[people/stevee/ipfire-3.x.git] / net-snmp / snmpd.conf

###############################################################################
#
# snmpd.conf:
#   An example configuration file for configuring the ucd-snmp snmpd agent.
#
###############################################################################
#
# This file is intended to only be as a starting point.  Many more
# configuration directives exist than are mentioned in this file.  For 
# full details, see the snmpd.conf(5) manual page.
#
# All lines beginning with a '#' are comments and are intended for you
# to read.  All other lines are configuration commands for the agent.

###############################################################################
# Access Control
###############################################################################

# As shipped, the snmpd demon will only respond to queries on the
# system mib group until this file is replaced or modified for
# security purposes.  Examples are shown below about how to increase the
# level of access.

# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in 
# place.  The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access to the mib tree as well.
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.

####
# First, map the community name "public" into a "security name"

#       sec.name  source          community
com2sec notConfigUser  default       public

####
# Second, map the security name into a group name:

#       groupName      securityModel securityName
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser

####
# Third, create a view for us to let the group have rights to:

# Make at least  snmpwalk -v 1 localhost -c public system fast again.
#       name           incl/excl     subtree         mask(optional)
view    systemview    included   .1.3.6.1.2.1.1
view    systemview    included   .1.3.6.1.2.1.25.1.1

####
# Finally, grant the group read-only access to the systemview view.

#       group          context sec.model sec.level prefix read   write  notif
access  notConfigGroup ""      any       noauth    exact  systemview none none

# -----------------------------------------------------------------------------

# Here is a commented out example configuration that allows less
# restrictive access.

# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

##       sec.name  source          community
#com2sec local     localhost       COMMUNITY
#com2sec mynetwork NETWORK/24      COMMUNITY

##     group.name sec.model  sec.name
#group MyRWGroup  any        local
#group MyROGroup  any        mynetwork
#
#group MyRWGroup  any        otherv3user
#...

##           incl/excl subtree                          mask
#view all    included  .1                               80

## -or just the mib2 tree-

#view mib2   included  .iso.org.dod.internet.mgmt.mib-2 fc


##                context sec.model sec.level prefix read   write  notif
#access MyROGroup ""      any       noauth    0      all    none   none
#access MyRWGroup ""      any       noauth    0      all    all    all


###############################################################################
# Sample configuration to make net-snmpd RFC 1213.
# Unfortunately v1 and v2c don't allow any user based authentification, so
# opening up the default config is not an option from a security point.
#
# WARNING: If you uncomment the following lines you allow write access to your
# snmpd daemon from any source! To avoid this use different names for your
# community or split out the write access to a different community and 
# restrict it to your local network.
# Also remember to comment the syslocation and syscontact parameters later as
# otherwise they are still read only (see FAQ for net-snmp).
#

# First, map the community name "public" into a "security name"
#       sec.name        source          community
#com2sec notConfigUser   default         public

# Second, map the security name into a group name:
#       groupName       securityModel   securityName
#group   notConfigGroup  v1              notConfigUser
#group   notConfigGroup  v2c             notConfigUser

# Third, create a view for us to let the group have rights to:
# Open up the whole tree for ro, make the RFC 1213 required ones rw.
#       name            incl/excl       subtree mask(optional)
#view    roview          included        .1
#view    rwview          included        system.sysContact
#view    rwview          included        system.sysName
#view    rwview          included        system.sysLocation
#view    rwview          included        interfaces.ifTable.ifEntry.ifAdminStatus
#view    rwview          included        at.atTable.atEntry.atPhysAddress
#view    rwview          included        at.atTable.atEntry.atNetAddress
#view    rwview          included        ip.ipForwarding
#view    rwview          included        ip.ipDefaultTTL
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteDest
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteType
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteAge
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMask
#view    rwview          included        ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
#view    rwview          included        ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
#view    rwview          included        tcp.tcpConnTable.tcpConnEntry.tcpConnState
#view    rwview          included        egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
#view    rwview          included        snmp.snmpEnableAuthenTraps

# Finally, grant the group read-only access to the systemview view.
#       group          context sec.model sec.level prefix read   write  notif
#access  notConfigGroup ""      any       noauth    exact  roview rwview none


###############################################################################
# System contact information
#

# It is also possible to set the sysContact and sysLocation system
# variables through the snmpd.conf file:

syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)

# Example output of snmpwalk:
#   % snmpwalk -v 1 localhost -c public system
#   system.sysDescr.0 = "SunOS name sun4c"
#   system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
#   system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
#   system.sysContact.0 = "Me <me@somewhere.org>"
#   system.sysName.0 = "name"
#   system.sysLocation.0 = "Right here, right now."
#   system.sysServices.0 = 72


