1SNMP.CONF(5) Net-SNMP SNMP.CONF(5)
2
6 snmp.conf - configuration files for the Net-SNMP applications
7
9 Applications built using the Net-SNMP libraries typically use one or
10 more configuration files to control various aspects of their operation.
11 These files (snmp.conf and snmp.local.conf) can be located in one of
12 several locations, as described in the snmp_config(5) manual page.
13 In particular, /etc/snmp/snmp.conf is a common file, containing the
15 settings shared by all users of the system. ~/.snmp/snmp.conf is a
16 personal file, with the settings specific to a particular user.
17
19 Host-specific files may also be loaded and will be searched for if a
20 transport name is specified that matches a PATH/hosts/HOST.conf file.
21 For example, if you wanted a particular host to use SNMPv2c by default
22 you could create a ~/.snmp/hosts/NAME.conf file and in it put:
23 defVersion 2c
25 Any connections set to connect to the hostname NAME will use SNMPv2c.
27 Also see the transport token below for additional host-specific exam‐
28 ples.
29 Host-specific configuration files are loaded at the time the connection
31 is opened. Thus they're generally loaded after all other configuration
32 files and can be used to override settings from the generic files.
33 To avoid loading any host-specific config files set "dontLoadHostConfig
35 true" in your snmp.conf file.
36
38 All of the tokens described in this file can be used on the command
39 line of Net-SNMP applications as well by prefixing them with "--". EG,
40 specifying --dontLoadHostConfig=true on the command line will turn of
41 loading of the host specific configuration files.
42
44 Several of these directives may contain sensitive information (such as
45 pass phrases). Configuration files that include such settings should
46 only be readable by the user concerned.
47 As well as application-specific configuration tokens, there are several
49 directives that relate to standard library behaviour, relevant to most
50 Net-SNMP applications. Many of these correspond to standard command-
51 line options, which are described in the snmpcmd(1) manual page.
52 These directives can be divided into several distinct groups.
54
56 defDomain application domain
57 The transport domain that should be used for a certain applica‐
58 tion type unless something else is specified.
59 defTarget application domain target
61 The target that should be used for connections to a certain
62 application if the connection should be in a specific domain.
63 defaultPort PORT
65 defines the default UDP port that client SNMP applications will
66 attempt to connect to. This can be overridden by explicitly
67 including a port number in the AGENT specification. See the
68 snmpcmd(1) manual page for more details.
69 If not specified, the default value for this token is 161.
71 transport HOSTSPECIFIER
73 This special token should go into a hostname-specific configura‐
74 tion file in a hosts sub-directory. For example if the file
75 hosts/foo.conf exists in the search path it will be loaded if a
76 transport name of foo was used. Within the foo.conf file you
77 may put both general snmp.conf settings as well as a special
78 transport string to specify the destination to connect to. For
79 example, putting:
80 transport tcp:foo.example.com:9876
82 in the hosts/foo.conf file will make applications referencing
84 the foo hostname (e.g. snmpget) to actually connect via TCP to
85 foo.exmaple.com on port 9876.
86 defVersion (1|2c|3)
88 defines the default version of SNMP to use. This can be over‐
89 ridden using the -v option.
90 defCommunity STRING
92 defines the default community to use for SNMPv1 and SNMPv2c
93 requests. This can be overridden using the -c option.
94 alias NAME DEFINITION
96 Creates an aliased tied to NAME for a given transport defini‐
97 tion. The alias can the be referred to using an alias: prefix.
98 Eg, a line of "alias here udp:127.0.0.1:6161" would allow you to
99 use a destination host of "alias:here" instead of
100 "udp:127.0.0.1:6161". This becomes more useful with complex
101 transport addresses involving IPv6 addresses, etc.
102 dumpPacket yes
104 defines whether to display a hexadecimal dump of the raw SNMP
105 requests sent and received by the application. This is equiva‐
106 lent to the -d option.
107 doDebugging (1|0)
109 turns on debugging for all applications run if set to 1.
110 debugTokens TOKEN[,TOKEN...]
112 defines the debugging tokens that should be turned on when doDe‐
113 bugging is set. This is equivalent to the -D option.
114 debugLogLevel (emerg|alert|crit|err|warning|notice|info|debug)
116 Set the priority level for logging of debug output. Defaults to
117 debug.
