1SNMP.CONF(5) Net-SNMP SNMP.CONF(5)
2
3
4
6 snmp.conf - configuration files for the Net-SNMP applications
7
9 Applications built using the Net-SNMP libraries typically use one or
10 more configuration files to control various aspects of their operation.
11 These files (snmp.conf and snmp.local.conf) can be located in one of
12 several locations, as described in the snmp_config(5) manual page.
13
14 In particular, /etc/snmp/snmp.conf is a common file, containing the
15 settings shared by all users of the system. ~/.snmp/snmp.conf is a
16 personal file, with the settings specific to a particular user.
17
19 Host-specific files may also be loaded and will be searched for if a
20 transport name is specified that matches a PATH/hosts/HOST.conf file.
21 For example, if you wanted a particular host to use SNMPv2c by default
22 you could create a ~/.snmp/hosts/NAME.conf file and in it put:
23
24 defVersion 2c
25
26 Any connections set to connect to the hostname NAME will use SNMPv2c.
27 Also see the transport token below for additional host-specific exam‐
28 ples.
29
30 Host-specific configuration files are loaded at the time the connection
31 is opened. Thus they're generally loaded after all other configuration
32 files and can be used to override settings from the generic files.
33
34 To avoid loading any host-specific config files set "dontLoadHostConfig
35 true" in your snmp.conf file.
36
38 All of the tokens described in this file can be used on the command
39 line of Net-SNMP applications as well by prefixing them with "--". EG,
40 specifying --dontLoadHostConfig=true on the command line will turn of
41 loading of the host specific configuration files.
42
44 Several of these directives may contain sensitive information (such as
45 pass phrases). Configuration files that include such settings should
46 only be readable by the user concerned.
47
48 As well as application-specific configuration tokens, there are several
49 directives that relate to standard library behaviour, relevant to most
50 Net-SNMP applications. Many of these correspond to standard command-
51 line options, which are described in the snmpcmd(1) manual page.
52
53 These directives can be divided into several distinct groups.
54
56 defDomain application domain
57 The transport domain that should be used for a certain applica‐
58 tion type unless something else is specified.
59
60 defTarget application domain target
61 The target that should be used for connections to a certain
62 application if the connection should be in a specific domain.
63
64 defaultPort PORT
65 defines the default UDP port that client SNMP applications will
66 attempt to connect to. This can be overridden by explicitly
67 including a port number in the AGENT specification. See the
68 snmpcmd(1) manual page for more details.
69
70 If not specified, the default value for this token is 161.
71
72 transport HOSTSPECIFIER
73 This special token should go into a hostname-specific configura‐
74 tion file in a hosts sub-directory. For example if the file
75 hosts/foo.conf exists in the search path it will be loaded if a
76 transport name of foo was used. Within the foo.conf file you
77 may put both general snmp.conf settings as well as a special
78 transport string to specify the destination to connect to. For
79 example, putting:
80
81 transport tcp:foo.example.com:9876
82
83 in the hosts/foo.conf file will make applications referencing
84 the foo hostname (e.g. snmpget) to actually connect via TCP to
85 foo.exmaple.com on port 9876.
86
87 defVersion (1|2c|3)
88 defines the default version of SNMP to use. This can be over‐
89 ridden using the -v option.
90
91 defCommunity STRING
92 defines the default community to use for SNMPv1 and SNMPv2c
93 requests. This can be overridden using the -c option.
94
95 alias NAME DEFINITION
96 Creates an aliased tied to NAME for a given transport defini‐
97 tion. The alias can the be referred to using an alias: prefix.
98 Eg, a line of "alias here udp:127.0.0.1:6161" would allow you to
99 use a destination host of "alias:here" instead of
100 "udp:127.0.0.1:6161". This becomes more useful with complex
101 transport addresses involving IPv6 addresses, etc.
102
103 dumpPacket yes
104 defines whether to display a hexadecimal dump of the raw SNMP
105 requests sent and received by the application. This is equiva‐
106 lent to the -d option.
107
108 doDebugging (1|0)
109 turns on debugging for all applications run if set to 1.