###############################################################################
# Logging
#

# We do not want annoying "Connection from UDP: " messages in syslog.
# If the following option is commented out, snmpd will print each incoming
# connection, which can be useful for debugging.

dontLogTCPWrappersConnects yes

# -----------------------------------------------------------------------------


###############################################################################
# Process checks.
#
#  The following are examples of how to use the agent to check for
#  processes running on the host.  The syntax looks something like:
#
#  proc NAME [MAX=0] [MIN=0]
#
#  NAME:  the name of the process to check for.  It must match
#         exactly (ie, http will not find httpd processes).
#  MAX:   the maximum number allowed to be running.  Defaults to 0.
#  MIN:   the minimum number to be running.  Defaults to 0.

#
#  Examples (commented out by default):
#

#  Make sure mountd is running
#proc mountd

#  Make sure there are no more than 4 ntalkds running, but 0 is ok too.
#proc ntalkd 4

#  Make sure at least one sendmail, but less than or equal to 10 are running.
#proc sendmail 10 1

#  A snmpwalk of the process mib tree would look something like this:
# 
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
#
#  Note that the errorFlag for mountd is set to 1 because one is not
#  running (in this case an rpc.mountd is, but thats not good enough),
#  and the ErrMessage tells you what's wrong.  The configuration
#  imposed in the snmpd.conf file is also shown.  
# 
#  Special Case:  When the min and max numbers are both 0, it assumes
#  you want a max of infinity and a min of 1.
#


# -----------------------------------------------------------------------------


###############################################################################
# Executables/scripts
#

#
#  You can also have programs run by the agent that return a single
#  line of output and an exit code.  Here are two examples.
#
#  exec NAME PROGRAM [ARGS ...]
#
#  NAME:     A generic name. The name must be unique for each exec statement.
#  PROGRAM:  The program to run.  Include the path!
#  ARGS:     optional arguments to be passed to the program

# a simple hello world

#exec echotest /bin/echo hello world

# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note:  this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do.  Uncomment to use it.
#
#exec shelltest /bin/sh /tmp/shtest

# Then, 
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0

# Note that the second line of the /tmp/shtest shell script is cut
# off.  Also note that the exit status of 35 was returned.

# -----------------------------------------------------------------------------


###############################################################################
# disk checks
#

# The agent can check the amount of available disk space, and make
# sure it is above a set limit.  

# disk PATH [MIN=100000]
#
# PATH:  mount path to the disk in question.
# MIN:   Disks with space below this value will have the Mib's errorFlag set.
#        Default value = 100000.

# Check the / partition and make sure it contains at least 10 megs.

#disk / 10000

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F 
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""

# -----------------------------------------------------------------------------


###############################################################################
# load average checks
#

# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
#
# 1MAX:   If the 1 minute load average is above this limit at query
#         time, the errorFlag will be set.
# 5MAX:   Similar, but for 5 min average.
# 15MAX:  Similar, but for 15 min average.

# Check for loads:
#load 12 14 14

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""

# -----------------------------------------------------------------------------


###############################################################################
# Extensible sections.
# 

# This alleviates the multiple line output problem found in the
# previous executable mib by placing each mib in its own mib table:

# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note:  this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do.  Uncomment to use it.
#
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
# enterprises.ucdavis.50.1.1 = 1
# enterprises.ucdavis.50.2.1 = "shelltest"
# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
# enterprises.ucdavis.50.100.1 = 35
# enterprises.ucdavis.50.101.1 = "hello world."
# enterprises.ucdavis.50.101.2 = "hi there."
# enterprises.ucdavis.50.102.1 = 0

# Now the Output has grown to two lines, and we can see the 'hi
# there.' output as the second line from our shell script.
#
# Note that you must alter the mib.txt file to be correct if you want
# the .50.* outputs above to change to reasonable text descriptions.

# Other ideas:
# 
# exec .1.3.6.1.4.1.2021.51 ps /bin/ps 
# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq

# -----------------------------------------------------------------------------


###############################################################################
# Pass through control.
# 

# Usage:
#   pass MIBOID EXEC-COMMAND
#
# This will pass total control of the mib underneath the MIBOID
# portion of the mib to the EXEC-COMMAND.  
#
# Note:  You'll have to change the path of the passtest script to your
# source directory or install it in the given location.
# 
# Example:  (see the script for details)
#           (commented out here since it requires that you place the
#           script in the right location. (its not installed by default))

# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest

# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
# enterprises.ucdavis.255.1 = "life the universe and everything"
# enterprises.ucdavis.255.2.1 = 42
# enterprises.ucdavis.255.2.2 = OID: 42.42.42
# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
# enterprises.ucdavis.255.5 = 42
# enterprises.ucdavis.255.6 = Gauge: 42
#
# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
# enterprises.ucdavis.255.5 = 42
#
# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"
# enterprises.ucdavis.255.1 = "New string"
#

# For specific usage information, see the man/snmpd.conf.5 manual page
# as well as the local/passtest script used in the above example.

###############################################################################
# Further Information
#
#  See the snmpd.conf manual page, and the output of "snmpd -H".
Commit	Line	Data
0302c83d MT	1	###############################################################################
	2	#
	3	# snmpd.conf:
	4	# An example configuration file for configuring the ucd-snmp snmpd agent.
	5	#
	6	###############################################################################
	7	#
	8	# This file is intended to only be as a starting point. Many more
	9	# configuration directives exist than are mentioned in this file. For
	10	# full details, see the snmpd.conf(5) manual page.
	11	#
	12	# All lines beginning with a '#' are comments and are intended for you
	13	# to read. All other lines are configuration commands for the agent.
	14
	15	###############################################################################
	16	# Access Control
	17	###############################################################################
	18
	19	# As shipped, the snmpd demon will only respond to queries on the
	20	# system mib group until this file is replaced or modified for
	21	# security purposes. Examples are shown below about how to increase the
	22	# level of access.
	23
	24	# By far, the most common question I get about the agent is "why won't
	25	# it work?", when really it should be "how do I configure the agent to
	26	# allow me to access it?"
	27	#
	28	# By default, the agent responds to the "public" community for read
	29	# only access, if run out of the box without any configuration file in
	30	# place. The following examples show you other ways of configuring
	31	# the agent so that you can change the community names, and give
	32	# yourself write access to the mib tree as well.
	33	#
	34	# For more information, read the FAQ as well as the snmpd.conf(5)
	35	# manual page.
	36
	37	####
	38	# First, map the community name "public" into a "security name"
	39
	40	# sec.name source community
	41	com2sec notConfigUser default public
	42
	43	####
	44	# Second, map the security name into a group name:
	45
	46	# groupName securityModel securityName
	47	group notConfigGroup v1 notConfigUser
	48	group notConfigGroup v2c notConfigUser
	49
	50	####
	51	# Third, create a view for us to let the group have rights to:
	52
	53	# Make at least snmpwalk -v 1 localhost -c public system fast again.
	54	# name incl/excl subtree mask(optional)
	55	view systemview included .1.3.6.1.2.1.1
	56	view systemview included .1.3.6.1.2.1.25.1.1
	57
	58	####
	59	# Finally, grant the group read-only access to the systemview view.
	60
	61	# group context sec.model sec.level prefix read write notif
	62	access notConfigGroup "" any noauth exact systemview none none
	63
	64	# -----------------------------------------------------------------------------
65
66	# Here is a commented out example configuration that allows less
67	# restrictive access.
68
69	# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
70	# KNOWN AT YOUR SITE. YOU MUST CHANGE THE NETWORK TOKEN BELOW TO
71	# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
72
73	## sec.name source community
74	#com2sec local localhost COMMUNITY
75	#com2sec mynetwork NETWORK/24 COMMUNITY
76
77	## group.name sec.model sec.name
78	#group MyRWGroup any local
79	#group MyROGroup any mynetwork
80	#
81	#group MyRWGroup any otherv3user
82	#...
83
84	## incl/excl subtree mask
85	#view all included .1 80
86
87	## -or just the mib2 tree-
88
89	#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
90
91
92	## context sec.model sec.level prefix read write notif
93	#access MyROGroup "" any noauth 0 all none none
94	#access MyRWGroup "" any noauth 0 all all all
95
96
97	###############################################################################
98	# Sample configuration to make net-snmpd RFC 1213.
99	# Unfortunately v1 and v2c don't allow any user based authentification, so
100	# opening up the default config is not an option from a security point.
101	#
102	# WARNING: If you uncomment the following lines you allow write access to your
103	# snmpd daemon from any source! To avoid this use different names for your
104	# community or split out the write access to a different community and
105	# restrict it to your local network.
106	# Also remember to comment the syslocation and syscontact parameters later as
107	# otherwise they are still read only (see FAQ for net-snmp).
108	#
109
110	# First, map the community name "public" into a "security name"
111	# sec.name source community
112	#com2sec notConfigUser default public
113
114	# Second, map the security name into a group name:
115	# groupName securityModel securityName
116	#group notConfigGroup v1 notConfigUser
117	#group notConfigGroup v2c notConfigUser
118
119	# Third, create a view for us to let the group have rights to:
120	# Open up the whole tree for ro, make the RFC 1213 required ones rw.
121	# name incl/excl subtree mask(optional)
122	#view roview included .1
123	#view rwview included system.sysContact
124	#view rwview included system.sysName
125	#view rwview included system.sysLocation
126	#view rwview included interfaces.ifTable.ifEntry.ifAdminStatus
127	#view rwview included at.atTable.atEntry.atPhysAddress
128	#view rwview included at.atTable.atEntry.atNetAddress
129	#view rwview included ip.ipForwarding
130	#view rwview included ip.ipDefaultTTL
131	#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteDest
132	#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
133	#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
134	#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
135	#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
136	#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
137	#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteType
138	#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteAge
139	#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMask
140	#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
141	#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
142	#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
143	#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
144	#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
145	#view rwview included tcp.tcpConnTable.tcpConnEntry.tcpConnState
