1
1
###############################################################################
4
# An example configuration file for configuring the ucd-snmp snmpd agent.
6
###############################################################################
8
# This file is intended to only be an example. If, however, you want
9
# to use it, it should be placed in SYSCONFDIR/snmp/snmpd.conf.
10
# When the snmpd agent starts up, this is where it will look for it.
12
# You might be interested in generating your own snmpd.conf file using
13
# the "snmpconf" program (perl script) instead. It's a nice menu
14
# based interface to writing well commented configuration files. Try it!
16
# Note: This file is automatically generated from EXAMPLE.conf.def.
17
# Do NOT read the EXAMPLE.conf.def file! Instead, after you have run
18
# configure & make, and then make sure you read the EXAMPLE.conf file
19
# instead, as it will tailor itself to your configuration.
21
# All lines beginning with a '#' are comments and are intended for you
22
# to read. All other lines are configuration commands for the agent.
25
# PLEASE: read the snmpd.conf(5) manual page as well!
29
###############################################################################
31
###############################################################################
33
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
34
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
35
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
37
# By far, the most common question I get about the agent is "why won't
38
# it work?", when really it should be "how do I configure the agent to
39
# allow me to access it?"
41
# By default, the agent responds to the "public" community for read
42
# only access, if run out of the box without any configuration file in
43
# place. The following examples show you other ways of configuring
44
# the agent so that you can change the community names, and give
45
# yourself write access as well.
47
# The following lines change the access permissions of the agent so
48
# that the COMMUNITY string provides read-only access to your entire
49
# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
50
# localhost (127.0.0.1, not its real ipaddress).
52
# For more information, read the FAQ as well as the snmpd.conf(5)
56
# First, map the community name (COMMUNITY) into a security name
57
# (local and mynetwork, depending on where the request is coming
60
# sec.name source community
61
com2sec local localhost COMMUNITY
62
com2sec mynetwork NETWORK/24 COMMUNITY
65
# Second, map the security names into group names:
68
group MyRWGroup v1 local
69
group MyRWGroup v2c local
70
group MyRWGroup usm local
71
group MyROGroup v1 mynetwork
72
group MyROGroup v2c mynetwork
73
group MyROGroup usm mynetwork
76
# Third, create a view for us to let the groups have rights to:
78
# incl/excl subtree mask
79
view all included .1 80
82
# Finally, grant the 2 groups access to the 1 view with different
85
# context sec.model sec.level match read write notif
86
access MyROGroup "" any noauth exact all none none
87
access MyRWGroup "" any noauth exact all all none
89
# -----------------------------------------------------------------------------
92
###############################################################################
93
# System contact information
96
# It is also possible to set the sysContact and sysLocation system
97
# variables through the snmpd.conf file. **PLEASE NOTE** that setting
98
# the value of these objects here makes these objects READ-ONLY
99
# (regardless of any access control settings). Any attempt to set the
100
# value of an object whose value is given here will fail with an error
101
# status of notWritable.
103
syslocation Right here, right now.
