MAN page from Trustix net-snmp-5.4-2tr.i586.rpm


Section: Net-SNMP (8)
Updated: 15 Jan 2004


snmptrapd - Receive and log SNMP trap messages. 




snmptrapdis an SNMP application that receives and logs SNMP TRAP and INFORMmessages.

Note: the default is to listen on UDP port 162 on all IPv4 interfaces.Since 162 is a privileged port,snmptrapdmust typically be run as root. 


Ignore authenticationFailure traps.
Append to the log file rather than truncating it.
Read FILEas a configuration file.
Do not read any configuration files except the one optionally specified by the -c option.
Dump (in hexadecimal) the sent and received SNMP packets.
-D TOKEN[,...]
Turn on debugging output for the givenTOKEN(s).TryALLfor extremely verbose output.
Print event numbers (rising/falling alarm etc.) from the (obsolete) M2M-MIB.
This functionality is being deprecated and will be removed in due course.
Do not fork() from the calling shell.
When logging to standard output, use the format in the stringFORMAT.See the sectionFORMAT SPECIFICATIONSbelow for more details.
-h, --help
Display a brief usage message and then exit.
Display a list of configuration file directives understood by thetrap daemon and then exit.
Specifies which modules should (or should not) be initializedwhen snmptrapd starts up. If the comma-separatedINITLISTis precededwith a '-', it is the list of modules that should not be started.notwant to be started. Otherwise,INITLISTOtherwise this is the list of the only modules that should be started.

To get a list of compiled modules, run snmptrapd with the arguments-Dmib_init -H(assuming debugging support has been compiled in).

Specify where logging output should be directed (standard error or output,to a file or via syslog). See LOGGING OPTIONS in snmpcmd(1) for details.
Specifies a colon separated list of MIB modules to load for thisapplication. This overrides the environment variable MIBS.See snmpcmd(1) for details.
Specifies a colon separated list of directories to search for MIBs.This overrides the environment variable MIBDIRS.See snmpcmd(1) for details.
Do not attempt to translate source addresses of incoming packets intohostnames.
Save the process ID of the trap daemon inFILE.
-O [abeEfnqQsStTuUvxX]
Specifies how MIB objects and other output should be displayed.See the sectionOUTPUT OPTIONSin thesnmpcmd(1)manual page for details.
Do not log traps to syslog. This disables logging to syslog. This isuseful if you want the snmptrapd application toonlyrun traphandle hooks and not to log any traps to any location.
-v, --version
Print version information for the trap daemon and then exit.
Connect to the AgentX master agent on the specified address,rather than the default ''.See snmpd(8) for details of the format of such addresses.
Allows to specify any token ("name") supported in thesnmptrapd.conffile and sets its value to "value". Overrides the corresponding token in thesnmptrapd.conffile. Seesnmptrapd.conf(5)for the full list of tokens.


snmptrapdinterprets format strings similarly toprintf(3).It understands the following formatting sequences:

a literal %
the contents of the agent-addr field of the PDU (v1 TRAPs only)
the hostname corresponding to the contents of the agent-addr field ofthe PDU, if available, otherwise the contents of the agent-addr fieldof the PDU (v1 TRAPs only).
PDU source address (Note: this is not necessarily an IPv4address)
PDU source hostname if available, otherwise PDU source address (seenote above)
current hour on the local system
the hour field from the sysUpTime.0 varbind
current minute on the local system
the minute field from the sysUpTime.0 varbind
current second on the local system
the seconds field from the sysUpTime.0 varbind
current day of month on the local system
the day of month field from the sysUpTime.0 varbind
current (numeric) month on the local system
the numeric month field from the sysUpTime.0 varbind
enterprise string
trap sub-type (numeric, in decimal)
security information from the PDU (community name for v1/v2c,user and context for v3)
decimal number of seconds since the operating system epoch (asreturned bytime(2))
the value of the sysUpTime.0 varbind in seconds
list of variable-bindings from the notification payload.These will be separated by a tab, or by a comma and a blank if the alternate form is requestedSee also %V
specifies the variable-bindings separator. This takes a sequence ofcharacters, up to the next % (to embed a % in the string, use \%)
trap type (numeric, in decimal)
trap description
current year on the local system
the year field from the sysUpTime.0 varbind

In addition to these values, an optional fieldwidth and precision may also be specified , just as in printf(3),and a flag value. The following flags are supported:

left justify
use leading zeros
use alternate form

The "use alternate form" flag changes the behavior of various formatstring sequences:

Time information will be displayed based on GMT (rather than the local timezone)
The variable-bindings will be a comma-separated list (rather than a tab-separated one)
The system uptime will be broken down into a human-meaningful format (rather than being a simple integer)


To get a message like "14:03 TRAP3.1 from" you could use something like this:

snmptrapd -P -F "%02.2h:%02.2j TRAP%w.%q from %A\n"

If you want the same thing but in GMT rather than local time, use

snmptrapd -P -F "%#02.2h:%#02.2j TRAP%w.%q from %A\n"


By default,snmptrapdlistens for incoming SNMP TRAP and INFORM packets on UDP port 162 onall IPv4 interfaces. However, it is possible to modify this behaviourby specifying one or more listening addresses as arguments tosnmptrapd.See thesnmpd(8)manual page for more information about the format of listeningaddresses. 


