1
.\" Portions of this file are subject to the following copyright. See
2
.\" the Net-SNMP COPYING file for more details and other copyrights
4
.\"/***********************************************************
5
.\" Copyright 1988, 1989 by Carnegie Mellon University
7
.\" All Rights Reserved
9
.\" Permission to use, copy, modify, and distribute this software and its
10
.\" documentation for any purpose and without fee is hereby granted,
11
.\" provided that the above copyright notice appear in all copies and that
12
.\" both that copyright notice and this permission notice appear in
13
.\" supporting documentation, and that the name of CMU not be
14
.\" used in advertising or publicity pertaining to distribution of the
15
.\" software without specific, written prior permission.
17
.\" CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
18
.\" ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
19
.\" CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
20
.\" ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
21
.\" WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
22
.\" ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
24
.\" ******************************************************************/
25
.\" Portions of this file are copyrighted by:
26
.\" Copyright Copyright 2003 Sun Microsystems, Inc. All rights reserved.
27
.\" Use is subject to license terms specified in the COPYING file
28
.\" distributed with the Net-SNMP package.
29
.\" ******************************************************************/
30
.TH SNMPCMD 1 "29 Jun 2005" VVERSIONINFO "Net-SNMP"
33
snmpcmd - options and behaviour common to most of the Net-SNMP command-line tools
36
[OPTIONS] AGENT [PARAMETERS]
38
This manual page describes the common options for the SNMP commands:
39
.BR snmpbulkget ", " snmpbulkwalk ", " snmpdelta ", " snmpget ", "
40
.BR snmpgetnext ", " snmpnetstat ", " snmpset ", " snmpstatus ", "
41
.BR snmptable ", " snmptest ", " snmptrap ",
42
.BR " snmpdf", " snmpusm ", " snmpwalk ". "
43
The command line applications use the SNMP protocol to communicate
44
with an SNMP capable network entity, an agent. Individual
45
applications typically (but not necessarily) take additional
46
parameters that are given after the agent specification. These
47
parameters are documented in the manual pages for each application.
51
.BI "-3[MmKk] 0xHEXKEY"
52
Sets the keys to be used for SNMPv3 transactions. These options allow
53
you to set the master authentication and encryption keys (-3m and -3M
54
respectively) or set the localized authentication and encryption keys
55
(-3k and -3K respectively). SNMPv3 keys can be either passed in by
56
hand using these flags, or by the use of keys generated from passwords
57
using the -A and -X flags discussed below. For further details on
58
SNMPv3 and its usage of keying information, see the Net-SNMP tutorial
59
web site ( http://www.Net-SNMP.org/tutorial-5/commands/ ).
60
Overrides the defAuthMasterKey (-3m), defPrivMasterKey (-3M),
61
defAuthLocalizedKey (-3k) or defPrivLocalizedKey (-3K) tokens, respectively,
67
.BI -a " authProtocol"
68
Set the authentication protocol (MD5 or SHA) used for authenticated SNMPv3
69
messages. Overrides the \fIdefAuthType\fR token in the
73
.BI -A " authPassword"
74
Set the authentication pass phrase used for authenticated SNMPv3
75
messages. Overrides the \fIdefAuthPassphrase\fR token in the
77
file. It is insecure to specify pass phrases on the command line,
82
Set the community string for SNMPv1/v2c transactions.
83
Overrides the \fIdefCommunity\fR token in the
88
Dump (in hexadecimal) the raw SNMP packets sent and received.
91
Turn on debugging output for the given
95
for extremely verbose output.
98
Set the authoritative (security) engineID used for SNMPv3 REQUEST
99
messages, given as a hexadecimal string (optionally prefixed by "0x").
100
It is typically not necessary to specify this engine ID, as it will
101
usually be discovered automatically.
104
Set the context engineID used for SNMPv3 REQUEST messages scopedPdu,
105
given as a hexadecimal string.
106
If not specified, this will default to the authoritative engineID.
109
Display a brief usage message and then exit.
112
Display a list of configuration file directives understood by the
113
command and then exit.
