summaryrefslogtreecommitdiff
path: root/man/snmptrapd.conf.5.def
diff options
context:
space:
mode:
Diffstat (limited to 'man/snmptrapd.conf.5.def')
-rw-r--r--man/snmptrapd.conf.5.def262
1 files changed, 262 insertions, 0 deletions
diff --git a/man/snmptrapd.conf.5.def b/man/snmptrapd.conf.5.def
new file mode 100644
index 0000000..afed2b3
--- /dev/null
+++ b/man/snmptrapd.conf.5.def
@@ -0,0 +1,262 @@
+.TH SNMPTRAPD.CONF 5 "29 Jun 2005" VVERSIONINFO "Net-SNMP"
+.UC 4
+.SH NAME
+snmptrapd.conf - configuration file for the Net-SNMP notification receiver
+.SH DESCRIPTION
+The Net-SNMP notification receiver (trap daemon) uses one or more
+configuration files to control its operation and how incoming traps
+(and INFORM requests) should be processed.
+This file (\fBsnmptrapd.conf\fR) can be located in
+one of several locations, as described in the
+.I snmp_config(5)
+manual page.
+.SH IMPORTANT
+Previously,
+.B snmptrapd
+would accept all incoming notifications, and log them automatically
+(even if no explicit configuration was provided).
+Starting with release 5.3, access control checks will be applied to
+incoming notifications. If
+.B snmptrapd
+is run without a suitable configuration file (or equivalent access
+control settings), then such traps \fBWILL NOT\fR
+be processed.
+See the section \fBACCESS CONTROL\fR for more details.
+.PP
+As with the agent configuration, the
+.I snmptrapd.conf
+directives can be divided into four distinct groups.
+.SH TRAPD BEHAVIOUR
+.IP "snmpTrapdAddr [<transport-specifier>:]<transport-address>[,...]"
+defines a list of listening addresses, on which to receive
+incoming SNMP notifications.
+See the section
+.B LISTENING ADDRESSES
+in the
+.I snmpd(8)
+manual page for more information about the format of listening
+addresses.
+.IP
+The default behaviour is to
+listen on UDP port 162 on all IPv4 interfaces.
+.IP "doNotRetainNotificationLogs yes"
+disables support for the NOTIFICATION-LOG-MIB.
+Normally the snmptrapd program keeps a record of the traps
+received, which can be retrieved by querying
+the \fCnlmLogTable\fR and \fCnlmLogvariableTable\fR tables.
+This directive can be used to suppress this behaviour.
+.IP
+See the
+.I snmptrapd(8)
+manual page and the NOTIFICATION-LOG-MIB for details.
+.IP "doNotLogTraps yes"
+disables the logging of notifications altogether.
+This is useful if the \fBsnmptrapd\fR application should
+only run traphandle hooks and should not log traps to any location.
+.IP "doNotFork yes"
+do not fork from the calling shell.
+.IP "pidFile PATH"
+defines a file in which to store the process ID of the
+notification receiver. By default, this ID is not saved.
+.SH ACCESS CONTROL
+Starting with release 5.3, it is necessary to explicitly specify
+who is authorised to send traps and informs to the notification
+receiver (and what types of processing these are allowed to trigger).
+This uses an extension of the VACM model, used in the main SNMP agent.
+.PP
+There are currently three types of processing that can be specified:
+.RS
+.IP "log"
+log the details of the notification - either in a specified file,
+to standard output (or stderr), or via \fIsyslog\fR (or similar).
+.IP "execute"
+pass the details of the trap to a specified handler program, including
+embedded perl.
+.IP "net"
+forward the trap to another notification receiver.
+.RE
+.PP
+In the following directives, \fITYPES\fR will be a (comma-separated)
+list of one or more of these tokens. Most commonly, this will
+typically be \fIlog,execute,net\fR to cover any style of processing
+for a particular category of notification. But it is perfectly
+possible (even desirable) to limit certain notification sources to
+selected processing only.
