SNMP traps and MIBs
The following tables describe the SNMP traps and MIB objects that you might encounter when using the SMC.
The SMC Appliance can be configured for SNMP access. The list of Net-SNMP common MIBs for the SMC Appliance can be found in the /usr/share/snmp/mibs directory. Visit http://www.net-snmp.org for Net-SNMP MIB descriptions.
Firewall/VPN, IPS, and Layer 2 Firewall engines can send SNMP traps on system events. The traps are configured using SNMP Agent elements. Also, Tester entries can be configured to send SNMP traps. The SNMP traps are listed in the table.
Trap name | Objects included | Description |
---|---|---|
fwPolicyInstall | fwSecurityPolicy | (Firewall and Layer 2 Firewall) Policy was installed on the Firewall engine. |
ipsPolicyInstall | ipsSecurityPolicy | (IPS) Policy was installed on the IPS engine. |
nodeBoot | - | Node bootup complete. |
nodeHwmon | nodeHwmonEvent | Hardware monitoring system has detected problems. |
nodeOffline | nodeOperState | Node changed to offline or standby state. |
nodeOnline | nodeOperState | Node changed to online state. |
nodeShutdown | - | Node is shutting down. |
nodeTestFailure | nodeTestIdentity | Test subsystem reported a test failure on the node. |
nodeFailedUserLogin | nodeLastLogin | (Firewall and Layer 2 Firewall) Logon failed on the firewall engine's console or through SSH. |
nodeUserLogin | nodeLastLogin | Log on initiated on the engine's console or through SSH. |
nodeUserLogout | nodeLastLogin | (Firewall and Layer 2 Firewall) Log off on the firewall engine's console or through SSH. |
The STONESOFT-SMI-MIB defines the top-level enterprise registrations for the Forcepoint NGFW products in the .iso.org.dod.internet.private.enterprises.stonesoft
branch (OID .1.3.6.1.4.1.1369
). The Forcepoint NGFW-specific MIB files can be downloaded at https://support.forcepoint.com/Downloads.
- STONESOFT-FIREWALL-MIB
- STONESOFT-IPS-MIB
- STONESOFT-NETNODE-MIB
NGFW Engines in the Firewall/VPN and Layer 2 Firewall roles support objects in STONESOFT-FIREWALL-MIB. NGFW Engines in the IPS role support objects in STONESOFT-IPS-MIB. NGFW Engines in all roles support objects in STONESOFT-NETNODE-MIB.
- IF-MIB (RFC 2863 and RFC 2233)
- IP-MIB (RFC 2011)
- SNMP-USER-BASED-SM-MIB (RFC 3414)
- SNMPv2 MIB (RFC 3418)
Object name | Object description in MIB |
---|---|
fwPolicyTime | The time when the security policy was installed to the Firewall or Layer 2 Firewall |
fwSecurityPolicy | Name of the current security policy on the Firewall or Layer 2 Firewall |
fwSoftwareVersion | Version string of the Firewall or Layer 2 Firewall software |
fwConnNumber | Number of current connections |
fwAccepted | Number of accepted packets |
fwDropped | Number of dropped packets |
fwLogged | Number of logged packets |
fwAccounted | Number of accounted packets |
fwRejected | Number of rejected packets |
fwIfTable | This table contains an entry for each interface in system |
fwIfStatsEntry | Row for an interface |
fwIfStatsIndex | A unique value, greater than zero, for each interface or interface sublayer in the managed system |
fwIfName | Name of interface |
fwIfAcceptedPkts | Number of accepted packets by Firewall or Layer 2 Firewall rules |
fwIfDroppedPkts | Number of dropped packets by Firewall or Layer 2 Firewall rules |
fwIfForwardedPkts | Number of forwarded packets by Firewall or Layer 2 Firewall rules |
fwIfLoggedPkts | Number of logged packets by Firewall or Layer 2 Firewall rules |
fwIfRejectedPkts | Number of rejected packets by Firewall or Layer 2 Firewall rules |
fwIfAccountedPkts | Number of accounted packets by Firewall or Layer 2 Firewall rules |
fwIfAcceptedBytes | Number of accepted bytes by Firewall or Layer 2 Firewall rules |
fwIfForwardedBytes | Number of forwarded bytes by Firewall or Layer 2 Firewall rules |
fwIfDroppedBytes | Number of dropped bytes by Firewall or Layer 2 Firewall rules |
fwIfLoggedBytes | Number of logged bytes by Firewall or Layer 2 Firewall rules |
fwIfRejectedBytes | Number of rejected bytes by Firewall or Layer 2 Firewall rules |
fwIfAccountedBytes | Number of accounted bytes by Firewall or Layer 2 Firewall rules |
fwCpuStatsTable | This table contains an entry for each CPU in a system and total usage of all CPUs |
fwCpuStatsId | A unique value, greater than zero, for each CPU in the managed system. First element with Id '0' is designed for total values |
