-- ============================================================================
-- Copyright (c) 2004-2022 New H3C Tech. Co., Ltd. All rights reserved.
-- Description:  The purpose of this MIB file is to provide the definition of
--               the SECDIAG(Security Diagnostic) trap.
-- Reference:
-- Version: V1.0
-- History:
-- V1.0 2022/07/15 created by suncao
--      The initial revision of this MIB module.
--      Add the hh3cSecDiagTrapConcurrencyExceed,
--      hh3cSecDiagTrapConcurrencyBelow,
--      hh3cSecDiagTrapConnectionExceed,
--      hh3cSecDiagTrapConnectionBelow,
--      hh3cSecDiagTrapSecpIpv4Exceed,
--      hh3cSecDiagTrapSecpIpv4Below,
--      hh3cSecDiagTrapSecpIpv6Exceed,
--      hh3cSecDiagTrapSecpIpv6Below,
--      hh3cSecDiagTrapContextExceed,
--      hh3cSecDiagTrapContextBelow,
--      hh3cSecDiagTrapNatExceed,
--      hh3cSecDiagTrapNatBelow,
--      hh3cSecDiagTrapBaggExceed,
--      hh3cSecDiagTrapBaggBelow,
--      hh3cSecDiagTrapRaggExceed,
--      hh3cSecDiagTrapRaggBelow,
--      hh3cSecDiagTrapThroughputExceed,
--      hh3cSecDiagTrapThroughputBelow,
--      hh3cSecDiagTrapQaclExceed,
--      hh3cSecDiagTrapQaclBelow,
--      hh3cSecDiagTrapBandwidthExceed,
--      hh3cSecDiagTrapBandwidthBelow,
--      hh3cSecDiagTrapBldContextExceed,
--      hh3cSecDiagTrapBldContextBelow,
--      hh3cSecDiagTrapBldContextClose,
--      hh3cSecDiagTrapContextClose.
-- ============================================================================
HH3C-SECDIAG-MIB DEFINITIONS ::= BEGIN

IMPORTS
    hh3cCommon
        FROM HH3C-OID-MIB
    OBJECT-TYPE, Unsigned32, MODULE-IDENTITY, NOTIFICATION-TYPE
        FROM SNMPv2-SMI;

hh3cSecDiag MODULE-IDENTITY
    LAST-UPDATED "202207151011Z"             -- July 15, 2022 at 10:11 GMT
    ORGANIZATION
        "New H3C Tech. Co., Ltd."
    CONTACT-INFO
        "Platform Team New H3C Tech. Co., Ltd.
        Hai-Dian District Beijing P.R. China
        http://www.h3c.com
        Zip:100085"
    DESCRIPTION
        "The initial revision of this MIB module.
        Add the hh3cSecDiagTrapConcurrencyExceed,
        hh3cSecDiagTrapConcurrencyBelow,
        hh3cSecDiagTrapConnectionExceed,
        hh3cSecDiagTrapConnectionBelow,
        hh3cSecDiagTrapSecpIpv4Exceed,
        hh3cSecDiagTrapSecpIpv4Below,
        hh3cSecDiagTrapSecpIpv6Exceed,
        hh3cSecDiagTrapSecpIpv6Below,
        hh3cSecDiagTrapContextExceed,
        hh3cSecDiagTrapContextBelow,
        hh3cSecDiagTrapNatExceed,
        hh3cSecDiagTrapNatBelow,
        hh3cSecDiagTrapBaggExceed,
        hh3cSecDiagTrapBaggBelow,
        hh3cSecDiagTrapRaggExceed,
        hh3cSecDiagTrapRaggBelow,
        hh3cSecDiagTrapThroughputExceed,
        hh3cSecDiagTrapThroughputBelow,
        hh3cSecDiagTrapQaclExceed,
        hh3cSecDiagTrapQaclBelow,
        hh3cSecDiagTrapBandwidthExceed,
        hh3cSecDiagTrapBandwidthBelow,
        hh3cSecDiagTrapBldContextExceed,
        hh3cSecDiagTrapBldContextBelow,
        hh3cSecDiagTrapBldContextClose,
        hh3cSecDiagTrapContextClose."

