I'm currently receiving SNMP traps for important alerts from the IPS we have set up. The logs for these traps look something like this:
Ent Value 6: .188.8.131.52.184.108.40.206.3220.127.116.11=This signature is a Metacomponent
Ent Value 7: .18.104.22.168.22.214.171.124.3126.96.36.199=Visual Studio Msmask32.ocx ActiveX Buffer Overflow
Ent Value 8: .188.8.131.52.184.108.40.206.3220.127.116.11=6990
First, how can I find out what strings like "Ent Value 8: .18.104.22.168.22.214.171.124.3126.96.36.199" mean? Is it important?
Second, what is the best way to interpret these traps? I'm assuming I need to write a custom script to gather the important details and do what I want with them?
Any pointers would be very helpful! I just want to know what I'm getting myself into. :)
You can lookup OIDs at this tool:
There are many free/commercial SNMP trap collectors that would help you in this purpose. Scripting can get really involved sometimes, but of course if you are an expert at it, no need to pay money to achieve your desired objectives.