1############################################################################### 2# 3# EXAMPLE.conf: 4# An example configuration file for configuring the ucd-snmp snmpd agent. 5# 6############################################################################### 7# 8# This file is intended to only be an example. If, however, you want 9# to use it, it should be placed in /etc/snmp/snmpd.conf. 10# When the snmpd agent starts up, this is where it will look for it. 11# 12# You might be interested in generating your own snmpd.conf file using 13# the "snmpconf" program (perl script) instead. It's a nice menu 14# based interface to writing well commented configuration files. Try it! 15# 16# Note: This file is automatically generated from EXAMPLE.conf.def. 17# Do NOT read the EXAMPLE.conf.def file! Instead, after you have run 18# configure & make, and then make sure you read the EXAMPLE.conf file 19# instead, as it will tailor itself to your configuration. 20 21# All lines beginning with a '#' are comments and are intended for you 22# to read. All other lines are configuration commands for the agent. 23 24# 25# PLEASE: read the snmpd.conf(5) manual page as well! 26# 27 28 29############################################################################### 30# Access Control 31############################################################################### 32 33# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY 34# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO 35# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE. 36 37# By far, the most common question I get about the agent is "why won't 38# it work?", when really it should be "how do I configure the agent to 39# allow me to access it?" 40# 41# By default, the agent responds to the "public" community for read 42# only access, if run out of the box without any configuration file in 43# place. The following examples show you other ways of configuring 44# the agent so that you can change the community names, and give 45# yourself write access as well. 46# 47# The following lines change the access permissions of the agent so 48# that the COMMUNITY string provides read-only access to your entire 49# NETWORK (EG: 10.10.10.0/24), and read/write access to only the 50# localhost (127.0.0.1, not its real ipaddress). 51# 52# For more information, read the FAQ as well as the snmpd.conf(5) 53# manual page. 54 55#### 56# First, map the community name (COMMUNITY) into a security name 57# (local and mynetwork, depending on where the request is coming 58# from): 59 60# sec.name source community 61com2sec local localhost COMMUNITY 62com2sec mynetwork NETWORK/24 COMMUNITY 63 64#### 65# Second, map the security names into group names: 66 67# sec.model sec.name 68group MyRWGroup v1 local 69group MyRWGroup v2c local 70group MyRWGroup usm local 71group MyROGroup v1 mynetwork 72group MyROGroup v2c mynetwork 73group MyROGroup usm mynetwork 74 75#### 76# Third, create a view for us to let the groups have rights to: 77 78# incl/excl subtree mask 79view all included .1 80 80 81#### 82# Finally, grant the 2 groups access to the 1 view with different 83# write permissions: 84 85# context sec.model sec.level match read write notif 86access MyROGroup "" any noauth exact all none none 87access MyRWGroup "" any noauth exact all all none 88 89# rwuser: a SNMPv3 read-write user 90# arguments: user [noauth|auth|priv] [restriction_oid] 91 92rwuser admin 93 94# rocommunity: a SNMPv1/SNMPv2c read-only access community name 95# arguments: community [default|hostname|network/bits] [oid] 96 97# We limit unauthenticated requesters to the system contact info 98rocommunity public default .1.3.6.1.2.1.1.4 99 100# rwcommunity: a SNMPv1/SNMPv2c read-write access community name 101# arguments: community [default|hostname|network/bits] [oid] 102 103#rwcommunity private 104 105# ----------------------------------------------------------------------------- 106 107 108############################################################################### 109# System contact information 110# 111 112# It is also possible to set the sysContact and sysLocation system 113# variables through the snmpd.conf file. **PLEASE NOTE** that setting 114# the value of these objects here makes these objects READ-ONLY 115# (regardless of any access control settings). Any attempt to set the 116# value of an object whose value is given here will fail with an error 117# status of notWritable. 118 119syslocation Right here, right now. 120syscontact Administrator <postmaster@example.com> 121sysservices 76 122 123# Example output of snmpwalk: 124# % snmpwalk -v 1 -c public localhost system 125# system.sysDescr.0 = "SunOS name sun4c" 126# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4 127# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55 128# system.sysContact.0 = "Me <me@somewhere.org>" 129# system.sysName.0 = "name" 130# system.sysLocation.0 = "Right here, right now." 131# system.sysServices.0 = 72 132 133 134# ----------------------------------------------------------------------------- 135 136 137############################################################################### 138# Process checks. 139# 140# The following are examples of how to use the agent to check for 141# processes running on the host. The syntax looks something like: 142# 143# proc NAME [MAX=0] [MIN=0] 144# 145# NAME: the name of the process to check for. It must match 146# exactly (ie, http will not find httpd processes). 147# MAX: the maximum number allowed to be running. Defaults to 0. 148# MIN: the minimum number to be running. Defaults to 0. 