    REVISION "202207151011Z"                -- July 15, 2022 at 10:11 GMT
    DESCRIPTION
        "The initial revision of this MIB module."
    ::= { hh3cCommon 238 }

--
-- Node definitions
--

-- Global Variants
hh3cSecDiagTraps OBJECT IDENTIFIER ::= { hh3cSecDiag 1 }

--                     **************Global Variants***************
-- Describe objects for secdiag trap
hh3cSecDiagTrapsMonitorPrefix OBJECT IDENTIFIER ::= { hh3cSecDiagTraps 0 }
hh3cSecDiagTrapConcurrencyExceed NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagConcurrencyThreshold,
            hh3cSecDiagConcurrencyDeviceId
        }
    STATUS    current
    DESCRIPTION
        "Send trap when the number of session connections reached
        the alarm threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 1 }
hh3cSecDiagTrapConcurrencyBelow NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagConcurrencyDeviceId
        }
    STATUS    current
    DESCRIPTION
        "Send trap when the number of session connections fell below
        the threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 2 }
hh3cSecDiagTrapConnectionExceed NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagConnectionThreshold,
            hh3cSecDiagConnectionDeviceId
        }
    STATUS    current
    DESCRIPTION
        "The new session creation rate reached the alarm threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 3 }
hh3cSecDiagTrapConnectionBelow NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagConnectionDeviceId
        }
    STATUS    current
    DESCRIPTION
        "Session creation rate drops below the threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 4 }
hh3cSecDiagTrapSecpIpv4Exceed NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagSecpIpv4Threshold
        }
    STATUS    current
    DESCRIPTION
        "The number of IPv4 security policy rules has reached the alarm threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 5 }
hh3cSecDiagTrapSecpIpv4Below NOTIFICATION-TYPE
    STATUS    current
    DESCRIPTION
        "The number of IPv4 security policy rules has fallen below the threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 6 }
hh3cSecDiagTrapSecpIpv6Exceed NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagSecpIpv6Threshold
        }
    STATUS    current
    DESCRIPTION
        "The number of IPv6 security policy rules has reached the alarm threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 7 }
hh3cSecDiagTrapSecpIpv6Below NOTIFICATION-TYPE
    STATUS    current
    DESCRIPTION
        "The number of IPv6 security policy rules has fallen below the threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 8 }
hh3cSecDiagTrapContextExceed NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagContextThreshold
        }
    STATUS    current
    DESCRIPTION
        "The number of context has reached the alarm threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 9 }
hh3cSecDiagTrapContextBelow NOTIFICATION-TYPE
    STATUS    current
    DESCRIPTION
        "The number of contexts has fallen below the threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 10 }
hh3cSecDiagTrapNatExceed NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagNatThreshold
        }
    STATUS    current
    DESCRIPTION
        "The number of configured NAT entries has reached the alarm threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 11 }
hh3cSecDiagTrapNatBelow NOTIFICATION-TYPE
    STATUS    current
    DESCRIPTION
        "The number of NAT entries has fallen below the threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 12 }
hh3cSecDiagTrapBaggExceed NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagBaggThreshold
        }
    STATUS    current
    DESCRIPTION
        "The number of layer-2 aggregation interfaces has reached
        the alarm threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 13 }
hh3cSecDiagTrapBaggBelow NOTIFICATION-TYPE
    STATUS    current
    DESCRIPTION
        "The number of layer-2 aggregation interfaces has fallen
        below the threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 14 }
hh3cSecDiagTrapRaggExceed NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagRaggThreshold
        }
    STATUS    current
    DESCRIPTION
        "The number of three-layer aggregation interfaces has reached
        the alarm threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 15 }
hh3cSecDiagTrapRaggBelow NOTIFICATION-TYPE
    STATUS    current
    DESCRIPTION
        "The number of three-layer aggregation interfaces has fallen
        below the threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 16 }
hh3cSecDiagTrapThroughputExceed NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagThroughputThreshold,
            hh3cSecDiagThroughputDeviceId
        }
    STATUS    current
    DESCRIPTION
        "The throughput of the internal interface has reached the alarm threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 17 }
hh3cSecDiagTrapThroughputBelow NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagThroughputDeviceId
        }
    STATUS    current
    DESCRIPTION
        "The throughput of the internal interface drops below the threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 18 }
hh3cSecDiagTrapQaclExceed NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagQaclThreshold,
            hh3cSecDiagQaclDeviceId,
            hh3cSecDiagQaclTotalSlices,
            hh3cSecDiagQaclSingleSlices,
            hh3cSecDiagQaclDoubleSlices,
            hh3cSecDiagQaclMQCEntries,
            hh3cSecDiagQaclOpenFlowEntries
        }
    STATUS    current
    DESCRIPTION
        "The percentage of QACL resource utilization has reached
        the alarm threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 19 }
hh3cSecDiagTrapQaclBelow NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagQaclDeviceId
        }
    STATUS    current
    DESCRIPTION
        "The percentage of QACL resource utilization has fallen
        below the threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 20 }
hh3cSecDiagTrapBandwidthExceed NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagBandwidthThreshold
        }
    STATUS    current
    DESCRIPTION
        "The incoming traffic is always greater than or equal to
        the bandwidth alarm threshold within the duration."
    ::= { hh3cSecDiagTrapsMonitorPrefix 21 }
hh3cSecDiagTrapBandwidthBelow NOTIFICATION-TYPE
    STATUS    current
    DESCRIPTION
        "The incoming traffic falls below the bandwidth alarm threshold
        within the duration."
    ::= { hh3cSecDiagTrapsMonitorPrefix 22 }
hh3cSecDiagTrapBldContextExceed NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagBladeEngineGroupId,
            hh3cSecDiagBladeThresholdLevel,
            hh3cSecDiagBladeThreshold
        }
    STATUS    current
    DESCRIPTION
        "The number of context in a security engine group reaches
        the first threshold alarm or the second threshold alarm."
    ::= { hh3cSecDiagTrapsMonitorPrefix 23 }
hh3cSecDiagTrapBldContextBelow NOTIFICATION-TYPE
    OBJECTS
        {
            hh3cSecDiagBladeEngineGroupId,
            hh3cSecDiagBladeThresholdLevel,
            hh3cSecDiagBladeThreshold
        }
    STATUS    current
    DESCRIPTION
        "The number of context on the engine group drops below
        the first level threshold or below the second threshold."
    ::= { hh3cSecDiagTrapsMonitorPrefix 24 }
hh3cSecDiagTrapBldContextClose NOTIFICATION-TYPE
    STATUS    current
    DESCRIPTION
        "Turn off the context monitoring alarm based on the engine group."
    ::= { hh3cSecDiagTrapsMonitorPrefix 25 }
hh3cSecDiagTrapContextClose NOTIFICATION-TYPE
    STATUS    current
    DESCRIPTION
        "Close the context number monitoring alarm."
    ::= { hh3cSecDiagTrapsMonitorPrefix 26 }