118 16bitIDs yes
120 restricts requestIDs, etc to 16-bit values.
121 The SNMP specifications define these ID fields as 32-bit quanti‐
123 ties, and the Net-SNMP library typically initialises them to
124 random values for security. However certain (broken) agents
125 cannot handle ID values greater than 2^16 - this option allows
126 interoperability with such agents.
127 clientaddr [<transport-specifier>:]<transport-address>
129 specifies the source address to be used by command-line applica‐
130 tions when sending SNMP requests. See snmpcmd(1) for more infor‐
131 mation about the format of addresses.
132 This value is also used by snmpd when generating notifications.
134 clientaddrUsesPort no
136 specifies, if clientaddr option contains a port number. Set this
137 option to "yes", if clientaddr contains a port number and this
138 port should be used for sending outgoing SNMP requests. This
139 option only affects IPv4 client addresses and is ignored for
140 IPv6 client addresses.
141 clientRecvBuf INTEGER
143 specifies the desired size of the buffer to be used when receiv‐
144 ing responses to SNMP requests. If the OS hard limit is lower
145 than the clientRecvBuf value, then this will be used instead.
146 Some platforms may decide to increase the size of the buffer
147 actually used for internal housekeeping.
148 This directive will be ignored if the platforms does not support
150 setsockopt().
151 clientSendBuf INTEGER
153 is similar to clientRecvBuf, but applies to the size of the buf‐
154 fer used when sending SNMP requests.
155 noRangeCheck yes
157 disables the validation of varbind values against the MIB defi‐
158 nition for the relevant OID. This is equivalent to the -Ir
159 option.
160 This directive is primarily relevant to the snmpset command, but
162 will also apply to any application that calls snmp_add_var()
163 with a non-NULL value.
164 noTokenWarnings
166 disables warnings about unknown config file tokens.
167 reverseEncodeBER (1|yes|true|0|no|false)
169 controls how the encoding of SNMP requests is handled.
170 The default behaviour is to encode packets starting from the end
172 of the PDU and working backwards. This directive can be used to
173 disable this behaviour, and build the encoded request in the
174 (more obvious) forward direction.
175 It should not normally be necessary to change this setting, as
177 the encoding is basically the same in either case - but working
178 backwards typically produces a slightly more efficient encoding,
179 and hence a smaller network datagram.
180 dontLoadHostConfig (1|yes|true|0|no|false)
182 Specifies whether or not the host-specific configuration files
183 are loaded. Set to "true" to turn off the loading of the host
184 specific configuration files.
185 retries INTEGER
187 Specifies the number of retries to be used in the requests.
188 timeout INTEGER
190 Specifies the timeout in seconds between retries.
191
193 disableSNMPv1 (1|yes|true|0|no|false)
194 disableSNMPv2c (1|yes|true|0|no|false)
196 Disables protocol versions at runtime. Incoming and outgoing
197 packets for the protocol will be dropped.
198
200 disableSNMPv3 (1|yes|true|0|no|false)
201 Disables protocol versions at runtime. Incoming and outgoing
202 packets for the protocol will be dropped.
203 defSecurityName STRING
205 defines the default security name to use for SNMPv3 requests.
206 This can be overridden using the -u option.
207 defSecurityLevel noAuthNoPriv|authNoPriv|authPriv
209 defines the default security level to use for SNMPv3 requests.
210 This can be overridden using the -l option.
211 If not specified, the default value for this token is noAuthNo‐
213 Priv.
214 Note: authPriv is only available if the software has been com‐
216 piled to use the OpenSSL libraries.
217 defPassphrase STRING
219 defAuthPassphrase STRING
221 defPrivPassphrase STRING
223 define the default authentication and privacy pass phrases to
224 use for SNMPv3 requests. These can be overridden using the -A
225 and -X options respectively.
226 The defPassphrase value will be used for the authentication
228 and/or privacy pass phrases if either of the other directives
229 are not specified.
230 defAuthType MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224
232 defPrivType DES|AES
234 define the default authentication and privacy protocols to use
235 for SNMPv3 requests. These can be overridden using the -a and
236 -x options respectively.
237 If not specified, SNMPv3 requests will default to MD5 authenti‐
239 cation and DES encryption.
