diff options
Diffstat (limited to 'man/snmp.conf.5.def')
-rw-r--r-- | man/snmp.conf.5.def | 331 |
1 files changed, 331 insertions, 0 deletions
diff --git a/man/snmp.conf.5.def b/man/snmp.conf.5.def new file mode 100644 index 0000000..812a56c --- /dev/null +++ b/man/snmp.conf.5.def @@ -0,0 +1,331 @@ +.TH SNMP.CONF 5 "29 Jun 2005" VVERSIONINFO "Net-SNMP" +.UC 4 +.SH NAME +snmp.conf - configuration files for the Net-SNMP applications +.SH DESCRIPTION +Applications built using the Net-SNMP libraries typically use one or +more configuration files to control various aspects of their operation. +These files (\fBsnmp.conf\fR and \fBsnmp.local.conf\fR) can be located +in one of several locations, as described in the \fIsnmp_config(5)\fR +manual page. +.PP +In particular, \fCSYSCONFDIR/snmp/snmp.conf\fR is a common file, +containing the settings shared by all users of the system. +\fC~/.snmp/snmp.conf\fR is a personal file, with the settings +specific to a particular user. +.SH IMPORTANT NOTE +Several of these directives may contain sensitive information +(such as pass phrases). Configuration files that include such +settings should only be readable by the user concerned. +.PP +As well as application-specific configuration tokens, there are +several directives that relate to standard library behaviour, +relevant to most Net-SNMP applications. Many of these correspond +to standard command-line options, which are described in the +\fIsnmpcmd(1)\fR manual page. +.PP +These directives can be divided into several distinct groups. +.SH CLIENT BEHAVIOUR +.IP "defDomain application domain" +The transport domain that should be used for a certain application type unless +something else is specified. +.IP "defTarget application domain target" +The target that should be used for connections to a certain application if the +connection should be in a specific domain. +.IP "defaultPort PORT" +defines the default UDP port that client SNMP applications will +attempt to connect to. This can be overridden by explicitly +including a port number in the \fIAGENT\fR specification. +See the \fIsnmpcmd(1)\fR manual page for more details. +.IP +If not specified, the default value for this token is 161. +.IP "defVersion (1|2c|3)" +defines the default version of SNMP to use. +This can be overridden using the \fB-v\fR option. +.IP "defCommunity STRING" +defines the default community to use for SNMPv1 and SNMPv2c requests. +This can be overridden using the \fB-c\fR option. +.\".IP "dumpPacket (1|yes|true|0|no|false)" +.IP "dumpPacket yes" +defines whether to display a hexadecimal dump of the raw SNMP requests +sent and received by the application. +This is equivalent to the \fB-d\fR option. +.IP "doDebugging (1|0)" +turns on debugging for all applications run if set to 1. +.\" +.\" XXX - why not full boolean values? +.\" what is the purpose of this directive ?? +.\" +.IP "debugTokens TOKEN[,TOKEN...]" +defines the debugging tokens that should be turned on when +\fIdoDebugging\fR is set. +This is equivalent to the \fB-D\fR option. +.\".IP "16bitIDs (1|yes|true|0|no|false)" +.IP "16bitIDs yes" +restricts requestIDs, etc to 16-bit values. +.IP +The SNMP specifications define these ID fields as 32-bit quantities, +and the Net-SNMP library typically initialises them to random values +for security. +However certain (broken) agents cannot handle ID values greater than +2^16 - this option allows interoperability with such agents. +.IP "clientaddr [<transport-specifier>:]<transport-address>" +specifies the source address to be used by command-line applications +when sending SNMP requests. See \fIsnmpcmd(1)\fR for more information +about the format of addresses. +.IP +This value is also used by \fBsnmpd\fR when generating notifications. +.\" +.\" But not responses to an incoming request? +.\" What about snmptrapd? +.\" +.IP "clientRecvBuf INTEGER" +specifies the desired size of the buffer to be used when receiving +responses to SNMP requests. +If the OS hard limit is lower than the \fIclientRecvBuf\fR value, +then this will be used instead. +Some platforms may decide to increase the size of the buffer +actually used for internal housekeeping. +.IP +This directive will be ignored if the platforms does not support +\fIsetsockopt()\fR. +.IP "clientSendBuf INTEGER" +is similar to \fIclientRecvBuf\fR, but applies to the size +of the buffer used when sending SNMP requests. +.IP "noRangeCheck yes" +disables the validation of varbind values against the MIB definition +for the relevant OID. +This is equivalent to the \fB-Ir\fR option. +.IP +This directive is primarily relevant to the \fBsnmpset\fR command, +but will also apply to any application that calls \fIsnmp_add_var()\fR +.