As of net-snmp 5.0, the snmptrapd application supports theNOTIFICATION-LOG-MIB. It does this by opening an AgentX subagentconnection to the master snmpd agent and registering the notificationlog tables. As long as the snmpd application is started first, itwill attach itself to it and thus you should be able to view the lastrecorded notifications via the nlmLogTable and nlmLogVariableTable.See the snmptrapd.conf file and the "dontRetainLogs" token for turningoff this support. See the NOTIFICATION-LOG-MIB for more details aboutthe MIB itself. 


See thesnmptrapd.conf(5)manual page. 


snmpcmd(1), snmpd(8), printf(3), snmptrapd.conf(5), syslog(8), variables(5) 


snmpd.conf - configuration file for the Net-SNMP SNMP agent 


The Net-SNMP agent uses one or more configuration filesto control its operation and the management informationprovided.These files (snmpd.conf and snmpd.local.conf)can be located in one of several locations, as described in thesnmp_config(5) manual page.

The (perl) applicationsnmpconfcan be used to generate configuration files for themost common agent requirements. See thesnmpconf(1)manual page for more information, or try running thecommand:

snmpconf -g basic_setup

There are a large number of directives that can be specified,but these mostly fall into four distinct categories:

those controlling who can access the agent
those configuring the information that is supplied by the agent
those controlling active monitoring of the local system
those concerned with extending the functionality of the agent.

Some directives don't fall naturally into any of these fourcategories, but this covers the majority of the contents ofa typicalsnmpd.conffile.A full list of recognised directives can be obtained by runningthe command:

snmpd -H


Although most configuration directives are concerned with the MIBinformation supplied by the agent, there are a handful of directives thatcontrol the behaviour of snmpd considered simply as a daemonproviding a network service.
agentaddress [<transport-specifier>:]<transport-address>[,...]
defines a list of listening addresses, on which to receive incomingSNMP requests.See the section LISTENING ADDRESSESin thesnmpd(8)manual page for more information about the format of listeningaddresses.
The default behaviour is tolisten on UDP port 161 on all IPv4 interfaces.
agentgroup {GROUP|#GID}
changes to the specified group after opening the listening port(s).This may refer to a group by name (GROUP), or a numeric group IDstarting with '#' (#GID).
agentuser {USER|#UID}
changes to the specified user after opening the listening port(s).This may refer to a user by name (USER), or a numeric user IDstarting with '#' (#UID).
leave_pidfile yes
instructs the agent to not remove its pid file on shutdown. Equivalent tospecifying "-U" on the command line.

SNMPv3 Configuration

SNMPv3 requires an SNMP agent to define a unique "engine ID"in order to respond to SNMPv3 requests.This ID will normally be determined automatically, using two reasonablynon-predictable values - a (pseudo-)random number and the currentuptime in seconds. This is the recommended approach. However thecapacity exists to define the engineID in other ways:
specifies that the engineID should be built from the given text STRING.
engineIDType 1|2|3
specifies that the engineID should be built from the IPv4 address (1),IPv6 address (2) or MAC address (3). Note that changing the IP address(or switching the network interface card) may cause problems.
defines which interface to use when determining the MAC address.If engineIDType 3 is not specified, then this directivehas no effect.
The default is to use eth0.


snmpdsupports the View-Based Access Control Model (VACM) as defined in RFC2575, to control who can retrieve or update information. To this end,it recognizes various directives relating to access control.These fall into four basic groups. 

SNMPv3 Users

createUser [-e ENGINEID] username (MD5|SHA) authpassphrase [DES|AES] [privpassphrase]
MD5 and SHA are the authentication types to use. DES and AES are theprivacy protocols to use. If the privacypassphrase is not specified, it is assumed to be the same as theauthentication passphrase. Note that the users created will beuseless unless they are also added to the VACM access control tablesdescribed above.
SHA authentication and DES/AES privacy require OpenSSL to be installed andthe agent to be built with OpenSSL support. MD5 authentication may beused without OpenSSL.
Warning: the minimum pass phrase length is 8 characters.
SNMPv3 users can be created at runtime using thesnmpusm(1)command.
Instead of figuring out how to use this directive and where to put it(see below), just run "net-snmp-config --create-snmpv3-user" instead,which will add one of these lines to the right place.
This directive should be placed into the/var/net-snmp/snmpd.conf file instead of the other normallocations. The reason is that the information is read from the fileand then the line is removed (eliminating the storage of the masterpassword for that user) and replaced with the key that is derived fromit. This key is a localized key, so that if it is stolen it can notbe used to access other agents. If the password is stolen, however,it can be.
If you need to localize the user to a particular EngineID (this isuseful mostly in the similar snmptrapd.conf file), you can use the -eargument to specify an EngineID as a hex value (EG, "0x01020304").
If you want to generate either your master or localized keys directly,replace the given password with a hexstring (preceeded by a "0x") andprecede the hex string by a -m or -l token (respectively). EGs:
[these keys are *not* secure but are easy to visually parse forcounting purposes.  Please generate random keys instead of usingthese examples]createUser myuser SHA -l 0x0001020304050607080900010203040506070809 AES -l 0x00010203040506070809000102030405createUser myuser SHA -m 0x0001020304050607080900010203040506070809 AES -m 0x0001020304050607080900010203040506070809
Due to the way localization happens, localized privacy keys areexpected to be the length needed by the algorithm (128 bits for allsupported algorithms). Master encryption keys, though, need to be thelength required by the authentication algorithm not the lengthrequired by the encrypting algorithm (MD5: 16 bytes, SHA: 20 bytes).

