]>
Commit | Line | Data |
---|---|---|
5c9dd661 PP |
1 | ############################################################################### |
2 | # | |
3 | # snmpd.conf: | |
4 | # An example configuration file for configuring the ucd-snmp snmpd agent. | |
5 | # | |
6 | ############################################################################### | |
7 | # | |
8 | # This file is intended to only be an example. If, however, you want | |
9 | # to use it, it should be placed in SYSCONFDIR/snmp/snmpd.conf. | |
10 | # When the snmpd agent starts up, this is where it will look for it. | |
11 | # | |
12 | # You might be interested in generating your own snmpd.conf file using | |
13 | # the "snmpconf" program (perl script) instead. It's a nice menu | |
14 | # based interface to writing well commented configuration files. Try it! | |
15 | # | |
16 | # Note: This file is automatically generated from EXAMPLE.conf.def. | |
17 | # Do NOT read the EXAMPLE.conf.def file! Instead, after you have run | |
18 | # configure & make, and then make sure you read the EXAMPLE.conf file | |
19 | # instead, as it will tailor itself to your configuration. | |
20 | ||
21 | # All lines beginning with a '#' are comments and are intended for you | |
22 | # to read. All other lines are configuration commands for the agent. | |
23 | ||
24 | # | |
25 | # PLEASE: read the snmpd.conf(5) manual page as well! | |
26 | # | |
27 | ||
28 | ||
29 | ############################################################################### | |
30 | # Access Control | |
31 | ############################################################################### | |
32 | ||
33 | # YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY | |
34 | # KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO | |
35 | # SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE. | |
36 | ||
37 | # By far, the most common question I get about the agent is "why won't | |
38 | # it work?", when really it should be "how do I configure the agent to | |
39 | # allow me to access it?" | |
40 | # | |
41 | # By default, the agent responds to the "public" community for read | |
42 | # only access, if run out of the box without any configuration file in | |
43 | # place. The following examples show you other ways of configuring | |
44 | # the agent so that you can change the community names, and give | |
45 | # yourself write access as well. | |
46 | # | |
47 | # The following lines change the access permissions of the agent so | |
48 | # that the COMMUNITY string provides read-only access to your entire | |
49 | # NETWORK (EG: 10.10.10.0/24), and read/write access to only the | |
50 | # localhost (127.0.0.1, not its real ipaddress). | |
51 | # | |
52 | # For more information, read the FAQ as well as the snmpd.conf(5) | |
53 | # manual page. | |
54 | ||
55 | #### | |
56 | # First, map the community name (COMMUNITY) into a security name | |
57 | # (local and mynetwork, depending on where the request is coming | |
58 | # from): | |
59 | ||
60 | # sec.name source community | |
61 | com2sec local localhost public | |
62 | #com2sec mynetwork NETWORK/24 public | |
63 | ||
64 | #### | |
65 | # Second, map the security names into group names: | |
66 | ||
67 | # sec.model sec.name | |
68 | group MyRWGroup v1 local | |
69 | group MyRWGroup v2c local | |
70 | group MyRWGroup usm local | |
71 | group MyROGroup v1 mynetwork | |
72 | group MyROGroup v2c mynetwork | |
73 | group MyROGroup usm mynetwork | |
74 | ||
75 | #### | |
76 | # Third, create a view for us to let the groups have rights to: | |
77 | ||
78 | # incl/excl subtree mask | |
79 | view all included .1 80 | |
80 | ||
81 | #### | |
82 | # Finally, grant the 2 groups access to the 1 view with different | |
83 | # write permissions: | |
84 | ||
85 | # context sec.model sec.level match read write notif | |
86 | access MyROGroup "" any noauth exact all none none | |
87 | access MyRWGroup "" any noauth exact all all none | |
88 | ||
89 | # ----------------------------------------------------------------------------- | |
90 | ||
91 | ||
92 | ############################################################################### | |
93 | # System contact information | |
94 | # | |
95 | ||
96 | # It is also possible to set the sysContact and sysLocation system | |
97 | # variables through the snmpd.conf file. **PLEASE NOTE** that setting | |
98 | # the value of these objects here makes these objects READ-ONLY | |
99 | # (regardless of any access control settings). Any attempt to set the | |
100 | # value of an object whose value is given here will fail with an error | |
101 | # status of notWritable. | |
102 | ||
103 | syslocation Right here, right now. | |
104 | syscontact Me <me@somewhere.org> | |
