OpenCores
URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [rtos/] [ecos-2.0/] [doc/] [html/] [ref/] [net-snmp-agent-manpages-snmpd.conf.html] - Blame information for rev 174

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 28 unneback
<!-- Copyright (C) 2003 Red Hat, Inc.                                -->
2
<!-- This material may be distributed only subject to the terms      -->
3
<!-- and conditions set forth in the Open Publication License, v1.0  -->
4
<!-- or later (the latest version is presently available at          -->
5
<!-- http://www.opencontent.org/openpub/).                           -->
6
<!-- Distribution of the work or derivative of the work in any       -->
7
<!-- standard (paper) book form is prohibited unless prior           -->
8
<!-- permission is obtained from the copyright holder.               -->
9
<HTML
10
><HEAD
11
><TITLE
12
>snmpd.conf</TITLE
13
><meta name="MSSmartTagsPreventParsing" content="TRUE">
14
<META
15
NAME="GENERATOR"
16
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
17
"><LINK
18
REL="HOME"
19
TITLE="eCos Reference Manual"
20
HREF="ecos-ref.html"><LINK
21
REL="UP"
22
TITLE="SNMP for eCos"
23
HREF="net-snmp-ecos-port.html"><LINK
24
REL="PREVIOUS"
25
TITLE="MIB Compiler "
26
HREF="net-snmp-mib-compiler.html"><LINK
27
REL="NEXT"
28
TITLE="Embedded HTTP Server"
29
HREF="net-httpd.html"></HEAD
30
><BODY
31
CLASS="SECT1"
32
BGCOLOR="#FFFFFF"
33
TEXT="#000000"
34
LINK="#0000FF"
35
VLINK="#840084"
36
ALINK="#0000FF"
37
><DIV
38
CLASS="NAVHEADER"
39
><TABLE
40
SUMMARY="Header navigation table"
41
WIDTH="100%"
42
BORDER="0"
43
CELLPADDING="0"
44
CELLSPACING="0"
45
><TR
46
><TH
47
COLSPAN="3"
48
ALIGN="center"
49
>eCos Reference Manual</TH
50
></TR
51
><TR
52
><TD
53
WIDTH="10%"
54
ALIGN="left"
55
VALIGN="bottom"
56
><A
57
HREF="net-snmp-mib-compiler.html"
58
ACCESSKEY="P"
59
>Prev</A
60
></TD
61
><TD
62
WIDTH="80%"
63
ALIGN="center"
64
VALIGN="bottom"
65
>Chapter 47. SNMP for <SPAN
66
CLASS="emphasis"
67
><I
68
CLASS="EMPHASIS"
69
>eCos</I
70
></SPAN
71
></TD
72
><TD
73
WIDTH="10%"
74
ALIGN="right"
75
VALIGN="bottom"
76
><A
77
HREF="net-httpd.html"
78
ACCESSKEY="N"
79
>Next</A
80
></TD
81
></TR
82
></TABLE
83
><HR
84
ALIGN="LEFT"
85
WIDTH="100%"></DIV
86
><DIV
87
CLASS="SECT1"
88
><H1
89
CLASS="SECT1"
90
><A
91
NAME="NET-SNMP-AGENT-MANPAGES-SNMPD.CONF">snmpd.conf</H1
92
><TABLE
93
BORDER="5"
94
BGCOLOR="#E0E0F0"
95
WIDTH="70%"
96
><TR
97
><TD
98
><PRE
99
CLASS="SCREEN"
100
>SNMPD.CONF(5)                                       SNMPD.CONF(5)
101
 
102
 
103
 
104
NAME
105
       share/snmp/snmpd.conf  -  configuration  file for the ucd-
106
       snmp SNMP agent.
107
 
108
DESCRIPTION
109
       snmpd.conf is the configuration file which defines how the
110
       ucd-smnp SNMP agent operates.  These files may contain any
111
       of the directives found in the DIRECTIVES  section  below.
112
       This  file  is  not  required for the agent to operate and
113
       report mib entries.
114
 
