1SNMP.CONF(5) Net-SNMP SNMP.CONF(5)
2
6 snmp.conf - configuration files for the Net-SNMP applications
7
9 Applications built using the Net-SNMP libraries typically use one or
10 more configuration files to control various aspects of their operation.
11 These files (snmp.conf and snmp.local.conf) can be located in one of
12 several locations, as described in the snmp_config(5) manual page.
13 In particular, /etc/snmp/snmp.conf is a common file, containing the
15 settings shared by all users of the system. ~/.snmp/snmp.conf is a
16 personal file, with the settings specific to a particular user.
17
19 Several of these directives may contain sensitive information (such as
20 pass phrases). Configuration files that include such settings should
21 only be readable by the user concerned.
22 As well as application-specific configuration tokens, there are several
24 directives that relate to standard library behaviour, relevant to most
25 Net-SNMP applications. Many of these correspond to standard command-
26 line options, which are described in the snmpcmd(1) manual page.
27 These directives can be divided into several distinct groups.
29
31 defDomain application domain
32 The transport domain that should be used for a certain applica‐
33 tion type unless something else is specified.
34 defTarget application domain target
36 The target that should be used for connections to a certain
37 application if the connection should be in a specific domain.
38 defaultPort PORT
40 defines the default UDP port that client SNMP applications will
41 attempt to connect to. This can be overridden by explicitly
42 including a port number in the AGENT specification. See the
43 snmpcmd(1) manual page for more details.
44 If not specified, the default value for this token is 161.
46 defVersion (1|2c|3)
48 defines the default version of SNMP to use. This can be over‐
49 ridden using the -v option.
50 defCommunity STRING
52 defines the default community to use for SNMPv1 and SNMPv2c
53 requests. This can be overridden using the -c option.
54 alias NAME DEFINITION
56 Creates an aliased tied to NAME for a given transport defini‐
57 tion. The alias can the be referred to using an alias: prefix.
58 Eg, a line of "alias here udp:127.0.0.1:6161" would allow you to
59 use a destination host of "alias:here" instead of
60 "udp:127.0.0.1:6161". This becomes more useful with complex
61 transport addresses involving IPv6 addresses, etc.
62 dumpPacket yes
64 defines whether to display a hexadecimal dump of the raw SNMP
65 requests sent and received by the application. This is equiva‐
66 lent to the -d option.
67 doDebugging (1|0)
69 turns on debugging for all applications run if set to 1.
70 debugTokens TOKEN[,TOKEN...]
72 defines the debugging tokens that should be turned on when doDe‐
73 bugging is set. This is equivalent to the -D option.
74 16bitIDs yes
76 restricts requestIDs, etc to 16-bit values.
77 The SNMP specifications define these ID fields as 32-bit quanti‐
79 ties, and the Net-SNMP library typically initialises them to
80 random values for security. However certain (broken) agents
81 cannot handle ID values greater than 2^16 - this option allows
82 interoperability with such agents.
83 clientaddr [<transport-specifier>:]<transport-address>
85 specifies the source address to be used by command-line applica‐
86 tions when sending SNMP requests. See snmpcmd(1) for more infor‐
87 mation about the format of addresses.
88 This value is also used by snmpd when generating notifications.
90 clientaddrUsesPort no
92 specifies, if clientaddr option contains a port number. Set this
93 option to "yes", if clientaddr contains a port number and this
94 port should be used for sending outgoing SNMP requests.
95 clientRecvBuf INTEGER
97 specifies the desired size of the buffer to be used when receiv‐
98 ing responses to SNMP requests. If the OS hard limit is lower
99 than the clientRecvBuf value, then this will be used instead.
100 Some platforms may decide to increase the size of the buffer
101 actually used for internal housekeeping.
102 This directive will be ignored if the platforms does not support
104 setsockopt().
105 clientSendBuf INTEGER
107 is similar to clientRecvBuf, but applies to the size of the buf‐
108 fer used when sending SNMP requests.
109 noRangeCheck yes
111 disables the validation of varbind values against the MIB defi‐
112 nition for the relevant OID. This is equivalent to the -Ir
113 option.
114 This directive is primarily relevant to the snmpset command, but
116 will also apply to any application that calls snmp_add_var()
117 with a non-NULL value.
118 noTokenWarnings
120 disables warnings about unknown config file tokens.
121 reverseEncodeBER (1|yes|true|0|no|false)
123 controls how the encoding of SNMP requests is handled.
