############################################################################### # # snmpd.conf: # An example configuration file for configuring the net-snmp snmpd agent. # ############################################################################### # # This file is intended to only be as a starting point. Many more # configuration directives exist than are mentioned in this file. For # full details, see the snmpd.conf(5) manual page. # # All lines beginning with a '#' are comments and are intended for you # to read. All other lines are configuration commands for the agent. ############################################################################### # Access Control ############################################################################### # As shipped, the snmpd demon will only respond to queries on the # system mib group until this file is replaced or modified for # security purposes. Examples are shown below about how to increase the # level of access. # By far, the most common question I get about the agent is "why won't # it work?", when really it should be "how do I configure the agent to # allow me to access it?" # # By default, the agent responds to the "public" community for read # only access, if run out of the box without any configuration file in # place. The following examples show you other ways of configuring # the agent so that you can change the community names, and give # yourself write access to the mib tree as well. # # For more information, read the FAQ as well as the snmpd.conf(5) # manual page and by using the snmpconf utility. # ----------------------------------------------------------------------------- # taken from the make test stuff #rocommunity public #com2sec notConfigUser default public #group notConfigGroup v2c notConfigUser #view all included .1 80 #access notConfigGroup "" any noauth exact public none none #### # define RO community rocommunity public # First, map the community name "public" into a "security name" # sec.name source community com2sec notConfigUser default public #### # Second, map the security name into a group name: # groupName securityModel securityName group notConfigGroup v1 notConfigUser group notConfigGroup v2c notConfigUser #### # Third, create a view for us to let the group have rights to: # name incl/excl subtree mask(optional) view systemview included system #### # Finally, grant the group read-only access to the systemview view. # group context sec.model sec.level prefix read write notif access notConfigGroup "" any noauth exact systemview none none # ----------------------------------------------------------------------------- # Here is a commented out example configuration that allows less # restrictive access. # YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY # KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO # SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE. ## sec.name source community #com2sec local localhost COMMUNITY #com2sec mynetwork NETWORK/24 COMMUNITY ## group.name sec.model sec.name #group MyRWGroup any local #group MyROGroup any mynetwork # #group MyRWGroup any otherv3user #... ## incl/excl subtree mask #view all included .1 80 ## -or just the mib2 tree- #view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc ## context sec.model sec.level prefix read write notif #access MyROGroup "" any noauth 0 all none none #access MyRWGroup "" any noauth 0 all all all ############################################################################### # System contact information # # It is also possible to set the sysContact and sysLocation system # variables through the snmpd.conf file: sysdescr "Linux 2.4.x" syscontact root <root@localhost> (configure /etc/snmp/snmp.local.conf or use snmpconf) sysname Not defined (edit /etc/snmp/snmpd.conf or use snmpconf) syslocation Not defined (edit /etc/snmp/snmpd.conf or use snmpconf) # Example output of snmpwalk: # [root@oden snmp]# snmpwalk -v 2c localhost -c public system # SNMPv2-MIB::sysDescr.0 = STRING: "Linux 2.4.x" # SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 # SNMPv2-MIB::sysUpTime.0 = Timeticks: (22041) 0:03:40.41 # SNMPv2-MIB::sysContact.0 = STRING: root <root@localhost> (configure /etc/snmp/snmp.local.conf or