104
syscontact Me <me@somewhere.org>
106
# Example output of snmpwalk:
107
# % snmpwalk -v 1 -c public localhost system
108
# system.sysDescr.0 = "SunOS name sun4c"
109
# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
110
# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
111
# system.sysContact.0 = "Me <me@somewhere.org>"
112
# system.sysName.0 = "name"
113
# system.sysLocation.0 = "Right here, right now."
114
# system.sysServices.0 = 72
117
# -----------------------------------------------------------------------------
120
###############################################################################
123
# The following are examples of how to use the agent to check for
124
# processes running on the host. The syntax looks something like:
126
# proc NAME [MAX=0] [MIN=0]
128
# NAME: the name of the process to check for. It must match
129
# exactly (ie, http will not find httpd processes).
130
# MAX: the maximum number allowed to be running. Defaults to 0.
131
# MIN: the minimum number to be running. Defaults to 0.
137
# Make sure mountd is running
140
# Make sure there are no more than 4 ntalkds running, but 0 is ok too.
143
# Make sure at least one sendmail, but less than or equal to 10 are running.
146
# A snmpwalk of the prTable would look something like this:
148
# % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.PROCMIBNUM
149
# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
150
# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
151
# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
152
# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
153
# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
154
# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
155
# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
156
# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
157
# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
158
# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
159
# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
160
# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
161
# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
162
# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
163
# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
164
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
165
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
166
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
167
# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
168
# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
169
# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
170
# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
171
# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
172
# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
174
# Note that the errorFlag for mountd is set to 1 because one is not
175
# running (in this case an rpc.mountd is, but thats not good enough),
176
# and the ErrMessage tells you what's wrong. The configuration
177
# imposed in the snmpd.conf file is also shown.
179
# Special Case: When the min and max numbers are both 0, it assumes
180
# you want a max of infinity and a min of 1.
184
# -----------------------------------------------------------------------------
187
###############################################################################
188
# Executables/scripts
192
# You can also have programs run by the agent that return a single
193
# line of output and an exit code. Here are two examples.
195
# exec NAME PROGRAM [ARGS ...]
197
# NAME: A generic name.
198
# PROGRAM: The program to run. Include the path!
199
# ARGS: optional arguments to be passed to the program
201
# a simple hello world
202
exec echotest /bin/echo hello world
204
# Run a shell script containing:
211
# Note: this has been specifically commented out to prevent
212
# accidental security holes due to someone else on your system writing
213
# a /tmp/shtest before you do. Uncomment to use it.
215
#exec shelltest /bin/sh /tmp/shtest
218
# % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.SHELLMIBNUM
219
# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
220
# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
221
# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
222
# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
223
# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
224
# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
225
# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
226
# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
227
# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
228
# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
229
# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
230
# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
232
# Note that the second line of the /tmp/shtest shell script is cut
233
# off. Also note that the exit status of 35 was returned.
235
# -----------------------------------------------------------------------------
238
###############################################################################
242
# The agent can check the amount of available disk space, and make
243
# sure it is above a set limit.
245
# disk PATH [MIN=DEFDISKMINIMUMSPACE]
247
# PATH: mount path to the disk in question.
248
# MIN: Disks with space below this value will have the Mib's errorFlag set.
249
# Default value = DEFDISKMINIMUMSPACE.
251
# Check the / partition and make sure it contains at least 10 megs.
255
# % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.DISKMIBNUM
256
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
257
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F
258
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
259
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
260
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
261
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
262
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
263
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
264
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
265
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
267
# -----------------------------------------------------------------------------
270
###############################################################################
271
# load average checks
274
# load [1MAX=DEFMAXLOADAVE] [5MAX=DEFMAXLOADAVE] [15MAX=DEFMAXLOADAVE]
276
# 1MAX: If the 1 minute load average is above this limit at query
277
# time, the errorFlag will be set.
278
# 5MAX: Similar, but for 5 min average.
279
# 15MAX: Similar, but for 15 min average.
284
# % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.LOADAVEMIBNUM
285
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
286
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
287
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
288
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
289
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
290
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
291
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39
292
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31
293
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36
294
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
295
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
296
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
297
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
298
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
299
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
300
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
301
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
302
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
304
# -----------------------------------------------------------------------------
307
###############################################################################
308
# Extensible sections.
311
# This alleviates the multiple line output problem found in the
312
# previous executable mib by placing each mib in its own mib table:
314
# Run a shell script containing:
321
# Note: this has been specifically commented out to prevent
322
# accidental security holes due to someone else on your system writing
323
# a /tmp/shtest before you do. Uncomment to use it.
325
# exec .EXTENSIBLEDOTMIB.50 shelltest /bin/sh /tmp/shtest
327
# % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.50
328
# enterprises.ucdavis.50.1.1 = 1
329
# enterprises.ucdavis.50.2.1 = "shelltest"
330
# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
331
# enterprises.ucdavis.50.100.1 = 35
332
# enterprises.ucdavis.50.101.1 = "hello world."
333
# enterprises.ucdavis.50.101.2 = "hi there."
334
# enterprises.ucdavis.50.102.1 = 0
336
# Now the Output has grown to two lines, and we can see the 'hi
337
# there.' output as the second line from our shell script.
339
# Note that you must alter the mib.txt file to be correct if you want
340
# the .50.* outputs above to change to reasonable text descriptions.
344
# exec .EXTENSIBLEDOTMIB.51 ps /bin/ps
345
# exec .EXTENSIBLEDOTMIB.52 top /usr/local/bin/top
346
# exec .EXTENSIBLEDOTMIB.53 mailq /usr/bin/mailq
348
# -----------------------------------------------------------------------------
351
###############################################################################
352
# Pass through control.
356
# pass MIBOID EXEC-COMMAND
358
# This will pass total control of the mib underneath the MIBOID
359
# portion of the mib to the EXEC-COMMAND.
361
# Note: You'll have to change the path of the passtest script to your
362
# source directory or install it in the given location.
364
# Example: (see the script for details)
365
# (commented out here since it requires that you place the
366
# script in the right location. (its not installed by default))
368
# pass .EXTENSIBLEDOTMIB.255 /bin/sh PREFIX/local/passtest
370
# % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.255
371
# enterprises.ucdavis.255.1 = "life the universe and everything"
372
# enterprises.ucdavis.255.2.1 = 42
373
# enterprises.ucdavis.255.2.2 = OID: 42.42.42
374
# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
375
# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
376
# enterprises.ucdavis.255.5 = 42
377
# enterprises.ucdavis.255.6 = Gauge: 42
379
# % snmpget -v 1 -c public localhost .EXTENSIBLEDOTMIB.255.5
380
# enterprises.ucdavis.255.5 = 42
382
# % snmpset -v 1 -c public localhost .EXTENSIBLEDOTMIB.255.1 s "New string"
383
# enterprises.ucdavis.255.1 = "New string"
386
# For specific usage information, see the man/snmpd.conf.5 manual page
387
# as well as the local/passtest script used in the above example.
389
###############################################################################
393
# The agent can support subagents using a number of extension mechanisms.
394
# From the 4.2.1 release, AgentX support is being compiled in by default.
395
# To use this mechanism, simply uncomment the following directive.
399
# Please see the file README.agentx for more details.
403
###############################################################################
404
# Further Information
406
# See the snmpd.conf manual page, and the output of "snmpd -H".
407
# MUCH more can be done with the snmpd.conf than is shown as an
4
# An example configuration file for configuring the Net-SNMP agent ('snmpd')
5
# See the 'snmpd.conf(5)' man page for details
7
# Some entries are deliberately commented out, and will need to be explicitly activated
9
###############################################################################
14
# Listen for connections from the local system only
15
agentAddress udp:127.0.0.1:161
16
# Listen for connections on all interfaces (both IPv4 *and* IPv6)
17
#agentAddress udp:161,udp6:[::1]:161
21
###############################################################################
23
# SNMPv3 AUTHENTICATION
25
# Note that these particular settings don't actually belong here.
26
# They should be copied to the file /var/lib/snmp/snmpd.conf
27
# and the passwords changed, before being uncommented in that file *only*.
28
# Then restart the agent
30
# createUser authOnlyUser MD5 "remember to change this password"
31
# createUser authPrivUser SHA "remember to change this one too" DES
32
# createUser internalUser MD5 "this is only ever used internally, but still change the password"
34
# If you also change the usernames (which might be sensible),
35
# then remember to update the other occurances in this example config file to match.
39
###############################################################################
44
# system + hrSystem groups only
45
view systemonly included .1.3.6.1.2.1.1
46
view systemonly included .1.3.6.1.2.1.25.1
48
# Full access from the local host
49
#rocommunity public localhost
50
# Default access to basic system info
51
rocommunity public default -V systemonly
53
# Full access from an example network
54
# Adjust this network address to match your local
55
# settings, change the community string,
56
# and check the 'agentAddress' setting above
57
#rocommunity secret 10.0.0.0/16
59
# Full read-only access for SNMPv3
61
# Full write access for encrypted requests
62
# Remember to activate the 'createUser' lines above
63
#rwuser authPrivUser priv
65
# It's no longer typically necessary to use the full 'com2sec/group/access' configuration
66
# r[ou]user and r[ow]community, together with suitable views, should cover most requirements
70
###############################################################################
75
# Note that setting these values here, results in the corresponding MIB objects being 'read-only'
76
# See snmpd.conf(5) for more details
77
sysLocation Sitting on the Dock of the Bay
78
sysContact Me <me@example.org>
79
# Application + End-to-End layers
86
# At least one 'mountd' process
88
# No more than 4 'ntalkd' processes - 0 is OK
90
# At least one 'sendmail' process, but no more than 10
93
# Walk the UCD-SNMP-MIB::prTable to see the resulting output
94
# Note that this table will be empty if there are no "proc" entries in the snmpd.conf file
100
# 10MBs required on root disk, 5% free on /var, 10% free on all other disks
105
# Walk the UCD-SNMP-MIB::dskTable to see the resulting output
106
# Note that this table will be empty if there are no "disk" entries in the snmpd.conf file
112
# Unacceptable 1-, 5-, and 15-minute load averages
115
# Walk the UCD-SNMP-MIB::laTable to see the resulting output
116
# Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file
120
###############################################################################
126
trapsink localhost public
128
#trap2sink localhost public
129
# send SNMPv2c INFORMs
130
#informsink localhost public
132
# Note that you typically only want *one* of these three lines
133
# Uncommenting two (or all three) will result in multiple copies of each notification.
137
# Event MIB - automatically generate alerts
139
# Remember to activate the 'createUser' lines above
140
iquerySecName internalUser
142
# generate traps on UCD error conditions
144
# generate traps on linkUp/Down
145
linkUpDownNotifications yes
149
###############################################################################
151
# EXTENDING THE AGENT
155
# Arbitrary extension commands
157
extend test1 /bin/echo Hello, world!
158
extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35
159
#extend-sh test3 /bin/sh /tmp/shtest
161
# Note that this last entry requires the script '/tmp/shtest' to be created first,
162
# containing the same three shell commands, before the line is uncommented
164
# Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table
165
# and nsExtendOutput2Table) to see the resulting output
167
# Note that the "extend" directive supercedes the previous "exec" and "sh" directives
168
# However, walking the UCD-SNMP-MIB::extTable should still returns the same output,
169
# as well as the fuller results in the above tables.
173
# "Pass-through" MIB extension command
175
#pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest
176
#pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl
178
# Note that this requires one of the two 'passtest' scripts to be installed first,
179
# before the appropriate line is uncommented.
180
# These scripts can be found in the 'local' directory of the source distribution,
181
# and are not installed automatically.
183
# Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output
189
# Run as an AgentX master agent
191
# Listen for network connections (from localhost)
192
# rather than the default named socket /var/agentx/master
193
#agentXSocket tcp:localhost:705
added
removed
EXAMPLE.conf.def
