1SNMP.CONF(5)                       Net-SNMP                       SNMP.CONF(5)
2
3
4

NAME

6       snmp.conf - configuration files for the Net-SNMP applications
7

DESCRIPTION

9       Applications  built  using  the Net-SNMP libraries typically use one or
10       more configuration files to control various aspects of their operation.
11       These  files  (snmp.conf  and snmp.local.conf) can be located in one of
12       several locations, as described in the snmp_config(5) manual page.
13
14       In particular, /etc/snmp/snmp.conf is a  common  file,  containing  the
15       settings  shared  by  all  users of the system.  ~/.snmp/snmp.conf is a
16       personal file, with the settings specific to a particular user.
17

HOST-SPECIFIC FILES

19       Host-specific files may also be loaded and will be searched  for  if  a
20       transport  name  is specified that matches a PATH/hosts/HOST.conf file.
21       For example, if you wanted a particular host to use SNMPv2c by  default
22       you could create a ~/.snmp/hosts/NAME.conf file and in it put:
23
24              defVersion 2c
25
26       Any  connections  set to connect to the hostname NAME will use SNMPv2c.
27       Also see the transport token below for additional  host-specific  exam‐
28       ples.
29
30       Host-specific configuration files are loaded at the time the connection
31       is opened.  Thus they're generally loaded after all other configuration
32       files and can be used to override settings from the generic files.
33
34       To avoid loading any host-specific config files set "dontLoadHostConfig
35       true" in your snmp.conf file.
36

COMMAND-LINE OPTIONS

38       All of the tokens described in this file can be  used  on  the  command
39       line of Net-SNMP applications as well by prefixing them with "--".  EG,
40       specifying --dontLoadHostConfig=true on the command line will  turn  of
41       loading of the host specific configuration files.
42

IMPORTANT NOTE

44       Several  of these directives may contain sensitive information (such as
45       pass phrases).  Configuration files that include such  settings  should
46       only be readable by the user concerned.
47
48       As well as application-specific configuration tokens, there are several
49       directives that relate to standard library behaviour, relevant to  most
50       Net-SNMP  applications.   Many of these correspond to standard command-
51       line options, which are described in the snmpcmd(1) manual page.
52
53       These directives can be divided into several distinct groups.
54