105 | ||
106 | # Example output of snmpwalk: | |
107 | # % snmpwalk -v 1 -c public localhost system | |
108 | # system.sysDescr.0 = "SunOS name sun4c" | |
109 | # system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4 | |
110 | # system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55 | |
111 | # system.sysContact.0 = "Me <me@somewhere.org>" | |
112 | # system.sysName.0 = "name" | |
113 | # system.sysLocation.0 = "Right here, right now." | |
114 | # system.sysServices.0 = 72 | |
115 | ||
116 | ||
117 | # ----------------------------------------------------------------------------- | |
118 | ||
119 | ||
120 | ############################################################################### | |
121 | # Process checks. | |
122 | # | |
123 | # The following are examples of how to use the agent to check for | |
124 | # processes running on the host. The syntax looks something like: | |
125 | # | |
126 | # proc NAME [MAX=0] [MIN=0] | |
127 | # | |
128 | # NAME: the name of the process to check for. It must match | |
129 | # exactly (ie, http will not find httpd processes). | |
130 | # MAX: the maximum number allowed to be running. Defaults to 0. | |
131 | # MIN: the minimum number to be running. Defaults to 0. | |
132 | ||
133 | # | |
134 | # Examples: | |
135 | # | |
136 | ||
137 | # Make sure mountd is running | |
138 | proc mountd | |
139 | ||
140 | # Make sure there are no more than 4 ntalkds running, but 0 is ok too. | |
141 | proc ntalkd 4 | |
142 | ||
143 | # Make sure at least one sendmail, but less than or equal to 10 are running. | |
144 | proc sendmail 10 1 | |
145 | ||
146 | # A snmpwalk of the prTable would look something like this: | |
147 | # | |
148 | # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.PROCMIBNUM | |
149 | # enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1 | |
150 | # enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2 | |
151 | # enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3 | |
152 | # enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd" | |
153 | # enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd" | |
154 | # enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail" | |
155 | # enterprises.ucdavis.procTable.prEntry.prMin.1 = 0 | |
156 | # enterprises.ucdavis.procTable.prEntry.prMin.2 = 0 | |
157 | # enterprises.ucdavis.procTable.prEntry.prMin.3 = 1 | |
158 | # enterprises.ucdavis.procTable.prEntry.prMax.1 = 0 | |
159 | # enterprises.ucdavis.procTable.prEntry.prMax.2 = 4 | |
160 | # enterprises.ucdavis.procTable.prEntry.prMax.3 = 10 | |
161 | # enterprises.ucdavis.procTable.prEntry.prCount.1 = 0 | |
162 | # enterprises.ucdavis.procTable.prEntry.prCount.2 = 0 | |
163 | # enterprises.ucdavis.procTable.prEntry.prCount.3 = 1 | |
164 | # enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1 | |
165 | # enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0 | |
166 | # enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0 | |
167 | # enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running." | |
168 | # enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = "" | |
169 | # enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = "" | |
170 | # enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0 | |
171 | # enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0 | |
172 | # enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0 | |
173 | # | |
174 | # Note that the errorFlag for mountd is set to 1 because one is not | |
175 | # running (in this case an rpc.mountd is, but thats not good enough), | |
176 | # and the ErrMessage tells you what's wrong. The configuration | |
177 | # imposed in the snmpd.conf file is also shown. | |
178 | # | |
179 | # Special Case: When the min and max numbers are both 0, it assumes | |
180 | # you want a max of infinity and a min of 1. | |
181 | # | |
182 | ||
183 | ||
184 | # ----------------------------------------------------------------------------- | |
185 | ||
186 | ||
187 | ############################################################################### | |
188 | # Executables/scripts | |
189 | # | |
190 | ||
191 | # | |
192 | # You can also have programs run by the agent that return a single | |
193 | # line of output and an exit code. Here are two examples. | |
194 | # | |
195 | # exec NAME PROGRAM [ARGS ...] | |
196 | # | |
197 | # NAME: A generic name. | |
198 | # PROGRAM: The program to run. Include the path! | |
199 | # ARGS: optional arguments to be passed to the program | |
200 | ||
201 | # a simple hello world | |
202 | exec echotest /bin/echo hello world | |
203 | ||
204 | # Run a shell script containing: | |
205 | # | |
206 | # #!/bin/sh | |
207 | # echo hello world | |
208 | # echo hi there | |