149 150# 151# Examples: 152# 153 154# Make sure httpd is running 155proc httpd 156 157# Make sure mountd is running 158#proc mountd 159 160# Make sure there are no more than 4 ntalkds running, but 0 is ok too. 161#proc ntalkd 4 162 163# Make sure at least one sendmail, but less than or equal to 10 are running. 164#proc sendmail 10 1 165 166# A snmpwalk of the prTable would look something like this: 167# 168# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.2 169# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1 170# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2 171# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3 172# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd" 173# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd" 174# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail" 175# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0 176# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0 177# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1 178# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0 179# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4 180# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10 181# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0 182# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0 183# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1 184# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1 185# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0 186# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0 187# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running." 188# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = "" 189# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = "" 190# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0 191# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0 192# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0 193# 194# Note that the errorFlag for mountd is set to 1 because one is not 195# running (in this case an rpc.mountd is, but thats not good enough), 196# and the ErrMessage tells you what's wrong. The configuration 197# imposed in the snmpd.conf file is also shown. 198# 199# Special Case: When the min and max numbers are both 0, it assumes 200# you want a max of infinity and a min of 1. 201# 202 203 204# ----------------------------------------------------------------------------- 205 206 207############################################################################### 208# Executables/scripts 209# 210 211# 212# You can also have programs run by the agent that return a single 213# line of output and an exit code. Here are two examples. 214# 215# exec NAME PROGRAM [ARGS ...] 216# 217# NAME: A generic name. 218# PROGRAM: The program to run. Include the path! 219# ARGS: optional arguments to be passed to the program 220 221# a simple hello world 222exec echotest /bin/echo hello world 223 224# Run a shell script containing: 225# 226# #!/bin/sh 227# echo hello world 228# echo hi there 229# exit 35 230# 231# Note: this has been specifically commented out to prevent 232# accidental security holes due to someone else on your system writing 233# a /tmp/shtest before you do. Uncomment to use it. 234# 235#exec shelltest /bin/sh /tmp/shtest 236 237# Then, 238# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.8 239# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1 240# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2 241# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest" 242# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest" 243# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world" 244# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest" 245# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0 246# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35 247# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world." 248# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world." 249# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0 250# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0 251 252# Note that the second line of the /tmp/shtest shell script is cut 253# off. Also note that the exit status of 35 was returned. 254 255# Print full status for web server and web objects via Mac OS X Server 256# administration tool. 257exec web_status /usr/sbin/serveradmin status web 258exec wo_status /usr/sbin/serveradmin status webobjects 259 260# ----------------------------------------------------------------------------- 261 262 263############################################################################### 264# disk checks 265# 266 267# The agent can check the amount of available disk space, and make 268# sure it is above a set limit. 269 270# disk PATH [MIN=DEFDISKMINIMUMSPACE] 271# 272# PATH: mount path to the disk in question. 273# MIN: Disks with space below this value will have the Mib's errorFlag set. 274# Default value = DEFDISKMINIMUMSPACE. 275 276# Check the / partition and make sure it contains at least 10 megs. 277 278disk / 10000 279 280# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.9 281# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0 282# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F 283# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0" 284# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000 285# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130 286# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325 287# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092 288# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58 289# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0 290# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = "" 291 292# ----------------------------------------------------------------------------- 293 294 295############################################################################### 296# load average checks 297# 298 299# load [1MAX=DEFMAXLOADAVE] [5MAX=DEFMAXLOADAVE] [15MAX=DEFMAXLOADAVE] 300# 301# 1MAX: If the 1 minute load average is above this limit at query 302# time, the errorFlag will be set. 303# 5MAX: Similar, but for 5 min average. 