115
PLEASE READ FIRST
116
       First, make sure you have read the  snmp_config(5)  manual
117
       page  that  describes how the ucd-snmp configuration files
118
       operate, where they are located  and  how  they  all  work
119
       together.
120
 
121
EXTENSIBLE-MIB
122
       The  ucd-snmp  SNMP  agent reports much of its information
123
       through queries to the 1.3.6.1.4.1.2021 section of the mib
124
       tree.   Every  mib in this section has the following table
125
       entries in it.
126
 
127
       .1 -- index
128
              This is the table's index numbers for each  of  the
129
              DIRECTIVES listed below.
130
 
131
       .2 -- name
132
              The  name of the given table entry.  This should be
133
              unique, but is not required to be.
134
 
135
       .100 -- errorFlag
136
              This is a flag returning either the integer value 1
137
              or  0 if an error is detected for this table entry.
138
 
139
       .101 -- errorMsg
140
              This is a DISPLAY-STRING describing any error trig-
141
              gering the errorFlag above.
142
 
143
       .102 -- errorFix
144
              If  this entry is SNMPset to the integer value of 1
145
              AND the errorFlag defined above is indeed  a  1,  a
146
              program  or script will get executed with the table
147
              entry name from above as the argument.  The program
148
              to  be  executed is configured in the config.h file
149
              at compile time.
150
 
151
   Directives
152
       proc NAME
153
 
154
       proc NAME MAX
155
 
156
       proc NAME MAX MIN
157
 
158
              Checks to see if the NAME'd processes  are  running
159
              on  the  agent's  machine.  An error flag (1) and a
160
              description  message  are  then   passed   to   the
161
              1.3.6.1.4.1.2021.2.100  and  1.3.6.1.4.1.2021.2.101
162
              mib tables (respectively) if the NAME'd program  is
163
              not  found  in  the  process  table  as reported by
164
              "/bin/ps -e".
165
 
166
              If MAX and MIN are not specified, MAX is assumed to
167
              be infinity and MIN is assumed to be 1.
168
 
169
              If  MAX  is specified but MIN is not specified, MIN
170
              is assumed to be 0.
171
 
172
       procfix NAME PROG ARGS
173
              This registers a command  that  knows  how  to  fix
174
              errors   with   the   given   process  NAME.   When
175
              1.3.6.1.4.1.2021.2.102 for a given NAMEd program is
176
              set to the integer value of 1, this command will be
177
              called.  It defaults to a compiled value set  using
178
              the PROCFIXCMD definition in the config.h file.
179
 
180
       exec NAME PROG ARGS
181
 
182
       exec MIBNUM NAME PROG ARGS
183
 
184
              If  MIBNUM is not specified, the agent executes the
185
              named PROG with arguments of ARGS and  returns  the
186
              exit status and the first line of the STDOUT output
187
              of   the   PROG   program   to   queries   of   the
188
              1.3.6.1.4.1.2021.8.100  and  1.3.6.1.4.1.2021.8.101
189
              mib  tables  (respectively).   All  STDOUT   output
190
              beyond the first line is silently truncated.
191
 
192
              If  MIBNUM  is  specified,  it  acts  as  above but
193
              returns the exit status  to  MIBNUM.100.0  and  the
194
              entire  STDOUT  output to the table MIBNUM.101 in a
195
              mib table.  In this case, the MIBNUM.101  mib  con-
196
              tains the entire STDOUT output, one mib table entry
197
              per line of output (ie, the first line is output as
198
              MIBNUM.101.1,  the second at MIBNUM.101.2, etc...).
199
 
200
              Note:  The MIBNUM must be specified in dotted-inte-
201
                     ger  notation  and  can  not be specified as
202
                     ".iso.org.dod.internet..."  (should  instead
203
                     be
204
 
205
              Note:  The  agent caches the exit status and STDOUT
206
                     of the executed program for 30 seconds after
207
                     the  initial  query.   This  is  to increase
208
                     speed and maintain consistency  of  informa-
209
                     tion  for  consecutive  table  queries.  The
210
                     cache can be flushed by a  snmp-set  request
211
                     of  integer(1)  to 1.3.6.1.4.1.2021.100.VER-
212
                     CLEARCACHE.
213
 
