NAME
snmp.conf - configuration files for the
Net-SNMP applications
# 注释 :snmp.conf 文件是配置
Net-SNMP 应用程序的文件。
# 这里的应用程序包括 snmpwalk
,snmmpget 这样的客户端程序,也包括 snmpd ,snmptrapd 这样的守护进程
DESCRIPTION
Applications built using the Net-SNMP
libraries typically use one or more configuration files to control various
aspects of their operation. These files (snmp.conf and
snmp.local.conf) can be located in one of several locations, as described
in the (5) manual page.
# 注释 :Net-SNMP
所提供的应用程序使用1个获知多个配置文件来控制不同的操作。
# 例如 snmp.conf 和
snmp.local.conf
In particular, /etc/snmp/snmp.conf is a
common file, containing the settings shared by all users of the system.
~/.snmp/snmp.conf is a personal file, with the settings specific to a particular
user.
# 注释 :一般情况下,/etc/snmp/snmp.conf
是一个全局性的文件,被系统的所有用户共享。
# 而 ~/.snmp/snmp.conf
是针对用户个人的配置文件
IMPORTANT NOTE
Several of these directives may contain
sensitive information (such as pass phrases). Configuration files that include
such settings should only be
readable by the user concerned.
# 注释
:由于这些配置文件包含有重要信息,所以它们应该只能被所有者读取
As well as application-specific configuration
tokens, there are several directives that relate to standard library behaviour,
relevant to most Net-SNMP applications. Many of these correspond to standard
command-line options, which are described in the (1) manual page.
These directives can be divided into several
distinct groups.
CLIENT BEHAVIOUR
- defaultPort
PORT
-
- defines the default UDP port that client
SNMP applications will attempt to connect to. This can be overridden by
explicitly including a port number in the AGENT specification. See the
(1) manual page for more details.
- If not specified, the default value for this
token is 161.
# 注释
:defaultPort 定义客户端程序默认连接的 UDP 端口。默认是161
-
- defVersion
(1|2c|3)
-
- defines the default version of SNMP to use.
This can be overridden using the -v option.
# 注释
:defVersion (1|2c|3) 用于定义默认使用的 SNMP 版本。
# 可以在命令行用 -v
选项来覆盖该值
- defCommunity
STRING
-
- defines the default community to use for
SNMPv1 and SNMPv2c requests. This can be overridden using the -c option.
# 注释 :defCommunity
定义 SNMP v1 和 SNMP v2c 默认使用的 community string
# 可以在命令行用 -c
选项来覆盖该值
- dumpPacket yes
-
- defines whether to display a hexadecimal
dump of the raw SNMP requests sent and received by the application. This is
equivalent to the -d option.
# 注释
:dumpPacket yes 表示是否显示捕捉到16进制格式的原始 SNMP 请求和应答
# 可以在命令行用 -d
选项来覆盖
- doDebugging (1|0)
-
- turns on debugging for all applications run
if set to 1.
# 注释
:doDebugging (1|0)表示是否启用 debug 功能。1 为启用,0 为禁用
-
- debugTokens
TOKEN[,TOKEN...]
-
- defines the debugging tokens that should be
turned on when doDebugging is set. This is equivalent to the -D
option.
# 注释
:debugTokens 定义 debug 时的 token 。等于 -D 选项
- 16bitIDs yes
-
- restricts requestIDs, etc to 16-bit values.
- The SNMP specifications define these ID
fields as 32-bit quantities, and the Net-SNMP library typically initialises them
to random values for security. However certain (broken) agents cannot handle ID
values greater than 2^16 - this option allows interoperability with such agents.
# 注释 :16bitIDs 表示强制使用
16 bit 的请求 ID。
# SNMP
处于安全期间在启动期间随即初始化。
- clientaddr
[:]
-
- specifies the source address to be used by
command-line applications when sending SNMP requests. See (1) for more information about the format of
addresses.
- This value is also used by snmpd when
generating notifications.
# 注释
:clientaddr [transport]:[host];[port] 用于定义发送 SNMP 请求时使用的源地址。
# 当 snmpd 生成
notification 消息时就会用到
- clientRecvBuf INTEGER
-
- specifies the desired size of the buffer to
be used when receiving responses to SNMP requests. If the OS hard limit is lower
than the clientRecvBuf value, then this will be used instead. Some
platforms may decide to increase the size of the buffer actually used for
internal housekeeping.
- This directive will be ignored if the
platforms does not support setsockopt().
- clientSendBuf INTEGER
-
- is similar to clientRecvBuf, but
applies to the size of the buffer used when sending SNMP requests.
-
-
- noRangeCheck yes
-
- disables the validation of varbind values
against the MIB definition for the relevant OID. This is equivalent to the
-Ir option.
