1SNMP.CONF(5) Net-SNMP SNMP.CONF(5)
2
6 snmp.conf - configuration files for the Net-SNMP applications
7
9 Applications built using the Net-SNMP libraries typically use one or
10 more configuration files to control various aspects of their operation.
11 These files (snmp.conf and snmp.local.conf) can be located in one of
12 several locations, as described in the snmp_config(5) manual page.
13 In particular, /etc/snmp/snmp.conf is a common file, containing the
15 settings shared by all users of the system. ~/.snmp/snmp.conf is a
16 personal file, with the settings specific to a particular user.
17
19 Host-specific files may also be loaded and will be searched for if a
20 transport name is specified that matches a PATH/hosts/HOST.conf file.
21 For example, if you wanted a particular host to use SNMPv2c by default
22 you could create a ~/.snmp/hosts/NAME.conf file and in it put:
23 defVersion 2c
25 Any connections set to connect to the hostname NAME will use SNMPv2c.
27 Also see the transport token below for additional host-specific exam‐
28 ples.
29 Host-specific configuration files are loaded at the time the connection
31 is opened. Thus they're generally loaded after all other configuration
32 files and can be used to override settings from the generic files.
33 To avoid loading any host-specific config files set "dontLoadHostConfig
35 true" in your snmp.conf file.
36
38 All of the tokens described in this file can be used on the command
39 line of Net-SNMP applications as well by prefixing them with "--". EG,
40 specifying --dontLoadHostConfig=true on the command line will turn of
41 loading of the host specific configuration files.
42
44 Several of these directives may contain sensitive information (such as
45 pass phrases). Configuration files that include such settings should
46 only be readable by the user concerned.
47 As well as application-specific configuration tokens, there are several
49 directives that relate to standard library behaviour, relevant to most
50 Net-SNMP applications. Many of these correspond to standard command-
51 line options, which are described in the snmpcmd(1) manual page.
52 These directives can be divided into several distinct groups.
54
56 defDomain application domain
57 The transport domain that should be used for a certain applica‐
58 tion type unless something else is specified.
59 defTarget application domain target
61 The target that should be used for connections to a certain
62 application if the connection should be in a specific domain.
63 defaultPort PORT
65 defines the default UDP port that client SNMP applications will
66 attempt to connect to. This can be overridden by explicitly
67 including a port number in the AGENT specification. See the
68 snmpcmd(1) manual page for more details.
69 If not specified, the default value for this token is 161.
71 transport HOSTSPECIFIER
73 This special token should go into a hostname-specific configura‐
74 tion file in a hosts sub-directory. For example if the file
75 hosts/foo.conf exists in the search path it will be loaded if a
76 transport name of foo was used. Within the foo.conf file you
77 may put both general snmp.conf settings as well as a special
78 transport string to specify the destination to connect to. For
79 example, putting:
80 transport tcp:foo.example.com:9876
82 in the hosts/foo.conf file will make applications referencing
84 the foo hostname (e.g. snmpget) to actually connect via TCP to
85 foo.exmaple.com on port 9876.
86 defVersion (1|2c|3)
88 defines the default version of SNMP to use. This can be over‐
89 ridden using the -v option.
90 defCommunity STRING
92 defines the default community to use for SNMPv1 and SNMPv2c
93 requests. This can be overridden using the -c option.
94 alias NAME DEFINITION
96 Creates an aliased tied to NAME for a given transport defini‐
97 tion. The alias can the be referred to using an alias: prefix.
98 Eg, a line of "alias here udp:127.0.0.1:6161" would allow you to
99 use a destination host of "alias:here" instead of
100 "udp:127.0.0.1:6161". This becomes more useful with complex
101 transport addresses involving IPv6 addresses, etc.
102 dumpPacket yes
104 defines whether to display a hexadecimal dump of the raw SNMP
105 requests sent and received by the application. This is equiva‐
106 lent to the -d option.
107 doDebugging (1|0)
109 turns on debugging for all applications run if set to 1.
110 debugTokens TOKEN[,TOKEN...]
112 defines the debugging tokens that should be turned on when doDe‐
113 bugging is set. This is equivalent to the -D option.
114 debugLogLevel (emerg|alert|crit|err|warning|notice|info|debug)
116 Set the priority level for logging of debug output. Defaults to
117 debug.
