Content-type: text/html
Manpage of SNMPCMD
SNMPCMD
Section: Net-SNMP (1)
Updated: 29 Jun 2005
Index
Return to Main Contents
NAME
snmpcmd - options and behaviour common to most of the Net-SNMP command-line tools
SYNOPSIS
snmpcmd
[OPTIONS] AGENT [PARAMETERS]
DESCRIPTION
This manual page describes the common options for the SNMP commands:
snmpbulkget, snmpbulkwalk, snmpdelta, snmpget,
snmpgetnext, snmpnetstat, snmpset, snmpstatus,
snmptable, snmptest, snmptrap,
snmpdf, snmpusm , snmpwalk .
The command line applications use the SNMP protocol to communicate
with an SNMP capable network entity, an agent. Individual
applications typically (but not necessarily) take additional
parameters that are given after the agent specification. These
parameters are documented in the manual pages for each application.
OPTIONS
- -3[MmKk] 0xHEXKEY
-
Sets the keys to be used for SNMPv3 transactions. These options allow
you to set the master authentication and encryption keys (-3m and -3M
respectively) or set the localized authentication and encryption keys
(-3k and -3K respectively). SNMPv3 keys can be either passed in by
hand using these flags, or by the use of keys generated from passwords
using the -A and -X flags discussed below. For further details on
SNMPv3 and its usage of keying information, see the Net-SNMP tutorial
web site ( http://www.Net-SNMP.org/tutorial-5/commands/ ).
Overrides the defAuthMasterKey (-3m), defPrivMasterKey (-3M),
defAuthLocalizedKey (-3k) or defPrivLocalizedKey (-3K) tokens, respectively,
in the
snmp.conf
file, see
snmp.conf(5).
- -a authProtocol
-
Set the authentication protocol (MD5 or SHA) used for authenticated SNMPv3
messages. Overrides the defAuthType token in the
snmp.conf
file.
- -A authPassword
-
Set the authentication pass phrase used for authenticated SNMPv3
messages. Overrides the defAuthPassphrase token in the
snmp.conf
file. It is insecure to specify pass phrases on the command line,
see
snmp.conf(5).
- -c community
-
Set the community string for SNMPv1/v2c transactions.
Overrides the defCommunity token in the
snmp.conf
file.
- -d
-
Dump (in hexadecimal) the raw SNMP packets sent and received.
- -D TOKEN[,...]
-
Turn on debugging output for the given
TOKEN(s).
Try
ALL
for extremely verbose output.
- -e engineID
-
Set the authoritative (security) engineID used for SNMPv3 REQUEST
messages. It is typically not necessary to specify this, as it will
usually be discovered automatically.
- -E engineID
-
Set the context engineID used for SNMPv3 REQUEST messages scopedPdu.
If not specified, this will default to the authoritative engineID.
- -h, --help
-
Display a brief usage message and then exit.
- -H
-
Display a list of configuration file directives understood by the
command and then exit.
- -I [brRhu]
-
Specifies input parsing options. See
INPUT OPTIONS
below.
- -l secLevel
-
Set the securityLevel used for SNMPv3 messages
(noAuthNoPriv|authNoPriv|authPriv). Appropriate pass phrase(s) must
provided when using any level higher than noAuthNoPriv.
Overrides the defSecurityLevel token in the
snmp.conf
file.
- -L [eEfFoOsS]
-
Specifies output logging options. See
LOGGING OPTIONS
below.
- -m MIBLIST
-
Specifies a colon separated list of MIB modules (not files) to load for
this application. This overrides (or augments) the environment variable
MIBS, the snmp.conf directive mibs, and the list of MIBs
hardcoded into the Net-SNMP library.
-
If
MIBLIST
has a leading '-' or '+' character, then the MIB modules listed are
loaded in addition to the default list, coming before or after
this list respectively.
Otherwise, the specified MIBs are loaded instead of this
default list.
-
The special keyword
ALL
is used to load all MIB modules in the MIB directory search list.
Every file whose name does not begin with "." will be parsed as
if it were a MIB file.
