snmpd.conf(4)

NAME

snmpd.conf — configuration file for the SNMP agent

DESCRIPTION

When invoked, the SNMP agent reads its configuration information from the /etc/SnmpAgent.d/snmpd.conf configuration file. The SNMP agent is either the snmpd(1M) (included with HP-UX) or the snmpd.ea (purchased with the HP OpenView product). The SNMP agent will not be able to reply if no values are configured in /etc/SnmpAgent.d/snmpd.conf, i.e., /etc/SnmpAgent.d/snmpd.conf is empty.

Parameter

The /etc/SnmpAgent.d/snmpd.conf file contains the following configurable values:

get-community-name: Specifies community name for the agent. The agent responds to SNMP GetRequests with this community name. You can configure the agent to respond to more than one get community name. If a community name is not entered, the agent does not respond to SNMP GetRequests.
set-community-name: Specifies community name for the agent. The agent responds to the SNMP SetRequests and SNMP GetRequests with this community name. You can configure the agent to respond to more than one set community name. If a set community name is not entered, the agent will not respond to SetRequests.
trap-dest: Specifies a system where traps are sent (that is, the trap destination). This system is usually the IP address of the manager. If traps should be sent to multiple systems then a trap-dest line should be included for each system.
location: Specifies the physical location of the agent.
contact: Specifies the person responsible for this agent and information on how to contact this person.

SNMPv3 Features

The syntax for using v3 features of SNMP is as follows. The format is:

TAG VALUE

Where TAG is one of the following:

usmUserEntry: usmUserEntry is used to configure an SNMPv3 user.
vacmSecurityToGroupEntry: vacmSecurityToGroupEntry is used to assign principal to a group, where principal is either SNMPv3 user or SNMPv1, SNMPv2 community string.
vacmViewTreeFamilyEntry: vacmAccessEntry is used to define group(s) and the associated access rights.
snmpTargetAddrEntry: snmpTargetAddrEntry is used to configure target addresses (to which notifications should be sent).
snmpNotifyEntry: snmpNotifyEntry is used to configure Notification Entries.
snmpTargetParamsEntry: snmpTargetParamsEntry is used to configure the parameters to be used while sending notifications.

VALUE is a valid value for any give TAG. When the TAG is usmUserEntry, the format of the VALUE clause is as follows:

usmUserEngineID usmUserName usmUserAuthProtocol usmUserPrivProtocol \

usmUserStorageType usmTargetTag

where:

usmUserEngineID

is an OctetString, which is authoritative SNMP engine's administratively unique identifier. For snmpget/snmpset requests, the value in agent configuration file will be localSNMPID.

usmUserName

is user name in ASCII text.

usmUserAuthProtocol

is the Authentication Protocol used for sending and receiving messages, on behalf of this SNMP engine. Currently supported values are usmNoAuthProtocol and usmHMACMD5AuthProtocol.

usmUserPrivProtocol

is the Privacy protocol used for sending and receiving messages, on behalf of SNMP engine. Currently, no protocol is supported.

Default value is the OID for the usmUserPrivProtocol, i.e., .1.3.6.1.6.3.10.1.2.1.

usmUserStorageType

is nonVolatile, permanent, or readOnly.

usmTargetTag

is ASCII text used for source address checking. It is used for selecting a set of entries from snmpTargetAddrTable. The value will be "-" if source address checking is not required.

When the TAG is vacmSecurityToGroupEntry, the format of the VALUE clause is as follows:

vacmSecurityModel vacmSecurityName vacmGroupName vacmSecurityToGroupStorageType

where:

vacmSecurityModel: is snmpv1 for SNMPv1, snmpv2c for SNMPv2c and usm for SNMPv3.
vacmSecurityName: is the ASCII string which is 'principal' (SNMPv3 user or SNMPv1/ SNMPv2 community string).
vacmGroupName: is the ASCII text defining the group name. This group name must be defined by at least one vacmAccessEntry.
vacmSecurityToGroupStorageType: is nonVolatile, permanent, or readOnly.