+.IP "authCommunity TYPES COMMUNITY [SOURCE [OID | -v VIEW ]]"
+authorises traps (and SNMPv2c INFORM requests) with the specified
+community to trigger the types of processing listed.
+By default, this will allow any notification using this community
+to be processed. The SOURCE field can be used to specify that the
+configuration should only apply to notifications received from
+particular sources - see \fIsnmpd.conf(5)\fR for more details.
+.IP "authUser TYPES [-s MODEL] USER [LEVEL [OID | -v VIEW ]]"
+authorises SNMPv3 notifications with the specified
+user to trigger the types of processing listed.
+By default, this will accept authenticated requests.
+(\fIauthNoPriv\fR or \fIauthPriv\fR). The LEVEL field can
+be used to allow unauthenticated notifications (\fInoauth\fR),
+or to require encryption (\fIpriv\fR), just as for the SNMP agent.
+.IP
+With both of these directives, the OID (or \fI-v VIEW\fR) field
+can be used to retrict this configuration to the processing of
+particular notifications.
+.RS
+.IP "Note:"
+Unlike the VACM processing described in RFC 3415, this view is
+\fBonly\fR matched against the \fCsnmpTrapOID\fR value of the
+incoming notification. It is not applied to the payload varbinds
+held within that notification.
+.RE
+.IP "authGroup TYPES [-s MODEL] GROUP [LEVEL [OID | -v VIEW ]]"
+.IP "authAccess TYPES [-s MODEL] GROUP VIEW [LEVEL [CONTEXT]]"
+.IP "setAccess GROUP CONTEXT MODEL LEVEL PREFIX VIEW TYPES"
+authorise notifications in the specified GROUP
+(configured using the \fIgroup\fR directive)
+to trigger the types of processing listed.
+See \fIsnmpd.conf(5)\fR for more details.
+.IP "createUser username (MD5|SHA) authpassphrase [DES|AES]"
+See the
+.I snmpd.conf(5)
+manual page for a description of how to create SNMPv3 users. This
+is roughly the same, but the file name changes to snmptrapd.conf from
+snmpd.conf.
+.IP "disableAuthorization yes"
+will disable the above access control checks, and revert to the
+previous behaviour of accepting all incoming notifications.
+.IP
+.\" XXX - Explain why this is a Bad Idea
+.\"
+.SH LOGGING
+.IP "format1 FORMAT"
+.IP "format2 FORMAT"
+specify the format used to display SNMPv1 TRAPs and SNMPv2
+notifications respectively. Note that SNMPv2c and SNMPv3
+both use the same SNMPv2 PDU format.
+.IP
+See
+.IR snmptrapd(8)
+for the layout characters available.
+.IP "ignoreAuthFailure yes"
+instructs the receiver to ignore \fIauthenticationFailure\fR traps.
+.RS
+.IP Note:
+This currently only affects the logging of such notifications.
+\fIauthenticationFailure\fR traps will still be passed to trap
+handler scripts, and forwarded to other notification receivers.
+This behaviour should not be relied on, as it is likely
+to change in future versions.
+.RE
+.IP "logOption string"
+specifies where notifications should be logged - to standard
+output, standard error, a specified file or via \fIsyslog\fR.
+See the section LOGGING OPTIONS in the
+\fIsnmpcmd(1)\fR manual page for details.
+.IP "outputOption string"
+specifies various characteristics of how OIDs and other values
+should be displayed.
+See the section OUTPUT OPTIONS in the
+\fIsnmpcmd(1)\fR manual page for details.
+.IP "printEventNumbers yes"
+enables specialised logging of event-related notifications from
+the (long obsolete) M2M-MIB.
+.\"
+.\" XXX - CHECK EXACTLY WHICH TRAPS
+.\" XXX - THIS FEELS OBSOLETE TO ME!
+.\"
+.SH NOTIFICATION PROCESSING
+As well as logging incoming notifications, they can also
+be forwarded on to another notification receiver, or passed
+to an external program for specialised processing.
+.IP "traphandle OID|default PROGRAM [ARGS ...]"
