NAME
snmpd - Sun SNMP Agent
SYNOPSIS
snmpd [ -r ] [ -p port ] [ -a ] [ -c config-file ] [ - T trace-level ]
DESCRIPTION
snmpd is an RFC 1157-compliant SNMP agent. snmpd supports MIB-II as defined in RFC 1213, with Sun extensions under Sun's enterprise number. The MIB (Management Information Base) is both readable and writable. snmpd supports all SNMP protocol operations including GET-REQUEST, GETNEXTREQUEST, SET-REQUEST, GET-REPLY, and TRAP.
snmpd supports the coldStart, linkUp, linkDown, and authentication traps. The authentication trap may be disabled by a command-line switch, which itself may be overridden by a management station writing to a MIB variable in the standard SNMP MIB group.
snmpd supports four distinct views of the MIB. The view used for any request is determined by the community string contained in that request.
To enhance security, snmpd supports an option to block all writes to the MIB. You can also limit the set of management stations from which the agent will accept requests in the configuration file used when starting the snmpd. See the SECURITY section below for more information.
Unless overridden, snmpd uses UDP port 161, the standard SNMP port. snmpd issues traps through the same port on which it receives SNMP requests.
snmpd must run with ``root'' privileges and is typically started at system startup via /etc/rc.local. snmpd may not be started using inetd . When started, snmpd detaches itself from the keyboard, disables all signals except SIGKILL, SIGILL, SIGUSR1, and SIGUSR2, and places itself in the background.
OPTIONS
The following options are recognized:
FILES
The following files are provided for agent operation:
The snmpd.conf file is used for configuration information. Each entry in the file consists of a keyword followed by a parameter string. The keyword must begin in the first position. Parameters are separated from the keyword and from one another by white space. Case in keywords is ignored. Each entry must be contained on a single line. All text following (and including) a pound sign (#) is ignored. Keywords currently supported are:
sysdescr
The value to be used to answer queries for sysDescr.
syscontact
The value to be used to answer queries for sysContact.
syslocation
The value to be used to answer queries for sysLocation.
trap The parameter names one or more hosts to receive traps. Only five hosts may be listed.
system-group-read-community
The community name to get read access to the system group and Sun's extended system group.
system-group-write-community
The community name to get write access to the system group and Sun's extended system group.
read-community
The community name to get read access to the entire MIB.
write-community
The community name to get write access to the entire MIB (implies read access).
trap-community
The community name to be used in traps.
kernel-file
The name of the file to use for kernel symbols.
managers
The names of hosts that may send SNMP queries. Only five hosts may be listed on any one line. This keyword may be repeated for a total of 32 hosts.
newdevice
The additional devices which are not built in SNMPD. The format is as follows:
newdevice type speed name
where newdevice is the keyword, type is an integer which has to match your schema file, speed is the new device's speed, and name is this new device's name.
An example snmpd.conf file is shown below:
Your /etc/services file (or NIS equivalent) should contain the following entries:
#
# Start the SNMP agent
#
if [ -f /etc/opt/SUNWconn/snm/snmpd.conf -a -x /opt/SUNWconn/snm/agents/snmpd ];
then
/opt/SUNWconn/snm/agents/snmpd -c /etc/opt/SUNWconn/snm/snmpd.conf && echo `Starting SNMP-agent.'
Following is an example for Solaris 1.x:
#
# Start the SNMP agent
#
if [ -f /etc/snmpd.conf -a -x /usr/snm/agents/snmpd ]; then /usr/snm/agents/snmpd -c /etc/snmpd.conf && echo `Starting SNMP-agent.'
(Note that you need not explicitly place snmpd into the background. Also note that snmpd may not be started by inetd .)
SECURITY
SNMP, as presently defined, offers relatively little security. snmpd accepts requests from other machines, which can have the effect of disabling the network capabilities of your computer. To limit the risk, the configuration file lets you specify a list of up to 32 manager stations from which snmpd will accept requests. If you do not specify any such manager stations, snmpd accepts requests from anywhere.
snmpd also allows you to mark the MIB as ``read-only,'' by using the -r option.
Finally, snmpd supports four different community strings. These strings, however, are visible in the configuration file and within the SNMP packets as they flow on the network.
The configuration file should be owned by, and readable only by "root". In other words the mode should be:
For Solaris 2.x:
-rw------- 1 root 2090 Oct 17 15:04 /etc/opt/SUNWconn/snm/agent.conf
For Solaris 1.x:
-rw------- 1 root 2090 Oct 17 15:04 /etc/agent.conf
MIB
This section discusses some of the differences between the snmpd MIB and the standard MIB-II (as defined in RFC 1213).
The following variables are read-only in the snmpd MIB:
sysName
atIfIndex
ipDefaultTTL
These variables are read-write in the standard MIB-II.
The snmpd MIB Address Translation tables support limited write access: only atPhysAddress may be written, either to change the physical address of an existing entry or to delete an entire ARP table entry.
