snmpd, snmpd.conf - Simple Network Management Protocol
(SNMP) agent daemon
/usr/sbin/snmpd [-t] [-d] [-p port]
Specifies debug mode. If you specify this option, snmpd
prints error information to stdout, but does not run as a
daemon. Specifies the port to which the snmpd daemon listens
for SNMP requests. The default is port 161, the wellknown
SNMP port. Specifies trace mode. If you specify
this option, snmpd prints trace information to stdout.
You must specify the -d option with the -t option.
The snmpd daemon is an extensible SNMP agent that starts
automatically at boot time. It listens on the snmp service
port specified in the /etc/services file for SNMP
requests and for local subagents wishing to register
extended MIBs. The snmpd daemon processes SNMP requests
for MIB objects by communicating with registered subagents.
The snmpd daemon receives and organizes the subagent
replies and sends the SNMP response to logically
remote network management stations.
The snmpd daemon is a bilingual master agent, and is capable
of handling both SNMPv1 and SNMPv2c requests. For
information about building subagents and extensible SNMP
support, refer to the Network Programmer's Guide.
Tru64 UNIX standard MIB support is implemented in the subagent
process /usr/sbin/os_mibs. This process is typically
started and stopped automatically in conjunction
with the snmpd daemon.
The snmpd daemon reads its configuration file,
/etc/snmpd.conf, at startup time. You can change the configuration
by editing the /etc/snmpd.conf file, as
described in the Configuring snmpd section in this reference
page.
Note
The default configuration grants only read access to the
world, and does not generate any traps.
The snmpd daemon logs error messages through the syslog
function to the /usr/var/adm/syslog.dated/date/daemon.log
log file.
Configuring snmpd [Toc] [Back]
The /etc/snmpd.conf file defines the initial values for
four MIB variables, as well as access control based on
community names and trap information, as follows:
sysName name sysLocation location
sysContact contact snmpEnableAuthenTraps
n community community-name IP-address privileges
trap [v1|v2c] trap-community-name IPaddress[:port]
If no trap version is specified, v1 is the default. White
space (tabs, spaces, line feeds, and carriage returns) and
blank lines are ignored.
The /etc/snmpd.conf file is defined as a Context-Dependent
Symbolic Link (CDSL), and must be maintained as such. See
the System Administration manual for more information.
MIB Variable Initialization [Toc] [Back]
When an entry in the /etc/snmpd.conf file is one of the
following MIB variables, it is assigned the value that
follows it:
sysName name sysLocation location
sysContact contact snmpEnableAuthenTraps
n
According to MIB-II, the variables sysName, sysLocation,
and sysContact can be any display string of 0 to 255 NVT
ASCII characters. The value of the snmpEnableAuthenTraps
entry can be either 1 (enable traps) or 2 (disable traps);
for example:
sysName Presto sysLocation
City, USA sysContact Kathy Berberian 555-7667
snmpEnableAuthenTraps 1
If the values of the sysName, sysLocation, and sysContact
variables are modified by SNMP set commands, the new values
are updated in the snmpd.conf file. (The sysName
variable does not affect the system's host name.) If sysName
is not present or commented out in the snmpd.conf
file, the system's host name is used.
Community Entries [Toc] [Back]
Community entries have the following format: communityname
IP-address privileges
Can be any string. Indicates the remote site for which
this community is valid. If the IP address is 0.0.0.0, any
address can communicate using that community name. Can be
read for read-only or write for read and write.
The following is a sample entry for the community variable:
community test1 130.117.1.20 read
This example defines a community named test1 that allows
read-only access from the IP address 130.117.1.20.
Note
On Tru64 UNIX, the MIB-II implementation supports write
access to all MIB-II variables so defined. Authorized
parties are able to change the Tru64 UNIX environment;
such as bring down an interface or delete an entry from
the routing table.
Disabling snmpd [Toc] [Back]
By default, the snmpd.conf file contains a community entry
that permits read access of all MIB variables via the community
public. You can constrain access to different communities
by removing this default entry and by adding
entries with different community names.
If you want to disable access to MIB variables completely
(some sites might want to do this), the recommended method
is to remove all community entries in the snmpd.conf file
and to issue the /sbin/init.d/snmpd read command to force
snmpd to reload its configuration.
Trap Community Entries [Toc] [Back]
Trap entries have the following format: trap [version]
trap-community-name IP-address [:port]
Specifies the SNMP version, either v1 or v2c. If not
specified, v1 is the default. Can be any string. Indicates
the destination address, in dot notation, to which
to send the trap PDU. Specifies the port at the destination
address to which to send the trap PDU. If no port is
specified, port 162 is the default.
