Purpose
Defines a
sample configuration file for the snmpdv3 agent.
Description
An entry
must be contained on one line (i.e., the newline character will be
treated as the end of an entry) All of the entry definitions require
that all fields on the entry are specified, either with a specific
value or a dash (-) to denote the default value. If an error is detected
processing an entry and no appropriate default value can be assumed,
the entry will be discarded. Statements in the file are not order-dependent.
However, if more than one DEFAULT_SECURITY statement is found, the
last one in the file is the one that is used.
General Usage Rules
- All values for an entry must be on the same line.
- All keys need to be regenerated using the pwtokey command in order
for these sample entries to actually be used.
- In this sample, keys are generated for use with engine ID 00000002000000000943714F.
- Authentication keys were generated with password of username
+ password, such as u1password.
- Privacy keys were generated with password of username
+ privpass, such as u1privpass.
- Entries defined to use encryption support, which is available
only as a separately orderable feature on the base AIX® product, are included
below but commented out.
Comments may be entered in the
snmpdv3.conf file,
with the following restrictions:
- Comments must begin with the pound sign (#) or asterisk (*).
- Comments must begin in column 1. This allows the pound sign and
asterisk to be used in names of users, views, etc.
- USM_USER entries
- Defines a user for the User-based Security Model (USM). Format
is:
userName engineID authProto authKey privProto privKey keyType storageType
where - userName
- Indicates the name of the user for the User-based Security Model
(USM) and must be unique to the SNMP agent. The userName is
used as the security name for the User-based Security Model. The contents
of this field will be used as the securityName value for other
entries (such as the VACM_GROUP entry) when the securityModel is USM.
Valid value is:
- An octet string of 1 to 32 octets (characters).
There is no default value.
- engineID
- Indicates the engineID of the authoritative side of the
message. The engineID for the AIX SNMP agent is determined
at agent initialization. It is either read in from the SNMPD.BOOTS file or it is generated automatically and stored in the SNMPD.BOOTS file. It can be retrieved dynamically by issuing a get request
for object snmpEngineID. For get, getbulk, set, response, and trap messages, the authoritative
side is the SNMP agent. For inform messages, the authoritative side
is the notification receiver.
Note: The engineID is defined
in RFC 2271.
Valid values are: - An octet string of 1 to 32 octets (2 to 64 hex digits).
- A '-' (dash) indicates the default value.
The default value is the local SNMP agent's engineID.
- authProto
- Indicates the authentication protocol to be used on authenticated
messages on behalf of this user. Valid values are:
- HMAC-MD5 - indicates HMAC-MD5.
- HMAC-SHA - indicates HMAC-SHA.
- none - indicates no authentication is
to be done.
- '-' (dash) - indicates the default value.
A The default value is HMAC-MD5 (if an authentication key is
specified; if no authentication key is specified, no authentication
can be done for messages to/from this user).
- authKey
- Indicates the authentication key to be used in authenticating
messages on behalf of this user. This field will be ignored when authProto is specified as none. The keyType field will indicate whether the key is localized or non-localized.
Valid values are:
- An octet string of 16 bytes (32 hex digits) when authProto is
HMAC-MD5.
- An octet string of 20 bytes (40 hex digits) when authProto is
HMAC-SHA.
- A '-' (dash) indicates the default.
The default value is no key, indicating no authentication.
- privProto
- Indicates the privacy protocol to be used on encrypted messages
on behalf of this user. Privacy can be requested only if authentication
is also requested. If authentication is not requested, this field
is ignored. Valid values are:
- DES - indicates CBC-DES (only with the additional encryption
product).
- none - indicates no privacy.
- A '-' (dash) indicates default.
The default value is no privacy. No encryption will be done
on messages to/from this user.
