messages per second
alSMPOutGyCcrtMsgPeakRate Output Gy CCR-T messages 1.3.6.1.4.1.2603.11.2.10.24
messages per second
4.2.6 Gz CDRs
SMP can be polled to measure the total number of Gz (CDR) messages written on
the SMP. The calculation is made by a counter which accumulates since the last
SMP boot. This counter is reset to 0 when the maximum value is reached.
alSmpOutGzRecords Output Gz records since last boot 1.3.6.1.4.1.2603.11.2.11.1
4.2.7 Sd DIAMETER Messages

SMP can be polled for many different KPIs related to the Sd DIAMETER messages
which run between the SMP (TDF) and the PCRF. The KPIs measure the number of:
• Sd messages received (all types, TSR, CCA-U, CCA-T or RAR)
• Sd messages not processed or timed out (all types, TSR, CCA-U, CCA-T or
RAR)
4-22
• Sd messages sent (all types, TSA, CCR-U, CCR-T or RAA)
• Sd messages which failed to be sent (all types, TSA, CCR-U, CCR-T or RAA)
• Peak average of Sd messages received per sec (all types, TSR, CCA-U, CCA-T
or RAR)
• Peak average of Gx messages sent per sec (all types, TSA, CCR-U, CCR-T or
RAA)
reached.
alSMPInSdMsg All incoming Sd messages 1.3.6.1.4.1.2603.11.2.12.1
alSMPInSdTsrMsg Incoming TS-R Sd messages 1.3.6.1.4.1.2603.11.2.12.2
alSMPInSdCcauMsg Incoming CCA-U Sd 1.3.6.1.4.1.2603.11.2.12.3
messages
alSMPInSdCcatMsg Incoming CCA-T Sd messages 1.3.6.1.4.1.2603.11.2.12.4
alSMPOutSdMsg All outgoing Sd messages 1.3.6.1.4.1.2603.11.2.12.5
alSMPOutSdTsaMsg Outgoing TS-A Sd messages 1.3.6.1.4.1.2603.11.2.12.6
alSMPOutSdCcruMsg Outgoing CCR-U Sd 1.3.6.1.4.1.2603.11.2.12.7
messages
alSMPOutSdCcrtMsg Outgoing CCR-T Sd messages 1.3.6.1.4.1.2603.11.2.12.8
alSMPInSdRarMsg Incoming RAR Sd messages 1.3.6.1.4.1.2603.11.2.12.9
alSMPOutSdRaaMsg Outgoing RAA Sd messages 1.3.6.1.4.1.2603.11.2.12.10
alSMPInFailedSdMsg All failed incoming Sd 1.3.6.1.4.1.2603.11.2.12.11
messages
alSMPInFailedSdTsrMsg Failed incoming TS-R Sd 1.3.6.1.4.1.2603.11.2.12.12
messages
alSMPInFailedSdCcauMsg Failed incoming CCA-U Sd 1.3.6.1.4.1.2603.11.2.12.13
messages
alSMPInFailedSdCcatMsg Failed incoming CCA-T Sd 1.3.6.1.4.1.2603.11.2.12.14
messages
alSMPInFailedSdRarMsg Failed incoming RAR Sd 1.3.6.1.4.1.2603.11.2.12.15
messages
4-23
alSMPOutFailedSdMsg All failed outgoing Sd 1.3.6.1.4.1.2603.11.2.12.16
messages
alSMPOutFailedSdTsaMsg Failed outgoing TS-A Sd 1.3.6.1.4.1.2603.11.2.12.17
messages
alSMPOutFailedSdCcruMsg Failed outgoing CCR-U Sd 1.3.6.1.4.1.2603.11.2.12.18
messages
alSMPOutFailedSdCcrtMsg Failed outgoing CCR-T Sd 1.3.6.1.4.1.2603.11.2.12.19
messages
alSMPOutFailedSdRaaMsg Failed outgoing RAA Sd 1.3.6.1.4.1.2603.11.2.12.20
messages
alSMPInSdMsgPeakRate Input Sd messages (total) 1.3.6.1.4.1.2603.11.2.12.21
peak rate, in messages per
second
alSMPInSdTsrMsgPeakRate Input Sd TS-R messages 1.3.6.1.4.1.2603.11.2.12.22
(total) peak rate
alSMPInSdCcauMsgPeakRate Input Sd CCA-U messages 1.3.6.1.4.1.2603.11.2.12.23
(total) peak rate
alSMPInSdCcatMsgPeakRate Input Sd CCA-T messages 1.3.6.1.4.1.2603.11.2.12.24
(total) peak rate
alSMPOutSdMsgPeakRate Output Sd messages (total) 1.3.6.1.4.1.2603.11.2.12.25
peak rate
alSMPOutSdTsaMsgPeakRate Output Sd TS-A messages 1.3.6.1.4.1.2603.11.2.12.26
(total) peak rate
alSMPOutSdCcruMsgPeakRate Output Sd CCR-U messages 1.3.6.1.4.1.2603.11.2.12.27
(total) peak rate
alSMPOutSdCcrtMsgPeakRate Output Sd CCR-T messages 1.3.6.1.4.1.2603.11.2.12.28
(total) peak rate
alSMPInSdRarMsgPeakRate Input Sd RAR messages 1.3.6.1.4.1.2603.11.2.12.29
(total) peak rate
alSMPOutSdRaaMsgPeakRate Output Sd RAA messages 1.3.6.1.4.1.2603.11.2.12.30
(total) peak rate
4.2.8 Dynamic Rules

