manpagez: man pages & more
man snmpd(8)
Home | html | info | man
snmpd(8)                           Net-SNMP                           snmpd(8)




NAME

       snmpd - daemon to respond to SNMP request packets.


SYNOPSIS

       snmpd [OPTIONS] [LISTENING ADDRESSES]


DESCRIPTION

       snmpd  is  an SNMP agent which binds to a port and awaits requests from
       SNMP management software.  Upon receiving a request, it  processes  the
       request(s),  collects  the  requested  information  and/or performs the
       requested operation(s) and returns the information to the sender.


OPTIONS

       -a      Log the source addresses of incoming requests.

       -A      Append to the log file rather than truncating it.

       -c FILE Read FILE as a configuration file (or a comma-separated list of
               configuration  files).   Note  that  the  loaded file will only
               understand snmpd.conf tokens, unless the configuration type  is
               specified  in the file as described in the snmp_config man page
               under SWITCHING CONFIGURATION TYPES IN MID-FILE.

       -C      Do not read any configuration files except the ones  optionally
               specified by the -c option.  Note that this behaviour also cov-
               ers the persistent configuration files.   This  may  result  in
               dynamically-assigned  values  being  reset  following  an agent
               restart,  unless  the  relevant  persistent  config  files  are
               explicitly loaded using the -c option.

       -d      Dump (in hexadecimal) the sent and received SNMP packets.

       -D[TOKEN[,...]]
               Turn  on  debugging output for the given TOKEN(s).  Without any
               tokens specified, it defaults to printing all the tokens (which
               is equivalent to the keyword "ALL").  You might want to try ALL
               for extremely verbose output.  Note: You can not  put  a  space
               between the -D flag and the listed TOKENs.

       -f      Do not fork() from the calling shell.

       -g GID  Change the group ID of the snmpd process into GID after opening
               listening sockets. This overrides the agentgroup  configuration
               file parameter.

       -h, --help
               Display a brief usage message and then exit.

       -H      Display  a  list of configuration file directives understood by
               the agent and then exit.

       -I [-]INITLIST
               Specifies which modules should (or should not)  be  initialized
               when  the  agent starts up.  If the comma-separated INITLIST is
               preceded with a '-', it is the list of modules that should  not
               be  started.   Otherwise  this  is the list of the only modules
               that should be started.

               To get a list of compiled modules, run the agent with the argu-
               ments  -Dmib_init  -H (assuming debugging support has been com-
               piled in).

       -L[eEfFoOsSnN]
               Specify where logging output should be directed (standard error
               or  output,  to  a file or via syslog).  See LOGGING OPTIONS in
               snmpcmd(1) for details.

       -m MIBLIST
               Specifies a colon separated list of MIB  modules  to  load  for
               this  application.   This  overrides  the  environment variable
               MIBS.  See snmpcmd(1) for details.

       -M DIRLIST
               Specifies a colon separated list of directories to  search  for
               MIBs.   This  overrides  the environment variable MIBDIRS.  See
               snmpcmd(1) for details.

       -n NAME Set an alternative application name (which will affect the con-
               figuration  files  loaded).   By  default  this  will be snmpd,
               regardless of the name of the actual binary.

       -p FILE Save the process ID of the daemon in FILE.

       -q      Print simpler output for easier automated parsing.

       -r      Do not require root access to run the daemon.  Specifically, do
               not  exit  if  files only accessible to root (such as /dev/kmem
               etc.) cannot be opened.

       -u UID  Change the user ID of the snmpd process into UID (which can  be
               given  in  numerical  or  textual form) after opening listening
               sockets. This overrides the agentuser configuration file param-
               eter.

       -U      Instructs  the  agent  to  not  remove its pid file (see the -p
               option) on shutdown. Overrides the leave_pidfile token  in  the
               snmpd.conf file, see snmpd.conf(5).

       -v, --version
               Print version information for the agent and then exit.

       -V      Symbolically dump SNMP transactions.

       -x ADDRESS
               Listens  for AgentX connections on the specified address rather
               than the default AGENTX_SOCKET.  The address can  either  be  a
               Unix domain socket path, or the address of a network interface.
               The format is the same as the  format  of  listening  addresses
               described below.

       -X      Run  as an AgentX subagent rather than as an SNMP master agent.

       --name="value"
               Allows one to specify  any  token  ("name")  supported  in  the
               snmpd.conf  file  and  sets its value to "value". Overrides the
               corresponding token in the snmpd.conf file.  See  snmpd.conf(5)
               for the full list of tokens.


LISTENING ADDRESSES

       By default, snmpd listens for incoming SNMP requests on UDP port 161 on
       all IPv4 interfaces.  However, it is possible to modify this  behaviour
       by specifying one or more listening addresses as arguments to snmpd.  A
       listening address takes the form:

              [<transport-specifier>:]<transport-address>

       At its simplest, a listening address may consist only of a port number,
       in  which  case  snmpd listens on that UDP port on all IPv4 interfaces.
       Otherwise, the <transport-address> part of the specification is  parsed
       according to the following table:

           <transport-specifier>       <transport-address> format

           udp (default)               hostname[:port] or IPv4-address[:port]

           tcp                         hostname[:port] or IPv4-address[:port]

           unix                        pathname

           ipx                         [network]:node[/port]

           aal5pvc or pvc              [interface.][VPI.]VCI

           udp6 or udpv6 or udpipv6    hostname[:port] or IPv6-address[:port]

           tcp6 or tcpv6 or tcpipv6    hostname[:port] or IPv6-address[:port]

           ssh                         hostname:port

           dtlsudp                     hostname:port

       Note  that  <transport-specifier> strings are case-insensitive so that,
       for example, "tcp" and "TCP" are equivalent.  Here are  some  examples,
       along with their interpretation:

       127.0.0.1:161           listen  on  UDP port 161, but only on the loop-
                               back  interface.   This  prevents  snmpd  being
                               queried   remotely.   The   port  specification
                               ":161" is not strictly necessary since that  is
                               the default SNMP port.

