Logo
Home page Net-SNMP

Archive Search:

Require all words?

Site Search:
Google

Net-SNMP Tutorial -- snmpd

This is a basic tutorial for configuring the Net-SNMP snmpd daemon. Note the word basic. This tutorial covers the use of snmpconf to create a configuration file (snmpd.conf) for snmpd. Note that snmpconf only understands a subset of the tokens that snmpd offers, so it is possible that some tokens will remain undocumented. Consult the snmpd.conf man page for more information on those tokens.

The following sections are available:

 


 

Location, location, location

One of the most important things you need to know is where to find or create the snmpd.conf configuration file. The best way to find out is by using the debug output of the agent:
$ snmpd -Dread_config -H 2>&1 | grep "config path" | sort -u
read_config: config path used:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/rstory/.snmp:/var/net-snmp
          

Now that you know what the search path is, you should check for any existing configuration files. Again, the best way is to ask snmpd:
$ snmpd -Dread_config -H 2>&1 | grep "Reading" | sort -u
read_config: Reading configuration /usr/local/share/snmp/snmpd.conf
          

If no existing file exists, snmpconf will help create one for you.

 


 

Understanding an existing configuration file

If you discover an existing configuration file, open it with your favorite text editor. If it appears well commented, then you can use the snmpd.conf man page as a reference to understand the existing configuration. If it does not appear to be well commented, you can use snmpconf to comment it for you, like so:
$ snmpconf -R FILENAME -a -f snmpd.conf

This command will create a copy of the existing configuration file FILENAME as snmpd.conf in the current working directory. The copy will have comments documenting the tokens that snmpconf understands.

 


 

Basic setup with snmpconf

The Net-SNMP agent comes with a perl script to aid with configuration. This script, snmpconf, helps configure some of the basic configuration options offered by snmpd. The options are grouped together by functionality. The -G option to snmpconf will report the available groups.

$ snmpconf -G
Known GROUPs of tokens:

  system_setup
  basic_setup
  monitoring_services
  access_control
  trapsinks
$ $ snmpconf -r none -g basic_setup
************************************************
*** Beginning basic system information setup ***
************************************************
Do you want to configure the information returned in the system MIB group
(contact info, etc)? (default = y):[RETURN]
Notes:
This step is optional, but recommended.
Configuring: syslocation
Description:
  The [typically physical] location of the system.
    Note that setting this value here means that when trying to
    perform an snmp SET operation to the sysLocation.0 variable will make
    the agent return the "notWritable" error code.  IE, including
    this token in the snmpd.conf file will disable write access to
    the variable.
    arguments:  location_string

The location of the system: telephone closet, 3rd floor

Finished Output: syslocation  telephone closet, 3rd floor
Notes:
This one is pretty self-explanatory.
Configuring: syscontact
Description:
  The contact information for the administrator
    Note that setting this value here means that when trying to
    perform an snmp SET operation to the sysContact.0 variable will make
    the agent return the "notWritable" error code.  IE, including
    this token in the snmpd.conf file will disable write access to
    the variable.
    arguments:  contact_string

The contact information: bill x704

Finished Output: syscontact  bill x704
Notes:
The conctact information can be just about whatever you want: a phone number, extension, mail box or email address.
Do you want to properly set the value of the sysServices.0 OID
(if you don't know, just say no)? (default = y): n

Notes:
Unless you already know what the sysServices OID does, it is probably best to skip it and use the default.
Do you want to allow SNMPv3 read-write user based access
(default = y):[RETURN]

Configuring: rwuser
Description:
  a SNMPv3 read-write user
    arguments:  user [noauth|auth|priv] [restriction_oid]

The SNMPv3 user that should have read-write access: fred
The minimum security level required for that user
[noauth|auth|priv, default = auth]: auth
The OID that this community should be restricted to
[if appropriate]:[RETURN]

Finished Output: rwuser  fred ?
Do another rwuser line? (default = y):n
Notes:
fred can read or write any object that the agent supports
Do you want to allow SNMPv3 read-only user based access (default = y):

