SNMP Traps: Brocade login traps (#13770)

* initial push * Some modifications for unit tests
2024-10-07 16:52:45 +00:00 · 2022-02-12 09:42:28 -06:00
parent 67c68b5965
commit 978cd75a32
4 changed files with 178 additions and 1 deletions
--- a/LibreNMS/Snmptrap/Handlers/SnTrapUserLogin.php
+++ b/LibreNMS/Snmptrap/Handlers/SnTrapUserLogin.php
@@ -0,0 +1,47 @@
+<?php
+/**
+ * SnTrapUserLogin.php
+ *
+ * -Description-
+ *
+ * Foundry/Brocade trap for user login.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ * @link       https://www.librenms.org
+ */
+
+namespace LibreNMS\Snmptrap\Handlers;
+
+use App\Models\Device;
+use LibreNMS\Interfaces\SnmptrapHandler;
+use LibreNMS\Snmptrap\Trap;
+use Log;
+
+class SnTrapUserLogin implements SnmptrapHandler
+{
+    /**
+     * Handle snmptrap.
+     * Data is pre-parsed and delivered as a Trap.
+     *
+     * @param  Device  $device
+     * @param  Trap  $trap
+     * @return void
+     */
+    public function handle(Device $device, Trap $trap)
+    {
+        $message = $trap->getOidData($trap->findOid('FOUNDRY-SN-AGENT-MIB::snAgGblTrapMessage.0'));
+        Log::event("$message", $device->device_id, 'trap', 2);
+    }
+}
--- a/LibreNMS/Snmptrap/Handlers/SnTrapUserLogout.php
+++ b/LibreNMS/Snmptrap/Handlers/SnTrapUserLogout.php
@@ -0,0 +1,47 @@
+<?php
+/**
+ * SnTrapUserLogout.php
+ *
+ * -Description-
+ *
+ * Foundry/Brocade trap for user logout.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ * @link       https://www.librenms.org
+ */
+
+namespace LibreNMS\Snmptrap\Handlers;
+
+use App\Models\Device;
+use LibreNMS\Interfaces\SnmptrapHandler;
+use LibreNMS\Snmptrap\Trap;
+use Log;
+
+class SnTrapUserLogout implements SnmptrapHandler
+{
+    /**
+     * Handle snmptrap.
+     * Data is pre-parsed and delivered as a Trap.
+     *
+     * @param  Device  $device
+     * @param  Trap  $trap
+     * @return void
+     */
+    public function handle(Device $device, Trap $trap)
+    {
+        $message = $trap->getOidData($trap->findOid('FOUNDRY-SN-AGENT-MIB::snAgGblTrapMessage.0'));
+        Log::event("$message", $device->device_id, 'trap', 2);
+    }
+}
--- a/config/snmptraps.php
+++ b/config/snmptraps.php
@@ -6,7 +6,7 @@
 | You can change settings by setting them in the environment or .env
 | If there is something you need to change, but is not available as an environment setting,
 | request an environment variable to be created upstream or send a pull request.
-*/
+ */

 return [
    'trap_handlers' => [
@@ -68,6 +68,8 @@ return [
        'FORTINET-FORTIGATE-MIB::fgTrapVpnTunDown' => \LibreNMS\Snmptrap\Handlers\FgTrapVpnTunDown::class,
        'FORTINET-FORTIGATE-MIB::fgTrapVpnTunUp' => \LibreNMS\Snmptrap\Handlers\FgTrapVpnTunUp::class,
        'FORTINET-FORTIMANAGER-FORTIANALYZER-MIB::fmTrapLogRateThreshold' => \LibreNMS\Snmptrap\Handlers\FmTrapLogRateThreshold::class,
+        'FOUNDRY-SN-TRAP-MIB::snTrapUserLogin' => \LibreNMS\Snmptrap\Handlers\SnTrapUserLogin::class,
+        'FOUNDRY-SN-TRAP-MIB::snTrapUserLogout' => \LibreNMS\Snmptrap\Handlers\SnTrapUserLogout::class,
        'IF-MIB::linkDown' => \LibreNMS\Snmptrap\Handlers\LinkDown::class,
        'IF-MIB::linkUp' => \LibreNMS\Snmptrap\Handlers\LinkUp::class,
        'JUNIPER-CFGMGMT-MIB::jnxCmCfgChange' => \LibreNMS\Snmptrap\Handlers\JnxCmCfgChange::class,
--- a/tests/Feature/SnmpTraps/SnTrapUserAuthTest.php
+++ b/tests/Feature/SnmpTraps/SnTrapUserAuthTest.php
@@ -0,0 +1,81 @@
+<?php
+/**
+ * SnTrapUserAuthTest.php
+ *
+ * -Description-
+ *
+ * Tests handling of the SNMPTraps for user login/logout.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ * @link       https://www.librenms.org
+ *
+ * @copyright  2022 Heath Barnhart
+ * @author     Heath Barnhart <hbarnhart@kanren.net>
+ */
+
+namespace LibreNMS\Tests\Feature\SnmpTraps;
+
+use App\Models\Device;
+use LibreNMS\Snmptrap\Dispatcher;
+use LibreNMS\Snmptrap\Trap;
+
+class SnTrapUserAuthTest extends SnmpTrapTestCase
+{
+    /**
+     * Create snTrapUserLogin trap object
+     * Test SnTrapUserLogin handler
+     *
+     * @return void
+     */
+    public function testSnTrapUserLogin()
+    {
+        $device = Device::factory()->create(); /** @var Device $device */
+        $trapText = "$device->hostname
+UDP: [$device->ip]:57602->[192.168.5.5]:162
+SNMPv2-MIB::snmpTrapOID.0 FOUNDRY-SN-TRAP-MIB::snTrapUserLogin
+DISMAN-EVENT-MIB::sysUpTimeInstance 172:9:43:55.64
+FOUNDRY-SN-AGENT-MIB::snAgGblTrapMessage.0 \"Security: ssh login by rancid from src IP $device->ip to PRIVILEGED EXEC mode using RSA as Server Host Key. \"";
+
+        $trap = new Trap($trapText);
+
+        $message = "Security: ssh login by rancid from src IP $device->ip to PRIVILEGED EXEC mode using RSA as Server Host Key. ";
+        \Log::shouldReceive('event')->once()->with($message, $device->device_id, 'trap', 2);
+
+        $this->assertTrue(Dispatcher::handle($trap), 'Could not handle snTrapUserLogin');
+    }
+
+    /**
+     * Create snTrapUserLogout trap object
+     * Test SnTrapUserLogout handler
+     *
+     * @return void
+     */
+    public function testSnTrapUserLogout()
+    {
+        $device = Device::factory()->create(); /** @var Device $device */
+        $trapText = "$device->hostname
+UDP: [$device->ip]:57602->[192.168.5.5]:162
+SNMPv2-MIB::snmpTrapOID.0 FOUNDRY-SN-TRAP-MIB::snTrapUserLogin
+DISMAN-EVENT-MIB::sysUpTimeInstance 172:9:43:55.64
+FOUNDRY-SN-AGENT-MIB::snAgGblTrapMessage.0 \"Security: ssh logout by rancid from src IP $device->ip from USER EXEC mode using RSA as Server Host Key. \"";
+
+        $trap = new Trap($trapText);
+
+        $message = "Security: ssh logout by rancid from src IP $device->ip from USER EXEC mode using RSA as Server Host Key. ";
+        \Log::shouldReceive('event')->once()->with($message, $device->device_id, 'trap', 2);
+
+        $this->assertTrue(Dispatcher::handle($trap), 'Could not handle snTrapUserLogout');
+    }
+}