118 16bitIDs yes
120 restricts requestIDs, etc to 16-bit values.
121 The SNMP specifications define these ID fields as 32-bit quanti‐
123 ties, and the Net-SNMP library typically initialises them to
124 random values for security. However certain (broken) agents
125 cannot handle ID values greater than 2^16 - this option allows
126 interoperability with such agents.
127 clientaddr [<transport-specifier>:]<transport-address>
129 specifies the source address to be used by command-line applica‐
130 tions when sending SNMP requests. See snmpcmd(1) for more infor‐
131 mation about the format of addresses.
132 This value is also used by snmpd when generating notifications.
134 clientaddrUsesPort no
136 specifies, if clientaddr option contains a port number. Set this
137 option to "yes", if clientaddr contains a port number and this
138 port should be used for sending outgoing SNMP requests.
139 clientRecvBuf INTEGER
141 specifies the desired size of the buffer to be used when receiv‐
142 ing responses to SNMP requests. If the OS hard limit is lower
143 than the clientRecvBuf value, then this will be used instead.
144 Some platforms may decide to increase the size of the buffer
145 actually used for internal housekeeping.
146 This directive will be ignored if the platforms does not support
148 setsockopt().
149 clientSendBuf INTEGER
151 is similar to clientRecvBuf, but applies to the size of the buf‐
152 fer used when sending SNMP requests.
153 noRangeCheck yes
155 disables the validation of varbind values against the MIB defi‐
156 nition for the relevant OID. This is equivalent to the -Ir
157 option.
158 This directive is primarily relevant to the snmpset command, but
160 will also apply to any application that calls snmp_add_var()
161 with a non-NULL value.
162 noTokenWarnings
164 disables warnings about unknown config file tokens.
165 reverseEncodeBER (1|yes|true|0|no|false)
167 controls how the encoding of SNMP requests is handled.
168 The default behaviour is to encode packets starting from the end
170 of the PDU and working backwards. This directive can be used to
171 disable this behaviour, and build the encoded request in the
172 (more obvious) forward direction.
173 It should not normally be necessary to change this setting, as
175 the encoding is basically the same in either case - but working
176 backwards typically produces a slightly more efficient encoding,
177 and hence a smaller network datagram.
178 dontLoadHostConfig (1|yes|true|0|no|false)
180 Specifies whether or not the host-specific configuration files
181 are loaded. Set to "true" to turn off the loading of the host
182 specific configuration files.
183 retries INTEGER
185 Specifies the number of retries to be used in the requests.
186 timeout INTEGER
188 Specifies the timeout in seconds between retries.
189
191 disableSNMPv1 (1|yes|true|0|no|false)
192 disableSNMPv2c (1|yes|true|0|no|false)
194 Disables protocol versions at runtime. Incoming and outgoing
195 packets for the protocol will be dropped.
196
198 disableSNMPv3 (1|yes|true|0|no|false)
199 Disables protocol versions at runtime. Incoming and outgoing
200 packets for the protocol will be dropped.
201 defSecurityName STRING
203 defines the default security name to use for SNMPv3 requests.
204 This can be overridden using the -u option.
205 defSecurityLevel noAuthNoPriv|authNoPriv|authPriv
207 defines the default security level to use for SNMPv3 requests.
208 This can be overridden using the -l option.
209 If not specified, the default value for this token is noAuthNo‐
211 Priv.
212 Note: authPriv is only available if the software has been com‐
214 piled to use the OpenSSL libraries.
215 defPassphrase STRING
217 defAuthPassphrase STRING
219 defPrivPassphrase STRING
221 define the default authentication and privacy pass phrases to
222 use for SNMPv3 requests. These can be overridden using the -A
223 and -X options respectively.
224 The defPassphrase value will be used for the authentication
226 and/or privacy pass phrases if either of the other directives
227 are not specified.
228 defAuthType MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224
230 defPrivType DES|AES
232 define the default authentication and privacy protocols to use
233 for SNMPv3 requests. These can be overridden using the -a and
234 -x options respectively.
235 If not specified, SNMPv3 requests will default to MD5 authenti‐
237 cation and DES encryption.
238 Note: If the software has not been compiled to use the OpenSSL
240 libraries, then only MD5 authentication is supported.
