snmpd.config revision 216301
1145184Sglebius# $FreeBSD: head/etc/snmpd.config 216301 2010-12-08 17:34:07Z syrinx $ 2145184Sglebius# 3145184Sglebius# Example configuration file for bsnmpd(1). 4145184Sglebius# 5145184Sglebius 6145184Sglebius# 7145184Sglebius# Set some common variables 8145184Sglebius# 9145184Sglebiuslocation := "Room 200" 10155768Scericontact := "sysmeister@example.com" 11145184Sglebiussystem := 1 # FreeBSD 12155458Sglebiustraphost := localhost 13145184Sglebiustrapport := 162 14145184Sglebius 15216300Ssyrinx# 16216300Ssyrinx# Set the SNMP engine ID. 17216300Ssyrinx# 18216300Ssyrinx# The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via 19216300Ssyrinx# this configuration file, an ID is assigned based on the value of the 20216300Ssyrinx# kern.hostid variable 21216300Ssyrinx# engine := 0x80:0x10:0x08:0x10:0x80:0x25 22216300Ssyrinx# snmpEngineID = $(engine) 23216300Ssyrinx 24145184Sglebius# Change this! 25145184Sglebiusread := "public" 26165685Smaxim# Uncomment begemotSnmpdCommunityString.0.2 below that sets the community 27165685Smaxim# string to enable write access. 28145184Sglebiuswrite := "geheim" 29145184Sglebiustrap := "mytrap" 30145184Sglebius 31216300Ssyrinx# Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options 32216300SsyrinxNoAuthProtocol := 1.3.6.1.6.3.10.1.1.1 33216300SsyrinxHMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2 34216300SsyrinxHMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3 35216300SsyrinxNoPrivProtocol := 1.3.6.1.6.3.10.1.2.1 36216300SsyrinxDESPrivProtocol := 1.3.6.1.6.3.10.1.2.2 37216300SsyrinxAesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4 38216300Ssyrinx 39145184Sglebius# 40216300Ssyrinx# SNMPv3 USM User definition 41216300Ssyrinx# 42216300Ssyrinx# The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD, 43216300Ssyrinx# SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking 44216300Ssyrinx# 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other 45216300Ssyrinx# usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp" 46216301Ssyrinx# with a private password "bsnmp", localized for the above engine ID. 47216300Ssyrinx# 48216300Ssyrinx# user1 := "bsnmp" 49216300Ssyrinx# user1passwd := 0x1b:0x6d:0x9e:0x94:0xbe:0x19:0x17:0xfb:0xde:0x60:0x46:0xfe:0x59:0x6f:0x61:0x95:0xf2:0xc9:0x57:0x1f 50216300Ssyrinx 51216300Ssyrinx# 52145184Sglebius# Configuration 53145184Sglebius# 54145184Sglebius%snmpd 55145184SglebiusbegemotSnmpdDebugDumpPdus = 2 56145184SglebiusbegemotSnmpdDebugSyslogPri = 7 57145184Sglebius 58154186Sharti# 59154186Sharti# Set the read and write communities. 60154186Sharti# 61154186Sharti# The default value of the community strings is NULL (note, that this is 62154186Sharti# different from the empty string). This disables both read and write access. 63154186Sharti# To enable read access only the read community string must be set. Setting 64154186Sharti# the write community string enables both read and write access with that 65154186Sharti# string. 66154186Sharti# 67154186Sharti# Be sure to understand the security implications of SNMPv2 - the community 68154186Sharti# strings are readable on the wire! 69154186Sharti# 70145184SglebiusbegemotSnmpdCommunityString.0.1 = $(read) 71154186Sharti# begemotSnmpdCommunityString.0.2 = $(write) 72145184SglebiusbegemotSnmpdCommunityDisable = 1 73145184Sglebius 74145184Sglebius# open standard SNMP ports 75163823ShartibegemotSnmpdPortStatus.0.0.0.0.161 = 1 76145184Sglebius 77145184Sglebius# open a unix domain socket 78145184SglebiusbegemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1 79145184SglebiusbegemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4 80145184Sglebius 81145184Sglebius# send traps to the traphost 82145184SglebiusbegemotTrapSinkStatus.