-- extracted from draft-ietf-snmpconf-pm-06.txt -- at Sat Jun 16 06:04:55 2001 POLICY-BASED-MANAGEMENT-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Counter32, Integer32, Gauge32, Unsigned32, experimental FROM SNMPv2-SMI RowStatus, RowPointer, TEXTUAL-CONVENTION, DateAndTime, StorageType FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB; -- Policy-Based Management MIB pmMib MODULE-IDENTITY LAST-UPDATED "200106110000Z" -- June 11, 2001 ORGANIZATION "IETF SNMP Configuration Working Group" CONTACT-INFO " Steve Waldbusser Phone: +1-650-948-6500 Fax: +1-650-745-0671 Email: waldbusser@nextbeacon.com Jon Saperia (WG Co-chair) JDS Consulting, Inc. 174 Chapman St. Watertown MA 02472-3063 USA Phone: +1-617-744-1079 Fax: +1-617-249-0874 Email: saperia@jdscons.com Thippanna Hongal Riverstone Networks, Inc. 5200 Great America Parkway Santa Clara, CA, 95054 USA Phone: +1-408-878-6562 Fax: +1-408-878-6501 Email: hongal@riverstonenet.com David Partain (WG Co-chair) Postal: Ericsson Radio Systems P.O. Box 1248 SE-581 12 Linkoping Sweden Tel: +46 13 28 41 44 E-mail: David.Partain@ericsson.com Any questions or comments about this document can also be directed to the working group at snmpconf@snmp.com." DESCRIPTION "The MIB module for policy-based configuration of SNMP infrastructures." REVISION "200106110000Z" -- June 11, 2001 DESCRIPTION "The original version of this MIB, published as RFCXXXX." ::= { experimental 107 } UTF8String ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An octet string containing information typically in human-readable form. To facilitate internationalization, this information is represented using the ISO/IEC IS 10646-1 character set, encoded as an octet string using the UTF-8 transformation format described in [RFC2279]. Since additional code points are added by amendments to the 10646 standard from time to time, implementations must be prepared to encounter any code point from 0x00000000 to 0x7fffffff. Byte sequences that do not correspond to the valid UTF-8 encoding of a code point or are outside this range are prohibited. The use of control codes should be avoided. When it is necessary to represent a newline, the control code sequence CR LF should be used. For code points not directly supported by user interface hardware or software, an alternative means of entry and display, such as hexadecimal, may be provided. For information encoded in 7-bit US-ASCII, the UTF-8 encoding is identical to the US-ASCII encoding. UTF-8 may require multiple bytes to represent a single character / code point; thus the length of this object in octets may be different from the number of characters encoded. Similarly, size constraints refer to the number of encoded octets, not the number of characters represented by an encoding. Note that when this TC is used for an object that is used or envisioned to be used as an index, then a SIZE restriction MUST be specified so that the number of sub-identifiers for any object instance does not exceed the limit of 128, as defined by [RFC1905]. Note that the size of an UTF8String object is measured in octets, not characters." SYNTAX OCTET STRING -- The policy group pmPolicyTable OBJECT-TYPE SYNTAX SEQUENCE OF PmPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The policy table. A policy is a pairing of a policyCondition and a policyAction which is used to apply the action to a selected set of elements." ::= { pmMib 1 } pmPolicyEntry OBJECT-TYPE SYNTAX PmPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the policy table representing one policy." INDEX { pmPolicyIndex } ::= { pmPolicyTable 1 } PmPolicyEntry ::= SEQUENCE { pmPolicyIndex Unsigned32, pmPolicyGroup UTF8String, pmPolicyPrecedence Unsigned32, pmPolicySchedule Unsigned32, pmPolicyElementTypeFilter UTF8String, pmPolicyConditionProgramIndex Unsigned32, pmPolicyActionProgramIndex Unsigned32, pmPolicyParameters OCTET STRING, pmPolicyConditionMaxLatency Unsigned32, pmPolicyActionMaxLatency Unsigned32, pmPolicyMaxIterations Unsigned32, pmPolicyDescription UTF8String, pmPolicyMatches Gauge32, pmPolicyAbnormalTerminations Gauge32, pmPolicyExecutionErrors Counter32, pmPolicyDebugging INTEGER, pmPolicyAdminStatus INTEGER, pmPolicyStorageType StorageType, pmPolicyRowStatus RowStatus } pmPolicyIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique index for this policy entry." ::= { pmPolicyEntry 1 } pmPolicyGroup OBJECT-TYPE SYNTAX UTF8String (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "An administratively assigned string that is used to group policies. For each element, only one policy in the same group may be active on that element. If multiple policies would be active on an element (because their conditions return non-zero), the execution environment will only allow the policy with the highest value of pmPolicyPrecedence to be active." ::= { pmPolicyEntry 2 } pmPolicyPrecedence OBJECT-TYPE SYNTAX Unsigned32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If while checking to see which policy conditions match an element, 2 or more policies in the same group match the same element, the pmPolicyPrecedence object provides the rule to arbitrate which single policy action will be executed on this element. Of policies in the same group, only the matching policy with the highest precedence value (i.e. 2 is higher than 1) will have its policy action periodically executed on this element. When a policy condition no longer matches an element, the condition-matching policy with the next-highest precedence is immediately run. If a policy condition suddenly begins matching an element, it will immediately be run and any lower-precedence matching policies will not run anymore. In the case where multiple policies share the highest value, it is an implementation-dependent matter as to which single policy action will be chosen. Note that if it is necessary to take certain actions after a policy is no longer active on an element, these actions should be included in a lower-precedence policy that is in the same policy group." ::= { pmPolicyEntry 3 } pmPolicySchedule OBJECT-TYPE SYNTAX Unsigned32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If this object refers to a valid pmSchedGroupIndex, this policy will be activated as specified by the associated schedule entries. Whenever any schedule in the group is active, this policy will be active. A valid pmSchedGroupIndex is one that refers to a pmSchedGroup that contains at least one running schedule with its RowStatus set to 'active'. If the value of this object is 0, this policy is always active." ::= { pmPolicyEntry 4 } pmPolicyElementTypeFilter OBJECT-TYPE SYNTAX UTF8String (SIZE (0..128)) MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the element types for which this policy will be executed. When this policy is active, it will be executed on all elements of these types. The format of this object will be a sequence of pmElementTypeRegOIDPrefix values, encoded in the following form: elementTypeFilter: oid [ ';' oid ]* oid: subid [ '.' subid ]* subid: '0' | decimal_constant For example, to register for the policy to be run on all interface elements, the 'ifEntry' element type will be registered as '1.3.6.1.2.1.2.2.1'. If a value is registered that does not represent a registered pmElementTypeRegOIDPrefix, then that value will be ignored." ::= { pmPolicyEntry 5 } pmPolicyConditionProgramIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "A pointer to the row or rows in the pmPolicyCodeTable that contain the condition code for this policy. When a policy entry is created, an unused pmPolicyCodeIndex value will be assigned to this object. A policy condition is one or more PolicyScript statements which results in a boolean value that represents whether or not an element is