214
       execfix NAME PROG ARGS
215
              This registers a command  that  knows  how  to  fix
216
              errors  with  the  given  exec  or  sh  NAME.  When
217
              1.3.6.1.4.1.2021.8.102 for a given NAMEd  entry  is
218
              set to the integer value of 1, this command will be
219
              called.  It defaults to a compiled value set  using
220
              the EXECFIXCMD definition in the config.h file.
221
 
222
       disk PATH
223
 
224
       disk PATH [ MINSPACE | MINPERCENT% ]
225
 
226
              Checks  the  named disks mounted at PATH for avail-
227
              able disk space.  If the disk space  is  less  than
228
              MINSPACE  (kB) if specified or less than MINPERCENT
229
              (%) if a  %  sign  is  specified,  or  DEFDISKMINI-
230
              MUMSPACE  (kB)  if  not  specified,  the associated
231
              entry in the 1.3.6.1.4.1.2021.9.100 mib table  will
232
              be  set to (1) and a descriptive error message will
233
              be returned to queries of 1.3.6.1.4.1.2021.9.101.
234
 
235
       load MAX1
236
 
237
       load MAX1 MAX5
238
 
239
       load MAX1 MAX5 MAX15
240
 
241
              Checks the load average of the machine and  returns
242
              an error flag (1), and an text-string error message
243
              to   queries   of    1.3.6.1.4.1.2021.10.100    and
244
              1.3.6.1.4.1.2021.10.101   (respectively)  when  the
245
              1-minute, 5-minute, or  15-minute  averages  exceed
246
              the associated maximum values.  If any of the MAX1,
247
              MAX5, or MAX15 values are unspecified, they default
248
              to a value of DEFMAXLOADAVE.
249
 
250
       file FILE [MAXSIZE]
251
              Monitors  file sizes and makes sure they don't grow
252
              beyond a certain size.  MAXSIZE defaults  to  infi-
253
              nite  if  not specified, and only monitors the size
254
              without reporting errors about it.
255
 
256
   Errors
257
       Any errors in obtaining the above information are reported
258
       via    the    1.3.6.1.4.1.2021.101.100    flag   and   the
259
       1.3.6.1.4.1.2021.101.101 text-string description.
260
 
261
SMUX SUB-AGENTS
262
       To enable and SMUX based sub-agent, such as gated, use the
263
       smuxpeer configuration entry
264
 
265
       smuxpeer OID PASS
266
              For gated a sensible entry might be
267
 
268
       .1.3.6.1.4.1.4.1.3 secret
269
 
270
ACCESS CONTROL
271
       snmpd  supports the View-Based Access Control Model (vacm)
272
       as defined in RFC 2275.  To this end,  it  recognizes  the
273
       following  keywords  in  the  configuration file: com2sec,
274
       group, access, and view  as  well  as  some  easier-to-use
275
       wrapper   directives:  rocommunity,  rwcommunity,  rouser,
276
       rwuser.
277
 
278
       rocommunity COMMUNITY [SOURCE] [OID]
279
 
280
       rwcommunity COMMUNITY [SOURCE] [OID]
281
              These create read-only and  read-write  communities
282
              that  can  be used to access the agent.  They are a
283
              quick method of using the following com2sec, group,
284
              access,  and view directive lines.  They are not as
285
              efficient either, as groups aren't created  so  the
286
              tables  are possibly larger.  In other words: don't
287
              use these if you have complex situations to set up.
288
 
289
              The  format  of the SOURCE is token is described in
290
              the com2sec directive section below.  The OID token
291
              restricts  access  for that community to everything
292
              below that given OID.
293
 
294
       rouser USER [noauth|auth|priv] [OID]
295
 
296
       rwuser USER [noauth|auth|priv] [OID]
297
              Creates a  SNMPv3  USM  user  in  the  VACM  access
298
              configuration  tables.   Again,  its more efficient
299
              (and powerful) to use the combined com2sec,  group,
300
              access, and view directives instead.
301
 