116
Specifies input parsing options. See
121
Set the securityLevel used for SNMPv3 messages
122
(noAuthNoPriv|authNoPriv|authPriv). Appropriate pass phrase(s) must
123
provided when using any level higher than noAuthNoPriv.
124
Overrides the \fIdefSecurityLevel\fR token in the
129
Specifies output logging options. See
134
Specifies a colon separated list of MIB modules (not files) to load for
135
this application. This overrides (or augments) the environment variable
136
MIBS, the \fIsnmp.conf\fR directive \fImibs\fR, and the list of MIBs
137
hardcoded into the Net-SNMP library.
141
has a leading '-' or '+' character, then the MIB modules listed are
142
loaded in addition to the default list, coming before or after
143
this list respectively.
144
Otherwise, the specified MIBs are loaded \fIinstead\fR of this
149
is used to load all MIB modules in the MIB directory search list.
150
Every file whose name does not begin with "." will be parsed as
151
if it were a MIB file.
154
Specifies a colon separated list of directories to search for MIBs.
155
This overrides (or augments) the environment variable MIBDIRS,
156
the \fIsnmp.conf\fR directive \fImibdirs\fR, and the default
157
directory hardcoded into the Net-SNMP library
162
has a leading '-' or '+' character, then the given directories are
163
added to the default list, being searched before or after the
164
directories on this list respectively.
165
Otherwise, the specified directories are searched \fIinstead\fR
166
of this default list.
168
Note that the directories appearing later in the list have
169
have precedence over earlier ones.
171
.\" XXX - Say a bit more about what precedence means
173
To avoid searching any MIB directories, set the MIBDIRS
174
environment variable to the empty string ("").
176
.\" XXX - or -M "" ??
179
Note that MIBs specified using the -m option or the \fImibs\fR
180
configuration directive will be loaded from one of the directories
181
listed by the -M option (or equivalents).
182
The \fImibfile\fR directive takes a full path to the specified MIB
183
file, so this does not need to be in the MIB directory search list.
185
.BI -n " contextName"
186
Set the contextName used for SNMPv3 messages. The default
187
contextName is the empty string "". Overrides the \fIdefContext\fR token
192
.BI -O " [abeEfnqQsStTuUvxX]"
193
Specifies output printing options. See
198
Specifies MIB parsing options. See
199
.B MIB PARSING OPTIONS
203
Specifies the number of retries to be used in the requests. The default
207
Specifies the timeout in seconds between retries. The default is 1.
210
Set the securityName used for authenticated SNMPv3 messages.
211
Overrides the \fIdefSecurityName\fR token in the
215
.B -v \fI1\fR | \fI2c\fR | \fI3
216
Specifies the protocol version to use: 1 (RFCs 1155-1157), 2c (RFCs 1901-1908),
217
or 3 (RFCs 2571-2574). The default is typically version 3.
218
Overrides the \fIdefVersion\fR token in the
223
Display version information for the application and then exit.
225
.BI -x " privProtocol"
226
Set the privacy protocol (DES or AES) used for encrypted SNMPv3 messages.
227
Overrides the \fIdefPrivType\fR token in the
229
file. This option is only valid if the Net-SNMP software was build
232
.BI -X " privPassword"
233
Set the privacy pass phrase used for encrypted SNMPv3 messages.
234
Overrides the \fIdefPrivPassphrase\fR token in the
237
It is insecure to specify pass phrases on the command line, see
241
Set the engineBoots and engineTime used for authenticated SNMPv3
242
messages. This will initialize the local notion of the agents
243
boots/time with an authenticated value stored in the LCD.
244
It is typically not necessary to specify this option, as these values
245
will usually be discovered automatically.
247
.BI -Y "name"="value"
249
.BI -- "name"="value"
250
Allows to specify any token ("name") supported in the
252
file and sets its value to "value". Overrides the corresponding token in the
256
for the full list of tokens.
258
.SH AGENT SPECIFICATION
264
above specifies the remote SNMP entity with which to communicate.