a member of a set of elements upon which an action is to be performed. Condition evaluation stops immediately when any run-time exception is detected and the policyAction is not executed. The policyCondition is evaluated for various elements. Any element for which the policyCondition returns any nonzero value will match the condition and will have the associated policyAction executed on that element unless a higher-precedence policy in the same policy group also matches this element. If the condition object is empty (contains no code) or otherwise does not return a value, the element will not be matched. When executing this condition, if SNMP requests are made to the local system, access to objects is under the security credentials of the requester who modified the most recently modified pmPolicyCodeEntry associated with either the pmPolicyConditionProgramIndex value or pmPolicyActionProgramIndex value. In other words, modification of any part of a policy's condition or action will change the credentials stored for the policy. These credentials are the input parameters for isAccessAllowed from the Architecture for Describing SNMP Management Frameworks[1]." ::= { pmPolicyEntry 6 } pmPolicyActionProgramIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "A pointer to the row or rows in the pmPolicyCodeTable that contain the action code for this policy. When a policy entry is created, an unused pmPolicyCodeIndex value will be assigned to this object. A pmPolicyAction is an operation performed on a set of elements. Action evaluation stops immediately when any run-time exception is detected. When executing this action, if SNMP requests are made to the local system, access to objects is under the security credentials of the requester who modified the most recently modified pmPolicyCodeEntry associated with either the pmPolicyConditionProgramIndex value or pmPolicyActionProgramIndex value. In other words, modification of any part of a policy's condition or action will change the credentials stored for the policy. These credentials are the input parameters for isAccessAllowed from the Architecture for Describing SNMP Management Frameworks[1]." ::= { pmPolicyEntry 7 } pmPolicyParameters OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "From time to time, policy scripts may desire one or more parameters (e.g., site-specific constants). These parameters may be installed with the script in this object and are accessible to the script via the getParameters() accessor function. If it is necessary for multiple parameters to be passed to the script, the script can choose whatever encoding/delimiting mechanism is most appropriate." ::= { pmPolicyEntry 8 } pmPolicyConditionMaxLatency OBJECT-TYPE SYNTAX Unsigned32 (0..2147483647) UNITS "milliseconds" MAX-ACCESS read-create STATUS current DESCRIPTION "Every element under the control of this agent is re-checked periodically to see if it is under control of this policy by re-running the condition for this policy. This object lets the manager control the maximum amount of time that may pass before an element is re-checked. In other words, in any given interval of this duration, all elements must be re-checked. Note that it is an implementation-dependent matter as to how the policy agent schedules the checking of various elements within this interval. Implementations may wish to re-run a condition more quickly if they note a change to the role strings for an element." ::= { pmPolicyEntry 9 } pmPolicyActionMaxLatency OBJECT-TYPE SYNTAX Unsigned32 (0..2147483647) UNITS "milliseconds" MAX-ACCESS read-create STATUS current DESCRIPTION "Every element that matches this policy's condition and is therefore under control of this policy will have this policy's action executed periodically to ensure that the element remains in the state dictated by the policy. This object lets the manager control the maximum amount of time that may pass before an element has the action run on it. In other words, in any given interval of this duration, all elements under control of this policy must have the action run on them. Note that it is an implementation-dependent matter as to how the policy agent schedules the policy action on various elements within this interval." ::= { pmPolicyEntry 10 } pmPolicyMaxIterations OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "If a condition or action script iterates in loops too many times in one invocation, it may be considered by the execution environment to be in an infinite loop or otherwise not acting as intended and may be terminated by the execution environment. The execution environment will count the cumulative number of times all 'for' or 'while' loops iterated and will apply a threshold to determine when to terminate the script. It is an implementation-dependent manner as to what threshold the execution environment uses, but the value of this object SHOULD be the basis for choosing the threshold for each script. The value of this object represents a policy-specific threshold and can be tuned for policies of varying workloads. If this value is zero, no threshold will be enforced except for any implementation-dependent maximum. Note that the condition and action invocations are tracked separately." ::= { pmPolicyEntry 11 } pmPolicyDescription OBJECT-TYPE SYNTAX UTF8String MAX-ACCESS read-create STATUS current DESCRIPTION "A description of this rule and its significance, typically provided by a human." ::= { pmPolicyEntry 12 } pmPolicyMatches OBJECT-TYPE SYNTAX Gauge32 UNITS "elements" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of elements that, in their most recent execution of the associated condition, were matched by the condition." ::= { pmPolicyEntry 13 } pmPolicyAbnormalTerminations OBJECT-TYPE SYNTAX Gauge32 UNITS "elements" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of elements that, in their most recent execution of the associated condition or action, have experienced a run-time exception and terminated abnormally. Note that if a policy was experiencing a run-time exception while processing a particular element but on a subsequent invocation it runs normally, this number can decline." ::= { pmPolicyEntry 14 } pmPolicyExecutionErrors OBJECT-TYPE SYNTAX Counter32 UNITS "errors" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times that execution of this policy's condition or action has been terminated due to run-time exceptions." ::= { pmPolicyEntry 15 } pmPolicyDebugging OBJECT-TYPE SYNTAX INTEGER { off(0), on(1) } MAX-ACCESS read-create STATUS current DESCRIPTION "The status of debugging for this policy. If this is turned on(1), log entries will be created in the pmDebuggingTable for each run-time exception that is experienced by this policy." DEFVAL { off } ::= { pmPolicyEntry 16 } pmPolicyAdminStatus OBJECT-TYPE SYNTAX INTEGER { disabled(0), enabled(1), enabledAutoRemove(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The administrative status of this policy. The policy will be runnable only if the associated pmPolicyRowStatus is set to active(1) and this object is set to enabled(1) or enabledAutoRemove(2). If this object is set to enabledAutoRemove(2), the next time the associated schedule moves from the active state to the inactive state, this policy will immediately be deleted, including any associated entries in the pmPolicyCodeTable. [Note to reader: This object exists because a row cannot sit for extended periods of time with it's rowstatus set to inactive (it is subject to garbage collection). This object allows policies to be downloaded but not run except at the convenience of the management station.]" ::= { pmPolicyEntry 17 } pmPolicyStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines whether this policy and any associated entries in the pmPolicyCodeTable are kept in volatile storage and lost upon reboot or if this row is backed up by non-volatile or permanent storage." ::= { pmPolicyEntry 18 } pmPolicyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The row status of this pmPolicyEntry. The status may not be set to active if any of the related entries in the pmPolicyCode table do not have a status of active or if any of the objects in this row are not set to valid values. If this row is deleted, any associated entries in the pmPolicyCodeTable will be deleted as well." ::= { pmPolicyEntry 19 } -- Policy Code Table pmPolicyCodeTable OBJECT-TYPE SYNTAX SEQUENCE OF PmPolicyCodeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The pmPolicyCodeTable stores the code for policy conditions and actions." ::= { pmMib 2 } pmPolicyCodeEntry OBJECT-TYPE SYNTAX PmPolicyCodeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the policy code table representing one code segment. Entries that share a common ProgramIndex value make up a single script. Valid values of ProgramIndex are retrieved from pmPolicyConditionProgramIndex and pmPolicyActionProgramIndex after a pmPolicyEntry is created. Segments of code can then be written to this table using the learned ProgramIndex values." INDEX { pmPolicyCodeProgramIndex, pmPolicyCodeSegment } ::= { pmPolicyCodeTable 1 } PmPolicyCodeEntry ::= SEQUENCE { pmPolicyCodeProgramIndex Unsigned32, pmPolicyCodeSegment Unsigned32, pmPolicyCodeText UTF8String, pmPolicyCodeStatus RowStatus } pmPolicyCodeProgramIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique index for each policy condition or action. The code for each such condition or action may be composed of multiple entries in this table if the code cannot fit in one entry. Values of pmPolicyCodeProgramIndex may not be used unless they have previously been assigned in the pmPolicyConditionProgramIndex or pmPolicyActionProgramIndex objects." ::= { pmPolicyCodeEntry 1 } pmPolicyCodeSegment OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique index for each segment of a policy condition or action. When a policy condition or action spans multiple entries in this table, the code of that policy starts from the lowest-numbered segment and continues with increasing segment values until ending with the highest-numbered segment." ::= { pmPolicyCodeEntry 2 } pmPolicyCodeText OBJECT-TYPE SYNTAX UTF8String (SIZE (1..1024)) MAX-ACCESS read-create STATUS current DESCRIPTION "A segment of policy code (condition or action). Lengthy Policy conditions or actions may be stored in multiple segments in this table that share the same value of pmPolicyCodeProgramIndex. When multiple segments are used, it is recommended that each segment be as large as practical. Entries in this table are associated with policies by values of the pmPolicyConditionProgramIndex and pmPolicyActionProgramIndex objects. If the status of the related policy is active, then this object may not be modified." ::= { pmPolicyCodeEntry 3 } pmPolicyCodeStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this code entry. Entries in this table are associated with policies by values of the pmPolicyConditionProgramIndex and pmPolicyActionProgramIndex objects. If the status of the related policy is active, then this object can not be modified (I.E., deleted or set to notInService) nor may new entries be created." ::= { pmPolicyCodeEntry 4 } -- Element Type Registration Table -- The Element Type Registration table is used by the manager to learn -- what element types are being managed by the system and to register -- new types if necessary. An element type is registered by providing -- the OID of an SNMP entry (i.e., the xxxEntry object) Each row that -- exists under that object is a distinct element. The index of the -- element is the index part of the discovered OID. This index will be -- supplied to policy conditions and actions so that this code can -- inspect and configure the element. pmElementTypeRegTable OBJECT-TYPE SYNTAX SEQUENCE OF PmElementTypeRegEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A registration table for element types managed by this system. Note that agents may automatically configure elements in this table for frequently used element types (interfaces, circuits, etc.). In particular, it may configure elements for whom discovery is optimized in one or both of the following ways: 1. The agent may discover elements by scanning internal data structures as opposed to issuing local SNMP requests. It is possible to recreate the exact semantics described in this table even if local SNMP requests are not issued. 2. The agent may receive asynchronous notification of new elements (for example, 'card inserted') and use that information to instantly create elements rather than through polling. A similar feature might be available for the deletion of elements. Note that the disposition of agent-installed entries is described by the pmPolicyStorageType object." ::= { pmMib 3 } pmElementTypeRegEntry OBJECT-TYPE SYNTAX PmElementTypeRegEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A registration of an element type." INDEX { pmElementTypeRegOIDPrefix } ::= { pmElementTypeRegTable 1 } PmElementTypeRegEntry ::= SEQUENCE { pmElementTypeRegOIDPrefix OBJECT IDENTIFIER, pmElementTypeRegMaxLatency Unsigned32, pmElementTypeRegDescription UTF8String, pmElementTypeRegStorageType StorageType, pmElementTypeRegRowStatus RowStatus } pmElementTypeRegOIDPrefix OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS not-accessible STATUS current DESCRIPTION "This OBJECT IDENTIFIER value identifies a table in which all elements of this type will be found. Every row in the referenced table will be treated as an element for the period of time that it remains in the table. The agent will then execute policy conditions and actions as appropriate on each of these elements. This object identifier value is specified down to the 'entry' component (i.e. ifEntry) of the identifier. The index of each discovered row will be passed to each invocation of the policy condition and policy action. The actual mechanism by which instances are discovered is implementation-dependent. Periodic walks of the table to discover the rows in the table is one such mechanism. This mechanism has the advantage that it can be performed by an agent with no knowledge of the names, syntax or semantics of the MIB objects in the table. This mechanism also serves as the reference design. Other implementation-dependent mechanisms may be implemented that are more efficient (perhaps because they are hard-coded) or that don't require polling. These mechanisms must discover the same elements as the table-walking reference design. A special OBJECT IDENTIFIER '0.0' can be written to this object. '0.0' represents the single instance of the system itself and provides an execution context for policies to operate on 'the system' as well as on MIB objects modeled as scalars. For example, '0.0' gives an execution context for policy-based selection of the operating system code version (likely modeled as a scalar MIB object). The element type '0.0' always exists - as a consequence, no actual discovery will take place and the pmElementTypeRegMaxLatency object will have no effect for the '0.0' element type. However, if the '0.0' element type is not registered in the table, policies will not be executed on the '0.0' element. When a policy is invoked on behalf of a '0.0' entry in this table, the element name will be '0.0' and there is no index of 'this element' (in other words it has zero length)." ::= { pmElementTypeRegEntry 2 } pmElementTypeRegMaxLatency OBJECT-TYPE SYNTAX Unsigned32 UNITS "milliseconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The PM agent