SMP can be polled for several KPIs relating to:
• Dynamic QoS enforcement rules
• Dynamic service activation rules
4-24
• Dynamic service plan add-ons
For each of the KPIs in the table below, the total number of dynamic rules is based
on a single sample during the last logging interval (not an average).
The peak rate of new dynamic rules is measured in rules per second during a 5
second interval, as seen by SMP during the last logging interval (rules per second).
When 5 minutes are up, the SMP resets the current peak value to 0.
alSmpDynamicQosRule All incoming Sd 1.3.6.1.4.1.2603.11.2.12.31
messages
alSmpDynamicQosRulePeakRate Dynamic Qos 1.3.6.1.4.1.2603.11.2.12.32
Enforcement
Rules peak rate
alSmpDynamicServiceActivationRule Total number of 1.3.6.1.4.1.2603.11.2.12.33

dynamic service
activation rules
alSmpDynamicServiceActivationRulePeakR Dynamic service 1.3.6.1.4.1.2603.11.2.12.34
ate activation rules
peak rate
alSmpDynamicServicePlanAddOn Total number of 1.3.6.1.4.1.2603.11.2.12.35
dynamic service
plan add-ons
alSmpDynamicServicePlanAddOnPeakRate Dynamic service 1.3.6.1.4.1.2603.11.2.12.36
plan add-on
peak rate
4.3 STC
The KPIs for the Short Term Collector are defined in the Allot-MD-MIB file and are
divided here into incoming records and processed records.
4.3.1 Incoming Records

There are different KPIs which measure each of the following incoming records:
• Number of incoming records from the in-line platform. Includes all record
bucket (both 30sec and 300sec) and record types (VC, Conversation,
Generic, Service and HTTP)
• Number of incoming VC statistics records. Includes both 30sec and 300sec
buckets.
4-25
• Number of incoming Conversation statistics records. Includes both 30sec
and 300sec buckets.
• Number of incoming SDR records from SMP to the extended collector. This
is only relevant if the Statistics Export license is enabled.
• Number of incoming UDR records from In-Line Platform to extended
collector. This is only relevant if the Statistics Export license is enabled.

alDatColStatRecordsIncomingNum Total number of 1.3.6.1.4.1.2603.11.8.1.1.3.2.1
incoming records (all
types)
incoming VC statistic
records
incoming
Conversation statistic
records
incoming SDR records
incoming UDR records
4.3.2 Processed Records

There are different KPIs which measure each of the following processed records:
• Number of processed records in aggregated buckets ready to be polled by
the LTC. This includes all aggregated record buckets (1 hour) and and
record types (VC, Conversation, Generic, Service and HTTP). The aggregated
records will later be polled by the LTC.
• Number of processed VC statistics records in aggregated (1 hour) buckets,
ready to be polled by the LTC.
• Number of processed Conversation statistics records in aggregated (1 hour)
buckets, ready to be polled by the LTC. The counter will present the original
number in the conversation aggregated bucket (not reduced).
4-26
alDatColStatRecordsProcessedNum Total number of 1.3.6.1.4.1.2603.11.8.1.1.4.2.1
processed records (all
types)
processed VC records
processed
Conversation records
4.4 Data Mediator

The following KPIs can be polled from the ALLOT-DATAMED-MIB module
4.4.1 Incoming Records

alDmKpiRecordsIncomingNum The number of 1.3.6.1.4.1.2603.12.3.1.1.1.9
incoming records
since the last
boot per data
type
alDmKpiRecordsIncomingLastIntervalNum Number of 1.3.6.1.4.1.2603.12.3.1.1.1.11
incoming records
in the last
(configurable)
duration from
now
alDmKpiRecordsIncomingRate Incoming records 1.3.6.1.4.1.2603.12.3.1.1.1.12
rate, in records
per second,
averaged since
boot
alDmKpiRecordsIncomingLastIntervalRate Incoming records 1.3.6.1.4.1.2603.12.3.1.1.1.13
rate, in records
per second,
averaged during
the last interval
4-27
alDmKpiRecordsIncomingCorruptedNum Number of 1.3.6.1.4.1.2603.12.3.1.1.1.19
incoming records
failed during
parsing since last
boot
alDmKpiRecordsIncomingCorruptedLastInt Number of 1.3.6.1.4.1.2603.12.3.1.1.1.20
ervalNum incoming records
failed during
parsing in the last
(configurable)
duration from
now
alDmKpiRecordsGlobalExcludedNum Number of 1.3.6.1.4.1.2603.12.3.1.1.1.24
excluded
(filtered)
incoming records
created since
boot
alDmKpiRecordsGlobalExcludedLastInterval Number of 1.3.6.1.4.1.2603.12.3.1.1.1.25
Num excluded
(filtered)
incoming records
created during
parsing in the last
(configurable)
interval from
now.
4.4.2 Incoming Files

alDmKpiFilesIncomingNum The number of 1.3.6.1.4.1.2603.12.3.1.1.1.14
incoming files
since the last
boot
alDmKpiFilesIncomingLastIntervalNum Number of 1.3.6.1.4.1.2603.12.3.1.1.1.15
incoming files in
the last
(configurable)
duration from
now
4-28
alDmKpiFilesIncomingCorruptedNum Number of 1.3.6.1.4.1.2603.12.3.1.1.1.16
corrupted
incoming files
since boot
alDmKpiFilesIncomingCorruptedLastInterva Number of 1.3.6.1.4.1.2603.12.3.1.1.1.17
lNum corrupted
incoming files in
the last
(configurable)
duration from
now
alDmKpiFilesIncomingCorruptedLastInterva Percentage of 1.3.6.1.4.1.2603.12.3.1.1.1.18
lPercent corrupted
incoming files in
the last
(configurable)
duration from
now
4.4.3 Output Records

alDmKpiOutputRecordsCreatedNum The total number of 1.3.6.1.4.1.2603.12.3.1.1.1.21
output records created
by the data mediator
since the last boot
alDmKpiOutputRecordsCreatedLastI The total number of 1.3.6.1.4.1.2603.12.3.1.1.1.22
ntervalNum output records created
during parsing in the
last interval from now.
alDmKpiOutputRecordsCreatedLastI Output records in 1.3.6.1.4.1.2603.12.3.1.1.1.23
ntervalRate records per second,
averaged during the last
duration.
4.4.4 Output Files

