1SNMP.CONF(5)                       Net-SNMP                       SNMP.CONF(5)
2
3
4

NAME

6       snmp.conf - configuration files for the Net-SNMP applications
7

DESCRIPTION

9       Applications  built  using  the Net-SNMP libraries typically use one or
10       more configuration files to control various aspects of their operation.
11       These  files  (snmp.conf  and snmp.local.conf) can be located in one of
12       several locations, as described in the snmp_config(5) manual page.
13
14       In particular, /etc/snmp/snmp.conf is a  common  file,  containing  the
15       settings  shared  by  all  users of the system.  ~/.snmp/snmp.conf is a
16       personal file, with the settings specific to a particular user.
17

HOST-SPECIFIC FILES

19       Host-specific files may also be loaded and will be searched  for  if  a
20       transport  name  is specified that matches a PATH/hosts/HOST.conf file.
21       For example, if you wanted a particular host to use SNMPv2c by  default
22       you could create a ~/.snmp/hosts/NAME.conf file and in it put:
23
24              defVersion 2c
25
26       Any  connections  set to connect to the hostname NAME will use SNMPv2c.
27       Also see the transport token below for additional  host-specific  exam‐
28       ples.
29
30       Host-specific configuration files are loaded at the time the connection
31       is opened.  Thus they're generally loaded after all other configuration
32       files and can be used to override settings from the generic files.
33
34       To avoid loading any host-specific config files set "dontLoadHostConfig
35       true" in your snmp.conf file.
36

COMMAND-LINE OPTIONS

38       All of the tokens described in this file can be  used  on  the  command
39       line of Net-SNMP applications as well by prefixing them with "--".  EG,
40       specifying --dontLoadHostConfig=true on the command line will  turn  of
41       loading of the host specific configuration files.
42

IMPORTANT NOTE

44       Several  of these directives may contain sensitive information (such as
45       pass phrases).  Configuration files that include such  settings  should
46       only be readable by the user concerned.
47
48       As well as application-specific configuration tokens, there are several
49       directives that relate to standard library behaviour, relevant to  most
50       Net-SNMP  applications.   Many of these correspond to standard command-
51       line options, which are described in the snmpcmd(1) manual page.
52
53       These directives can be divided into several distinct groups.
54

