📄 net-snmp-agent-manpages-snmpd.conf.html
字号:
the incoming packet is selected.
group NAME MODEL SECURITY
This directive defines the mapping from security-
model/securityname to group. MODEL is one of v1,
v2c, or usm.
access NAME CONTEXT MODEL LEVEL PREFX READ WRITE NOTIFY
The access directive maps from group/security
model/security level to a view. MODEL is one of
any, v1, v2c, or usm. LEVEL is one of noauth,
auth, or priv. PREFX specifies how CONTEXT should
be matched against the context of the incoming pdu,
either exact or prefix. READ, WRITE and NOTIFY
specifies the view to be used for the corresponding
access. For v1 or v2c access, LEVEL will be
noauth, and CONTEXT will be empty.
view NAME TYPE SUBTREE [MASK]
The defines the named view. TYPE is either included
or excluded. MASK is a list of hex octets, sepa-
rated by '.' or ':'. The MASK defaults to "ff" if
not specified.
The reason for the mask is, that it allows you to
control access to one row in a table, in a rela-
tively simple way. As an example, as an ISP you
might consider giving each customer access to his
or her own interface:
view cust1 included interfaces.ifTable.ifEntry.ifIndex.1 ff.a0
view cust2 included interfaces.ifTable.ifEntry.ifIndex.2 ff.a0
(interfaces.ifTable.ifEntry.ifIndex.1 == .1.3.6.1.2.1.2.2.1.1.1,
ff.a0 == 11111111.10100000. which nicely covers up and including
the row index, but lets the user vary the field of the row)
VACM Examples:
# sec.name source community
com2sec local localhost private
com2sec mynet 10.10.10.0/24 public
com2sec public default public
# sec.model sec.name
group mygroup v1 mynet
group mygroup v2c mynet
group mygroup usm mynet
group local v1 local
group local v2c local
group local usm local
group public v1 public
group public v2c public
group public usm public
# incl/excl subtree mask
view all included .1 80
view system included system fe
view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
# context sec.model sec.level prefix read write notify
access mygroup "" any noauth exact mib2 none none
access public "" any noauth exact system none none
access local "" any noauth exact all all all
Default VACM model
The default configuration of the agent, as shipped, is functionally
equivalent to the following entries:
com2sec public default public
group public v1 public
group public v2c public
group public usm public
view all included .1
access public "" any noauth exact all none none
SNMPv3 CONFIGURATION
engineID STRING
The snmpd agent needs to be configured with an
engineID to be able to respond to SNMPv3 messages.
With this configuration file line, the engineID
will be configured from STRING. The default value
of the engineID is configured with the first IP
address found for the hostname of the machine.
createUser username (MD5|SHA) authpassphrase [DES] [priv-
passphrase]
This directive should be placed into the "/var/ucd-
snmp"/snmpd.conf file instead of the other normal
locations. The reason is that the information is
read from the file and then the line is removed
(eliminating the storage of the master password for
that user) and replaced with the key that is
derived from it. This key is a localized key, so
that if it is stolen it can not be used to access
other agents. If the password is stolen, however,
it can be.
MD5 and SHA are the authentication types to use,
but you must have built the package with openssl
installed in order to use SHA. The only privacy
protocol currently supported is DES. If the pri-
vacy passphrase is not specified, it is assumed to
be the same as the authentication passphrase. Note
that the users created will be useless unless they
are also added to the VACM access control tables
described above.
Warning: the minimum pass phrase length is 8 char-
acters.
SNMPv3 users can be created at runtime using the
snmpusm command.
SETTING SYSTEM INFORMATION
syslocation STRING
syscontact STRING
Sets the system location and the system contact for
the agent. This information is reported by the
'system' table in the mibII tree.
authtrapenable NUMBER
Setting authtrapenable to 1 enables generation of
authentication failure traps. The default value is
2 (disable).
trapcommunity STRING
This defines the default community string to be
used when sending traps. Note that this command
must be used prior to any of the following three
commands that are intended use this community
string.
trapsink HOST [COMMUNITY [PORT]]
trap2sink HOST [COMMUNITY [PORT]]
informsink HOST [COMMUNITY [PORT]]
These commands define the hosts to receive traps
(and/or inform notifications). The daemon sends a
Cold Start trap when it starts up. If enabled, it
also sends traps on authentication failures. Mul-
tiple trapsink, trap2sink and informsink lines may
be specified to specify multiple destinations. Use
trap2sink to send SNMPv2 traps and informsink to
send inform notifications. If COMMUNITY is not
specified, the string from a preceding trapcommu-
nity directive will be used. If PORT is not speci-
fied, the well known SNMP trap port (162) will be
used.
PASS-THROUGH CONTROL
pass MIBOID EXEC
Passes entire control of MIBOID to the EXEC pro-
gram. The EXEC program is called in one of the
following three ways:
EXEC -g MIBOID
EXEC -n MIBOID
These call lines match to SNMP get and get-
next requests. It is expected that the EXEC
program will take the arguments passed to it
and return the appropriate response through
it's stdout.
The first line of stdout should be the mib
OID of the returning value. The second line
should be the TYPE of value returned, where
TYPE is one of the text strings: string,
integer, unsigned, objectid, timeticks,
ipaddress, counter, or gauge. The third
line of stdout should be the VALUE corre-
sponding with the returned TYPE.
For instance, if a script was to return the
value integer value "42" when a request for
.1.3.6.1.4.100 was requested, the script
should return the following 3 lines:
.1.3.6.1.4.100
integer
42
To indicate that the script is unable to
comply with the request due to an end-of-mib
condition or an invalid request, simple exit
and return no output to stdout at all. A
snmp error will be generated corresponding
to the SNMP NO-SUCH-NAME response.
EXEC -s MIBOID TYPE VALUE
For SNMP set requests, the above call method
is used. The TYPE passed to the EXEC pro-
gram is one of the text strings: integer,
counter, gauge, timeticks, ipaddress, objid,
or string, indicating the type of value
passed in the next argument.
Return nothing to stdout, and the set will
assumed to have been successful. Otherwise,
return one of the following error strings to
signal an error: not-writable, or wrong-type
and the appropriate error response will be
generated instead.
Note: By default, the only community
allowed to write (ie snmpset) to
your script will be the "private"
community,or community #2 if defined
differently by the "community" token
discussed above. Which communities
are allowed write access are con-
trolled by the RWRITE definition in
the snmplib/snmp_impl.h source file.
EXAMPLE
See the EXAMPLE.CONF file in the top level source direc-
tory for a more detailed example of how the above informa-
tion is used in real examples.
RE-READING snmpd.conf and snmpd.local.conf
The ucd-snmp agent can be forced to re-read its configura-
tion files. It can be told to do so by one of two ways:
1. An snmpset of integer(1) to
1.3.6.1.4.1.2021.100.VERUPDATECONFIG.
2. A "kill -HUP" signal sent to the snmpd agent pro-
cess.
FILES
share/snmp/snmpd.conf
SEE ALSO
snmp_config(5), snmpd(1), EXAMPLE.conf, read_config(3).
27 Jan 2000 SNMPD.CONF(5)
</PRE
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="net-snmp-mib-compiler.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="ecos-ref.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="net-httpd.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>MIB Compiler</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="net-snmp-ecos-port.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Embedded HTTP Server</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -