snmpd(8)


NAME

   snmpd - daemon to respond to SNMP request packets.

SYNOPSIS

   snmpd [OPTIONS] [LISTENING ADDRESSES]

DESCRIPTION

   snmpd  is  an SNMP agent which binds to a port and awaits requests from
   SNMP management software.  Upon receiving a request, it  processes  the
   request(s),  collects  the  requested  information  and/or performs the
   requested operation(s) and returns the information to the sender.

OPTIONS

   -a      Log the source addresses of incoming requests.

   -A      Append to the log file rather than truncating it.

   -c FILE Read FILE as a configuration file (or a comma-separated list of
           configuration  files).   Note  that  the  loaded file will only
           understand snmpd.conf tokens, unless the configuration type  is
           specified  in the file as described in the snmp_config man page
           under SWITCHING CONFIGURATION TYPES IN MID-FILE.

   -C      Do not read any configuration files except the ones  optionally
           specified  by  the  -c  option.   Note that this behaviour also
           covers the persistent configuration files.  This may result  in
           dynamically-assigned  values  being  reset  following  an agent
           restart,  unless  the  relevant  persistent  config  files  are
           explicitly loaded using the -c option.

   -d      Dump (in hexadecimal) the sent and received SNMP packets.

   -D[TOKEN[,...]]
           Turn  on  debugging output for the given TOKEN(s).  Without any
           tokens specified, it defaults to printing all the tokens (which
           is equivalent to the keyword "ALL").  You might want to try ALL
           for extremely verbose output.  Note: You can not  put  a  space
           between the -D flag and the listed TOKENs.

   -f      Do not fork() from the calling shell.

   -g GID  Change  to  the  numerical group ID GID after opening listening
           sockets.

   -h, --help
           Display a brief usage message and then exit.

   -H      Display a list of configuration file directives  understood  by
           the agent and then exit.

   -I [-]INITLIST
           Specifies  which  modules should (or should not) be initialized
           when the agent starts up.  If the comma-separated  INITLIST  is
           preceded  with a '-', it is the list of modules that should not
           be started.  Otherwise this is the list  of  the  only  modules
           that should be started.

           To  get  a  list  of  compiled  modules, run the agent with the
           arguments -Dmib_init -H (assuming debugging  support  has  been
           compiled in).

   -L[eEfFoOsS]
           Specify where logging output should be directed (standard error
           or output, to a file or via syslog).  See  LOGGING  OPTIONS  in
           snmpcmd(1) for details.

   -m MIBLIST
           Specifies  a  colon  separated  list of MIB modules to load for
           this application.   This  overrides  the  environment  variable
           MIBS.  See snmpcmd(1) for details.

   -M DIRLIST
           Specifies  a  colon separated list of directories to search for
           MIBs.  This overrides the environment  variable  MIBDIRS.   See
           snmpcmd(1) for details.

   -n NAME Set  an  alternative  application  name  (which will affect the
           configuration files loaded).  By default this  will  be  snmpd,
           regardless of the name of the actual binary.

   -p FILE Save the process ID of the daemon in FILE.

   -q      Print simpler output for easier automated parsing.

   -r      Do not require root access to run the daemon.  Specifically, do
           not exit if files only accessible to root  (such  as  /dev/kmem
           etc.) cannot be opened.

   -u UID  Change  to  the user ID UID (which can be given in numerical or
           textual form) after opening listening sockets.

   -U      Instructs the agent to not remove its  pid  file  (see  the  -p
           option)  on  shutdown. Overrides the leave_pidfile token in the
           snmpd.conf file, see snmpd.conf(5).

   -v, --version
           Print version information for the agent and then exit.

   -V      Symbolically dump SNMP transactions.

   -x ADDRESS
           Listens for AgentX connections on the specified address  rather
           than  the default "/var/agentx/master".  The address can either
           be a Unix domain socket path,  or  the  address  of  a  network
           interface.   The  format is the same as the format of listening
           addresses described below.

   -X      Run as an AgentX subagent rather than as an SNMP master agent.

   --name="value"
           Allows one to specify  any  token  ("name")  supported  in  the
           snmpd.conf  file  and  sets its value to "value". Overrides the
           corresponding token in the snmpd.conf file.  See  snmpd.conf(5)
           for the full list of tokens.

LISTENING ADDRESSES

   By default, snmpd listens for incoming SNMP requests on UDP port 161 on
   all IPv4 interfaces.  However, it is possible to modify this  behaviour
   by specifying one or more listening addresses as arguments to snmpd.  A
   listening address takes the form:

          [<transport-specifier>:]<transport-address>

   At its simplest, a listening address may consist only of a port number,
   in  which  case  snmpd listens on that UDP port on all IPv4 interfaces.
   Otherwise, the <transport-address> part of the specification is  parsed
   according to the following table:

       <transport-specifier>       <transport-address> format

       udp (default)               hostname[:port] or IPv4-address[:port]

       tcp                         hostname[:port] or IPv4-address[:port]

       unix                        pathname

       ipx                         [network]:node[/port]

       aal5pvc or pvc              [interface.][VPI.]VCI

       udp6 or udpv6 or udpipv6    hostname[:port] or IPv6-address[:port]

       tcp6 or tcpv6 or tcpipv6    hostname[:port] or IPv6-address[:port]

       ssh                         hostname:port

       dtlsudp                     hostname:port

   Note  that  <transport-specifier> strings are case-insensitive so that,
   for example, "tcp" and "TCP" are equivalent.  Here are  some  examples,
   along with their interpretation:

   127.0.0.1:161           listen  on  UDP  port  161,  but  only  on  the
                           loopback interface.  This prevents snmpd  being
                           queried   remotely.   The   port  specification
                           ":161" is not strictly necessary since that  is
                           the default SNMP port.