124 The default behaviour is to encode packets starting from the end
126 of the PDU and working backwards. This directive can be used to
127 disable this behaviour, and build the encoded request in the
128 (more obvious) forward direction.
129 It should not normally be necessary to change this setting, as
131 the encoding is basically the same in either case - but working
132 backwards typically produces a slightly more efficient encoding,
133 and hence a smaller network datagram.
134
136 defSecurityName STRING
137 defines the default security name to use for SNMPv3 requests.
138 This can be overridden using the -u option.
139 defSecurityLevel noAuthNoPriv|authNoPriv|authPriv
141 defines the default security level to use for SNMPv3 requests.
142 This can be overridden using the -l option.
143 If not specified, the default value for this token is noAuthNo‐
145 Priv.
146 Note: authPriv is only available if the software has been com‐
148 piled to use the OpenSSL libraries.
149 defPassphrase STRING
151 defAuthPassphrase STRING
153 defPrivPassphrase STRING
155 define the default authentication and privacy pass phrases to
156 use for SNMPv3 requests. These can be overridden using the -A
157 and -X options respectively.
158 The defPassphrase value will be used for the authentication
160 and/or privacy pass phrases if either of the other directives
161 are not specified.
162 defAuthType MD5|SHA
164 defPrivType DES|AES
166 define the default authentication and privacy protocols to use
167 for SNMPv3 requests. These can be overridden using the -a and
168 -x options respectively.
169 If not specified, SNMPv3 requests will default to MD5 authenti‐
171 cation and DES encryption.
172 Note: If the software has not been compiled to use the OpenSSL
174 libraries, then only MD5 authentication is supported.
175 Neither SHA authentication nor any form of encryption
176 will be available.
177 defContext STRING
179 defines the default context to use for SNMPv3 requests. This
180 can be overridden using the -n option.
181 If not specified, the default value for this token is the
183 default context (i.e. the empty string "").
184 defSecurityModel STRING
186 defines the security model to use for SNMPv3 requests. The
187 default value is "usm" which is the only widely used security
188 model for SNMPv3.
189 defAuthMasterKey 0xHEXSTRING
191 defPrivMasterKey 0xHEXSTRING
193 defAuthLocalizedKey 0xHEXSTRING
195 defPrivLocalizedKey 0xHEXSTRING
197 define the (hexadecimal) keys to be used for SNMPv3 secure com‐
198 munications. SNMPv3 keys are frequently derived from a
199 passphrase, as discussed in the defPassphrase section above.
200 However for improved security a truely random key can be gener‐
201 ated and used instead (which would normally has better entropy
202 than a password unless it is amazingly long). The directives
203 are equivalent to the short-form command line options -3m, -3M,
204 -3k, and -3K.
205 Localized keys are master keys which have been converted to a
207 unique key which is only suitable for on particular SNMP engine
208 (agent). The length of the key needs to be appropriate for the
209 authentication or encryption type being used (auth keys: MD5=16
210 bytes, SHA1=20 bytes; priv keys: DES=16 bytes (8 bytes of which
211 is used as an IV and not a key), and AES=16 bytes).
212 sshtosnmpsocketperms PATH
214 Sets the path of the sshtosnmp socket created by an application
215 (e.g. snmpd) listening for incoming ssh connections through the
216 sshtosnmp unix socket.
217 sshtosnmpsocketperms MODE [OWNER [GROUP]]
219 Sets the mode, owner and group of the sshtosnmp socket created
220 by an application (e.g. snmpd) listening for incoming ssh con‐
221 nections through the sshtosnmp unix socket. The socket needs to
222 be read/write privileged for SSH users that are allowed to con‐
223 nect to the SNMP service (VACM access still needs to be granted
224 as well, most likely through the TSM security model).
225
227 persistentDir DIRECTORY
228 defines the directory where snmpd and snmptrapd store persistent
229 configuration settings.
230 If not specified, the persistent directory defaults to
232 /var/lib/net-snmp
233 noPersistentLoad yes
235 noPersistentSave yes
237 disable the loading and saving of persistent configuration
238 information.
239 Note: This will break SNMPv3 operations (and other behaviour
241 that relies on changes persisting across application
242 restart). Use With Care.
243 tempFilePattern PATTERN
245 defines a filename template for creating temporary files, for
246 handling input to and output from external shell commands. Used
247 by the mkstemp() and mktemp() functions.
248 If not specified, the default pattern is "/var/run/net-
250 snmp/snmp-tmp-XXXXXX".