CLIENT BEHAVIOUR

56       defDomain application domain
57              The transport domain that should be used for a certain  applica‐
58              tion type unless something else is specified.
59
60       defTarget application domain target
61              The  target  that  should  be  used for connections to a certain
62              application if the connection should be in a specific domain.
63
64       defaultPort PORT
65              defines the default UDP port that client SNMP applications  will
66              attempt  to  connect  to.   This can be overridden by explicitly
67              including a port number in the  AGENT  specification.   See  the
68              snmpcmd(1) manual page for more details.
69
70              If not specified, the default value for this token is 161.
71
72       transport HOSTSPECIFIER
73              This special token should go into a hostname-specific configura‐
74              tion file in a hosts sub-directory.  For  example  if  the  file
75              hosts/foo.conf  exists in the search path it will be loaded if a
76              transport name of foo was used.  Within the  foo.conf  file  you
77              may  put  both  general  snmp.conf settings as well as a special
78              transport string to specify the destination to connect to.   For
79              example, putting:
80
81                     transport tcp:foo.example.com:9876
82
83              in  the  hosts/foo.conf  file will make applications referencing
84              the foo hostname (e.g. snmpget) to actually connect via  TCP  to
85              foo.exmaple.com on port 9876.
86
87       defVersion (1|2c|3)
88              defines  the  default version of SNMP to use.  This can be over‐
89              ridden using the -v option.
90
91       defCommunity STRING
92              defines the default community to  use  for  SNMPv1  and  SNMPv2c
93              requests.  This can be overridden using the -c option.
94
95       alias NAME DEFINITION
96              Creates  an  aliased  tied to NAME for a given transport defini‐
97              tion.  The alias can the be referred to using an alias:  prefix.
98              Eg, a line of "alias here udp:127.0.0.1:6161" would allow you to
99              use   a   destination   host   of   "alias:here"   instead    of
100              "udp:127.0.0.1:6161".   This  becomes  more  useful with complex
101              transport addresses involving IPv6 addresses, etc.
102
103       dumpPacket yes
104              defines whether to display a hexadecimal dump of  the  raw  SNMP
105              requests  sent and received by the application.  This is equiva‐
106              lent to the -d option.
107
108       doDebugging (1|0)
109              turns on debugging for all applications run if set to 1.
110
111       debugTokens TOKEN[,TOKEN...]
112              defines the debugging tokens that should be turned on when doDe‐
113              bugging is set.  This is equivalent to the -D option.
114
115       debugLogLevel (emerg|alert|crit|err|warning|notice|info|debug)
116              Set  the priority level for logging of debug output. Defaults to
117              debug.
118
119       16bitIDs yes
120              restricts requestIDs, etc to 16-bit values.
121
122              The SNMP specifications define these ID fields as 32-bit quanti‐
123              ties,  and  the  Net-SNMP  library typically initialises them to
124              random values for security.   However  certain  (broken)  agents
125              cannot  handle  ID values greater than 2^16 - this option allows
126              interoperability with such agents.
127
128       clientaddr [<transport-specifier>:]<transport-address>
129              specifies the source address to be used by command-line applica‐
130              tions when sending SNMP requests. See snmpcmd(1) for more infor‐
131              mation about the format of addresses.
132
133              This value is also used by snmpd when generating notifications.
134
135       clientaddrUsesPort no
136              specifies, if clientaddr option contains a port number. Set this
137              option  to  "yes", if clientaddr contains a port number and this
138              port should be used for sending outgoing SNMP requests.
139
140       clientRecvBuf INTEGER
141              specifies the desired size of the buffer to be used when receiv‐
142              ing  responses  to SNMP requests.  If the OS hard limit is lower
143              than the clientRecvBuf value, then this will  be  used  instead.
144              Some  platforms  may  decide  to increase the size of the buffer
145              actually used for internal housekeeping.
146
147              This directive will be ignored if the platforms does not support
148              setsockopt().
149
150       clientSendBuf INTEGER
151              is similar to clientRecvBuf, but applies to the size of the buf‐
152              fer used when sending SNMP requests.
153
154       noRangeCheck yes
155              disables the validation of varbind values against the MIB  defi‐
156              nition  for  the  relevant  OID.   This is equivalent to the -Ir
157              option.
158
159              This directive is primarily relevant to the snmpset command, but
160              will  also  apply  to  any application that calls snmp_add_var()
161              with a non-NULL value.
162
163       noTokenWarnings
164              disables warnings about unknown config file tokens.
165
166       reverseEncodeBER (1|yes|true|0|no|false)
167              controls how the encoding of SNMP requests is handled.
168
169              The default behaviour is to encode packets starting from the end
170              of the PDU and working backwards.  This directive can be used to
171              disable this behaviour, and build the  encoded  request  in  the
172              (more obvious) forward direction.
173
174              It  should  not normally be necessary to change this setting, as
175              the encoding is basically the same in either case - but  working
176              backwards typically produces a slightly more efficient encoding,
177              and hence a smaller network datagram.
178
179       dontLoadHostConfig (1|yes|true|0|no|false)
180              Specifies whether or not the host-specific  configuration  files
181              are  loaded.   Set to "true" to turn off the loading of the host
182              specific configuration files.
183
184       retries INTEGER
185              Specifies the number of retries to be used in the requests.
186
187       timeout INTEGER
188              Specifies the timeout in seconds between retries.
189

SNMPv1/SNMPv2c SETTINGS

191       disableSNMPv1  (1|yes|true|0|no|false)
192
193       disableSNMPv2c (1|yes|true|0|no|false)
194              Disables protocol versions at  runtime.  Incoming  and  outgoing
195              packets for the protocol will be dropped.
196

