1SNMP.CONF(5) Net-SNMP SNMP.CONF(5)
2
6 snmp.conf - configuration files for the Net-SNMP applications
7
9 Applications built using the Net-SNMP libraries typically use one or
10 more configuration files to control various aspects of their operation.
11 These files (snmp.conf and snmp.local.conf) can be located in one of
12 several locations, as described in the snmp_config(5) manual page.
13 In particular, /etc/snmp/snmp.conf is a common file, containing the
15 settings shared by all users of the system. ~/.snmp/snmp.conf is a
16 personal file, with the settings specific to a particular user.
17
19 Several of these directives may contain sensitive information (such as
20 pass phrases). Configuration files that include such settings should
21 only be readable by the user concerned.
22 As well as application-specific configuration tokens, there are several
24 directives that relate to standard library behaviour, relevant to most
25 Net-SNMP applications. Many of these correspond to standard command-
26 line options, which are described in the snmpcmd(1) manual page.
27 These directives can be divided into several distinct groups.
29
31 defDomain application domain
32 The transport domain that should be used for a certain applica‐
33 tion type unless something else is specified.
34 defTarget application domain target
36 The target that should be used for connections to a certain
37 application if the connection should be in a specific domain.
38 defaultPort PORT
40 defines the default UDP port that client SNMP applications will
41 attempt to connect to. This can be overridden by explicitly
42 including a port number in the AGENT specification. See the
43 snmpcmd(1) manual page for more details.
44 If not specified, the default value for this token is 161.
46 defVersion (1|2c|3)
48 defines the default version of SNMP to use. This can be over‐
49 ridden using the -v option.
50 defCommunity STRING
52 defines the default community to use for SNMPv1 and SNMPv2c
53 requests. This can be overridden using the -c option.
54 dumpPacket yes
56 defines whether to display a hexadecimal dump of the raw SNMP
57 requests sent and received by the application. This is equiva‐
58 lent to the -d option.
59 doDebugging (1|0)
61 turns on debugging for all applications run if set to 1.
62 debugTokens TOKEN[,TOKEN...]
64 defines the debugging tokens that should be turned on when doDe‐
65 bugging is set. This is equivalent to the -D option.
66 16bitIDs yes
68 restricts requestIDs, etc to 16-bit values.
69 The SNMP specifications define these ID fields as 32-bit quanti‐
71 ties, and the Net-SNMP library typically initialises them to
72 random values for security. However certain (broken) agents
73 cannot handle ID values greater than 2^16 - this option allows
74 interoperability with such agents.
75 clientaddr [<transport-specifier>:]<transport-address>
77 specifies the source address to be used by command-line applica‐
78 tions when sending SNMP requests. See snmpcmd(1) for more infor‐
79 mation about the format of addresses.
80 This value is also used by snmpd when generating notifications.
82 clientRecvBuf INTEGER
84 specifies the desired size of the buffer to be used when receiv‐
85 ing responses to SNMP requests. If the OS hard limit is lower
86 than the clientRecvBuf value, then this will be used instead.
87 Some platforms may decide to increase the size of the buffer
88 actually used for internal housekeeping.
89 This directive will be ignored if the platforms does not support
91 setsockopt().
92 clientSendBuf INTEGER
94 is similar to clientRecvBuf, but applies to the size of the buf‐
95 fer used when sending SNMP requests.
96 noRangeCheck yes
98 disables the validation of varbind values against the MIB defi‐
99 nition for the relevant OID. This is equivalent to the -Ir
100 option.
101 This directive is primarily relevant to the snmpset command, but
103 will also apply to any application that calls snmp_add_var()
104 with a non-NULL value.
105 noTokenWarnings
107 disables warnings about unknown config file tokens.
108 reverseEncodeBER (1|yes|true|0|no|false)
110 controls how the encoding of SNMP requests is handled.
111 The default behaviour is to encode packets starting from the end
113 of the PDU and working backwards. This directive can be used to
114 disable this behaviour, and build the encoded request in the
115 (more obvious) forward direction.
