Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
The ONE Campaign to make poverty history

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Glossary
MoreInfo
Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
FAQ
Copyright Info
Terms of Use
Privacy Info
Disclaimer
WorkBoard
Thanks
Donations
Advertising
Masthead / Impressum
Your Account

Communication
Feedback
Forums
Private Messages
Surveys

Features
HOWTOs
News Archive
Submit News
Topics
User Articles
Web Links

Google
Google


The Web
linux-tutorial.info

Who's Online
There are currently, 217 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

  

snmpd.conf




DESCRIPTION

       snmpd.conf is the configuration file which defines how the
       ucd-smnp SNMP agent operates.  These files may contain any
       of the directives found in the DIRECTIVES  section  below.
       This  file  is  not  required for the agent to operate and
       report mib entries.


PLEASE READ FIRST

       First, make sure you have read the  snmp_config(5)  manual
       page  that  describes how the ucd-snmp configuration files
       operate, where they are located  and  how  they  all  work
       together.

       Also,  you might consider looking into the snmpconf appli­
       cation (perl script) which can help you build a snmpd.conf
       file by prompting you for information.  You should try it.
       Really.  Go ahead.  Right now.  Run:

              snmpconf -g basic_setup

       to get you started.


EXTENSIBLE-MIB

       The ucd-snmp SNMP agent reports much  of  its  information
       through queries to the 1.3.6.1.4.1.2021 section of the mib
       tree.  Every mib in this section has the  following  table
       entries in it.

       .1 -- index
              This  is  the table's index numbers for each of the
              DIRECTIVES listed below.

       .2 -- name
              The name of the given table entry.  This should  be
              unique, but is not required to be.

       .100 -- errorFlag
              This is a flag returning either the integer value 1
              or 0 if an error is detected for this table  entry.

       .101 -- errorMsg
              This is a DISPLAY-STRING describing any error trig­
              gering the errorFlag above.

       .102 -- errorFix
              If this entry is SNMPset to the integer value of  1
              AND  the  errorFlag  defined above is indeed a 1, a
              program or script will get executed with the  table
              entry name from above as the argument.  The program
              to be executed is configured in the  config.h  file
              at compile time.
              table as reported by "/bin/ps -e".

              If MAX and MIN are not specified, MAX is assumed to
              be infinity and MIN is assumed to be 1.

              If MAX is specified but MIN is not  specified,  MIN
              is assumed to be 0.

       procfix NAME PROG ARGS
              This  registers  a  command  that  knows how to fix
              errors  with  the   given   process   NAME.    When
              1.3.6.1.4.1.2021.2.1.102  for a given NAMEd program
              is set to the integer value of 1, this command will
              be  called.   It  defaults  to a compiled value set
              using the PROCFIXCMD  definition  in  the  config.h
              file.

       exec NAME PROG ARGS

       exec MIBNUM NAME PROG ARGS

              If  MIBNUM is not specified, the agent executes the
              named PROG with arguments of ARGS and  returns  the
              exit status and the first line of the STDOUT output
              of   the   PROG   program   to   queries   of   the
              1.3.6.1.4.1.2021.8.1.100                        and
              1.3.6.1.4.1.2021.8.1.101   mib   columns   (respec­
              tively).   All  STDOUT output beyond the first line
              is silently truncated.

              If MIBNUM  is  specified,  it  acts  as  above  but
              returns  the  exit  status  to MIBNUM.100.0 and the
              entire STDOUT output to the table MIBNUM.101  in  a
              mib  table.   In this case, the MIBNUM.101 mib con­
              tains the entire STDOUT output, one mib table entry
              per line of output (ie, the first line is output as
              MIBNUM.101.1, the second at MIBNUM.101.2,  etc...).

              Note:  The MIBNUM must be specified in dotted-inte­
                     ger notation and can  not  be  specified  as
                     ".iso.org.dod.internet..."  (should  instead
                     be .1.3.6.1...).

