NAME

SYNOPSIS

DESCRIPTION

snmpd supports the coldStart, linkUp, linkDown, and authentication traps. The authentication trap may be disabled by a command-line switch, which itself may be overridden by a management station writing to a MIB variable in the standard SNMP MIB group.

snmpd supports four distinct views of the MIB. The view used for any request is determined by the community string contained in that request.

To enhance security, snmpd supports an option to block all writes to the MIB. You can also limit the set of management stations from which the agent will accept requests in the configuration file used when starting the snmpd. See the SECURITY section below for more information.

Unless overridden, snmpd uses UDP port 161, the standard SNMP port. snmpd issues traps through the same port on which it receives SNMP requests.

snmpd must run with ``root'' privileges and is typically started at system startup via /etc/rc.local. snmpd may not be started using inetd . When started, snmpd detaches itself from the keyboard, disables all signals except SIGKILL, SIGILL, SIGUSR1, and SIGUSR2, and places itself in the background.

OPTIONS

-r

places the MIB into read-only mode.

-pport

defines an alternative UDP port on which snmpd listens for incoming requests. The default is UDP port 161.

-a

disables the generation of authentication traps.

-cconfig-file

defines a configuration file that is read when the agent starts up. If a configuration file is not specified, the file /etc/opt/SUNWconn/snm/snmpd.conf for Solaris 2.x or the file /etc/snmpd.conf for Solaris 1.x is used.

-Ttrace-level

sets trace levels. A value of 0 disables all tracing and is the default. Levels 1 through 3 represent increasing levels of trace output. When snmpd receives the signal SIGUSR1, it resets the trace-level to 0. When snmpd receives the signal SIGUSR2, it increments the trace-level by one.

FILES

snmpd

agent binary snmpd.conf configuration information (described below)

sun-snmp.schema

SNM schema generated by mib2schema utility from MIB

sun.mib

Sun-specific MIB in ASN.1 format

sun-snmp.oid

contains the object identifiers referenced by MIB-II and Sun-specific OIDs

The snmpd.conf file is used for configuration information. Each entry in the file consists of a keyword followed by a parameter string. The keyword must begin in the first position. Parameters are separated from the keyword and from one another by white space. Case in keywords is ignored. Each entry must be contained on a single line. All text following (and including) a pound sign (#) is ignored. Keywords currently supported are:

sysdescr
The value to be used to answer queries for sysDescr.

syscontact
The value to be used to answer queries for sysContact.

syslocation
The value to be used to answer queries for sysLocation.

trap The parameter names one or more hosts to receive traps. Only five hosts may be listed.

system-group-read-community
The community name to get read access to the system group and Sun's extended system group.

system-group-write-community
The community name to get write access to the system group and Sun's extended system group.

read-community
The community name to get read access to the entire MIB.

write-community
The community name to get write access to the entire MIB (implies read access).

trap-community
The community name to be used in traps.

kernel-file
The name of the file to use for kernel symbols.

managers
The names of hosts that may send SNMP queries. Only five hosts may be listed on any one line. This keyword may be repeated for a total of 32 hosts.

newdevice
The additional devices which are not built in SNMPD. The format is as follows:
newdevice type speed name
where newdevice is the keyword, type is an integer which has to match your schema file, speed is the new device's speed, and name is this new device's name.

An example snmpd.conf file is shown below:

sysdescr

Sun SNMP Agent, SPARCstation 10, Company Property Number 123456

syscontact

Cliff Claven

sysLocation

Stool next to Norms at Cheers #

system-group-read-community

public

system-group-write-community

private # read-community all_public write-community all_private #

trap

localhost trap-community SNMP-trap #

#kernel-file

/vmunix #

managers

lvs golden

managers

swap

Your /etc/services file (or NIS equivalent) should contain the following entries:

snmp

161/udp # Simple Network Mgmt Protocol

snmp-trap

162/udp snmptrap # SNMP trap (event) messages

#
# Start the SNMP agent
#

if [ -f /etc/opt/SUNWconn/snm/snmpd.conf -a -x /opt/SUNWconn/snm/agents/snmpd ];
then
/opt/SUNWconn/snm/agents/snmpd -c /etc/opt/SUNWconn/snm/snmpd.conf && echo `Starting SNMP-agent.'