- privKey
- The privacy key to be used in authenticating messages to and from
this user. This field will be ignored when privProto is specified
or defaulted as none. The keyType field will
indicate whether the key is localized or non-localized. Privacy can
be requested only if authentication is also requested. If authentication
is not requested, this field is ignored. The privacy key and the authentication
key are assumed to have been generated using the same authentication
protocol (HMAC-MD5 or HMAC-SHA). Valid values are:
- An octet string of 16 bytes (32 hex digits) if the key is localized
or if the key is non-localized and the authProto is HMAC-MD5.
- An octet string of 20 bytes (40 hex digits) if the key is non-localized
and the authProto is HMAC-SHA.
- The '-' (dash) indicates default.
Default value is no key, indicating no encryption.
- keyType
- Indicates whether the keys defined by authKey and privKey are
localized or non-localized. Localized indicates that they have been
generated with the appropriate engineID making the key usable only
at one snmpEngine. Non-localized indicates the key may be used at
different snmpEngines. The authKey and privKey, if both
are specified, must both be localized or both be non-localized. This
field is ignored if no authentication or privacy is requested. Valid
values are:
- L - indicates keys are localized.
- N - indicates keys are non-localized.
- '-' (dash) indicates default Default value is localized.
- storageType
- Indicates the type of storage in which this definition is to be
maintained. StorageTypes are defined in RFC1903. Valid values
are:
- nonVolatile - indicates the entry definition will persist
across reboots of the SNMP agent, but it can, however, be changed
or even deleted by dynamic configuration requests.
- permanent - indicates the entry definition will persist
across reboots of the SNMP agent; it can be changed but not deleted
by dynamic configuration requests
- readonly - indicates the entry definition will persist
across reboots of the SNMP agent; it cannot be changed or deleted
by dynamic configuration requests. readOnly is not permitted
if the authentication protocol is not 'none' (because keys must be
changeable per RFC 2274 definition of usmUserStorageType) .
- '-' (dash) - indicates default.
Default value is non-volatile.
- VACM_GROUP entries
- Defines a security group (made up of users or communities) for
the View-based Access Control Model (VACM). Format is:
groupName securityModel securityName storageType
where:
- groupName
- Indicates the group name for the View-based Access Control Model
(VACM) and must be unique to the SNMP agent. Valid value is:
- An octet string of 1 to 32 octets (characters).
There is no default value.
- securityModel
- Indicates the SNMP security model for this entry. When an SNMP
message comes in, the securityModel together with the securityName are used to determine to which group the
user (or community) represented by the securityName belongs.
Valid values are: 'SNMPv1' - indicates community-based security
using SNMPv1 message processing. 'SNMPv2c' - indicates community-based
security using SNMPv2c message processing. 'USM' - indicates User-based
Security Model. A '-' (dash) - indicates default. Default value is
'USM'.
- securityName
- Indicates a member of this group. For community-based security,
it will be a community name. For the User-based Security Model, it
will be a user name. Valid values are:
- An octet string of 1 to 32 octets (characters) indicating a USM
userName when securityModel is USM.
- An octet string of 1 to 32 octets (characters) indicating a community
Name when securityModel is 'SNMPv1' or 'SNMPv2c'.
There is no default value.
- StorageType
- As defined above on the USM_USER definition.
- VACM_VIEW entries
- Defines a particular set of MIB data, called a view, for the View-based
Access Control Model. Format is:
viewName viewSubtree viewMask viewType storageType
where: - viewName
- Indicates the textual name of the view for the View-based Access
Control Model. View names do not need to be unique. Multiple entries
with the same name together define one view. However, the viewname, together with the subtree object ID, must be unique to an
SNMP engine. Valid values are:
- An octet string of 1 to 32 octets (characters).
There is no default value.
- viewSubtree
- Indicates the MIB object prefix of the MIB objects in the view.
Valid values are:
- An object id of up to 128 sub-OIDs.
- A textual object name (or object prefix).
- A combination of textual object name followed by numeric sub-OIDs.