alDmKpiOutputFilesCreatedNum The total number of files 1.3.6.1.4.1.2603.12.3.1.1.1.6
created by the data
4-29
mediator since the last
boot
alDmKpiOutputFilesPushSuccessNu The total number of files 1.3.6.1.4.1.2603.12.3.1.1.1.7
m successfully pushed by
the data mediator to the
operator’s SFTP server
since the last boot
alDmKpiOutputFilesPushFailNum The total attempts to 1.3.6.1.4.1.2603.12.3.1.1.1.8
push files by the data
mediator to the
operator’s SFTP server
since the last boot
which falied (note: this
is not the number of
files which have not
been pushed)
alDmKpiOutputFilesPendingPush Files to be pushed – the 1.3.6.1.4.1.2603.12.3.1.1.1.10
total number of files
waiting to be pushed.
4-30
4.5 ClearSee
The following KPIs can be polled from the ALLOT-CLEARSEE-MIB module.
4.5.1 Records
alCsKpiRecordsIncomingNum The number of incoming 1.3.6.1.4.1.2603.14.3.2.1.1.2
records since the last
boot
alCsKpiRecordsIncomingLastInterval The number of incoming 1.3.6.1.4.1.2603.14.3.2.1.1.3
Num records since the last
(configurable) interval
alCsKpiRecordsIncomingRate The average rate of 1.3.6.1.4.1.2603.14.3.2.1.1.4
incoming records, per
second, since boot.
alCsKpiRecordsIncomingLastInterval The average rate of 1.3.6.1.4.1.2603.14.3.2.1.1.5
Rate incoming records per
second since the last
interval
4.5.2 Files
alCsKpiFilesIncomingNum The number of incoming 1.3.6.1.4.1.2603.14.3.2.1.1.6
files since the last boot
alCsKpiFilesIncomingLastIntervalNu The number of incoming 1.3.6.1.4.1.2603.14.3.2.1.1.7
m files since the last
alCsKpiFilesIncomingCorruptedNum The number of 1.3.6.1.4.1.2603.14.3.2.1.1.8
corrupted incoming files
since the last boot
alCsKpiFilesIncomingCorruptedLastIn The number of 1.3.6.1.4.1.2603.14.3.2.1.1.9
tervalNum corrupted incoming files
since the last
alCsKpiFilesIncomingCorruptedLastIn The percentage of 1.3.6.1.4.1.2603.14.3.2.1.1.10
tervalPercent corrupted incoming files
since the last
4-31
For a given ITR 1.3.6.1.4.1.2603.1.1.1.1.5.19.8.UnitID
4-32
4.6 NetworkSecure
4.6.1 Central Manager
The Central Manger KPIs are in the ALLOT-ASP-CM-MIB. These counters are
calculated from the 1st of each month at 9:00 AM. The solution resets the counter
each month.
4.6.1.1 Provisioning Statistics

Each final leaf of this branch shows the following system provisioning statistics:
alAspCmProvAddUserReqs Total requests for 1.3.6.1.4.1.2603.16.1.2.1.1.0
new clients
received in the
system in the
current month
alAspCmProvDeleteUserReqs Total requests to 1.3.6.1.4.1.2603.16.1.2.1.2.0
remove clients
received in the
system
alAspCmProvReqErrors Total provisioning 1.3.6.1.4.1.2603.16.1.2.1.3.0
errors registered
in the system
4.6.1.2 User Statistics

Each final leaf of this branch shows the following client statistics:
alAspCmUsrStatLastUpdat The date and time when 1.3.6.1.4.1.2603.16.1.2.
eDate these statistics were most 2.1.0
recently updated
alAspCmUsrStatTotalUsers The total number of 1.3.6.1.4.1.2603.16.1.2.
provisioned clients in the 2.2.0
system when the system
was last updated
alAspCmUsrStatActiveUser The total number of active 1.3.6.1.4.1.2603.16.1.2.
s clients in the system when 2.3.0
it was last updated, per
alAspCmUsrStatLastUpdat
eDate. Clients that have an
4-33
IP address are considered
active users.
This branch contains the following tables:

• The table alAspCmUsrStatPerServiceTable, OID 1.3.6.1.4.1.2603.16.1.2.2.4,
contains statistics per service, in which:
⧫ Each row is a service, in the format [SERVICE TYPE].[SERVICE NAME],
such as ContentFilter.Basic, AntiVirus.Premium.
⧫ For each service, the table presents the total number of (provisioned)
users in the system provisioned with this service since the service was
last updated.
• The table alAspCmUsrStatPerPolicyTable, OID 1.3.6.1.4.1.2603.16.1.2.2.5,
contains statistics per policy, in which:
⧫ Each row is a policy, in the format [PROFILE-NAME].[POLICY-NAME].
The profile name format for user (client) policies is [SERVICE-
TYPE].[SERVICE-NAME], and for global (ISP) policies is the static string
Global. The policies are all active and non-empty.
⧫ For each policy, the table presents the total number of (provisioned)
users in the system provisioned with this policy.
4.6.1.3 Notification Statistics

Each final leaf of this branch shows the following notifications statistics:
alAspCmNotifSmscMsgs The total number of 1.3.6.1.4.1.2603.16.1.2.3.1.0
notification messages
sent via SMSC since
the network
management portion
of the system was last
re-initialized.
alAspCmNotifEmailMsgs The total number of 1.3.6.1.4.1.2603.16.1.2.3.2.0
sent via email since the
network management
portion of the system
was last re-initialized.
alAspCmNotifSoapMsgs The total number of 1.3.6.1.4.1.2603.16.1.2.3.3.0
4-34
sent via SOAP since the
network management
portion of the system
was last re-initialized.
4.6.2 NetworkSecure Topology

The NetworkSecure topology KPIs are in ALLOT- TOPOLOGY-MIB. These objects
show the solution topology, which is the number of nodes and IP the addresses of
the queried node.
These objects are updated whenever there is a change in the solution.
The topology MIB is based on alTopoManagedNodesTable, OID
1.3.6.1.4.1.2603.17.1.1, in which each row is a node directly managed by the node
that you queried. For each node, the table presents columns with the following
statistics:
• A unique identifier of the managed node
• The OID of the managed node
• A numeric value starting at 0 that shows the address type, with values as
follows:
⧫ 0. unknown
⧫ 1. udpIpv4
⧫ 2. udpIpv6
⧫ 3. udpIpv4z
⧫ 4. udpIpv6z
⧫ 5. tcpIpv4
⧫ 6. tcpIpv6
⧫ 7. tcpIpv4z
⧫ 8. tcpIpv6z
⧫ 9. sctpIpv4
⧫ 10. sctpIpv6
⧫ 11. sctpIpv4z
⧫ 12. sctpIpv6z
⧫ 13. local
⧫ 14. udpDns
⧫ 15. tcpDns
⧫ 16. sctpDns
4-35
• The transport service address by which the managed node receives
network management traffic
The topology MIB also contains the following:
alTopoGlobalProcessingLoad The conceptual 1.3.6.1.4.1.2603.17.1.2.0
processing load of the
system as a whole,
including all directly
managed nodes, on a
scale of 0 to 100.
4.6.3 Filter
The NetworkSecure Filter KPIs are in the ALLOT-ASP-FILTER-MIB. These counters
are calculated from the startup of the module. If the module is restarted, then
these counters are reset.
4.6.3.1 CCOTTA Counters