\" what else ?? +with a non-NULL value. +.\" +.\" XXX - including snmpd ?? +.\" +.IP "noTokenWarnings" +disables warnings about unknown config file tokens. +.IP "reverseEncodeBER (1|yes|true|0|no|false)" +controls how the encoding of SNMP requests is handled. +.IP +The default behaviour is to encode packets starting from the end of +the PDU and working backwards. +This directive can be used to disable this behaviour, and build +the encoded request in the (more obvious) forward direction. +.IP +It should not normally be necessary to change this setting, as +the encoding is basically the same in either case - but working +backwards typically produces a slightly more efficient encoding, +and hence a smaller network datagram. +.\" +.\" XXX - It is probably about time to remove this choice! +.\" +.SH SNMPv3 SETTINGS +.IP "defSecurityName STRING" +defines the default security name to use for SNMPv3 requests. +This can be overridden using the \fB-u\fR option. +.IP "defSecurityLevel noAuthNoPriv|authNoPriv|authPriv" +defines the default security level to use for SNMPv3 requests. +This can be overridden using the \fB-l\fR option. +.IP +If not specified, the default value for this token is \fInoAuthNoPriv\fR. +.\" +.\" XXX - Is this correct ? +.\" +.RS +.IP "Note: +\fIauthPriv\fR is only available if the software has been compiled +to use the OpenSSL libraries. +.RE +.IP "defPassphrase STRING" +.IP "defAuthPassphrase STRING" +.IP "defPrivPassphrase STRING" +define the default authentication and privacy pass phrases to use +for SNMPv3 requests. +These can be overridden using the \fB-A\fR and \fB-X\fR options respectively. +.IP +The +.B defPassphrase +value will be used for the authentication and/or privacy pass phrases +if either of the other directives are not specified. +.IP "defAuthType MD5|SHA" +.IP "defPrivType DES|AES" +define the default authentication and privacy protocols to use for +SNMPv3 requests. +These can be overridden using the \fB-a\fR and \fB-x\fR options respectively. +.IP +If not specified, SNMPv3 requests will default to MD5 authentication +and DES encryption. +.RS +.IP "Note: +If the software has not been compiled to use the OpenSSL libraries, +then only MD5 authentication is supported. +Neither SHA authentication nor any form of encryption will be available. +.RE +.IP "defContext STRING" +defines the default context to use for SNMPv3 requests. +This can be overridden using the \fB-n\fR option. +.IP +If not specified, the default value for this token is the default context +(i.e. the empty string ""). +.IP "defSecurityModel STRING" +defines the security model to use for SNMPv3 requests. +The default value is "usm" which is the only widely +used security model for SNMPv3. +.IP "defAuthMasterKey 0xHEXSTRING" +.IP "defPrivMasterKey 0xHEXSTRING" +.IP "defAuthLocalizedKey 0xHEXSTRING" +.IP "defPrivLocalizedKey 0xHEXSTRING" +define the (hexadecimal) keys to be used for SNMPv3 secure communications. +SNMPv3 keys are frequently derived from a passphrase, as discussed in +the \fIdefPassphrase\fR section above. However for improved security a +truely random key can be generated and used instead (which would +normally has better entropy than a password unless it is +amazingly long). +The directives are equivalent to the short-form +command line options \fB-3m\fR, \fB-3M\fR, \fB-3k\fR, and \fB-3K\fR. +.IP +Localized keys are +master keys which have been converted to a unique key which is only +suitable for on particular SNMP engine (agent). The length of the key +needs to be appropriate for the authentication or encryption type +being used (auth keys: MD5=16 bytes, SHA1=20 bytes; +priv keys: DES=16 bytes (8 +bytes of which is used as an IV and not a key), and AES=16 bytes). +.\" +.\" XXX - are these lengths still correct ? +.