is responsible for discovering new elements of types that are registered. This object lets the manager control the maximum amount of time that may pass between the time an element is created and when it is discovered. In other words, in any given interval of this duration, all new elements must be discovered. Note that it is an implementation-dependent matter as to how the policy agent schedules the checking of various elements within this interval." ::= { pmElementTypeRegEntry 3 } pmElementTypeRegDescription OBJECT-TYPE SYNTAX UTF8String (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "A descriptive label for this registered type." ::= { pmElementTypeRegEntry 4 } pmElementTypeRegStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines whether this row is kept in volatile storage and lost upon reboot or if this row is backed up by non-volatile or permanent storage." ::= { pmElementTypeRegEntry 5 } pmElementTypeRegRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this registration entry." ::= { pmElementTypeRegEntry 6 } -- Role Table -- The pmRoleTable is a read-create table that organizes role -- strings sorted by element. This table is used to create and modify -- role strings and their associations as well as to allow a -- management station to learn about the existence of roles and their -- associations. -- -- It is the responsibility of the agent to keep track of any -- re-indexing of the underlying SNMP elements and to continue to -- associate role strings with the element with which they were -- initially configured. -- -- Policy MIB agents that have elements in multiple local contexts -- need to allow some roles to be assigned to elements in particular -- contexts. This is particularly true when some elements have the -- same names in different contexts and the context is required to -- disambiguate them. In those situations, a value for the -- pmRoleContextName may be provided. When a pmRoleContextName value -- is not provided, the assignment is to the element in the default -- context. -- -- Policy MIB agents that discover elements on other systems and -- execute policies on their behalf need to have access to role -- information for these remote elements. In such situations, role -- assignments for other systems can be stored in this table by -- providing values for the pmRoleContextEngineID parameters. -- -- For example: -- Example: -- element role context ctxEngineID #comment -- ifindex.1 gold local, default context -- ifindex.2 gold local, default context -- repeaterid.1 foo rptr1 local, rptr1 context -- repeaterid.1 bar rptr2 local, rptr2 context -- ifindex.1 gold "" A different system -- ifindex.1 gold "" B different system pmRoleTable OBJECT-TYPE SYNTAX SEQUENCE OF PmRoleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The role string table. The agent must store role string associations in nonvolatile storage." ::= { pmMib 4 } pmRoleEntry OBJECT-TYPE SYNTAX PmRoleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A role string entry associates a role string with an individual element." INDEX { pmRoleElement, pmRoleContextName, pmRoleContextEngineID, pmRoleString } ::= { pmRoleTable 1 } PmRoleEntry ::= SEQUENCE { pmRoleElement RowPointer, pmRoleContextName SnmpAdminString, pmRoleContextEngineID OCTET STRING, pmRoleString UTF8String, pmRoleStatus RowStatus } pmRoleElement OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS not-accessible STATUS current DESCRIPTION "The element to which this role string is associated. If the agent assigns new indexes in the MIB table to represent the same underlying element (re-indexing), the agent will modify this value to contain the new index for the underlying element." ::= { pmRoleEntry 1 } pmRoleContextName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS not-accessible STATUS current DESCRIPTION "If the associated element is not in the default context for the target system, this object is used to identify the context. If the element is in the default context, this object is equal to the empty string." ::= { pmRoleEntry 2 } pmRoleContextEngineID OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "If the associated element is on a remote system, this object is used to identify the remote system. This object contains the contextEngineID of the system that this role string assignment is valid for. If the element is on the local system this object will be the empty string." ::= { pmRoleEntry 3 } pmRoleString OBJECT-TYPE SYNTAX UTF8String (SIZE (0..64)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The role string that is associated with an element through this table. A role string is an administratively specified characteristic of a managed element (for example, an interface). It is a selector for policy rules, to determine the applicability of the rule to a particular managed element." ::= { pmRoleEntry 4 } pmRoleStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this role string." ::= { pmRoleEntry 5 } -- Capabilities table -- The pmCapabilitiesTable contains a description of -- the inherent capabilities of the system so that scripts can -- differentially apply code based on the capabilities and so that -- management stations can learn of an agent's capabilities and -- differentially install policies based on the capabilities. pmCapabilitiesTable OBJECT-TYPE SYNTAX SEQUENCE OF PmCapabilitiesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The pmCapabilitiesTable contains a description of the inherent capabilities of the system. Note that it is not necessary to list all OIDs that a mechanism specific MIB Module supports, just the base OID if the implementation is a fully compliant one. If the implementation is not, then additional rows will exist in the table that list the limitations or enhancements." ::= { pmMib 6 } pmCapabilitiesEntry OBJECT-TYPE SYNTAX PmCapabilitiesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The description of a capability or limitation of a capability of the system. An entry will exist for each domain and mechanism specific ability the system has. In the case of a domain specific capability with no mechanism specific parameters, the pmCapabilitiesSubType and all other columns may be null. Entries will exist that contain values for the pmCapabilitiesRestrictOID, pmCapabilitiesRestrictType, pmCapabilitiesRestrictValue and pmCapabilitiesRestrictString objects only when an implementation is reporting a mechanism specific restriction. Multiple entries are possible when more than one restriction for a type or subtype are needed." INDEX { pmCapabilitiesIndex } ::= { pmCapabilitiesTable 1 } PmCapabilitiesEntry ::= SEQUENCE { pmCapabilitiesIndex Unsigned32, pmCapabilitiesType OBJECT IDENTIFIER, pmCapabilitiesSubType OBJECT IDENTIFIER, pmCapabilitiesModificationOID OBJECT IDENTIFIER, pmCapabilitiesModificationType INTEGER, pmCapabilitiesModificationValue Integer32, pmCapabilitiesModificationString OCTET STRING } pmCapabilitiesIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique index for this entry." ::= { pmCapabilitiesEntry 1 } pmCapabilitiesType OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS read-only STATUS current DESCRIPTION "The type of the capability represented by this entry. The IANA will publish the list of identifiers that are valid values for this object." ::= { pmCapabilitiesEntry 2 } pmCapabilitiesSubType OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS read-only STATUS current DESCRIPTION "The sub type of capability is a pointer to a mechanism specific set of capabilities supporting a base technology. In the case of DIFFSERV, the OID value here would be the base OID of the Differentiated Services Policy MIB Module." ::= { pmCapabilitiesEntry 3 } pmCapabilitiesModificationOID OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS read-only STATUS current DESCRIPTION "The OID of the object that is either not supported, supported with one or more limitations, or expanded by an implementation specific module. If this columnar object is other than null then there must be at least an entry in pmCapabilitiesModificationType. Note that this need not be a leaf node or scalar object. If an entire table is not supported, this value can be the base OID for the table." ::= { pmCapabilitiesEntry 4 } pmCapabilitiesModificationType OBJECT-TYPE SYNTAX INTEGER { unsupported(0), restricted(1), additional(2), addvalue(3), maxlimit(4), minlimit(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "An unsupported value indicates that the OID in pmCapabilitiesModificationOID is not supported on this system. A value of 1 indicates that the OID is supported but with restricted values These constraints are described in the pmCapabilitiesModificationValue and pmCapabilitiesModificationString objects. A value of 2 indicates a vendor specific extension to a standard. The OID of the new object is pmCapabilitiesModificationOID. For some implementations, additional functions may be provided. addvalue indicates that this row of the table describes an additional value that the object can take. The specific value is in the pmCapabilitiesModificationValue. The values of 4 and 5 indicate restrictions or the removal of restrictions for the object identified." ::= { pmCapabilitiesEntry 5 } pmCapabilitiesModificationValue OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "If the value of pmCapabilitiesModificationType is 0, this object will be null since 0 indicates no support for the object at all. A value of 1 in the pmCapabilitiesModificationType will be further modified by a single integer value in this object that corresponds to enumerated integer values that are not supported by the system for the object that is identified in this row. This value can also represent the limit values in the pmCapabilitiesModificationType object." ::= { pmCapabilitiesEntry 6 } pmCapabilitiesModificationString OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "Any additional details or description or parameters needed." ::= { pmCapabilitiesEntry 7 } -- The Schedule Group pmSchedLocalTime OBJECT-TYPE SYNTAX DateAndTime (SIZE (11)) MAX-ACCESS read-only STATUS current DESCRIPTION "The local time used by the scheduler. Schedules which refer to calendar time will use the local time indicated by this object. An implementation MUST return all 11 bytes of the DateAndTime textual-convention so that a manager may retrieve the offset from GMT time." ::= { pmMib 7 } -- -- The schedule table which controls the scheduler. -- pmSchedTable OBJECT-TYPE SYNTAX SEQUENCE OF PmSchedEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table defines schedules for policies." ::= { pmMib 8 } pmSchedEntry OBJECT-TYPE SYNTAX PmSchedEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry describing a particular schedule. Unless noted otherwise, writable objects of this row can be modified independent of the current value of pmSchedRowStatus, pmSchedAdminStatus and pmSchedOperStatus. In particular, it is legal to modify pmSchedWeekDay, pmSchedMonth, pmSchedDay, pmSchedHour, and pmSchedMinute when pmSchedRowStatus is active." INDEX { pmSchedIndex } ::= { pmSchedTable 1 } PmSchedEntry ::= SEQUENCE { pmSchedIndex Unsigned32, pmSchedGroupIndex Unsigned32, pmSchedDescr UTF8String, pmSchedTimePeriod UTF8String, pmSchedMonth BITS, pmSchedDay BITS, pmSchedWeekDay BITS, pmSchedTimeOfDay UTF8String, pmSchedLocalOrUtc INTEGER, pmSchedStorageType StorageType, pmSchedRowStatus RowStatus } pmSchedIndex OBJECT-TYPE SYNTAX Unsigned32 (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The locally-unique, administratively assigned index for this scheduling entry." ::= { pmSchedEntry 1 } pmSchedGroupIndex OBJECT-TYPE SYNTAX Unsigned32 (1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The locally-unique, administratively assigned index for the group that this scheduling entry belongs to. To assign multiple schedule entries to the same group, the pmSchedGroupIndex of each entry in the group will be set to the same value. This pmSchedGroupIndex value must be equal to the pmSchedIndex of one of the entries in the group. If the entry is deleted whose pmSchedIndex equals the pmSchedGroupIndex for the group, the agent will assign a new pmSchedGroupIndex to all remaining members of the group. If an entry is not a member of a group, its pmSchedGroupIndex must be assigned to the value of its pmSchedIndex. Policies that are controlled by a group of schedule entries are active when any schedule in the group is active." ::= { pmSchedEntry 2 } pmSchedDescr OBJECT-TYPE SYNTAX UTF8String MAX-ACCESS read-create STATUS current DESCRIPTION "The human readable description of the purpose of this scheduling entry." DEFVAL { ''H } ::= { pmSchedEntry 3 } pmSchedTimePeriod OBJECT-TYPE SYNTAX UTF8String (SIZE (0..31)) MAX-ACCESS read-create STATUS current DESCRIPTION "The overall range of calendar dates and times over which this schedule is valid. It is stored in a slightly extended version of the format for a 'period-explicit' defined in RFC 2445 [22]. This format is expressed as a string representing the starting date and time, in which the character 'T' indicates the beginning of the time portion, followed by the solidus character '/', followed by a similar string representing an end date and time. The start of the period MUST be before the end of the period. Date-Time values are expressed as substrings of the form 'yyyymmddThhmmss'. For example: 20000101T080000/20000131T120000 January 1, 2000, 0800 through January 31, 2000, noon The 'Date with UTC time' format defined in RFC 2445 in which the Date-Time string ends with the character 'Z' is not allowed. This 'period-explicit' format is also extended to allow two special cases in which one of the Date-Time strings is replaced with a special string defined in RFC 2445: 1. If the first Date-Time value is replaced with the string 'THISANDPRIOR', then the value indicates that the schedule is valid at any time prior to the Date-Time that appears after the '/'. 2. If the second Date-Time is replaced with the string 'THISANDFUTURE', then the value indicates that the schedule is valid at any time after the Date-Time that appears before the '/'. Note that while RFC 2445 defines these two strings, they are not specified for use in the 'period-explicit' format. The use of these strings represents an extension to the 'period-explicit' format." ::= { pmSchedEntry 4 } pmSchedMonth OBJECT-TYPE SYNTAX BITS { january(0), february(1), march(2), april(3), may(4), june(5), july(6), august(7), september(8), october(9), november(10), december(11) } MAX-ACCESS read-create STATUS current DESCRIPTION "Within the overall time period specified in the pmSchedTimePeriod object, the value of this object specifies the specific months within that time period that the schedule is active. Setting all bits will cause the schedule to act independently of the month." DEFVAL { { january, february, march, april, may, june, july, august, september, october, november, december } } ::= { pmSchedEntry 5 } pmSchedDay OBJECT-TYPE SYNTAX BITS { d1(0), d2(1), d3(2), d4(3), d5(4), d6(5), d7(6), d8(7), d9(8), d10(9), d11(10), d12(11), d13(12), d14(13), d15(14), d16(15), d17(16), d18(17), d19(18), d20(19), d21(20), d22(21), d23(22), d24(23), d25(24), d26(25), d27(26), d28(27), d29(28), d30(29), d31(30), r1(31), r2(32), r3(33), r4(34), r5(35), r6(36), r7(37), r8(38), r9(39), r10(40), r11(41), r12(42), r13(43), r14(44), r15(45), r16(46), r17(47), r18(48), r19(49), r20(50), r21(51), r22(52), r23(53), r24(54), r25(55), r26(56), r27(57), r28(58), r29(59), r30(60), r31(61) } MAX-ACCESS