The name must be found within the compiled MIB or in the logical extension
to the MIB, the MIBS.DATA file.
There is no default value.
- viewMask
- Indicates a mask that specifies which of the sub-OIDs in the
subtree are relevant. See RFC2275 for a definition of the viewMask.
Valid values are:
- A hex string of up to 16 octets (up to 128 bits) where each bit
indicates whether or not the corresponding sub-OID in the subtree
is relevant.
- A '-' (dash) - indicates default.
The default value is a mask of all (meaning all sub-OIDs are
relevant).
- viewType
- Indicates the type of the view definition. Valid values are:
- included - indicating the MIB objects identified by this
view definition are within the view.
- excluded - indicating the MIB objects identified by this
view definition are excluded from the view.
- A '-' (dash) - indicates default.
The default value is included.
- storageType
- As defined above on the USM_USER definition.
- VACM_ACCESS entries
- Identifies the access permitted to different security groups for
the View-based Access Control Model.Format is:
groupName contextPrefix contextMatch securityLevel, securityModel
readView writeView notifyView storageType
where: - groupName
- Indicates the group name for the View-based Access Control Model
(VACM) for which access is being defined. Valid values are:
- An octet string of 1 to 32 octets (characters).
There is no default value.
- contextPrefix
- Indicates an octet string to be compared with the incoming contextName
if the value specified for the contextMatch field is prefix. Note, however, that the SNMP agent in AIX supports MIB objects
in only the local (null) context. Valid values are:
- An octet string of 1 to 32 octets (characters).
- A '-' (dash) - indicates default.
The default value is the null context ("").
- contextMatch
- Indicates whether the incoming contextName must be compared
with (and match exactly) the entire contextName or whether
only the first part of the contextName (up to the length of
the indicated value of the contextPrefix) must match. Valid
values are:
- exact - indicates entire contextName must match.
- prefix - indicates only the prefix of the contextName must match.
- A '-' (dash) - indicates the default.
The default value is exact.
- securityLevel
- Indicates the securityLevel for this entry. Used in determining
which access table entry to use. Valid values are:
- noAuthNoPriv or 'none' - indicates no
authentication or privacy protocols applied.
- AuthNoPriv or 'auth' - indicates authentication
protocols applied but no privacy protocol is applied.
- AuthPriv or 'priv' - indicates both authentication
and privacy protocols applied (If the additional encryption pack is
not applied, this level can be configured but cannot actually be used).
- A '-' (dash) - indicates default.
The default value is noAuthNoPriv.
- securityModel
- Indicates the SNMP security model for this entry. Used in determining
which access table entry to use. Valid values are:
- SNMPv1 - indicates community-based security using SNMPv1
message processing.
- SNMPv2c - indicates community-based security using SNMPv2c
message processing.
- USM - indicates User-based Security Model.
- A '-' (dash) - indicates default.
The default value is USM.
- readView
- Indicates the name of the view to be applied when read operations
(get, getnext, getbulk) are performed under control
of this entry in the access table. Valid values are:
- An octet string of 1 to 32 octets (characters) identifying a view
defined by a VACM_VIEW definition.
- A '-' (dash) - indicates default.
The default value is no view; no readView defined for
members of this group.
- writeView
- Indicates the name of the view to be applied when write operations
(set) are performed under control of this entry in the access table.
Valid values are:
- An octet string of 1 to 32 octets (characters) identifying a view
defined by a VACM_VIEW definition.
- A '-' (dash) - indicates default.
The default value is no view; no writeView defined for
members of this group.
- notifyView
- Indicates the name of the view to be applied when notify operations
(traps or informs) are performed under control of this
entry in the access table. Valid values are:
- An octet string of 1 to 32 octets (characters) identifying a view
defined by a VACM_VIEW definition.
- A '-' (dash) - indicates default.
