Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / b48b7b4109868a8c0ddda090992e936e821c7ea6 / . / import-layers / meta-openembedded / meta-networking / recipes-protocols / net-snmp / files / snmpd.conf
blob: 728171c427145996e0e2a37c2a0edfbcccea1a5e [file] [log] [blame]
Patrick Williamsb48b7b42016-08-17 15:04:38 -0500[diff] [blame^]1###############################################################################
2#
3# EXAMPLE.conf:
4# An example configuration file for configuring the ucd-snmp snmpd agent.
5#
6###############################################################################
7#
8# This file is intended to only be an example. If, however, you want
9# to use it, it should be placed in /etc/snmp/snmpd.conf.
10# When the snmpd agent starts up, this is where it will look for it.
11#
12# You might be interested in generating your own snmpd.conf file using
13# the "snmpconf" program (perl script) instead. It's a nice menu
14# based interface to writing well commented configuration files. Try it!
15#
16# Note: This file is automatically generated from EXAMPLE.conf.def.
17# Do NOT read the EXAMPLE.conf.def file! Instead, after you have run
18# configure & make, and then make sure you read the EXAMPLE.conf file
19# instead, as it will tailor itself to your configuration.
20
21# All lines beginning with a '#' are comments and are intended for you
22# to read. All other lines are configuration commands for the agent.
23
24#
25# PLEASE: read the snmpd.conf(5) manual page as well!
26#
27
28
29###############################################################################
30# Access Control
31###############################################################################
32
33# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
34# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
35# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
36
37# By far, the most common question I get about the agent is "why won't
38# it work?", when really it should be "how do I configure the agent to
39# allow me to access it?"
40#
41# By default, the agent responds to the "public" community for read
42# only access, if run out of the box without any configuration file in
43# place. The following examples show you other ways of configuring
44# the agent so that you can change the community names, and give
45# yourself write access as well.
46#
47# The following lines change the access permissions of the agent so
48# that the COMMUNITY string provides read-only access to your entire
49# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
50# localhost (127.0.0.1, not its real ipaddress).
51#
52# For more information, read the FAQ as well as the snmpd.conf(5)
53# manual page.
54
55####
56# First, map the community name (COMMUNITY) into a security name
57# (local and mynetwork, depending on where the request is coming
58# from):
59
60# sec.name source community
61com2sec paranoid default public
62#com2sec readonly default public
63#com2sec readwrite default private
64
65####
66# Second, map the security names into group names:
67
68# sec.model sec.name
69group MyROSystem v1 paranoid
70group MyROSystem v2c paranoid
71group MyROSystem usm paranoid
72group MyROGroup v1 readonly
73group MyROGroup v2c readonly
74group MyROGroup usm readonly
75group MyRWGroup v1 readwrite
76group MyRWGroup v2c readwrite
77group MyRWGroup usm readwrite
78
79####
80# Third, create a view for us to let the groups have rights to:
81
82# incl/excl subtree mask
83view all included .1 80
84view system included .iso.org.dod.internet.mgmt.mib-2.system
85
86####
87# Finally, grant the 2 groups access to the 1 view with different
88# write permissions:
89
90# context sec.model sec.level match read write notif
91access MyROSystem "" any noauth exact system none none
92access MyROGroup "" any noauth exact all none none
93access MyRWGroup "" any noauth exact all all none
94
95# -----------------------------------------------------------------------------
96
97
98###############################################################################
99# System contact information
100#
101
102# It is also possible to set the sysContact and sysLocation system
103# variables through the snmpd.conf file. **PLEASE NOTE** that setting
104# the value of these objects here makes these objects READ-ONLY
105# (regardless of any access control settings). Any attempt to set the
106# value of an object whose value is given here will fail with an error
107# status of notWritable.
