1SNMP.CONF(5) Net-SNMP SNMP.CONF(5)
2
3
4
6 snmp.conf - configuration files for the Net-SNMP applications
7
9 Applications built using the Net-SNMP libraries typically use one or
10 more configuration files to control various aspects of their operation.
11 These files (snmp.conf and snmp.local.conf) can be located in one of
12 several locations, as described in the snmp_config(5) manual page.
13
14 In particular, /etc/snmp/snmp.conf is a common file, containing the
15 settings shared by all users of the system. ~/.snmp/snmp.conf is a
16 personal file, with the settings specific to a particular user.
17
19 Several of these directives may contain sensitive information (such as
20 pass phrases). Configuration files that include such settings should
21 only be readable by the user concerned.
22
23 As well as application-specific configuration tokens, there are several
24 directives that relate to standard library behaviour, relevant to most
25 Net-SNMP applications. Many of these correspond to standard command-
26 line options, which are described in the snmpcmd(1) manual page.
27
28 These directives can be divided into several distinct groups.
29
31 defDomain application domain
32 The transport domain that should be used for a certain applica‐
33 tion type unless something else is specified.
34
35 defTarget application domain target
36 The target that should be used for connections to a certain
37 application if the connection should be in a specific domain.
38
39 defaultPort PORT
40 defines the default UDP port that client SNMP applications will
41 attempt to connect to. This can be overridden by explicitly
42 including a port number in the AGENT specification. See the
43 snmpcmd(1) manual page for more details.
44
45 If not specified, the default value for this token is 161.
46
47 defVersion (1|2c|3)
48 defines the default version of SNMP to use. This can be over‐
49 ridden using the -v option.
50
51 defCommunity STRING
52 defines the default community to use for SNMPv1 and SNMPv2c
53 requests. This can be overridden using the -c option.
54
55 alias NAME DEFINITION
56 Creates an aliased tied to NAME for a given transport defini‐
57 tion. The alias can the be referred to using an alias: prefix.
58 Eg, a line of "alias here udp:127.0.0.1:6161" would allow you to
59 use a destination host of "alias:here" instead of
60 "udp:127.0.0.1:6161". This becomes more useful with complex
61 transport addresses involving IPv6 addresses, etc.
62
63 dumpPacket yes
64 defines whether to display a hexadecimal dump of the raw SNMP
65 requests sent and received by the application. This is equiva‐
66 lent to the -d option.
67
68 doDebugging (1|0)
69 turns on debugging for all applications run if set to 1.
70
71 debugTokens TOKEN[,TOKEN...]
72 defines the debugging tokens that should be turned on when doDe‐
73 bugging is set. This is equivalent to the -D option.
74
75 16bitIDs yes
76 restricts requestIDs, etc to 16-bit values.
77
78 The SNMP specifications define these ID fields as 32-bit quanti‐
79 ties, and the Net-SNMP library typically initialises them to
80 random values for security. However certain (broken) agents
81 cannot handle ID values greater than 2^16 - this option allows
82 interoperability with such agents.
83
84 clientaddr [<transport-specifier>:]<transport-address>
85 specifies the source address to be used by command-line applica‐
86 tions when sending SNMP requests. See snmpcmd(1) for more infor‐
87 mation about the format of addresses.
88
89 This value is also used by snmpd when generating notifications.
90
91 clientRecvBuf INTEGER
92 specifies the desired size of the buffer to be used when receiv‐
93 ing responses to SNMP requests. If the OS hard limit is lower
94 than the clientRecvBuf value, then this will be used instead.
95 Some platforms may decide to increase the size of the buffer
96 actually used for internal housekeeping.
97
98 This directive will be ignored if the platforms does not support
99 setsockopt().
100
101 clientSendBuf INTEGER
102 is similar to clientRecvBuf, but applies to the size of the buf‐
103 fer used when sending SNMP requests.
104
105 noRangeCheck yes
106 disables the validation of varbind values against the MIB defi‐
107 nition for the relevant OID. This is equivalent to the -Ir
108 option.
109
110 This directive is primarily relevant to the snmpset command, but
111 will also apply to any application that calls snmp_add_var()
112 with a non-NULL value.
113
114 noTokenWarnings
115 disables warnings about unknown config file tokens.
116
117 reverseEncodeBER (1|yes|true|0|no|false)
118 controls how the encoding of SNMP requests is handled.
119
120 The default behaviour is to encode packets starting from the end
121 of the PDU and working backwards. This directive can be used to
122 disable this behaviour, and build the encoded request in the
123 (more obvious) forward direction.