CLIENT BEHAVIOUR

56       defDomain application domain
57              The transport domain that should be used for a certain  applica‐
58              tion type unless something else is specified.
59
60       defTarget application domain target
61              The  target  that  should  be  used for connections to a certain
62              application if the connection should be in a specific domain.
63
64       defaultPort PORT
65              defines the default UDP port that client SNMP applications  will
66              attempt  to  connect  to.   This can be overridden by explicitly
67              including a port number in the  AGENT  specification.   See  the
68              snmpcmd(1) manual page for more details.
69
70              If not specified, the default value for this token is 161.
71
72       transport HOSTSPECIFIER
73              This special token should go into a hostname-specific configura‐
74              tion file in a hosts sub-directory.  For  example  if  the  file
75              hosts/foo.conf  exists in the search path it will be loaded if a
76              transport name of foo was used.  Within the  foo.conf  file  you
77              may  put  both  general  snmp.conf settings as well as a special
78              transport string to specify the destination to connect to.   For
79              example, putting:
80
81                     transport tcp:foo.example.com:9876
82
83              in  the  hosts/foo.conf  file will make applications referencing
84              the foo hostname (e.g. snmpget) to actually connect via  TCP  to
85              foo.exmaple.com on port 9876.
86
87       defVersion (1|2c|3)
88              defines  the  default version of SNMP to use.  This can be over‐
89              ridden using the -v option.
90
91       defCommunity STRING
92              defines the default community to  use  for  SNMPv1  and  SNMPv2c
93              requests.  This can be overridden using the -c option.
94
95       alias NAME DEFINITION
96              Creates  an  aliased  tied to NAME for a given transport defini‐
97              tion.  The alias can the be referred to using an alias:  prefix.
98              Eg, a line of "alias here udp:127.0.0.1:6161" would allow you to
99              use   a   destination   host   of   "alias:here"   instead    of
100              "udp:127.0.0.1:6161".   This  becomes  more  useful with complex
101              transport addresses involving IPv6 addresses, etc.
102
103       dumpPacket yes
104              defines whether to display a hexadecimal dump of  the  raw  SNMP
105              requests  sent and received by the application.  This is equiva‐
106              lent to the -d option.
107
108       doDebugging (1|0)
109              turns on debugging for all applications run if set to 1.
110
111       debugTokens TOKEN[,TOKEN...]
112              defines the debugging tokens that should be turned on when doDe‐
113              bugging is set.  This is equivalent to the -D option.
114
115       16bitIDs yes
116              restricts requestIDs, etc to 16-bit values.
117
118              The SNMP specifications define these ID fields as 32-bit quanti‐
119              ties, and the Net-SNMP library  typically  initialises  them  to
120              random  values  for  security.   However certain (broken) agents
121              cannot handle ID values greater than 2^16 - this  option  allows
122              interoperability with such agents.
123
124       clientaddr [<transport-specifier>:]<transport-address>
125              specifies the source address to be used by command-line applica‐
126              tions when sending SNMP requests. See snmpcmd(1) for more infor‐
127              mation about the format of addresses.
128
129              This value is also used by snmpd when generating notifications.
130
131       clientaddrUsesPort no
132              specifies, if clientaddr option contains a port number. Set this
133              option to "yes", if clientaddr contains a port number  and  this
134              port should be used for sending outgoing SNMP requests.
135
136       clientRecvBuf INTEGER
137              specifies the desired size of the buffer to be used when receiv‐
138              ing responses to SNMP requests.  If the OS hard limit  is  lower
139              than  the  clientRecvBuf  value, then this will be used instead.
140              Some platforms may decide to increase the  size  of  the  buffer
141              actually used for internal housekeeping.
142
143              This directive will be ignored if the platforms does not support
144              setsockopt().
145
146       clientSendBuf INTEGER
147              is similar to clientRecvBuf, but applies to the size of the buf‐
148              fer used when sending SNMP requests.
149
150       noRangeCheck yes
151              disables  the validation of varbind values against the MIB defi‐
152              nition for the relevant OID.  This  is  equivalent  to  the  -Ir
153              option.
154
155              This directive is primarily relevant to the snmpset command, but
156              will also apply to any  application  that  calls  snmp_add_var()
157              with a non-NULL value.
158
159       noTokenWarnings
160              disables warnings about unknown config file tokens.
161
162       reverseEncodeBER (1|yes|true|0|no|false)
163              controls how the encoding of SNMP requests is handled.
164
165              The default behaviour is to encode packets starting from the end
166              of the PDU and working backwards.  This directive can be used to
167              disable  this  behaviour,  and  build the encoded request in the
168              (more obvious) forward direction.
169
170              It should not normally be necessary to change this  setting,  as
171              the  encoding is basically the same in either case - but working
172              backwards typically produces a slightly more efficient encoding,
173              and hence a smaller network datagram.
174
175       dontLoadHostConfig (1|yes|true|0|no|false)
176              Specifies  whether  or not the host-specific configuration files
177              are loaded.  Set to "true" to turn off the loading of  the  host
178              specific configuration files.
179
180       retries INTEGER
181              Specifies the number of retries to be used in the requests.
182
183       timeout INTEGER
184              Specifies the timeout in seconds between retries.
185