251 serverRecvBuf INTEGER
253 specifies the desired size of the buffer to be used when receiv‐
254 ing incoming SNMP requests. If the OS hard limit is lower than
255 the serverRecvBuf value, then this will be used instead. Some
256 platforms may decide to increase the size of the buffer actually
257 used for internal housekeeping.
258 This directive will be ignored if the platforms does not support
260 setsockopt().
261 serverSendBuf INTEGER
263 is similar to serverRecvBuf, but applies to the size of the buf‐
264 fer used when sending SNMP responses.
265
267 mibdirs DIRLIST
268 specifies a list of directories to search for MIB files. This
269 operates in the same way as the -M option - see snmpcmd(1) for
270 details. Note that this value can be overridden by the MIBDIRS
271 environment variable, and the -M option.
272 mibs MIBLIST
274 specifies a list of MIB modules (not files) that should be
275 loaded. This operates in the same way as the -m option - see
276 snmpcmd(1) for details. Note that this list can be overridden
277 by the MIBS environment variable, and the -m option.
278 mibfile FILE
280 specifies a (single) MIB file to load, in addition to the list
281 read from the mibs token (or equivalent configuration). Note
282 that this value can be overridden by the MIBFILES environment
283 variable.
284 showMibErrors (1|yes|true|0|no|false)
286 whether to display MIB parsing errors.
287 commentToEOL (1|yes|true|0|no|false)
289 whether MIB parsing should be strict about comment termination.
290 Many MIB writers assume that ASN.1 comments extend to the end of
291 the text line, rather than being terminated by the next "--"
292 token. This token can be used to accept such (strictly incor‐
293 rect) MIBs.
294 Note that this directive was previous (mis-)named strictComment‐
295 Term, but with the reverse behaviour from that implied by the
296 name. This earlier token is still accepted for backwards com‐
297 patibility.
298 mibAllowUnderline (1|yes|true|0|no|false)
300 whether to allow underline characters in MIB object names and
301 enumeration values. This token can be used to accept such
302 (strictly incorrect) MIBs.
303 mibWarningLevel INTEGER
305 the minimum warning level of the warnings printed by the MIB
306 parser.
307
309 logTimestamp (1|yes|true|0|no|false)
310 Whether the commands should log timestamps with their error/mes‐
311 sage logging or not. Note that output will not look as pretty
312 with timestamps if the source code that is doing the logging
313 does incremental logging of messages that are not line buffered
314 before being passed to the logging routines. This option is
315 only used when file logging is active.
316 printNumericEnums (1|yes|true|0|no|false)
318 Equivalent to -Oe.
319 printNumericOids (1|yes|true|0|no|false)
321 Equivalent to -On.
322 dontBreakdownOids (1|yes|true|0|no|false)
324 Equivalent to -Ob.
325 escapeQuotes (1|yes|true|0|no|false)
327 Equivalent to -OE.
328 quickPrinting (1|yes|true|0|no|false)
330 Equivalent to -Oq.
331 printValueOnly (1|yes|true|0|no|false)
333 Equivalent to -Ov.
334 dontPrintUnits (1|yes|true|0|no|false)
336 Equivalent to -OU.
337 numericTimeticks (1|yes|true|0|no|false)
339 Equivalent to -Ot.
340 printHexText (1|yes|true|0|no|false)
342 Equivalent to -OT.
343 hexOutputLength integer
345 Specifies where to break up the output of hexadecimal strings.
346 Set to 0 to disable line breaks. Defaults to 16.
347 suffixPrinting (0|1|2)
349 The value 1 is equivalent to -Os and the value 2 is equivalent
350 to -OS.
351 oidOutputFormat (1|2|3|4|5|6)
353 Maps -O options as follow: -Os=1, -OS=2, -Of=3, -On=4, -Ou=5.
354 The value 6 has no matching -O option. It suppresses output.
355 extendedIndex (1|yes|true|0|no|false)
357 Equivalent to -OX.
358 noDisplayHint (1|yes|true|0|no|false)
360 Disables the use of DISPLAY-HINT information when parsing
361 indices and values to set. Equivalent to -Ih.
362
364 /etc/snmp/snmp.conf, /etc/snmp/snmp.local.conf - common configuration
365 settings
366 ~/.snmp/snmp.conf - user-specific configuration settings
367
369 snmp_config(5), read_config(3), snmpcmd(1).
3704th Berkeley Distribution 29 Jun 2005 SNMP.CONF(5)