302
              The minimum level of authentication and privacy the
303
              user must use  is  specified  by  the  first  token
304
              (which  defaults  to  "auth").   The  OID parameter
305
              restricts access for that user to everything  below
306
              the given OID.
307
 
308
       com2sec NAME SOURCE COMMUNITY
309
              This   directive   specifies  the  mapping  from  a
310
              source/community pair to a  security  name.  SOURCE
311
              can be a hostname, a subnet, or the word "default".
312
              A subnet can be specified as  IP/MASK  or  IP/BITS.
313
              The first source/community combination that matches
314
              the incoming packet is selected.
315
 
316
       group NAME MODEL SECURITY
317
              This directive defines the mapping  from  security-
318
              model/securityname  to  group.  MODEL is one of v1,
319
              v2c, or usm.
320
 
321
       access NAME CONTEXT MODEL LEVEL PREFX READ WRITE NOTIFY
322
              The  access  directive  maps  from   group/security
323
              model/security  level  to  a view.  MODEL is one of
324
              any, v1, v2c, or usm.   LEVEL  is  one  of  noauth,
325
              auth,  or priv.  PREFX specifies how CONTEXT should
326
              be matched against the context of the incoming pdu,
327
              either  exact  or  prefix.   READ, WRITE and NOTIFY
328
              specifies the view to be used for the corresponding
329
              access.   For  v1  or  v2c  access,  LEVEL  will be
330
              noauth, and CONTEXT will be empty.
331
 
332
       view NAME TYPE SUBTREE [MASK]
333
              The defines the named view. TYPE is either included
334
              or  excluded.   MASK is a list of hex octets, sepa-
335
              rated by '.' or ':'.  The MASK defaults to "ff"  if
336
              not specified.
337
 
338
              The  reason  for the mask is, that it allows you to
339
              control access to one row in a table,  in  a  rela-
340
              tively  simple  way.  As  an example, as an ISP you
341
              might consider giving each customer access  to  his
342
              or her own interface:
343
 
344
              view cust1 included interfaces.ifTable.ifEntry.ifIndex.1 ff.a0
345
              view cust2 included interfaces.ifTable.ifEntry.ifIndex.2 ff.a0
346
 
347
              (interfaces.ifTable.ifEntry.ifIndex.1 == .1.3.6.1.2.1.2.2.1.1.1,
348
              ff.a0 == 11111111.10100000. which nicely covers up and including
349
              the row index, but lets the user vary the field of the row)
350
 
351
       VACM Examples:
352
              #       sec.name  source          community
353
              com2sec local     localhost       private
354
              com2sec mynet     10.10.10.0/24   public
355
              com2sec public    default         public
356
 
357
              #             sec.model  sec.name
358
              group mygroup v1         mynet
359
              group mygroup v2c        mynet
360
              group mygroup usm        mynet
361
              group local   v1         local
362
              group local   v2c        local
363
              group local   usm        local
364
              group public  v1         public
365
              group public  v2c        public
366
              group public  usm        public
367
 
368
              #           incl/excl subtree                          mask
369
              view all    included  .1                               80
370
              view system included  system                           fe
371
              view mib2   included  .iso.org.dod.internet.mgmt.mib-2 fc
372
 
373
              #              context sec.model sec.level prefix read   write notify
374
              access mygroup ""      any       noauth    exact  mib2   none  none
375
              access public  ""      any       noauth    exact  system none  none
376
              access local   ""      any       noauth    exact  all    all   all
377
 
378
       Default VACM model
379
              The default configuration of the agent, as shipped, is functionally
380
              equivalent to the following entries:
381
              com2sec   public    default   public
382
              group     public    v1   public
383
              group     public    v2c  public
384
              group     public    usm  public
385
              view      all  included  .1
386
              access    public    ""   any  noauth    exact     all  none none
387
 
388
SNMPv3 CONFIGURATION
389
       engineID STRING
390
              The  snmpd  agent  needs  to  be configured with an
391
              engineID to be able to respond to SNMPv3  messages.
392
              With  this  configuration  file  line, the engineID
393
              will be configured from STRING.  The default  value
394
              of  the  engineID  is  configured with the first IP
395
              address found for the hostname of the machine.
396
 