- This directive is primarily relevant to the
snmpset command, but will also apply to any application that calls
snmp_add_var() with a non-NULL value.
# 注释
:noRangeCheck yes 表示禁止检查 variable binding 中给出的值是否符合 MIB
中该对象的定义
# 等于命令行的 -Ir 选项,主要用于
snmpset 命令
- noTokenWarnings
-
- disables warnings about unknown config file
tokens.
- reverseEncodeBER
(1|yes|true|0|no|false)
-
- controls how the encoding of SNMP requests
is handled.
- The default behaviour is to encode packets
starting from the end of the PDU and working backwards. This directive can be
used to disable this behaviour, and build the encoded request in the (more
obvious) forward direction.
- It should not normally be necessary to
change this setting, as the encoding is basically the same in either case - but
working backwards typically produces a slightly more efficient encoding, and
hence a smaller network datagram.
SNMPv3 SETTINGS
- defSecurityName STRING
- defines the default security name to use for
SNMPv3 requests. This can be overridden using the -u option.
- defSecurityLevel
noAuthNoPriv|authNoPriv|authPriv
- defines the default security level to use
for SNMPv3 requests. This can be overridden using the -l option.
- If not specified, the default value for this
token is noAuthNoPriv.
-
- Note:
- authPriv is only available if
the software has been compiled to use the OpenSSL
libraries.
- defPassphrase STRING
- defAuthPassphrase STRING
- defPrivPassphrase STRING
- define the default authentication and
privacy pass phrases to use for SNMPv3 requests. These can be overridden using
the -A and -X options respectively.
- The defPassphrase value will be used
for the authentication and/or privacy pass phrases if either of the other
directives are not specified.
- defAuthType MD5|SHA
- defPrivType DES|AES
- define the default authentication and
privacy protocols to use for SNMPv3 requests. These can be overridden using the
-a and -x options respectively.
- If not specified, SNMPv3 requests will
default to MD5 authentication and DES encryption.
-
- Note:
- If the software has not been compiled to use
the OpenSSL libraries, then only MD5 authentication is supported. Neither SHA
authentication nor any form of encryption will be
available.
- defContext STRING
- defines the default context to use for
SNMPv3 requests. This can be overridden using the -n option.
- If not specified, the default value for this
token is the default context (i.e. the empty string "").
- defSecurityModel STRING
- defines the security model to use for SNMPv3
requests. The default value is "usm" which is the only widely used security
model for SNMPv3.
- defAuthMasterKey 0xHEXSTRING
- defPrivMasterKey 0xHEXSTRING
- defAuthLocalizedKey 0xHEXSTRING
- defPrivLocalizedKey 0xHEXSTRING
- define the (hexadecimal) keys to be used for
SNMPv3 secure communications. SNMPv3 keys are frequently derived from a
passphrase, as discussed in the defPassphrase section above. However for
improved security a truely random key can be generated and used instead (which
would normally has better entropy than a password unless it is amazingly long).
The directives are equivalent to the short-form command line options -3m,
-3M, -3k, and -3K.
- Localized keys are master keys which have
been converted to a unique key which is only suitable for on particular SNMP
engine (agent). The length of the key needs to be appropriate for the
authentication or encryption type being used (auth keys: MD5=16 bytes, SHA1=20
bytes; priv keys: DES=16 bytes (8 bytes of which is used as an IV and not a
key), and AES=16 bytes).
SERVER BEHAVIOUR
- persistentDir
DIRECTORY
-
- defines the directory where snmpd and
snmptrapd store persistent configuration settings.
- If not specified, the persistent directory
defaults to /var/net-snmp
# 注释
:persistentDir 定义 snmpd 和 snmptrapd 存放永久性配置文件的目录。默认是
/var/net-snmp
- noPersistentLoad yes
- noPersistentSave
yes
-
- disable the loading and saving of persistent
configuration information.
-
- Note:
- This will break SNMPv3 operations (and other
behaviour that relies on changes persisting across application restart). Use
With Care.
-
-
-
- tempFilePattern
PATTERN
-
- defines a filename template for creating
temporary files, for handling input to and output from external shell commands.
Used by the mkstemp() and mktemp() functions.
- If not specified, the default pattern is
/tmp/snmpdXXXXXX.
# 注释
:tempFilePattern 定义用于建立临时文件的文件名模式。默认是 /tmp/snmpdxxxx 。
-
- serverRecvBuf
INTEGER
-
- specifies the desired size of the buffer to
be used when receiving incoming SNMP requests. If the OS hard limit is lower
than the serverRecvBuf value, then this will be used instead. Some
platforms may decide to increase the size of the buffer actually used for
internal housekeeping.