+invokes the specified program (with the given arguments) whenever a
+notification is received that matches the OID token. For SNMPv2c and
+SNMPv3 notifications, this token will be compared against the
+\fCsnmpTrapOID\fR value taken from the notification. For SNMPv1 traps,
+the generic and specific trap values and the enterprise OID will be
+converted into the equivalent OID (following RFC 2576).
+.IP
+Typically, the OID token will be the name (or numeric OID) of a
+NOTIFICATION-TYPE object, and the specified program will be invoked for
+notifications that match this OID exactly. However this token also
+supports a simple form of wildcard suffixing. By appending the character
+'*' to the OID token, the corresponding program will be invoked for any
+notification based within subtree rooted at the specified OID.
+For example, an OID token of \fC.1.3.6.1.4.1*\fP would match any enterprise
+specific notification (including the specified OID itself).
+An OID token of \fC.1.3.6.1.4.1.*\fP would would work in much the same way,
+but would not match this exact OID - just notifications that lay strictly
+below this root.
+Note that this syntax does not support full regular expressions or
+wildcards - an OID token of the form \fCoid.*.subids\fR is \fBnot\fC valid.
+.IP
+If the OID field is the token \fIdefault\fR then the program will be
+invoked for any notification not matching another (OID specific)
+\fItraphandle\fR entry.
+.PP
+Details of the notification are fed to the program via its standard input.
+Note that this will always use the SNMPv2-style notification format, with
+SNMPv1 traps being converted as per RFC 2576, before being passed to the
+program.
+The input format is as follows, one entry per line:
+.RS
+.IP HOSTNAME
+The name of the host that sent the notification, as determined by
+.IR gethostbyaddr(3) .
+.br
+.IP IPADDRESS
+The IP address of the host that sent the notification.
+.\"
+.\" XXX - What about non-IPv4 transports?
+.\"
+.IP VARBINDS
+A list of variable bindings describing the contents of the notification,
+one per line. The first token on each line (up until a space) is the
+OID of the varind, and the remainder of the line is its value.
+The format of both of these are controlled by the \fIoutputOption\fR
+directive (or similar configuration).
+.IP
+The first OID should always be \fCSNMPv2-MIB::sysUpTime.0\fR,
+and the second should be \fCSNMPv2-MIB::snmpTrapOID.0\fR.
+The remaining lines will contain the payload varbind list.
+For SNMPv1 traps, the final OID will be \fCSNMPv2-MIB::snmpTrapEnterprise.0\fR.
+.br
+.IP Example:
+A \fBtraptoemail\fR script has been included in the Net-SNMP package that
+can be used within a \fItraphandle\fR directive:
+.br
+.RS
+.P
+traphandle default /usr/bin/perl BINDIR/traptoemail -s mysmtp.somewhere.com -f admin@somewhere.com me@somewhere.com
+.RE
+.RE
+.IP "forward OID|default DESTINATION"
+forwards notifications that match the specified OID
+to another receiver listening on DESTINATION.
+The interpretation of OID (and \fIdefault\fR) is the same
+as for the \fItraphandle\fR directive).
+.IP
+See the section
+.B LISTENING ADDRESSES
+in the
+.I snmpd(8)
+manual page for more information about the format of listening
+addresses.
+.RE
+.SH NOTES
+.IP o
+The daemon blocks while executing the \fItraphandle\fR commands.
+(This should
+be fixed in the future with an appropriate signal catch and wait()
+combination).
+.IP o
+All directives listed with a value of "yes" actually accept a range
+of boolean values. These will accept any of \fI1\fR, \fIyes\fR or
+\fItrue\fR to enable the corresponding behaviour,
+or any of \fI0\fR, \fIno\fR or \fIfalse\fR to disable it.
+The default in each case is for the feature to be turned off, so these
+directives are typically only used to enable the appropriate behaviour.
+.SH FILES
+SYSCONFDIR/snmp/snmptrapd.conf
+.SH "SEE ALSO"
+snmp_config(5), snmptrapd(8), syslog(8), variables(5), snmpd.conf(5), read_config(3).
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-18 07:25:56 +0000