397
       createUser username (MD5|SHA) authpassphrase [DES]  [priv-
398
       passphrase]
399
              This directive should be placed into the "/var/ucd-
400
              snmp"/snmpd.conf  file  instead of the other normal
401
              locations.  The reason is that the  information  is
402
              read  from  the  file  and then the line is removed
403
              (eliminating the storage of the master password for
404
              that  user)  and  replaced  with  the  key  that is
405
              derived from it.  This key is a localized  key,  so
406
              that  if  it is stolen it can not be used to access
407
              other agents.  If the password is stolen,  however,
408
              it can be.
409
 
410
              MD5  and  SHA  are the authentication types to use,
411
              but you must have built the  package  with  openssl
412
              installed  in  order  to use SHA.  The only privacy
413
              protocol currently supported is DES.  If  the  pri-
414
              vacy  passphrase is not specified, it is assumed to
415
              be the same as the authentication passphrase.  Note
416
              that  the users created will be useless unless they
417
              are also added to the VACM  access  control  tables
418
              described above.
419
 
420
              Warning:  the minimum pass phrase length is 8 char-
421
              acters.
422
 
423
              SNMPv3 users can be created at  runtime  using  the
424
              snmpusm command.
425
 
426
 
427
SETTING SYSTEM INFORMATION
428
       syslocation STRING
429
 
430
       syscontact STRING
431
 
432
              Sets the system location and the system contact for
433
              the agent.  This information  is  reported  by  the
434
              'system' table in the mibII tree.
435
 
436
       authtrapenable NUMBER
437
              Setting  authtrapenable  to 1 enables generation of
438
              authentication failure traps. The default value  is
439
              2 (disable).
440
 
441
       trapcommunity STRING
442
              This  defines  the  default  community string to be
443
              used when sending traps.  Note  that  this  command
444
              must  be  used  prior to any of the following three
445
              commands  that  are  intended  use  this  community
446
              string.
447
 
448
       trapsink HOST [COMMUNITY [PORT]]
449
 
450
       trap2sink HOST [COMMUNITY [PORT]]
451
 
452
       informsink HOST [COMMUNITY [PORT]]
453
              These  commands  define  the hosts to receive traps
454
              (and/or inform notifications). The daemon  sends  a
455
              Cold  Start  trap when it starts up. If enabled, it
456
              also sends traps on authentication failures.   Mul-
457
              tiple  trapsink, trap2sink and informsink lines may
458
              be specified to specify multiple destinations.  Use
459
              trap2sink  to  send  SNMPv2 traps and informsink to
460
              send inform notifications.   If  COMMUNITY  is  not
461
              specified,  the  string from a preceding trapcommu-
462
              nity directive will be used. If PORT is not  speci-
463
              fied,  the  well known SNMP trap port (162) will be
464
              used.
465
 
466
PASS-THROUGH CONTROL
467
       pass MIBOID EXEC
468
              Passes entire control of MIBOID to  the  EXEC  pro-
469
              gram.   The  EXEC  program  is called in one of the
470
              following three ways:
471
 
472
              EXEC -g MIBOID
473
 
474
              EXEC -n MIBOID
475
 
476
                     These call lines match to SNMP get and  get-
477
                     next requests.  It is expected that the EXEC
478
                     program will take the arguments passed to it
479
                     and  return the appropriate response through
480
                     it's stdout.
481
 
482
                     The first line of stdout should be  the  mib
483
                     OID of the returning value.  The second line
484
                     should be the TYPE of value returned,  where
485
                     TYPE  is  one  of  the text strings: string,
486
                     integer,  unsigned,   objectid,   timeticks,
487
                     ipaddress,  counter,  or  gauge.   The third
488
                     line of stdout should be  the  VALUE  corre-
489
                     sponding with the returned TYPE.
490
 
491
                     For  instance, if a script was to return the
492
                     value integer value "42" when a request  for
493
                     .1.3.6.1.4.100  was  requested,  the  script
494
                     should return the following 3 lines:
495
                       .1.3.6.1.4.100
496
                       integer
497
                       42
498
 