use snmpconf) # SNMPv2-MIB::sysName.0 = STRING: Not defined (edit /etc/snmp/snmpd.conf or use snmpconf) # SNMPv2-MIB::sysLocation.0 = STRING: Not defined (edit /etc/snmp/snmpd.conf or use snmpconf) # SNMPv2-MIB::sysORLastChange.0 = Timeticks: (2) 0:00:00.02 # SNMPv2-MIB::sysORID.1 = OID: IF-MIB::ifMIB # SNMPv2-MIB::sysORID.2 = OID: SNMPv2-MIB::snmpMIB # SNMPv2-MIB::sysORID.3 = OID: TCP-MIB::tcpMIB # SNMPv2-MIB::sysORID.4 = OID: IP-MIB::ip # SNMPv2-MIB::sysORID.5 = OID: UDP-MIB::udpMIB # SNMPv2-MIB::sysORID.6 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup # SNMPv2-MIB::sysORID.7 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance # SNMPv2-MIB::sysORID.8 = OID: SNMP-MPD-MIB::snmpMPDCompliance # SNMPv2-MIB::sysORID.9 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance # SNMPv2-MIB::sysORDescr.1 = STRING: The MIB module to describe generic objects for network interface sub-layers # SNMPv2-MIB::sysORDescr.2 = STRING: The MIB module for SNMPv2 entities # SNMPv2-MIB::sysORDescr.3 = STRING: The MIB module for managing TCP implementations # SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for managing IP and ICMP implementations # SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing UDP implementations # SNMPv2-MIB::sysORDescr.6 = STRING: View-based Access Control Model for SNMP. # SNMPv2-MIB::sysORDescr.7 = STRING: The SNMP Management Architecture MIB. # SNMPv2-MIB::sysORDescr.8 = STRING: The MIB for Message Processing and Dispatching. # SNMPv2-MIB::sysORDescr.9 = STRING: The management information definitions for the SNMP User-based Security Model. # SNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00 # SNMPv2-MIB::sysORUpTime.2 = Timeticks: (0) 0:00:00.00 # SNMPv2-MIB::sysORUpTime.3 = Timeticks: (0) 0:00:00.00 # SNMPv2-MIB::sysORUpTime.4 = Timeticks: (0) 0:00:00.00 # SNMPv2-MIB::sysORUpTime.5 = Timeticks: (0) 0:00:00.00 # SNMPv2-MIB::sysORUpTime.6 = Timeticks: (0) 0:00:00.00 # SNMPv2-MIB::sysORUpTime.7 = Timeticks: (2) 0:00:00.02 # SNMPv2-MIB::sysORUpTime.8 = Timeticks: (2) 0:00:00.02 # SNMPv2-MIB::sysORUpTime.9 = Timeticks: (2) 0:00:00.02 # ----------------------------------------------------------------------------- ############################################################################### # Process checks. # # The following are examples of how to use the agent to check for # processes running on the host. The syntax looks something like: # # proc NAME [MAX=0] [MIN=0] # # NAME: the name of the process to check for. It must match # exactly (ie, http will not find httpd processes). # MAX: the maximum number allowed to be running. Defaults to 0. # MIN: the minimum number to be running. Defaults to 0. # # Examples (commented out by default): # # Make sure mountd is running proc mountd # Make sure there are no more than 4 ntalkds running, but 0 is ok too. proc ntalkd 4 # Make sure at least one postfix, but less than or equal to 10 are running. proc postfix 10 1 # Make sure at least one sshd, but less than or equal to 100 are running. proc /usr/sbin/sshd 100 0 # Make sure at least one httpd, but less than or equal to 100 are running. proc httpd 100 0 # A snmpwalk of the process mib tree would look something like this: # # [root@oden snmp]# snmpwalk -v 2c localhost -c public .1.3.6.1.4.1.2021.2 # UCD-SNMP-MIB::prIndex.1 = INTEGER: 1 # UCD-SNMP-MIB::prIndex.2 = INTEGER: 2 # UCD-SNMP-MIB::prIndex.3 = INTEGER: 3 # UCD-SNMP-MIB::prIndex.4 = INTEGER: 4 # UCD-SNMP-MIB::prIndex.5 = INTEGER: 5 # UCD-SNMP-MIB::prNames.1 = STRING: mountd # UCD-SNMP-MIB::prNames.2 = STRING: ntalkd # UCD-SNMP-MIB::prNames.3 = STRING: postfix # UCD-SNMP-MIB::prNames.4 = STRING: /usr/sbin/sshd # UCD-SNMP-MIB::prNames.5 = STRING: httpd # UCD-SNMP-MIB::prMin.1 = INTEGER: 0 # UCD-SNMP-MIB::prMin.2 = INTEGER: 0 # UCD-SNMP-MIB::prMin.3 = INTEGER: 1 # UCD-SNMP-MIB::prMin.4 = INTEGER: 0 # UCD-SNMP-MIB::prMin.5 = INTEGER: 0 # UCD-SNMP-MIB::prMax.1 = INTEGER: 0 # UCD-SNMP-MIB::prMax.2 = INTEGER: 4 # UCD-SNMP-MIB::prMax.3 = INTEGER: 10 # UCD-SNMP-MIB::prMax.4 = INTEGER: 100 # UCD-SNMP-MIB::prMax.5 = INTEGER: 100 # UCD-SNMP-MIB::prCount.1 = INTEGER: 0 # UCD-SNMP-MIB::prCount.2 = INTEGER: 0 # UCD-SNMP-MIB::prCount.3 = INTEGER: 0 # UCD-SNMP-MIB::prCount.4 = INTEGER: 1 # UCD-SNMP-MIB::prCount.5 = INTEGER: 1 # UCD-SNMP-MIB::prErrorFlag.1 = INTEGER: 1 # UCD-SNMP-MIB::prErrorFlag.2 = INTEGER: 0 # UCD-SNMP-MIB::prErrorFlag.3 = INTEGER: 1 # UCD-SNMP-MIB::prErrorFlag.4 = INTEGER: 0 # UCD-SNMP-MIB::prErrorFlag.5 = INTEGER: 0 # UCD-SNMP-MIB::prErrMessage.1 = STRING: No mountd process running. # UCD-SNMP-MIB::prErrMessage.2 = STRING: # UCD-SNMP-MIB::prErrMessage.3 = STRING: Too few postfix running (# = 0) # UCD-SNMP-MIB::prErrMessage.4 = STRING: # UCD-SNMP-MIB::prErrMessage.5 = STRING: # UCD-SNMP-MIB::prErrFix.1 = INTEGER: 0 # UCD-SNMP-MIB::prErrFix.2 = INTEGER: 0 # UCD-SNMP-MIB::prErrFix.3 = INTEGER: 0 # UCD-SNMP-MIB::prErrFix.4 = INTEGER: 0 # UCD-SNMP-MIB::prErrFix.5 = INTEGER: 0 # UCD-SNMP-MIB::prErrFixCmd.1 = STRING: # UCD-SNMP-MIB::prErrFixCmd.2 = STRING: # UCD-SNMP-MIB::prErrFixCmd.3 = STRING: # UCD-SNMP-MIB::prErrFixCmd.4 = STRING: # UCD-SNMP-MIB::prErrFixCmd.5 = STRING: # # Note that the errorFlag for mountd is set to 1 because one is not # running (in this case an rpc.mountd is, but thats not good enough), # and the ErrMessage tells you what's wrong. The configuration # imposed in the snmpd.conf file is also shown. # # Special Case: When the min and max numbers are both 0, it assumes # you want a max of infinity and a min of 1. # # ----------------------------------------------------------------------------- ############################################################################### # Executables/scripts # # # You can also have programs run by the agent that return a single # line of output and an exit code. Here are two examples. # # exec NAME PROGRAM [ARGS ...] # # NAME: A generic name. # PROGRAM: The program to run. Include the path! # ARGS: optional arguments to be passed to the program # a simple hello world exec echotest /bin/echo hello world # Run a shell script containing: # # #!/bin/sh # echo hello world # echo hi there # exit 35 # # Note: this has been specifically commented out to prevent # accidental security holes due to someone else on your system writing # a /tmp/shtest before you do. Uncomment to use it. # #exec shelltest /bin/sh /tmp/shtest # [root@oden snmp]# snmpwalk -v 2c localhost -c public .1.3.6.1.4.1.2021.8 # UCD-SNMP-MIB::extIndex.1 = INTEGER: 1 # UCD-SNMP-MIB::extNames.1 = STRING: echotest # UCD-SNMP-MIB::extCommand.1 = STRING: /bin/echo hello world # UCD-SNMP-MIB::extResult.1 = INTEGER: 0 # UCD-SNMP-MIB::extOutput.1 = STRING: hello world # UCD-SNMP-MIB::extErrFix.1 = INTEGER: 0 # UCD-SNMP-MIB::extErrFixCmd.1 = STRING: # Note that the second line of the /tmp/shtest shell script is cut # off. Also note that the exit status of 35 was returned. # ----------------------------------------------------------------------------- ############################################################################### # disk checks # # The agent can check the amount of available disk space, and make # sure it is above a set limit. # disk PATH [MIN=100000] # # PATH: mount path to the disk in question. # MIN: Disks with space below this value will have the Mib's errorFlag set. # Default value = 100000. # Check the / partition and make sure it contains at least 10 megs. disk / 10000 # [root@oden snmp]# snmpwalk -v 2c localhost -c public .1.3.6.1.4.1.2021.9 # UCD-SNMP-MIB::dskIndex.1 = INTEGER: 1 # UCD-SNMP-MIB::dskPath.1 = STRING: / # UCD-SNMP-MIB::dskDevice.1 = STRING: /dev/hda7 # UCD-SNMP-MIB::dskMinimum.1 = INTEGER: 10000 # UCD-SNMP-MIB::dskMinPercent.1 = INTEGER: -1 # UCD-SNMP-MIB::dskTotal.1 = INTEGER: 497829 # UCD-SNMP-MIB::dskAvail.1 = INTEGER: 351547 # UCD-SNMP-MIB::dskUsed.1 = INTEGER: 120580 # UCD-SNMP-MIB::dskPercent.1 = INTEGER: 26 # UCD-SNMP-MIB::dskPercentNode.1 = INTEGER: 20 # UCD-SNMP-MIB::dskErrorFlag.1 = INTEGER: 0 # UCD-SNMP-MIB::dskErrorMsg.1 = STRING: # ----------------------------------------------------------------------------- ############################################################################### # load average checks # # load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0] # # 1MAX: If the 1 minute load average is above this limit at query # time, the errorFlag will be set. # 5MAX: Similar, but for 5 min average. # 15MAX: Similar, but for 15 min average. # Check for loads: load 12 14 14 # [root@oden