108
109syslocation Unknown (configure /etc/snmp/snmpd.local.conf)
110syscontact Root <root@localhost> (configure /etc/snmp/snmpd.local.conf)
111
112# Example output of snmpwalk:
113# % snmpwalk -v 1 -c public localhost system
114# system.sysDescr.0 = "SunOS name sun4c"
115# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
116# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
117# system.sysContact.0 = "Me <me@somewhere.org>"
118# system.sysName.0 = "name"
119# system.sysLocation.0 = "Right here, right now."
120# system.sysServices.0 = 72
121
122
123# -----------------------------------------------------------------------------
124
125
126###############################################################################
127# Process checks.
128#
129# The following are examples of how to use the agent to check for
130# processes running on the host. The syntax looks something like:
131#
132# proc NAME [MAX=0] [MIN=0]
133#
134# NAME: the name of the process to check for. It must match
135# exactly (ie, http will not find httpd processes).
136# MAX: the maximum number allowed to be running. Defaults to 0.
137# MIN: the minimum number to be running. Defaults to 0.
138
139#
140# Examples:
141#
142
143# Make sure mountd is running
144#proc mountd
145
146# Make sure there are no more than 4 ntalkds running, but 0 is ok too.
147#proc ntalkd 4
148
149# Make sure at least one sendmail, but less than or equal to 10 are running.
150#proc sendmail 10 1
151
152# A snmpwalk of the prTable would look something like this:
153#
154# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.2
155# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
156# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
157# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
158# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
159# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
160# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
161# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
162# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
163# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
164# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
165# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
166# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
167# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
168# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
169# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
170# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
171# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
172# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
173# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
174# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
175# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
176# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
177# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
178# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
179#
180# Note that the errorFlag for mountd is set to 1 because one is not
181# running (in this case an rpc.mountd is, but thats not good enough),
182# and the ErrMessage tells you what's wrong. The configuration
183# imposed in the snmpd.conf file is also shown.
184#
185# Special Case: When the min and max numbers are both 0, it assumes
186# you want a max of infinity and a min of 1.
187#
188
189
190# -----------------------------------------------------------------------------
191
192
193###############################################################################
194# Executables/scripts
195#
196
197#
198# You can also have programs run by the agent that return a single
199# line of output and an exit code. Here are two examples.
200#
201# exec NAME PROGRAM [ARGS ...]
202#
203# NAME: A generic name.
204# PROGRAM: The program to run. Include the path!
205# ARGS: optional arguments to be passed to the program
206
207# a simple hello world
208#exec echotest /bin/echo hello world
209
210# Run a shell script containing:
211#
212# #!/bin/sh
213# echo hello world
214# echo hi there
215# exit 35
216#
217# Note: this has been specifically commented out to prevent
218# accidental security holes due to someone else on your system writing
219# a /tmp/shtest before you do. Uncomment to use it.
220#
221#exec shelltest /bin/sh /tmp/shtest
222
223# Then,
224# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.8
225# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
226# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
227# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
228# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
229# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
230# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
231# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
232# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
233# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
234# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
235# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
236# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
237
238# Note that the second line of the /tmp/shtest shell script is cut
239# off. Also note that the exit status of 35 was returned.
240
241# -----------------------------------------------------------------------------
242
243
244###############################################################################
245# disk checks
246#
247
248# The agent can check the amount of available disk space, and make
249# sure it is above a set limit.
250
251# disk PATH [MIN=DEFDISKMINIMUMSPACE]
252#
253# PATH: mount path to the disk in question.
254# MIN: Disks with space below this value will have the Mib's errorFlag set.
255# Default value = DEFDISKMINIMUMSPACE.
256
257# Check the / partition and make sure it contains at least 10 megs.
258
259#disk / 10000
260
261# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.9
262# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
263# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F
264# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
265# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
266# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
267# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
268# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
269# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
270# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
271# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
272
273# -----------------------------------------------------------------------------
274
275
276###############################################################################
277# load average checks
278#
279
280# load [1MAX=DEFMAXLOADAVE] [5MAX=DEFMAXLOADAVE] [15MAX=DEFMAXLOADAVE]
281#
282# 1MAX: If the 1 minute load average is above this limit at query
283# time, the errorFlag will be set.