Each final leaf of the alAspCtStatistics branch, OID 1.3.6.1.4.1.2603.15.1.2.2, shows
CCOTTA counters.
Peak connection establishment
rate (CER) for all traffic during
the last full hour on the hour
per system time
alAspCtTotalPeakCerHrly (hrSystemDate). 1.3.6.1.4.1.2603.15.1.2.2.1
rate (CER) for HTTP traffic
during the last full hour on the
hour per system time
alAspCtHttpPeakCerHrly (hrSystemDate) 1.3.6.1.4.1.2603.15.1.2.2.2
rate (CER) for HTTPS traffic
alAspCtHttpsPeakCerHrly (hrSystemDate) 1.3.6.1.4.1.2603.15.1.2.2.3
alAspCtFtpPeakCerHrly 1.3.6.1.4.1.2603.15.1.2.2.4
rate (CER) for FTP traffic during
4-36
the last full hour on the hour
per system time (hrSystemDate)
rate (CER) for other TCP traffic
(hrSystemDate). This pertains to
TCP traffic not already
accounted for by a service-
specific gauge, such as
alAspCtOthrTcpPeakCerHrly alAspCtHttpPeakCerHrly. 1.3.6.1.4.1.2603.15.1.2.2.5
rate (CER) for other UDP traffic
(hrSystemDate). This pertains to
UDP traffic not already
alAspCtOthrUdpPeakCerHrly specific gauge. 1.3.6.1.4.1.2603.15.1.2.2.6
Peak concurrently live total
connections during the last full
hour on the hour per system
alAspCtTotalPeakLiveConnsHrly time (hrSystemDate). 1.3.6.1.4.1.2603.15.1.2.2.7
Peak concurrently live HTTP
alAspCtHttpPeakLiveConnsHrly time (hrSystemDate). 1.3.6.1.4.1.2603.15.1.2.2.8
Peak concurrently live HTTPS
alAspCtHttpsPeakLiveConnsHrly time (hrSystemDate). 1.3.6.1.4.1.2603.15.1.2.2.9
Peak concurrently live FTP
alAspCtFtpPeakLiveConnsHrly time (hrSystemDate). 1.3.6.1.4.1.2603.15.1.2.2.10
Peak concurrently live other
TCP connections during the last
full hour on the hour per system
time (hrSystemDate). This
alAspCtOthrTcpPeakLiveConnsHrly 1.3.6.1.4.1.2603.15.1.2.2.11
pertains to TCP traffic not
4-37
already accounted for by a
service-specific gauge, such as
alAspCtHttpPeakLiveConnsHrly.
Peak concurrently live other
UDP connections during the last
full hour on the hour per system
time (hrSystemDate). This
pertains to UDP traffic not
already accounted for by a
alAspCtOthrUdpPeakLiveConnsHrly service-specific gauge. 1.3.6.1.4.1.2603.15.1.2.2.12
Total connections seen by the
system since the network
management portion of the
alAspCtTotalConns system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.2.13
Total HTTP connections seen by
the system since the network
alAspCtHttpConns system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.2.14
Total HTTP connections blocked
by the Firewall service since the
network management portion
of the system was last re-
alAspCtHttpFwlBlockedConns initialized. 1.3.6.1.4.1.2603.15.1.2.2.15
Total HTTPS connections seen
by the system since the network
alAspCtHttpsConns system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.2.16
Total HTTPS connections
blocked by the Firewall service
since the network management
portion of the system was last
alAspCtHttpsFwlBlockedConns re-initialized. 1.3.6.1.4.1.2603.15.1.2.2.17
Total FTP connections seen by
alAspCtFtpConns system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.2.18
Total FTP connections blocked
by the Firewall service since the
alAspCtFtpFwlBlockedConns 1.3.6.1.4.1.2603.15.1.2.2.19
4-38
initialized.
Total other TCP connections
seen by the system since the
initialized. This pertains to TCP
traffic not already accounted for
by a service-specific counter,
alAspCtOthrTcpConns such as alAspCtHttpConns. 1.3.6.1.4.1.2603.15.1.2.2.20
Total other TCP connections
re-initialized. This pertains to
TCP traffic not already
specific counter, such as
alAspCtOthrTcpFwlBlockedConns alAspCtHttpConns. 1.3.6.1.4.1.2603.15.1.2.2.21
Total other UDP connections
seen by the system since the
initialized. This pertains to UDP
traffic not already accounted for
alAspCtOthrUdpConns by a service-specific counter. 1.3.6.1.4.1.2603.15.1.2.2.22
Total other UDP connections
re-initialized. This pertains to
UDP traffic not already
alAspCtOthrUdpFwlBlockedConns specific counter. 1.3.6.1.4.1.2603.15.1.2.2.23
The conceptual processing load
of the ASP CT, on a scale of 0 to
alAspCtProcessingLoad 100. 1.3.6.1.4.1.2603.15.1.2.2.24
4-39
4.6.3.2 Web Filter Statistics
Each leaf of the alAspWebFilterStatistics branch, OID 1.3.6.1.4.1.2603.15.1.2.3,
contains Web Filter final leaves.
The current number of users, broken
alAspWfUserStatistics down in different ways 1.3.6.1.4.1.2603.15.1.2.3.1
HTTP request inspected by the Filter,
alAspWfHttpStatistics broken down in different ways 1.3.6.1.4.1.2603.15.1.2.3.2
HTTPS request inspected by the
alAspWfHttpsStatistics Filter, broken down in different ways 1.3.6.1.4.1.2603.15.1.2.3.3
FTP request inspected by the Filter,
alAspWfFtpStatistics broken down in different ways 1.3.6.1.4.1.2603.15.1.2.3.4
The final leaves of the above leaves are described in the sections below.
4.6.3.2.1 Web Filter User Statistics