       TCP:1161                listen on TCP port 1161 on all IPv4 interfaces.

       ipx:/40000              listen on IPX port 40000 on all IPX interfaces.

       unix:/tmp/local-agent   listen    on    the    Unix    domain    socket
                               /tmp/local-agent.

       /tmp/local-agent        is identical  to  the  previous  specification,
                               since  the  Unix domain is assumed if the first
                               character of the <transport-address> is '/'.

       PVC:161                 listen on the AAL5  permanent  virtual  circuit
                               with  VPI=0  and VCI=161 (decimal) on the first
                               ATM adapter in the machine.

       udp6:10161              listen on port 10161 on all IPv6 interfaces.

       ssh:127.0.0.1:22        Allows connections from the snmp  subsystem  on
                               the  ssh  server  on  port  22.  The details of
                               using SNMP over SSH are defined below.

       dtlsudp:127.0.0.1:9161  Listen for connections over DTLS  on  UDP  port
                               9161.    The   snmp.conf  file  must  have  the
                               serverCert, configuration tokens defined.

       Note that not all the transport domains listed  above  will  always  be
       available; for instance, hosts with no IPv6 support will not be able to
       use udp6 transport addresses, and attempts to do so will result in  the
       error  "Error  opening  specified  endpoint".  Likewise, since AAL5 PVC
       support is only currently available on Linux, it  will  fail  with  the
       same error on other platforms.


Transport Specific Notes

       ssh     The  SSH transport, on the server side, is actually just a unix
               named pipe that can be connected to via a ssh subsystem config-
               ured  in  the main ssh server.  The pipe location (configurable
               with   the   sshtosnmpsocket    token    in    snmp.conf)    is
               /var/net-snmp/sshtosnmp.  Packets should be submitted to it via
               the sshtosnmp application, which also sends the user ID as well
               when starting the connection.  The TSM security model should be
               used when packets should process it.

               The sshtosnmp command knows how to connect  to  this  pipe  and
               talk  to  it.  It should be configured in the OpenSSH sshd con-
               figuration file (which is normally  /etc/ssh/sshd_config  using
               the following configuration line:


                      Subsystem snmp /usr/local/bin/sshtosnmp

               The  sshtosnmp  command  will  need  read/write  access  to the
               /var/net-snmp/sshtosnmp pipe.  Although  it  should  be  fairly
               safe  to  grant  access  to  the  average  user  since it still
               requires modifications to the ACM settings before the user  can
               perform  operations,  paranoid  administrators may want to make
               the /var/net-snmp directory accessible only by users in a  par-
               ticular  group.  Use the sshtosnmpsocketperms snmp.conf config-
               ure option to set the permissions, owner and group of the  cre-
               ated socket.

               Access  control can be granted to the user "foo" using the fol-
               lowing style of simple snmpd.conf settings:


                      rouser -s tsm foo authpriv

               Note that "authpriv" is acceptable  assuming  as  SSH  protects
               everything  that  way  (assuming  you have a non-insane setup).
               snmpd has no notion of how SSH has actually protected a  packet
               and  thus the snmp agent assumes all packets passed through the
               SSH transport have been protected at the authpriv level.

       dtlsudp The DTLS protocol, which is based off  of  TLS,  requires  both
               client  and server certificates to establish the connection and
               authenticate both sides.  In order to do this, the client  will
               need  to  configure the snmp.conf file with the clientCert con-
               figuration tokens.  The  server  will  need  to  configure  the
               snmp.conf   file   with  the  serverCert  configuration  tokens
               defined.

               Access control setup is similar to the ssh transport as the TSM
               security model should be used to protect the packet.


CONFIGURATION FILES

       snmpd checks for the existence of and parses the following files:

       /opt/local/etc/snmp/snmp.conf
             Common   configuration   for  the  agent  and  applications.  See
             snmp.conf(5) for details.

       /opt/local/etc/snmp/snmpd.conf

       /opt/local/etc/snmp/snmpd.local.conf
             Agent-specific configuration.   See  snmpd.conf(5)  for  details.
             These files are optional and may be used to configure access con-
             trol, trap generation, subagent protocols and much else  besides.

             In    addition    to    these    two   configuration   files   in
             /opt/local/etc/snmp, the agent will read any files with the names
             snmpd.conf  and snmpd.local.conf in a colon separated path speci-
             fied in the SNMPCONFPATH environment variable.

       /opt/local/share/snmp/mibs/
             The agent will also load all files in this directory as MIBs.  It
             will  not,  however,  load  any  file  that  begins with a '.' or
             descend into subdirectories.


SEE ALSO

       (in recommended reading order)

       snmp_config(5), snmp.conf(5), snmpd.conf(5)



V5.9                              30 Jun 2010                         snmpd(8)

net-snmp 5.9 - Generated Mon Jan 4 08:27:26 CST 2021
© manpagez.com 2000-2024
Individual documents may contain additional copyright information.