              Note:  The agent caches the exit status and  STDOUT
                     of the executed program for 30 seconds after
                     the initial  query.   This  is  to  increase
                     speed  and  maintain consistency of informa­
                     tion for  consecutive  table  queries.   The
                     cache  can  be flushed by a snmp-set request
                     of integer(1)  to  1.3.6.1.4.1.2021.100.VER­
                     CLEARCACHE.

              MINSPACE (kB) if specified or less than  MINPERCENT
              (%)  if  a  %  sign  is  specified, or DEFDISKMINI­
              MUMSPACE (kB)  if  not  specified,  the  associated
              entry  in  the  1.3.6.1.4.1.2021.9.1.100  mib table
              will be set to (1) and a descriptive error  message
              will      be     returned     to     queries     of
              1.3.6.1.4.1.2021.9.1.101.

       load MAX1

       load MAX1 MAX5

       load MAX1 MAX5 MAX15

              Checks the load average of the machine and  returns
              an error flag (1), and an text-string error message
              to   queries   of   1.3.6.1.4.1.2021.10.1.100   and
              1.3.6.1.4.1.2021.10.1.101  (respectively)  when the
              1-minute, 5-minute, or  15-minute  averages  exceed
              the associated maximum values.  If any of the MAX1,
              MAX5, or MAX15 values are unspecified, they default
              to a value of DEFMAXLOADAVE.

       file FILE [MAXSIZE]
              Monitors  file sizes and makes sure they don't grow
              beyond a  certain  size  (in  kilobytes).   MAXSIZE
              defaults  to  infinite  if  not specified, and only
              monitors the size without  reporting  errors  about
              it.  A maximum of 20 files can be monitored.

   Errors
       Any errors in obtaining the above information are reported
       via   the   1.3.6.1.4.1.2021.101.1.100   flag   and    the
       1.3.6.1.4.1.2021.101.1.101 text-string description.


AGENTX SUB-AGENTS

       To enable AgentX support in the snmp master agent, put the
       following line in your snmpd.conf file:

       master agentx
              Note that this support is still  experimental,  and
              should  not  be  used  on  production systems.  See
              README.agentx for details.


SMUX SUB-AGENTS

       To enable and SMUX based sub-agent, such as gated, use the
       smuxpeer configuration entry

       smuxpeer OID PASS
              For  gated  a  sensible  entry  might  be  smuxpeer
              .1.3.6.1.4.1.4.1.3 secret

       following  keywords  in  the  configuration file: com2sec,
       group, access, and view  as  well  as  some  easier-to-use
       wrapper   directives:  rocommunity,  rwcommunity,  rouser,
       rwuser.

       rocommunity COMMUNITY [SOURCE] [OID]

       rwcommunity COMMUNITY [SOURCE] [OID]
              These create read-only and  read-write  communities
              that  can  be used to access the agent.  They are a
              quick method of using the following com2sec, group,
              access,  and view directive lines.  They are not as
              efficient either, as groups aren't created  so  the
              tables  are possibly larger.  In other words: don't
              use these if you have complex situations to set up.

              The  format  of the SOURCE is token is described in
              the com2sec directive section below.  The OID token
              restricts  access  for that community to everything
              below that given OID.

       rouser USER [noauth|auth|priv] [OID]

       rwuser USER [noauth|auth|priv] [OID]
              Creates a SNMPv3 USM user in the VACM  access  con­
              figuration  tables.  Again, its more efficient (and
              powerful)  to  use  the  combined  com2sec,  group,
              access, and view directives instead.

              The minimum level of authentication and privacy the
              user must use  is  specified  by  the  first  token
              (which  defaults  to  "auth").   The  OID parameter
              restricts access for that user to everything  below
              the given OID.

       com2sec NAME SOURCE COMMUNITY
              This   directive   specifies  the  mapping  from  a
              source/community pair to a  security  name.  SOURCE
              can be a hostname, a subnet, or the word "default".
              A subnet can be specified as  IP/MASK  or  IP/BITS.
              The first source/community combination that matches
              the incoming packet is selected.

       group NAME MODEL SECURITY
              This directive defines the mapping  from  security­
              model/securityname  to  group.  MODEL is one of v1,
              v2c, or usm.