265
This specification takes the form:
267
[<transport-specifier>:]<transport-address>
271
specification may consist of a hostname, or an IPv4 address in the
272
standard "dotted quad" notation. In this case, communication will be
273
attempted using UDP/IPv4 to port 161 of the given host. Otherwise,
274
the <transport-address> part of the specification is parsed according
275
to the following table:
278
.BR "<transport-specifier>"
279
.BR "<transport-address> format"
291
[network]:node[/port]
293
.IR "" "aal5pvc " or " pvc"
294
[interface.][VPI.]VCI
295
.IP "udp6 or udpv6 or udpipv6" 28
300
'['IPv6-address']'[:port]
301
.IP "tcp6 or tcpv6 or tcpipv6"
306
'['IPv6-address']'[:port]
309
Note that <transport-specifier> strings are case-insensitive so that,
310
for example, "tcp" and "TCP" are equivalent. Here are some examples,
311
along with their interpretation:
314
perform query using UDP/IPv4 datagrams to
318
The ":161" is redundant here since that is the default SNMP port in
322
identical to the previous specification. The "udp:" is redundant here
323
since UDP/IPv4 is the default transport.
325
.IR "TCP:hostname:1161"
330
using TCP/IPv4 and perform query over that connection.
332
.IR "ipx::00D0B7AAE308"
333
perform query using IPX datagrams to node number
335
on the default network, and using the default IPX port of 36879 (900F
336
hexadecimal), as suggested in RFC 1906.
338
.IR "ipx:0AE43409:00D0B721C6C0/1161"
339
perform query using IPX datagrams to port
346
.IR "unix:/tmp/local-agent"
347
connect to the Unix domain socket
348
.IR /tmp/local-agent ,
349
and perform the query over that connection.
351
.IR "/tmp/local-agent"
352
identical to the previous specification, since the Unix domain is the
353
default transport iff the first character of the <transport-address>
357
perform the query using AAL5 PDUs sent on the permanent virtual
358
circuit with VPI=0 and VCI=100 (decimal) on the first ATM adapter in the
362
perform the query using AAL5 PDUs sent on the permanent virtual
363
circuit with VPI=10 (decimal) and VCI=32 (decimal) on the second ATM
364
adapter in the machine. Note that "PVC" is a synonym for "AAL5PVC".
366
.IR "udp6:hostname:10161"
367
perform the query using UDP/IPv6 datagrams to port
371
(which will be looked up as an AAAA record).
373
.IR "UDP6:[fe80::2d0:b7ff:fe21:c6c0]"
374
perform the query using UDP/IPv6 datagrams to port 161 at address
375
.IR fe80::2d0:b7ff:fe21:c6c0 .
377
.IR "tcpipv6:[::1]:1611"
378
connect to port 1611 on the local host
380
in IPv6 parlance) using TCP/IPv6 and perform query over that connection.
382
Note that not all the transport domains listed above will always be
383
available; for instance, hosts with no IPv6 support will not be able
384
to use udp6 transport addresses, and attempts to do so will result in
385
the error "Unknown host". Likewise, since AAL5 PVC support is only
386
currently available on Linux, it will fail with the same error on
389
.SH "MIB PARSING OPTIONS"
390
The Net-SNMP MIB parser mostly adheres to the Structure of Management
391
Information (SMI). As that specification has changed through time, and
392
in recognition of the (ahem) diversity in compliance expressed in MIB
393
files, additional options provide more flexibility in reading MIB files.
396
Toggles whether ASN.1 comments should extend to the end of the MIB
398
Strictly speaking, a second appearance of "--" should terminate the
399
comment, but this breaks some MIB files.
400
The default behaviour (to interpret comments correctly) can also
401
be set with the (misnamed) configuration token \fIstrictCommentTerm\fR.
404
Disables the loading of MIB object DESCRIPTIONs when parsing MIB files.
405
This reduces the amount of memory used by the running application.
408
Toggles whether to show errors encountered when parsing MIB files.
410
references to IMPORTed modules and MIB objects that cannot be
411
located in the MIB directory search list.
