-
Notifications
You must be signed in to change notification settings - Fork 0
/
get_oid_win_event
146 lines (117 loc) · 5.07 KB
/
get_oid_win_event
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
#!/usr/bin/perl
# Author: Martin Fuerstenau, Canon Production Printing Germany
# martin.fuerstenau_at_cpp.canon
#
# Date: 9 Feb 2021
#
# Purpose and features of the program:
#
# -Translating received OID for processing SNMP traps from Windows systems with snmptt and Nagios, Naemon, Icinga..... to event source and eventID
# for checking received events
#
# Structure of a Microsoft eventlog SNMP trap:
#
# .1.3.6.1.4.1.311.1.13.1.37.82.101.109.111.116.101.83.101.114.118.105.99.101.115.83.99.104.101.100.117.108.101.114.67.108.101.97.110.117.112.83.101.114.118.105.99.101.0.50100
# I I I I I I I I I I I I I I
# I I I I I I I I I I I +------------------------------------------------------------------+----------------------------------------------------------------------+ I
# I I I I I I I I I I I I I
# I I I I I I I I I I I source name in ASCII characters I I
# I I I I I I I I I I I I
# I I I I I I I I I I I eventID <-------+
# I I I I I I I I I I +--> Number of characters in source name
# I I I I I I I I I I
# I I I I I I I I I +--> evntagent
# I I I I I I I I I
# I I I I I I I I +--> evntlog
# I I I I I I I I
# I I I I I I I +--> software
# I I I I I I I
# I I I I I I +--> microsoft
# I I I I I I
# I I I I I +--> enterprises
# I I I I I
# I I I I +--> private
# I I I I
# I I I +-> internet
# I I I
# I I +--> dod
# I I
# I +--> org
# I
# +--> iso
#--- Start presets and declarations -------------------------------------
use strict;
use Getopt::Long;
my $ProgName="get_oid_win_event"; # Name of program
my $eventID; # The event ID from the trap
my $eventOID; # Enterprise trap OID in number format
my @eventOID; # Every character from event OID as element of an array
my $eventOIDLength; # Enterprise trap OID in number format
my $eventSource; # Event source from MS event system
my $eventSourceLength;
my $BaseOID=".1.3.6.1.4.1.311.1.13.1"; # Base OID according to description above.
my $loopcnt; # Loop counter for for loop
my $NoA; # Number of arguments handled over
# the program
my $help; # For printing the help message
#--- End presets --------------------------------------------------------
# First we have to fix the number of arguments
$NoA=$#ARGV;
# Right number of arguments (therefore NOA :-)) )
if ( $NoA == -1 )
{
print_usage();
exit 1;
}
Getopt::Long::Configure('bundling');
GetOptions
("h" => \$help, "help" => \$help,
"eventOID=s" => \$eventOID);
if ($help)
{
print_help();
exit 0;
}
if (!defined $eventOID)
{
print "\nEvent OID missing.\n\n";
exit 2;
}
$BaseOID =~ s/\./\\\./g;
$eventOID =~ s/^$BaseOID\.//;
# Split OID into an array
@eventOID = split /\./, $eventOID;
$eventSourceLength = $eventOID[0];
# Remove the first element of the array
splice @eventOID, 0, 1;
$eventOIDLength = scalar @eventOID;
# -1 is important because arry index starts with 0
$eventID = $eventOID[$eventOIDLength - 1];
# Remove 2 last elements of array
splice @eventOID, -2;
$eventOIDLength = scalar @eventOID;
for ( $loopcnt=0;$loopcnt<$eventOIDLength;$loopcnt++)
{
# $eventOID = $eventOID . "." . ord($eventSource[$loopcnt]);
$eventSource = $eventSource . chr($eventOID[$loopcnt]);
}
print "Event Source: $eventSource\n";
print "EventID: $eventID\n";
exit 0;
#--- Begin subroutines --------------------------------------------------
sub print_usage
{
print "\nUsage: \n\n$ProgName ";
print "--eventOID=<event OID>\n\n";
print " or\n\n";
print "$ProgName -h\n\n";
}
sub print_help
{
print "\n";
print "Copyright (c) 2021 Martin Fuerstenau\n";
print "\nUsage: \n\n$ProgName ";
print "--eventOID=<event OID>\n\n";
print "--eventOID=<event OID> The event OID submitted by MS Windows.\n";
print " It will be translated to event source and event ID.\n";
}