110
111 debugTokens TOKEN[,TOKEN...]
112 defines the debugging tokens that should be turned on when doDe‐
113 bugging is set. This is equivalent to the -D option.
114
115 16bitIDs yes
116 restricts requestIDs, etc to 16-bit values.
117
118 The SNMP specifications define these ID fields as 32-bit quanti‐
119 ties, and the Net-SNMP library typically initialises them to
120 random values for security. However certain (broken) agents
121 cannot handle ID values greater than 2^16 - this option allows
122 interoperability with such agents.
123
124 clientaddr [<transport-specifier>:]<transport-address>
125 specifies the source address to be used by command-line applica‐
126 tions when sending SNMP requests. See snmpcmd(1) for more infor‐
127 mation about the format of addresses.
128
129 This value is also used by snmpd when generating notifications.
130
131 clientaddrUsesPort no
132 specifies, if clientaddr option contains a port number. Set this
133 option to "yes", if clientaddr contains a port number and this
134 port should be used for sending outgoing SNMP requests.
135
136 clientRecvBuf INTEGER
137 specifies the desired size of the buffer to be used when receiv‐
138 ing responses to SNMP requests. If the OS hard limit is lower
139 than the clientRecvBuf value, then this will be used instead.
140 Some platforms may decide to increase the size of the buffer
141 actually used for internal housekeeping.
142
143 This directive will be ignored if the platforms does not support
144 setsockopt().
145
146 clientSendBuf INTEGER
147 is similar to clientRecvBuf, but applies to the size of the buf‐
148 fer used when sending SNMP requests.
149
150 noRangeCheck yes
151 disables the validation of varbind values against the MIB defi‐
152 nition for the relevant OID. This is equivalent to the -Ir
153 option.
154
155 This directive is primarily relevant to the snmpset command, but
156 will also apply to any application that calls snmp_add_var()
157 with a non-NULL value.
158
159 noTokenWarnings
160 disables warnings about unknown config file tokens.
161
162 reverseEncodeBER (1|yes|true|0|no|false)
163 controls how the encoding of SNMP requests is handled.
164
165 The default behaviour is to encode packets starting from the end
166 of the PDU and working backwards. This directive can be used to
167 disable this behaviour, and build the encoded request in the
168 (more obvious) forward direction.
169
170 It should not normally be necessary to change this setting, as
171 the encoding is basically the same in either case - but working
172 backwards typically produces a slightly more efficient encoding,
173 and hence a smaller network datagram.
174
175 dontLoadHostConfig (1|yes|true|0|no|false)
176 Specifies whether or not the host-specific configuration files
177 are loaded. Set to "true" to turn off the loading of the host
178 specific configuration files.
179
180 retries INTEGER
181 Specifies the number of retries to be used in the requests.
182
183 timeout INTEGER
184 Specifies the timeout in seconds between retries.
185
187 defSecurityName STRING
188 defines the default security name to use for SNMPv3 requests.
189 This can be overridden using the -u option.
190
191 defSecurityLevel noAuthNoPriv|authNoPriv|authPriv
192 defines the default security level to use for SNMPv3 requests.
193 This can be overridden using the -l option.
194
195 If not specified, the default value for this token is noAuthNo‐
196 Priv.
197
198 Note: authPriv is only available if the software has been com‐
199 piled to use the OpenSSL libraries.
200
201 defPassphrase STRING
202
203 defAuthPassphrase STRING
204
205 defPrivPassphrase STRING
206 define the default authentication and privacy pass phrases to
207 use for SNMPv3 requests. These can be overridden using the -A
208 and -X options respectively.
209
210 The defPassphrase value will be used for the authentication
211 and/or privacy pass phrases if either of the other directives
212 are not specified.
213
214 defAuthType MD5|SHA
215
216 defPrivType DES|AES
217 define the default authentication and privacy protocols to use
218 for SNMPv3 requests. These can be overridden using the -a and
219 -x options respectively.
220
221 If not specified, SNMPv3 requests will default to MD5 authenti‐
222 cation and DES encryption.
