snmpd.conf(4) snmpd.conf(4)
NAME [Toc] [Back]
snmpd.conf - - configuration file for the SNMP agent
DESCRIPTION [Toc] [Back]
When invoked, the SNMP agent reads its configuration information from
the /etc/SnmpAgent.d/snmpd.conf configuration file. The SNMP agent is
either the snmpd (included with HP-UX) or the snmpd.ea (purchased with
the HP OpenView product). The SNMP agent will not be able to reply if
no values are configured in /etc/SnmpAgent.d/snmpd.conf i.e.
/etc/SnmpAgent.d/snmpd.conf is empty.
Parameter [Toc] [Back]
The /etc/SnmpAgent.d/snmpd.conf file contains the following
configurable values:
get-community-name
Specifies community name for the agent. The agent responds
to SNMP GetRequests with this community name. You can
configure the agent to respond to more than one get
community name. If a community name is not entered, the
agent does not respond to SNMP GetRequests.
set-community-name
Specifies community name for the agent. The agent responds
to the SNMP SetRequests and SNMP GetRequests with this
community name. You can configure the agent to respond to
more than one set community name. If a set community name is
not entered, the agent will not respond to SetRequests.
trap-dest Specifies a system where traps are sent (that is, the trap
destination). This system is usually the IP address of the
manager. If traps should be sent to multiple systems then a
trap-dest line should be included for each system.
location Specifies the physical location of the agent.
contact Specifies the person responsible for this agent and
information on how to contact this person.
SNMPv3 FEATURES [Toc] [Back]
The syntax for using v3 features of SNMP is as follows. The format is
:
TAG VALUE [Toc] [Back]
Where TAG is one of the following
usmUserEntry
usmUserEntry is used to configure an SNMPv3 user.
Hewlett-Packard CompanNNM Pre-Release1X.07.00 (Design-Proto-4): August 2003
snmpd.conf(4) snmpd.conf(4)
vacmSecurityToGroupEntry
vacmSecurityToGroupEntry is used to assign 'principal' to a
group, where principal is either SNMPv3 user or SNMPv1,
SNMPv2 community string.
vacmViewTreeFamilyEntry
vacmAccessEntry is used to define group(s) and the
associated access rights.
snmpTargetAddrEntry
snmpTargetAddrEntry is used to configure target addresses
(to which notifications should be sent).
snmpNotifyEntry
snmpNotifyEntry is used to configure Notification Entries.
snmpTargetParamsEntry
snmpTargetParamsEntry is used to configure the parameters to
be used while sending notifications.
VALUE is a valid value for any give TAG.
When the TAG is "usmUserEntry", the format of the VALUE clause is as
follows:
usmUserEngineID usmUserName usmUserAuthProtocol usmUserPrivProtocol
\usmUserStorageType usmTargetTag
where
usmUserEngineID
is an OctetString, which is authoritative SNMP engine's
administeratively unique identifier. For snmpget/snmpset
requests, the value in agent configuration file will be
localSNMPID.
usmUserName
is user name in the ASCII text.
usmUserAuthProtocol
is the Authentication Protocol used for sending and
receiving messages, on behalf of this SNMPengine. Currently
supported values are usmNoAuthProtocol and
usmHMACMD5AuthProtocol.
usmUserPrivProtocol
is the Privacy protocol used for sending and receiving
messages, on behalf of SNMP engine. Currently, no protocol
is supported. Default value is the OID for the
usmUserPrivProtocol i.e. .1.3.6.1.6.3.10.1.2.1
Hewlett-Packard CompanNNM Pre-Release2X.07.00 (Design-Proto-4): August 2003
snmpd.conf(4) snmpd.conf(4)
usmUserStorageType
is `nonVolatile', `permanent', or `readOnly'
usmTargetTag
is ASCII text used for source address checking. It is used
for selecting a set of entries from snmpTargetAddrTable. The
value will be "-" if source address checking is not
required.
When the TAG is vacmSecurityToGroupEntry, the format of the VALUE
clause is as follows:
vacmSecurityModel vacmSecurityName vacmGroupName
vacmSecurityToGroupStorageType
vacmSecurityModel
is "snmpv1" for SNMPv1, "snmpv2c" for SNMPv2c and "usm" for
SNMPv3
vacmSecurityName
is the ASCII string which is 'principal' (SNMPv3 user or
SNMPv1/ SNMPv2 community string).
vacmGroupName
is the ASCII text defining the group name. This group name
must be defined by atleast one vacmAccessEntry.
vacmSecurityToGroupStorageType
is `nonVolatile', `permanent', or `readOnly'.
When the TAG is vacmAccessEntry the format of the VALUE clause is as
follows:
vacmGroupName vacmAccessContextPrefix vacmAccessSecurityModel
vacmAccessSecurityLevel vacmAccessContextMatch vacmAccessReadViewName
vacmAccessWriteViewName vacmAccessNotifyViewName
vacmAccessStorageType
where,
vacmGroupName
is ASCII text representing group name.
vacmAccessContextPrefix
is ASCII string used to match the context name in the
manangement request, either partially or completely. A
dash"-" represents default context.
vacmAccessSecurityModel
is "snmpv1" for SNMPv1, "snmpv2c" for SNMPv2c and "usm" for
SNMPv3.