116 It should not normally be necessary to change this setting, as
118 the encoding is basically the same in either case - but working
119 backwards typically produces a slightly more efficient encoding,
120 and hence a smaller network datagram.
121
123 defSecurityName STRING
124 defines the default security name to use for SNMPv3 requests.
125 This can be overridden using the -u option.
126 defSecurityLevel noAuthNoPriv|authNoPriv|authPriv
128 defines the default security level to use for SNMPv3 requests.
129 This can be overridden using the -l option.
130 If not specified, the default value for this token is noAuthNo‐
132 Priv.
133 Note: authPriv is only available if the software has been com‐
135 piled to use the OpenSSL libraries.
136 defPassphrase STRING
138 defAuthPassphrase STRING
140 defPrivPassphrase STRING
142 define the default authentication and privacy pass phrases to
143 use for SNMPv3 requests. These can be overridden using the -A
144 and -X options respectively.
145 The defPassphrase value will be used for the authentication
147 and/or privacy pass phrases if either of the other directives
148 are not specified.
149 defAuthType MD5|SHA
151 defPrivType DES|AES
153 define the default authentication and privacy protocols to use
154 for SNMPv3 requests. These can be overridden using the -a and
155 -x options respectively.
156 If not specified, SNMPv3 requests will default to MD5 authenti‐
158 cation and DES encryption.
159 Note: If the software has not been compiled to use the OpenSSL
161 libraries, then only MD5 authentication is supported.
162 Neither SHA authentication nor any form of encryption
163 will be available.
164 defContext STRING
166 defines the default context to use for SNMPv3 requests. This
167 can be overridden using the -n option.
168 If not specified, the default value for this token is the
170 default context (i.e. the empty string "").
171 defSecurityModel STRING
173 defines the security model to use for SNMPv3 requests. The
174 default value is "usm" which is the only widely used security
175 model for SNMPv3.
176 defAuthMasterKey 0xHEXSTRING
178 defPrivMasterKey 0xHEXSTRING
180 defAuthLocalizedKey 0xHEXSTRING
182 defPrivLocalizedKey 0xHEXSTRING
184 define the (hexadecimal) keys to be used for SNMPv3 secure com‐
185 munications. SNMPv3 keys are frequently derived from a
186 passphrase, as discussed in the defPassphrase section above.
187 However for improved security a truely random key can be gener‐
188 ated and used instead (which would normally has better entropy
189 than a password unless it is amazingly long). The directives
190 are equivalent to the short-form command line options -3m, -3M,
191 -3k, and -3K.
192 Localized keys are master keys which have been converted to a
194 unique key which is only suitable for on particular SNMP engine
195 (agent). The length of the key needs to be appropriate for the
196 authentication or encryption type being used (auth keys: MD5=16
197 bytes, SHA1=20 bytes; priv keys: DES=16 bytes (8 bytes of which
198 is used as an IV and not a key), and AES=16 bytes).
199
201 persistentDir DIRECTORY
202 defines the directory where snmpd and snmptrapd store persistent
203 configuration settings.
204 If not specified, the persistent directory defaults to /var/net-
206 snmp
207 noPersistentLoad yes
209 noPersistentSave yes
211 disable the loading and saving of persistent configuration
212 information.
213 Note: This will break SNMPv3 operations (and other behaviour
215 that relies on changes persisting across application
216 restart). Use With Care.
217 tempFilePattern PATTERN
219 defines a filename template for creating temporary files, for
220 handling input to and output from external shell commands. Used
221 by the mkstemp() and mktemp() functions.
222 If not specified, the default pattern is /tmp/snmpdXXXXXX.
224 serverRecvBuf INTEGER
226 specifies the desired size of the buffer to be used when receiv‐
227 ing incoming SNMP requests. If the OS hard limit is lower than
228 the serverRecvBuf value, then this will be used instead. Some
229 platforms may decide to increase the size of the buffer actually
230 used for internal housekeeping.