SNMPv3 SETTINGS

198       disableSNMPv3  (1|yes|true|0|no|false)
199              Disables  protocol  versions  at  runtime. Incoming and outgoing
200              packets for the protocol will be dropped.
201
202       defSecurityName STRING
203              defines the default security name to use  for  SNMPv3  requests.
204              This can be overridden using the -u option.
205
206       defSecurityLevel noAuthNoPriv|authNoPriv|authPriv
207              defines  the  default security level to use for SNMPv3 requests.
208              This can be overridden using the -l option.
209
210              If not specified, the default value for this token is  noAuthNo‐
211              Priv.
212
213              Note:  authPriv  is only available if the software has been com‐
214                     piled to use the OpenSSL libraries.
215
216       defPassphrase STRING
217
218       defAuthPassphrase STRING
219
220       defPrivPassphrase STRING
221              define the default authentication and privacy  pass  phrases  to
222              use  for  SNMPv3 requests.  These can be overridden using the -A
223              and -X options respectively.
224
225              The defPassphrase value will  be  used  for  the  authentication
226              and/or  privacy  pass  phrases if either of the other directives
227              are not specified.
228
229       defAuthType MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224
230
231       defPrivType DES|AES
232              define the default authentication and privacy protocols  to  use
233              for  SNMPv3  requests.  These can be overridden using the -a and
234              -x options respectively.
235
236              If not specified, SNMPv3 requests will default to MD5  authenti‐
237              cation and DES encryption.
238
239              Note:  If  the software has not been compiled to use the OpenSSL
240                     libraries, then only  MD5  authentication  is  supported.
241                     Neither  SHA  authentication  nor  any form of encryption
242                     will be available.
243
244       defContext STRING
245              defines the default context to use for  SNMPv3  requests.   This
246              can be overridden using the -n option.
247
248              If  not  specified,  the  default  value  for  this token is the
249              default context (i.e. the empty string "").
250
251       defSecurityModel STRING
252              defines the security model to  use  for  SNMPv3  requests.   The
253              default  value  is  "usm" which is the only widely used security
254              model for SNMPv3.
255
256       defAuthMasterKey 0xHEXSTRING
257
258       defPrivMasterKey 0xHEXSTRING
259
260       defAuthLocalizedKey 0xHEXSTRING
261
262       defPrivLocalizedKey 0xHEXSTRING
263              define the (hexadecimal) keys to be used for SNMPv3 secure  com‐
264              munications.    SNMPv3   keys  are  frequently  derived  from  a
265              passphrase, as discussed in  the  defPassphrase  section  above.
266              However  for improved security a truely random key can be gener‐
267              ated and used instead (which would normally has  better  entropy
268              than  a  password  unless it is amazingly long).  The directives
269              are equivalent to the short-form command line options -3m,  -3M,
270              -3k, and -3K.
271
272              Localized  keys  are  master keys which have been converted to a
273              unique key which is only suitable for on particular SNMP  engine
274              (agent).   The length of the key needs to be appropriate for the
275              authentication or encryption type being used (auth keys:  MD5=16
276              bytes,  SHA1=20 bytes; priv keys: DES=16 bytes (8 bytes of which
277              is used as an IV and not a key), and AES=16 bytes).
278
279       sshtosnmpsocket PATH
280              Sets the path of the sshtosnmp socket created by an  application
281              (e.g.  snmpd) listening for incoming ssh connections through the
282              sshtosnmp unix socket.
283
284       sshtosnmpsocketperms MODE [OWNER [GROUP]]
285              Sets the mode, owner and group of the sshtosnmp  socket  created
286              by  an  application (e.g. snmpd) listening for incoming ssh con‐
287              nections through the sshtosnmp unix socket.  The socket needs to
288              be  read/write privileged for SSH users that are allowed to con‐
289              nect to the SNMP service (VACM access still needs to be  granted
290              as well, most likely through the TSM security model).
291
292       sshusername NAME
293              Sets the SSH user name for logging into the remote system.
294
295       sshpubkey FILE
296              Set  the public key file to use when connecting to a remote sys‐
297              tem.
298
299       sshprivkey FILE
300              Set the private key file to use when connecting to a remote sys‐
301              tem.
302

SERVER BEHAVIOUR

304       persistentDir DIRECTORY
305              defines the directory where snmpd and snmptrapd store persistent
306              configuration settings.
307
308              If  not  specified,  the  persistent   directory   defaults   to
309              /var/lib/net-snmp
310
311       noPersistentLoad yes
312
313       noPersistentSave yes
314              disable  the  loading  and  saving  of  persistent configuration
315              information.
316
317              Note:  This will break SNMPv3 operations  (and  other  behaviour
318                     that  relies  on  changes  persisting  across application
319                     restart).  Use With Care.
320
321       tempFilePattern PATTERN
322              defines a filename template for creating  temporary  files,  for
323              handling input to and output from external shell commands.  Used
324              by the mkstemp() and mktemp() functions.
325
326              If  not  specified,  the  default  pattern   is   "/var/run/net-
327              snmp/snmp-tmp-XXXXXX".
328
329       serverRecvBuf INTEGER
330              specifies the desired size of the buffer to be used when receiv‐
331              ing incoming SNMP requests.  If the OS hard limit is lower  than
332              the  serverRecvBuf  value, then this will be used instead.  Some
333              platforms may decide to increase the size of the buffer actually
334              used for internal housekeeping.
335
336              This directive will be ignored if the platforms does not support
337              setsockopt().
338
339       serverSendBuf INTEGER
340              is similar to serverRecvBuf, but applies to the size of the buf‐
341              fer used when sending SNMP responses.
342
343       sourceFilterType none|whitelist|blacklist
344              specifies  whether  or  not addresses added with sourceFilterAd‐
345              dress are whitelisted or blacklisted. The default is none, indi‐
346              cating that incoming packets will not be checked agains the fil‐
347              ter list.
348
349       sourceFilterAddress ADDRESS
350              specifies an address to be added to the  source  address  filter
351              list.   sourceFilterType configuration determines whether or not
352              addresses are whitelisted or blacklisted.
353