fwCpuName | Name of data current line concern |
fwCpuTotal | The total CPU load percentage |
fwCpuUser | The percentage of time the CPU has spent running users' processes that are not niced |
fwCpuSystem | The percentage of time the CPU has spent running the kernel and its processes |
fwCpuNice | The percentage of time the CPU has spent running user's processes that have been niced |
fwCpuIdle | The percentage of time the CPU was idle |
fwCpuIoWait | The percentage of time the CPU has been waiting for I/O to complete |
fwCpuHwIrq | The percentage of time the CPU has been servicing hardware interrupts |
fwCpuSoftIrq | The percentage of time the CPU has been servicing software interrupts |
fwSwapBytesTotal | Total swap space |
fwSwapBytesUsed | Used space of swap |
fwSwapBytesUnused | Amount of unused space of swap |
fwMemBytesTotal | Number of available bytes of physical memory |
fwMemBytesUsed | Amount of memory being in use |
fwMemBytesUnused | Number of unused bytes of physical memory |
fwMemBytesBuffers | Amount of memory used as buffers |
fwMemBytesCached | Amount of memory used as cache |
fwDiskSpaceUsageTable | Table contains an entry for each partition mounted in a system |
fwDiskStats | Row of information concerning one partition |
fwPartitionIndex | A unique value, greater than zero, for each partition |
fwPartitionDevName | A unique name of a device |
fwMountPointName | Name of a mount point |
fwPartitionSize | Total size of the partition |
fwPartitionUsed | Amount of used space of the partition (in kilobytes) |
fwPartitionAvail | Information about amount of free space on partition (in kilobytes) |
fwVpnEp4Local | Local IPv4 endpoint address |
fwVpnEp4Remote | Remote IPv4 endpoint address |
fwVpnEp4RemoteType | The type of remote VPN endpoint (static, dynamic, or mobile) |
fwVpnEp4ReceivedBytes | Number of received bytes between the endpoint pair |
fwVpnEp4SentBytes | Number of sent bytes between the endpoint pair |
fwVpnEp4IpsecSa | Number of currently established IPsec SAs between the endpoint pair |
fwVpnEp6Local | Local IPv6 endpoint address |
fwVpnEp6Remote | Remote IPv6 endpoint address |
fwVpnEp6RemoteType | The type of remote VPN endpoint (static, dynamic, or mobile) |
fwVpnEp6ReceivedBytes | Number of received bytes between the endpoint pair |
fwVpnEp6SentBytes | Number of sent bytes between the endpoint pair |
fwVpnEp6IpsecSa | Number of currently established IPsec SAs between the endpoint pair |
adslModulation | Modulation protocol |
adslChannel | Channel type |
adslConnStatus | The status of the DSL link or communication status with DSL modem in case of communication error |
adslConnUptime | Uptime of current ADSL connection |
adslLineStatus | Status of DSL line |
adslInOctets | Number of bytes received by ADSL interface |
adslOutOctets | Number of bytes transmitted by ADSL interface |
adslSynchroSpeedUp | The actual rate at which data is flowing upstream |
adslSynchroSpeedDown | The actual rate at which data is flowing downstream |
adslAttenuationUp | An estimate of the average loop attenuation upstream |
adslAttenuationDown | An estimate of the average loop attenuation downstream |
adslNoiseMarginUp | This is a signal-to-noise ratio (SNR) margin for traffic going upstream |
adslNoiseMarginDown | This is a signal-to-noise ratio (SNR) margin for traffic going downstream |
adslHecErrorsUp | The total number of header error checksum errors upstream |
adslHecErrorsDown | The total number of header error checksum errors downstream |
adslOcdErrorsUp | The number of out-of-cell delineation errors upstream |
adslOcdErrorsDown | The number of out-of-cell delineation errors downstream |
adslLcdErrorsUp | The total of lost-cell-delineation errors upstream |
adslLcdErrorsDown | The total of lost-cell-delineation errors downstream |
adslBitErrorsUp | The number of bit errors upstream |
adslBitErrorsDown | The number of bit errors downstream |
Object name | Object description in MIB |
---|---|
ipsPolicyTime | The time when the security policy was installed to the IPS engine |
ipsSecurityPolicy | Name of the current security policy on the IPS engine |
ipsSoftwareVersion | Version string of the IPS software |
Object name | Object description in MIB |
---|---|
nodeClusterId | The identification number of the cluster this node belongs to |
nodeCPULoad | The CPU load percentage on the node |
nodeHwmonEvent | Reason for the hardware monitoring event |