snmp]# snmpwalk -v 2c localhost -c public .1.3.6.1.4.1.2021.10 # UCD-SNMP-MIB::laIndex.1 = INTEGER: 1 # UCD-SNMP-MIB::laIndex.2 = INTEGER: 2 # UCD-SNMP-MIB::laIndex.3 = INTEGER: 3 # UCD-SNMP-MIB::laNames.1 = STRING: Load-1 # UCD-SNMP-MIB::laNames.2 = STRING: Load-5 # UCD-SNMP-MIB::laNames.3 = STRING: Load-15 # UCD-SNMP-MIB::laLoad.1 = STRING: 0.27 # UCD-SNMP-MIB::laLoad.2 = STRING: 0.17 # UCD-SNMP-MIB::laLoad.3 = STRING: 0.11 # UCD-SNMP-MIB::laConfig.1 = STRING: 12.00 # UCD-SNMP-MIB::laConfig.2 = STRING: 14.00 # UCD-SNMP-MIB::laConfig.3 = STRING: 14.00 # UCD-SNMP-MIB::laLoadInt.1 = INTEGER: 27 # UCD-SNMP-MIB::laLoadInt.2 = INTEGER: 17 # UCD-SNMP-MIB::laLoadInt.3 = INTEGER: 11 # UCD-SNMP-MIB::laLoadFloat.1 = Opaque: Float: 0.270000 # UCD-SNMP-MIB::laLoadFloat.2 = Opaque: Float: 0.170000 # UCD-SNMP-MIB::laLoadFloat.3 = Opaque: Float: 0.110000 # UCD-SNMP-MIB::laErrorFlag.1 = INTEGER: 0 # UCD-SNMP-MIB::laErrorFlag.2 = INTEGER: 0 # UCD-SNMP-MIB::laErrorFlag.3 = INTEGER: 0 # UCD-SNMP-MIB::laErrMessage.1 = STRING: # UCD-SNMP-MIB::laErrMessage.2 = STRING: # UCD-SNMP-MIB::laErrMessage.3 = STRING: # ----------------------------------------------------------------------------- ############################################################################### # Extensible sections. # # This alleviates the multiple line output problem found in the # previous executable mib by placing each mib in its own mib table: # Run a shell script containing: # # #!/bin/sh # echo hello world # echo hi there # exit 35 # # Note: this has been specifically commented out to prevent # accidental security holes due to someone else on your system writing # a /tmp/shtest before you do. Uncomment to use it. # # exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest # % snmpwalk -v 2c localhost -c public .1.3.6.1.4.1.2021.50 # enterprises.ucdavis.50.1.1 = 1 # enterprises.ucdavis.50.2.1 = "shelltest" # enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest" # enterprises.ucdavis.50.100.1 = 35 # enterprises.ucdavis.50.101.1 = "hello world." # enterprises.ucdavis.50.101.2 = "hi there." # enterprises.ucdavis.50.102.1 = 0 # Now the Output has grown to two lines, and we can see the 'hi # there.' output as the second line from our shell script. # # Note that you must alter the mib.txt file to be correct if you want # the .50.* outputs above to change to reasonable text descriptions. # Other ideas: # # exec .1.3.6.1.4.1.2021.51 ps /bin/ps # exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top # exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq # ----------------------------------------------------------------------------- ############################################################################### # Pass through control. # # Usage: # pass MIBOID EXEC-COMMAND # # This will pass total control of the mib underneath the MIBOID # portion of the mib to the EXEC-COMMAND. # # Note: You'll have to change the path of the passtest script to your # source directory or install it in the given location. # # Example: (see the script for details) # (commented out here since it requires that you place the # script in the right location. (its not installed by default)) # pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest # % snmpwalk -v 2c localhost -c public .1.3.6.1.4.1.2021.255 # enterprises.ucdavis.255.1 = "life the universe and everything" # enterprises.ucdavis.255.2.1 = 42 # enterprises.ucdavis.255.2.2 = OID: 42.42.42 # enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42 # enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1 # enterprises.ucdavis.255.5 = 42 # enterprises.ucdavis.255.6 = Gauge: 42 # # % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5 # enterprises.ucdavis.255.5 = 42 # # % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string" # enterprises.ucdavis.255.1 = "New string" # # For specific usage information, see the man/snmpd.conf.5 manual page # as well as the local/passtest script used in the above example. # Added for support of bcm5820 cards. pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat ############################################################################### # Further Information # # See the snmpd.conf manual page, and the output of "snmpd -H".