Each final leaf of the alAspWfUserStatistics branch, OID
1.3.6.1.4.1.2603.15.1.2.3.1, shows user statistics relevant for the Web Filter.
The current number of (provisioned)
alAspWfTotalUsers users in Web Filter database. 1.3.6.1.4.1.2603.15.1.2.3.1.1
The current number of users that have
one or more active connections through
alAspWfLiveUsers Web Filter. 1.3.6.1.4.1.2603.15.1.2.3.1.2
4.6.3.2.2 Web Filter HTTP Requests

Each final leaf of the alAspWfHttpStatistics branch, 1.3.6.1.4.1.2603.15.1.2.3.2,
shows HTTP statistics relevant for the Web Filter.
Total HTTP requests
inspected by Web Filter
since the network
alAspHttpTotalReqs 1.3.6.1.4.1.2603.15.1.2.3.2.1
management portion of
the system was last re-
initialized.
alAspHttpCntntFltrBlockedReqs Total HTTP requests 1.3.6.1.4.1.2603.15.1.2.3.2.2

inspected and blocked by
4-40
the Content Filter service
(AKA Web/WAP) since the
network management
portion of the system was
last re-initialized.
Total HTTP requests
the Anti Virus service since
alAspHttpVirusBlockedReqs 1.3.6.1.4.1.2603.15.1.2.3.2.3
the network management
Total HTTP requests
the Anti Phishing service
alAspHttpPhishingBlockedReqs since the network 1.3.6.1.4.1.2603.15.1.2.3.2.4
initialized.
Total HTTP requests
the Ads Free service since
alAspHttpAdsFreeBlockedReqs 1.3.6.1.4.1.2603.15.1.2.3.2.5
Total HTTP requests
the Activation service (AKA
alAspHttpActivationBlockedReqs Auto Notices) since the 1.3.6.1.4.1.2603.15.1.2.3.2.6
network management
Total HTTP requests
the Anti Botnet service
alAspHttpBotnetBlockedReqs since the network 1.3.6.1.4.1.2603.15.1.2.3.2.7
initialized.
4-41
4.6.3.2.3 Web Filter HTTPS Requests
Each final leaf of the alAspWfHttpsStatistics branch, 1.3.6.1.4.1.2603.15.1.2.3.3,
shows HTTPS statistics relevant for the Web Filter.
Total HTTPS requests
since the network
alAspHttpsTotalReqs 1.3.6.1.4.1.2603.15.1.2.3.3.1
initialized.
alAspHttpsCntntFltrBlockedReqs (AKA Web/WAP) since the 1.3.6.1.4.1.2603.15.1.2.3.3.2
network management
alAspHttpsVirusBlockedReqs 1.3.6.1.4.1.2603.15.1.2.3.3.3
the Anti Phishing service
alAspHttpsPhishingBlockedReqs since the network 1.3.6.1.4.1.2603.15.1.2.3.3.4
initialized.
alAspHttpsAdsFreeBlockedReqs 1.3.6.1.4.1.2603.15.1.2.3.3.5
alAspHttpsActivationBlockedReqs the Activation service (AKA 1.3.6.1.4.1.2603.15.1.2.3.3.6
Auto Notices) since the
network management
4-42
alAspHttpsBotnetBlockedReqs since the network 1.3.6.1.4.1.2603.15.1.2.3.3.7
initialized.
4.6.3.2.4 Web Filter FTP Requests

Each final leaf of the alAspWFtpsStatistics branch, 1.3.6.1.4.1.2603.15.1.2.3.4, shows FTP
statistics relevant for the Web Filter.
Total FTP requests
since the network
alAspFtpTotalReqs 1.3.6.1.4.1.2603.15.1.2.3.4.1
initialized.
Total FTP requests
alAspFtpCntntFltrBlockedReqs (AKA Web/WAP) since the 1.3.6.1.4.1.2603.15.1.2.3.4.2
network management
Total FTP requests
alAspFtpVirusBlockedReqs 1.3.6.1.4.1.2603.15.1.2.3.4.3
Total FTP requests
alAspFtpPhishingBlockedReqs the Anti Phishing service 1.3.6.1.4.1.2603.15.1.2.3.4.4
since the network
4-43
initialized.
Total FTP requests
alAspFtpAdsFreeBlockedReqs 1.3.6.1.4.1.2603.15.1.2.3.4.5
Total FTP requests
the Activation service (AKA
alAspFtpActivationBlockedReqs Auto Notices) since the 1.3.6.1.4.1.2603.15.1.2.3.4.6
network management
Total FTP requests
alAspFtpBotnetBlockedReqs since the network 1.3.6.1.4.1.2603.15.1.2.3.4.7
initialized.
The conceptual processing
alAspWfProcessingLoad load of the Web Filter, on a 1.3.6.1.4.1.2603.15.1.2.3.5
scale of 0 to 100.
4.6.3.3 Mail Filter Statistics

Each leaf of the alAspMailFilterStatistics branch, OID 1.3.6.1.4.1.2603.15.1.2.4,
contains Mail Filter final leaves.
Inbound SMTP messages processed
by the Filter, broken down in
alAspSmtpInStatistics different ways 1.3.6.1.4.1.2603.15.1.2.4.1
Outbound SMTP messages
processed by the Filter, broken down
alAspSmtpOutStatistics in different ways 1.3.6.1.4.1.2603.15.1.2.4.2
4-44
POP3 messages processed by the
alAspPop3Statistics Filter, broken down in different ways 1.3.6.1.4.1.2603.15.1.2.4.3
IMAP messages processed by the
alAspImapStatistics Filter, broken down in different ways 1.3.6.1.4.1.2603.15.1.2.4.4
The final leaves of the above leaves are described in the sections below.
4.6.3.3.1 Inbound SMTP Messages

