DocumentationAPI ReferenceRelease Notes
Documentation

SNMP trap events and object definitions

Use this article to identify BeyondInsight SNMP trap objects, OIDs, varbinds, and event values for on-premises monitoring integrations. BeyondInsight sends SNMP traps to external monitoring systems, and each trap includes a set of fields, called varbinds, that describe what occurred, where it occurred, and which product or service generated the event.

🚧

Important information

Configure SNMP traps only for on-premises deployments.

SNMP trap enumeration

OID Tree
ObjectOID
eEye1.3.6.1.4.1.20730
eEyeNotificationMIB1.3.6.1.4.1.20730.1
eEyeEventObjects1.3.6.1.4.1.20730.1.1
eEyeEvent1.3.6.1.4.1.20730.1.1.1

Object definitions

eEyeEventUniqueID

Definition: Use this object to identify the unique event ID (GUID).

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.0
SyntaxOCTET STRING
Statusoptional

ℹ️

This object uses sub-identifier 0 under eEyeEvent, which is non-standard in SMIv1 (sub-identifiers typically start at 1). The SNMP formatter does not include a varbind for this field, and the eEyeEventAlert VARIABLES list excludes it.

eEyeEventID
FieldValue
OID1.3.6.1.4.1.20730.1.1.1.1
SyntaxOCTET STRING
Statusmandatory

BeyondTrust Discovery scan events

ValueDescription
RET-SCAN-001General
RET-SCAN-002Audits (deprecated)
RET-SCAN-003Machine
RET-SCAN-004Ports
RET-SCAN-005Services
RET-SCAN-006Shares (deprecated)
RET-SCAN-007Users and Groups
RET-SCAN-008Asset
RET-SCAN-009Processes
RET-SCAN-010START_JOB
RET-SCAN-011STOP_JOB
RET-SCAN-012START_IP
RET-SCAN-013STOP_IP
RET-SCAN-014RestrictJob (deprecated)
RET-SCAN-015NoAudits (deprecated)
RET-SCAN-016Target Alerts
RET-SCAN-017Hardware (deprecated)
RET-SCAN-018UNUSED
RET-SCAN-019JobDetail
RET-SCAN-020Software
RET-SCAN-021TarpittedIp (deprecated)
RET-SCAN-022LightWriteBack (deprecated)
RET-SCAN-023WAPDetail (deprecated)
RET-SCAN-024IdentityData (deprecated)
RET-SCAN-025Route List (deprecated)
RET-SCAN-026Discovered IP (deprecated)
RET-SCAN-027Web Scan Results (deprecated)
RET-SCAN-028Job Alerts
RET-SCAN-029Certificates (deprecated)
RET-SCAN-030Database Enumeration
RET-SCAN-031Environmental Alerts (deprecated)
RET-SCAN-032Scheduled Tasks
RET-SCAN-033AltUsers (deprecated)
RET-SCAN-034DCOM Services, COM ClassIDs, and COM+ events

Application audit events

ValueDescription
AppAuditApplication Audit event

Endpoint Privilege Management for Windows / Endpoint Privilege Management for Mac events

ValueDescription
PBW-EVENT-28691Application Requested Elevation
PBW-EVENT-28692Application Launched
PBW-EVENT-28693Custom Rule Applied
PBW-EVENT-28694Shell Rule Applied
PBW-EVENT-28695ActiveX Control Rule Applied
PBW-EVENT-28696ActiveX - Application Requested Elevation
PBW-EVENT-28697UAC Prompt
PBW-EVENT-28698Denied Rule Applied
PBW-EVENT-28699Passive Rule Applied
PBW-EVENT-28701Heartbeat
PBW-EVENT-28702Validate Policy
PBW-EVENT-28703Policy Applied

Password Safe events

ValueDescription
PBPSPassword Safe event

Privilege Management Reporting events

ValueDescription
01Service Starts
02User Logons
03Privileged Account Protection
04Processes