       access NAME CONTEXT MODEL LEVEL PREFX READ WRITE NOTIFY
              The  access  directive  maps  from   group/security
              model/security  level  to  a view.  MODEL is one of
              any, v1, v2c, or usm.   LEVEL  is  one  of  noauth,
              control access to one row in a table,  in  a  rela­
              tively  simple  way.  As  an example, as an ISP you
              might consider giving each customer access  to  his
              or her own interface:

              view cust1 included interfaces.ifTable.ifEntry.ifIndex.1 ff.a0
              view cust2 included interfaces.ifTable.ifEntry.ifIndex.2 ff.a0

              (interfaces.ifTable.ifEntry.ifIndex.1 == .1.3.6.1.2.1.2.2.1.1.1,
              ff.a0 == 11111111.10100000. which nicely covers up and including
              the row index, but lets the user vary the field of the row)

       VACM Examples:
              #       sec.name  source          community
              com2sec local     localhost       private
              com2sec mynet     10.10.10.0/24   public
              com2sec public    default         public

              #             sec.model  sec.name
              group mygroup v1         mynet
              group mygroup v2c        mynet
              group mygroup usm        mynet
              group local   v1         local
              group local   v2c        local
              group local   usm        local
              group public  v1         public
              group public  v2c        public
              group public  usm        public

              #           incl/excl subtree                          mask
              view all    included  .1                               80
              view system included  system                           fe
              view mib2   included  .iso.org.dod.internet.mgmt.mib-2 fc

              #              context sec.model sec.level prefix read   write notify
              access mygroup ""      any       noauth    exact  mib2   none  none
              access public  ""      any       noauth    exact  system none  none
              access local   ""      any       noauth    exact  all    all   all

       Default VACM model
              The default configuration of the agent, as shipped, is functionally
              equivalent to the following entries:
              com2sec   public    default   public
              group     public    v1   public
              group     public    v2c  public
              group     public    usm  public
              view      all  included  .1
              access    public    ""   any  noauth    exact     all  none none


SNMPv3 CONFIGURATION

       engineID STRING
              The  snmpd  agent  needs  to  be configured with an
              that is derived from it.  This key is  a  localized
              key,  so that if it is stolen it can not be used to
              access other agents.  If the  password  is  stolen,
              however, it can be.

              MD5  and  SHA  are the authentication types to use,
              but you must have built the  package  with  openssl
              installed  in  order  to use SHA.  The only privacy
              protocol currently supported is DES.  If  the  pri­
              vacy  passphrase is not specified, it is assumed to
              be the same as the authentication passphrase.  Note
              that  the users created will be useless unless they
              are also added to the VACM  access  control  tables
              described above.

              Warning:  the minimum pass phrase length is 8 char­
              acters.

              SNMPv3 users can be created at  runtime  using  the
              snmpusm command.


SETTING SYSTEM INFORMATION

       syslocation STRING

       syscontact STRING

       sysname STRING
              Sets  the system location, system contact or system
              name for the agent.  This information  is  reported
              in  the  'system' group the mibII tree.  Ordinarily
              these objects (sysLocation.0, sysContact.0 and sys­
              Name.0)  are  read-write.   However, specifying the
              value for one of these objects by giving the appro­
              priate  token  makes the corresponding object read-
              only, and attempts to set the value of  the  object
              will result in a notWritable error response.

       sysservices NUMBER
              Sets  the value of the system.sysServices.0 object.
              For a host, a good value is 72.

       agentaddress [{udp|tcp}:]port[@address][,...]
              Makes the agent list on the specified list of sock­
              ets instead of the default port, which is port 161.
              Multiple ports can be separated by commas.   Trans­
              ports  can be specified by prepending the port num­
              ber with the transport name ("udp" or  "tcp")  fol­
              lowed by a colon.  Finally, to bind to a particular
              interface, you can specify the address you want  it
              to bind with.  For example, specifying agentaddress
              161,tcp:161,9161@localhost will make the agent lis­

       agentuser uid
              Change  to  this uid after opening port. The userid
              may refer to a user by name or a number if the user
              number  starts  with  '#'.  For example, specifying
              agentuser snmp will cause the agent to run  as  the
              snmp  user or agentuser #10 will cause the agent to
              run as the user with userid 10.