Traditional Access Control

Most simple access control requirements can be specified using thedirectives rouser/rwuser (for SNMPv3) orrocommunity/rwcommunity (for SNMPv1 or SNMPv2c).
rouser USER [noauth|auth|priv [OID]]
rwuser USER [noauth|auth|priv [OID]]
specify an SNMPv3 user that will be allowed read-only (GET and GETNEXT)or read-write (GET, GETNEXT and SET) access respectively.By default, this will provide access to the full OID tree for authenticated(including encrypted) SNMPv3 requests.An alternative minimum security level can be specified using noauth(to allow unauthenticated requests), or priv (to enforce use ofencryption). The OID field restricts access for thatuser to the subtree rooted at the given OID.
rocommunity COMMUNITY [SOURCE [OID]]
rwcommunity COMMUNITY [SOURCE [OID]]
specify an SNMPv1 or SNMPv2c community that will be allowed read-only(GET and GETNEXT) or read-write (GET, GETNEXT and SET) access respectively.By default, this will provide access to the full OID tree for such requests,regardless of where they were sent from. The SOURCE token can be used torestrict access to requests from the specified system(s) - seecom2sec for the full details. The OID field restricts access forthat community to the subtree rooted at the given OID.
rocommunity6 COMMUNITY [SOURCE [OID]]
rwcommunity6 COMMUNITY [SOURCE [OID]]
are directives relating to requests received using IPv6(if the agent supports such transport domains).The interpretation of the SOURCE and OID tokens are exactly the same as forthe IPv4 versions.

In each case, only one directive should be specified for a given SNMPv3 user,or community string.It is not appropriate to specify both rouserand rwuser directives referring to the same SNMPv3 user (or equivalentcommunity settings). The rwuser directive provides all the accessof rouser (as well as allowing SET support).The same holds true for the community-based directives.

More complex access requirements (such as access to twoor more distinct OID subtrees, or different views for GET and SET requests)should use one of the other access control mechanisms.Note that if several distinct communities or SNMPv3 users need to be grantedthe same level of access, it would also be more efficient to use the main VACMconfiguration directives. 

VACM Configuration

The full flexibility of the VACM is available using four configurationdirectives - com2sec, group, view and access.These provide direct configuration of the underlying VACM tables.
map an SNMPv1 or SNMPv2c community string to a security name - either froma particular range of source addresses, or globally ("default").A restricted source can either be a specific hostname (or address), ora subnet - represented as IP/MASK (e.g., orIP/BITS (e.g., or the IPv6 equivalents.
The same community string can be specified in several separate directives(presumably with different source tokens), and the first source/communitycombination that matches the incoming request will be selected.Various source/community combinations can also map to the same security name.
If a CONTEXT is specified (using -Cn), the community string will bemapped to a security name in the named SNMPv3 context. Otherwise thedefault context ("") will be used.
is the Unix domain sockets version of com2sec.
group GROUP {v1|v2c|usm} SECNAME
maps a security name (in the specified security model) intoa named group. Several group directives can specify thesame group name, allowing a single access setting to apply to several users and/or community strings.
Note that groups must be set up for the two community-based models separately -a single com2sec (or equivalent) directive will typically beaccompanied by two group directives.
defines a named "view" - a subset of the overall OID tree. This is mostcommonly a single subtree, but several view directives can be givenwith the same view name, to build up a more complex collection of OIDs.TYPE is either included or excluded, which can again definea more complex view (e.g by excluding certain sensitive objectsfrom an otherwise accessible subtree).
MASK is a list of hex octets (separated by '.' or ':') with the set bitsindicating which subidentifiers in the view OID to match against. Thiscan be used to define a view covering a particular row (or rows) in atable. If not specified, this defaults to matching the OID exactly(all bits set), thus defining a simple OID subtree.
maps from a group of users/communities (with a particular security modeland minimum security level, and in a specific context) to one of three views,depending on the request being processed.
LEVEL is one of noauth, auth, or priv.PREFX specifies how CONTEXT should be matched against the context ofthe incoming request, either exact or prefix.READ, WRITE and NOTIFY specifies the view to be used for GET*, SETand TRAP/INFORM requests (althought the NOTIFY view is not currently used).For v1 or v2c access, LEVEL will need to be noauth.

Typed-View Configuration

The final group of directives extend the VACM approach into a more flexiblemechanism, which can be applied to other access control requirements. Rather thanthe fixed three views of the standard VACM mechanism, this can be used toconfigure various different view types. As far as the main SNMP agent isconcerned, the two main view types are read and write,corresponding to the READ and WRITE views of the main access directive.See the 'snmptrapd.conf(5)' man page for discussion of other view types.
is an alternative to the rocommunity/rwcommunity directives.TYPES will usually be read or read,write respectively.The view specification can either be an OID subtree (as before),or a named view (defined using theview directive) for greater flexibility. If this is omitted,then access will be allowed to the full OID tree.
authuser TYPES [-s MODEL] USER [LEVEL [OID | -V VIEW]]
is an alternative to the rouser/rwuser directives.The fields TYPES, OID and VIEW have the same meaning as forauthcommunity.
authgroup TYPES [-s MODEL] GROUP [LEVEL [OID | -V VIEW]]
is a companion to the authuser directive, specifying accessfor a particular group (defined using the group directive as usual).Both authuser and authgroup default to authenticated requests -LEVEL can also be specified as noauth or priv to allowunauthenticated requests, or require encryption respectively.Both authuser and authgroup directives also default to configuringaccess for SNMPv3/USM requests - use the '-s' flag to specify an alternativesecurity model (using the same values as for access above).
also configures the access for a particular group,specifying the name and type of view to apply. The MODEL and LEVEL fieldsare interpreted in the same way as for authgroup.If CONTEXT is specified, access is configured within this SNMPv3 context(or contexts with this prefix if the CONTEXT field ends with '*').Otherwise the default context ("") is used.
is a direct equivalent to the original access directive, typicallylisting the view types as read or read,write as appropriate.(or see 'snmptrapd.conf(5)' for other possibilities).All other fields have the same interpretation as with access.