Each final leaf of the alAspSmtpInStatistics branch, OID 1.3.6.1.4.1.2603.15.1.2.4.1,
shows inbound SMTP messages processed by the Filter, broken down in different
ways.
Total inbound SMTP
messages processed by the
system was last re-
alAspSmtpInProcessedMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.1.1
Total inbound SMTP
messages processed and
delivered by the system
since the network
system was last re-
alAspSmtpInDeliveredMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.1.2
Total inbound SMTP
not delivered by the system
since the network
system was last re-
alAspSmtpInNotDeliveredMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.1.3
Total inbound SMTP
tagged as SPAM by the
system was last re-
alAspSmtpInSpamTaggedMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.1.4
Total inbound SMTP
alAspSmtpInSpamDeletedMsgs 1.3.6.1.4.1.2603.15.1.2.4.1.5
4-45
deleted due to SPAM by the
system was last re-
initialized.
Total inbound SMTP
quarantined due to SPAM
by the system since the
network management
alAspSmtpInSpamQuarantinedMsgs last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.1.6
Total inbound SMTP
rejected due to SPAM by
the system since the
network management
alAspSmtpInSpamRejectedMsgs last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.1.7
Total inbound SMTP
tagged as Phising by the
system was last re-
alAspSmtpInPhishTaggedMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.1.8
Total inbound SMTP
deleted due to Phising by
network management
alAspSmtpInPhishDeletedMsgs last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.1.9
Total inbound SMTP
quarantined due to Phising
network management
alAspSmtpInPhishQuarantinedMsgs last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.1.10
4-46
Total inbound SMTP
rejected due to Phising by
network management
alAspSmtpInPhishRejectedMsgs last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.1.11
Total inbound SMTP
tagged as Virus by the
system was last re-
alAspSmtpInVirusTaggedMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.1.12
Total inbound SMTP
deleted due to Virus by the
system was last re-
alAspSmtpInVirusDeletedMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.1.13
Total inbound SMTP
quarantined due to Virus by
network management
alAspSmtpInVirusQuarantinedMsgs last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.1.14
Total inbound SMTP
rejected due to Virus by the
system was last re-
alAspSmtpInVirusRejectedMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.1.15
4.6.3.3.2 Outbound SMTP Messages

Each final leaf of the alAspSmtpOutStatistics branch, OID
1.3.6.1.4.1.2603.15.1.2.4.2, shows outbound SMTP messages processed by the
Filter, broken down in different ways.
4-47
Total outbound SMTP
messages processed by the
alAspSmtpOutProcessedMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.2.1
Total outbound SMTP
delivered by the system
since the network
alAspSmtpOutDeliveredMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.2.2
Total outbound SMTP
not delivered by the
alAspSmtpOutNotDeliveredMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.2.3
Total outbound SMTP
tagged as SPAM by the
alAspSmtpOutSpamTaggedMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.2.4
Total outbound SMTP
deleted due to SPAM by
network management
alAspSmtpOutSpamDeletedMsgs last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.2.5
Total outbound SMTP
quarantined due to SPAM
network management
alAspSmtpOutSpamQuarantinedMsgs last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.2.6
4-48
Total outbound SMTP
rejected due to SPAM by
network management
alAspSmtpOutSpamRejectedMsgs last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.2.7
Total outbound SMTP
tagged as Phising by the
alAspSmtpOutPhishTaggedMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.2.8
Total outbound SMTP
deleted due to Phising by
network management
alAspSmtpOutPhishDeletedMsgs last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.2.9
Total outbound SMTP
quarantined due to Phising
network management
alAspSmtpOutPhishQuarantinedMsgs last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.2.10
Total outbound SMTP
rejected due to Phising by
network management
alAspSmtpOutPhishRejectedMsgs last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.2.11
Total outbound SMTP
tagged as Virus by the
alAspSmtpOutVirusTaggedMsgs 1.3.6.1.4.1.2603.15.1.2.4.2.12
4-49
initialized.
Total outbound SMTP
deleted due to Virus by the
alAspSmtpOutVirusDeletedMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.2.13
Total outbound SMTP
quarantined due to Virus
network management
alAspSmtpOutVirusQuarantinedMsgs last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.2.14
Total outbound SMTP
rejected due to Virus by
network management
alAspSmtpOutVirusRejectedMsgs last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.2.15
4.6.3.3.3 POP3 SMTP Messages

Each final leaf of the alAspPop3Statistics branch, OID 1.3.6.1.4.1.2603.15.1.2.4.3,
shows outbound POP3 messages processed by the Filter, broken down in different
ways.
Total POP3 messages processed
by the system since the network
alAspPop3ProcessedMsgs system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.3.1
and delivered by the system since
the network management portion
alAspPop3DeliveredMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.3.2
4-50
and not delivered by the system
portion of the system was last re-
alAspPop3NotDeliveredMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.3.3
and tagged as SPAM by the
alAspPop3SpamTaggedMsgs system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.3.4
and deleted due to SPAM by the
alAspPop3SpamDeletedMsgs system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.3.5
and quarantined due to SPAM by
alAspPop3SpamQuarantinedMsgs system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.3.6
and tagged as Phising by the
alAspPop3PhishTaggedMsgs system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.3.8
and deleted due to Phising by the
alAspPop3PhishDeletedMsgs system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.3.9
Total inbound SMTP messages
processed and quarantined due to
Phising by the system since the
network management portion of
alAspPop3PhishQuarantinedMsgs the system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.3.10
processed and tagged as Virus by
alAspPop3VirusTaggedMsgs system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.3.12
4-51
processed and deleted due to
Virus by the system since the
alAspPop3VirusDeletedMsgs the system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.3.13
processed and quarantined due to
Virus by the system since the
alAspPop3VirusQuarantinedMsgs the system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.3.14
4.6.3.3.4 IMAP SMTP Messages