The following sample trap entry indicates to the agent
that if a trap needs to be sent, the trap PDU should be
built using the community name test2 and sent to the trap
port at 128.169.4.15:
trap test2 128.169.4.15
The following sample trap entry indicates to the agent
that if a trap needs to be sent, the SNMPv1 trap PDU
should be built using the community name test1 and sent to
the trap port at 128.169.4.15:
trap v1 test1 128.169.4.15
The following sample trap entry indicates to the agent
that if a trap needs to be sent, the SNMPv2 trap PDU
should be built using the community name test2 and sent to
the port 5008 at 128.169.4.15:
trap v2 test2 128.169.4.15:5008
Rereading the Daemon Configuration File (snmpd.conf) [Toc] [Back]
Sending the SIGHUP signal to snmpd causes it to reread the
/etc/snmpd.conf file and and reload that information. To
do this, issue the /sbin/init.d/snmpd read command.
Dumping the Registry of MIBs and Subagents [Toc] [Back]
Sending the SIGUSR1 signal to snmpd causes it to dump its
subagent registration database to the
/var/tmp/snmpd_dump.log file. To do this, issue the
/sbin/init.d/snmpd dump command.
Agent Extensibility (AgentX) [Toc] [Back]
The snmpd daemon supports RFC 2741 for communication with
MIB implementations (called subagents), for example
os_mibs and cpq_mibs. This permits third-party subagents
that support AgentX to interoperate at the protocol level
with Tru64 UNIX snmpd. These subagents do not require
their own private SNMP agent.
Since the operating system's libesnmp.so library also uses
AgentX, all native subagents will interoperate with thirdparty
SNMP agents that support AgentX.
Cluster Alias Support [Toc] [Back]
SNMP is a multi-instance service. Therefore, snmpd runs
on each member of a cluster. The snmpd daemon will accept
SNMP messages received on cluster alias addresses, but
will process them differently than those received on nonalias
addresses.
Since SNMP/UDP messages sent to the same cluster alias
address are delivered in round-robin fashion to different
cluster members, snmpd processes them in the context of a
restricted "MIB view". This MIB view is the set of MIB
variables that are identical in name and value on each
cluster member. Only these variables are exported via
cluster alias addresses.
The snmpd daemon is made aware of subagent MIB variables
by the AgentX registration mechanism. Registrations made
in the default mode are not part of the cluster alias MIB
view; they are available only when processing SNMP
requests received on non-alias addresses. Registrations
using the AgentX context "cluster-alias" are made part of
the cluster alias view; they available when processing
messages received on cluster alias addresses. (Native
Tru64 UNIX subagents can accomplish this by using the
esnmp_register2 function. See the Network Programmer's
Guide for more information.
The snmpd daemon does not communicate with subagents on
different cluster members. A subagent that registers MIB
variables in the cluster alias view is responsible for
ensuring that those variables are identical in name and
value on each cluster member.
The snmpd daemon configuration file. The file containing
the port number on which snmpd listens. The system daemon
log file, where date is the date. This directory contains
sample MIBs and scripts. The file containing a dump of
the snmpd daemon's MIB registry. This directory contains
snmpd daemon's UNIX domain socket directory. This socket
listens for connection requests from subagent processes.
Commands: syslog(3), os_mibs(8), snmp_request(8),
snmp_traprcv(8)
Network Administration: Services
Network Programmer's Guide
For SNMP Version 1:
RFC 1155, Structure and Identification of Management
Information for TCP/IP-Based Internets
RFC 1157, A Simple Network Management Protocol
RFC 1212, Concise MIB Definitions
RFC 1215, Conventions for Defining Traps for Use With the
SNMP
For SNMP Version 2:
RFC 1901, Introduction to Community-based SNMPv2
RFC 1902, Structure of Management Information for Version
2 of the Simple Network Management Protocol (SNMPv2)
RFC 1903, Textual Conventions for Version 2 of the Simple
Network Management Protocol (SNMPv2)
RFC 1904, Conformance Statements for Version 2 of the Simple
Network Management Protocol (SNMPv2)
RFC 1905, Protocol Operations for Version 2 of the Simple
Network Management Protocol (SNMPv2)
RFC 1906, Transport Mappings for Version 2 of the Simple
Network Management Protocol (SNMPv2)
RFC 1907, Management Information Base for Version 2 of the
Simple Network Management Protocol (SNMPv2)
RFC 1908, Coexistence between Version 1 and Version 2 of
the Internet-standard Network Management Framework
RFC 2089, V2ToV1 Mapping SNMPv2 onto SNMPv1 within a bilingual
SNMP Agent
RFC 2741, Agent Extensibility (AgentX) Protocol Version 1
RFC 2742, Definitions of Managed Objects for Extensible
SNMP Agents
snmpd(8)
[ Back ] |