SNMPv3 SETTINGS

187       defSecurityName STRING
188              defines  the  default  security name to use for SNMPv3 requests.
189              This can be overridden using the -u option.
190
191       defSecurityLevel noAuthNoPriv|authNoPriv|authPriv
192              defines the default security level to use for  SNMPv3  requests.
193              This can be overridden using the -l option.
194
195              If  not specified, the default value for this token is noAuthNo‐
196              Priv.
197
198              Note:  authPriv is only available if the software has been  com‐
199                     piled to use the OpenSSL libraries.
200
201       defPassphrase STRING
202
203       defAuthPassphrase STRING
204
205       defPrivPassphrase STRING
206              define  the  default  authentication and privacy pass phrases to
207              use for SNMPv3 requests.  These can be overridden using  the  -A
208              and -X options respectively.
209
210              The  defPassphrase  value  will  be  used for the authentication
211              and/or privacy pass phrases if either of  the  other  directives
212              are not specified.
213
214       defAuthType MD5|SHA
215
216       defPrivType DES|AES
217              define  the  default authentication and privacy protocols to use
218              for SNMPv3 requests.  These can be overridden using the  -a  and
219              -x options respectively.
220
221              If  not specified, SNMPv3 requests will default to MD5 authenti‐
222              cation and DES encryption.
223
224              Note:  If the software has not been compiled to use the  OpenSSL
225                     libraries,  then  only  MD5  authentication is supported.
226                     Neither SHA authentication nor  any  form  of  encryption
227                     will be available.
228
229       defContext STRING
230              defines  the  default  context to use for SNMPv3 requests.  This
231              can be overridden using the -n option.
232
233              If not specified, the  default  value  for  this  token  is  the
234              default context (i.e. the empty string "").
235
236       defSecurityModel STRING
237              defines  the  security  model  to  use for SNMPv3 requests.  The
238              default value is "usm" which is the only  widely  used  security
239              model for SNMPv3.
240
241       defAuthMasterKey 0xHEXSTRING
242
243       defPrivMasterKey 0xHEXSTRING
244
245       defAuthLocalizedKey 0xHEXSTRING
246
247       defPrivLocalizedKey 0xHEXSTRING
248              define  the (hexadecimal) keys to be used for SNMPv3 secure com‐
249              munications.   SNMPv3  keys  are  frequently  derived   from   a
250              passphrase,  as  discussed  in  the defPassphrase section above.
251              However for improved security a truely random key can be  gener‐
252              ated  and  used instead (which would normally has better entropy
253              than a password unless it is amazingly  long).   The  directives
254              are  equivalent to the short-form command line options -3m, -3M,
255              -3k, and -3K.
256
257              Localized keys are master keys which have been  converted  to  a
258              unique  key which is only suitable for on particular SNMP engine
259              (agent).  The length of the key needs to be appropriate for  the
260              authentication  or encryption type being used (auth keys: MD5=16
261              bytes, SHA1=20 bytes; priv keys: DES=16 bytes (8 bytes of  which
262              is used as an IV and not a key), and AES=16 bytes).
263
264       sshtosnmpsocket PATH
265              Sets  the path of the sshtosnmp socket created by an application
266              (e.g. snmpd) listening for incoming ssh connections through  the
267              sshtosnmp unix socket.
268
269       sshtosnmpsocketperms MODE [OWNER [GROUP]]
270              Sets  the  mode, owner and group of the sshtosnmp socket created
271              by an application (e.g. snmpd) listening for incoming  ssh  con‐
272              nections through the sshtosnmp unix socket.  The socket needs to
273              be read/write privileged for SSH users that are allowed to  con‐
274              nect  to the SNMP service (VACM access still needs to be granted
275              as well, most likely through the TSM security model).
276
277       sshusername NAME
278              Sets the SSH user name for logging into the remote system.
279
280       sshpubkey FILE
281              Set the public key file to use when connecting to a remote  sys‐
282              tem.
283
284       sshprivkey FILE
285              Set the private key file to use when connecting to a remote sys‐
286              tem.
287

SERVER BEHAVIOUR

289       persistentDir DIRECTORY
290              defines the directory where snmpd and snmptrapd store persistent
291              configuration settings.
292
293              If   not   specified,   the  persistent  directory  defaults  to
294              /var/lib/net-snmp
295
296       noPersistentLoad yes
297
298       noPersistentSave yes
299              disable the  loading  and  saving  of  persistent  configuration
300              information.
301
302              Note:  This  will  break  SNMPv3 operations (and other behaviour
303                     that relies  on  changes  persisting  across  application
304                     restart).  Use With Care.
305
306       tempFilePattern PATTERN
307              defines  a  filename  template for creating temporary files, for
308              handling input to and output from external shell commands.  Used
309              by the mkstemp() and mktemp() functions.
310
311              If   not   specified,  the  default  pattern  is  "/var/run/net-
312              snmp/snmp-tmp-XXXXXX".
313
314       serverRecvBuf INTEGER
315              specifies the desired size of the buffer to be used when receiv‐
316              ing  incoming SNMP requests.  If the OS hard limit is lower than
317              the serverRecvBuf value, then this will be used  instead.   Some
318              platforms may decide to increase the size of the buffer actually
319              used for internal housekeeping.
320
321              This directive will be ignored if the platforms does not support
322              setsockopt().
323
324       serverSendBuf INTEGER
325              is similar to serverRecvBuf, but applies to the size of the buf‐
326              fer used when sending SNMP responses.
327

