Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OpenBSD-5.7)
Apropos / Subsearch:
optional field

SNMPD.CONF(5)               BSD File Formats Manual              SNMPD.CONF(5)

     snmpd.conf -- Simple Network Management Protocol daemon configuration

     snmpd.conf is the configuration file for the snmpd(8) daemon.

     The snmpd.conf file is divided into three main sections:

           User-defined variables may be defined and used later, simplifying
           the configuration file.

     Global Configuration
           Global runtime settings for snmpd(8).

     User Configuration
           USM user definitions.

     OID Configuration
           Custom configuration of SNMP object identifiers and values.

     The current line can be extended over multiple lines using a backslash
     ('\').  Comments can be put anywhere in the file using a hash mark ('#'),
     and extend to the end of the current line.  Care should be taken when
     commenting out multi-line text: the comment is effective until the end of
     the entire block.

     Argument names not beginning with a letter, digit, or underscore must be

     Additional configuration files can be included with the include keyword,
     for example:

           include "/etc/snmpd.conf.local"

     Macros can be defined that will later be expanded in context.  Macro
     names must start with a letter, digit, or underscore, and may contain any
     of those characters.  Macro names may not be reserved words (for example,
     community, system, or oid).  Macros are not expanded inside quotes.

     For example:

           listen on $ext_addr

     The following options can be set globally:

     filter-routes (yes | no)
             If set to yes, ask the kernel to filter route update messages on
             the routing socket.  Routing table information will not be avail-
             able, but CPU use will be reduced during bulk updates.  The
             default is no.

     listen on address
             Specify the local address snmpd(8) should listen on for incoming
             SNMP messages.

     read-only community string
             Specify the name of the read-only community.  The default value
             is public.

     read-write (community string | disabled)
             Specify the name of the read-write community, or disallow writes
             completely.  The default value is private.

     seclevel (none | auth | enc)
             Specify the lowest security level that snmpd(8) accepts:

                  none  Both authentication and encryption of messages is
                        optional.  This is the default value.

                  auth  Authentication of messages is mandatory.  snmpd(8)
                        will discard any messages that don't have a valid
                        digest.  Encryption of messages is optional.

                  enc   Messages must be encrypted and must have a valid
                        digest for authentication.  Otherwise they will be

             If the chosen value is different from none snmpd(8) will accept
             only SNMPv3 requests since older versions neither support authen-
             tication nor encryption.

     socket "path" [restricted | agentx]
             Create a control socket at path.  If restricted is specified, a
             restricted control socket will be created.  If agentx is speci-
             fied, a socket which speaks the AgentX protocol will be created.
             Multiple restricted and agentx sockets may be created.  By
             default /var/run/snmpd.sock is created and no other sockets are

     system contact string
             Specify the name or description of the system contact, typically
             a name or an e-mail address.  The default value is root@hostname
             using the hostname of the local machine.

     system description string
             Specify a description of the local system.  The default value is
             the operating system identification as printed by the uname(1)
             command using the -a flag:

                   OpenBSD myhost.example.com 4.2 GENERIC#595 i386

     system location string
             Specify the string describing the location of the local system,
             typically a physical location.  The default value is an empty

     system name string
             Specify the name of the local system, typically a fully-qualified
             domain name.  The default value is the hostname of the local sys-

     system oid oid-string
             Specify the authoritative identification of the local system.
             The default value is
             (iso.org.dod.internet.private.enterprises.openbsd.23.1) identify-
             ing a common OpenBSD system.

     system services number
             Specify a magic value which indicates the set of services that
             the local system may provide.  Refer to the sysServices descrip-
             tion in the SNMP MIB for details.

     trap community string
             Specify the name of the trap community.  The default value is

     trap handle oid "command"
             Execute command upon receipt of an SNMP trap that begins with a
             prefix of oid.  Alternately, the string "default" may be used, in
             which case the prefix used is 1.3.  The invoked command will
             receive the following information about the trap on standard
             input, one per line, in this order: the resolved hostname of the
             host sending the trap, the IP address of the host sending the
             trap, and any variable bindings contained in the trap (the OID
             followed by the value, separated by a single space).

     trap receiver string [oid oid-string] [community string]
             Specify the address or FQDN of a remote trap receiver for outgo-
             ing traps sent by snmpd(8).  This option may be specified multi-
             ple times.  The daemon will send outgoing traps using the revised
             SNMPv2 format and the configured trap community.  The default
             community is specified by the global trap community option.

     Users for the SNMP User-based Security Model (USM, RFC 3414) must be
     defined in the configuration file:

     user name [authkey key auth hmac] [enckey key enc cipher]
           Defines a known user.  The authkey keyword is required to specify
           the digest key used to authenticate messages.  If this keyword is
           omitted then authentication is disabled for this user account.
           Optionally the HMAC algorithm used for authentication can be speci-
           fied.  hmac must be either hmac-md5 or hmac-sha1.  If omitted the
           default is hmac-sha1.

           With enckey the encryption key used to encrypt and decrypt messages
           for privacy is defined.  Without an enckey specification the user
           account will neither accept encrypted incoming messages nor will it
           encrypt outgoing messages.  The enc algorithm can be either des or
           aes and defaults to des.

           Any user account that has encryption enabled requires authentica-
           tion to be enabled too.

     It is possible to specify user-defined OIDs in the configuration file:

     oid oid-string name name [read-only | read-write] [type] value
             Return the specified value to the client for this OID.  The
             read-write option may allow the client to override it, and the
             type is either string or integer.

     /etc/snmpd.conf  Default location of the configuration file.

     The following example will tell snmpd(8) to listen on localhost, override
     the default system OID, set the magic services value and provides some
     custom OID values:

           listen on

           system oid
           system services 74

           oid name myName read-only string "humppa"
           oid name myStatus read-only integer 1

     The next example will enforce SNMPv3 with authenticated and encrypted
     communication and the user-based security model.  The configuration
     defines two users, the first one is using the aes encryption algorithm
     and the second one the default des algorithm.

           seclevel enc

           user "xaver" authkey "password123" enc aes enckey "321drowssap"
           user "traudl" authkey "password456" enckey "654drowssap"

     snmpctl(8), snmpd(8)

     The snmpd.conf file format first appeared in OpenBSD 4.3.

     The snmpd(8) program was written by Reyk Floeter <reyk@openbsd.org>.

BSD                             March 23, 2017                             BSD