Default value is no view; no notifyView defined for members
of this group
- NOTIFY entries
- Identifies management targets to receive notifications. Format
is:
notifyName tag type storageType
where:
- notifyName
- Is a locally unique identifier for this notify definition. Valid
values are:
- An octet string of 1 to 32 octets (characters)
There is no default value.
- tag
- Indicates a tag value to be compared with the values in the tagLists defined in the snmpTargetAddrTable (either on
TARGET_ADDRESS entries or via dynamic configuration). For each match
of this tag with a value in the tagLists defined in the snmpTargetAddrTable), a notification may be sent. See RFC2273
for a definition of SnmpTagValue. Valid values are:
- An octet string of 1 to 255 octets (characters). No delimiters
are allowed.
- A '-' indicates the default.
Default value is no tag value.
- type
- Indicates which type of notification should be generated. Valid
values are:
- trap - an unconfirmed notification; notification sent with trap PDUs.
- A '-' (dash) - indicates the default.
Default value is trap.
- TARGET_ADDRESS
- Defines a management application's address and parameters to be
used in sending notifications. Format is:
targetAddrName tDomain tAddress tagList targetParams timeout retryCount storageType
where: - targetAddrName
- Indicates a locally unique identifier for this target address
definition. Valid values are:
- An octet string of 1 to 32 octets (characters).
There is no default value.
- tDomain
- Indicates the transport type of the address indicated by tAddress. Valid values are:
- UDP - for UDP datagrams.
- A '-' (dash) - for the default value.
Default value is UDP.
- tAddress
- Indicates the transport address to which notifications are sent.
Valid values are:
- A 1- to 21- octet string indicating the IP address and optionally
the UDP port.
Form is ip_address:port
IP address must
be specified as a.b.c.d where a, b, c and d are in the range of 0
to 255. The port, if specified, must be in the range of 1 to 65535.
Example: 9.37.84.48:162
The IP address may
not be defaulted, but the port, if not specified, will default to
162.
- tagList
- Indicates a list of tag values which are used to select target
addresses for a notification operation. RFC2273 contains the complete
definition of SnmpTagList and SnmpTagValue. The AIX implementation accepts
as valid values:
- An octet string of 1 to 255 octets (characters). No delimiters
are allowed.
- '-' indicates the default.
The default value is an empty list.
- targetParams
- Indicates a TARGET_PARAMETERS paramsName value that indicates
which security and message processing is to be used in sending notifications
to this target. Valid values are:
- An octet string of 1 to 32 octets (characters)
There is no default value.
- timeout
- Indicates the expected maximum round trip time for communicating
with this target address (in 1/100ths of a second). timeout is used only for inform type notifications; it is not used for traps.
Valid values are:
- An integer in the range of (0..2147483647) specifying the number
of hundredths of a second for the timeout. Note, however, that this
value is not used for notifications of type trap.
- '-' (dash) indicating the default.
Default value is 0, meaning no timeout value.
- retryCount
- Indicates the number of retries to be attempted when a response
is not received for a generated message. retryCount is used
only for inform type notifications; it is not used for traps. Valid
values are:
- An interger in the range of (0 to 255), indicating the number
of retries to be attempted. Note, however, that this value is not
used for notifications of type trap.
- A '-' (dash) indicating the default.
Default value is 0, meaning no retry.
- TARGET_PARAMETERS
- Defines the message processing and security parameters to be
used in sending notifications to a particular management target. Format
is:
paramsName mpModel securityModel securityName securityLevel storageType
where: - paramsName
- A locally unique identifier for this target parameters definition.
Valid values are:
- An octet string of 1 to 32 octets (characters).
There is no default value.
- mpModel
- The message processing model to be used in sending notifications
to targets with this parameter definition. Valid values are:
- SNMPv1 - indicates SNMPv1.
- SNMPv2c - indicates SNMPv2c.
- SNMPv3 - indicates SNMPv3.
There is no default value.