read-create STATUS current DESCRIPTION "Within the overall time period specified in the pmSchedTimePeriod object, the value of this object specifies the specific days of the month within that time period that the schedule is active. There are two sets of bits one can use to define the day within a month: Enumerations starting with the letter 'd' indicate a day in a month relative to the first day of a month. The first day of the month can therefore be specified by setting the bit d1(0) and d31(30) means the last day of a month with 31 days. Enumerations starting with the letter 'r' indicate a day in a month in reverse order, relative to the last day of a month. The last day in the month can therefore be specified by setting the bit r1(31), and r31(61) means the first day of a month with 31 days. Setting multiple bits will include several days in the set of possible days for this schedule. Setting all bits starting with the letter 'd' or all bits starting with the letter 'r' will cause the schedule to act independently of the day of the month." DEFVAL { { d1, d2, d3, d4, d5, d6, d7, d8, d9, d10, d11, d12, d13, d14, d15, d16, d17, d18, d19, d20, d21, d22, d23, d24, d25, d26, d27, d28, d29, d30, d31, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, r13, r14, r15, r16, r17, r18, r19, r20, r21, r22, r23, r24, r25, r26, r27, r28, r29, r30, r31 } } ::= { pmSchedEntry 6 } pmSchedWeekDay OBJECT-TYPE SYNTAX BITS { sunday(0), monday(1), tuesday(2), wednesday(3), thursday(4), friday(5), saturday(6) } MAX-ACCESS read-create STATUS current DESCRIPTION "Within the overall time period specified in the pmSchedTimePeriod object, the value of this object specifies the specific days of the week within that time period that the schedule is active. Setting all bits will cause the schedule to act independently of the day of the week." DEFVAL { { sunday, monday, tuesday, wednesday, thursday, friday, saturday } } ::= { pmSchedEntry 7 } pmSchedTimeOfDay OBJECT-TYPE SYNTAX UTF8String (SIZE (0..15)) MAX-ACCESS read-create STATUS current DESCRIPTION "Within the overall time period specified in the pmSchedTimePeriod object, the value of this object specifies the range of times in a day that the schedule is active. This value is stored in a format based on the RFC 2445 format for 'time': The character 'T' followed by a 'time' string , followed by the solidus character '/', followed by the character 'T' followed by a second time string. The first time indicates the beginning of the range, while the second time indicates the end. Thus, this value takes the form: 'Thhmmss/Thhmmss'. The second substring always identifies a later time than the first substring. To allow for ranges that span midnight, however, the value of the second string may be smaller than the value of the first substring. Thus, 'T080000/T210000' identifies the range from 0800 until 2100, while 'T210000/T080000' identifies the range from 2100 until 0800 of the following day. When a range spans midnight, it by definition includes parts of two successive days. When one of these days is also selected by either the MonthOfYearMask, DayOfMonthMask, and/or DayOfWeekMask, but the other day is not, then the policy is active only during the portion of the range that falls on the selected day. For example, if the range extends from 2100 until 0800, and the day of week mask selects Monday and Tuesday, then the policy is active during the following three intervals: From midnight Sunday until 0800 Monday; From 2100 Monday until 0800 Tuesday; From 2100 Tuesday until 23:59:59 Tuesday. Setting this value to 'T000000/T235959' will cause the schedule to act independently of the time of day." DEFVAL { '543030303030302F54323335393539'H } -- T000000/T235959 ::= { pmSchedEntry 8 } pmSchedLocalOrUtc OBJECT-TYPE SYNTAX INTEGER { localTime(1), utcTime(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates whether the times represented in the TimePeriod object and in the various Mask objects represent local times or UTC times." DEFVAL { utcTime } ::= { pmSchedEntry 9 } pmSchedStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines whether this schedule entry is kept in volatile storage and lost upon reboot or if this row is backed up by non-volatile or permanent storage. Conceptual rows having the value `permanent' must allow write access to the columnar objects pmSchedDescr, pmSchedWeekDay, pmSchedMonth, pmSchedDay, pmSchedHour, and pmSchedMinute." DEFVAL { volatile } ::= { pmSchedEntry 10 } pmSchedRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this schedule entry." ::= { pmSchedEntry 11 } -- Policy Tracking -- The "policy to element" (PE) table and the "element to policy" (EP) -- table track the status of execution contexts grouped by policy and -- element respectively. pmTrackingPETable OBJECT-TYPE SYNTAX SEQUENCE OF PmTrackingPEEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The pmTrackingPETable describes what elements are under control of a policy. This table is indexed in order to optimize retrieval of the entire status for a given policy." ::= { pmMib 9 } pmTrackingPEEntry OBJECT-TYPE SYNTAX PmTrackingPEEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the pmTrackingPETable. The pmPolicyIndex in the index specifies the policy tracked by this entry." INDEX { pmPolicyIndex, pmTrackingPEElement, pmTrackingPEContextName, pmTrackingPEContextEngineID } ::= { pmTrackingPETable 1 } PmTrackingPEEntry ::= SEQUENCE { pmTrackingPEElement RowPointer, pmTrackingPEContextName SnmpAdminString, pmTrackingPEContextEngineID OCTET STRING, pmTrackingPEInfo BITS } pmTrackingPEElement OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS not-accessible STATUS current DESCRIPTION "The element that is acted upon by the associated policy." ::= { pmTrackingPEEntry 1 } pmTrackingPEContextName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS not-accessible STATUS current DESCRIPTION "If the associated element is not in the default context for the target system, this object is used to identify the context. If the element is in the default context, this object is equal to the empty string." ::= { pmTrackingPEEntry 2 } pmTrackingPEContextEngineID OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "If the associated element is on a remote system, this object is used to identify the remote system. This object contains the contextEngineID of the system on which the associated element resides. If the element is on the local system this object will be the empty string." ::= { pmTrackingPEEntry 3 } pmTrackingPEInfo OBJECT-TYPE SYNTAX BITS { conditionMatched(0), actionSkippedDueToPrecedence(1), conditionRunTimeException(2), conditionUserSignal(3), actionRunTimeException(4), actionUserSignal(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object returns information about the previous policy script executions. If the conditionMatched(0) bit is set, the last execution of the associated policy condition returned non-zero. If the actionSkippedDueToPrecedence(1) bit is set, the last execution of the associated policy condition returned non-zero but the action is not active because it was trumped by a matching policy condition in the same policy group with a higher precedence value. If the conditionRunTimeException(2) bit is set, the last execution of the associated policy condition encountered a run-time exception and aborted. If the conditionUserSignal(3) bit is set, the last execution of the associated policy condition called the signalError() function. If the actionRunTimeException(4) bit is set, the last execution of the associated policy action encountered a run-time exception and aborted. If the actionUserSignal(5) bit is set, the last