- -M DIRLIST
-
Specifies a colon separated list of directories to search for MIBs.
This overrides (or augments) the environment variable MIBDIRS,
the snmp.conf directive mibdirs, and the default
directory hardcoded into the Net-SNMP library
(/usr/local/share/snmp/mibs).
-
If
DIRLIST
has a leading '-' or '+' character, then the given directories are
added to the default list, being searched before or after the
directories on this list respectively.
Otherwise, the specified directories are searched instead
of this default list.
Note that the directories appearing later in the list have
have precedence over earlier ones.
To avoid searching any MIB directories, set the MIBDIRS
environment variable to the empty string ("").
Note that MIBs specified using the -m option or the mibs
configuration directive will be loaded from one of the directories
listed by the -M option (or equivalents).
The mibfile directive takes a full path to the specified MIB
file, so this does not need to be in the MIB directory search list.
- -n contextName
-
Set the contextName used for SNMPv3 messages. The default
contextName is the empty string "". Overrides the defContext token
in the
snmp.conf
file.
- -O [abeEfnqQsStTuUvxX]
-
Specifies output printing options. See
OUTPUT OPTIONS
below.
- -P [cdeRuwW]
-
Specifies MIB parsing options. See
MIB PARSING OPTIONS
below.
- -r retries
-
Specifies the number of retries to be used in the requests. The default
is 5.
- -t timeout
-
Specifies the timeout in seconds between retries. The default is 1.
Floating point numbers can be used to specify fractions of seconds.
- -u secName
-
Set the securityName used for authenticated SNMPv3 messages.
Overrides the defSecurityName token in the
snmp.conf
file.
- -v 1 | 2c | 3
-
Specifies the protocol version to use: 1 (RFCs 1155-1157), 2c (RFCs 1901-1908),
or 3 (RFCs 2571-2574). The default is typically version 3.
Overrides the defVersion token in the
snmp.conf
file.
- -V, --version
-
Display version information for the application and then exit.
- -x privProtocol
-
Set the privacy protocol (DES or AES) used for encrypted SNMPv3 messages.
Overrides the defPrivType token in the
snmp.conf
file. This option is only valid if the Net-SNMP software was build
to use OpenSSL.
- -X privPassword
-
Set the privacy pass phrase used for encrypted SNMPv3 messages.
Overrides the defPrivPassphrase token in the
snmp.conf
file.
It is insecure to specify pass phrases on the command line, see
snmp.conf(5).
- -Z boots,time
-
Set the engineBoots and engineTime used for authenticated SNMPv3
messages. This will initialize the local notion of the agents
boots/time with an authenticated value stored in the LCD.
It is typically not necessary to specify this option, as these values
will usually be discovered automatically.
- -Yname=value
-
- --name=value
-
Allows to specify any token ("name") supported in the
snmp.conf
file and sets its value to "value". Overrides the corresponding token in the
snmp.conf
file. See
snmp.conf(5)
for the full list of tokens.
AGENT SPECIFICATION
The string
AGENT
in the
SYNOPSIS
above specifies the remote SNMP entity with which to communicate.
This specification takes the form:
-
[<transport-specifier>:]<transport-address>
At its simplest, the
AGENT
specification may consist of a hostname, or an IPv4 address in the
standard "dotted quad" notation. In this case, communication will be
attempted using UDP/IPv4 to port 161 of the given host. Otherwise,
the <transport-address> part of the specification is parsed according
to the following table:
-
- <transport-specifier>
-
<transport-address> format
- udp
-
hostname[:port]
or
IPv4-address[:port]
- tcp
-
hostname[:port]
or
IPv4-address[:port]
- unix
-
pathname
- ipx
-
[network]:node[/port]
- aal5pvc or pvc
-
[interface.][VPI.]VCI
- udp6 or udpv6 or udpipv6
-
hostname[:port]
or
IPv6-address:port
or
'['IPv6-address']'[:port]
- tcp6 or tcpv6 or tcpipv6
-
hostname[:port]
or
IPv6-address:port
or
'['IPv6-address']'[:port]
Note that <transport-specifier> strings are case-insensitive so that,
for example, "tcp" and "TCP" are equivalent. Here are some examples,
along with their interpretation:
- hostname:161
-
perform query using UDP/IPv4 datagrams to
hostname
on port
161.