Most of the information reported by the Net-SNMP agent is retrievedfrom the underlying system, or dynamically configured via SNMP SET requests(and retained from one run of the agent to the next).However, certain MIB objects can be configured or controlled viathe snmpd.conf(5) file. 

System Group

Most of the scalar objects in the 'system' group can be configuredin this way:
sysLocation STRING
sysContact STRING
sysName STRING
set the system location, system contact or system name(sysLocation.0, sysContact.0 and sysName.0) for the agent respectively.Ordinarily these objects are writeable via suitably authorized SNMP SETrequests. However, specifying one of these directives makes thecorresponding object read-only, and attempts to SET it will result ina notWritable error response.
sysServices NUMBER
sets the value of the sysServices.0 object.For a host system, a good value is 72 (application + end-to-end layers).If this directive is not specified, then no value will be reportedfor the sysServices.0 object.
sysDescr STRING
sysObjectID OID
sets the system description or object ID for the agent.Although these MIB objects are not SNMP-writable, these directives can beused by a network administrator to configure suitable values for them.

Interfaces Group

can be used to provide appropriate type and speed settings forinterfaces where the agent fails to determine this information correctly.TYPE is a type value as given in the IANAifType-MIB,and can be specified numerically or by name (assuming this MIB is loaded).

Host Resources Group

This requires that the agent was built with support for thehost module (which is now included as part of the default build configuration on the major supported platforms).
ignoreDisk STRING
controls which disk devices are scanned as part of populating thehrDiskStorageTable (and hrDeviceTable).The HostRes implementation code includes a list of disk device patternsappropriate for the current operating system, some of which may causethe agent to block when trying to open the corresponding disk devices.This might lead to a timeout when walking these tables, possiblyresulting in inconsistent behaviour. This directive can be usedto specify particular devices (either individually or wildcarded)that should not be checked.
Please consult the source (host/hr_disk.c) and check for theAdd_HR_Disk_entry calls relevant for a particular O/Sto determine the list of devices that will be scanned.
The pattern can include one or more wildcard expressions.See snmpd.examples(5) for illustration of the wildcard syntax.
storageUseNFS [1|2]
controls how NFS and NFS-like file systems should be reportedin the 'Network Disks' (1) or 'Fixed Disks' (2)Historically, the Net-SNMP agent has reported such file systemsas 'Fixed Disks', and this is still the default behaviour.Setting this directive to '1' reports such file systems as

Process Monitoring

The hrSWRun group of the Host Resources MIB providesinformation about individual processes running on the local system.The prTable of the UCD-SNMP-MIB complements this by reportingon selected services (which may involve multiple processes).This requires that the agent was built with support for theucd-snmp/proc module (which is included as part of thedefault build configuration).
proc NAME [MAX [MIN]]
monitors the number of processes called NAME (as reported by "/bin/ps -e")running on the local system.
If the number of NAMEd processes is less than MIN or greater than MAX,then the corresponding prErrorFlag instance will beset to 1, and a suitable description message reported via theprErrMessage instance.
This situation will not automatically trigger a trap to reportthe problem - see the DisMan Event MIB section later.
If neither MAX nor MIN are specified (or are both 0), they willdefault to infinity and 1 respectively ("at least one").If only MAX is specified, MIN will default to 0 ("no more than MAX").
registers a command that can be run to fix errors with the givenprocess NAME. This will be invoked when the correspondingprErrFix instance is set to 1.
This command will not be invoked automatically.
The procfix directive must be specified after the matchingproc directive, and cannot be used on its own.

If no proc directives are defined, then walking theprTable will fail (noSuchObject). 

Disk Usage Monitoring

This requires that the agent was built with support for theucd-snmp/disk module (which is included as part of thedefault build configuration).
monitors the disk mounted at PATH for available disk space.
The minimum threshold can either be specified in Kb (MINSPACE) oras a percentage of the total disk (MINPERCENT% with a '%' character),defaulting to 100Kb if neither are specified.If the free disk space falls below this threshold, then the corresponding dskErrorFlag instance will beset to 1, and a suitable description message reported via thedskErrorMsg instance.
This situation will not automatically trigger a trap to reportthe problem - see the DisMan Event MIB section later.
includeAllDisks MINPERCENT%
configures monitoring of all disks found on the system,using the specified (percentage) threshold.The threshold for individual disks can be adjusted using suitabledisk directives (which can come either before or after theincludeAllDisks directive).
Whether disk directives appears before or after includeAllDisks may affect the indexing of the dskTable.
Only one includeAllDisks directive should be specified - anysubsequent copies will be ignored.
The list of mounted disks will be determined when the agent starts using thesetmntent(3) and getmntent(3), or fopen(3) and getmntent(3), orsetfsent(3) and getfsent(3) system calls. If none of the abovesystem calls are available then the root partition "/"(which is assumed to exist on any UNIX based system) will be monitored.Disks mounted after the agent has started will not be monitored.

If neither any disk directives or includeAllDisks are defined,then walking the dskTable will fail (noSuchObject). 

