GNU/Linux man pages
Livre :
Expressions régulières,
Syntaxe et mise en oeuvre :
GNU/Linux |
RedHat 5.2(Apollo) |
|
 |
snmpd.conf(5) |
 |
/usr/share/snmp/snmpd.conf
- configuration file for the ucd-snmp SNMP agent.
/usr/share/snmp/snmpd.local.conf
- an optional second configuration file
snmpd.conf and snmpd.local.conf are the configuration files which define how the ucd-smnp SNMP agent operates. These files may contain any of the directives found in the DIRECTIVES section below. The information pertaining to the configuration of the agent is reported in the EXTENSIBLE-MIB, as defined by the EXTENSIBLE-MIB section below.
These files must be found in the /usr/share/snmp directory. Neither of these files are required for the agent to operate and report mib entries defined by rfc-1156.
Any lines beginning with the character ’#’ in the configuration files are treated as a comment and are not parsed.
The ucd-snmp
SNMP agent reports much of its information through queries
to the 1.3.6.1.4.1.2021 section of the mib tree. Every mib
in this section has the following table entries in it.
.1 -- index
This is the table’s index numbers for each of the DIRECTIVES listed below.
.2 -- name
The name of the given table entry. This should be unique, but is not required to be.
.100 -- errorFlag
This is a flag returning either the integer value 1 or 0 if an error is detected for this table entry.
.101 -- errorMsg
This is a DISPLAY-STRING describing any error triggering the errorFlag above.
.102 -- errorFix
If this entry is SNMPset to the integer value of 1 AND the errorFlag defined above is indeed a 1, a program or script will get executed with the table entry name from above as the argument. The program to be executed is configured in the config.h file at compile time.
Directives
proc NAME
proc NAME MAX
proc NAME MAX MIN
Checks to see if the NAME’d processes are running on the agent’s machine. An error flag (1) and a description message are then passed to the 1.3.6.1.4.1.2021.2.100 and 1.3.6.1.4.1.2021.2.101 mib tables (respectively) if the NAME’d program is not found in the process table as reported by "/bin/ps acx".
If MAX and MIN are not specified, MAX is assumed to be infinity and MIN is assumed to be 1.
If MAX is specified but MIN is not specified, MIN is assumed to be 0.
exec NAME PROG ARGS
exec MIBNUM NAME PROG ARGS
If MIBNUM is not specified, the agent executes the named PROG with arguments of ARGS and returns the exit status and the first line of the STDOUT output of the PROG program to queries of the 1.3.6.1.4.1.2021.8.100 and 1.3.6.1.4.1.2021.8.101 mib tables (respectively). All STDOUT output beyound the first line is silently truncated.
If MIBNUM is specified, it acts as above but returns the exit status to MIBNUM.100.0 and the entrire STDOUT output to the table MIBNUM.101 in a mib table. In this case, the MIBNUM.101 mib contains the entire STDOUT output, one mib table entry per line of output (ie, the first line is output as MIBNUM.101.1, the second at MIBNUM.101.2, etc...).
|
Note: |
The MIBNUM must be specified in dotted-interger notation and can not be specified as ".iso.org.dod.internet..." (should instead be | ||
|
Note: |
The agent caches the exit status and STDOUT of the executed program for 30 seconds after the initial query. This is to increase speed and maintain consistancy of information for consecutive table queries. The cache can be flushed by a snmp-set request of integer(1) to 1.3.6.1.4.1.2021.100.10. |
disk PATH
disk PATH [ MINSPACE | MINPERCENT% ]
Checks the named disks mounted at PATH for available disk space. If the diskspace is less than MINSPACE (kB) if specified or less than MINPERCENT (%) if a % sign is specified, or 100000 (kB) if not specified, the associated entry in the 1.3.6.1.4.1.2021.9.100 mib table will be set to (1) and a descriptive error message will be returned to queries of 1.3.6.1.4.1.2021.9.101.
load MAX1
load MAX1 MAX5
load MAX1 MAX5 MAX15
Checks the load average of the machine and returns an error flag (1), and an text-string error message to queries of 1.3.6.1.4.1.2021.10.100 and 1.3.6.1.4.1.2021.10.101 (respectively) when the 1-minute, 5-minute, or 15-minute averages excede the associated maximum values. If any of the MAX1, MAX5, or MAX15 values are unspecified, they default to a value of 12.0.