Following is an example for Solaris 1.x:

#
# Start the SNMP agent
#

if [ -f /etc/snmpd.conf -a -x /usr/snm/agents/snmpd ]; then /usr/snm/agents/snmpd -c /etc/snmpd.conf && echo `Starting SNMP-agent.'

(Note that you need not explicitly place snmpd into the background. Also note that snmpd may not be started by inetd .)

SECURITY

snmpd also allows you to mark the MIB as ``read-only,'' by using the -r option.

Finally, snmpd supports four different community strings. These strings, however, are visible in the configuration file and within the SNMP packets as they flow on the network.

The configuration file should be owned by, and readable only by "root". In other words the mode should be:

For Solaris 2.x:
-rw------- 1 root 2090 Oct 17 15:04 /etc/opt/SUNWconn/snm/agent.conf

For Solaris 1.x:
-rw------- 1 root 2090 Oct 17 15:04 /etc/agent.conf

MIB

The following variables are read-only in the snmpd MIB:

sysName
atIfIndex
ipDefaultTTL

These variables are read-write in the standard MIB-II.

The snmpd MIB Address Translation tables support limited write access: only atPhysAddress may be written, either to change the physical address of an existing entry or to delete an entire ARP table entry.

The snmpd MIB IP Net to Media table supports limited write access: only ipNetToMediaPhysAddress and ipNetToMediaType may be written, either to change the physical address of an existing entry or to delete an entire ARP table entry.

The following variables are read-write in the snmpd MIB; however, these variables have fixed values. Any new values ``set'' to them are accepted, but have no effect:

ipRoutIfIndex
ipRouteMetric1
ipRouteMetric2
ipRouteMetric3
ipRouteMetric4
ipRouteType
ipRouteAge
ipRouteMask
ipRouteMetric5

The following snmpd MIB variable reflects the actual state of the related table entry. ``Sets'' are accepted but have no effect:

tcpConnState

The following snmpd MIB variables are readable, but return a fixed value:

ifInOctets

// Returns 0 ifInNUcastPkts // Returns 0

ifInDiscards

// Returns 0

ifInUnknownProtos

// Returns 0

ifOutOctets

// Returns 0

ifOutNUcastPkts

// Returns 0 ifOutDiscards // Returns 0

ipAdEntBcastAddr

// Returns 1 ipAdEntReasmMaxSiz // Returns 65535 ipRouteMetric1 // Returns -1 ipRouteMetric2 // Returns -1 ipRouteMetric3 // Returns -1 ipRouteMetric4 // Returns -1

ipRouteAge

// Returns 0 ipRouteMetric5 // Returns -1

ipNetToMediaType

// Returns (3) dynamic

ipRoutingDiscards

// Returns 0 udpInDatagrams // Returns 0

udpNoPorts

// Returns 0

udpOutDatagrams

// Returns 0

The system group reports statistics about a particular system (for example, a workstation or a printer).

sysDescr -A
textual description of the entity. This value should include the full name and version identification of the system's hardware type, software operating-system, and networking software. This value must only contain printable ASCII characters. (string[255])

sysObjectID -The
vendor's authoritative identification of the network management subsystem contained in the entity. This value is allocated within the SMI enterprises subtree (1.3.6.1.4.1) and provides an easy and unambiguous means for determining what type of equipment is being managed. For example, if vendor ``Flintstones, Inc.'' was assigned the subtree 1.3.6.1.4.1.4242, it could assign the identifier 1.3.6.1.4.1.4242.1.1 to its ``Fred Router.'' (objectid)

sysUpTime -Time
(in hundredths of a second) since the network management portion of the system was last reinitialized. (timeticks)

sysContact -The
textual identification of the contact person for this managed node, together with information on how to contact this person. (string[255])

sysName -An
administratively-assigned name for this managed node. By convention, this is the node's fullyqualified domain name. (string[255])

sysLocation -The
physical location of this node (for example, ``telephone closet, 3rd floor''). (string[255])

sysServices -A
value indicating the set of services that this entity primarily offers. (int)