hh3cSecDiagTrapsMonitorObjects OBJECT IDENTIFIER ::= { hh3cSecDiagTraps 1 }
hh3cSecDiagConcurrencyThreshold OBJECT-TYPE
    SYNTAX Unsigned32
    MAX-ACCESS  accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Threshold value of session connections."
    ::= { hh3cSecDiagTrapsMonitorObjects 1 }
hh3cSecDiagConcurrencyDeviceId OBJECT-TYPE
    SYNTAX    OCTET STRING(SIZE(0..64))
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "1.The slot number of the board, such as slot XX.
        If the slot supports multiple CPUs, it is like slot XX CPU XX.
        (Distributed device,independent operation mode).
        2.The member number of the equipment in IRF, such as slot XX.
        If the slot supports multiple CPUs, it is like slot XX CPU XX.
        (Centralized IRF equipment).
        3.The slot number of the board in the IRF, such as chassis XX slot XX.
        If the slot supports multiple CPUs, the form is chassis XX slot XX CPU XX.
        (Distributed device,IRF mode)."
    ::= { hh3cSecDiagTrapsMonitorObjects 2 }
hh3cSecDiagConnectionThreshold OBJECT-TYPE
    SYNTAX    Unsigned32
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Threshold of session creation rate."
    ::= { hh3cSecDiagTrapsMonitorObjects 3 }
hh3cSecDiagConnectionDeviceId OBJECT-TYPE
    SYNTAX    OCTET STRING(SIZE(0..64))
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "1.The slot number of the board, such as slot XX.
        If the slot supports multiple CPUs, it is like slot XX CPU XX.
        (Distributed device,independent operation mode).
        2.The member number of the equipment in IRF, such as slot XX.
        If the slot supports multiple CPUs, it is like slot XX CPU XX.
        (Centralized IRF equipment).
        3.The slot number of the board in the IRF, such as chassis XX slot XX.
        If the slot supports multiple CPUs, the form is chassis XX slot XX CPU XX.
        (Distributed device,IRF mode)."
    ::= { hh3cSecDiagTrapsMonitorObjects 4 }
hh3cSecDiagSecpIpv4Threshold OBJECT-TYPE
    SYNTAX    Unsigned32
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Threshold value for the number of IPv4 security policy rules."
    ::= { hh3cSecDiagTrapsMonitorObjects 5 }
hh3cSecDiagSecpIpv6Threshold OBJECT-TYPE
    SYNTAX    Unsigned32
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Threshold value for the number of IPv6 security policy rules."
    ::= { hh3cSecDiagTrapsMonitorObjects 6 }
hh3cSecDiagContextThreshold OBJECT-TYPE
    SYNTAX    Unsigned32
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Context number alarm threshold."
    ::= { hh3cSecDiagTrapsMonitorObjects 7 }
hh3cSecDiagNatThreshold OBJECT-TYPE
    SYNTAX    Unsigned32
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Threshold value of NAT entries."
    ::= { hh3cSecDiagTrapsMonitorObjects 8 }
hh3cSecDiagBaggThreshold OBJECT-TYPE
    SYNTAX    Unsigned32
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Threshold value for the number of layer-2 aggregation interfaces."
    ::= { hh3cSecDiagTrapsMonitorObjects 9 }
hh3cSecDiagRaggThreshold OBJECT-TYPE
    SYNTAX    Unsigned32
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Threshold value for the number of three-tier aggregation interfaces."
    ::= { hh3cSecDiagTrapsMonitorObjects 10 }
hh3cSecDiagThroughputThreshold OBJECT-TYPE
    SYNTAX    Unsigned32
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Threshold value for the throughput of internal interface."