241 Neither SHA authentication nor any form of encryption
242 will be available.
243 defContext STRING
245 defines the default context to use for SNMPv3 requests. This
246 can be overridden using the -n option.
247 If not specified, the default value for this token is the
249 default context (i.e. the empty string "").
250 defSecurityModel STRING
252 defines the security model to use for SNMPv3 requests. The
253 default value is "usm" which is the only widely used security
254 model for SNMPv3.
255 defAuthMasterKey 0xHEXSTRING
257 defPrivMasterKey 0xHEXSTRING
259 defAuthLocalizedKey 0xHEXSTRING
261 defPrivLocalizedKey 0xHEXSTRING
263 define the (hexadecimal) keys to be used for SNMPv3 secure com‐
264 munications. SNMPv3 keys are frequently derived from a
265 passphrase, as discussed in the defPassphrase section above.
266 However for improved security a truely random key can be gener‐
267 ated and used instead (which would normally has better entropy
268 than a password unless it is amazingly long). The directives
269 are equivalent to the short-form command line options -3m, -3M,
270 -3k, and -3K.
271 Localized keys are master keys which have been converted to a
273 unique key which is only suitable for on particular SNMP engine
274 (agent). The length of the key needs to be appropriate for the
275 authentication or encryption type being used (auth keys: MD5=16
276 bytes, SHA1=20 bytes; priv keys: DES=16 bytes (8 bytes of which
277 is used as an IV and not a key), and AES=16 bytes).
278 sshtosnmpsocket PATH
280 Sets the path of the sshtosnmp socket created by an application
281 (e.g. snmpd) listening for incoming ssh connections through the
282 sshtosnmp unix socket.
283 sshtosnmpsocketperms MODE [OWNER [GROUP]]
285 Sets the mode, owner and group of the sshtosnmp socket created
286 by an application (e.g. snmpd) listening for incoming ssh con‐
287 nections through the sshtosnmp unix socket. The socket needs to
288 be read/write privileged for SSH users that are allowed to con‐
289 nect to the SNMP service (VACM access still needs to be granted
290 as well, most likely through the TSM security model).
291 sshusername NAME
293 Sets the SSH user name for logging into the remote system.
294 sshpubkey FILE
296 Set the public key file to use when connecting to a remote sys‐
297 tem.
298 sshprivkey FILE
300 Set the private key file to use when connecting to a remote sys‐
301 tem.
302
304 persistentDir DIRECTORY
305 defines the directory where snmpd and snmptrapd store persistent
306 configuration settings.
307 If not specified, the persistent directory defaults to
309 /var/lib/net-snmp
310 noPersistentLoad yes
312 noPersistentSave yes
314 disable the loading and saving of persistent configuration
315 information.
316 Note: This will break SNMPv3 operations (and other behaviour
318 that relies on changes persisting across application
319 restart). Use With Care.
320 tempFilePattern PATTERN
322 defines a filename template for creating temporary files, for
323 handling input to and output from external shell commands. Used
324 by the mkstemp() and mktemp() functions.
325 If not specified, the default pattern is "/var/run/net-
327 snmp/snmp-tmp-XXXXXX".
328 serverRecvBuf INTEGER
330 specifies the desired size of the buffer to be used when receiv‐
331 ing incoming SNMP requests. If the OS hard limit is lower than
332 the serverRecvBuf value, then this will be used instead. Some
333 platforms may decide to increase the size of the buffer actually
334 used for internal housekeeping.
335 This directive will be ignored if the platforms does not support
337 setsockopt().
338 serverSendBuf INTEGER
340 is similar to serverRecvBuf, but applies to the size of the buf‐
341 fer used when sending SNMP responses.
342 sourceFilterType none|whitelist|blacklist
344 specifies whether or not addresses added with sourceFilterAd‐
345 dress are whitelisted or blacklisted. The default is none, indi‐
346 cating that incoming packets will not be checked agains the fil‐
347 ter list.
348 sourceFilterAddress ADDRESS
350 specifies an address to be added to the source address filter
351 list. sourceFilterType configuration determines whether or not
352 addresses are whitelisted or blacklisted.