System Load Monitoring

This requires that the agent was built with support for either theucd-snmp/loadave module or the ucd-snmp/memory modulerespectively (both of which are included as part of thedefault build configuration).
load MAX1 [MAX5 [MAX15]]
monitors the load average of the local system, specifyingthresholds for the 1-minute, 5-minute and 15-minute averages.If any of these loads exceed the associated maximum value, then the corresponding laErrorFlag instance will beset to 1, and a suitable description message reported via thelaErrMessage instance.
This situation will not automatically trigger a trap to reportthe problem - see the DisMan Event MIB section later.
If the MAX15 threshold is omitted, it will default to the MAX5 value.If both MAX5 and MAX15 are omitted, they will default to the MAX1 value.If this directive is not specified, all three thresholds willdefault to a value of DEFMAXLOADAVE.

Unlike the proc and disk directives, walking thewalking the laTable will succeed (assuming theucd-snmp/loadave module was configured into the agent),even if the load directive is not present.

swap MIN
monitors the amount of swap space available on the local system.If this falls below the specified threshold (MIN Kb),then the memErrorSwap object will be set to 1,and a suitable description message reported via memSwapErrorMsg.
This situation will not automatically trigger a trap to reportthe problem - see the DisMan Event MIB section later.
If this directive is not specified, the default threshold is 16 Mb.

Log File Monitoring

This requires that the agent was built with support for either theucd-snmp/file or ucd-snmp/logmatch modules respectively(both of which are included as part of thedefault build configuration).
monitors the size of the specified file (in Kb).If MAXSIZE is specified, and the size of the file exceedsthis threshold, then the corresponding fileErrorFlaginstance will be set to 1, and a suitable description message reportedvia the fileErrorMsg instance.
This situation will not automatically trigger a trap to reportthe problem - see the DisMan Event MIB section later.
A maximum of 20 files can be monitored.

If no file directives are defined, then walking thefileTable will fail (noSuchObject).

monitors the specified file for occurances of the specifiedpattern REGEX.
A maximum of 50 files can be monitored.

If no logmatch directives are defined, then walking thelogMatchTable will fail (noSuchObject). 


The usual behaviour of an SNMP agent is to wait for incoming SNMP requestsand respond to them - if no requests are received, an agent will typicallynot initiate any actions. This section describes various directives thatcan configure snmpd to take a more active role. 

Notification Handling

trapcommunity STRING
defines the default community string to be used when sending traps.Note that this directive must be used prior to any community-basedtrap destination directives that need to use it.
informsink HOST [COMMUNITY [PORT]]
define the address of a notification receiver that should be sentSNMPv1 TRAPs, SNMPv2c TRAP2s, or SNMPv2 INFORM notifications respectively.See the section LISTENING ADDRESSESin thesnmpd(8)manual page for more information about the format of listeningaddresses.If COMMUNITY is not specified, the most recent trapcommunitystring will be used.
If the transport address does not include an explicitport specification, then PORT will be used.If this is not specified, the well known SNMP trapport (162) will be used.
This mechanism is being deprecated, and the listening portshould be specified via the transport specification HOST instead.
If several sink directives are specified, multiplecopies of each notification (in the appropriate formats)will be generated.
It is not normally appropriate to list two (or all three)sink directives with the same destination.
provides a more generic mechanism for defining notification destinations.SNMPCMD_ARGSshould be the command-line options required for an equivalentsnmptrap (or snmpinform) command to send the desired notification.The option -Ci can be used (with -v2c or -v3) to generatean INFORM notification rather than an unacknowledged TRAP.
This is the appropriate directive for defining SNMPv3 trap receivers.See more information about SNMPv3 notification behaviour.
authtrapenable {1|2}
determines whether to generate authentication failure traps(enabled(1)) or not (disabled(2) - the default).Ordinarily the corresponding MIBobject (snmpEnableAuthenTraps.0) is read-write, but specifyingthis directive makes this object read-only, and attempts to set thevalue via SET requests will result in a notWritable error response.

DisMan Event MIB

The previous directives can be used to configure where traps shouldbe sent, but are not concerned with when to send such traps(or what traps should be generated). This is the domain of theEvent MIB - developed by the Distributed Management (DisMan)working group of the IETF.

This requires that the agent was built with support for thedisman/event module (which is now included as part of thedefault build configuration for the most recent distribution).