Each final leaf of the alAspImapStatistics branch, OID 1.3.6.1.4.1.2603.15.1.2.4.4,
shows outbound IMAP messages processed by the Filter, broken down in different
ways.
Total IMAP messages processed by
management portion of the system
alAspImapProcessedMsgs was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.4.1
Total IMAP messages processed and
delivered by the system since the
network management portion of the
alAspImapDeliveredMsgs system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.4.2
not delivered by the system since the
network management portion of the
alAspImapNotDeliveredMsgs system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.4.3
tagged as SPAM by the system since
the network management portion of
alAspImapSpamTaggedMsgs the system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.4.4
deleted due to SPAM by the system
alAspImapSpamDeletedMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.4.5
4-52
quarantined due to SPAM by the
alAspImapSpamQuarantinedMsgs was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.4.6
tagged as Phising by the system since
alAspImapPhishTaggedMsgs the system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.4.8
deleted due to Phising by the system
alAspImapPhishDeletedMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.4.9
quarantined due to Phising by the
alAspImapPhishQuarantinedMsgs was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.4.10
tagged as Virus by the system since
alAspImapVirusTaggedMsgs the system was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.4.12
deleted due to Virus by the system
alAspImapVirusDeletedMsgs initialized. 1.3.6.1.4.1.2603.15.1.2.4.4.13
quarantined due to Virus by the
alAspImapVirusQuarantinedMsgs was last re-initialized. 1.3.6.1.4.1.2603.15.1.2.4.4.14
The conceptual processing load of
alAspMailFilterProcessingLoad the Mail Filter, on a scale of 0 to 100. 1.3.6.1.4.1.2603.15.1.2.4.5
4-53
Appendices
5 Appendices
5.1 Appendix A: KPIs Per SG Blade
KPIs in the alSensorTable (1.3.6.1.4.1.2603.5.5.18) in Allot-MIB.mib can be polled on
different blades in the Service Gateway chassis depending on the sensor type. This
appendix contains reference tables for the SG-Sigma and SG-Sigma E detailing which
KPIs can be run on which blade.
The table below shows which sensor type can be polled, for each of the SG-Sigma
blades.
Sensor Type Chassis SG-Sigma Blades SG-Sigma E Blades

SGSV CC-220 FB-200 SFC-200 BP-204 SFB-300 CC-300
1 (Temp) X ✓ ✓ ✓ ✓ ✓ ✓ ✓
2 (Fan) ✓ X X X X X X X
3 (Power) ✓ X X X X X X X
4 (CPU) X ✓ ✓ X X X X ✓
5 (Memory) X ✓ ✓ X X X X ✓
6 (Storage) X ✓ ✓ X X X X ✓
7 (Voltage) X X X X X X X X
8 (Telco) ✓ X X X X X X X
9 (picoCpu) X X X X X X X X
10 (CER) ✓ X ✓ X X X X ✓
11 (NOC) ✓ X ✓ X X X X ✓
12 (ActiveLines) ✓ X ✓ X X X X ✓
13 (ActivePipes) ✓ X ✓ X X X X ✓
14 (ActiveVCs) ✓ X ✓ X X X X ✓
15 (RegisterSuscr) ✓ X ✓ X X X X X
5-1
Appendices
5.1.1 Examples
5.1.1.1 Running an snmpget Command
To find the memory usage for the SGSV installed in slot 14 of the SG-Omega, we need
to poll 1.3.6.1.4.1.2603.5.5.18.1.3.14.4001
Where 14=Slot 14, and 4001 represents Sensor Type 4 (CPU usage) and Sensor ID 001
host-blade:~# snmpget -v 2c -c v1v2Admin localhost

.1.3.6.1.4.1.2603.5.5.18.1.3.14.4001
iso.3.6.1.4.1.2603.5.5.18.1.3.1.4001 = INTEGER: 1
5-2
Appendices
5.1.1.2 Running an snmpwalk Command
To query all sensors, run an snmpwalk command on 1.3.6.1.4.1.2603.5.5.18.1.3 . An
example of the output with the different readings for each sensor is shown below:
host-blade:~# snmpwalk -v 2c -c v1v2Admin localhost

.1.3.6.1.4.1.2603.5.5.18.1.3
iso.3.6.1.4.1.2603.5.5.18.1.3.0.2001 = INTEGER: 2
iso.3.6.1.4.1.2603.5.5.18.1.3.0.2002 = INTEGER: 2
iso.3.6.1.4.1.2603.5.5.18.1.3.0.2003 = INTEGER: 2
iso.3.6.1.4.1.2603.5.5.18.1.3.0.3001 = INTEGER: 0
iso.3.6.1.4.1.2603.5.5.18.1.3.0.3002 = INTEGER: 0
iso.3.6.1.4.1.2603.5.5.18.1.3.0.8001 = INTEGER: 6
iso.3.6.1.4.1.2603.5.5.18.1.3.1.1007 = INTEGER: 35
iso.3.6.1.4.1.2603.5.5.18.1.3.1.1008 = INTEGER: 39
iso.3.6.1.4.1.2603.5.5.18.1.3.1.1009 = INTEGER: 39
iso.3.6.1.4.1.2603.5.5.18.1.3.1.4001 = INTEGER: 71
iso.3.6.1.4.1.2603.5.5.18.1.3.1.5001 = INTEGER: 97
iso.3.6.1.4.1.2603.5.5.18.1.3.1.6001 = INTEGER: 33
iso.3.6.1.4.1.2603.5.5.18.1.3.1.9001 = INTEGER: 68
iso.3.6.1.4.1.2603.5.5.18.1.3.1.9002 = INTEGER: 64
iso.3.6.1.4.1.2603.5.5.18.1.3.3.1007 = INTEGER: 34
iso.3.6.1.4.1.2603.5.5.18.1.3.3.1008 = INTEGER: 40
iso.3.6.1.4.1.2603.5.5.18.1.3.3.1009 = INTEGER: 39
iso.3.6.1.4.1.2603.5.5.18.1.3.3.4001 = INTEGER: 62
iso.3.6.1.4.1.2603.5.5.18.1.3.3.5001 = INTEGER: 97
iso.3.6.1.4.1.2603.5.5.18.1.3.3.6001 = INTEGER: 25
iso.3.6.1.4.1.2603.5.5.18.1.3.3.9001 = INTEGER: 70
iso.3.6.1.4.1.2603.5.5.18.1.3.3.9002 = INTEGER: 60
iso.3.6.1.4.1.2603.5.5.18.1.3.4.1007 = INTEGER: 34
iso.3.6.1.4.1.2603.5.5.18.1.3.4.1008 = INTEGER: 40
iso.3.6.1.4.1.2603.5.5.18.1.3.4.1009 = INTEGER: 39
5-3
Appendices
5.2 Appendix B: SNMP Glossary