Appliance Health events

ValueNameDescription
UVM-SERVICE-001ServiceErrorAlertService not running when expected
UVM-PERF-001PerformanceAlertSQL Memory Percentage
UVM-PERF-002PerformanceAlertTotal CPU
UVM-PERF-003PerformanceAlertSQL CPU
UVM-PERF-004PerformanceAlertC Drive Space Free
UVM-PERF-005PerformanceAlertM Drive Space Free
UVM-PERF-006PerformanceAlertN Drive Space Free
UVM-PERF-007PerformanceAlertO Drive Space Free
UVM-PERF-008PerformanceAlertRAM Usage
UVM-PERF-105PerformanceAlertPhysical Disk Avg Disk sec/Write
UVM-PERF-106PerformanceAlertPhysical Disk Current Queue Length
UVM-PERF-108PerformanceAlertMemory Pages/sec
UVM-PERF-109PerformanceAlertMemory Cache Bytes
UVM-PERF-112PerformanceAlertPaging File % Usage
UVM-PERF-115PerformanceAlertSQL Server Batch Requests/sec
UVM-PERF-116PerformanceAlertSQL Server SQL Compilations/sec
UVM-PERF-117PerformanceAlertSQL Server SQL Re-Compilations/sec
UVM-PERF-118PerformanceAlertSQL Server User Connections
UVM-PERF-119PerformanceAlertSQL Server Lock Waits/sec
UVM-PERF-120PerformanceAlertSQL Server Page Splits/sec
UVM-PERF-121PerformanceAlertSQL Server Processes Blocked
UVM-PERF-122PerformanceAlertSQL Server Checkpoint Pages/sec
UVM-PERF-123PerformanceAlertWorking Set Total
UVM-HARDWARE-001HardwareFaultAlertBattery Probe Warning
UVM-HARDWARE-002HardwareFaultAlertBattery Failure
UVM-HARDWARE-003HardwareFaultAlertFan Probe Warning
UVM-HARDWARE-004HardwareFaultAlertFan Probe Failure
UVM-HARDWARE-005HardwareFaultAlertHardware Log Near Capacity
UVM-HARDWARE-006HardwareFaultAlertHardware Log Full
UVM-HARDWARE-007HardwareFaultAlertChassis Intrusion Detected
UVM-HARDWARE-008HardwareFaultAlertMemory Pre-failure
UVM-HARDWARE-009HardwareFaultAlertMemory Failure
UVM-HARDWARE-010HardwareFaultAlertSystem Power Warning
UVM-HARDWARE-011HardwareFaultAlertSystem Power Failure
UVM-HARDWARE-012HardwareFaultAlertPower Supply Failure
UVM-HARDWARE-013HardwareFaultAlertPower Supply Warning
UVM-HARDWARE-014HardwareFaultAlertProcessor Warning (throttled)
UVM-HARDWARE-015HardwareFaultAlertProcessor Failure
UVM-HARDWARE-016HardwareFaultAlertRedundancy Degraded
UVM-HARDWARE-017HardwareFaultAlertRedundancy Lost
UVM-HARDWARE-018HardwareFaultAlertTemperature Probe Warning
UVM-HARDWARE-019HardwareFaultAlertTemperature Probe Failure
UVM-HARDWARE-020HardwareFaultAlertVoltage Probe Warning
UVM-HARDWARE-021HardwareFaultAlertVoltage Probe Failure
UVM-HARDWARE-022HardwareFaultAlertWatchdog Auto System Recovery
UVM-HARDWARE-023HardwareFaultAlertStorage System Warning
UVM-HARDWARE-024HardwareFaultAlertStorage System Failure
UVM-HARDWARE-025HardwareFaultAlertStorage Controller Warning
UVM-HARDWARE-026HardwareFaultAlertStorage Controller Failure
UVM-HARDWARE-027HardwareFaultAlertPhysical Disk Warning
UVM-HARDWARE-028HardwareFaultAlertPhysical Disk Failure
UVM-HARDWARE-029HardwareFaultAlertVirtual Disk Warning
UVM-HARDWARE-030HardwareFaultAlertVirtual Disk Failure
UVM-HARDWARE-031HardwareFaultAlertEnclosure Warning
UVM-HARDWARE-032HardwareFaultAlertEnclosure Failure
UVM-HARDWARE-033HardwareFaultAlertStorage Controller Battery Warning
UVM-HARDWARE-034HardwareFaultAlertStorage Controller Battery Failure
UVM-HARDWARE-035HardwareFaultAlertSystem Peak Power
UVM-ANTIMALWARE-001AntiMalwareAlertWindows Defender malware detection
UVM-PERFDAILY-001DailyPerformanceSummaryDaily performance digest summary
UVM-GENERAL-001GeneralAlertCatch-all; see eEyeEventDescription for the specific condition (authentication, boot/shutdown, anti-malware)
eEyeEventAgentDescription