240 Note: If the software has not been compiled to use the OpenSSL
242 libraries, then only MD5 authentication is supported.
243 Neither SHA authentication nor any form of encryption
244 will be available.
245 defContext STRING
247 defines the default context to use for SNMPv3 requests. This
248 can be overridden using the -n option.
249 If not specified, the default value for this token is the
251 default context (i.e. the empty string "").
252 defSecurityModel STRING
254 defines the security model to use for SNMPv3 requests. The
255 default value is "usm" which is the only widely used security
256 model for SNMPv3.
257 defAuthMasterKey 0xHEXSTRING
259 defPrivMasterKey 0xHEXSTRING
261 defAuthLocalizedKey 0xHEXSTRING
263 defPrivLocalizedKey 0xHEXSTRING
265 define the (hexadecimal) keys to be used for SNMPv3 secure com‐
266 munications. SNMPv3 keys are frequently derived from a
267 passphrase, as discussed in the defPassphrase section above.
268 However for improved security a truely random key can be gener‐
269 ated and used instead (which would normally has better entropy
270 than a password unless it is amazingly long). The directives
271 are equivalent to the short-form command line options -3m, -3M,
272 -3k, and -3K.
273 Localized keys are master keys which have been converted to a
275 unique key which is only suitable for on particular SNMP engine
276 (agent). The length of the key needs to be appropriate for the
277 authentication or encryption type being used (auth keys: MD5=16
278 bytes, SHA1=20 bytes; priv keys: DES=16 bytes (8 bytes of which
279 is used as an IV and not a key), and AES=16 bytes).
280 sshtosnmpsocket PATH
282 Sets the path of the sshtosnmp socket created by an application
283 (e.g. snmpd) listening for incoming ssh connections through the
284 sshtosnmp unix socket.
285 sshtosnmpsocketperms MODE [OWNER [GROUP]]
287 Sets the mode, owner and group of the sshtosnmp socket created
288 by an application (e.g. snmpd) listening for incoming ssh con‐
289 nections through the sshtosnmp unix socket. The socket needs to
290 be read/write privileged for SSH users that are allowed to con‐
291 nect to the SNMP service (VACM access still needs to be granted
292 as well, most likely through the TSM security model).
293 sshusername NAME
295 Sets the SSH user name for logging into the remote system.
296 sshpubkey FILE
298 Set the public key file to use when connecting to a remote sys‐
299 tem.
300 sshprivkey FILE
302 Set the private key file to use when connecting to a remote sys‐
303 tem.
304
306 persistentDir DIRECTORY
307 defines the directory where snmpd and snmptrapd store persistent
308 configuration settings.
309 If not specified, the persistent directory defaults to
311 /var/lib/net-snmp
312 noPersistentLoad yes
314 noPersistentSave yes
316 disable the loading and saving of persistent configuration
317 information.
318 Note: This will break SNMPv3 operations (and other behaviour
320 that relies on changes persisting across application
321 restart). Use With Care.
322 tempFilePattern PATTERN
324 defines a filename template for creating temporary files, for
325 handling input to and output from external shell commands. Used
326 by the mkstemp() and mktemp() functions.
327 If not specified, the default pattern is "/run/net-snmp/snmp-
329 tmp-XXXXXX".
330 serverRecvBuf INTEGER
332 specifies the desired size of the buffer to be used when receiv‐
333 ing incoming SNMP requests. If the OS hard limit is lower than
334 the serverRecvBuf value, then this will be used instead. Some
335 platforms may decide to increase the size of the buffer actually
336 used for internal housekeeping.
337 This directive will be ignored if the platforms does not support
339 setsockopt().
340 serverSendBuf INTEGER
342 is similar to serverRecvBuf, but applies to the size of the buf‐
343 fer used when sending SNMP responses.
344 sourceFilterType none|acceptlist|blocklist
346 specifies whether or not addresses added with sourceFilterAd‐
347 dress are accepted or blocked. The default is none, indicating
348 that incoming packets will not be checked agains the filter
349 list.
350 sourceFilterAddress ADDRESS
352 specifies an address to be added to the source address filter
353 list. sourceFilterType configuration determines whether or not
354 addresses are accepted or blocked.