[$(traphost)].$(trapport) = 4 83145184SglebiusbegemotTrapSinkVersion.[$(traphost)].$(trapport) = 2 84145184SglebiusbegemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap) 85145184Sglebius 86145184SglebiussysContact = $(contact) 87145184SglebiussysLocation = $(location) 88145184SglebiussysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system) 89145184Sglebius 90145184SglebiussnmpEnableAuthenTraps = 2 91145184Sglebius 92145184Sglebius# 93145184Sglebius# Load MIB-2 module 94145184Sglebius# 95145184SglebiusbegemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" 96145184Sglebius 97156070Sharti# Force a polling rate for the 64-bit interface counters in case 98156070Sharti# the automatic computation is wrong (which may be the case if an interface 99156070Sharti# announces the wrong bit rate via its MIB). 100156070Sharti#%mibII 101156070Sharti#begemotIfForcePoll = 2000 102156070Sharti 103145184Sglebius# 104216300Ssyrinx# SNMPv3 User-based security module - must be loaded for SNMPv3 USM 105216300Ssyrinx# 106216300Ssyrinx#begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so" 107216300Ssyrinx 108216300Ssyrinx# 109216300Ssyrinx# SNMPv3 USM User definition. 110216300Ssyrinx# 111216300Ssyrinx 112216300Ssyrinx#%usm 113216300Ssyrinx 114216300Ssyrinx# 115216300Ssyrinx# The following block creates a user with name "bsnmp" and sets privacy 116216300Ssyrinx# and encryption options to SHA256 message digests and AES encryption 117216300Ssyrinx# for this user. 118216300Ssyrinx# 119216300Ssyrinx# usmUserStatus.$(engine).$(user1) = 5 120216300Ssyrinx# usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol) 121216300Ssyrinx# usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd) 122216300Ssyrinx# usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol) 123216300Ssyrinx# usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd) 124216300Ssyrinx# usmUserStatus.$(engine).$(user1) = 1 125216300Ssyrinx# 126216300Ssyrinx 127216300Ssyrinx# 128216300Ssyrinx# The following block creates a user with name "public" with no authentication 129216301Ssyrinx# or encryption options. 130216300Ssyrinx# 131216300Ssyrinx# usmUserStatus.$(engine).$(read) = 5 132216300Ssyrinx# usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol) 133216300Ssyrinx# usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol) 134216300Ssyrinx# usmUserStatus.$(engine).$(read) = 1 135216300Ssyrinx# 136216300Ssyrinx 137216300Ssyrinx# 138216300Ssyrinx# SNMPv3 View-based Access Control module 139216300Ssyrinx# 140216300Ssyrinx#begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so" 141216300Ssyrinx 142216300Ssyrinx# 143216300Ssyrinx# Definition of view-based access control entries. 144216300Ssyrinx# 145216300Ssyrinx#%vacm 146216300Ssyrinx 147216300Ssyrinx# Definition of a SNMPv1 group 148216300Ssyrinx# vacmSecurityToGroupStatus.1.$(read) = 4 149216300Ssyrinx# vacmGroupName.1.$(read) = $(read) 150216300Ssyrinx 151216300Ssyrinx# Definition of SNMPv2 group 152216300Ssyrinx# vacmSecurityToGroupStatus.2.$(write) = 4 153216300Ssyrinx# vacmGroupName.2.$(write) = $(write) 154216300Ssyrinx 155216300Ssyrinx# Definition of SNMPv3 group with users "bsnmp" and "public" 156216300Ssyrinx# vacmSecurityToGroupStatus.3.