The ":161" is redundant here since that is the default SNMP port in
any case.
- udp:hostname
-
identical to the previous specification. The "udp:" is redundant here
since UDP/IPv4 is the default transport.
- TCP:hostname:1161
-
connect to
hostname
on port
1161
using TCP/IPv4 and perform query over that connection.
- ipx::00D0B7AAE308
-
perform query using IPX datagrams to node number
00D0B7AAE308
on the default network, and using the default IPX port of 36879 (900F
hexadecimal), as suggested in RFC 1906.
- ipx:0AE43409:00D0B721C6C0/1161
-
perform query using IPX datagrams to port
1161
on node number
00D0B721C6C0
on network number
0AE43409.
- unix:/tmp/local-agent
-
connect to the Unix domain socket
/tmp/local-agent,
and perform the query over that connection.
- /tmp/local-agent
-
identical to the previous specification, since the Unix domain is the
default transport iff the first character of the <transport-address>
is a '/'.
- alias:myname
-
perform a connection to the
myname
alias which needs to be defined in the snmp.conf file using a line
like "
alias myname udp:127.0.0.1:9161
". Any type of transport definition can be used as the alias expansion
parameter. Aliases are particularly useful for using repeated complex
transport strings.
- AAL5PVC:100
-
perform the query using AAL5 PDUs sent on the permanent virtual
circuit with VPI=0 and VCI=100 (decimal) on the first ATM adapter in the
machine.
- PVC:1.10.32
-
perform the query using AAL5 PDUs sent on the permanent virtual
circuit with VPI=10 (decimal) and VCI=32 (decimal) on the second ATM
adapter in the machine. Note that "PVC" is a synonym for "AAL5PVC".
- udp6:hostname:10161
-
perform the query using UDP/IPv6 datagrams to port
10161
on
hostname
(which will be looked up as an AAAA record).
- UDP6:[fe80::2d0:b7ff:fe21:c6c0]
-
perform the query using UDP/IPv6 datagrams to port 161 at address
fe80::2d0:b7ff:fe21:c6c0.
- tcpipv6:[::1]:1611
-
connect to port 1611 on the local host
(::1
in IPv6 parlance) using TCP/IPv6 and perform query over that connection.
- dtlsudp:hostname:9161
-
Connects using SNMP over DTLS/UDP as documented by the ISMS working group
(RFCs not yet published as of this date). This will require that the
TSM security model is in use (--defSecurityModel=tsm) and that the
defX509ServerCerts,
defX509ClientPriv,
and
defX509ClientPub
configuration tokens have been set.
- ssh:hostname:22
-
Connects using SNMP over SSH as documented by the ISMS working group
(RFCs not yet published as of this date). This will require that the
TSM security model is in use (--defSecurityModel=tsm).
Note that not all the transport domains listed above will always be
available; for instance, hosts with no IPv6 support will not be able
to use udp6 transport addresses, and attempts to do so will result in
the error "Unknown host". Likewise, since AAL5 PVC support is only
currently available on Linux, it will fail with the same error on
other platforms.
MIB PARSING OPTIONS
The Net-SNMP MIB parser mostly adheres to the Structure of Management
Information (SMI). As that specification has changed through time, and
in recognition of the (ahem) diversity in compliance expressed in MIB
files, additional options provide more flexibility in reading MIB files.
- -Pc
-
Toggles whether ASN.1 comments should extend to the end of the MIB
source line.
Strictly speaking, a second appearance of "--" should terminate the
comment, but this breaks some MIB files.
The default behaviour (to interpret comments correctly) can also
be set with the configuration token commentToEOL.
- -Pd
-
Disables the loading of MIB object DESCRIPTIONs when parsing MIB files.
This reduces the amount of memory used by the running application.
- -Pe
-
Toggles whether to show errors encountered when parsing MIB files.