The snmpd MIB IP Net to Media table supports limited write access: only ipNetToMediaPhysAddress and ipNetToMediaType may be written, either to change the physical address of an existing entry or to delete an entire ARP table entry.
The following variables are read-write in the snmpd MIB; however, these variables have fixed values. Any new values ``set'' to them are accepted, but have no effect:
ipRoutIfIndex
ipRouteMetric1
ipRouteMetric2
ipRouteMetric3
ipRouteMetric4
ipRouteType
ipRouteAge
ipRouteMask
ipRouteMetric5
The following snmpd MIB variable reflects the actual state of the related table entry. ``Sets'' are accepted but have no effect:
tcpConnState
The following snmpd MIB variables are readable, but return a fixed value:
The system group reports statistics about a particular system (for example, a workstation or a printer).
sysDescr -A
textual description of the entity. This value should include the full name and version identification of the system's hardware type, software operating-system, and networking software. This value must only contain printable ASCII characters. (string[255])
sysObjectID -The
vendor's authoritative identification of the network management subsystem contained in the entity. This value is allocated within the SMI enterprises subtree (1.3.6.1.4.1) and provides an easy and unambiguous means for determining what type of equipment is being managed. For example, if vendor ``Flintstones, Inc.'' was assigned the subtree 1.3.6.1.4.1.4242, it could assign the identifier 1.3.6.1.4.1.4242.1.1 to its ``Fred Router.'' (objectid)
sysUpTime -Time
(in hundredths of a second) since the network management portion of the system was last reinitialized. (timeticks)
sysContact -The
textual identification of the contact person for this managed node, together with information on how to contact this person. (string[255])
sysName -An
administratively-assigned name for this managed node. By convention, this is the node's fullyqualified domain name. (string[255])
sysLocation -The
physical location of this node (for example, ``telephone closet, 3rd floor''). (string[255])
sysServices -A
value indicating the set of services that this entity primarily offers. (int)
The value is a sum. This sum initially takes the value zero. Then, for each layer L in the range 1 through 7 for which this node performs transactions, 2 raised to (L - 1) is added to the sum. For example, a node that performs primarily routing functions would have a value of 4 (2^(3-1)). In contrast, a node that is a host offering application services would have a value of 72 (2^(4-1) + 2^(7-1)). Note that in the context of the Internet suite of protocols, values should be calculated accordingly:
The snmp group reports statistics about the SNMP group. snmpInPkts - The total number of Messages delivered to the SNMP entity from
the transport service. (counter) snmpOutPkts - The total number of SNMP Messages passed from the SNMP protocol entity to the transport service. (counter)
snmpInBadVersions - The total number of SNMP Messages delivered to the SNMP protocol entity that were for an unsupported
SNMP version. (counter)
snmpInBadCommunityNames - The total number of SNMP Messages delivered to the SNMP protocol entity that used a SNMP community name not known to said entity. (counter) snmpInBadCommunityUses - The total number of SNMP Messages delivered to the SNMP protocol entity,
which represented an SNMP operation not allowed by the SNMP community named in the Message. (counter) snmpInASNParseErrs - The total number of ASN.1 or BER errors encountered by the SNMP protocol entity when decoding received SNMP Messages. (counter) snmpInTooBigs - The total
number of SNMP PDUs delivered to the SNMP protocol entity for which the value of the error-status field is ``tooBig.'' (counter) snmpInNoSuchNames - The total number of SNMP PDUs delivered to the
SNMP protocol entity for which the value of the error-status field is ``noSuchName.'' (counter)
snmpInBadValues - The total number of SNMP PDUs delivered to the SNMP protocol entity for which the value of the error-status field
is ``badValue.'' (counter)
snmpInReadOnlys - The total number valid SNMP PDUs delivered to the SNMP protocol entity for which the value of the error-status field is ``readOnly.'' It should be noted that it is a protocol error to generate an
SNMP PDU that contains the value ``readOnly'' in the error-status field. This object is provided as a means of detecting incorrect implementations of
the SNMP. (counter)
snmpInGenErrs - The total number of SNMP PDUs delivered to the SNMP protocol entity for which the value of the error-status
field is ``genErr.'' (counter) snmpInTotalReqVars - The total number of MIB objects successfully retrieved by the SNMP protocol
entity as the result of receiving valid SNMP Get-Request and Get-Next PDUs. (counter)
snmpInTotalSetVars - The total number of MIB objects successfully altered by the SNMP protocol entity as the result of receiving
valid SNMP Set-Request PDUs. (counter)
snmpInGetRequests - The total number of SNMP GetRequest PDUs accepted and processed by the SNMP protocol entity. (counter)
snmpInGetNexts - The total number of SNMP Get-Next PDUs accepted and processed by the SNMP protocol entity. (counter)
snmpInSetRequests - The total number
of SNMP SetRequest PDUs accepted and processed by the SNMP protocol entity. (counter)
snmpInGetResponses - The total number of SNMP GetResponse PDUs accepted and processed by the SNMP protocol entity. (counter)
snmpInTraps - The total number of SNMP
Trap PDUs accepted and processed by the SNMP protocol entity. (counter)
snmpOutTooBigs - The total number of SNMP PDUs generated by the SNMP protocol entity for which the value of the error-status
field is ``tooBig.'' (counter) snmpOutNoSuchNames - The total number of SNMP PDUs generated by the SNMP protocol entity for which the value of the error-status is ``noSuchName.'' (counter) snmpOutBadValues - The total number of SNMP PDUs generated
by the SNMP protocol entity for which the value of the error-status field is ``badValue.'' (counter) snmpOutGenErrs - The total number of
SNMP PDUs generated by the SNMP protocol entity for which the value of the error-status field is ``genErr.'' (counter) snmpOutGetRequests - The total number of SNMP GetRequest PDUs which have been
generated by the SNMP protocol entity. (counter)
snmpOutGetNexts - The total number of SNMP Get-Next PDUs generated by the SNMP protocol entity. (counter) snmpOutSetRequests - The total number of SNMP SetRequest PDUs
generated by the SNMP protocol entity. (counter)
snmpOutGetResponses - The total number of SNMP GetResponse PDUs generated by the SNMP protocol entity. (counter)
snmpOutTraps - The total number
of SNMP Trap PDUs generated by the SNMP protocol entity. (counter) snmpEnableAuthenTraps - Indicates whether the SNMP agent process is permitted to generate authentication failure traps.