       interface NAME TYPE SPEED
              For interfaces where the agent fails to guess  cor­
              rectly  on  the  type and speed, this directive can
              supply additional  information.   TYPE  is  a  type
              value as given in the IANAifType-MIB.

       ignoredisk STRING
              When  scanning for available disk devices the agent
              might block in trying to  open  all  possible  disk
              devices.  This might lead to a timeout when walking
              the device tree. Sometimes the next walk  will  run
              without  timeout,  sometimes  it will timeout every
              time you try it.

              If you experience such behaviour you might add this
              directive  and  give  all  device  names  not to be
              checked (i.e. opened). You might have more than one
              such  directive  in your configuration file stating
              all devices not to be opened. You might also  spec­
              ify  those  devices  using wildcards similar to the
              syntax you can use in a bourne shell (see  examples
              below).

              Note:  For a list of devices scanned for every sys­
              tem please consult the sources (host/hr_disk.c) and
              check  for  the  Add_HR_Disk_entry() calls relevant
              for your type of OS.

              Examples:

              ignoredisk /dev/rdsk/c0t2d0

              This directive prevents the device /dev/rdsk/c0t2d0
              from being scanned.

              ignoredisk /dev/rdsk/c0t[!6]d0

              This     directive     prevents     all     devices
              /dev/rdsk/c0tXd0  except  .../c0t6d0   from   being
              scanned.  For most systems similar is the following
              directive:

              ignoredisk /dev/rdsk/c0t[0-57-9a-f]d0

       storageUseNFS NUMBER
              Setting storageUseNFS to 1 causes all NFS and  NFS-
              like  file  systems to be marked as 'Network Disks'
              in the hrStorageTable. This  is  according  to  RFC
              2790.  Not setting storageUseNFS or setting it to 2
              causes NFS and NFS-like file systems to  be  marked
              as  'Fixed  Disks'  as it has been in previous ver­
              sions of the ucd-snmp SNMP agent.

       authtrapenable NUMBER
              Setting authtrapenable to 1 enables  generation  of
              authentication failure traps.  The default value is
              disabled(2).  Ordinarily the  corresponding  object
              (snmpEnableAuthenTraps.0)  is  read-write, but set­
              ting its value via  this  token  makes  the  object
              read-only,  and  attempts  to  set the value of the
              object will result in a notWritable error response.

       trapcommunity STRING
              This  defines  the  default  community string to be
              used when sending traps.  Note  that  this  command
              must  be  used  prior to any of the following three
              commands  that  are  intended  use  this  community
              string.

       trapsink HOST [COMMUNITY [PORT]]

       trap2sink HOST [COMMUNITY [PORT]]

       informsink HOST [COMMUNITY [PORT]]
              These  commands  define  the hosts to receive traps
              (and/or inform notifications). The daemon  sends  a
              Cold  Start  trap when it starts up. If enabled, it
              also sends traps on authentication failures.   Mul­
              tiple  trapsink, trap2sink and informsink lines may
              be specified to specify multiple destinations.  Use
              trap2sink  to  send  SNMPv2 traps and informsink to
              send inform notifications.   If  COMMUNITY  is  not
              specified,  the  string from a preceding trapcommu­
              nity directive will be used. If PORT is not  speci­
              fied,  the  well known SNMP trap port (162) will be
              used.

       trapsess [SNMPCMD_ARGS] HOST [COMMUNITY]
              This is a more  generic  trap  configuration  token
              that  allows  any  type  of  trap destination to be
              specified with any version of SNMP.  See  the  snm­
              pcmd(1)  manual  page  for  further  details on the
              arguments that can be passed as SNMPCMD ARGS .   In
              addition to the arguments listed there, the special
              argument -Ci specifies that you want inform notifi­
              See the snmpcmd man page for details.