\" +.SH SERVER BEHAVIOUR +.IP "persistentDir DIRECTORY" +defines the directory where \fBsnmpd\fR and \fBsnmptrapd\fR store +persistent configuration settings. +.IP +If not specified, the persistent directory defaults to +PERSISTENT_DIRECTORY +.IP "noPersistentLoad yes" +.IP "noPersistentSave yes" +disable the loading and saving of persistent configuration information. +.RS +.IP "Note:" +This will break SNMPv3 operations (and other behaviour that relies +on changes persisting across application restart). Use With Care. +.RE +.IP "tempFilePattern PATTERN" +defines a filename template for creating temporary files, +for handling input to and output from external shell commands. +Used by the \fImkstemp()\fR and \fImktemp()\fR functions. +.IP +If not specified, the default pattern is \fC/tmp/snmpdXXXXXX\fR. +.IP "serverRecvBuf INTEGER" +specifies the desired size of the buffer to be used when receiving +incoming SNMP requests. +If the OS hard limit is lower than the \fIserverRecvBuf\fR value, +then this will be used instead. +Some platforms may decide to increase the size of the buffer +actually used for internal housekeeping. +.IP +This directive will be ignored if the platforms does not support +\fIsetsockopt()\fR. +.IP "serverSendBuf INTEGER" +is similar to \fIserverRecvBuf\fR, but applies to the size +of the buffer used when sending SNMP responses. +.SH MIB HANDLING +.IP "mibdirs DIRLIST" +specifies a list of directories to search for MIB files. +This operates in the same way as the \fB-M\fR option - +see \fIsnmpcmd(1)\fR for details. +Note that this value can be overridden by the +.B MIBDIRS +environment variable, and the \fB-M\fR option. +.IP "mibs MIBLIST" +specifies a list of MIB modules (not files) that should be loaded. +This operates in the same way as the \fB-m\fR option - +see \fIsnmpcmd(1)\fR for details. +Note that this list can be overridden by the +.B MIBS +environment variable, and the \fB-m\fR option. +.IP "mibfile FILE" +specifies a (single) MIB file to load, in addition to the +list read from the \fImibs\fR token (or equivalent configuration). +Note that this value can be overridden by the +.B MIBFILES +environment variable. +.IP "showMibErrors (1|yes|true|0|no|false)" +whether to display MIB parsing errors. +.IP "strictCommentTerm (1|yes|true|0|no|false)" +whether MIB parsing should be strict about comment termination. +Many MIB writers assume that ASN.1 comments extend to the end of +the text line, rather than being terminated by the next "--" token. +This token can be used to accept such (strictly incorrect) MIBs. +.br +Note that this directive is poorly named, since a value of "true" +will turn \fIoff\fP the strict interpretation of MIB comments. +.IP "mibAllowUnderline (1|yes|true|0|no|false)" +whether to allow underline characters in MIB object names and +enumeration values. +This token can be used to accept such (strictly incorrect) MIBs. +.IP "mibWarningLevel INTEGER" +the minimum warning level of the warnings printed by the MIB parser. +.SH OUTPUT CONFIGURATION +.IP "logTimestamp (1|yes|true|0|no|false)" +Whether the commands should log timestamps with their error/message +logging or not. Note that output will not look as pretty with +timestamps if the source code that is doing the logging does +incremental logging of messages that are not line buffered before +being passed to the logging routines. This option is only used when file logging is active. +.IP "printNumericEnums (1|yes|true|0|no|false)" +Equivalent to +.BR -Oe . +.IP "printNumericOids (1|yes|true|0|no|false)" +Equivalent to +.BR -On . +.IP "dontBreakdownOids (1|yes|true|0|no|false)" +Equivalent to +.BR -Ob . +.IP "escapeQuotes (1|yes|true|0|no|false)" +Equivalent to +.BR -OE . +.IP "quickPrinting (1|yes|true|0|no|false)" +Equivalent to +.BR -Oq . +.IP "printValueOnly (1|yes|true|0|no|false)" +Equivalent to +.BR -Ov . +.IP "dontPrintUnits (1|yes|true|0|no|false)" +Equivalent to +.BR -OU . +.IP "numericTimeticks (1|yes|true|0|no|false)" +Equivalent to +.BR -Ot . +.IP "printHexText (1|yes|true|0|no|false)" +Equivalent to +.BR -OT . +.IP "hexOutputLength integer" +Specifies where to break up the output of hexadecimal strings. +Set to 0 to disable line breaks. Defaults to 16. +.IP "suffixPrinting (0|1|2)" +The value 1 is equivalent to +.B -Os +and the value 2 is equivalent to +.BR -OS . +.IP "oidOutputFormat (1|2|3|4|5|6)" +Maps -O options as follow: -Os=1, -OS=2, -Of=3, -On=4, -Ou=5. +The value 6 has no matching -O option. It suppresses output. +.IP "extendedIndex (1|yes|true|0|no|false)" +Equivalent to +.BR -OX . +.IP "noDisplayHint (1|yes|true|0|no|false)" +Disables the use of DISPLAY-HINT information when parsing indices and +values to set. Equivalent to +.BR -Ih . +.SH FILES +SYSCONFDIR/snmp/snmp.conf, +SYSCONFDIR/snmp/snmp.local.conf - common configuration settings +.br +~/.snmp/snmp.conf - user-specific configuration settings +.SH "SEE ALSO" +snmp_config(5), read_config(3), snmpcmd(1). +.\" Local Variables: +.\" mode: nroff +.\" End: |