Definition: Use this object to identify the agent that sent the event.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.2
SyntaxOCTET STRING
Statusmandatory

Valid values

ValueNotes
BTDiscoveryBeyondTrust Discovery scanner
RetinaLegacy Retina agent
Blink(deprecated - Blink agent retired)
eEye Auto-Update(deprecated - eEye auto-update agent retired)
Application Bus 3.0Fallback default when the event does not include an agent description
normalizedEPM for Windows / EPM for Mac events
Privileged Management ReportingPrivilege Management Reporting events
(database value)Appliance Health events - value read from database; no fixed enumeration
(empty)Password Safe and Application Audit events do not populate this field
eEyeEventAgentVersion

Definition: Use this object to identify the version of the agent that sent the event.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.3
SyntaxOCTET STRING
Statusoptional

ℹ️

You can find this object and its OID in the MIB, and the Event populates the value. The SNMP formatter does not currently emit a varbind for this field, and the eEyeEventAlert VARIABLES list excludes it.

eEyeEventType
FieldValue
OID1.3.6.1.4.1.20730.1.1.1.4
SyntaxINTEGER
Statusmandatory

Valid values

ValueDescription
0Info
1Warning
2Error
eEyeEventCategory
FieldValue
OID1.3.6.1.4.1.20730.1.1.1.5
SyntaxOCTET STRING
Statusmandatory

Definition: Use this field to identify the event category. The value varies by event source:

  • EPM for Windows / EPM for Mac events: always "pbw"
  • Password Safe events: "System", "Change", or "Propagation"
  • Privilege Management Reporting events: "Service Starts", "User Logons", "Privileged Account Protection", "Processes"
  • Appliance Health events: always "UVMHealth" regardless of sub-type
  • BeyondTrust Discovery scan events: the scan engine sets this value; no fixed enumeration exists. For vulnerability findings (deprecated) it contains the vulnerability category (e.g., "Web", "OS", "Database"). For infrastructure/OS detection events, known values include: "OSDETECT", "OSDETECT\Method", "OSDETECT\CpeString", "Traceroute", "Authentication", "AssetType", "OriginalDNSName"
  • Application audit events: the system or section that generates the event

Application audit category values

GroupValues
Authentication / SessionLogin, Logout, Login Failure, Application Session, Account Lockout, Change Password, BeyondInsight Password Policy, Direct Connect, Direct Connect Failure, TOTP Authentication Failure, TOTP Device Enrolled, Client Certificate, RetinaInsight Login, RetinaInsight Login Failure
Password SafePMM Login, PMM Login Failure, PMM API SignAppIn, PMM API SignOut, PMM API SignIn Failure, PMM API SignAppIn Failure, PMM API Authentication Rule Failure, PMM API Authentication Failure, PMM API Registration, PMM Connector, PMM Change Email Template, PMM Password Rule, PMM Managed System, PMM Managed Account, PMM Functional Account, PMM Global Settings, PMM Application, PMM SSH Key Policies, PMM Access Policy, PMM Access Policy Schedule, PMM Accounts, PMM Mask, PMM Connection Profile, PMM Connection Profile Filter, PMM Cache, PMM Oracle Internet Directory, Managed Account Alias, Propagation Action
Secrets SafeSecrets Safe, Secrets Safe Folder, Secrets Safe Secret
User / Group ManagementUser, User Group, User Group - Smart Rule Role, Attribute, Attribute Type, Domain, Domain Management, Authenticator
Asset / ScanningAssets, Jobs, Scan, Audits and Vulnerabilities (deprecated), EPM Exclusion, EPM Rule, EPM Policy, EPM Policy User
Configuration / AdministrationDashboard, Configure, System Options, BeyondInsight Configuration Tool, Plugin Setting, Purging Options, Worker Node, U-Series Appliance
Organization / StructureOrganization, Workgroup, Smart Rule, Audit Group, Port Group, Address Group, Active Directory Query, Directory Query, Network Security Rule, Shared Safe, Shared Safe Permission
Connectors / IntegrationsCloud Connector, Credential, Third Party Import, Third Party Connector, Third Party Credential Provider, Sailpoint STI, SCIM, Remedy Connector, Remedy Connector Mapping, ServiceNow Connector, ServiceNow Export, ServiceNow Export Mapping, ServiceNow Ticket System, ServiceNow Ticket System Mapping, ServiceNow Import, JIRA Ticket System, CPB Cloud Connector (deprecated), CPB Recommendation (deprecated), EventCollectorOAuth, Ticket
Session / InfrastructureSession Monitoring, Session Utility, Event Forwarder, Reports, Databases, Retina Agent Scan Options (deprecated), VAAddress, VAAddresses, VAAddressGroup, ProxyConfig
eEyeEventDescription