209 | # exit 35 | |
210 | # | |
211 | # Note: this has been specifically commented out to prevent | |
212 | # accidental security holes due to someone else on your system writing | |
213 | # a /tmp/shtest before you do. Uncomment to use it. | |
214 | # | |
215 | #exec shelltest /bin/sh /tmp/shtest | |
216 | ||
217 | # Then, | |
218 | # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.SHELLMIBNUM | |
219 | # enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1 | |
220 | # enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2 | |
221 | # enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest" | |
222 | # enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest" | |
223 | # enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world" | |
224 | # enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest" | |
225 | # enterprises.ucdavis.extTable.extEntry.extResult.1 = 0 | |
226 | # enterprises.ucdavis.extTable.extEntry.extResult.2 = 35 | |
227 | # enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world." | |
228 | # enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world." | |
229 | # enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0 | |
230 | # enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0 | |
231 | ||
232 | # Note that the second line of the /tmp/shtest shell script is cut | |
233 | # off. Also note that the exit status of 35 was returned. | |
234 | ||
235 | # ----------------------------------------------------------------------------- | |
236 | ||
237 | ||
238 | ############################################################################### | |
239 | # disk checks | |
240 | # | |
241 | ||
242 | # The agent can check the amount of available disk space, and make | |
243 | # sure it is above a set limit. | |
244 | ||
245 | # disk PATH [MIN=DEFDISKMINIMUMSPACE] | |
246 | # | |
247 | # PATH: mount path to the disk in question. | |
248 | # MIN: Disks with space below this value will have the Mib's errorFlag set. | |
249 | # Default value = DEFDISKMINIMUMSPACE. | |
250 | ||
251 | # Check the / partition and make sure it contains at least 10 megs. | |
252 | ||
253 | disk / 10000 | |
254 | ||
255 | # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.DISKMIBNUM | |
256 | # enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0 | |
257 | # enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F | |
258 | # enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0" | |
259 | # enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000 | |
260 | # enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130 | |
261 | # enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325 | |
262 | # enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092 | |
263 | # enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58 | |
264 | # enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0 | |
265 | # enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = "" | |
266 | ||
267 | # ----------------------------------------------------------------------------- | |
268 | ||
269 | ||
270 | ############################################################################### | |
271 | # load average checks | |
272 | # | |
273 | ||
274 | # load [1MAX=DEFMAXLOADAVE] [5MAX=DEFMAXLOADAVE] [15MAX=DEFMAXLOADAVE] | |
275 | # | |
276 | # 1MAX: If the 1 minute load average is above this limit at query | |
277 | # time, the errorFlag will be set. | |
278 | # 5MAX: Similar, but for 5 min average. | |
279 | # 15MAX: Similar, but for 15 min average. | |
280 | ||
281 | # Check for loads: | |
282 | load 12 14 14 | |
283 | ||
284 | # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.LOADAVEMIBNUM | |
285 | # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1 | |
286 | # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2 | |
287 | # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3 | |
288 | # enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1" | |
289 | # enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5" | |
290 | # enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15" | |
291 | # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 | |
292 | # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 | |
293 | # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 | |
294 | # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00" | |
295 | # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00" | |
296 | # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00" | |
297 | # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0 | |
298 | # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0 | |
299 | # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0 | |