TERM MEANING
API Application Programming Interface. A set of ready-to-use functions that
provide the basis for a method of programming a user application
Community
An entity that contains one agent and one or more managers, and is
named by the string of octets.
MIB Management Information Base. Specification containing definitions of
management information so that networked systems can be remotely
monitored, configured and controlled.
NMS Network Management Station. A dedicated workstation that gathers and
stores network performance data. The NMS gets the data from network
nodes (computers) running network agent software that enables them to
collect the data.
OID
Object Identifier. SNMP uses an identification scheme found in ASN.1 to
uniquely identify items used throughout SNMP. A identifier in this
scheme is called an object identifier.
SNMP
Simple Network Management Protocol. A simple protocol which uses
either UDP, TCP/IP, or IPX (depending on the operating system) to
transmit messages between a manager and an agent to perform network
management.
SNMP Agent This SNMP subagent supports the Management Information Base (MIB)
module and provides manageability to NetEnforcer system. The
subagents interact with the Master Agent using SNMP.
SNMP Acts as a relay/multiplexor in its communication with subagents, and also
Master as an agent in servicing requests from SNMP managers.
Agent
Trap
An event that is sent by the agent asynchronously. However, the
manager does have control over whether traps are sent or not.
5-4

Allot SNMP Integration (16.5 and NW-S 15.3) v10 b9

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Allot SNMP Integration (16.5 and NW-S 15.3) v10 b9

Uploaded by

Copyright:

Available Formats

Allot SNMP Integration

Doc Date Author Revisions Added

V10b6 09.01.20 Dan Shalem Updated to ALLOT-MIB rev 201912241600Z

V10b3 23.10.19 Dan Shalem Updated to 16.1.50: Allot-MIB rev 201909191600Z

V10b2 18.7.19 Ben Gold Added NetworkSecure SNMP Integration 15.3

• NW-S Traps (s2.1.2 and 2.2.7)

V10b1 30.6.19 Dan Shalem Updated to 16.1.10: ALLOT-MIB rev 201904211400Z

v9b3 12.7.18 Robert Schenck New branding

v7b5 23.05.16 Dan Shalem Updated to Allot-MIB rev201605221700Z to include

Added clarification for setting SNMP port to be used

v7b4 06.12.15 Dan Shalem Fixed error in description of throughput KPI.

v7b1 01.02.15 Dan Shalem New CS MIB added:

v6b2 13.10.14 Dan Shalem Added clarification about alOptIfInputTrap

v5b3 03.07.14 Dan Shalem Updated to reflect new Allot-MIB rev201407011800Z

v5b1 12.12.13 Dan Shalem Updated to Allot.mib rev201310131100Z including

v4b11 09.12.13 Dan Shalem Further clarifications on active subscribers

Clarifications about the KPIs measuring active and

V4b6 19.06.13 Dan Shalem Clarified definition of cold start.

V4b5 07.04.13 Dan Shalem Updated list of trappable events.

V4b4 11.03.13 Dan Shalem Updated to Allot.mib rev201301311500Z and Allot-

V4b2 25.11.12 Dan Shalem Added clarification about communities

V3b4 06.05.12 Dan Shalem Updated with new Allot-Datamed-mib rev

V3b3 06.05.12 Dan Shalem Updated to Allot.mib rev201204081845Z

V2b11 04.09.11 Dan Shalem AC-3000 Port Statistics added

V2b10 14.08.11 Dan Shalem Updated Allot-MD-MIB to 201105291800Z

V2b9 10.08.11 Dan Shalem Updated to Allot.mib rev 201108091100Z

V2b8 07.04.11 Dan Shalem Updated to Allot.mib rev 201103221000Z

V2b6 25.11.10 Dan Shalem Updated to Allot.mib rev 201011181000Z

V2b5 13.09.10 Dan Shalem Updated to AOS11.1 and NX11.1

V2b4 12.09.10 Dan Shalem Interface statistics on SG-Sigma added

V2b3 17.08.10 Dan Shalem Missing SMP KPI added

V2b2 22.07.10 Dan Shalem Additional Events

V1b13 03.01.10 Dan Shalem Updated to Allot.mib rev 200912221326Z

V1b12 14.12.09 Dan Shalem Updated to Allot.mib rev 200912011518

V1b11 09.11.09 Dan Shalem Minor Errors fixed

V1b9 28.10.09 Dan Shalem Updated to Allot.Mib rev 200909021333Z

V1b8 27.10.09 Dan Shalem alUserDefinedSignature, extra alSMPSystemTrap for

V1b7 14.07.09 Dan Shalem Procedure for NX KPIs updated

V1b6 12.07.09 Dan Shalem More information about statistics

V1b4 11.06.09 Dan Shalem IBM DS-3200 trap added

V1b3 02.06.09 Dan Shalem IBM RSA-II traps added

V1b2 May 2009 Dan Shalem SMP Traps and KPIs

V1b1 May 2009 Dan Shalem -

Product Versions Covered

Data Mediator MED16.5

Short-Term Collector MD16.5

MIB Versions Covered

Allot MIBs Revision Supported Backwards Compatibility of

ALLOT-MIB.mib 202005021700Z AOS16.5 Works with all previous AOS

ALLOT-MD.MIB 202005041700Z MD15.3 Works will all previous SMP

ALLOT-DATAMED-MIB 202005011700Z DM15.3 Works will all previous DM

OPTENETv2-MIB 201601120000Z NWS15.3 Works with all previous NW-S

ALLOT-ASP-CM-MIB 201711211000Z NWS15.3 Used only from NWS15.3

ALLOT-ASP-FILTER-MIB 201801231000Z NWS15.3 Used only from NWS15.3

ALLOT-TOPOLOGY-MIB 201903101200Z NWS15.3 Used only from NWS15.3

ALLOT-CLEARSEE-MIB 201706011400Z CS16.5 Works with all previous CS

ALLOT-NX-MIB.MIB 202005031200Z NX16.5 Works with all previous NX

3.1.3 Power Supply .............................................................................. 3-7

4.1.8 Dropped Frames ....................................................................... 4-14

4.6.3 Filter.......................................................................................... 4-36

1.1 Available MIB Files

1.2 MIB File Structure

An additional seventh group, the Allot DmMibModule (1.3.6.1.4.1.2603.12) is

1.3 Supported SNMP Types