The value is a sum. This sum initially takes the value zero. Then, for each layer L in the range 1 through 7 for which this node performs transactions, 2 raised to (L - 1) is added to the sum. For example, a node that performs primarily routing functions would have a value of 4 (2^(3-1)). In contrast, a node that is a host offering application services would have a value of 72 (2^(4-1) + 2^(7-1)). Note that in the context of the Internet suite of protocols, values should be calculated accordingly:

layer

functionality 1 physical (such as repeaters) 2 datalink/subnetwork (such as bridges) 3 internet (such as IP gateways) 4 end-to-end (such as IP hosts) 7 applications (such as mail relays) For systems including OSI protocols, Layers 5 and 6 may also be counted. The interfaces group reports the number of interfaces handled by the agent. ifNumber - The number of network interfaces, regardless of their current state, present on this system. (int) ifTable is a table of interface entries. The number of entries is given by the value of ifNumber. ifIndex - A unique value for each interface. Its value ranges between 1 and the value of ifNumber. The value for each interface must remain constant at least from one reinitialization of the entity's network management system to the next reinitialization. (int) ifDescr - A textual string containing information about the interface. This string should include the name of the manufacturer, the product name, and the version of the hardware interface. (string[255]) ifType - The type of interface, distinguished according to the physical/link protocol(s) immediately below the network layer in the protocol stack. (enum) ifMtu - The size of the largest datagram that can be sent/received on the interface, specified in octets. For interfaces used for transmitting network datagrams, this is the size of the largest network datagram that can be sent on the interface. (int) ifSpeed - An estimate of the interface's current bandwidth in bits-per-second. For interfaces that do not vary in bandwidth, or for those where no accurate estimation can be made, this object should contain the nominal bandwidth. (gauge) if1hysAddress - The interface's address at the protocol layer immediately below the network layer in the protocol stack. For interfaces without such an address (for example, a serial line), this object should contain an octet string of zero length. (octet[128]) ifAdminStatus - The desired state of the interface. The testing(3) state indicates that no operational packets can be passed. (enum) if OperStatus - The current operational state of the interface. The testing(3) state indicates that no operational packets can be passed. (enum) ifLastChange - The value of sysUpTime at the time the interface entered its current operational state. If the current state was entered prior to the last reinitialization of the local network management subsystem, then this object contains a zero value. (timeticks) ifInOctets - The total number of octets received on the interface, including framing characters. (counter) Returns a fixed value of 0. ifInUcastPkts - The number of subnetwork-unicast packets delivered to a higher-layer protocol. (counter) ifInNUcastPkts - The number of non-unicast (that is, subnetwork- broadcast or subnetwork-multicast) packets delivered to a higher-layer protocol. (counter) Returns a fixed value of 0. ifInDiscards - The number of inbound packets chosen to be discarded, even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. (counter) Returns a fixed value of 0. ifInErrors - The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. (counter) ifInUnknownProtos - The number of packets received via the interface that were discarded because of an unknown or unsupported protocol. (counter) Returns a fixed value of 0. ifOutOctets - The total number of octets transmitted out of the interface, including framing characters. (counter)