353
355 mibdirs DIRLIST
356 specifies a list of directories to search for MIB files. This
357 operates in the same way as the -M option - see snmpcmd(1) for
358 details. Note that this value can be overridden by the MIBDIRS
359 environment variable, and the -M option.
360 mibs MIBLIST
362 specifies a list of MIB modules (not files) that should be
363 loaded. This operates in the same way as the -m option - see
364 snmpcmd(1) for details. Note that this list can be overridden
365 by the MIBS environment variable, and the -m option.
366 mibfile FILE
368 specifies a (single) MIB file to load, in addition to the list
369 read from the mibs token (or equivalent configuration). Note
370 that this value can be overridden by the MIBFILES environment
371 variable.
372 showMibErrors (1|yes|true|0|no|false)
374 whether to display MIB parsing errors.
375 commentToEOL (1|yes|true|0|no|false)
377 whether MIB parsing should be strict about comment termination.
378 Many MIB writers assume that ASN.1 comments extend to the end of
379 the text line, rather than being terminated by the next "--"
380 token. This token can be used to accept such (strictly incor‐
381 rect) MIBs.
382 Note that this directive was previous (mis-)named strictComment‐
383 Term, but with the reverse behaviour from that implied by the
384 name. This earlier token is still accepted for backwards com‐
385 patibility.
386 mibAllowUnderline (1|yes|true|0|no|false)
388 whether to allow underline characters in MIB object names and
389 enumeration values. This token can be used to accept such
390 (strictly incorrect) MIBs.
391 mibWarningLevel INTEGER
393 the minimum warning level of the warnings printed by the MIB
394 parser.
395
397 logTimestamp (1|yes|true|0|no|false)
398 Whether the commands should log timestamps with their error/mes‐
399 sage logging or not. Note that output will not look as pretty
400 with timestamps if the source code that is doing the logging
401 does incremental logging of messages that are not line buffered
402 before being passed to the logging routines. This option is
403 only used when file logging is active.
404 printNumericEnums (1|yes|true|0|no|false)
406 Equivalent to -Oe.
407 printNumericOids (1|yes|true|0|no|false)
409 Equivalent to -On.
410 dontBreakdownOids (1|yes|true|0|no|false)
412 Equivalent to -Ob.
413 escapeQuotes (1|yes|true|0|no|false)
415 Equivalent to -OE.
416 quickPrinting (1|yes|true|0|no|false)
418 Equivalent to -Oq.
419 printValueOnly (1|yes|true|0|no|false)
421 Equivalent to -Ov.
422 dontPrintUnits (1|yes|true|0|no|false)
424 Equivalent to -OU.
425 numericTimeticks (1|yes|true|0|no|false)
427 Equivalent to -Ot.
428 printHexText (1|yes|true|0|no|false)
430 Equivalent to -OT.
431 hexOutputLength integer
433 Specifies where to break up the output of hexadecimal strings.
434 Set to 0 to disable line breaks. Defaults to 16.
435 suffixPrinting (0|1|2)
437 The value 1 is equivalent to -Os and the value 2 is equivalent
438 to -OS.
439 oidOutputFormat (1|2|3|4|5|6)
441 Maps -O options as follow: -Os=1, -OS=2, -Of=3, -On=4, -Ou=5.
442 The value 6 has no matching -O option. It suppresses output.
443 extendedIndex (1|yes|true|0|no|false)
445 Equivalent to -OX.
446 noDisplayHint (1|yes|true|0|no|false)
448 Disables the use of DISPLAY-HINT information when parsing
449 indices and values to set. Equivalent to -Ih.
450 outputPrecision PRECISION
452 Uses the PRECISION string to allow modification of the value
453 output format. See snmpcmd(1) for details. Equivalent to -Op
454 (which takes precedence over the config file).
455
457 System-wide configuration files:
458 /etc/snmp/snmp.conf
459 /etc/snmp/snmp.local.conf
460 User-specific configuration settings:
462 $HOME/.snmp/snmp.conf
463 $HOME/.snmp/snmp.local.conf
464 Destination host specific files:
466 /etc/snmp/hosts/HOSTNAME.conf
467 $HOME/.snmp/hosts/HOSTNAME.conf
468
471 snmp_config(5), netsnmp_config_api(3), snmpcmd(1).
472V5.8 21 Apr 2010 SNMP.CONF(5)