These include
references to IMPORTed modules and MIB objects that cannot be
located in the MIB directory search list.
The default behaviour can also be set with the configuration token showMibErrors.
- -PR
-
If the same MIB object (parent name and sub-identifier) appears multiple
times in the list of MIB definitions loaded, use the last version to be
read in. By default, the first version will be used, and any duplicates
discarded.
This behaviour can also be set with the configuration token mibReplaceWithLatest.
Such ordering is normally only relevant if there are two MIB files with
conflicting object definitions for the same OID (or different revisions
of the same basic MIB object).
- -Pu
-
Toggles whether to allow the underline character in MIB object names
and other symbols.
Strictly speaking, this is not valid SMI syntax, but some vendor MIB
files define such names.
The default behaviour can also be set with the configuration token mibAllowUnderline.
- -Pw
-
Show various warning messages in parsing MIB files and building
the overall OID tree.
This can also be set with the configuration directive
mibWarningLevel 1
- -PW
-
Show some additional warning messages, mostly relating to parsing
individual MIB objects.
This can also be set with the configuration directive
mibWarningLevel 2
OUTPUT OPTIONS
The format of the output from SNMP commands can be controlled using
various parameters of the -O flag.
The effects of these sub-options can be seen by comparison with
the following default output (unless otherwise specified):
-
$ snmpget -c public -v 1 localhost sysUpTime.0
SNMPv2-MIB::sysUpTime.0 = Timeticks: (14096763) 1 day, 15:09:27.63
- -Oa
-
Display string values as ASCII strings (unless there is a
DISPLAY-HINT defined for the corresponding MIB object).
By default, the library attempts to determine whether the value is
a printable or binary string, and displays it accordingly.
This option does not affect objects that do have a Display Hint.
- -Ob
-
Display table indexes numerically, rather than trying to interpret
the instance subidentifiers as string or OID values:
-
$ snmpgetnext -c public -v 1 localhost vacmSecurityModel
SNMP-VIEW-BASED-ACM-MIB::vacmSecurityModel.0."wes" = xxx
$ snmpgetnext -c public -v 1 -Ob localhost vacmSecurityModel
SNMP-VIEW-BASED-ACM-MIB::vacmSecurityModel.0.3.119.101.115 = xxx
- -Oe
-
Removes the symbolic labels from enumeration values:
-
$ snmpget -c public -v 1 localhost ipForwarding.0
IP-MIB::ipForwarding.0 = INTEGER: forwarding(1)
$ snmpget -c public -v 1 -Oe localhost ipForwarding.0
IP-MIB::ipForwarding.0 = INTEGER: 1
- -OE
-
Modifies index strings to escape the quote characters:
-
$ snmpgetnext -c public -v 1 localhost vacmSecurityModel
SNMP-VIEW-BASED-ACM-MIB::vacmSecurityModel.0."wes" = xxx
$ snmpgetnext -c public -v 1 -OE localhost vacmSecurityModel
SNMP-VIEW-BASED-ACM-MIB::vacmSecurityModel.0.\"wes\" = xxx
-
This allows the output to be reused in shell commands.
- -Of
-
Include the full list of MIB objects when displaying an OID:
-
.iso.org.dod.internet.mgmt.mib-2.system.sysUpTime.0 =
-
Timeticks: (14096763) 1 day, 15:09:27.63
- -On
-
Displays the OID numerically:
.1.3.6.1.2.1.1.3.0 = Timeticks: (14096763) 1 day, 15:09:27.63
- -Oq
-
Removes the equal sign and type information when displaying varbind values:
SNMPv2-MIB::sysUpTime.0 1:15:09:27.63
- -OQ
-
Removes the type information when displaying varbind values:
SNMPv2-MIB::sysUpTime.0 = 1:15:09:27.63
- -Os
-
Display the MIB object name (plus any instance or other subidentifiers):
sysUpTime.0 = Timeticks: (14096763) 1 day, 15:09:27.63
- -OS
-
Display the name of the MIB, as well as the object name:
SNMPv2-MIB::sysUpTime.0 = Timeticks: (14096763) 1 day, 15:09:27.63
-
This is the default OID output format.