              Examples:

              proxy -v 1 -c public remotehost .1.3.6.1.4.1.2021

              proxy  -v  3  -l  noAuthNoPriv  -u  user remotehost
              .1.3.6.1.3.10 .1.3.6.1.2.1.1


PASS-THROUGH CONTROL

       pass MIBOID EXEC
              Passes entire control of MIBOID to  the  EXEC  pro­
              gram.   The  EXEC  program  is called in one of the
              following three ways:

              EXEC -g MIBOID

              EXEC -n MIBOID

                     These call lines match to SNMP get and  get­
                     next requests.  It is expected that the EXEC
                     program will take the arguments passed to it
                     and  return the appropriate response through
                     it's stdout.

                     The first line of stdout should be  the  mib
                     OID of the returning value.  The second line
                     should be the TYPE of value returned,  where
                     TYPE  is  one  of  the text strings: string,
                     integer,  unsigned,   objectid,   timeticks,
                     ipaddress,  counter,  or  gauge.   The third
                     line of stdout should be  the  VALUE  corre­
                     sponding with the returned TYPE.

                     For  instance, if a script was to return the
                     value integer value "42" when a request  for
                     .1.3.6.1.4.100  was  requested,  the  script
                     should return the following 3 lines:
                       .1.3.6.1.4.100
                       integer
                       42

                     To indicate that the  script  is  unable  to
                     comply with the request due to an end-of-mib
                     condition or an invalid request, simple exit
                     and  return  no  output to stdout at all.  A
                     snmp error will be  generated  corresponding
                     to the SNMP NO-SUCH-NAME response.

              EXEC -s MIBOID TYPE VALUE

                     For SNMP set requests, the above call method
                             allowed to  write  (ie  snmpset)  to
                             your  script  will  be the "private"
                             community,or community #2 if defined
                             differently by the "community" token
                             discussed above.  Which  communities
                             are  allowed  write  access are con­
                             trolled by the RWRITE definition  in
                             the snmplib/snmp_impl.h source file.

              Example (in snmpd.conf):

              pass .1.3.6.1.4.1.2021.255 /path/to/local/passtest

       pass_persist MIBOID EXEC
              Passes entire control of MIBOID to  the  EXEC  pro­
              gram.   Similar  to pass, but the EXEC program con­
              tinues  to  run  after  the  initial   request   is
              answered.

              Upon  initialization,  EXEC  is  passed  the string
              "PING\n" in stdin, and it should respond by  print­
              ing "PONG\n" to stdout.

              For  get  and  getnext  requests,  EXEC  program is
              passed two lines, the command (get or getnext)  and
              the mib OID.  It should return three lines, the mib
              OID, the TYPE of value returned, the  VALUE  corre­
              sponding with the returned TYPE.

              For  example,  if  the value for .1.3.6.1.4.100 was
              requested, the following 2 lines would be passed in
              to stdin:
                get
                .1.3.6.1.4.100

              To  return  the  value,  say,  42, the script would
              write to stdout:
                .1.3.6.1.4.100
                integer
                42

              To indicate that the script  is  unable  to  comply
              with  the request due to an end-of-mib condition or
              an invalid request, print "NONE\n" to stdout.

              Example (in snmpd.conf):

              pass_persist                  .1.3.6.1.4.1.2021.255
              /path/to/local/pass_persisttest


EXAMPLE

       See  the  EXAMPLE.CONF file in the top level source direc­
       /etc/snmpd.conf


SEE ALSO

       snmpconf(1), snmp.conf(5), snmp_config(5), snmpd(1), EXAM­
       PLE.conf, read_config(3).

                           28 Aug 2001              SNMPD.CONF(5)
  
Help us cut cost by not downloading the whole site!
Use of automated download sofware ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and therefore is expressedly prohibited. For more details on this, take a look here

Login
Nickname

Password

Security Code
Security Code
Type Security Code


Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!


Amazon Wish List

Did You Know?
You can help in many different ways.


Friends



Tell a Friend About Us

Bookmark and Share



Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.04 Seconds