Hewlett-Packard CompanNNM Pre-Release3X.07.00 (Design-Proto-4): August 2003
snmpd.conf(4) snmpd.conf(4)
vacmAccessSecurityLevel
is the level of authentication and privacy. Presently
supported values are noAuthNoPriv, for no authentication no
privacy, authNoPriv for Authentication and no privacy..
vacmAccessContextMatch
is "exact" or "prefix" to indicate how the context of the
request must match vacmAccessContextPrefix.
vacmAccessReadViewName
is used for defining view subtrees for Get request. It
should be defined by atleast one vacmViewTreeFamilyEntry.
vacmAccessWriteViewName
is used for defining view subtrees for Set requests. It
should be defined by atleast one vacmViewTreeFamilyEntry.
vacmAccessNotifyViewName
is used for defining view subtrees from which objects may be
included as VarBinds in the Trap messages & Inform requests.
It should be defined by atleast one vacmViewTreeFamilyEntry
vacmAccessStorageType
is `nonVolatile', `permanent', or `readOnly' .
When the TAG is vacmViewTreeFamilyEntry, the format of the VALUE
clause is as follows:
vacmViewTreeFamilyViewName vacmViewTreeFamilySubtree
vacmViewTreeFamilyMask vacmViewTreeFamilyType
vacmViewTreeFamilyStorageType
Where,
vacmViewTreeFamilyViewName
is the name of the family of this view of subtrees.
vacmViewTreeFamilySubtree
is the object Identifier that defines the subtree.
vacmViewTreeFamilyMask
is a sequence of hexadecimal numbers between 0x00 and 0xff,
to restrict the value of vacmViewTreeFamilySubtree. A value
of 0, indicates `wild card' (matches anything), and value of
1 indicates exact match.
vacmViewTreeFamilyType
is "included" or "excluded" to mean whether the subtree
under the OID defined by vacmViewTreeFamilySubtree is
accessible or not accessible.
Hewlett-Packard CompanNNM Pre-Release4X.07.00 (Design-Proto-4): August 2003
snmpd.conf(4) snmpd.conf(4)
vacmViewTreeFamilyStorageType
is `nonVolatile', `permanent', or `readOnly'.
When the TAG is snmpTargetAddrEntry, the format of the VALUE clause is
as follows:
snmpTargetAddrName snmpTargetAddrTDomain snmpTargetAddrTAddress
snmpTargetAddrTimeout snmpTargetAddrRetryCount snmpTargetAddrTagList
snmpTargetAddrParams snmpTargetAddrStorageType snmpTargetAddrTMask
snmpTargetAddrMMS
where,
snmpTargetAddrName
is the ASCII text representing the name of the target.
snmpTargetAddrTDomain
is and OID which indicates network type. Presently supported
value is 'snmpUDPDomain' i.e. 1.3.6.1.6.1.1
snmpTargetAddrTAddress
is x.x.x.x:y where x.x.x.x is a valid IP address and y is a
valid UDP port number. The address is used as destination
address for outgoing notifications.If y is 0, the value of
SR_TRAP_TEST_PORT is used as destination port number.
Otherwise, if SR_SNMP_TEST_PORT is set, the destination port
is 1 more than SR_SNMP_TEST_PORT, else 162 is destination
port.
snmpTargetAddrTimeout
is used for Inform requests to estimate the round trip time
(in hundreths of second). When Inform request is sent to
this address, and response doesn't arrive in this time, SNMP
entity will assume that response will not be delivered. The
default value is 1500 (15 seconds) as per RFC-2573.
snmpTargetAddrRetryCount
is the number of times, Inform request is resent, if
response is not received. Default value is 3 as suggested by
RFC-2573.
snmpTargetAddrTagList
is a quoted string containing one or more tags corresponding
to the value of snmpNotifyTag in snmpNotifyTable. A
notification defined in snmpNotifyTable will be sent to
snmpTargetAddrTDomain if notification's snmpNotifyTag
appears in this tag list.
snmpTargetAddrParams
is ASCII string used to select values in
snmpTargetParamsTable.
Hewlett-Packard CompanNNM Pre-Release5X.07.00 (Design-Proto-4): August 2003
snmpd.conf(4) snmpd.conf(4)
snmpTargetAddrStorageType
is `nonVolatile', `permanent', or `readOnly'.
snmpTargetAddrTMask
is mask value for snmpTargetAddrTAddress.
snmpTargetAddrMMS
is Maximum Message Size that can be transmitted between
local host & host with address snmpTargetAddrTAddress
without fragmentation. Default size is 2048..