Definition: For Appliance Health UVM-GENERAL-001 (GeneralAlert) events, use this field to identify the specific condition, since all general events share the same ID. Known conditions include authentication access successes and failures, boot/shutdown events (clean vs. unexpected), and anti-malware notifications.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.6
SyntaxOCTET STRING
Statusmandatory
eEyeEventSeverity

Definition: Use this object to identify the event severity, 09 from lowest to highest.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.7
SyntaxINTEGER
Statusmandatory
eEyeEventSubject

Definition: Use this object to identify the event subject. Valid values are the following:

  • Target IP
  • Job Name
  • Job ID
FieldValue
OID1.3.6.1.4.1.20730.1.1.1.8
SyntaxOCTET STRING
Statusmandatory
eEyeEventName
FieldValue
OID1.3.6.1.4.1.20730.1.1.1.9
SyntaxOCTET STRING
Statusmandatory

Definition: Use this object to identify the event name. The value varies by event source:

  • EPM for Windows / EPM for Mac events: the numeric EventTypeId - "28691", "28692", "28693", "28694", "28695", "28696", "28697", "28698", "28699", "28701", "28702", "28703"
  • Password Safe - System events: the role used for the access request. Known values: "Requestor", "Approver", "Requestor/Approver", "ISA", "Administrators", "Built-in Admin", "Session Auditor", "Credentials Manager", "Recorded Session Reviewer", "Active Session Reviewer", "Reports Auditor", "SystemManagement", "AccountManagement", "ConfigurationManagement", "PolicyManagement", "AgentManagement", "DomainManagement", "RoleManagement", "BulkPasswordChange", "AdminSession", "AdminSessionReviewer", "AssetManagement", "APIGlobalQuarantine", "PBW RunAsEvent", "Administrator", "Non-Requestor", "N/A"
  • Password Safe - Change events: "Managed" (managed account), "Functional" (functional account), or "Change" (fallback)
  • Password Safe - Propagation events: "Propagation"
  • Privilege Management Reporting events: "400" (Service Starts), "300" (User Logons), "198" (Privileged Account Protection); Processes events use a dynamic event number read from the database
  • Appliance health events:
    • "ServiceErrorAlert" (UVM-SERVICE-*)
    • "PerformanceAlert" (UVM-PERF-*)
    • "HardwareFaultAlert" (UVM-HARDWARE-*)
    • "AntiMalwareAlert" (UVM-ANTIMALWARE-*)
    • "DailyPerformanceSummary" (UVM-PERFDAILY-*)
    • "GeneralAlert" (UVM-GENERAL-*)
  • BeyondTrust Discovery scan events: set by the scan engine; not a fixed enumeration. For vulnerability findings (deprecated) it contains the specific audit or check name (e.g., a CVE or MS bulletin ID). For scan summary and metadata events, known values include: "Total hosts scanned", "Total hosts found", "Audit Group", "Address Group", "Credential", "IP Entry", "OS Detected", "Traceroute", "Netbios Name", "Method", "REM NAV", "Virtual Machine Name", "Virtual Machine UUID"
  • Application audit events: the action performed. Known values: "Login", "Logout", "Add", "Edit", "Delete", "Read", "Enable", "Disable", "Increase Priority", "Decrease Priority", "Assign", "Rename", "Save As", "Schedule", "Pause Job", "Resume Job", "Stop Job", "Delete Job", "Reset", "Import", "Copy", "Generate", "Validate", "Test", "Update", "Unlock", "Download", "Completed", "Session End", "Add Vulnerability Exclusion" (deprecated), "Remove Vulnerability Exclusion" (deprecated), "Ignore", "Remove from Ignored", "Download Policy JSON", "Bulk Password Change", "Bulk Domain Account Unlink", "Bulk Move Credential", "Bulk Add Credential", "Bulk Read", "Read Password", "ReadSecret", "Move Folder", "Share Secret", "Delete Secret Share", "Delete Secret Shares", "Edit Secret Share", "Lock Session", "Terminate Session", "Default"
eEyeEventNVNumber

Definition: Use this object to identify the number of extra name-value pairs.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.10
SyntaxINTEGER
Statusmandatory
eEyeEventNVTable