- securityModel
- Indicates the security model to be used in sending notifications
to targets with this parameter definition. Valid values are:
- SNMPv1 indicates SNMPv1.
- SNMPv2c Indicates SNMPv2c.
- USM indicates User-based Security Model.
There is no default value.
- securityName
- Ientifies the principal (user or community) on whose behalf SNMP
messages will be generated using this parameter definition. For community
based security, this would be a community name. For USM, this would
be a user name. Valid values are:
- An octet string of 1 to 32 octets (characters).
There is no default value.
- securityLevel
- Idicates the security level to be used in sending notifications
to targets with this parameter definition. Valid values are:
- noAuthNoPriv or none - indicates no authentication
or privacy. protocols applied.
- AuthNoPriv or auth - indicates authentication protocols
applied but no privacy protocol is applied.
- AuthPriv or priv - indicates both authentication
and privacy protocols applied. (If the additional encryption pack
is not applied, this level can be configured, but not actually used.)
- '-' (dash) - indicates default.
Default value is noAuthNoPriv.
- NOTIFY_FILTER_PROFILE
- Associates a notification filter profile with a particular set
of target parameters. The format of this parameter is as follows:
targetParamsName profileName storageType
The following
list explains the meaning of the variables in the previous format: - targetParamsName: Defines the message processing and security
parameters to be used in sending notifications to a particular management
target.
- profileName: A locally unique identifier for this profile
name definition. The valid value for this parameter must be an octet
string of 1 through 32 octets (characters). No default value is defined
for this parameter.
- storageType: Indicates the type of storage in which this
definition is to be maintained.
- NOTIFY_FILTER
- Determines whether particular management targets receive particular
notifications. The format of this parameter is as follows:
profileName filterSubtree filterMask filterType storageType
The following list explains the meaning of the variables in the NOTIFY_FILTER parameter's format: - profileName: A locally unique identifier for this profile
name definition. The valid value for this parameter must be an octet
string of 1 through 32 octets (characters). No default value is defined
for this parameter.
- filterSubtree: Indicates the MIB subtree. When the filterSubtree parameter is combined with the corresponding instance of snmpNotifyFilterMask, it defines a family of subtrees that are included in, or excluded
from, the filter profile. The following values are valid:
- An object ID of up to 128 sub-object IDs
- A textual object name (or object prefix)
- A combination of textual object name followed by numeric sub-object
IDs
The name must be found within the compiled MIB or in the logical
extension to the MIB, the MIBS.DEFS file. There is no default
value.
- filterMask: Indicates the bit mask in combination with
the corresponding instance of snmpNotifyFilterSubtree. This
parameter defines a family of subtrees that are included in, or excluded
from, the filter profile. The valid values must be an octet string
of 0 through 16 octets. The default value is an octet string with
a length of zero.
- filterType: Indicates the type of the filter definition.
The following values are valid:
- included: Indicates the family of filter subtrees defined
by this entry that are included in a filter.
- excluded: Indicates the family of filter subtrees defined
by this entry that are excluded from a filter.
- - (dash): Indicates the default value.
The default value for this parameter is included.
- storageType: Indicates the type of storage in which this
definition is to be maintained.
- COMMUNITY
- Defines a community for community-based security. Format is:
communityName securityName securityLevel netAddr netMask storageType
where: - communityName
- Indicates a community name for community-based security (SNMPv1
or # SNMPv2c). Valid values are:
- An octet string of 1 to 32 octets (characters).
There is no default value.
- securityName
- Indicates a securityName defined for this communityName. The securityName is the more generic term for the principal
(user or community) for which other entries, such as VACM_GROUP and
TARGET_PARAMETERS, are defined. Typically, the securityName would match communityName or, at least, there would be a
one-to-one correspondence between securityName and communityName. (Until the community MIB support is implemented, the community
name must match the securityName exactly.) Valid values are:
- An octet string of 1 to 32 octets (characters).
- '-' (dash) - indicates default.