MIB HANDLING

329       mibdirs DIRLIST
330              specifies a list of directories to search for MIB  files.   This
331              operates  in  the same way as the -M option - see snmpcmd(1) for
332              details.  Note that this value can be overridden by the  MIBDIRS
333              environment variable, and the -M option.
334
335       mibs MIBLIST
336              specifies  a  list  of  MIB  modules  (not files) that should be
337              loaded.  This operates in the same way as the -m  option  -  see
338              snmpcmd(1)  for  details.  Note that this list can be overridden
339              by the MIBS environment variable, and the -m option.
340
341       mibfile FILE
342              specifies a (single) MIB file to load, in addition to  the  list
343              read  from  the  mibs token (or equivalent configuration).  Note
344              that this value can be overridden by  the  MIBFILES  environment
345              variable.
346
347       showMibErrors (1|yes|true|0|no|false)
348              whether to display MIB parsing errors.
349
350       commentToEOL (1|yes|true|0|no|false)
351              whether  MIB parsing should be strict about comment termination.
352              Many MIB writers assume that ASN.1 comments extend to the end of
353              the  text  line,  rather  than being terminated by the next "--"
354              token.  This token can be used to accept such  (strictly  incor‐
355              rect) MIBs.
356              Note that this directive was previous (mis-)named strictComment‐
357              Term, but with the reverse behaviour from that  implied  by  the
358              name.   This  earlier token is still accepted for backwards com‐
359              patibility.
360
361       mibAllowUnderline (1|yes|true|0|no|false)
362              whether to allow underline characters in MIB  object  names  and
363              enumeration  values.   This  token  can  be  used to accept such
364              (strictly incorrect) MIBs.
365
366       mibWarningLevel INTEGER
367              the minimum warning level of the warnings  printed  by  the  MIB
368              parser.
369

OUTPUT CONFIGURATION

371       logTimestamp (1|yes|true|0|no|false)
372              Whether the commands should log timestamps with their error/mes‐
373              sage logging or not.  Note that output will not look  as  pretty
374              with  timestamps  if  the  source code that is doing the logging
375              does incremental logging of messages that are not line  buffered
376              before  being  passed  to  the logging routines.  This option is
377              only used when file logging is active.
378
379       printNumericEnums (1|yes|true|0|no|false)
380              Equivalent to -Oe.
381
382       printNumericOids (1|yes|true|0|no|false)
383              Equivalent to -On.
384
385       dontBreakdownOids (1|yes|true|0|no|false)
386              Equivalent to -Ob.
387
388       escapeQuotes (1|yes|true|0|no|false)
389              Equivalent to -OE.
390
391       quickPrinting (1|yes|true|0|no|false)
392              Equivalent to -Oq.
393
394       printValueOnly (1|yes|true|0|no|false)
395              Equivalent to -Ov.
396
397       dontPrintUnits (1|yes|true|0|no|false)
398              Equivalent to -OU.
399
400       numericTimeticks (1|yes|true|0|no|false)
401              Equivalent to -Ot.
402
403       printHexText (1|yes|true|0|no|false)
404              Equivalent to -OT.
405
406       hexOutputLength integer
407              Specifies where to break up the output of  hexadecimal  strings.
408              Set to 0 to disable line breaks.  Defaults to 16.
409
410       suffixPrinting (0|1|2)
411              The  value  1 is equivalent to -Os and the value 2 is equivalent
412              to -OS.
413
414       oidOutputFormat (1|2|3|4|5|6)
415              Maps -O options as follow: -Os=1, -OS=2,  -Of=3,  -On=4,  -Ou=5.
416              The value 6 has no matching -O option. It suppresses output.
417
418       extendedIndex (1|yes|true|0|no|false)
419              Equivalent to -OX.
420
421       noDisplayHint (1|yes|true|0|no|false)
422              Disables  the  use  of  DISPLAY-HINT  information  when  parsing
423              indices and values to set. Equivalent to -Ih.
424

FILES

426       System-wide configuration files:
427              /etc/snmp/snmp.conf
428              /etc/snmp/snmp.local.conf
429
430       User-specific configuration settings:
431              $HOME/.snmp/snmp.conf
432              $HOME/.snmp/snmp.local.conf
433
434       Destination host specific files:
435              /etc/snmp/hosts/HOSTNAME.conf
436              $HOME/.snmp/hosts/HOSTNAME.conf
437
438

SEE ALSO

440       snmp_config(5), netsnmp_config_api(3), snmpcmd(1).
441
442
443
444V5.7.2                            21 Apr 2010                     SNMP.CONF(5)
Impressum