This is a basic tutorial for configuring the Net-SNMP snmpd daemon. Note the word basic. This tutorial covers the use of snmpconf to create a configuration file (snmpd.conf) for snmpd. Note that snmpconf only understands a subset of the tokens that snmpd offers, so it is possible that some tokens will remain undocumented. Consult the snmpd.conf man page for more information on those tokens.
The following sections are available:
 
 
|
|
If no existing file exists, snmpconf will help create one for you.
 
 
$ snmpconf -R FILENAME
-a -f snmpd.conf
|
This command will create a copy of the existing configuration file FILENAME as snmpd.conf in the current working directory. The copy will have comments documenting the tokens that snmpconf understands.
 
 
The Net-SNMP agent comes with a perl script to aid with configuration. This script, snmpconf, helps configure some of the basic configuration options offered by snmpd. The options are grouped together by functionality. The -G option to snmpconf will report the available groups.
|
$ $ snmpconf -r none -g basic_setup ************************************************ *** Beginning basic system information setup *** ************************************************ Do you want to configure the information returned in the system MIB group (contact info, etc)? (default = y):[RETURN] |
Notes: This step is optional, but recommended. | ||
Configuring: syslocation Description: The [typically physical] location of the system. Note that setting this value here means that when trying to perform an snmp SET operation to the sysLocation.0 variable will make the agent return the "notWritable" error code. IE, including this token in the snmpd.conf file will disable write access to the variable. arguments: location_string The location of the system: telephone closet, 3rd floor Finished Output: syslocation telephone closet, 3rd floor |
Notes: This one is pretty self-explanatory. | ||
Configuring: syscontact Description: The contact information for the administrator Note that setting this value here means that when trying to perform an snmp SET operation to the sysContact.0 variable will make the agent return the "notWritable" error code. IE, including this token in the snmpd.conf file will disable write access to the variable. arguments: contact_string The contact information: bill x704 Finished Output: syscontact bill x704 |
Notes: The conctact information can be just about whatever you want: a phone number, extension, mail box or email address. | ||
Do you want to properly set the value of the sysServices.0 OID (if you don't know, just say no)? (default = y): n |
Notes: Unless you already know what the sysServices OID does, it is probably best to skip it and use the default. | ||
Do you want to allow SNMPv3 read-write user based access (default = y):[RETURN] |
| ||
Configuring: rwuser Description: a SNMPv3 read-write user arguments: user [noauth|auth|priv] [restriction_oid] The SNMPv3 user that should have read-write access: fred The minimum security level required for that user [noauth|auth|priv, default = auth]: auth The OID that this community should be restricted to [if appropriate]:[RETURN] Finished Output: rwuser fred ? Do another rwuser line? (default = y):n |
Notes: fred can read or write any object that the agent supports | ||
Do you want to allow SNMPv3 read-only user based access (default = y): Configuring: rouser Description: a SNMPv3 read-only user arguments: user [noauth|auth|priv] [restriction_oid] Enter the SNMPv3 user that should have read-only access to the system: sally The minimum security level required for that user [noauth|auth|priv, default = auth]: auth The OID that this community should be restricted to [if appropriate]: .1.3.6.1.4.1.8072 Finished Output: rouser sally auth .1.3.6.1.4.1.8072 Do another rouser line? (default = y): n |
Notes: sally can only read objects in the netSnmp branch of the agent | ||
Do you want to allow SNMPv1/v2c read-write community access (default = y): Configuring: rwcommunity Description: a SNMPv1/SNMPv2c read-write access community name arguments: community [default|hostname|network/bits] [oid] Enter the community name to add read-write access for: private The hostname or network address to accept this community name from [RETURN for all]:127.0.0.1 The OID that this community should be restricted to [RETURN for no-restriction]: RETURN Finished Output: rwcommunity private 127.0.0.1 .1.3.6.1.2.1.1 Do another rwcommunity line? (default = y): n |
Notes: Anyone with shell access on the host can use the community string private to write to any object in the system tree. (Not recommended) | ||
Do you want to allow SNMPv1/v2c read-only community access (default = y): y Configuring: rocommunity Description: a SNMPv1/SNMPv2c read-only access community name arguments: community [default|hostname|network/bits] [oid] The community name to add read-only access for: public The hostname or network address to accept this community name from [RETURN for all]: [RETURN] The OID that this community should be restricted to [RETURN for no-restriction]: .1.3.6.1.2.1.1 Finished Output: rocommunity public .1.3.6.1.2.1.1 .1.3.6.1.2.1.1 Do another rocommunity line? (default = y): n |
Notes: Anyone using the commonly used community string public can read any object in the system branch of the tree | ||
The following files were created: snmpd.conf These files should be moved to /usr/local/share/snmp if you want them used by everyone on the system. In the future, if you add the -i option to the command line I'll copy them there automatically for you. Or, if you want them for your personal use only, copy them to /home/rks/.snmp . In the future, if you add the -p option to the command line I'll copy them there automatically for you. |
Notes: <== PAY ATTENTION This file is not automatically installed. You must copy it in to the correct location. |
That last notes is worth repeating, as is is often overlooked:
See the location section to determine the correct location.
Another important note: the rouser, rwuser, rwcommunity and rocommunity options found in the snmpd.conf configuration file are only half of the setup required for SNMPv3 users. The other half of the setup invovles setting up the SNMPv3 authentication and password parameters, which go in the persistent snmpd.conf file (usually found in /var/net-snmp/snmpd.conf). This file must be edited while the agent is not running, or any changes will be overwritten when the agent exits. See the next section for more details.
 
 
If you choose not to set up any SNMPv3 users, you can skip this section.
This section under contruction. Please see the snmpusm man page for information on setting up SNMPv3 users.
 
 
Some common tokens that you might want to add to the configuration file generated by snmpconf include:
 
 
If you want to simplify configuration (eg while testing), you can ignore the default configuration files and specify your configuration on the command line. Here is an example that can be used to run a freshly build agent from the source directory, without root access:
agent/snmpd -r -f -L -C --rocommunity="test 127.0.0.1" udp:1161
|
 
 
rocommunity public default .1.3.6.1.2.1.1
|
 
 
Back to TopLast modified: Wednesday, 01-Aug-2018 04:41:28 UTC
For questions regarding web content and site functionality, please write to the net-snmp-users mail list.