412
The default behaviour can also be set with the configuration token \fIshowMibErrors\fR.
415
If the same MIB object (parent name and sub-identifier) appears multiple
416
times in the list of MIB definitions loaded, use the last version to be
417
read in. By default, the first version will be used, and any duplicates
419
This behaviour can also be set with the configuration token \fImibReplaceWithLatest\fR.
421
Such ordering is normally only relevant if there are two MIB files with
422
conflicting object definitions for the same OID (or different revisions
423
of the same basic MIB object).
425
.\" Setting this option may result in an incorrect hierarchy.
429
Toggles whether to allow the underline character in MIB object names
431
Strictly speaking, this is not valid SMI syntax, but some vendor MIB
432
files define such names.
433
The default behaviour can also be set with the configuration token \fImibAllowUnderline\fR.
436
Show various warning messages in parsing MIB files and building
437
the overall OID tree.
438
This can also be set with the configuration directive
439
\fImibWarningLevel 1\fR
442
Show some additional warning messages, mostly relating to parsing
443
individual MIB objects.
444
This can also be set with the configuration directive
445
\fImibWarningLevel 2\fR
448
The format of the output from SNMP commands can be controlled using
449
various parameters of the \fB-O\fR flag.
450
The effects of these sub-options can be seen by comparison with
451
the following default output (unless otherwise specified):
454
\fC$ snmpget -c public -v 1 localhost sysUpTime.0
455
SNMPv2-MIB::sysUpTime.0 = Timeticks: (14096763) 1 day, 15:09:27.63\fR
461
Display string values as ASCII strings (unless there is a
462
\fCDISPLAY-HINT\fR defined for the corresponding MIB object).
463
By default, the library attempts to determine whether the value is
464
a printable or binary string, and displays it accordingly.
466
This option does not affect objects that \fIdo\fR have a Display Hint.
469
Display table indexes numerically, rather than trying to interpret
470
the instance subidentifiers as string or OID values:
473
\fC $ snmpgetnext -c public -v 1 localhost vacmSecurityModel
474
SNMP-VIEW-BASED-ACM-MIB::vacmSecurityModel.0."wes" = xxx
475
$ snmpgetnext -c public -v 1 \fB-Ob\fP localhost vacmSecurityModel
476
SNMP-VIEW-BASED-ACM-MIB::vacmSecurityModel.0.3.119.101.115 = xxx\fR
481
Removes the symbolic labels from enumeration values:
484
\fC $ snmpget -c public -v 1 localhost ipForwarding.0
485
IP-MIB::ipForwarding.0 = INTEGER: forwarding(1)
486
\fC $ snmpget -c public -v 1 \fB-Oe\fP localhost ipForwarding.0
487
IP-MIB::ipForwarding.0 = INTEGER: 1\fR
492
Modifies index strings to escape the quote characters:
495
\fC $ snmpgetnext -c public -v 1 localhost vacmSecurityModel
496
SNMP-VIEW-BASED-ACM-MIB::vacmSecurityModel.0."wes" = xxx
497
$ snmpgetnext -c public -v 1 \fB-OE\fP localhost vacmSecurityModel
498
SNMP-VIEW-BASED-ACM-MIB::vacmSecurityModel.0.\\"wes\\" = xxx\fR
502
This allows the output to be reused in shell commands.
505
Include the full list of MIB objects when displaying an OID:
507
\fC .iso.org.dod.internet.mgmt.mib-2.system.sysUpTime.0 =\fR
509
\fC Timeticks: (14096763) 1 day, 15:09:27.63\fR
514
Displays the OID numerically:
516
\fC .1.3.6.1.2.1.1.3.0 = Timeticks: (14096763) 1 day, 15:09:27.63\fR
519
Removes the equal sign and type information when displaying varbind values:
521
\fC SNMPv2-MIB::sysUpTime.0 1:15:09:27.63\fR
524
Removes the type information when displaying varbind values:
526
\fC SNMPv2-MIB::sysUpTime.0 = 1:15:09:27.63\fR
529
Display the MIB object name (plus any instance or other subidentifiers):
531
\fC sysUpTime.0 = Timeticks: (14096763) 1 day, 15:09:27.63\fR
534
Display the name of the MIB, as well as the object name:
536
\fC SNMPv2-MIB::sysUpTime.0 = Timeticks: (14096763) 1 day, 15:09:27.63\fR
538
This is the default OID output format.
