1 ###############################################################################
4 # An example configuration file for configuring the ucd-snmp snmpd agent.
6 ###############################################################################
8 # This file is intended to only be an example. If, however, you want
9 # to use it, it should be placed in SYSCONFDIR/snmp/snmpd.conf.
10 # When the snmpd agent starts up, this is where it will look for it.
12 # You might be interested in generating your own snmpd.conf file using
13 # the "snmpconf" program (perl script) instead. It's a nice menu
14 # based interface to writing well commented configuration files. Try it!
16 # Note: This file is automatically generated from EXAMPLE.conf.def.
17 # Do NOT read the EXAMPLE.conf.def file! Instead, after you have run
18 # configure & make, and then make sure you read the EXAMPLE.conf file
19 # instead, as it will tailor itself to your configuration.
21 # All lines beginning with a '#' are comments and are intended for you
22 # to read. All other lines are configuration commands for the agent.
25 # PLEASE: read the snmpd.conf(5) manual page as well!
29 ###############################################################################
31 ###############################################################################
33 # YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
34 # KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
35 # SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
37 # By far, the most common question I get about the agent is "why won't
38 # it work?", when really it should be "how do I configure the agent to
39 # allow me to access it?"
41 # By default, the agent responds to the "public" community for read
42 # only access, if run out of the box without any configuration file in
43 # place. The following examples show you other ways of configuring
44 # the agent so that you can change the community names, and give
45 # yourself write access as well.
47 # The following lines change the access permissions of the agent so
48 # that the COMMUNITY string provides read-only access to your entire
49 # NETWORK (EG: 10.10.10.0/24), and read/write access to only the
50 # localhost (127.0.0.1, not its real ipaddress).
52 # For more information, read the FAQ as well as the snmpd.conf(5)
56 # First, map the community name (COMMUNITY) into a security name
57 # (local and mynetwork, depending on where the request is coming
60 # sec.name source community
61 com2sec local localhost public
62 #com2sec mynetwork NETWORK/24 public
65 # Second, map the security names into group names:
68 group MyRWGroup v1 local
69 group MyRWGroup v2c local
70 group MyRWGroup usm local
71 group MyROGroup v1 mynetwork
72 group MyROGroup v2c mynetwork
73 group MyROGroup usm mynetwork
76 # Third, create a view for us to let the groups have rights to:
78 # incl/excl subtree mask
79 view all included .1 80
82 # Finally, grant the 2 groups access to the 1 view with different
85 # context sec.model sec.level match read write notif
86 access MyROGroup "" any noauth exact all none none
87 access MyRWGroup "" any noauth exact all all none
89 # -----------------------------------------------------------------------------
92 ###############################################################################
93 # System contact information
96 # It is also possible to set the sysContact and sysLocation system
97 # variables through the snmpd.conf file. **PLEASE NOTE** that setting
98 # the value of these objects here makes these objects READ-ONLY
99 # (regardless of any access control settings). Any attempt to set the
100 # value of an object whose value is given here will fail with an error
101 # status of notWritable.
103 syslocation Right here, right now.
104 syscontact Me <me@somewhere.org>
106 # Example output of snmpwalk:
107 # % snmpwalk -v 1 -c public localhost system
108 # system.sysDescr.0 = "SunOS name sun4c"
109 # system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
110 # system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
111 # system.sysContact.0 = "Me <me@somewhere.org>"
112 # system.sysName.0 = "name"
113 # system.sysLocation.0 = "Right here, right now."
114 # system.sysServices.0 = 72
117 # -----------------------------------------------------------------------------
120 ###############################################################################
123 # The following are examples of how to use the agent to check for
124 # processes running on the host. The syntax looks something like:
126 # proc NAME [MAX=0] [MIN=0]
128 # NAME: the name of the process to check for. It must match
129 # exactly (ie, http will not find httpd processes).
130 # MAX: the maximum number allowed to be running. Defaults to 0.
131 # MIN: the minimum number to be running. Defaults to 0.
137 # Make sure mountd is running
140 # Make sure there are no more than 4 ntalkds running, but 0 is ok too.
143 # Make sure at least one sendmail, but less than or equal to 10 are running.
146 # A snmpwalk of the prTable would look something like this:
148 # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.PROCMIBNUM
149 # enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
150 # enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
151 # enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
152 # enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
153 # enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
154 # enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
155 # enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
156 # enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
157 # enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
158 # enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
159 # enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
160 # enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
161 # enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
162 # enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
163 # enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
164 # enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
165 # enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
166 # enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
167 # enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
168 # enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
169 # enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
170 # enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
171 # enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
172 # enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
174 # Note that the errorFlag for mountd is set to 1 because one is not
175 # running (in this case an rpc.mountd is, but thats not good enough),
176 # and the ErrMessage tells you what's wrong. The configuration
177 # imposed in the snmpd.conf file is also shown.
179 # Special Case: When the min and max numbers are both 0, it assumes
180 # you want a max of infinity and a min of 1.
184 # -----------------------------------------------------------------------------
187 ###############################################################################
188 # Executables/scripts
192 # You can also have programs run by the agent that return a single
193 # line of output and an exit code. Here are two examples.
195 # exec NAME PROGRAM [ARGS ...]
197 # NAME: A generic name.
198 # PROGRAM: The program to run. Include the path!