The value of this object overrides any configuration information. As such, it provides a means whereby all authentication-failure traps may
be disabled. (enum)
Note that this object must be stored in non-volatile memory, so that it remains constant between reinitializations of
the network management system.
The following are Sun-specific group and table definitions.
The sunSystem group reports general system information. agentDescr - The SNMP agent's description of itself. (string[255])
hostID - The unique Sun hardware identifier.
The value returned is four byte binary string. (octet[4]) motd - The first line of /etc/motd . (string[255]) unixTime - The UNIX system time. Measured in seconds since January 1, 1970 GMT. (counter) The sunProcessTable table reports UNIX process
table information. psProcessID - The process identifier for this process. (int)
psParentProcessID - The process identifier of this process's parent. (int)
psProcessSize - The combined size of the data and stack segments (in kilobytes.) (int)
psProcessCpuTime - The CPU time (including both user and system time) consumed so far. (int) psProcessState - The run-state of the process. (octet[4])
select(2) failed
A select(2) system call failed. The rest of the message indicates the cause of the failure.
sendto(2) failed
A sendto(2) system call failed. The rest of the message indicates the cause of the failure.
recvfrom(2) failed
A recvfrom(2) system call failed. The rest of the message indicates the cause of the failure.
no response from system
The SNMP agent on the target system does not respond to SNMP requests.
This error might indicate that the SNMP agent is not running on the target system, the target system is down, or the network containing the target system is unreachable.
response too big
The agent could not fit the results of an operation into a single SNMP message. Split large groups or tables into smaller entities.
missing attribute
An attribute is missing from the requested group.
bad attribute type
An object attribute type received from the SNMP agent that does not match the attribute type specified by the proxy agent schema. The rest of the message indicates the expected type and received type.
cannot get sysUpTime
The proxy agent cannot get the variable sysUpTime from the SNMP agent.
sysUpTime type bad
The variable sysUpTime received from the SNMP agent has the wrong data type.
unknown SNMP error
An unknown SNMP error was received.
bad variable value
The requested specified an incorrect syntax or value for a set operation.
variable is read only
The SNMP agent did not perform the set request because a variable to set may not be written.
general error
A general error was received.
cannot make request PDU
An error occurred building a request PDU.
cannot make request varbind list
An error occurred building a request variable binding list.
cannot parse response PDU
An error occurred parsing a response PDU.
request ID - response ID mismatch
The response ID does not match the request ID.
string contains non-displayable characters A displayable string contains non-displayable characters.
cannot open schema file
An error occurred opening the proxy agent schema file.
cannot parse schema file
The proxy agent couldn't parse the proxy agent schema file.
cannot open host file
An error occurred opening the file associated with the na.snmp.hostfile keyword in /etc/opt/SUNWconn/snm/snm.conf for Solaris 2.x and /etc/snm.conf for Solaris 1.x.
cannot parse host file
The proxy agent was unable to parse the file associated with the na.snmp.hostfile keyword in /etc/opt/SUNWconn/snm/snm.conf for Solaris 2.x and /etc/snm.conf for Solaris 1.x.
attribute unavailable for set operations
The set could not be completed because the attribute was not available for set operations.
BUGS
snmpd returns the wrong interface speed for the SBUS FDDI interface (for example, ``bf0'').
snmpd does not return a MAC address for the SBUS FDDI interface (for example, ``bf0'').
Process names retrieved from snmpd contain a leading blank space.
When you change attribute values in the system group with an SNMP set request, the change is effective only as long as snmpd is running. snmpd does not save the changes to /etc/opt/SUNWconn/snm/snmpd.conf for Solaris 2.x or /etc/snmpd.conf for Solaris 1.x.