Definition: Use this object to identify the table that contains extra information. Every extra item is a name-value pair.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.11
SyntaxSEQUENCE OF EEyeEventNVEntry
Statusoptional
eEyeEventNVEntry

Definition: Use this object to identify one name-value pair, indexed by eEyeEventNVName.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.11.1
Statusmandatory
eEyeEventNVName

Definition: Use this object to identify the name part of the event name-value pair.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.11.1.1
SyntaxOCTET STRING (SIZE 0..50)
Statusmandatory

NVP keys by event source

Password Safe-System events

KeyDescription
UserNameUsername performing the action
RoleUsedRole used (see eEyeEventName for System events for valid values)
ObjectTypeIDNumeric ID of the object type
ObjectTypeType of object affected: "Password Rule", "Email Template", "Functional Account", "Account", "System", "Release Request", "Request Response", "Ticket System", "Password", "Isa Release", "Agent", "AccessPolicy", "Password History", "DSS Key Rule", "RemoteApp Program", "Connection Profile", "Connection Profile Filter", "Session", "Network Security Rule"
ObjectIDNumeric ID of the affected object
OperationAction performed: "Unknown", "Add", "Update", "Delete", "Start", "Stop", "Shutdown", "Retrieve", "Deny", "Expire", "Approve", "Cancel", "Unlock", "SyncAccount", "DeleteSoft", "Enable", "Disable"
Failed0 (success) or 1 (failure)
TargetTarget of the operation
UserIDNumeric ID of the user
IPAddressIP address of the requester
ReasonReason provided with a ticket-based request
TicketSystemTicket system name
TicketNumberTicket identifier
ApproverApprover name

Password Safe-Change events

KeyDescription
ManagedAccountIDNumeric ID of the managed account
FunctionalAccountIDNumeric ID of the functional account
ManagedSystemIDNumeric ID of the managed system
ChangeDtDate/time of the change
ChangeReasonCdReason code: S (Scheduled), R (Post-release reset), T (Ticket-approved reset), V (Approval reset), F (Forced reset), M (Mismatch reset), U (Manual entry), N (Manual entry for new account), A (API change), P (EPM agent change), X (Synced with primary), Y (Un-synced from primary), Z (Forced sync with primary), O (Initial on-boarding via Smart Rule)
ResultChange result: S (Success), F (Failed), C (Cancelled), Q (Queued), U (Schedule Update)
ReleaseIDAssociated release ID
RequestIDAssociated request ID
AccountNameName of the account
NextChangeDateNext scheduled change date
ElevationCommandElevation command (if applicable)

Password Safe-Propagation events

Same keys as Change events, plus per-action result entries for each propagation target (action type, result, target name, username).

eEyeEventNVValue

Definition: Use this object to identify the value part of the event name-value pair.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.11.1.2
SyntaxOCTET STRING
Statusmandatory
eEyeEventSourceIP

Definition: Use this object to identify the event source IP.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.12
SyntaxOCTET STRING
Statusmandatory
eEyeEventOS

Definition: Use this object to identify the operating system.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.13
SyntaxOCTET STRING
Statusmandatory
eEyeEventWKLoc

Description: Use this object to identify the workgroup location.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.14
SyntaxOCTET STRING
Statusmandatory
eEyeEventWKID

Definition: Use this object to identify the workgroup ID.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.15
SyntaxOCTET STRING
Statusmandatory
eEyeEventWKDesc

Definition: Use this object to identify the workgroup description.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.16
SyntaxOCTET STRING
Statusmandatory
eEyeEventClientHost

Definition: Use this object to identify the client hostname.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.17
SyntaxOCTET STRING
Statusmandatory
eEyeEventUserName

**Definition:**Use this object to identify the user name. Valid value: System.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.18
SyntaxOCTET STRING
Statusmandatory
eEyeEventDate

Definition: Use this object to identify the event date.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.19
SyntaxOCTET STRING
Statusmandatory
eEyeEventTransactionGroup

Definition: Use this object to identify the transaction group.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.20
SyntaxOCTET STRING
Statusmandatory
eEyeEventSubjectDesc

Definition: Use this object to identify the subject description. The meaning of this field varies by event source (for example: target computer name for scan events, account name for Password Safe events, user identifier for Application Audit events).