541
Display \fCTimeTicks\fR values as raw numbers:
543
\fC SNMPv2-MIB::sysUpTime.0 = 14096763\fR
546
If values are printed as Hex strings,
547
display a printable version as well.
550
Display the OID in the traditional UCD-style (inherited from the original
552
That means removing a series of "standard" prefixes from the OID,
553
and displaying the remaining list of MIB object names
554
(plus any other subidentifiers):
556
\fC system.sysUpTime.0 = Timeticks: (14096763) 1 day, 15:09:27.63\fR
559
Do not print the UNITS suffix at the end of the value.
562
Display the varbind value only, not the OID:
565
\fC $ snmpget -c public -v 1 \fB-Oe\fP localhost ipForwarding.0
566
INTEGER: forwarding(1)\fR
571
Display string values as Hex strings (unless there is a
572
\fCDISPLAY-HINT\fR defined for the corresponding MIB object).
573
By default, the library attempts to determine whether the value is
574
a printable or binary string, and displays it accordingly.
576
This option does not affect objects that \fIdo\fR have a Display Hint.
579
Display table indexes in a more "program like" output, imitating
580
a traditional array-style index format:
583
\fC $ snmpgetnext -c public -v 1 localhost ipv6RouteTable
584
IPv6-MIB::ipv6RouteIfIndex.63.254.1.0.255.0.0.0.0.0.0.0.0.0.0.0.64.1 = INTEGER: 2
585
$ snmpgetnext -c public -v 1 \fB-OE\fP localhost ipv6RouteTable
586
IPv6-MIB::ipv6RouteIfIndex[3ffe:100:ff00:0:0:0:0:0][64][1] = INTEGER: 2
590
Most of these options can also be configured via configuration tokens.
593
manual page for details.
595
.SH "LOGGING OPTIONS"
596
The mechanism and destination to use for logging of warning and error
597
messages can be controlled by passing various parameters to the
602
Log messages to the standard error stream.
605
Log messages to the specified file.
608
Log messages to the standard output stream.
611
Log messages via syslog, using the specified facility
612
('d' for LOG_DAEMON, 'u' for LOG_USER,
613
or '0'-'7' for LOG_LOCAL0 through LOG_LOCAL7).
616
There are also "upper case" versions of each of these options, which
617
allow the corresponding logging mechanism to be restricted to certain
618
priorities of message. Using standard error logging as an example:
621
will log messages of priority 'pri' and above to standard error.
624
will log messages with priority between 'p1' and 'p2' (inclusive) to
631
the priority specification comes before the file or facility token.
632
The priorities recognised are:
674
Normal output is (or will be!) logged at a priority level of
678
The interpretation of input object names and the values to be assigned
679
can be controlled using various parameters of the \fB-I\fR flag.
680
The default behaviour will be described at the end of this section.
683
specifies that the given name should be regarded as a regular expression,
684
to match (case-insensitively) against object names in the MIB tree.
685
The "best" match will be used - calculated as the one that matches the
686
closest to the beginning of the node name and the highest in the tree.
688
.\" XXX - This is not a particularly clear description.
689
.\" Need to check the code and/or experiment to
690
.\" discover exactly what Wes means by this!
691
For example, the MIB object \fCvacmSecurityModel\fR could be matched by
692
the expression \fCvacmsecuritymodel\fR (full name, but different case),
693
or \fCvacm.*model\fR (regexp pattern).
695
Note that '.' is a special character in regular expression patterns,
696
so the expression cannot specify instance subidentifiers or more than
697
one object name. A "best match" expression will only be applied
698
against single MIB object names.