223
224 Note: If the software has not been compiled to use the OpenSSL
225 libraries, then only MD5 authentication is supported.
226 Neither SHA authentication nor any form of encryption
227 will be available.
228
229 defContext STRING
230 defines the default context to use for SNMPv3 requests. This
231 can be overridden using the -n option.
232
233 If not specified, the default value for this token is the
234 default context (i.e. the empty string "").
235
236 defSecurityModel STRING
237 defines the security model to use for SNMPv3 requests. The
238 default value is "usm" which is the only widely used security
239 model for SNMPv3.
240
241 defAuthMasterKey 0xHEXSTRING
242
243 defPrivMasterKey 0xHEXSTRING
244
245 defAuthLocalizedKey 0xHEXSTRING
246
247 defPrivLocalizedKey 0xHEXSTRING
248 define the (hexadecimal) keys to be used for SNMPv3 secure com‐
249 munications. SNMPv3 keys are frequently derived from a
250 passphrase, as discussed in the defPassphrase section above.
251 However for improved security a truely random key can be gener‐
252 ated and used instead (which would normally has better entropy
253 than a password unless it is amazingly long). The directives
254 are equivalent to the short-form command line options -3m, -3M,
255 -3k, and -3K.
256
257 Localized keys are master keys which have been converted to a
258 unique key which is only suitable for on particular SNMP engine
259 (agent). The length of the key needs to be appropriate for the
260 authentication or encryption type being used (auth keys: MD5=16
261 bytes, SHA1=20 bytes; priv keys: DES=16 bytes (8 bytes of which
262 is used as an IV and not a key), and AES=16 bytes).
263
264 sshtosnmpsocket PATH
265 Sets the path of the sshtosnmp socket created by an application
266 (e.g. snmpd) listening for incoming ssh connections through the
267 sshtosnmp unix socket.
268
269 sshtosnmpsocketperms MODE [OWNER [GROUP]]
270 Sets the mode, owner and group of the sshtosnmp socket created
271 by an application (e.g. snmpd) listening for incoming ssh con‐
272 nections through the sshtosnmp unix socket. The socket needs to
273 be read/write privileged for SSH users that are allowed to con‐
274 nect to the SNMP service (VACM access still needs to be granted
275 as well, most likely through the TSM security model).
276
277 sshusername NAME
278 Sets the SSH user name for logging into the remote system.
279
280 sshpubkey FILE
281 Set the public key file to use when connecting to a remote sys‐
282 tem.
283
284 sshprivkey FILE
285 Set the private key file to use when connecting to a remote sys‐
286 tem.
287
289 persistentDir DIRECTORY
290 defines the directory where snmpd and snmptrapd store persistent
291 configuration settings.
292
293 If not specified, the persistent directory defaults to
294 /var/lib/net-snmp
295
296 noPersistentLoad yes
297
298 noPersistentSave yes
299 disable the loading and saving of persistent configuration
300 information.
301
302 Note: This will break SNMPv3 operations (and other behaviour
303 that relies on changes persisting across application
304 restart). Use With Care.
305
306 tempFilePattern PATTERN
307 defines a filename template for creating temporary files, for
308 handling input to and output from external shell commands. Used
309 by the mkstemp() and mktemp() functions.
310
311 If not specified, the default pattern is "/var/run/net-
312 snmp/snmp-tmp-XXXXXX".
313
314 serverRecvBuf INTEGER
315 specifies the desired size of the buffer to be used when receiv‐
316 ing incoming SNMP requests. If the OS hard limit is lower than
317 the serverRecvBuf value, then this will be used instead. Some
318 platforms may decide to increase the size of the buffer actually
319 used for internal housekeeping.
320
321 This directive will be ignored if the platforms does not support
322 setsockopt().
323
324 serverSendBuf INTEGER
325 is similar to serverRecvBuf, but applies to the size of the buf‐
326 fer used when sending SNMP responses.
327
329 mibdirs DIRLIST
330 specifies a list of directories to search for MIB files. This
331 operates in the same way as the -M option - see snmpcmd(1) for
332 details. Note that this value can be overridden by the MIBDIRS
333 environment variable, and the -M option.