   TCP:1161                listen on TCP port 1161 on all IPv4 interfaces.

   ipx:/40000              listen on IPX port 40000 on all IPX interfaces.

   unix:/tmp/local-agent   listen    on    the    Unix    domain    socket
                           /tmp/local-agent.

   /tmp/local-agent        is identical  to  the  previous  specification,
                           since  the  Unix domain is assumed if the first
                           character of the <transport-address> is '/'.

   PVC:161                 listen on the AAL5  permanent  virtual  circuit
                           with  VPI=0  and VCI=161 (decimal) on the first
                           ATM adapter in the machine.

   udp6:10161              listen on port 10161 on all IPv6 interfaces.

   ssh:127.0.0.1:22        Allows connections from the snmp  subsystem  on
                           the  ssh  server  on  port  22.  The details of
                           using SNMP over SSH are defined below.

   dtlsudp:127.0.0.1:9161  Listen for connections over DTLS  on  UDP  port
                           9161.    The   snmp.conf  file  must  have  the
                           serverCert, configuration tokens defined.

   Note that not all the transport domains listed  above  will  always  be
   available; for instance, hosts with no IPv6 support will not be able to
   use udp6 transport addresses, and attempts to do so will result in  the
   error  "Error  opening  specified  endpoint".  Likewise, since AAL5 PVC
   support is only currently available on Linux, it  will  fail  with  the
   same error on other platforms.

Transport Specific Notes

   ssh     The  SSH transport, on the server side, is actually just a unix
           named pipe that  can  be  connected  to  via  a  ssh  subsystem
           configured   in   the  main  ssh  server.   The  pipe  location
           (configurable with the sshtosnmpsocket token in  snmp.conf)  is
           /var/net-snmp/sshtosnmp.  Packets should be submitted to it via
           the sshtosnmp application, which also sends the user ID as well
           when starting the connection.  The TSM security model should be
           used when packets should process it.

           The sshtosnmp command knows how to connect  to  this  pipe  and
           talk  to  it.   It  should  be  configured  in the OpenSSH sshd
           configuration  file  (which  is  normally  /etc/ssh/sshd_config
           using the following configuration line:

                  Subsystem snmp /usr/local/bin/sshtosnmp

           The  sshtosnmp  command  will  need  read/write  access  to the
           /var/net-snmp/sshtosnmp pipe.  Although  it  should  be  fairly
           safe  to  grant  access  to  the  average  user  since it still
           requires modifications to the ACM settings before the user  can
           perform  operations,  paranoid  administrators may want to make
           the /var/net-snmp directory  accessible  only  by  users  in  a
           particular   group.   Use  the  sshtosnmpsocketperms  snmp.conf
           configure option to set the permissions, owner and group of the
           created socket.

           Access  control  can  be  granted  to  the user "foo" using the
           following style of simple snmpd.conf settings:

                  rouser -s tsm foo authpriv

           Note that "authpriv" is acceptable  assuming  as  SSH  protects
           everything  that  way  (assuming  you have a non-insane setup).
           snmpd has no notion of how SSH has actually protected a  packet
           and  thus the snmp agent assumes all packets passed through the
           SSH transport have been protected at the authpriv level.

   dtlsudp The DTLS protocol, which is based off  of  TLS,  requires  both
           client  and server certificates to establish the connection and
           authenticate both sides.  In order to do this, the client  will
           need  to  configure  the  snmp.conf  file  with  the clientCert
           configuration tokens.  The server will need  to  configure  the
           snmp.conf   file   with  the  serverCert  configuration  tokens
           defined.

           Access control setup is similar to the ssh transport as the TSM
           security model should be used to protect the packet.

CONFIGURATION FILES

   snmpd checks for the existence of and parses the following files:

   /etc/snmp/snmp.conf
         Common   configuration   for  the  agent  and  applications.  See
         snmp.conf(5) for details.

   /etc/snmp/snmpd.conf

   /etc/snmp/snmpd.local.conf
         Agent-specific configuration.   See  snmpd.conf(5)  for  details.
         These  files  are  optional  and  may be used to configure access
         control,  trap  generation,  subagent  protocols  and  much  else
         besides.

         In  addition  to  these two configuration files in /etc/snmp, the
         agent  will  read  any  files  with  the  names  snmpd.conf   and
         snmpd.local.conf  in  a  colon  separated  path  specified in the
         SNMPCONFPATH environment variable.

   /usr/share/snmp/mibs/
         The agent will also load all files in this directory as MIBs.  It
         will  not,  however,  load  any  file  that  begins with a '.' or
         descend into subdirectories.

SEE ALSO

   (in recommended reading order)

   snmp_config(5), snmp.conf(5), snmpd.conf(5)





Opportunity


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.





Free Software


Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.


Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.





Free Books


The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.


Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.





Education


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.


Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.