124
125 It should not normally be necessary to change this setting, as
126 the encoding is basically the same in either case - but working
127 backwards typically produces a slightly more efficient encoding,
128 and hence a smaller network datagram.
129
131 defSecurityName STRING
132 defines the default security name to use for SNMPv3 requests.
133 This can be overridden using the -u option.
134
135 defSecurityLevel noAuthNoPriv|authNoPriv|authPriv
136 defines the default security level to use for SNMPv3 requests.
137 This can be overridden using the -l option.
138
139 If not specified, the default value for this token is noAuthNo‐
140 Priv.
141
142 Note: authPriv is only available if the software has been com‐
143 piled to use the OpenSSL libraries.
144
145 defPassphrase STRING
146
147 defAuthPassphrase STRING
148
149 defPrivPassphrase STRING
150 define the default authentication and privacy pass phrases to
151 use for SNMPv3 requests. These can be overridden using the -A
152 and -X options respectively.
153
154 The defPassphrase value will be used for the authentication
155 and/or privacy pass phrases if either of the other directives
156 are not specified.
157
158 defAuthType MD5|SHA
159
160 defPrivType DES|AES
161 define the default authentication and privacy protocols to use
162 for SNMPv3 requests. These can be overridden using the -a and
163 -x options respectively.
164
165 If not specified, SNMPv3 requests will default to MD5 authenti‐
166 cation and DES encryption.
167
168 Note: If the software has not been compiled to use the OpenSSL
169 libraries, then only MD5 authentication is supported.
170 Neither SHA authentication nor any form of encryption
171 will be available.
172
173 defContext STRING
174 defines the default context to use for SNMPv3 requests. This
175 can be overridden using the -n option.
176
177 If not specified, the default value for this token is the
178 default context (i.e. the empty string "").
179
180 defSecurityModel STRING
181 defines the security model to use for SNMPv3 requests. The
182 default value is "usm" which is the only widely used security
183 model for SNMPv3.
184
185 defAuthMasterKey 0xHEXSTRING
186
187 defPrivMasterKey 0xHEXSTRING
188
189 defAuthLocalizedKey 0xHEXSTRING
190
191 defPrivLocalizedKey 0xHEXSTRING
192 define the (hexadecimal) keys to be used for SNMPv3 secure com‐
193 munications. SNMPv3 keys are frequently derived from a
194 passphrase, as discussed in the defPassphrase section above.
195 However for improved security a truely random key can be gener‐
196 ated and used instead (which would normally has better entropy
197 than a password unless it is amazingly long). The directives
198 are equivalent to the short-form command line options -3m, -3M,
199 -3k, and -3K.
200
201 Localized keys are master keys which have been converted to a
202 unique key which is only suitable for on particular SNMP engine
203 (agent). The length of the key needs to be appropriate for the
204 authentication or encryption type being used (auth keys: MD5=16
205 bytes, SHA1=20 bytes; priv keys: DES=16 bytes (8 bytes of which
206 is used as an IV and not a key), and AES=16 bytes).
207
208 sshtosnmpsocketperms PATH
209 Sets the path of the sshtosnmp socket created by an application
210 (e.g. snmpd) listening for incoming ssh connections through the
211 sshtosnmp unix socket.
212
213 sshtosnmpsocketperms MODE [OWNER [GROUP]]
214 Sets the mode, owner and group of the sshtosnmp socket created
215 by an application (e.g. snmpd) listening for incoming ssh con‐
216 nections through the sshtosnmp unix socket. The socket needs to
217 be read/write privileged for SSH users that are allowed to con‐
218 nect to the SNMP service (VACM access still needs to be granted
219 as well, most likely through the TSM security model).
220
222 persistentDir DIRECTORY
223 defines the directory where snmpd and snmptrapd store persistent
224 configuration settings.
225
226 If not specified, the persistent directory defaults to
227 /var/lib/net-snmp
228
229 noPersistentLoad yes
230
231 noPersistentSave yes
232 disable the loading and saving of persistent configuration
233 information.
234
235 Note: This will break SNMPv3 operations (and other behaviour
236 that relies on changes persisting across application
237 restart). Use With Care.
238
239 tempFilePattern PATTERN
240 defines a filename template for creating temporary files, for
241 handling input to and output from external shell commands. Used
242 by the mkstemp() and mktemp() functions.
243
244 If not specified, the default pattern is "/var/run/net-
245 snmp/snmp-tmp-XXXXXX".