    ::= { hh3cSecDiagTrapsMonitorObjects 11 }
hh3cSecDiagThroughputDeviceId OBJECT-TYPE
    SYNTAX    OCTET STRING(SIZE(0..64))
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "1.The slot number of the board, such as slot XX.
        If the slot supports multiple CPUs, it is like slot XX CPU XX.
        (Distributed device,independent operation mode).
        2.The member number of the equipment in IRF, such as slot XX.
        If the slot supports multiple CPUs, it is like slot XX CPU XX.
        (Centralized IRF equipment).
        3.The slot number of the board in the IRF, such as chassis XX slot XX.
        If the slot supports multiple CPUs, the form is chassis XX slot XX CPU XX.
        (Distributed device,IRF mode)."
    ::= { hh3cSecDiagTrapsMonitorObjects 12 }
hh3cSecDiagQaclThreshold OBJECT-TYPE
    SYNTAX    Unsigned32
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "QACL resource usage threshold."
    ::= { hh3cSecDiagTrapsMonitorObjects 13 }
hh3cSecDiagQaclDeviceId OBJECT-TYPE
    SYNTAX    OCTET STRING(SIZE(0..64))
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "1.The slot number of the board, such as slot XX.
        If the slot supports multiple CPUs, it is like slot XX CPU XX.
        (Distributed device,independent operation mode).
        2.The member number of the equipment in IRF, such as slot XX.
        If the slot supports multiple CPUs, it is like slot XX CPU XX.
        (Centralized IRF equipment).
        3.The slot number of the board in the IRF, such as chassis XX slot XX.
        If the slot supports multiple CPUs, the form is chassis XX slot XX CPU XX.
        (Distributed device,IRF mode)."
    ::= { hh3cSecDiagTrapsMonitorObjects 14 }
hh3cSecDiagQaclTotalSlices OBJECT-TYPE
    SYNTAX    Unsigned32
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Total slices value."
    ::= { hh3cSecDiagTrapsMonitorObjects 15 }
hh3cSecDiagQaclSingleSlices OBJECT-TYPE
    SYNTAX Unsigned32
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Number of single-slices remaining."
    ::= { hh3cSecDiagTrapsMonitorObjects 16 }
hh3cSecDiagQaclDoubleSlices OBJECT-TYPE
    SYNTAX    Unsigned32
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Number of double-slices remaining."
    ::= { hh3cSecDiagTrapsMonitorObjects 17 }
hh3cSecDiagQaclMQCEntries OBJECT-TYPE
    SYNTAX    Unsigned32
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Number of MQC-entries remaining."
    ::= { hh3cSecDiagTrapsMonitorObjects 18 }
hh3cSecDiagQaclOpenFlowEntries OBJECT-TYPE
    SYNTAX    Unsigned32
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Number of OpenFlow-entries remaining."
    ::= { hh3cSecDiagTrapsMonitorObjects 19 }
hh3cSecDiagBandwidthThreshold OBJECT-TYPE
    SYNTAX    Unsigned32
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Overall bandwidth threshold."
    ::= { hh3cSecDiagTrapsMonitorObjects 20 }
hh3cSecDiagBladeEngineGroupId OBJECT-TYPE
    SYNTAX    OCTET STRING(SIZE(0..64))
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Engine group ID."
    ::= { hh3cSecDiagTrapsMonitorObjects 21 }
hh3cSecDiagBladeThresholdLevel OBJECT-TYPE
    SYNTAX    Unsigned32
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Threshold level."
    ::= { hh3cSecDiagTrapsMonitorObjects 22 }
hh3cSecDiagBladeThreshold OBJECT-TYPE
    SYNTAX    Unsigned32
    MAX-ACCESS    accessible-for-notify
    STATUS    current
    DESCRIPTION
        "Context number threshold."
    ::= { hh3cSecDiagTrapsMonitorObjects 23 }

END