- -Ot
-
Display TimeTicks values as raw numbers:
SNMPv2-MIB::sysUpTime.0 = 14096763
- -OT
-
If values are printed as Hex strings,
display a printable version as well.
- -Ou
-
Display the OID in the traditional UCD-style (inherited from the original
CMU code).
That means removing a series of "standard" prefixes from the OID,
and displaying the remaining list of MIB object names
(plus any other subidentifiers):
system.sysUpTime.0 = Timeticks: (14096763) 1 day, 15:09:27.63
- -OU
-
Do not print the UNITS suffix at the end of the value.
- -Ov
-
Display the varbind value only, not the OID:
-
$ snmpget -c public -v 1 -Oe localhost ipForwarding.0
INTEGER: forwarding(1)
- -Ox
-
Display string values as Hex strings (unless there is a
DISPLAY-HINT defined for the corresponding MIB object).
By default, the library attempts to determine whether the value is
a printable or binary string, and displays it accordingly.
This option does not affect objects that do have a Display Hint.
- -OX
-
Display table indexes in a more "program like" output, imitating
a traditional array-style index format:
-
$ snmpgetnext -c public -v 1 localhost ipv6RouteTable
IPv6-MIB::ipv6RouteIfIndex.63.254.1.0.255.0.0.0.0.0.0.0.0.0.0.0.64.1 = INTEGER: 2
$ snmpgetnext -c public -v 1 -OE localhost ipv6RouteTable
IPv6-MIB::ipv6RouteIfIndex[3ffe:100:ff00:0:0:0:0:0][64][1] = INTEGER: 2
Most of these options can also be configured via configuration tokens.
See the
snmp.conf(5)
manual page for details.
LOGGING OPTIONS
The mechanism and destination to use for logging of warning and error
messages can be controlled by passing various parameters to the
-L
flag.
- -Le
-
Log messages to the standard error stream.
- -Lf FILE
-
Log messages to the specified file.
- -Lo
-
Log messages to the standard output stream.
- -Ls FACILITY
-
Log messages via syslog, using the specified facility
('d' for LOG_DAEMON, 'u' for LOG_USER,
or '0'-'7' for LOG_LOCAL0 through LOG_LOCAL7).
There are also "upper case" versions of each of these options, which
allow the corresponding logging mechanism to be restricted to certain
priorities of message. Using standard error logging as an example:
- -LE pri
-
will log messages of priority 'pri' and above to standard error.
- -LE p1-p2
-
will log messages with priority between 'p1' and 'p2' (inclusive) to
standard error.
For
-LF
and
-LS
the priority specification comes before the file or facility token.
The priorities recognised are:
-
0
or
!
for LOG_EMERG,
1
or
a
for LOG_ALERT,
2
or
c
for LOG_CRIT,
3
or
e
for LOG_ERR,
4
or
w
for LOG_WARNING,
5
or
n
for LOG_NOTICE,
6
or
i
for LOG_INFO, and
7
or
d
for LOG_DEBUG.
Normal output is (or will be!) logged at a priority level of
LOG_NOTICE
INPUT OPTIONS
The interpretation of input object names and the values to be assigned
can be controlled using various parameters of the -I flag.
The default behaviour will be described at the end of this section.
- -Ib
-
specifies that the given name should be regarded as a regular expression,
to match (case-insensitively) against object names in the MIB tree.
The "best" match will be used - calculated as the one that matches the
closest to the beginning of the node name and the highest in the tree.
For example, the MIB object vacmSecurityModel could be matched by
the expression vacmsecuritymodel (full name, but different case),
or vacm.*model (regexp pattern).
Note that '.' is a special character in regular expression patterns,
so the expression cannot specify instance subidentifiers or more than
one object name. A "best match" expression will only be applied
against single MIB object names.
For example, the expression sys*ontact.0 would not match the
instance sysContact.0 (although sys*ontact would match
sysContact).