246
247 serverRecvBuf INTEGER
248 specifies the desired size of the buffer to be used when receiv‐
249 ing incoming SNMP requests. If the OS hard limit is lower than
250 the serverRecvBuf value, then this will be used instead. Some
251 platforms may decide to increase the size of the buffer actually
252 used for internal housekeeping.
253
254 This directive will be ignored if the platforms does not support
255 setsockopt().
256
257 serverSendBuf INTEGER
258 is similar to serverRecvBuf, but applies to the size of the buf‐
259 fer used when sending SNMP responses.
260
262 mibdirs DIRLIST
263 specifies a list of directories to search for MIB files. This
264 operates in the same way as the -M option - see snmpcmd(1) for
265 details. Note that this value can be overridden by the MIBDIRS
266 environment variable, and the -M option.
267
268 mibs MIBLIST
269 specifies a list of MIB modules (not files) that should be
270 loaded. This operates in the same way as the -m option - see
271 snmpcmd(1) for details. Note that this list can be overridden
272 by the MIBS environment variable, and the -m option.
273
274 mibfile FILE
275 specifies a (single) MIB file to load, in addition to the list
276 read from the mibs token (or equivalent configuration). Note
277 that this value can be overridden by the MIBFILES environment
278 variable.
279
280 showMibErrors (1|yes|true|0|no|false)
281 whether to display MIB parsing errors.
282
283 commentToEOL (1|yes|true|0|no|false)
284 whether MIB parsing should be strict about comment termination.
285 Many MIB writers assume that ASN.1 comments extend to the end of
286 the text line, rather than being terminated by the next "--"
287 token. This token can be used to accept such (strictly incor‐
288 rect) MIBs.
289 Note that this directive was previous (mis-)named strictComment‐
290 Term, but with the reverse behaviour from that implied by the
291 name. This earlier token is still accepted for backwards com‐
292 patibility.
293
294 mibAllowUnderline (1|yes|true|0|no|false)
295 whether to allow underline characters in MIB object names and
296 enumeration values. This token can be used to accept such
297 (strictly incorrect) MIBs.
298
299 mibWarningLevel INTEGER
300 the minimum warning level of the warnings printed by the MIB
301 parser.
302
304 logTimestamp (1|yes|true|0|no|false)
305 Whether the commands should log timestamps with their error/mes‐
306 sage logging or not. Note that output will not look as pretty
307 with timestamps if the source code that is doing the logging
308 does incremental logging of messages that are not line buffered
309 before being passed to the logging routines. This option is
310 only used when file logging is active.
311
312 printNumericEnums (1|yes|true|0|no|false)
313 Equivalent to -Oe.
314
315 printNumericOids (1|yes|true|0|no|false)
316 Equivalent to -On.
317
318 dontBreakdownOids (1|yes|true|0|no|false)
319 Equivalent to -Ob.
320
321 escapeQuotes (1|yes|true|0|no|false)
322 Equivalent to -OE.
323
324 quickPrinting (1|yes|true|0|no|false)
325 Equivalent to -Oq.
326
327 printValueOnly (1|yes|true|0|no|false)
328 Equivalent to -Ov.
329
330 dontPrintUnits (1|yes|true|0|no|false)
331 Equivalent to -OU.
332
333 numericTimeticks (1|yes|true|0|no|false)
334 Equivalent to -Ot.
335
336 printHexText (1|yes|true|0|no|false)
337 Equivalent to -OT.
338
339 hexOutputLength integer
340 Specifies where to break up the output of hexadecimal strings.
341 Set to 0 to disable line breaks. Defaults to 16.
342
343 suffixPrinting (0|1|2)
344 The value 1 is equivalent to -Os and the value 2 is equivalent
345 to -OS.
346
347 oidOutputFormat (1|2|3|4|5|6)
348 Maps -O options as follow: -Os=1, -OS=2, -Of=3, -On=4, -Ou=5.
349 The value 6 has no matching -O option. It suppresses output.
350
351 extendedIndex (1|yes|true|0|no|false)
352 Equivalent to -OX.
353
354 noDisplayHint (1|yes|true|0|no|false)
355 Disables the use of DISPLAY-HINT information when parsing
356 indices and values to set. Equivalent to -Ih.
357
359 /etc/snmp/snmp.conf, /etc/snmp/snmp.local.conf - common configuration
360 settings
361 ~/.snmp/snmp.conf - user-specific configuration settings
362
364 snmp_config(5), read_config(3), snmpcmd(1).
365
366
367
3684th Berkeley Distribution 29 Jun 2005 SNMP.CONF(5)