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.21
SyntaxOCTET STRING
Statusoptional

ℹ️

The MIB defines this object and its OID, but the SNMP formatter does not currently emit a varbind for this field. The eEyeEventAlert VARIABLES list excludes it.

eEyeEventAgentID

Definition: Use this object to identify the agent ID.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.22
SyntaxOCTET STRING
Statusmandatory

Valid values

ValueNotes
retinaBeyondTrust Discovery / legacy Retina scan events. Value is the lowercase enum name from LegacyForwardingEventsType. The human-readable scanner label ("BTDiscovery" or "Retina") appears in eEyeEventAgentDescription, not here.
Blink(deprecated - Blink agent retired)
eEye Auto-Update(deprecated - eEye auto-update agent retired)
AppAuditApplication Audit events
pbwEndpoint Privilege Management for Windows events
pbmacEndpoint Privilege Management for Mac events
PBPSPassword Safe events
pmrPrivilege Management Reporting events
generic_appliance_healthAppliance Health events
eEyeEventDLLVersion

Definition: Use this object to identify the DLL version.

FieldValue
OID1.3.6.1.4.1.20730.1.1.1.23
SyntaxOCTET STRING
Statusmandatory

Trap definition

eEyeEventAlert
FieldValue
EnterpriseeEyeNotificationMIB (1.3.6.1.4.1.20730.1)
Specific Trap::= 2

Use this single trap type to monitor BeyondInsight security event notifications, regardless of event source.

Trap OID behavior

  • SNMPv1: The formatter does not explicitly set the enterprise OID and specific-trap field. Do not rely on the specific-trap value matching ::= 2.
  • SNMPv2c/v3: The formatter sets TrapObjectID (snmpTrapOID.0) to the configured trapOid, which defaults to 1.3.6.1.4.1.20730.1. This does not follow the RFC 2576 translation rule that would derive 1.3.6.1.4.1.20730.1.0.2 from the ::= 2 assignment. Match on 1.3.6.1.4.1.20730.1 rather than on the TRAP-TYPE-derived OID.

To identify the event source, examine the eEyeEventAgentID varbind (e.g., 'retina', 'PBPS', 'pbw', 'pbmac', 'AppAudit', 'pmr', 'generic_appliance_health'). To identify the event type within a source, examine the eEyeEventID varbind.

Variables (varbinds included in every trap)

#ObjectOID
1eEyeEventID1.3.6.1.4.1.20730.1.1.1.1
2eEyeEventAgentDescription1.3.6.1.4.1.20730.1.1.1.2
3eEyeEventType1.3.6.1.4.1.20730.1.1.1.4
4eEyeEventCategory1.3.6.1.4.1.20730.1.1.1.5
5eEyeEventDescription1.3.6.1.4.1.20730.1.1.1.6
6eEyeEventSeverity1.3.6.1.4.1.20730.1.1.1.7
7eEyeEventSubject1.3.6.1.4.1.20730.1.1.1.8
8eEyeEventName1.3.6.1.4.1.20730.1.1.1.9
9eEyeEventNVNumber1.3.6.1.4.1.20730.1.1.1.10
10eEyeEventNVName1.3.6.1.4.1.20730.1.1.1.11.1.1
11eEyeEventNVValue1.3.6.1.4.1.20730.1.1.1.11.1.2
12eEyeEventSourceIP1.3.6.1.4.1.20730.1.1.1.12
13eEyeEventOS1.3.6.1.4.1.20730.1.1.1.13
14eEyeEventWKLoc1.3.6.1.4.1.20730.1.1.1.14
15eEyeEventWKID1.3.6.1.4.1.20730.1.1.1.15
16eEyeEventWKDesc1.3.6.1.4.1.20730.1.1.1.16
17eEyeEventClientHost1.3.6.1.4.1.20730.1.1.1.17
18eEyeEventUserName1.3.6.1.4.1.20730.1.1.1.18
19eEyeEventDate1.3.6.1.4.1.20730.1.1.1.19
20eEyeEventTransactionGroup1.3.6.1.4.1.20730.1.1.1.20
21eEyeEventAgentID1.3.6.1.4.1.20730.1.1.1.22
22eEyeEventDLLVersion1.3.6.1.4.1.20730.1.1.1.23
ℹ️

The MIB defines eEyeEventUniqueID(OID.0), eEyeEventAgentVersion(OID.3), and eEyeEventSubjectDesc(OID.21`), but the VARIABLES list above excludes them. The SNMP formatter does not currently emit varbinds for these fields.

Updated about 2 hours ago

©2003-2026 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.