execution of the associated policy action called the signalError() function. Entries will only exist in this table of one or more bits are set. In particular, if an entry does not exist for a particular policy/element combination, it can be assumed that the policy's condition did not match this element." ::= { pmTrackingPEEntry 4 } -- Element to Policy Table pmTrackingEPTable OBJECT-TYPE SYNTAX SEQUENCE OF PmTrackingEPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The pmTrackingEPTable describes what policies are controlling an element. This table is indexed in order to optimize retrieval of the status of all policies active for a given element." ::= { pmMib 10 } pmTrackingEPEntry OBJECT-TYPE SYNTAX PmTrackingEPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the pmTrackingEPTable. Entries exist for all element/policy combinations for which the policy's condition matches and only if the schedule for the policy is active. The pmPolicyIndex in the index specifies the policy tracked by this entry." INDEX { pmTrackingEPElement, pmTrackingEPContextName, pmTrackingEPContextEngineID, pmPolicyIndex } ::= { pmTrackingEPTable 1 } PmTrackingEPEntry ::= SEQUENCE { pmTrackingEPElement RowPointer, pmTrackingEPContextName SnmpAdminString, pmTrackingEPContextEngineID OCTET STRING, pmTrackingEPStatus INTEGER } pmTrackingEPElement OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS not-accessible STATUS current DESCRIPTION "The element acted upon by the associated policy." ::= { pmTrackingEPEntry 1 } pmTrackingEPContextName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS not-accessible STATUS current DESCRIPTION "If the associated element is not in the default context for the target system, this object is used to identify the context. If the element is in the default context, this object is equal to the empty string." ::= { pmTrackingEPEntry 2 } pmTrackingEPContextEngineID OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "If the associated element is on a remote system, this object is used to identify the remote system. This object contains the contextEngineID of the system on which the associated element resides. If the element is on the local system this object will be the empty string." ::= { pmTrackingEPEntry 3 } pmTrackingEPStatus OBJECT-TYPE SYNTAX INTEGER { on(0), forceOff(1) } MAX-ACCESS read-create STATUS current DESCRIPTION "This entry will only exist if the calendar for the policy is active and if the associated policyCondition returned 1 for this element. A policy can be forcibly disabled on a particular element by setting this value to forceOff(1). The agent should then act as if the policyCondition failed for this element. The forceOff(1) state will persist (even across reboots) until this value is set to on(0) by a management request. The forceOff(1) state may be set even if the entry does not previously exist so that future policy invocations can be avoided. Unless forcibly disabled, if this value exists it's value will be on(0)." ::= { pmTrackingEPEntry 4 } -- Policy Debugging Table -- Policies that have debugging turned on will generate a log entry in -- the policy debugging table for every runtime exception that occurs -- in either the condition or action code. pmDebuggingTable OBJECT-TYPE SYNTAX SEQUENCE OF PmDebuggingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The pmDebuggingTable logs debugging messages when policies experience run-time exceptions in either the condition or action code and the associated pmPolicyDebugging object has been turned on. It is an implementation-dependent manner as to the maximum number of debugging entries that will be stored and the maximum length of time an entry will be kept. If entries must be discarded to make room for new entries, the oldest entries must be discarded first." ::= { pmMib 11 } pmDebuggingEntry OBJECT-TYPE SYNTAX PmDebuggingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the pmDebuggingTable. The pmPolicyIndex in the index specifies the policy that encountered the exception that led to this log entry." INDEX { pmPolicyIndex, pmDebuggingElement, pmDebuggingContextName, pmDebuggingContextEngineID, pmDebuggingLogIndex } ::= { pmDebuggingTable 1 } PmDebuggingEntry ::= SEQUENCE { pmDebuggingElement RowPointer, pmDebuggingContextName SnmpAdminString, pmDebuggingContextEngineID OCTET STRING, pmDebuggingLogIndex Unsigned32, pmDebuggingMessage UTF8String } pmDebuggingElement OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-only STATUS current DESCRIPTION "The element the policy was executing on when it encountered the error that led to this log entry." ::= { pmDebuggingEntry 1 } pmDebuggingContextName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS not-accessible STATUS current DESCRIPTION "If the associated element is not in the default context for the target system, this object is used to identify the context. If the element is in the default context, this object is equal to the empty string." ::= { pmDebuggingEntry 2 } pmDebuggingContextEngineID OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "If the associated element is on a remote system, this object is used to identify the remote system. This object contains the contextEngineID of the system on which the associated element resides. If the element is on the local system this object will be the empty string." ::= { pmDebuggingEntry 3 } pmDebuggingLogIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "A unique index for this log entry amongst other log entries for this policy/element combination." ::= { pmDebuggingEntry 4 } pmDebuggingMessage OBJECT-TYPE SYNTAX UTF8String (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "An error message generated by the policy execution environment. It's recommended that this message include the time of day that the message was generated, if known." ::= { pmDebuggingEntry 5 } -- Notification Registration Table -- A management station may choose not to install policies to a -- system that depend on roles or capabilities that don't exist on any -- elements in the system. However, the management station must be able -- to quickly learn if new roles or capabilities are added to the -- system so that it can immediately install the policies that make -- use of that new role or capability. This table allows a management -- station to register itself so that it will receive -- pmNewRoleNotifications and pmNewCapabilityNotifications whenever a -- role or capability first appears on the system. -- -- pmNewRoleNotifications and pmNewCapabilityNotifications are sent in -- Inform PDU's so they are automatically retransmitted if they are -- not acknowledged. -- -- The procedure to guarantee accurate knowledge of roles and -- capabilities is as follows: -- -- Step 1: The NMS registers itself in the pmNotificationRegTable -- Whenever it receives a notification, it adds the new role -- or capability to its internal database for that system. -- Followed immediately by: -- Step 2: The NMS retrieves the roles and capabilities from the -- system from the pmRoleTable and the -- pmCapabilitiesTable, adding this information to its -- internal database. -- Followed immediately by: -- Step 3: The NMS installs policies on the system, potentially -- skipping policies that depend on roles or capabilities -- that haven't been inserted into the internal database. -- Followed immediately by: -- Step 4: Whenever a notification indicates a new role or -- capability that requires new policies to be installed, -- it will immediately install such policies. The NMS will -- continue this step indefinitely. -- -- Note that using this algorithm to avoid installing "unnecessary" -- policies may result in delays in having the policy available when -- the policy becomes necessary. This