When the TAG is vacmAccessEntry the format of the VALUE clause is as follows:

vacmGroupName vacmAccessContextPrefix vacmAccessSecurityModel

vacmAccessSecurityLevel vacmAccessContextMatch vacmAccessReadViewName

vacmAccessWriteViewName vacmAccessNotifyViewName vacmAccessStorageType

where:

vacmGroupName: is ASCII text representing group name.
vacmAccessContextPrefix: is ASCII string used to match the context name in the manangement request, either partially or completely. A dash "-" represents default context.
vacmAccessSecurityModel: is snmpv1 for SNMPv1, snmpv2c for SNMPv2c and usm for SNMPv3.
vacmAccessSecurityLevel: is the level of authentication and privacy. Presently supported values are noAuthNoPriv, for no authentication no privacy, authNoPriv for Authentication and no privacy.
vacmAccessContextMatch: is exact or prefix to indicate how the context of the request must match vacmAccessContextPrefix.
vacmAccessReadViewName: is used for defining view subtrees for Get request. It should be defined by at least one vacmViewTreeFamilyEntry.
vacmAccessWriteViewName: is used for defining view subtrees for Set requests. It should be defined by at least one vacmViewTreeFamilyEntry.
vacmAccessNotifyViewName: is used for defining view subtrees from which objects may be included as VarBinds in the Trap messages and Inform requests. It should be defined by at least one vacmViewTreeFamilyEntry.
vacmAccessStorageType: is nonVolatile, permanent, or readOnly.

When the TAG is vacmViewTreeFamilyEntry, the format of the VALUE clause is as follows:

vacmViewTreeFamilyViewName vacmViewTreeFamilySubtree

vacmViewTreeFamilyMask vacmViewTreeFamilyType

vacmViewTreeFamilyStorageType

where:

vacmViewTreeFamilyViewName: is the name of the family of this view of subtrees.
vacmViewTreeFamilySubtree: is the object Identifier that defines the subtree.
vacmViewTreeFamilyMask: is a sequence of hexadecimal numbers between 0x00 and 0xff, to restrict the value of vacmViewTreeFamilySubtree. A value of 0, indicates `wild card' (matches anything), and value of 1 indicates exact match.
vacmViewTreeFamilyType: is included or excluded to mean whether the subtree under the OID defined by vacmViewTreeFamilySubtree is accessible or not accessible.
vacmViewTreeFamilyStorageType: is nonVolatile, permanent, or readOnly.

When the TAG is snmpTargetAddrEntry, the format of the VALUE clause is as follows:

snmpTargetAddrName snmpTargetAddrTDomain snmpTargetAddrTAddress

snmpTargetAddrTimeout snmpTargetAddrRetryCount snmpTargetAddrTagList

snmpTargetAddrParams snmpTargetAddrStorageType snmpTargetAddrTMask

snmpTargetAddrMMS

where:

snmpTargetAddrName

is the ASCII text representing the name of the target.

snmpTargetAddrTDomain

is and OID which indicates network type. Presently supported value is snmpUDPDomain, i.e., 1.3.6.1.6.1.1.

snmpTargetAddrTAddress

is x.x.x.x:y where x.x.x.x is a valid IP address and y is a valid UDP port number. The address is used as destination address for outgoing notifications. If y is 0, the value of SR_TRAP_TEST_PORT is used as destination port number. Otherwise, if SR_SNMP_TEST_PORT is set, the destination port is 1 more than SR_SNMP_TEST_PORT, else 162 is destination port.

snmpTargetAddrTimeout

is used for Inform requests to estimate the round trip time (in hundredth of second). When Inform request is sent to this address, and response doesn't arrive in this time, SNMP entity will assume that response will not be delivered.

The default value is 1500 (15 seconds) as per RFC-2573.

snmpTargetAddrRetryCount

is the number of times, Inform request is resent, if response is not received.

Default value is 3 as suggested by RFC-2573.

snmpTargetAddrTagList

is a quoted string containing one or more tags corresponding to the value of snmpNotifyTag in snmpNotifyTable. A notification defined in snmpNotifyTable will be sent to snmpTargetAddrTDomain if notification's snmpNotifyTag appears in this tag list.

snmpTargetAddrParams

is ASCII string used to select values in snmpTargetParamsTable.

snmpTargetAddrStorageType

is nonVolatile, permanent, or readOnly.

snmpTargetAddrTMask

is mask value for snmpTargetAddrTAddress.

snmpTargetAddrMMS

is Maximum Message Size that can be transmitted between local host and host with address snmpTargetAddrTAddress without fragmentation.

Default size is 2048.