The behaviour of the latest implementation differs in some minorrespects from the previous code - nothing too significant, butexisting scripts may possibly need some minor adjustments.
iquerySecName NAME
agentSecName NAME
specifies the default SNMPv3 username, to be used when making internalqueries to retrieve any necessary information (either for evaluatingthe monitored expression, or building a notification payload).
Note that this user must also be explicitly created (createUser)and given appropriate access rights (e.g. rouser). Thisdirective is purely concerned with defining which user shouldbe used - not with actually setting this user up.
defines a MIB object to monitor.If the EXPRESSION condition holds (see below), then this will triggerthe corresponding event, and either send a notification or applya SET assignment (or both).Note that the event will only be triggered once, when the expressionfirst matches. This monitor entry will not fire again until themonitored condition first becomes false, and then matches again.NAME is an administrative name for this expression, and is used forindexing the mteTriggerTable (and related tables).
There are three types of monitor expression supported by the Event MIB -existence, boolean and threshold tests.
OID | !OID | !=OID
defines an existence(0) monitor test.A bare OID specifies a present(0) test, which will fire when(an instance of) the monitored OID is created.An expression of the form !OID specifies an absent(1) test,which will fire when the monitored OID is delected.An expression of the form !=OID specifies a changed(2) test,which will fire whenever the monitored value(s) change.
defines a boolean(1) monitor test.OP should be one of the definedcomparison operators (!=, ==, <, <=, >, >=) and VALUE should be aninteger value to compare against.
defines a threshold(2) monitor test.MIN and MAX are integer values, specifying lower and upper thresholds.If the value of the monitored OID falls below the lower threshold (MIN)or rises above the upper threshold (MAX), then the monitor entry willtrigger the corresponding event.
Note that the rising threshold event will only be re-armed whenthe monitored value falls below the lower threshold (MIN).Similarly, the falling threshold event will be re-armed bythe upper threshold (MAX).
The optional parameters DMIN and DMAX configure a pair ofsimilar threshold tests, but working with the deltadifferences between successive sample values.
There are various options to control the behaviour of the monitoredexpression. These include:
indicates that the expression should be evaluated using delta differencesbetween sample values (rather than the values themselves).
-d OID
-di OID
specifies a discontinuity marker for validating delta differences.A -di object instance will be used exactly as given.A -d object will have the instance subidentifiers from thecorresponding (wildcarded) expression object appended.If the -I flag is specified, then there is no differencebetween these two options.
This option also implies -D.
specifies the event to be invoked when this monitor entry is triggered.If this option is not given, the monitor entry will generate oneof the standard notifications defined in the DISMAN-EVENT-MIB.
indicates that the monitored expression should be applied to thespecified OID as a single instance. By default, the OID willbe treated as a wildcarded object, and the monitor expandedto cover all matching instances.
-i OID
-o OID
define additional varbinds to be added to the notification payloadwhen this monitor trigger fires.For a wildcarded expression, the suffix of the matched instancewill be added to any OIDs specified using -o, while OIDsspecified using -i will be treated as exact instances.If the -I flag is specified, then there is no differencebetween these two options.
See strictDisman for details of the ordering of notification payloads.
monitors the given expression every FREQUENCY seconds.By default, the expression will be evaluated every 600s (10 minutes).
indicates that the monitor expression should not be evaluatedwhen the agent first starts up. The first evaluation will be doneonce the first repeat interval has expired.
indicates that the monitor expression should be evaluated when theagent first starts up. This is the default behaviour.
Notifications triggered by this initial evaluation will be sentbefore the coldStart trap.
specifies a security name to use for scanning the local host,instead of the default iquerySecName.Once again, this user must be explicitly created and givensuitable access rights.
notificationEvent ENAME NOTIFICATION [-n] [-i OID | -o OID ]*
defines a notification event named ENAME.This can be triggered from a given monitor entry by specifyingthe option -e ENAME (see above).NOTIFICATION should be the OID of the NOTIFICATION-TYPE definitionfor the notification to be generated.
If the -n option is given, the notification payload willinclude the standard varbinds as specified in the OBJECTS clauseof the notification MIB definition.This option must come after the NOTIFICATION OID(and the relevant MIB file must be available and loaded by the agent).Otherwise, these varbinds mustbe listed explicitly (either here or in the correspondingmonitor directive).
The -i OID and -o OID options specify additionalvarbinds to be appended to the notification payload, after thestandard list.If the monitor entry that triggered this event involved awildcarded expression, the suffix of the matched instancewill be added to any OIDs specified using -o, while OIDsspecified using -i will be treated as exact instances.If the -I flag was specified to the monitor directive,then there is no difference between these two options.
setEvent ENAME [-I] OID = VALUE
defines a set event named ENAME, assigning the (integer) VALUEto the specified OID.This can be triggered from a given monitor entry by specifyingthe option -e ENAME (see above).
If the monitor entry that triggered this event involved awildcarded expression, the suffix of the matched instancewill normally be added to the OID.If the -I flag was specified to either of themonitor or setEvent directives, thespecified OID will be regarded as an exact single instance.
strictDisman yes
The definition of SNMP notifications states that thevarbinds defined in the OBJECT clause should come first(in the order specified), followed by any "extra" varbindsthat the notification generator feels might be useful.The most natural approach would be to associate thesemandatory varbinds with the notificationEvent entry,and append any varbinds associated with the monitor entrythat triggered the notification to the end of this list.This is the default behaviour of the Net-SNMP Event MIB implementation.
Unfortunately, the DisMan Event MIB specifications actuallystate that the trigger-related varbinds should come first,followed by the event-related ones. This directive can be used torestore this strictly-correct (but inappropriate) behaviour.
Strict DisMan ordering may result in generating invalid notificationspayload lists if the notificationEvent -n flag is used togetherwith monitor -o (or -i) varbind options.
If no monitor entries specify payload varbinds,then the setting of this directive is irrelevant.
linkUpDownNotifications yes
will configure the Event MIB tables to monitor the ifTablefor network interfaces being taken up or down, and triggeringa linkUp or linkDown notification as appropriate.
This is exactly equivalent to the configuration:
notificationEvent  linkUpTrap    linkUp   ifIndex ifAdminStatus ifOperStatusnotificationEvent  linkDownTrap  linkDown ifIndex ifAdminStatus ifOperStatusmonitor  -r 60 -e linkUpTrap   "Generate linkUp" ifOperStatus != 2monitor  -r 60 -e linkDownTrap "Generate linkDown" ifOperStatus == 2
defaultMonitors yes
will configure the Event MIB tables to monitor the variousUCD-SNMP-MIB tables for problems (as indicated bythe appropriate xxErrFlag column objects).
This is exactly equivalent to the configuration:
monitor -o prNames -o prErrMessage "process table" prErrorFlag != 0monitor -o memErrorName -o memSwapErrorMsg "memory" memSwapError != 0monitor -o extNames -o extOutput "extTable" extResult != 0monitor -o dskPath -o dskErrorMsg "dskTable" dskErrorFlag != 0monitor -o laNames -o laErrMessage  "laTable" laErrorFlag != 0monitor -o fileName -o fileErrorMsg  "fileTable" fileErrorFlag != 0

In both these latter cases, the snmpd.conf must also contain aiquerySecName directive, together with a correspondingcreateUser entry and suitable access control configuration. 