MIB HANDLING

355       mibdirs DIRLIST
356              specifies a list of directories to search for MIB  files.   This
357              operates  in  the same way as the -M option - see snmpcmd(1) for
358              details.  Note that this value can be overridden by the  MIBDIRS
359              environment variable, and the -M option.
360
361       mibs MIBLIST
362              specifies  a  list  of  MIB  modules  (not files) that should be
363              loaded.  This operates in the same way as the -m  option  -  see
364              snmpcmd(1)  for  details.  Note that this list can be overridden
365              by the MIBS environment variable, and the -m option.
366
367       mibfile FILE
368              specifies a (single) MIB file to load, in addition to  the  list
369              read  from  the  mibs token (or equivalent configuration).  Note
370              that this value can be overridden by  the  MIBFILES  environment
371              variable.
372
373       showMibErrors (1|yes|true|0|no|false)
374              whether to display MIB parsing errors.
375
376       commentToEOL (1|yes|true|0|no|false)
377              whether  MIB parsing should be strict about comment termination.
378              Many MIB writers assume that ASN.1 comments extend to the end of
379              the  text  line,  rather  than being terminated by the next "--"
380              token.  This token can be used to accept such  (strictly  incor‐
381              rect) MIBs.
382              Note that this directive was previous (mis-)named strictComment‐
383              Term, but with the reverse behaviour from that  implied  by  the
384              name.   This  earlier token is still accepted for backwards com‐
385              patibility.
386
387       mibAllowUnderline (1|yes|true|0|no|false)
388              whether to allow underline characters in MIB  object  names  and
389              enumeration  values.   This  token  can  be  used to accept such
390              (strictly incorrect) MIBs.
391
392       mibWarningLevel INTEGER
393              the minimum warning level of the warnings  printed  by  the  MIB
394              parser.
395

OUTPUT CONFIGURATION

397       logTimestamp (1|yes|true|0|no|false)
398              Whether the commands should log timestamps with their error/mes‐
399              sage logging or not.  Note that output will not look  as  pretty
400              with  timestamps  if  the  source code that is doing the logging
401              does incremental logging of messages that are not line  buffered
402              before  being  passed  to  the logging routines.  This option is
403              only used when file logging is active.
404
405       printNumericEnums (1|yes|true|0|no|false)
406              Equivalent to -Oe.
407
408       printNumericOids (1|yes|true|0|no|false)
409              Equivalent to -On.
410
411       dontBreakdownOids (1|yes|true|0|no|false)
412              Equivalent to -Ob.
413
414       escapeQuotes (1|yes|true|0|no|false)
415              Equivalent to -OE.
416
417       quickPrinting (1|yes|true|0|no|false)
418              Equivalent to -Oq.
419
420       printValueOnly (1|yes|true|0|no|false)
421              Equivalent to -Ov.
422
423       dontPrintUnits (1|yes|true|0|no|false)
424              Equivalent to -OU.
425
426       numericTimeticks (1|yes|true|0|no|false)
427              Equivalent to -Ot.
428
429       printHexText (1|yes|true|0|no|false)
430              Equivalent to -OT.
431
432       hexOutputLength integer
433              Specifies where to break up the output of  hexadecimal  strings.
434              Set to 0 to disable line breaks.  Defaults to 16.
435
436       suffixPrinting (0|1|2)
437              The  value  1 is equivalent to -Os and the value 2 is equivalent
438              to -OS.
439
440       oidOutputFormat (1|2|3|4|5|6)
441              Maps -O options as follow: -Os=1, -OS=2,  -Of=3,  -On=4,  -Ou=5.
442              The value 6 has no matching -O option. It suppresses output.
443
444       extendedIndex (1|yes|true|0|no|false)
445              Equivalent to -OX.
446
447       noDisplayHint (1|yes|true|0|no|false)
448              Disables  the  use  of  DISPLAY-HINT  information  when  parsing
449              indices and values to set. Equivalent to -Ih.
450
451       outputPrecision PRECISION
452              Uses the PRECISION string to allow  modification  of  the  value
453              output  format.  See  snmpcmd(1) for details.  Equivalent to -Op
454              (which takes precedence over the config file).
455

FILES

457       System-wide configuration files:
458              /etc/snmp/snmp.conf
459              /etc/snmp/snmp.local.conf
460
461       User-specific configuration settings:
462              $HOME/.snmp/snmp.conf
463              $HOME/.snmp/snmp.local.conf
464
465       Destination host specific files:
466              /etc/snmp/hosts/HOSTNAME.conf
467              $HOME/.snmp/hosts/HOSTNAME.conf
468
469

SEE ALSO

471       snmp_config(5), netsnmp_config_api(3), snmpcmd(1).
472
473
474
475V5.8                              21 Apr 2010                     SNMP.CONF(5)
Impressum