146	#view rwview included egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
147	#view rwview included snmp.snmpEnableAuthenTraps
148
149	# Finally, grant the group read-only access to the systemview view.
150	# group context sec.model sec.level prefix read write notif
151	#access notConfigGroup "" any noauth exact roview rwview none
152
153
154
155	###############################################################################
156	# System contact information
157	#
158
159	# It is also possible to set the sysContact and sysLocation system
160	# variables through the snmpd.conf file:
161
162	syslocation Unknown (edit /etc/snmp/snmpd.conf)
163	syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
164
165	# Example output of snmpwalk:
166	# % snmpwalk -v 1 localhost -c public system
167	# system.sysDescr.0 = "SunOS name sun4c"
168	# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
169	# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
170	# system.sysContact.0 = "Me <me@somewhere.org>"
171	# system.sysName.0 = "name"
172	# system.sysLocation.0 = "Right here, right now."
173	# system.sysServices.0 = 72
174
175
176	###############################################################################
177	# Logging
178	#
179
180	# We do not want annoying "Connection from UDP: " messages in syslog.
181	# If the following option is commented out, snmpd will print each incoming
182	# connection, which can be useful for debugging.
183
184	dontLogTCPWrappersConnects yes
185
186	# -----------------------------------------------------------------------------
187
188
189	###############################################################################
190	# Process checks.
191	#
192	# The following are examples of how to use the agent to check for
193	# processes running on the host. The syntax looks something like:
194	#
195	# proc NAME [MAX=0] [MIN=0]
196	#
197	# NAME: the name of the process to check for. It must match
198	# exactly (ie, http will not find httpd processes).
199	# MAX: the maximum number allowed to be running. Defaults to 0.
200	# MIN: the minimum number to be running. Defaults to 0.
201
202	#
203	# Examples (commented out by default):
204	#
205
206	# Make sure mountd is running
207	#proc mountd
208
209	# Make sure there are no more than 4 ntalkds running, but 0 is ok too.
210	#proc ntalkd 4
211
212	# Make sure at least one sendmail, but less than or equal to 10 are running.
213	#proc sendmail 10 1
214
215	# A snmpwalk of the process mib tree would look something like this:
216	#
217	# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
218	# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
219	# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
220	# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
221	# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
222	# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
223	# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
224	# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
225	# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
226	# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
227	# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
228	# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
229	# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
230	# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
231	# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
232	# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
233	# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
234	# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
235	# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
236	# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
237	# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
238	# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
239	# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
240	# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
241	# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
242	#
243	# Note that the errorFlag for mountd is set to 1 because one is not
244	# running (in this case an rpc.mountd is, but thats not good enough),
245	# and the ErrMessage tells you what's wrong. The configuration
246	# imposed in the snmpd.conf file is also shown.
247	#
248	# Special Case: When the min and max numbers are both 0, it assumes
249	# you want a max of infinity and a min of 1.
250	#
251
252
253	# -----------------------------------------------------------------------------
254
255
256	###############################################################################
257	# Executables/scripts
258	#
259
260	#
261	# You can also have programs run by the agent that return a single
262	# line of output and an exit code. Here are two examples.
263	#
264	# exec NAME PROGRAM [ARGS ...]
265	#
266	# NAME: A generic name. The name must be unique for each exec statement.
267	# PROGRAM: The program to run. Include the path!
268	# ARGS: optional arguments to be passed to the program
269
270	# a simple hello world
271
272	#exec echotest /bin/echo hello world
273
274	# Run a shell script containing:
275	#
276	# #!/bin/sh
277	# echo hello world
278	# echo hi there
279	# exit 35
280	#
281	# Note: this has been specifically commented out to prevent
282	# accidental security holes due to someone else on your system writing
283	# a /tmp/shtest before you do. Uncomment to use it.
284	#
285	#exec shelltest /bin/sh /tmp/shtest
286
287	# Then,
288	# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
289	# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
290	# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
291	# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
292	# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
293	# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
294	# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
295	# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
296	# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
297	# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
298	# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
299	# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
300	# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
301
302	# Note that the second line of the /tmp/shtest shell script is cut