334
335 mibs MIBLIST
336 specifies a list of MIB modules (not files) that should be
337 loaded. This operates in the same way as the -m option - see
338 snmpcmd(1) for details. Note that this list can be overridden
339 by the MIBS environment variable, and the -m option.
340
341 mibfile FILE
342 specifies a (single) MIB file to load, in addition to the list
343 read from the mibs token (or equivalent configuration). Note
344 that this value can be overridden by the MIBFILES environment
345 variable.
346
347 showMibErrors (1|yes|true|0|no|false)
348 whether to display MIB parsing errors.
349
350 commentToEOL (1|yes|true|0|no|false)
351 whether MIB parsing should be strict about comment termination.
352 Many MIB writers assume that ASN.1 comments extend to the end of
353 the text line, rather than being terminated by the next "--"
354 token. This token can be used to accept such (strictly incor‐
355 rect) MIBs.
356 Note that this directive was previous (mis-)named strictComment‐
357 Term, but with the reverse behaviour from that implied by the
358 name. This earlier token is still accepted for backwards com‐
359 patibility.
360
361 mibAllowUnderline (1|yes|true|0|no|false)
362 whether to allow underline characters in MIB object names and
363 enumeration values. This token can be used to accept such
364 (strictly incorrect) MIBs.
365
366 mibWarningLevel INTEGER
367 the minimum warning level of the warnings printed by the MIB
368 parser.
369
371 logTimestamp (1|yes|true|0|no|false)
372 Whether the commands should log timestamps with their error/mes‐
373 sage logging or not. Note that output will not look as pretty
374 with timestamps if the source code that is doing the logging
375 does incremental logging of messages that are not line buffered
376 before being passed to the logging routines. This option is
377 only used when file logging is active.
378
379 printNumericEnums (1|yes|true|0|no|false)
380 Equivalent to -Oe.
381
382 printNumericOids (1|yes|true|0|no|false)
383 Equivalent to -On.
384
385 dontBreakdownOids (1|yes|true|0|no|false)
386 Equivalent to -Ob.
387
388 escapeQuotes (1|yes|true|0|no|false)
389 Equivalent to -OE.
390
391 quickPrinting (1|yes|true|0|no|false)
392 Equivalent to -Oq.
393
394 printValueOnly (1|yes|true|0|no|false)
395 Equivalent to -Ov.
396
397 dontPrintUnits (1|yes|true|0|no|false)
398 Equivalent to -OU.
399
400 numericTimeticks (1|yes|true|0|no|false)
401 Equivalent to -Ot.
402
403 printHexText (1|yes|true|0|no|false)
404 Equivalent to -OT.
405
406 hexOutputLength integer
407 Specifies where to break up the output of hexadecimal strings.
408 Set to 0 to disable line breaks. Defaults to 16.
409
410 suffixPrinting (0|1|2)
411 The value 1 is equivalent to -Os and the value 2 is equivalent
412 to -OS.
413
414 oidOutputFormat (1|2|3|4|5|6)
415 Maps -O options as follow: -Os=1, -OS=2, -Of=3, -On=4, -Ou=5.
416 The value 6 has no matching -O option. It suppresses output.
417
418 extendedIndex (1|yes|true|0|no|false)
419 Equivalent to -OX.
420
421 noDisplayHint (1|yes|true|0|no|false)
422 Disables the use of DISPLAY-HINT information when parsing
423 indices and values to set. Equivalent to -Ih.
424
426 System-wide configuration files:
427 /etc/snmp/snmp.conf
428 /etc/snmp/snmp.local.conf
429
430 User-specific configuration settings:
431 $HOME/.snmp/snmp.conf
432 $HOME/.snmp/snmp.local.conf
433
434 Destination host specific files:
435 /etc/snmp/hosts/HOSTNAME.conf
436 $HOME/.snmp/hosts/HOSTNAME.conf
437
438
440 snmp_config(5), netsnmp_config_api(3), snmpcmd(1).
441
442
443
444V5.7.2 21 Apr 2010 SNMP.CONF(5)