mask

network

255.0.0.0

class-A

255.255.0.0

class-B 255.255.255.0 class-C If the value of the ipRouteDest is 0.0.0.0 (a default route), then the mask value is also 0.0.0.0. It should be noted that all IP routing subsystems implicitly use this mechanism. (netaddress) ipRouteMetric5 - An alternate routing metric for this route. The semantics of this metric are determined by the routing-protocol specified in the route's ipRouteProto value. If this metric is not used, its value should be set to -1. (int) Returns a fixed value of -1. ipRouteInfo - A reference to MIB definitions specific to the particular routing protocol responsible for this route, as determined by the value specified in the route's ipRouteProto value. If this information is not present, its value should be set to the OBJECT IDENTIFIER { 0 0 }, which is a syntactically valid object identifier. Any conformant implementation of ASN.1 and BER must be able to generate and recognize this value. (objectid) ipNetToMediaTable is the IP Address Translation table used for mapping from IP addresses to physical addresses. ipNetToMediaIfIndex - The interface on which this entry's equivalence is effective. The interface identified by a particular value of this index is the same interface as identified by the same value of ifIndex. (int) ipNetToMediaPhysAddress - The media-dependent physical address. (octet[128]) ipNetToMediaNetAddress - The IpAddress corresponding to the media- dependent physical address. (netaddress) ipNetToMediaType - The type of mapping. (enum) Returns a fixed value of (3)dynamic. Setting this object to the value invalid(2) has the effect of invalidating the corresponding entry in the ipNetToMediaTable. That is, it effectively dissociates the interface identified with said entry from the mapping identified with said entry. It is an implementation-specific matter as to whether the agent removes an invalidated entry from the table. Accordingly, management stations must be prepared to receive tabular information from agents that corresponds to entries not currently in use. Proper interpretation of such entries requires examination of the relevant ipNetToMediaType object. The icmp group reports statistics about the ICMP group. icmpInMsgs - The total number of ICMP messages that the entity received. Note that this counter includes all those counted by icmpInErrors. (counter) icmpInErrors - The number of ICMP messages that the entity received but determined as having ICMP-specific errors (bad ICMP checksums, bad length, and the like.). (counter) icmpInDestUnreachs - The number of ICMP Destination Unreachable messages received. (counter) icmpInTimeExcds - The number of ICMP Time Exceeded messages received. (counter) icmpInParmProbs - The number of ICMP Parameter Problem messages received. (counter) icmpInSrcQuenchs - The number of ICMP Source Quench messages received. (counter) icmpInRedirects - The number of ICMP Redirect messages received. (counter) icmpInEchos - The number of ICMP Echo (request) messages received. (counter) icmpInEchoReps - The number of ICMP Echo Reply messages received. (counter) icmpInTimestamps - The number of ICMP Timestamp (request) messages received. (counter) icmpInTimestampReps - The number of ICMP Timestamp Reply messages received. (counter) icmpInAddrMasks - The number of ICMP Address Mask Request messages received. (counter) icmpInAddrMaskReps - The number of ICMP Address Mask Reply messages received. (counter) icmpOutMsgs - The total number of ICMP messages that this entity attempted to send. Note that this counter includes all those counted by icmpOutErrors. (counter) icmpOutErrors - The num