- This directive will be ignored if the
platforms does not support setsockopt().
-
- serverSendBuf INTEGER
-
- is similar to serverRecvBuf, but
applies to the size of the buffer used when sending SNMP
responses.
MIB HANDLING
- mibdirs
DIRLIST
-
- specifies a list of directories to search
for MIB files. This operates in the same way as the -M option - see (1) for details. Note that this value can be
overridden by the MIBDIRS environment variable, and the -M option.
# 注释 :mibdirs
指令给出了 MIB 文件存放的位置。
# 可以在命令行用 -M
选项指定。
# 注释 :不过该选项可以被
MIBDIRS 变量覆盖
-
- mibs
MIBLIST
-
- specifies a list of MIB modules (not files)
that should be loaded. This operates in the same way as the -m option -
see (1) for details. Note that this list can be
overridden by the MIBS environment variable, and the -m option.
# 注释 :mibs
指令给出了一个 snmpd 服务启动时应该加载的 MIB 模块的列表(不是文件名)。
# 可以在命令行用 -m
选项指定
# 注释 :该选项可以被
MIBS 变量覆盖
-
- mibfile
FILE
-
- specifies a (single) MIB file to load, in
addition to the list read from the mibs token (or equivalent
configuration). Note that this value can be overridden by the MIBFILES
environment variable.
# 注释 :mibfile
指令给出一个单独的 MIB 文件名,表示除了 mibs 指令给出的之外,再加载该文件。
-
- showMibErrors
(1|yes|true|0|no|false)
-
- whether to display MIB parsing errors.
# 注释
:showMibErrors 指令设置是否显示 MIB 解释错误
-
- strictCommentTerm
(1|yes|true|0|no|false)
-
- whether MIB parsing should be strict about
comment termination. Many MIB writers assume that ASN.1 comments extend to the
end of the text line, rather than being terminated by the next "--" token. This
token can be used to accept such (strictly incorrect) MIBs.
-
- mibAllowUnderline (1|yes|true|0|no|false)
-
- whether to allow underline characters in MIB
object names and enumeration values. This token can be used to accept such
(strictly incorrect) MIBs.
-
- mibWarningLevel
INTEGER
-
- the minimum warning level of the warnings
printed by the MIB parser.
-
OUTPUT CONFIGURATION
- logTimestamp
(1|yes|true|0|no|false)
-
- Whether the commands should log timestamps
with their error/message logging or not. Note that output will not look as
pretty with timestamps if the source code that is doing the logging does
incremental logging of messages that are not line buffered before being passed
to the logging routines. This option is only used when file logging is active.
-
- printNumericEnums
(1|yes|true|0|no|false)
-
- Equivalent to -Oe.
-
- printNumericOids
(1|yes|true|0|no|false)
-
- Equivalent to -On.
# 注释
:printNumbericOids 表示输出时显示数字格式的 oid ,而不是名称
-
- dontBreakdownOids
(1|yes|true|0|no|false)
-
- Equivalent to -Ob.
-
- escapeQuotes
(1|yes|true|0|no|false)
-
- Equivalent to -OE.
-
- quickPrinting
(1|yes|true|0|no|false)
-
- Equivalent to -Oq.
-
- printValueOnly
(1|yes|true|0|no|false)
-
- Equivalent to -Ov.
-
- dontPrintUnits
(1|yes|true|0|no|false)
-
- Equivalent to -OU.
-
- numericTimeticks
(1|yes|true|0|no|false)
-
- Equivalent to -Ot.
-
- printHexText
(1|yes|true|0|no|false)
-
- Equivalent to -OT.
-
- hexOutputLength
integer
-
- Specifies where to break up the output of
hexadecimal strings. Set to 0 to disable line breaks. Defaults to 16.
-
- suffixPrinting (0|1|2)
-
- The value 1 is equivalent to -Os and
the value 2 is equivalent to -OS.
-
- oidOutputFormat
(1|2|3|4|5|6)
-
- Maps -O options as follow: -Os=1, -OS=2,
-Of=3, -On=4, -Ou=5. The value 6 has no matching -O option. It suppresses
output.
-
- extendedIndex
(1|yes|true|0|no|false)
-
- Equivalent to -OX.
-
- noDisplayHint
(1|yes|true|0|no|false)
-
- Disables the use of DISPLAY-HINT information
when parsing indices and values to set. Equivalent to
-Ih.
FILES
/etc/snmp/snmp.conf, /etc/snmp/snmp.local.conf -
common configuration settings ~/.snmp/snmp.conf - user-specific configuration
settings
阅读(692) | 评论(0) | 转发(0) |