300 | # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = "" | |
301 | # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = "" | |
302 | # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = "" | |
303 | ||
304 | # ----------------------------------------------------------------------------- | |
305 | ||
306 | ||
307 | ############################################################################### | |
308 | # Extensible sections. | |
309 | # | |
310 | ||
311 | # This alleviates the multiple line output problem found in the | |
312 | # previous executable mib by placing each mib in its own mib table: | |
313 | ||
314 | # Run a shell script containing: | |
315 | # | |
316 | # #!/bin/sh | |
317 | # echo hello world | |
318 | # echo hi there | |
319 | # exit 35 | |
320 | # | |
321 | # Note: this has been specifically commented out to prevent | |
322 | # accidental security holes due to someone else on your system writing | |
323 | # a /tmp/shtest before you do. Uncomment to use it. | |
324 | # | |
325 | # exec .EXTENSIBLEDOTMIB.50 shelltest /bin/sh /tmp/shtest | |
326 | ||
327 | # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.50 | |
328 | # enterprises.ucdavis.50.1.1 = 1 | |
329 | # enterprises.ucdavis.50.2.1 = "shelltest" | |
330 | # enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest" | |
331 | # enterprises.ucdavis.50.100.1 = 35 | |
332 | # enterprises.ucdavis.50.101.1 = "hello world." | |
333 | # enterprises.ucdavis.50.101.2 = "hi there." | |
334 | # enterprises.ucdavis.50.102.1 = 0 | |
335 | ||
336 | # Now the Output has grown to two lines, and we can see the 'hi | |
337 | # there.' output as the second line from our shell script. | |
338 | # | |
339 | # Note that you must alter the mib.txt file to be correct if you want | |
340 | # the .50.* outputs above to change to reasonable text descriptions. | |
341 | ||
342 | # Other ideas: | |
343 | # | |
344 | # exec .EXTENSIBLEDOTMIB.51 ps /bin/ps | |
345 | # exec .EXTENSIBLEDOTMIB.52 top /usr/local/bin/top | |
346 | # exec .EXTENSIBLEDOTMIB.53 mailq /usr/bin/mailq | |
347 | ||
348 | # ----------------------------------------------------------------------------- | |
349 | ||
350 | ||
351 | ############################################################################### | |
352 | # Pass through control. | |
353 | # | |
354 | ||
355 | # Usage: | |
356 | # pass MIBOID EXEC-COMMAND | |
357 | # | |
358 | # This will pass total control of the mib underneath the MIBOID | |
359 | # portion of the mib to the EXEC-COMMAND. | |
360 | # | |
361 | # Note: You'll have to change the path of the passtest script to your | |
362 | # source directory or install it in the given location. | |
363 | # | |
364 | # Example: (see the script for details) | |
365 | # (commented out here since it requires that you place the | |
366 | # script in the right location. (its not installed by default)) | |
367 | ||
368 | # pass .EXTENSIBLEDOTMIB.255 /bin/sh PREFIX/local/passtest | |
369 | ||
370 | # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.255 | |
371 | # enterprises.ucdavis.255.1 = "life the universe and everything" | |
372 | # enterprises.ucdavis.255.2.1 = 42 | |
373 | # enterprises.ucdavis.255.2.2 = OID: 42.42.42 | |
374 | # enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42 | |
375 | # enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1 | |
376 | # enterprises.ucdavis.255.5 = 42 | |
377 | # enterprises.ucdavis.255.6 = Gauge: 42 | |
378 | # | |
379 | # % snmpget -v 1 -c public localhost .EXTENSIBLEDOTMIB.255.5 | |
380 | # enterprises.ucdavis.255.5 = 42 | |
381 | # | |
382 | # % snmpset -v 1 -c public localhost .EXTENSIBLEDOTMIB.255.1 s "New string" | |
383 | # enterprises.ucdavis.255.1 = "New string" | |
384 | # | |
385 | ||
386 | # For specific usage information, see the man/snmpd.conf.5 manual page | |
387 | # as well as the local/passtest script used in the above example. | |
388 | ||
389 | ############################################################################### | |
390 | # Subagent control | |
391 | # | |
392 | ||
393 | # The agent can support subagents using a number of extension mechanisms. | |
394 | # From the 4.2.1 release, AgentX support is being compiled in by default. | |
395 | # To use this mechanism, simply uncomment the following directive. | |
396 | # | |
397 | # master agentx | |
398 | # | |
399 | # Please see the file README.agentx for more details. | |
400 | # | |
401 | ||
402 | ||
403 | ############################################################################### | |
404 | # Further Information | |
405 | # | |
406 | # See the snmpd.conf manual page, and the output of "snmpd -H". | |
407 | # MUCH more can be done with the snmpd.conf than is shown as an | |
408 | # example here. |