The snmp group reports statistics about the SNMP group. snmpInPkts - The total number of Messages delivered to the SNMP entity from the transport service. (counter) snmpOutPkts - The total number of SNMP Messages passed from the SNMP protocol entity to the transport service. (counter)
snmpInBadVersions - The total number of SNMP Messages delivered to the SNMP protocol entity that were for an unsupported SNMP version. (counter)
snmpInBadCommunityNames - The total number of SNMP Messages delivered to the SNMP protocol entity that used a SNMP community name not known to said entity. (counter) snmpInBadCommunityUses - The total number of SNMP Messages delivered to the SNMP protocol entity, which represented an SNMP operation not allowed by the SNMP community named in the Message. (counter) snmpInASNParseErrs - The total number of ASN.1 or BER errors encountered by the SNMP protocol entity when decoding received SNMP Messages. (counter) snmpInTooBigs - The total number of SNMP PDUs delivered to the SNMP protocol entity for which the value of the error-status field is ``tooBig.'' (counter) snmpInNoSuchNames - The total number of SNMP PDUs delivered to the SNMP protocol entity for which the value of the error-status field is ``noSuchName.'' (counter)
snmpInBadValues - The total number of SNMP PDUs delivered to the SNMP protocol entity for which the value of the error-status field is ``badValue.'' (counter)
snmpInReadOnlys - The total number valid SNMP PDUs delivered to the SNMP protocol entity for which the value of the error-status field is ``readOnly.'' It should be noted that it is a protocol error to generate an SNMP PDU that contains the value ``readOnly'' in the error-status field. This object is provided as a means of detecting incorrect implementations of the SNMP. (counter)
snmpInGenErrs - The total number of SNMP PDUs delivered to the SNMP protocol entity for which the value of the error-status field is ``genErr.'' (counter) snmpInTotalReqVars - The total number of MIB objects successfully retrieved by the SNMP protocol entity as the result of receiving valid SNMP Get-Request and Get-Next PDUs. (counter)
snmpInTotalSetVars - The total number of MIB objects successfully altered by the SNMP protocol entity as the result of receiving valid SNMP Set-Request PDUs. (counter)
snmpInGetRequests - The total number of SNMP GetRequest PDUs accepted and processed by the SNMP protocol entity. (counter)
snmpInGetNexts - The total number of SNMP Get-Next PDUs accepted and processed by the SNMP protocol entity. (counter)
snmpInSetRequests - The total number of SNMP SetRequest PDUs accepted and processed by the SNMP protocol entity. (counter)
snmpInGetResponses - The total number of SNMP GetResponse PDUs accepted and processed by the SNMP protocol entity. (counter)
snmpInTraps - The total number of SNMP Trap PDUs accepted and processed by the SNMP protocol entity. (counter)
snmpOutTooBigs - The total number of SNMP PDUs generated by the SNMP protocol entity for which the value of the error-status field is ``tooBig.'' (counter) snmpOutNoSuchNames - The total number of SNMP PDUs generated by the SNMP protocol entity for which the value of the error-status is ``noSuchName.'' (counter) snmpOutBadValues - The total number of SNMP PDUs generated by the SNMP protocol entity for which the value of the error-status field is ``badValue.'' (counter) snmpOutGenErrs - The total number of SNMP PDUs generated by the SNMP protocol entity for which the value of the error-status field is ``genErr.'' (counter) snmpOutGetRequests - The total number of SNMP GetRequest PDUs which have been generated by the SNMP protocol entity. (counter)
snmpOutGetNexts - The total number of SNMP Get-Next PDUs generated by the SNMP protocol entity. (counter) snmpOutSetRequests - The total number of SNMP SetRequest PDUs generated by the SNMP protocol entity. (counter)
snmpOutGetResponses - The total number of SNMP GetResponse PDUs generated by the SNMP protocol entity. (counter)
snmpOutTraps - The total number of SNMP Trap PDUs generated by the SNMP protocol entity. (counter) snmpEnableAuthenTraps - Indicates whether the SNMP agent process is permitted to generate authentication failure traps. The value of this object overrides any configuration information. As such, it provides a means whereby all authentication-failure traps may be disabled. (enum)
Note that this object must be stored in non-volatile memory, so that it remains constant between reinitializations of the network management system.
The following are Sun-specific group and table definitions.

The sunSystem group reports general system information. agentDescr - The SNMP agent's description of itself. (string[255])
hostID - The unique Sun hardware identifier. The value returned is four byte binary string. (octet[4]) motd - The first line of /etc/motd . (string[255]) unixTime - The UNIX system time. Measured in seconds since January 1, 1970 GMT. (counter) The sunProcessTable table reports UNIX process table information. psProcessID - The process identifier for this process. (int)
psParentProcessID - The process identifier of this process's parent. (int)
psProcessSize - The combined size of the data and stack segments (in kilobytes.) (int)
psProcessCpuTime - The CPU time (including both user and system time) consumed so far. (int) psProcessState - The run-state of the process. (octet[4])

R

Runnable

T

Stopped

P

In page wait

D

Non-interruptable wait

S

Sleeping (less than 20 seconds)

I

Idle (more than 20 seconds)