Errors
Any errors in obtaining the above information are reported
via the 1.3.6.1.4.1.2021.101.100 flag and the
1.3.6.1.4.1.2021.101.101 text-string description.
snmpd supports
the View-Based Access Control Model (vacm) as defined in RFC
2275. To this end, it recognizes the following keywords in
the configuration file: com2sec, group,
access, and view.
com2sec NAME SOURCE COMMUNITY
This directive specifies the mapping from a source/community pair to a security name. SOURCE can be a hostname, a subnet, of the word default. A subnet can be specified as IP/MASK or IP/BITS. The first source/community combination that matches the incoming packet is selected.
group NAME MODEL SECURITY
This directive defines the mapping from securitymodel/securityname to group. MODEL is one of any, v1, v2c, or usm.
access NAME CONTEXT MODEL LEVEL PREFX READ WRITE NOTIFY
The access directive maps from group/security model/security level to a view. MODEL is one of any, v1, v2c, or usm. LEVEL is one of noauth, auth, or priv. READ, WRITE and NOTIFY specifies the view to be used for the corresponding access. For v1 or v2c access, LEVEL will be noauth, and CONTEXT will be empty.
view NAME TYPE SUBTREE [MASK]
The defines the named view. TYPE is either included or excluded. MASK is a list of hex octets, separated by ’.’ or ’:’. The MASK defaults to "ff" if not specified.
The reason for the mask is, that it allows you to control access to one row in a table, in a relatively simple way. As an example, as an ISP you might consider giving each customer access to hos own interface:
view cust1
included interfaces.ifTable.ifEntry.ifIndex.1 ff.a0
view cust2 included interfaces.ifTable.ifEntry.ifIndex.2
ff.a0
(interfaces.ifTable.ifEntry.ifIndex.1
== .1.3.6.1.2.1.2.2.1.1.1,
ff.a0 == 11111111.10100000. which nicely covers up and
including
the row index, but lets the user vary the field of the
row)
VACM Examples:
# sec.name source community
com2sec local localhost private
com2sec mynet 192.168.17.0/24 public
com2sec public default public
# sec.model
sec.name
group mygroup v1 mynet
group mygroup v2c mynet
group local any local
group public any public
# incl/excl
subtree mask
view all included .1 80
view system included system fe
view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
# context
sec.model sec.level prefix read write notify
access mygroup "" any noauth 0 mib2 none none
access public "" any noauth 0 system none none
access local "" any noauth 0 all all all
Default VACM model
The default configuration of
the agent, as shipped, is functionally
equivalent to the following entries:
|
com2sec |
public |
default |
public |
|||||||||
|
group |
public |
any |
||||||||||
|
public |
||||||||||||
|
view |
all |
.1 |
||||||||||
|
access |
public |
"" |
||||||||||
|
any |
noauth |
all |
none | |||||||||
|
none |
syslocation
STRING
syscontact STRING
Sets the system location and the system contact for the agent. This information is reported by the ’system’ table in the mibII tree.
authtrapenable NUMBER
Setting authtrapenable to 1 enables generation of authentification failure traps. The default value is 2 (disable).
trapsink HOST
trapcommunity STRING
This sets the host to receive traps. The daemon sends a Cold Start trap when it starts up. If enabled, it also sends traps on authentification failures. Multiple "trapsink" lines may be specified to specify multiple destinations.
pass MIBOID EXEC
Passes entire control of MIBOID
to the EXEC program. The EXEC program is called in one of
the following three ways:
EXEC -g MIBOID
EXEC -n MIBOID
These call lines match to SNMP get and getnext requests. It is expected that the EXEC program will take the arguments passed to it and return the appropriate response through it’s stdout.
The first line of stdout should be the mib OID of the returning value. The second line should be the TYPE of value returned, where TYPE is one of the text strings: string, integer, objectid, timeticks, ipaddress, counter, or gague. The third line of stdout should be the VALUE corresponding with the returned TYPE.
For instance,
if a script was to return the value integer value
"42" when a request for .1.3.6.1.4.100 was
requested, the script should return the following 3 lines:
.1.3.6.1.4.100
integer
42
To indicate that the script is unable to comply with the request due to an end-of-mib condition or an invalid request, simple exit and return no output to stdout at all. A snmp error will be generated corresponding to the SNMP NO-SUCH-NAME response.
EXEC -s MIBOID TYPE VALUE
For SNMP set requests, the adove call method is used. The TYPE passed to the EXEC program is one of the text strings: integer, counter, gauge, timeticks, ipaddress, objid, or string, indicating the type of value passed in the next argument.
Return nothing to stdout, and the set will assumed to have been successful. Otherwise, return one of the following error strings to signal an error: not-writable, or wrong-type and the appropriate error response will be generated instead.
|
Note: |
By default, the only community allowed to write (ie snmpset) to your script will be the "private" community,or community #2 if definied differently by the "community" token discussed above. Which communities are allowed write access are controlled by the RWRITE definition in the snmplib/snmp_impl.h source file. |
See the EXAMPLE.CONF file in the top level source directory for a more detailed example of how the above information is used in real examples.
The ucd-snmp agent can be forced to re-read its configuration files. It can be told to do so by one of two ways:
|
1. |
An snmpset of integer(1) to 1.3.6.1.4.1.2021.100.11. | ||
|
2. |
A "kill -HUP" signal sent to the snmpd agent process. |
/usr/share/snmp/snmpd.conf
/usr/share/snmp/snmpd.local.conf
snmpd(1), EXAMPLE.conf.
|
snmpd.conf(5) | |