DisMan Schedule MIB

The DisMan working group also produced a mechanism for schedulingparticular actions (a specified SET assignment) at given times.This requires that the agent was built with support for thedisman/schedule module (which is included as part of thedefault build configuration for the most recent distribution).

There are three ways of specifying the scheduled action:

configures a SET assignment of the (integer) VALUE to the MIB instanceOID, to be run every FREQUENCY seconds.
configures a SET assignment of the (integer) VALUE to the MIB instanceOID, to be run at the times specified by the fields MINUTE to WEEKDAY.These follow the same pattern as the equivalent crontab(5) fields.
These fields should be specified as a (comma-separated) list of numericvalues. Named values for the MONTH and WEEKDAY fields are not supported,and neither are value ranges. A wildcard match can be specified as '*'.
The DAY field can also accept negative values, to indicate days countingbackwards from the end of the month.
configures a one-shot SET assignment, to be run at the first matchingtime as specified by the fields MINUTE to WEEKDAY. The interpretationof these fields is exactly the same as for the cron directive.


One of the first distinguishing features of the original UCD suite wasthe ability to extend the functionality of the agent - not just byrecompiling with code for new MIB modules, but also by configuring the running agent toreport additional information. There are a number of techniques tosupport this, including:
running external commands (exec, extend, pass)
loading new code dynamically (embedded perl, dlmod)
communicating with other agents (proxy, SMUX, AgentX)

Arbitrary Extension Commands

The earliest extension mechanism was the ability to run arbitrarycommands or shell scripts. Such commands do not need to be aware ofSNMP operations, or conform to any particular behaviour - the MIBstructures are designed to accommodate any form of command output.Use of this mechanism requires that the agent was built with support for theucd-snmp/extensible and/or agent/extend modules (whichare both included as part of the default build configuration).
invoke the named PROG with arguments of ARGS. By default the exitstatus and first line of output from the command will be reported viathe extTable, discarding any additional output.
Entries in this table appear in the order they are read from theconfiguration file. This means that adding new exec (or sh)directives and restarting the agent, may affect the indexing of otherentries.
The PROG argument for exec directives must be a full pathto a real binary, as it is executed via the exec() system call.To invoke a shell script, use the sh directive instead.
If MIBOID is specified, then the results will be rooted at this pointin the OID tree, returning the exit statement as MIBOID.100.0and the entire command output in a pseudo-table based atMIBNUM.101 - with one 'row' for each line of output.
The layout of this "relocatable" form of exec (or sh) outputdoes not strictly form a valid MIB structure. This mechanism is beingdeprecated - please see the extend directive (described below) instead.
In either case, the exit statement and output will be cached for 30safter the initial query. This cache can be flushed by a SET request ofthe integer value 1 to the MIB instance versionClearCache.0.
registers a command that can be invoked on demand - typically to respondto or fix errors with the corresponding exec or sh entry.When the extErrFix instance for a given NAMEd entry is set to theinteger value of 1, this command will be called.
This directive can only be used in combination with a correspondingexec or sh directive, which must be defined first.Attempting to define an unaccompanied execfix directive will fail.

exec and sh extensions can only be configured via thesnmpd.conf file. They cannot be set up via SNMP SET requests.

works in a similar manner to the exec directive, but with a numberof improvements. The MIB tables (nsExtendConfigTableetc) are indexed by the NAME token, so are unaffected by the order inwhich entries are read from the configuration files.There are two result tables - one (nsExtendOutput1Table)containing the exit status, the first line and full output (as a single string)for each extend entry, and the other (nsExtendOutput2Table)containing the complete output as a series of separate lines.
If MIBOID is specified, then the configuration and result tables will be rootedat this point in the OID tree, but are otherwise structured in exactlythe same way. This means that several separate extenddirectives can specify the same MIBOID root, without conflicting.
The exit status and output is cached for each entry individually, andcan be cleared (and the caching behaviour configured)using the nsCacheTable.
extendfix NAME PROG ARGS
registers a command that can be invoked on demand, by setting theappropriate nsExtendRunType instance to the valuerun-command(3). Unlike the equivalent execfix,this directive does not need to be paired with a correspondingextend entry, and can appear on its own.

Both extend and extendfix directives can be configureddynamically, using SNMP SET requests to the NET-SNMP-EXTEND-MIB. 