delay could become extensive if -- an interruption of communications prevents the notification from -- being delivered and/or the policy from being installed, causing -- the system to not be in compliance with policy for a period of -- time. In particular, if the policy is enforcing security rules, -- this could open up security vulnerabilities during this period of -- time. pmNotificationRegTable OBJECT-TYPE SYNTAX SEQUENCE OF PmNotificationRegEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A manager that wishes to receive notifications about new roles or capabilities on an agent places an entry in the notification registration table. pmNewRoleNotifications and pmNewCapabilityNotifications will then be sent to the target specified in the associated snmpTargetAddr entry. These notifications will be sent until the entry is removed from this table." ::= { pmMib 12 } pmNotificationRegEntry OBJECT-TYPE SYNTAX PmNotificationRegEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the pmNotificationRegTable." INDEX { pmNotificationRegIndex } ::= { pmNotificationRegTable 1 } PmNotificationRegEntry ::= SEQUENCE { pmNotificationRegIndex Unsigned32, pmNotificationRegSnmpTargetAddrName SnmpAdminString, pmNotificationRegStorageType StorageType, pmNotificationRegStatus RowStatus } pmNotificationRegIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique index for this entry." ::= { pmNotificationRegEntry 1 } pmNotificationRegSnmpTargetAddrName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The snmpTargetAddrName of an associated snmpTargetAddrEntry. When the following conditions are true, pmNewRoleNotifications and pmNewCapabilityNotifications should be sent to the specified target: 1) The pmNotificationRegEntry is active 2) The associated snmpTargetAddr entry is fully configured and active. 3) The associated snmpTargetParams entry is fully configured and active." ::= { pmNotificationRegEntry 2 } pmNotificationRegStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines whether this row is kept in volatile storage and lost upon reboot or if this row is backed up by non-volatile or permanent storage." ::= { pmNotificationRegEntry 3 } pmNotificationRegStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this entry." ::= { pmNotificationRegEntry 4 } -- Notifications pmNotifications OBJECT IDENTIFIER ::= { pmMib 13 } pmNewRoleNotification NOTIFICATION-TYPE OBJECTS { pmRoleStatus } STATUS current DESCRIPTION "The pmNewRoleNotification is sent when an agent is configured with its first instance of a previously unused role string (not every time a new element is given a particular role). An instance of the pmRoleStatus object is sent containing the new roleString in it's index. In the event that two or more elements are given the same role simultaneously, it is an implementation-dependent matter as to which pmRoleTable instance will be included in the notification." ::= { pmNotifications 1 } pmNewCapabilityNotification NOTIFICATION-TYPE OBJECTS { pmCapabilitiesType } STATUS current DESCRIPTION "The pmNewCapabilityNotification is sent when an agent gains a new capability that did not previously exist in any element on the system (not every time an element gains a particular role). An instance of the pmCapabilitiesType object is sent containing the identity of the new capability. In the event that two or more elements gain the same capability simultaneously, it is an implementation-dependent matter as to which pmCapabilitiesType instance will be included in the notification." ::= { pmNotifications 2 } pmAbnormalTerminationNotification NOTIFICATION-TYPE OBJECTS { pmTrackingPEInfo } STATUS current DESCRIPTION "The pmAbnormalTerminationNotification is sent when a policy's pmPolicyAbnormalTerminations gauge changes value from zero to any value greater than zero and no such notification has been sent for that policy in the last 5 minutes. The notification contains an instance of the pmTrackingPEInfo object where the pmPolicyIndex component of the index identifies the associated policy and the rest of the index identifies an element on which the policy failed." ::= { pmNotifications 3 } -- Compliance Statements pmConformance OBJECT IDENTIFIER ::= { pmMib 20 } pmCompliances OBJECT IDENTIFIER ::= { pmConformance 1 } pmGroups OBJECT IDENTIFIER ::= { pmConformance 2 } pmCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Describes the requirements for conformance to the Policy-Based Management MIB" MODULE -- this module MANDATORY-GROUPS { pmPolicyManagementGroup, pmSchedGroup, pmNotificationGroup } ::= { pmCompliances 1 } pmPolicyManagementGroup OBJECT-GROUP OBJECTS { pmPolicyGroup, pmPolicyPrecedence, pmPolicySchedule, pmPolicyElementTypeFilter, pmPolicyConditionProgramIndex, pmPolicyActionProgramIndex, pmPolicyParameters, pmPolicyConditionMaxLatency, pmPolicyActionMaxLatency, pmPolicyMaxIterations, pmPolicyDescription, pmPolicyMatches, pmPolicyAbnormalTerminations, pmPolicyExecutionErrors, pmPolicyDebugging, pmPolicyStorageType, pmPolicyAdminStatus, pmPolicyRowStatus, pmPolicyCodeText, pmPolicyCodeStatus, pmElementTypeRegMaxLatency, pmElementTypeRegDescription, pmElementTypeRegStorageType, pmElementTypeRegRowStatus, pmRoleStatus, pmCapabilitiesType, pmCapabilitiesSubType, pmCapabilitiesModificationOID, pmCapabilitiesModificationType, pmCapabilitiesModificationValue, pmCapabilitiesModificationString, pmTrackingPEInfo, pmTrackingEPStatus, pmDebuggingElement, pmDebuggingLogIndex, pmDebuggingMessage, pmNotificationRegSnmpTargetAddrName, pmNotificationRegStorageType, pmNotificationRegStatus } STATUS current DESCRIPTION "Objects that allow for the creation and management of configuration policies." ::= { pmGroups 1 } pmSchedGroup OBJECT-GROUP OBJECTS { pmSchedLocalTime, pmSchedGroupIndex, pmSchedDescr, pmSchedTimePeriod, pmSchedMonth, pmSchedDay, pmSchedWeekDay, pmSchedTimeOfDay, pmSchedLocalOrUtc, pmSchedStorageType, pmSchedRowStatus } STATUS current DESCRIPTION "Objects that allow for the scheduling of policies." ::= { pmGroups 2 } pmNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { pmNewRoleNotification, pmNewCapabilityNotification, pmAbnormalTerminationNotification } STATUS current DESCRIPTION "Notifications sent by an Policy MIB agent." ::= { pmGroups 3 } pmBaseFunctionLibrary OBJECT IDENTIFIER ::= { pmGroups 4 } END -- -- Copyright (C) The Internet Society (2001). All Rights Reserved. -- -- This document and translations of it may be copied and -- furnished to others, and derivative works that comment on or -- otherwise explain it or assist in its implementation may be -- prepared, copied, published and distributed, in whole or in -- part, without restriction of any kind, provided that the above -- copyright notice and this paragraph are included on all such -- copies and derivative works. However, this document itself -- may not be modified in any way, such as by removing the -- copyright notice or references to the Internet Society or -- other Internet organizations, except as needed for the -- purpose of developing Internet standards in which case the -- procedures for copyrights defined in the Internet Standards -- process must be followed, or as required to translate it into -- languages other than English. -- -- The limited permissions granted above are perpetual and will -- not be revoked by the Internet Society or its successors or -- assigns. -- -- This document and the information contained herein is provided -- on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET -- ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR -- IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE -- USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR -- ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A -- PARTICULAR PURPOSE.