Z

Zombie psProcessWaitChannel - Reason process is waiting. (octet[16]) psProcessTTY - Terminal, if any, controlling this process. (octet[16]) psProcessUserName - Name of the user associated with this process. (octet[16]) psProcessUserID - Numeric form of the name of the user associated with this process. (int) psProcessName - Command name used to invoke this process. (octet[64]) psProcessStatus - Setting this variable will cause a signal of the set value to be sent to the process. (int) The sunHostPerf group reports hostperf information. rsUserProcessTime - Total number of timeticks used by user processes since the last system boot. (counter) rsNiceModeTime - Total number of timeticks used by ``nice'' mode since the last system boot. (counter) rsSystemProcessTime - Total number of timeticks used by system processes since the last system boot. (counter) rsIdleModeTime - Total number of timeticks in idle mode since the last system boot. (counter) rsDiskXfer1 - Total number of disk transfers since the last boot for the first of four configured disks. (counter) rsDiskXfer2 - Total number of disk transfers since the last boot for the second of four configured disks. (counter) rsDiskXfer3 - Total number of disk transfers since the last boot for the third of four configured disks. (counter) rsDiskXfer4 - Total number of disk transfers since the last boot for the fourth of four configured disks. (counter) rsVPagesIn - Number of pages read in from disk. (counter) rsVPagesOut - Number of pages written to disk. (counter) rsVSwapIn - Number of pages swapped in. (counter) rsVSwapOut - Number of pages swapped out. (counter) rsVIntr - Number of device interrupts. (counter) rsIfInPackets - Number of input packets. (counter) rsIfOutPackets - Number of output packets. (counter) rsIfInErrors - Number of input errors. (counter) rsIfOutErrors - Number of output errors. (counter) rsIfCollisions - Number of output collisions. (counter)

select(2) failed
A select(2) system call failed. The rest of the message indicates the cause of the failure.

sendto(2) failed
A sendto(2) system call failed. The rest of the message indicates the cause of the failure.

recvfrom(2) failed
A recvfrom(2) system call failed. The rest of the message indicates the cause of the failure.

no response from system
The SNMP agent on the target system does not respond to SNMP requests. This error might indicate that the SNMP agent is not running on the target system, the target system is down, or the network containing the target system is unreachable.

response too big
The agent could not fit the results of an operation into a single SNMP message. Split large groups or tables into smaller entities.

missing attribute
An attribute is missing from the requested group.

bad attribute type
An object attribute type received from the SNMP agent that does not match the attribute type specified by the proxy agent schema. The rest of the message indicates the expected type and received type.

cannot get sysUpTime
The proxy agent cannot get the variable sysUpTime from the SNMP agent.

sysUpTime type bad
The variable sysUpTime received from the SNMP agent has the wrong data type.

unknown SNMP error
An unknown SNMP error was received.

bad variable value
The requested specified an incorrect syntax or value for a set operation.

variable is read only
The SNMP agent did not perform the set request because a variable to set may not be written.

general error
A general error was received.

cannot make request PDU
An error occurred building a request PDU.

cannot make request varbind list
An error occurred building a request variable binding list.

cannot parse response PDU
An error occurred parsing a response PDU.

request ID - response ID mismatch
The response ID does not match the request ID.

string contains non-displayable characters A displayable string contains non-displayable characters.

cannot open schema file
An error occurred opening the proxy agent schema file.

cannot parse schema file
The proxy agent couldn't parse the proxy agent schema file.

cannot open host file
An error occurred opening the file associated with the na.snmp.hostfile keyword in /etc/opt/SUNWconn/snm/snm.conf for Solaris 2.x and /etc/snm.conf for Solaris 1.x.

cannot parse host file
The proxy agent was unable to parse the file associated with the na.snmp.hostfile keyword in /etc/opt/SUNWconn/snm/snm.conf for Solaris 2.x and /etc/snm.conf for Solaris 1.x.

attribute unavailable for set operations
The set could not be completed because the attribute was not available for set operations.

BUGS

snmpd does not return a MAC address for the SBUS FDDI interface (for example, ``bf0'').

Process names retrieved from snmpd contain a leading blank space.

When you change attribute values in the system group with an SNMP set request, the change is effective only as long as snmpd is running. snmpd does not save the changes to /etc/opt/SUNWconn/snm/snmpd.conf for Solaris 2.x or /etc/snmpd.conf for Solaris 1.x.

Table of Contents

• NAME
• SYNOPSIS
• DESCRIPTION
• OPTIONS
• FILES
• INSTALLATION
• SECURITY
• MIB
• ATTRIBUTES
• ERRORS
• BUGS