231 This directive will be ignored if the platforms does not support
233 setsockopt().
234 serverSendBuf INTEGER
236 is similar to serverRecvBuf, but applies to the size of the buf‐
237 fer used when sending SNMP responses.
238
240 mibdirs DIRLIST
241 specifies a list of directories to search for MIB files. This
242 operates in the same way as the -M option - see snmpcmd(1) for
243 details. Note that this value can be overridden by the MIBDIRS
244 environment variable, and the -M option.
245 mibs MIBLIST
247 specifies a list of MIB modules (not files) that should be
248 loaded. This operates in the same way as the -m option - see
249 snmpcmd(1) for details. Note that this list can be overridden
250 by the MIBS environment variable, and the -m option.
251 mibfile FILE
253 specifies a (single) MIB file to load, in addition to the list
254 read from the mibs token (or equivalent configuration). Note
255 that this value can be overridden by the MIBFILES environment
256 variable.
257 showMibErrors (1|yes|true|0|no|false)
259 whether to display MIB parsing errors.
260 strictCommentTerm (1|yes|true|0|no|false)
262 whether MIB parsing should be strict about comment termination.
263 Many MIB writers assume that ASN.1 comments extend to the end of
264 the text line, rather than being terminated by the next "--"
265 token. This token can be used to accept such (strictly incor‐
266 rect) MIBs.
267 mibAllowUnderline (1|yes|true|0|no|false)
269 whether to allow underline characters in MIB object names and
270 enumeration values. This token can be used to accept such
271 (strictly incorrect) MIBs.
272 mibWarningLevel INTEGER
274 the minimum warning level of the warnings printed by the MIB
275 parser.
276
278 logTimestamp (1|yes|true|0|no|false)
279 Whether the commands should log timestamps with their error/mes‐
280 sage logging or not. Note that output will not look as pretty
281 with timestamps if the source code that is doing the logging
282 does incremental logging of messages that are not line buffered
283 before being passed to the logging routines. This option is
284 only used when file logging is active.
285 printNumericEnums (1|yes|true|0|no|false)
287 Equivalent to -Oe.
288 printNumericOids (1|yes|true|0|no|false)
290 Equivalent to -On.
291 dontBreakdownOids (1|yes|true|0|no|false)
293 Equivalent to -Ob.
294 escapeQuotes (1|yes|true|0|no|false)
296 Equivalent to -OE.
297 quickPrinting (1|yes|true|0|no|false)
299 Equivalent to -Oq.
300 printValueOnly (1|yes|true|0|no|false)
302 Equivalent to -Ov.
303 dontPrintUnits (1|yes|true|0|no|false)
305 Equivalent to -OU.
306 numericTimeticks (1|yes|true|0|no|false)
308 Equivalent to -Ot.
309 printHexText (1|yes|true|0|no|false)
311 Equivalent to -OT.
312 hexOutputLength integer
314 Specifies where to break up the output of hexadecimal strings.
315 Set to 0 to disable line breaks. Defaults to 16.
316 suffixPrinting (0|1|2)
318 The value 1 is equivalent to -Os and the value 2 is equivalent
319 to -OS.
320 oidOutputFormat (1|2|3|4|5|6)
322 Maps -O options as follow: -Os=1, -OS=2, -Of=3, -On=4, -Ou=5.
323 The value 6 has no matching -O option. It suppresses output.
324 extendedIndex (1|yes|true|0|no|false)
326 Equivalent to -OX.
327 noDisplayHint (1|yes|true|0|no|false)
329 Disables the use of DISPLAY-HINT information when parsing
330 indices and values to set. Equivalent to -Ih.
331
333 /etc/snmp/snmp.conf, /etc/snmp/snmp.local.conf - common configuration
334 settings
335 ~/.snmp/snmp.conf - user-specific configuration settings
336
338 snmp_config(5), read_config(3), snmpcmd(1).
3394th Berkeley Distribution 29 Jun 2005 SNMP.CONF(5)