499
                     To indicate that the  script  is  unable  to
500
                     comply with the request due to an end-of-mib
501
                     condition or an invalid request, simple exit
502
                     and  return  no  output to stdout at all.  A
503
                     snmp error will be  generated  corresponding
504
                     to the SNMP NO-SUCH-NAME response.
505
 
506
              EXEC -s MIBOID TYPE VALUE
507
 
508
                     For SNMP set requests, the above call method
509
                     is used.  The TYPE passed to the  EXEC  pro-
510
                     gram  is  one  of the text strings: integer,
511
                     counter, gauge, timeticks, ipaddress, objid,
512
                     or  string,  indicating  the  type  of value
513
                     passed in the next argument.
514
 
515
                     Return nothing to stdout, and the  set  will
516
                     assumed to have been successful.  Otherwise,
517
                     return one of the following error strings to
518
                     signal an error: not-writable, or wrong-type
519
                     and the appropriate error response  will  be
520
                     generated instead.
521
 
522
                      Note:  By   default,   the  only  community
523
                             allowed to  write  (ie  snmpset)  to
524
                             your  script  will  be the "private"
525
                             community,or community #2 if defined
526
                             differently by the "community" token
527
                             discussed above.  Which  communities
528
                             are  allowed  write  access are con-
529
                             trolled by the RWRITE definition  in
530
                             the snmplib/snmp_impl.h source file.
531
 
532
EXAMPLE
533
       See the EXAMPLE.CONF file in the top level  source  direc-
534
       tory for a more detailed example of how the above informa-
535
       tion is used in real examples.
536
 
537
RE-READING snmpd.conf and snmpd.local.conf
538
       The ucd-snmp agent can be forced to re-read its configura-
539
       tion files.  It can be told to do so by one of two ways:
540
 
541
       1.     An       snmpset       of       integer(1)       to
542
              1.3.6.1.4.1.2021.100.VERUPDATECONFIG.
543
 
544
       2.     A "kill -HUP" signal sent to the snmpd  agent  pro-
545
              cess.
546
 
547
FILES
548
       share/snmp/snmpd.conf
549
 
550
SEE ALSO
551
       snmp_config(5), snmpd(1), EXAMPLE.conf, read_config(3).
552
 
553
 
554
 
555
                           27 Jan 2000              SNMPD.CONF(5)
556
    </PRE
557
></TD
558
></TR
559
></TABLE
560
></DIV
561
><DIV
562
CLASS="NAVFOOTER"
563
><HR
564
ALIGN="LEFT"
565
WIDTH="100%"><TABLE
566
SUMMARY="Footer navigation table"
567
WIDTH="100%"
568
BORDER="0"
569
CELLPADDING="0"
570
CELLSPACING="0"
571
><TR
572
><TD
573
WIDTH="33%"
574
ALIGN="left"
575
VALIGN="top"
576
><A
577
HREF="net-snmp-mib-compiler.html"
578
ACCESSKEY="P"
579
>Prev</A
580
></TD
581
><TD
582
WIDTH="34%"
583
ALIGN="center"
584
VALIGN="top"
585
><A
586
HREF="ecos-ref.html"
587
ACCESSKEY="H"
588
>Home</A
589
></TD
590
><TD
591
WIDTH="33%"
592
ALIGN="right"
593
VALIGN="top"
594
><A
595
HREF="net-httpd.html"
596
ACCESSKEY="N"
597
>Next</A
598
></TD
599
></TR
600
><TR
601
><TD
602
WIDTH="33%"
603
ALIGN="left"
604
VALIGN="top"
605
>MIB Compiler</TD
606
><TD
607
WIDTH="34%"
608
ALIGN="center"
609
VALIGN="top"
610
><A
611
HREF="net-snmp-ecos-port.html"
612
ACCESSKEY="U"
613
>Up</A
614
></TD
615
><TD
616
WIDTH="33%"
617
ALIGN="right"
618
VALIGN="top"
619
>Embedded HTTP Server</TD
620
></TR
621
></TABLE
622
></DIV
623
></BODY
624
></HTML
625
>

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.