Configuring: rouser
Description:
  a SNMPv3 read-only user
    arguments:  user [noauth|auth|priv] [restriction_oid]

Enter the SNMPv3 user that should have read-only access to the system: sally
The minimum security level required for that user
[noauth|auth|priv, default = auth]: auth
The OID that this community should be restricted to
[if appropriate]: .1.3.6.1.4.1.8072

Finished Output: rouser  sally auth .1.3.6.1.4.1.8072
Do another rouser line? (default = y): n
Notes:
sally can only read objects in the netSnmp branch of the agent
Do you want to allow SNMPv1/v2c read-write community access (default = y):

Configuring: rwcommunity
Description:
  a SNMPv1/SNMPv2c read-write access community name
    arguments:  community [default|hostname|network/bits] [oid]

Enter the community name to add read-write access for: private
The hostname or network address to accept this community name from
[RETURN for all]:127.0.0.1
The OID that this community should be restricted to
[RETURN for no-restriction]: RETURN

Finished Output: rwcommunity  private 127.0.0.1 .1.3.6.1.2.1.1
Do another rwcommunity line? (default = y): n
Notes:
Anyone with shell access on the host can use the community string private to write to any object in the system tree. (Not recommended)
Do you want to allow SNMPv1/v2c read-only community access (default = y): y

Configuring: rocommunity
Description:
  a SNMPv1/SNMPv2c read-only access community name
    arguments:  community [default|hostname|network/bits] [oid]

The community name to add read-only access for: public
The hostname or network address to accept this community name from
[RETURN for all]: [RETURN]
The OID that this community should be restricted to
[RETURN for no-restriction]: .1.3.6.1.2.1.1

Finished Output: rocommunity  public .1.3.6.1.2.1.1 .1.3.6.1.2.1.1
Do another rocommunity line? (default = y): n
Notes:
Anyone using the commonly used community string public can read any object in the system branch of the tree
The following files were created:

  snmpd.conf

These files should be moved to /usr/local/share/snmp if you
want them used by everyone on the system.  In the future, if you add
the -i option to the command line I'll copy them there automatically for you.

Or, if you want them for your personal use only, copy them to
/home/rks/.snmp .  In the future, if you add the -p option to the
command line I'll copy them there automatically for you.
Notes:
<== PAY ATTENTION
This file is not automatically installed. You must copy it in to the correct location.

That last notes is worth repeating, as is is often overlooked:

See the location section to determine the correct location.

Another important note: the rouser, rwuser, rwcommunity and rocommunity options found in the snmpd.conf configuration file are only half of the setup required for SNMPv3 users. The other half of the setup invovles setting up the SNMPv3 authentication and password parameters, which go in the persistent snmpd.conf file (usually found in /var/net-snmp/snmpd.conf). This file must be edited while the agent is not running, or any changes will be overwritten when the agent exits. See the next section for more details.

 


 

SNMPv3 user setup

If you choose not to set up any SNMPv3 users, you can skip this section.

This section under contruction. Please see the snmpusm man page for information on setting up SNMPv3 users.

 


 

Common options not covered by snmpconf

Some common tokens that you might want to add to the configuration file generated by snmpconf include:

 


 

Simple testing

If you want to simplify configuration (eg while testing), you can ignore the default configuration files and specify your configuration on the command line. Here is an example that can be used to run a freshly build agent from the source directory, without root access:

agent/snmpd -r -f -L -C --rocommunity="test 127.0.0.1" udp:1161

 


 

Quick and dirty, for the impatient

If you just want a cut-and-paste answer to get your agent up and running as quick a possible, the simplest configuration file that we can recommned is this:
rocommunity public default .1.3.6.1.2.1.1

 


 

Back to Top
rstory at freesnpm dot com
[an error occurred while processing this directive]

Valid CSS!


Last modified: Thursday, 26-May-2011 23:21:32 UTC
For questions regarding web content and site functionality, please write to the net-snmp-users mail list.