nodeLastLogin | The most recent logon event on the node |
nodeLastLoginTime | Time stamp of the most recent logon event on the node |
nodeMemberId | Node's member identification within the cluster |
nodeOperState | The operative (clustering) state of the node |
nodeTestIdentity | Identification string of a nodeTest |
nodeTestResult | The most recent result of the nodeTest |
nodeTestResultTime | The time stamp of the most recent result of the nodeTest |
Object name | Object description in MIB |
---|---|
ifAdminStatus | The state of the interface that the administrator wants. The testing(3) state indicates that no operational packets can be passed. When a managed system initializes, all interfaces start with ifAdminStatus in the down(2) state. As a result of either explicit management action or per configuration information retained by the managed system, ifAdminStatus is then changed to either the up(1) or testing(3) states (or remains in the down(2) state). |
ifAlias | This object is an 'alias' name for the interface as specified by a network manager, and provides a non-volatile 'handle' for the interface. On the first instantiation of an interface, the value of ifAlias associated with that interface is the zero-length string. As and when a value is written into an instance of ifAlias through a network management set operation, then the agent must retain the supplied value in the ifAlias instance associated with the same interface for as long as that interface remains instantiated, including across all reinitializations or reboots of the network management system, including those which result in a change of the interface's ifIndex value. An example of the value which a network manager might store in this object for a WAN interface is the (Telco's) circuit number or identifier of the interface. Some agents can support write-access only for interfaces having particular values of ifType. An agent which supports write access to this object is required to keep the value in non-volatile storage, but it can limit the length of new values depending on how much storage is already occupied by the current values for other interfaces. |
ifDescr | A textual string containing information about the interface. This string includes the name of the manufacturer, the product name, and the version of the interface hardware or software. |
ifHCInMulticastPkts |
The 64-bit wide number of packets, delivered by this sublayer to a higher (sub)layer, which were addressed to a multicast address at this sublayer. For a MAC layer protocol, this includes both Group and Functional addresses. This object is a 64-bit version of ifInMulticastPkts. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. The 32-bit ifInMulticastPkts reports the low 32-bits of this counter's value. |
ifHCInOctets |
The 64-bit wide total number of octets received on the interface, including framing characters. This object is a 64-bit version of ifInOctets. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. The 32-bit ifInOctets reports the low 32-bits of this counter's value. |
ifHCInUcastPkts |
The 64-bit wide number of packets, delivered by this sublayer to a higher (sub-)layer, which were not addressed to a multicast or broadcast address at this sublayer. This object is a 64-bit version of ifInUcastPkts. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. The 32-bit ifInUcastPkts reports the low 32-bits of this counter's value. |
ifHCOutOctets |
The 64-bit wide total number of octets transmitted out of the interface, including framing characters. This object is a 64-bit version of ifOutOctets. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. The 32-bit ifOutOctets reports the low 32-bits of this counter's value. |
ifHCOutUcastPkts |
The 64-bit wide total number of packets that higher-level protocols requested to be transmitted, and which were not addressed to a multicast or broadcast address at this sublayer, including those packets that were discarded or not sent. This object is a 64-bit version of ifOutUcastPkts. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. The 32-bit ifOutUcastPkts reports the low 32-bits of this counter's value. |
ifHighSpeed | An estimate of the interface's current bandwidth in units of 1,000,000 bits per second. If this object reports a value of 'n', then the speed of the interface is somewhere in the range of 'n-500,000' to 'n+499,999'. For interfaces which do not vary in bandwidth or for those where no accurate estimation can be made, this object contains the nominal bandwidth. For a sublayer which has no concept of bandwidth, this object must be zero. |