When the TAG is "snmpNotifyEntry", the format of the VALUE clause is
as follows:
snmpNotifyName snmpNotifyTag snmpNotifyType snmpNotifyStorageType
where,
snmpNotifyName
is the ASCII text representing the name of notification.
snmpNotifyTag
is the ASCII string used to select entries in
snmpTargetAddrTable.
snmpNotifyType
is "1" for traps or "2" for informs.
snmpNotifyStorageType
is `nonVolatile', `permanent', or `readOnly'.
When the TAG is "snmpTargetParamsEntry", the format of the VALUE
clause is as follows:
snmpTargetParamsName snmpTargetParamsMPModel
snmpTargetParamsSecurityModel snmpTargetParamsSecurityName
snmpTargetParamsSecurityLevel snmpTargetParamsStorageType
where
snmpTargetParamsName
is the ASCII text representing the name of the parameter.
snmpTargetParamsMPModel
is "0" for SNMPv1, "1" for SNMPv2c, "3" for SNMPv3. This
field in combination with snmpTargetParamsSecurityModel
defines the type of notifications to be sent.
snmpTargetParamsSecurityModel
is "snmpv1" for SNMPv1, "snmpv2c" for SNMPv2c, "snmpv2s" for
SNMPv2*, or "usm" for SNMPv3. This field in combination with
Hewlett-Packard CompanNNM Pre-Release6X.07.00 (Design-Proto-4): August 2003
snmpd.conf(4) snmpd.conf(4)
snmpTargetParamsMPModel defines the type of notifications to
be sent.
snmpTargetParamsSecurityName
is the ASCII string which is 'principal' (SNMPv3 user or
SNMPv1 / SNMPv2 community string), to be used for
notifications.
snmpTargetParamsSecurityLevel
is the security level of the notifications to be sent. Only
supported value is noAuthNoPriv.
snmpTargetParamsStorageType
is `nonVolatile', `permanent', or `readOnly'.
EXAMPLES [Toc] [Back]
Separate the fields by blanks or tabs. A # character indicates the
beginning of a comment; characters from the # character to the end of
the line are ignored.
Each line in the following example snmpd.conf file is preceded by a
comment (beginning with #) that explains the entry.
# Restrict the agent to responding only to
# SNMP GetRequests that have the
# community name "secret"
get-community-name: secret
# Allow the agent to respond to SNMP Get and SetRequests with
# either the community name "private" or "secret"
set-community-name: private
set-community-name: secret
# Allow the agent to respond to SNMP Get and SetRequests
# that have the community name "private"
set-community-name: private
# Send traps to system 15.2.113.233
trap-dest: 15.2.113.233
# Specify the agent is located on the first floor
# near the mens room
location: 1st Floor near Mens Room
# Specify Bob Jones is responsible for this agent
# and his phone number is 555-2000
contact: Bob Jones (Phone 555-2000)
# Create a SNMPv3 user 'v3usr' with No Authentication Protocol.
usmUserEntry localSnmpID v3usr usmNoAuthProtocol 1.3.6.1.6.3.10.1.2.1 \
nonVolatile whereValidRequestsOriginate -
# Create a SNMPv3 user 'v3usr' with Authentication enabled and
# password as "passwd".
usmUserEntry localSnmpID v3usr usmHMACMD5AuthProtocol 1.3.6.1.6.3.10.1.2.1 \
nonVolatile whereValidRequestsOriginate "passwd"
# Create a group 'admin' and make the user 'v3usr' a part of the
Hewlett-Packard CompanNNM Pre-Release7X.07.00 (Design-Proto-4): August 2003
snmpd.conf(4) snmpd.conf(4)
# same group.
vacmSecurityToGroupEntry usm v3usr admin nonVolatile
# Assign access control the group 'admin'. This group will have
# security protocol as no authentication and no privacy
vacmAccessEntry admin - usm noAuthNoPriv prefix All All - nonVolatile
# 'All' is the name of the view that will define the access for the
# group 'admin'. Give access to the view named 'All'. The access is
# for the subtree `internet' i.e. .1.3.6.1
vacmViewTreeFamilyEntry All 1.3.6.1 - included nonVolatile
# Create a target address entry for 192.168.40.40 with UDP port as 0.
# If SNMP_TRAP_TEST_ENTRY or SNMP_TEST_PORT_ENTRY are not used,
# default value of UDP port 162 will be used.
snmpTargetAddrEntry stae2 1.3.6.1.6.1.1 192.168.40.40:0 0 0 \
whereValidRequestsOriginate - nonVolatile 255.255.255.255:0 2048
AUTHOR [Toc] [Back]
snmpd.conf was developed by Hewlett-Packard Co.
FILES [Toc] [Back]
HP-UX 10.01 and later
/etc/SnmpAgent.d/snmpd.conf
SEE ALSO [Toc] [Back]
snmpd(1M), snmpd.ea(1M).
RFC 1155, RFC 1157, RFC 1212, RFC 1213, RFC 1231, RFC 1398
Hewlett-Packard CompanyNNM Pre-Relea-se8X-.07.00 (Design-Proto-4): August 2003 [ Back ] |