199 # ARGS: optional arguments to be passed to the program
201 # a simple hello world
202 exec echotest /bin/echo hello world
204 # Run a shell script containing:
211 # Note: this has been specifically commented out to prevent
212 # accidental security holes due to someone else on your system writing
213 # a /tmp/shtest before you do. Uncomment to use it.
215 #exec shelltest /bin/sh /tmp/shtest
218 # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.SHELLMIBNUM
219 # enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
220 # enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
221 # enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
222 # enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
223 # enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
224 # enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
225 # enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
226 # enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
227 # enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
228 # enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
229 # enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
230 # enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
232 # Note that the second line of the /tmp/shtest shell script is cut
233 # off. Also note that the exit status of 35 was returned.
235 # -----------------------------------------------------------------------------
238 ###############################################################################
242 # The agent can check the amount of available disk space, and make
243 # sure it is above a set limit.
245 # disk PATH [MIN=DEFDISKMINIMUMSPACE]
247 # PATH: mount path to the disk in question.
248 # MIN: Disks with space below this value will have the Mib's errorFlag set.
249 # Default value = DEFDISKMINIMUMSPACE.
251 # Check the / partition and make sure it contains at least 10 megs.
255 # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.DISKMIBNUM
256 # enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
257 # enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F
258 # enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
259 # enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
260 # enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
261 # enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
262 # enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
263 # enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
264 # enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
265 # enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
267 # -----------------------------------------------------------------------------
270 ###############################################################################
271 # load average checks
274 # load [1MAX=DEFMAXLOADAVE] [5MAX=DEFMAXLOADAVE] [15MAX=DEFMAXLOADAVE]
276 # 1MAX: If the 1 minute load average is above this limit at query
277 # time, the errorFlag will be set.
278 # 5MAX: Similar, but for 5 min average.
279 # 15MAX: Similar, but for 15 min average.
284 # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.LOADAVEMIBNUM
285 # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
286 # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
287 # enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
288 # enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
289 # enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
290 # enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
291 # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39
292 # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31
293 # enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36
294 # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
295 # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
296 # enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
297 # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
298 # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
299 # enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
300 # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
301 # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
302 # enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
304 # -----------------------------------------------------------------------------
307 ###############################################################################
308 # Extensible sections.
311 # This alleviates the multiple line output problem found in the
312 # previous executable mib by placing each mib in its own mib table:
314 # Run a shell script containing:
321 # Note: this has been specifically commented out to prevent
322 # accidental security holes due to someone else on your system writing
323 # a /tmp/shtest before you do. Uncomment to use it.
325 # exec .EXTENSIBLEDOTMIB.50 shelltest /bin/sh /tmp/shtest
327 # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.50
328 # enterprises.ucdavis.50.1.1 = 1
329 # enterprises.ucdavis.50.2.1 = "shelltest"
330 # enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
331 # enterprises.ucdavis.50.100.1 = 35
332 # enterprises.ucdavis.50.101.1 = "hello world."
333 # enterprises.ucdavis.50.101.2 = "hi there."
334 # enterprises.ucdavis.50.102.1 = 0
336 # Now the Output has grown to two lines, and we can see the 'hi
337 # there.' output as the second line from our shell script.
339 # Note that you must alter the mib.txt file to be correct if you want
340 # the .50.* outputs above to change to reasonable text descriptions.
344 # exec .EXTENSIBLEDOTMIB.51 ps /bin/ps
345 # exec .EXTENSIBLEDOTMIB.52 top /usr/local/bin/top
346 # exec .EXTENSIBLEDOTMIB.53 mailq /usr/bin/mailq
348 # -----------------------------------------------------------------------------
351 ###############################################################################
352 # Pass through control.
356 # pass MIBOID EXEC-COMMAND
358 # This will pass total control of the mib underneath the MIBOID
359 # portion of the mib to the EXEC-COMMAND.
361 # Note: You'll have to change the path of the passtest script to your
362 # source directory or install it in the given location.
364 # Example: (see the script for details)
365 # (commented out here since it requires that you place the
366 # script in the right location. (its not installed by default))
368 # pass .EXTENSIBLEDOTMIB.255 /bin/sh PREFIX/local/passtest
370 # % snmpwalk -v 1 -c public localhost .EXTENSIBLEDOTMIB.255
371 # enterprises.ucdavis.255.1 = "life the universe and everything"
372 # enterprises.ucdavis.255.2.1 = 42
373 # enterprises.ucdavis.255.2.2 = OID: 42.42.42
374 # enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
375 # enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
376 # enterprises.ucdavis.255.5 = 42
377 # enterprises.ucdavis.255.6 = Gauge: 42
379 # % snmpget -v 1 -c public localhost .EXTENSIBLEDOTMIB.255.5
380 # enterprises.ucdavis.255.5 = 42
382 # % snmpset -v 1 -c public localhost .EXTENSIBLEDOTMIB.255.1 s "New string"
383 # enterprises.ucdavis.255.1 = "New string"
386 # For specific usage information, see the man/snmpd.conf.5 manual page
387 # as well as the local/passtest script used in the above example.
389 ###############################################################################
393 # The agent can support subagents using a number of extension mechanisms.
394 # From the 4.2.1 release, AgentX support is being compiled in by default.
395 # To use this mechanism, simply uncomment the following directive.
399 # Please see the file README.agentx for more details.
403 ###############################################################################
404 # Further Information
406 # See the snmpd.conf manual page, and the output of "snmpd -H".
407 # MUCH more can be done with the snmpd.conf than is shown as an