ifIndex | A unique value, greater than zero, for each interface. It is recommended that values are assigned contiguously starting from 1. The value for each interface sublayer must remain constant at least from one reinitialization of the entity's network management system to the next reinitialization. |
ifInDiscards | The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. |
ifInErrors | For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character- oriented or fixed-length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. |
ifInMulticastPkts |
The 32-bit wide number of packets, delivered by this sublayer to a higher (sub)layer, which were addressed to a multicast address at this sublayer. For a MAC layer protocol, this includes both Group and Functional addresses. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. This object reports the low 32-bits of the 64-bit ifHCInMulticastPkts counter's value. |
ifInOctets |
The 32-bit wide total number of octets received on the interface, including framing characters. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. This object reports the low 32-bits of the 64-bit ifHCInOctets counter's value. |
ifInUcastPkts |
The 32-bit wide number of packets, delivered by this sublayer to a higher (sub-)layer, which were not addressed to a multicast or broadcast address at this sublayer. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. This object reports the low 32-bits of the 64-bit ifHCInUcastPkts counter's value. |
ifLastChange | The value of sysUpTime at the time the interface entered its current operational state. If the current state was entered before the last reinitialization of the local network management subsystem, this object contains a zero value. |
ifLinkUpDownTrapEnable | Indicates whether linkUp or linkDown traps are generated for this interface. By default, this object must have the value enabled(1) for interfaces which do not operate on 'top' of any other interface (as defined in the ifStackTable), and disabled(2) otherwise. |
ifMtu | The size of the largest packet which can be sent or received on the interface, specified in octets. For interfaces that are used for transmitting network datagrams, this is the size of the largest network datagram that can be sent on the interface. |
ifName | The textual name of the interface. The value of this object must be the name of the interface as assigned by the local device. It must be suitable for use in commands entered at the device's 'console'. This name might be a text name, such as 'le0' or a simple port number, such as '1', depending on the interface naming syntax of the device. If several entries in the ifTable together represent a single interface as named by the device, each will have the same value of ifName. For an agent which responds to SNMP queries concerning an interface on some other (proxied) device, then the value of ifName for such an interface is the proxied device's local name for it. If there is no local name, or this object is otherwise not applicable, this object contains a zero-length string. |
ifNumber | The number of network interfaces (regardless of their current state) present on this system. |
ifOperStatus | The current operational state of the interface. The testing(3) state indicates that no operational packets can be passed. If ifAdminStatus is down(2), then ifOperStatus is down(2). If ifAdminStatus is changed to up(1), then ifOperStatus changes to up(1) if the interface is ready to transmit and receive network traffic; it changes to dormant(5) if the interface is waiting for external actions (such as a serial line waiting for an incoming connection); it remains in the down(2) state if and only if there is a fault that prevents it from going to the up(1) state; it remains in the notPresent(6) state if the interface has missing (typically, hardware) components. |
ifOutDiscards | The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being transmitted. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. |
ifOutErrors | For packet-oriented interfaces, the number of outbound packets that could not be transmitted because of errors. For character-oriented or fixed-length interfaces, the number of outbound transmission units that could not be transmitted because of errors. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. |