304# 15MAX: Similar, but for 15 min average. 305 306# Check for loads: 307#load 12 14 14 308 309# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.10 310# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1 311# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2 312# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3 313# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1" 314# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5" 315# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15" 316# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 317# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 318# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 319# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00" 320# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00" 321# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00" 322# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0 323# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0 324# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0 325# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = "" 326# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = "" 327# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = "" 328 329# ----------------------------------------------------------------------------- 330 331 332############################################################################### 333# Extensible sections. 334# 335 336# This alleviates the multiple line output problem found in the 337# previous executable mib by placing each mib in its own mib table: 338 339# Run a shell script containing: 340# 341# #!/bin/sh 342# echo hello world 343# echo hi there 344# exit 35 345# 346# Note: this has been specifically commented out to prevent 347# accidental security holes due to someone else on your system writing 348# a /tmp/shtest before you do. Uncomment to use it. 349# 350# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest 351 352# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.50 353# enterprises.ucdavis.50.1.1 = 1 354# enterprises.ucdavis.50.2.1 = "shelltest" 355# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest" 356# enterprises.ucdavis.50.100.1 = 35 357# enterprises.ucdavis.50.101.1 = "hello world." 358# enterprises.ucdavis.50.101.2 = "hi there." 359# enterprises.ucdavis.50.102.1 = 0 360 361# Now the Output has grown to two lines, and we can see the 'hi 362# there.' output as the second line from our shell script. 363# 364# Note that you must alter the mib.txt file to be correct if you want 365# the .50.* outputs above to change to reasonable text descriptions. 366 367# Other ideas: 368# 369# exec .1.3.6.1.4.1.2021.51 ps /bin/ps 370# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top 371# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq 372 373# ----------------------------------------------------------------------------- 374 375 376############################################################################### 377# Pass through control. 378# 379 380# Usage: 381# pass MIBOID EXEC-COMMAND 382# 383# This will pass total control of the mib underneath the MIBOID 384# portion of the mib to the EXEC-COMMAND. 385# 386# Note: You'll have to change the path of the passtest script to your 387# source directory or install it in the given location. 388# 389# Example: (see the script for details) 390# (commented out here since it requires that you place the 391# script in the right location. (its not installed by default)) 392 393# pass .1.3.6.1.4.1.2021.255 /bin/sh PREFIX/local/passtest 394 395# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.255 396# enterprises.ucdavis.255.1 = "life the universe and everything" 397# enterprises.ucdavis.255.2.1 = 42 398# enterprises.ucdavis.255.2.2 = OID: 42.42.42 399# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42 400# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1 401# enterprises.ucdavis.255.5 = 42 402# enterprises.ucdavis.255.6 = Gauge: 42 403# 404# % snmpget -v 1 -c public localhost .1.3.6.1.4.1.2021.255.5 405# enterprises.ucdavis.255.5 = 42 406# 407# % snmpset -v 1 -c public localhost .1.3.6.1.4.1.2021.255.1 s "New string" 408# enterprises.ucdavis.255.1 = "New string" 409# 410 411# For specific usage information, see the man/snmpd.conf.5 manual page 412# as well as the local/passtest script used in the above example. 413 414############################################################################### 415# Subagent control 416# 417 418# The agent can support subagents using a number of extension mechanisms. 419# From the 4.2.1 release, AgentX support is being compiled in by default. 420# To use this mechanism, simply uncomment the following directive. 421# 422# master agentx 423# 424# Please see the file README.agentx for more details. 425# 426 427 428############################################################################### 429# Further Information 430# 431# See the snmpd.conf manual page, and the output of "snmpd -H". 432# MUCH more can be done with the snmpd.conf than is shown as an 433# example here. 434