699
For example, the expression \fIsys*ontact.0\fR would not match the
700
instance \fCsysContact.0\fR (although \fIsys*ontact\fR would match
702
Similarly, specifying a MIB module name will not succeed
703
(so \fISNMPv2-MIB::sys.*ontact\fR would not match either).
706
disables the use of DISPLAY-HINT information when assigning values.
707
This would then require providing the raw value:
709
\fC snmpset ... HOST-RESOURCES-MIB::hrSystemDate.0
711
x "07 D2 0C 0A 02 04 06 08"\fR
713
instead of a formatted version:
715
\fC snmpset ... HOST-RESOURCES-MIB::hrSystemDate.0
717
= 2002-12-10,2:4:6.8\fR
720
disables checking table indexes and the value to be assigned against the
721
relevant MIB definitions. This will (hopefully) result in the remote
722
agent reporting an invalid request, rather than checking (and rejecting)
723
this before it is sent to the remote agent.
725
Local checks are more efficient (and the diagnostics provided also
726
tend to be more precise), but disabling this behaviour is particularly
727
useful when testing the remote agent.
730
enables "random access" lookup of MIB names.
731
Rather than providing a full OID path to the desired MIB object
732
(or qualifying this object with an explicit MIB module name),
733
the MIB tree will be searched for the matching object name.
734
Thus \fC.iso.org.dod.internet.mib-2.system.sysDescr.0\fR
735
(or \fCSNMPv2-MIB::sysDescr.0\fR) can be specified simply
739
Since MIB object names are not globally unique, this approach
740
may return a different MIB object depending on which MIB files
744
The \fIMIB-MODULE::objectName\fR syntax has
745
the advantage of uniquely identifying a particular MIB object,
746
as well as being slightly more efficient (and automatically
747
loading the necessary MIB file if necessary).
750
adds the specified suffix to each textual OID given on the command line.
751
This can be used to retrieve multiple objects from the same row of
752
a table, by specifying a common index value.
755
adds the specified prefix to each textual OID given on the command line.
756
This can be used to specify an explicit MIB module name for all objects
757
being retrieved (or for incurably lazy typists).
760
enables the traditional UCD-style approach to interpreting input OIDs.
761
This assumes that OIDs are rooted at the 'mib-2' point in the tree
762
(unless they start with an explicit '.' or include a MIB module name).
763
So the \fCsysDescr\fR instance above would be referenced as
764
\fCsystem.sysDescr.0\fR.
767
Object names specified with a leading '.' are always interpreted as
768
"fully qualified" OIDs, listing the sequence of MIB objects from the
769
root of the MIB tree. Such objects and those qualified by an explicit
770
MIB module name are unaffected by the \fB-Ib\fR, \fB-IR\fR and \fB-Iu\fR flags.
772
Otherwise, if none of the above input options are specified, the
773
default behaviour for a "relative" OID is to try and interpret it
774
as an (implicitly) fully qualified OID,
775
then apply "random access" lookup (\fB-IR\fR),
776
followed by "best match" pattern matching (\fB-Ib\fR).
778
.SH "ENVIRONMENT VARIABLES"
780
The standard prefix for object identifiers (when using UCD-style output).
781
Defaults to .iso.org.dod.internet.mgmt.mib-2
783
The list of MIBs to load. Defaults to
784
SNMPv2-TC:SNMPv2-MIB:IF-MIB:IP-MIB:TCP-MIB:UDP-MIB:SNMP-VACM-MIB.
789
The list of directories to search for MIBs. Defaults to DATADIR/snmp/mibs.
795
.IP SYSCONFDIR/snmp/snmpd.conf
796
Agent configuration file. See
798
.IP SYSCONFDIR/snmp/snmp.conf
799
.IP ~/.snmp/snmp.conf
800
Application configuration files. See
804
snmpget(1), snmpgetnext(1), snmpset(1),
805
snmpbulkget(1), snmpbulkwalk(1), snmpwalk(1),
806
snmptable(1), snmpnetstat(1), snmpdelta(1), snmptrap(1), snmpinform(1),
807
snmpusm(1), snmpstatus(1), snmptest(1),