ifOutOctets |
The 32-bit wide total number of octets transmitted out of the interface, including framing characters. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. This object reports the low 32-bits of the 64-bit ifHCOutOctets counter's value. |
ifOutUcastPkts |
The 32-bit wide total number of packets that higher-level protocols requested to be transmitted, and which were not addressed to a multicast or broadcast address at this sublayer, including the packets that were discarded or not sent. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. This object reports the low 32-bits of the 64-bit ifHCOutUcastPkts counter's value. |
ifPhysAddress | The interface's address at its protocol sublayer. For example, for an 802.x interface, this object normally contains a MAC address. The interface's media-specific MIB must define the bit and byte ordering and the format of the value of this object. For interfaces that do not have such an address (for example, a serial line), this object must contain an octet string of zero length. |
ifPromiscuousMode | This object has a value of false(2) if this interface only accepts packets or frames that are addressed to this station. This object has a value of true(1) when the station accepts all packets or frames transmitted on the media. The value true(1) is only legal on certain types of media. If legal, setting this object to a value of true(1) might require the interface to be reset before becoming effective. The value of ifPromiscuousMode does not affect the reception of broadcast and multicast packets or frames by the interface. |
ifSpeed | An estimate of the interface's current bandwidth in bits per second. For interfaces which do not vary in bandwidth or for those where no accurate estimation can be made, this object must contain the nominal bandwidth. If the bandwidth of the interface is greater than the maximum value reportable by this object, then this object must report its maximum value (4,294,967,295) and ifHighSpeed must be used to report the interface's speed. For a sublayer which has no concept of bandwidth, this object must be zero. |
ifType | The type of interface. Additional values for ifType are assigned by the Internet Assigned Numbers Authority (IANA), through updating the syntax of the IANAifType textual convention. |
Object name | Object description in MIB |
---|---|
usmStatsDecryptionErrors | The total number of packets received by the SNMP engine which were dropped because they could not be decrypted. |
usmStatsNotInTimeWindows | The total number of packets received by the SNMP engine which were dropped because they appeared outside of the authoritative SNMP engine's window. |
usmStatsUnknownEngineIDs | The total number of packets received by the SNMP engine which were dropped because they referenced an snmpEngineID that was not known to the SNMP engine. |
usmStatsUnknownUserNames | The total number of packets received by the SNMP engine which were dropped because they referenced a user that was not known to the SNMP engine. |
usmStatsUnsupportedSecLevels | The total number of packets received by the SNMP engine which were dropped because they requested a security Level that was unknown to the SNMP engine or otherwise unavailable. |
usmStatsWrongDigests | The total number of packets received by the SNMP engine which were dropped because they did not contain the expected digest value. |
usmUserSpinLock | An advisory lock used to allow several cooperating Command Generator Applications to coordinate their use of facilities to change secrets in the usmUserTable. |
usmUserStatus | The status of this conceptual row. Until instances of all corresponding columns are appropriately configured, the value of the corresponding instance of the usmUserStatus column is 'notReady'. In particular, a newly created row for a user who employs authentication cannot be made active until the corresponding usmUserCloneFrom and usmUserAuthKeyChange have been set. Further, a newly created row for a user who also employs privacy cannot be made active until the usmUserPrivKeyChange has been set. The RowStatus TC [RFC2579] requires that this DESCRIPTION clause states under which circumstances other objects in this row can be edited: The value of this object has no effect on whether other objects in this conceptual row can be edited, except for usmUserOwnAuthKeyChange and usmUserOwnPrivKeyChange. For these 2 objects, the value of usmUserStatus MUST be active. |