Similarly, specifying a MIB module name will not succeed
(so SNMPv2-MIB::sys.*ontact would not match either).
- -Ih
-
disables the use of DISPLAY-HINT information when assigning values.
This would then require providing the raw value:
snmpset ... HOST-RESOURCES-MIB::hrSystemDate.0
x "07 D2 0C 0A 02 04 06 08"
instead of a formatted version:
snmpset ... HOST-RESOURCES-MIB::hrSystemDate.0
= 2002-12-10,2:4:6.8
- -Ir
-
disables checking table indexes and the value to be assigned against the
relevant MIB definitions. This will (hopefully) result in the remote
agent reporting an invalid request, rather than checking (and rejecting)
this before it is sent to the remote agent.
Local checks are more efficient (and the diagnostics provided also
tend to be more precise), but disabling this behaviour is particularly
useful when testing the remote agent.
- -IR
-
enables "random access" lookup of MIB names.
Rather than providing a full OID path to the desired MIB object
(or qualifying this object with an explicit MIB module name),
the MIB tree will be searched for the matching object name.
Thus .iso.org.dod.internet.mib-2.system.sysDescr.0
(or SNMPv2-MIB::sysDescr.0) can be specified simply
as sysDescr.0.
-
- Warning:
-
Since MIB object names are not globally unique, this approach
may return a different MIB object depending on which MIB files
have been loaded.
-
The MIB-MODULE::objectName syntax has
the advantage of uniquely identifying a particular MIB object,
as well as being slightly more efficient (and automatically
loading the necessary MIB file if necessary).
- -Is SUFFIX
-
adds the specified suffix to each textual OID given on the command line.
This can be used to retrieve multiple objects from the same row of
a table, by specifying a common index value.
- -IS PREFIX
-
adds the specified prefix to each textual OID given on the command line.
This can be used to specify an explicit MIB module name for all objects
being retrieved (or for incurably lazy typists).
- -Iu
-
enables the traditional UCD-style approach to interpreting input OIDs.
This assumes that OIDs are rooted at the 'mib-2' point in the tree
(unless they start with an explicit '.' or include a MIB module name).
So the sysDescr instance above would be referenced as
system.sysDescr.0.
Object names specified with a leading '.' are always interpreted as
"fully qualified" OIDs, listing the sequence of MIB objects from the
root of the MIB tree. Such objects and those qualified by an explicit
MIB module name are unaffected by the -Ib, -IR and -Iu flags.
Otherwise, if none of the above input options are specified, the
default behaviour for a "relative" OID is to try and interpret it
as an (implicitly) fully qualified OID,
then apply "random access" lookup (-IR),
followed by "best match" pattern matching (-Ib).
ENVIRONMENT VARIABLES
- PREFIX
-
The standard prefix for object identifiers (when using UCD-style output).
Defaults to .iso.org.dod.internet.mgmt.mib-2
- MIBS
-
The list of MIBs to load. Defaults to
SNMPv2-TC:SNMPv2-MIB:IF-MIB:IP-MIB:TCP-MIB:UDP-MIB:SNMP-VACM-MIB.
Overridden by the
-m
option.
- MIBDIRS
-
The list of directories to search for MIBs. Defaults to /usr/local/share/snmp/mibs.
Overridden by the
-M
option.
FILES
- /usr/local/etc/snmp/snmpd.conf
-
Agent configuration file. See
snmpd.conf(5).
- /usr/local/etc/snmp/snmp.conf
-
- ~/.snmp/snmp.conf
-
Application configuration files. See
snmp.conf(5).
SEE ALSO
snmpset(1),
snmpwalk(1),
snmpinform(1),
snmptest(1),
snmp.conf(5).
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- OPTIONS
-
- AGENT SPECIFICATION
-
- MIB PARSING OPTIONS
-
- OUTPUT OPTIONS
-
- LOGGING OPTIONS
-
- INPUT OPTIONS
-
- ENVIRONMENT VARIABLES
-
- FILES
-
- SEE ALSO
-
This document was created by
man2html,
using the manual pages.
Time: 19:05:39 GMT, September 28, 2009