284# 5MAX: Similar, but for 5 min average.
285# 15MAX: Similar, but for 15 min average.
286
287# Check for loads:
288#load 12 14 14
289
290# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.10
291# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
292# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
293# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
294# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
295# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
296# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
297# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39
298# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31
299# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36
300# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
301# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
302# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
303# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
304# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
305# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
306# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
307# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
308# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
309
310# -----------------------------------------------------------------------------
311
312
313###############################################################################
314# Extensible sections.
315#
316
317# This alleviates the multiple line output problem found in the
318# previous executable mib by placing each mib in its own mib table:
319
320# Run a shell script containing:
321#
322# #!/bin/sh
323# echo hello world
324# echo hi there
325# exit 35
326#
327# Note: this has been specifically commented out to prevent
328# accidental security holes due to someone else on your system writing
329# a /tmp/shtest before you do. Uncomment to use it.
330#
331# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
332
333# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.50
334# enterprises.ucdavis.50.1.1 = 1
335# enterprises.ucdavis.50.2.1 = "shelltest"
336# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
337# enterprises.ucdavis.50.100.1 = 35
338# enterprises.ucdavis.50.101.1 = "hello world."
339# enterprises.ucdavis.50.101.2 = "hi there."
340# enterprises.ucdavis.50.102.1 = 0
341
342# Now the Output has grown to two lines, and we can see the 'hi
343# there.' output as the second line from our shell script.
344#
345# Note that you must alter the mib.txt file to be correct if you want
346# the .50.* outputs above to change to reasonable text descriptions.
347
348# Other ideas:
349#
350# exec .1.3.6.1.4.1.2021.51 ps /bin/ps
351# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
352# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
353
354# -----------------------------------------------------------------------------
355
356
357###############################################################################
358# Pass through control.
359#
360
361# Usage:
362# pass MIBOID EXEC-COMMAND
363#
364# This will pass total control of the mib underneath the MIBOID
365# portion of the mib to the EXEC-COMMAND.
366#
367# Note: You'll have to change the path of the passtest script to your
368# source directory or install it in the given location.
369#
370# Example: (see the script for details)
371# (commented out here since it requires that you place the
372# script in the right location. (its not installed by default))
373
374# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/passtest
375
376# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.255
377# enterprises.ucdavis.255.1 = "life the universe and everything"
378# enterprises.ucdavis.255.2.1 = 42
379# enterprises.ucdavis.255.2.2 = OID: 42.42.42
380# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
381# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
382# enterprises.ucdavis.255.5 = 42
383# enterprises.ucdavis.255.6 = Gauge: 42
384#
385# % snmpget -v 1 -c public localhost .1.3.6.1.4.1.2021.255.5
386# enterprises.ucdavis.255.5 = 42
387#
388# % snmpset -v 1 -c public localhost .1.3.6.1.4.1.2021.255.1 s "New string"
389# enterprises.ucdavis.255.1 = "New string"
390#
391
392# For specific usage information, see the man/snmpd.conf.5 manual page
393# as well as the local/passtest script used in the above example.
394
395###############################################################################
396# Subagent control
397#
398
399# The agent can support subagents using a number of extension mechanisms.
400# From the 4.2.1 release, AgentX support is being compiled in by default.
401# However, this is still experimental code, so should not be used on
402# critical production systems.
403# Please see the file README.agentx for more details.
404#
405# If having read, marked, learnt and inwardly digested this information,
406# you decide that you do wish to make use of this mechanism, simply
407# uncomment the following directive.
408#
409# master agentx
410#
411# I repeat - this is *NOT* regarded as suitable for front-line production
412# systems, though it is probably stable enough for day-to-day use.
413# Probably.
414#
415# No refunds will be given.
416
417###############################################################################
418# Further Information
419#
420# See the snmpd.conf manual page, and the output of "snmpd -H".
421# MUCH more can be done with the snmpd.conf than is shown as an
422# example here.