Object name | Object description in MIB |
---|---|
snmpEnableAuthenTraps | Indicates whether the SNMP entity is permitted to generate authenticationFailure traps. The value of this object overrides any configuration information; as such, it provides a means whereby all authenticationFailure traps can be disabled. It is recommended that this object is stored in non-volatile memory so that it remains constant across reinitializations of the network management system. |
snmpInASNParseErrs | The total number of ASN.1 or BER errors encountered by the SNMP entity when decoding received SNMP messages. |
snmpInBadCommunityNames | The total number of SNMP messages delivered to the SNMP entity which used an SNMP community name not known to said entity. |
snmpInBadCommunityUses | The total number of SNMP messages delivered to the SNMP entity which represented an SNMP operation which was not allowed by the SNMP community named in the message. |
snmpInBadVersions | The total number of SNMP messages which were delivered to the SNMP entity and were for an unsupported SNMP version. |
snmpInPkts | The total number of messages delivered to the SNMP entity from the transport service. |
snmpProxyDrops | The total number of GetRequest-PDUs, GetNextRequest-PDUs, GetBulkRequest-PDUs, SetRequest-PDUs, and InformRequest-PDUs delivered to the SNMP entity which were silently dropped because the transmission of the (possibly translated) message to a proxy target failed in a manner (other than a time-out) such that no Response-PDU could be returned. |
snmpSetSerialNo | An advisory lock used to allow several cooperating SNMPv2 entities, all acting in a manager role, to coordinate their use of the SNMPv2 set operation. This object is used for coarse-grain coordination. To achieve fine-grain coordination, one or more similar objects might be defined within each MIB group, as appropriate. |
snmpSilentDrops | The total number of GetRequest-PDUs, GetNextRequest-PDUs, GetBulkRequest-PDUs, SetRequest-PDUs, and InformRequest-PDUs delivered to the SNMP entity which were silently dropped because the size of a reply containing an alternate Response-PDU with an empty variable-bindings field was greater than either a local constraint or the maximum message size associated with the originator of the request. |
sysContact | The textual identification of the contact person for this managed node, together with information about how to contact this person. If no contact information is known, the value is the zero-length string. |
sysDescr | A textual description of the entity. This value must include the full name and version identification of the system's hardware type, software operating-system, and networking software. |
sysLocation | The physical location of this node (for example, 'telephone closet, 3rd floor'). If the location is unknown, the value is the zero-length string. |
sysName | An administratively assigned name for this managed node. By convention, this is the node's fully qualified domain name. If the name is unknown, the value is the zero-length string. |
sysObjectID | The vendor's authoritative identification of the network management subsystem contained in the entity. This value is allocated within the SMI enterprises subtree (1.3.6.1.4.1) and provides an easy and unambiguous means for determining 'what kind of box' is being managed. For example, if vendor 'Flintstones, Inc.' was assigned the subtree 1.3.6.1.4.1.4242, it could assign the identifier 1.3.6.1.4.1.4242.1.1 to its 'Fred Router'. |
sysServices | A value which indicates the set of services that this entity potentially offers. The value is a sum. This sum initially takes the value zero. Then, for
each layer, L, in the range 1 through 7, that this node performs transactions for, 2 raised to (L - 1) is added to the sum. For example, a node which performs only routing
functions would have a value of 4 (2^(3–1)). In contrast, a node which is a host offering application services would have a value of 72 (2^(4–1) + 2^(7–1)). In the context
of the Internet suite of protocols, values must be calculated accordingly:
|
sysUpTime | The time (in hundredths of a second) since the network management portion of the system was last reinitialized. |