303	# off. Also note that the exit status of 35 was returned.
304
305	# -----------------------------------------------------------------------------
306
307
308	###############################################################################
309	# disk checks
310	#
311
312	# The agent can check the amount of available disk space, and make
313	# sure it is above a set limit.
314
315	# disk PATH [MIN=100000]
316	#
317	# PATH: mount path to the disk in question.
318	# MIN: Disks with space below this value will have the Mib's errorFlag set.
319	# Default value = 100000.
320
321	# Check the / partition and make sure it contains at least 10 megs.
322
323	#disk / 10000
324
325	# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
326	# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
327	# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F
328	# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
329	# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
330	# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
331	# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
332	# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
333	# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
334	# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
335	# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
336
337	# -----------------------------------------------------------------------------
338
339
340	###############################################################################
341	# load average checks
342	#
343
344	# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
345	#
346	# 1MAX: If the 1 minute load average is above this limit at query
347	# time, the errorFlag will be set.
348	# 5MAX: Similar, but for 5 min average.
349	# 15MAX: Similar, but for 15 min average.
350
351	# Check for loads:
352	#load 12 14 14
353
354	# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
355	# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
356	# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
357	# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
358	# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
359	# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
360	# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
361	# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39
362	# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31
363	# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36
364	# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
365	# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
366	# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
367	# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
368	# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
369	# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
370	# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
371	# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
372	# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
373
374	# -----------------------------------------------------------------------------
375
376
377	###############################################################################
378	# Extensible sections.
379	#
380
381	# This alleviates the multiple line output problem found in the
382	# previous executable mib by placing each mib in its own mib table:
383
384	# Run a shell script containing:
385	#
386	# #!/bin/sh
387	# echo hello world
388	# echo hi there
389	# exit 35
390	#
391	# Note: this has been specifically commented out to prevent
392	# accidental security holes due to someone else on your system writing
393	# a /tmp/shtest before you do. Uncomment to use it.
394	#
395	# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
396
397	# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
398	# enterprises.ucdavis.50.1.1 = 1
399	# enterprises.ucdavis.50.2.1 = "shelltest"
400	# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
401	# enterprises.ucdavis.50.100.1 = 35
402	# enterprises.ucdavis.50.101.1 = "hello world."
403	# enterprises.ucdavis.50.101.2 = "hi there."
404	# enterprises.ucdavis.50.102.1 = 0
405
406	# Now the Output has grown to two lines, and we can see the 'hi
407	# there.' output as the second line from our shell script.
408	#
409	# Note that you must alter the mib.txt file to be correct if you want
410	# the .50.* outputs above to change to reasonable text descriptions.
411
412	# Other ideas:
413	#
414	# exec .1.3.6.1.4.1.2021.51 ps /bin/ps
415	# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
416	# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
417
418	# -----------------------------------------------------------------------------
419
420
421	###############################################################################
422	# Pass through control.
423	#
424
425	# Usage:
426	# pass MIBOID EXEC-COMMAND
427	#
428	# This will pass total control of the mib underneath the MIBOID
429	# portion of the mib to the EXEC-COMMAND.
430	#
431	# Note: You'll have to change the path of the passtest script to your
432	# source directory or install it in the given location.
433	#
434	# Example: (see the script for details)
435	# (commented out here since it requires that you place the
436	# script in the right location. (its not installed by default))
437
438	# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest
439
440	# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
441	# enterprises.ucdavis.255.1 = "life the universe and everything"
442	# enterprises.ucdavis.255.2.1 = 42
443	# enterprises.ucdavis.255.2.2 = OID: 42.42.42
444	# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
445	# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
446	# enterprises.ucdavis.255.5 = 42
447	# enterprises.ucdavis.255.6 = Gauge: 42
448	#
449	# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
450	# enterprises.ucdavis.255.5 = 42
451	#
452	# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"
453	# enterprises.ucdavis.255.1 = "New string"
454	#
455
456	# For specific usage information, see the man/snmpd.conf.5 manual page
457	# as well as the local/passtest script used in the above example.
458
459	###############################################################################
460	# Further Information
461	#
462	# See the snmpd.conf manual page, and the output of "snmpd -H".