When the TAG is snmpNotifyEntry, the format of the VALUE clause is as follows:

snmpNotifyName snmpNotifyTag snmpNotifyType snmpNotifyStorageType

where:

snmpNotifyName: is the ASCII text representing the name of notification.
snmpNotifyTag: is the ASCII string used to select entries in snmpTargetAddrTable.
snmpNotifyType: is "1" for traps or "2" for informs.
snmpNotifyStorageType: is nonVolatile, permanent, or readOnly.

When the TAG is snmpTargetParamsEntry, the format of the VALUE clause is as follows:

snmpTargetParamsName snmpTargetParamsMPModel

snmpTargetParamsSecurityModel snmpTargetParamsSecurityName

snmpTargetParamsSecurityLevel snmpTargetParamsStorageType

where:

snmpTargetParamsName: is the ASCII text representing the name of the parameter.
snmpTargetParamsMPModel: is 0 for SNMPv1, 1 for SNMPv2c, 3 for SNMPv3. This field in combination with snmpTargetParamsSecurityModel defines the type of notifications to be sent.
snmpTargetParamsSecurityModel: is snmpv1 for SNMPv1, snmpv2c for SNMPv2c, snmpv2s for SNMPv2*, or usm for SNMPv3. This field in combination with snmpTargetParamsMPModel defines the type of notifications to be sent.
snmpTargetParamsSecurityName: is the ASCII string which is 'principal' (SNMPv3 user or SNMPv1/SNMPv2 community string), to be used for notifications.
snmpTargetParamsSecurityLevel: is the security level of the notifications to be sent. Only supported value is noAuthNoPriv.
snmpTargetParamsStorageType: is nonVolatile, permanent, or readOnly.

EXAMPLES

Separate the fields by blanks or tabs. A # character indicates the beginning of a comment; characters from the # character to the end of the line are ignored.

Each line in the following example snmpd.conf file is preceded by a comment (beginning with #) that explains the entry.

# Restrict the agent to responding only to
# SNMP GetRequests  that have the
# community name "secret"
get-community-name:  secret
# Allow the agent to respond to SNMP Get  and SetRequests with
# either the community name "private"  or "secret"
set-community-name: private
set-community-name:  secret
# Allow the agent to respond to SNMP Get  and SetRequests
# that have the community name "private"
set-community-name:  private
# Send traps to system 15.2.113.233
trap-dest:  15.2.113.233
# Specify the agent is located on  the first floor
# near the mens room
location:  1st Floor near Mens Room
# Specify Bob Jones  is responsible for this agent
# and his phone number is  555-2000
contact: Bob Jones (Phone 555-2000)

# Create a SNMPv3 user 'v3usr' with No Authentication Protocol.
usmUserEntry  localSnmpID v3usr usmNoAuthProtocol 1.3.6.1.6.3.10.1.2.1 \
nonVolatile  whereValidRequestsOriginate -
# Create a SNMPv3  user 'v3usr' with Authentication enabled and
# password  as "passwd".
usmUserEntry localSnmpID v3usr usmHMACMD5AuthProtocol  1.3.6.1.6.3.10.1.2.1 \
nonVolatile whereValidRequestsOriginate  "passwd"
# Create a group 'admin' and make the  user 'v3usr' a part of the
# same group.
vacmSecurityToGroupEntry  usm v3usr admin nonVolatile
# Assign access control the group 'admin'. This group will have
# security protocol as no authentication and no privacy
vacmAccessEntry admin  - usm noAuthNoPriv prefix All All - nonVolatile
#  'All' is the name of the view that will define the access for the
#  group 'admin'. Give access to the view named 'All'. The access is
#  for the subtree `internet' i.e. .1.3.6.1
vacmViewTreeFamilyEntry   All 1.3.6.1 - included nonVolatile
# Create  a target address entry for 192.168.40.40 with UDP port as 0.
#  If SNMP_TRAP_TEST_ENTRY or SNMP_TEST_PORT_ENTRY are not used,
#  default value of UDP port 162 will be used.
snmpTargetAddrEntry  stae2 1.3.6.1.6.1.1 192.168.40.40:0 0 0 \
whereValidRequestsOriginate  - nonVolatile 255.255.255.255:0 2048

AUTHOR

snmpd.conf was developed by Hewlett-Packard Company.

FILES

"HP-UX 11.X and Solaris 2.X": /etc/SnmpAgent.d/snmpd.conf

snmpd.conf(4)

Technical documentation

» Table of Contents

» Index

NAME

DESCRIPTION

Parameter

SNMPv3 Features

EXAMPLES

AUTHOR

FILES

SEE ALSO