MIB-Specific Extension Commands

The first group of extension directives invoke arbitrary commands,and rely on the MIB structure (and management applications) havingthe flexibility to accommodate and interpret the output. This is aconvenient way to make information available quickly and simply, butis of no use when implementing specific MIB objects, where the extensionmust conform to the structure of the MIB (rather than vice versa).The remaining extension mechanisms are all concerned with suchMIB-specific situations - starting with "pass-through" scripts.Use of this mechanism requires that the agent was built with support for theucd-snmp/pass and ucd-snmp/pass_persist modules (whichare both included as part of the default build configuration).
pass [-p priority] MIBOID PROG
will pass control of the subtree rooted at MIBOID to the specifiedPROG command. GET and GETNEXT requests for OIDs within this tree willtrigger this command, called as:
respectively, where OID is the requested OID.The PROG command should return the response varbind as three separatelines printed to stdout - the first line should be the OID of the returnedvalue, the second should be its TYPE (one of the text stringsinteger, gauge, counter, timeticks, ipaddress, objectid,orstring), and the third should be the value itself.
If the command cannot return an appropriate varbind - e.g the specifiedOID did not correspond to a valid instance for a GET request, or therewere no following instances for a GETNEXT - then it should exit withoutproducing any output. This will result in an SNMP noSuchNameerror, or a noSuchInstance exception.
The SMIv2 type counter64and SNMPv2 noSuchObject exception are not supported.
A SET request will result in the command being called as:
where TYPE is one of the tokens listed above, indicating the type of thevalue passed as the third parameter.
If the assignment is successful, the PROG command should exit without producingany output. Errors should be indicated by writing one of the stringsnot-writable, or wrong-typeto stdout,and the agent will generate the appropriate error response.
The other SNMPv2 errors are not supported.
In either case, the command should exit once it has finished processing.Each request (and each varbind within a single request) will triggera separate invocation of the command.
The default registration priority is 127. This can bechanged by supplying the optional -p flag, with lower priorityregistrations being used in preference to higher priority values.
pass_persist [-p priority] MIBOID PROG
will also pass control of the subtree rooted at MIBOID to the specifiedPROG command. However this command will continue to run after the initialrequest has been answered, so subsequent requests can be processed withoutthe startup overheads.
Upon initialization, PROG will be passed the string "PING\n" on stdin,and should respond by printing "PONG\n" to stdout.
For GET and GETNEXT requests, PROG will be passed two lines on stdin,the command (get or getnext) and the requested OID.It should respond by printing three lines to stdout - the OID for the result varbind, the TYPE and the VALUE itself -exactly as for the pass directive above.If the command cannot return an appropriate varbind,it should print print "NONE\n" to stdout (but continue running).
For SET requests, PROG will be passed three lines on stdin,the command (set) and the requested OID,followed by the type and value (both on the same line).If the assignment is successful, the command should print"DONE\n" to stdout.Errors should be indicated by writing one of the stringsnot-writable, or wrong-typeto stdout,and the agent will generate the appropriate error response.In either case, the command should continue running.
The registration priority can be changed using the optional-p flag, just as for the pass directive.

pass and pass_persist extensions can only be configured via thesnmpd.conf file. They cannot be set up via SNMP SET requests. 

Embedded Perl Support

Programs using the previous extension mechanisms can be written in any convenientprogramming language - including perl, which is a common choice forpass-through extensions in particular. However the Net-SNMP agentalso includes support for embedded perl technology (similar tomod_perl for the Apache web server). This allows the agentto interpret perl scripts directly, thus avoiding the overhead ofspawning processes and initializing the perl system when a request is received.

Use of this mechanism requires that the agent was built with support for the embeddedperl mechanism, which is not part of the default build environment. Itmust be explicitly included by specifying the '--enable-embedded-perl'option to the configure script when the package is first built.

If enabled, the following directives will be recognised:

disablePerl true
will turn off embedded perl support entirely (e.g. if there are problemswith the perl installation).
perlInitFile FILE
loads the specified initialisation file (if present)immediately before the first perl directive is parsed.If not explicitly specified, the agent will look for the defaultinitialisation file /usr/share/snmp/
The default initialisation filecreates an instance of a NetSNMP::agent object - a variable$agent which can be used to register perl-based MIB handler routines.
evaluates the given expression. This would typically register ahandler routine to be called when a section of the OID tree wasrequested:
perl use Data::Dumper;perl sub myroutine  { print "got called: ",Dumper(@_),"\n"; }perl $agent->register('mylink', '.', \&myroutine);
This expression could also source an external file:
perl 'do /path/to/';
or perform any other perl-based processing that might be required.

Dynamically Loadable Modules

Most of the MIBs supported by the Net-SNMP agent are implemented asC code modules, which were compiled and linked into the agent librarieswhen the suite was first built. Such implementation modules can also becompiled independently and loaded into the running agent once it hasstarted. Use of this mechanism requires that the agent was built with support for theucd-snmp/dlmod module (which is included as part of the defaultbuild configuration).
will load the shared object module from the file PATH (an absolutefilename), and call the initialisation routine init_NAME.
If the specified PATH is not a fully qualified filename, it willbe interpreted relative to /usr/lib/snmp/dlmod, and .sowill be appended to the filename.

This functionality can also be configured using SNMP SET requeststo the UCD-DLMOD-MIB. 

Proxy Support

Another mechanism for extending the functionality of the agentis to pass selected requests (or selected varbinds) to anotherSNMP agent, which can be running on the same host (presumablylistening on a different port), or on a remote system.This can be viewed either as the main agent delegating requests tothe remote one, or acting as a proxy for it.Use of this mechanism requires that the agent was built with support for theucd-snmp/proxy module (which is included as part of thedefault build configuration).
will pass any incoming requests under OID to the agent listeningon the port specified by the transport address HOST.See the section LISTENING ADDRESSESin thesnmpd(8)manual page for more information about the format of listeningaddresses.
To proxy the entire MIB tree, use the OID .1.3(not the top-level .1)

The SNMPCMD_ARGS should provide sufficient version andadministrative information to generate a valid SNMP request(see snmpcmd(1)).

The proxied request will not use the administrativesettings from the original request.

If a CONTEXTNAME is specified, this will register the proxydelegation within the named context in the local agent.Defining multiple proxy directives for the same