$(user1) = 4 157216300Ssyrinx# vacmGroupName.3.$(user1) = $(write) 158216300Ssyrinx# vacmSecurityToGroupStatus.3.$(read) = 4 159216300Ssyrinx# vacmGroupName.3.$(read) = $(write) 160216300Ssyrinx 161216300Ssyrinx# 162216300Ssyrinx# The OID of the .iso.org.dod.internet subtree 163216300Ssyrinx# 164216300Ssyrinx# internetoid := 1.3.6.1 165216300Ssyrinx# internetoidlen := 4 166216300Ssyrinx 167216300Ssyrinx# Enumerated values for the privacy options 168216300Ssyrinx# noAuthNoPriv := 1 169216300Ssyrinx# authNoPriv := 2 170216300Ssyrinx# authPriv := 3 171216300Ssyrinx 172216300Ssyrinx# 173216300Ssyrinx# Definitions of two views 174216300Ssyrinx# 175216300Ssyrinx# vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4 176216300Ssyrinx# vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4 177216300Ssyrinx 178216300Ssyrinx# 179216300Ssyrinx# Access control 180216300Ssyrinx# 181216300Ssyrinx 182216300Ssyrinx# 183216300Ssyrinx# Read-only access for SNMPv1 users 184216300Ssyrinx# 185216300Ssyrinx# vacmAccessStatus.$(read)."".1.1 = 4 186216300Ssyrinx# vacmAccessReadViewName.$(read)."".1.1 = "internet" 187216300Ssyrinx 188216300Ssyrinx# 189216300Ssyrinx# Read-write access for SNMPv2 users 190216300Ssyrinx# 191216300Ssyrinx# vacmAccessStatus.$(write)."".2.1 = 4 192216300Ssyrinx# vacmAccessReadViewName.$(write)."".2.1 = "internet" 193216300Ssyrinx# vacmAccessWriteViewName.$(write)."".2.1 = "internet" 194216300Ssyrinx 195216300Ssyrinx# 196216300Ssyrinx# Read-write-notify access for SNMPv3 USM users with noAuthNoPriv 197216300Ssyrinx# 198216300Ssyrinx# vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4 199216300Ssyrinx# vacmAccessReadViewName.$(write)."".3.$(noAuthNoPriv) = "internet" 200216300Ssyrinx# vacmAccessWriteViewName.$(write)."".3.$(noAuthNoPriv) = "internet" 201216300Ssyrinx# vacmAccessNotifyViewName.$(write)."".3.$(noAuthNoPriv) = "internet" 202216300Ssyrinx 203216300Ssyrinx# 204216300Ssyrinx#Read-write-notify access to restricted for SNMPv3 USM users with authPriv 205216300Ssyrinx# 206216300Ssyrinx# vacmAccessStatus.$(write)."".3.$(authPriv) = 4 207216300Ssyrinx# vacmAccessReadViewName.$(write)."".3.$(authPriv) = "restricted" 208216300Ssyrinx# vacmAccessWriteViewName.$(write)."".3.$(authPriv) = "restricted" 209216300Ssyrinx# vacmAccessNotifyViewName.$(write)."".3.$(authPriv) = "restricted" 210216300Ssyrinx 211145184Sglebius# Netgraph module 212145184Sglebius# 213145184Sglebius#begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so" 214145184Sglebius# 215145184Sglebius#%netgraph 216145184Sglebius#begemotNgControlNodeName = "snmpd" 217145184Sglebius 218145184Sglebius# 219145184Sglebius# pf(4) module 220145184Sglebius# 221145184Sglebius#begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so" 222154177Sharti 223154177Sharti# 224154177Sharti# Host resources module 225154177Sharti# This requires the mibII module. 226154177Sharti# 227154177Sharti#begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so" 228165419Ssyrinx 229165419Ssyrinx# 230165419Ssyrinx# Bridge module 231165419Ssyrinx# This requires the mibII module. 232165419Ssyrinx# 233165419Ssyrinx#begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so" 234210503Ssyrinx 235210503Ssyrinx# 236210503Ssyrinx# Wireless module 237210503Ssyrinx# This requires the mibII module. 238210503Ssyrinx# 239210503Ssyrinx#begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so" 240