355
357 mibdirs DIRLIST
358 specifies a list of directories to search for MIB files. This
359 operates in the same way as the -M option - see snmpcmd(1) for
360 details. Note that this value can be overridden by the MIBDIRS
361 environment variable, and the -M option.
362 mibs MIBLIST
364 specifies a list of MIB modules (not files) that should be
365 loaded. This operates in the same way as the -m option - see
366 snmpcmd(1) for details. Note that this list can be overridden
367 by the MIBS environment variable, and the -m option.
368 mibfile FILE
370 specifies a (single) MIB file to load, in addition to the list
371 read from the mibs token (or equivalent configuration). Note
372 that this value can be overridden by the MIBFILES environment
373 variable.
374 showMibErrors (1|yes|true|0|no|false)
376 whether to display MIB parsing errors.
377 commentToEOL (1|yes|true|0|no|false)
379 whether MIB parsing should be strict about comment termination.
380 Many MIB writers assume that ASN.1 comments extend to the end of
381 the text line, rather than being terminated by the next "--"
382 token. This token can be used to accept such (strictly incor‐
383 rect) MIBs.
384 Note that this directive was previous (mis-)named strictComment‐
385 Term, but with the reverse behaviour from that implied by the
386 name. This earlier token is still accepted for backwards com‐
387 patibility.
388 mibAllowUnderline (1|yes|true|0|no|false)
390 whether to allow underline characters in MIB object names and
391 enumeration values. This token can be used to accept such
392 (strictly incorrect) MIBs.
393 mibWarningLevel INTEGER
395 the minimum warning level of the warnings printed by the MIB
396 parser.
397
399 logTimestamp (1|yes|true|0|no|false)
400 Whether the commands should log timestamps with their error/mes‐
401 sage logging or not. Note that output will not look as pretty
402 with timestamps if the source code that is doing the logging
403 does incremental logging of messages that are not line buffered
404 before being passed to the logging routines. This option is
405 only used when file logging is active.
406 printNumericEnums (1|yes|true|0|no|false)
408 Equivalent to -Oe.
409 printNumericOids (1|yes|true|0|no|false)
411 Equivalent to -On.
412 dontBreakdownOids (1|yes|true|0|no|false)
414 Equivalent to -Ob.
415 escapeQuotes (1|yes|true|0|no|false)
417 Equivalent to -OE.
418 quickPrinting (1|yes|true|0|no|false)
420 Equivalent to -Oq.
421 printValueOnly (1|yes|true|0|no|false)
423 Equivalent to -Ov.
424 dontPrintUnits (1|yes|true|0|no|false)
426 Equivalent to -OU.
427 numericTimeticks (1|yes|true|0|no|false)
429 Equivalent to -Ot.
430 printHexText (1|yes|true|0|no|false)
432 Equivalent to -OT.
433 hexOutputLength integer
435 Specifies where to break up the output of hexadecimal strings.
436 Set to 0 to disable line breaks. Defaults to 16.
437 suffixPrinting (0|1|2)
439 The value 1 is equivalent to -Os and the value 2 is equivalent
440 to -OS.
441 oidOutputFormat (1|2|3|4|5|6)
443 Maps -O options as follow: -Os=1, -OS=2, -Of=3, -On=4, -Ou=5.
444 The value 6 has no matching -O option. It suppresses output.
445 extendedIndex (1|yes|true|0|no|false)
447 Equivalent to -OX.
448 noDisplayHint (1|yes|true|0|no|false)
450 Disables the use of DISPLAY-HINT information when parsing
451 indices and values to set. Equivalent to -Ih.
452 outputPrecision PRECISION
454 Uses the PRECISION string to allow modification of the value
455 output format. See snmpcmd(1) for details. Equivalent to -Op
456 (which takes precedence over the config file).
457
459 System-wide configuration files:
460 /etc/snmp/snmp.conf
461 /etc/snmp/snmp.local.conf
462 User-specific configuration settings:
464 $HOME/.snmp/snmp.conf
465 $HOME/.snmp/snmp.local.conf
466 Destination host specific files:
468 /etc/snmp/hosts/HOSTNAME.conf
469 $HOME/.snmp/hosts/HOSTNAME.conf
470
473 snmp_config(5), netsnmp_config_api(3), snmpcmd(1).
474V5.9 21 Apr 2010 SNMP.CONF(5)