The default value is securityName equal to the specified communityName.
- securityLevel
- Indicates the security level to be applied when processing incoming
or outgoing messages with this community name.
Note: When the
communityMIB is implemented,
authNoPriv will also be a
valid level of security, but at the moment, it will be rejected because
there is no way to store a
securityLevel to be associated with
a
communityName. When that happens, the following will be added
to the list of valid values below:
- authNoPriv or auth - indicates authentication protocols
applied.
Note that no additional authentication checking is done by specifying
auth. Authentication still involves verifying that the community
name is being used by an IP address for which it has been defined
and using the views defined for that entry. However, allowing the
specification of
auth here does allow the system administrator
to define a different set of views to be used if the same community
name is defined with two different
securityNames (each with
a different securityLevel)
Valid values are: - noAuthNoPriv or none - indicates
no authentication or privacy protocols applied.
- '-' (dash) - indicates default.
Default value is noAuthNoPriv. Encryption is not supported
on SNMPv1/SNMPv2c messages.
- netAddr
- A network address indicating the range of addresses for which
this community name might be used. The following values are valid:
- An IPv4 network address in the form of a.b.c.d, where a, b, c, and d are in the range of 0 through 255. However,
not all of the four octets are required. Also, 255.255.255.255 is
not a valid network address.
- An IPv6 network address.
- netMask
- An IP address mask to be logically ANDed with the origin address
of the incoming SNMP message. If the resulting value equals the value
specified for netAddr, the incoming message is accepted. The
following values are valid:
- A network address in the form of a.b.c.d, where
a, b, c, and d are in the range of 0 through 255. However, not all
of the four octets are required.
- A prefix length in the range of 0 through 128 for IPv6 address.
There is no default value.
- storageType
- As defined above on the USM_USER definition (Note, until
the community MIB is implemented, storage type values other than readOnly will be treated as readOnly; i.e., they cannot
be changed dynamically.)
- DEFAULT_SECURITY
- Identifies the default security posture to be configured for the
SNMP agent; additional security definitions defined by the use of
the preceding eight entry definition types augment any default security
configurations defined as a result of the DEFAULT_SECURITY statement.
Format is:
securityPosture password privacy
where: - securityPosture
- Indicates the default security posture to be configured for the
SNMP agent, as defined by Appendix A of RFC 2275 (and outlined below).
Valid values are:
- minimum-secure - indicates the SNMP agent will be configured
with the least secure default configurations
- semi-secure- indicates the SNMP agent will be configured
with moderately secure default configurations.
- no-access - indicates the SNMP agent will be configured
with no default configurations.
The default value is no-access.
- password
- Indicates the password to be used to generate authentication and
privacy keys for user 'initial' In the case that no-access is
specified as the securityPosture, this keyword is ignored.
Valid values are:
- An octet string of 8 to 255 octets (characters).
- '-' (dash) - indicating the default.
Default value is no password. Default only accepted if securityPosture is no-access.
- privacy
- Indicates whether or not encryption is to be supported for messages
on behalf of user 'initial'. Valid values are:
- Yes - indicates privacy is supported for
user 'initial' (only with the additional encryption product).
- No - indicates privacy is not supported
for user initial.
- '-' (dash) - indicates default value.
Default value is no. If no-access is
selected as the security posture, this value will be ignored.
Default security definitions based on the selected
security posture:
- no-access
- No initial configurations are done.
- semi-secure
- The default (null) context is configured. If privacy is not requested,
a default user is configured as if the following USM_USER entry had
been specified. USM_USER initial- HMAC-MD5 none - N permanent where
### indicates the key generated from the password specified on the
DEFAULT_SECURITY entry. If privacy is requested (and available with
the additional encryption product) , a default user is configured
as if the following USM_USER entry had been specified: USM_USER initial
- HMAC-MD5 ### DES ### N permanent where ### indicates the key generated
from the password specified on the DEFAULT_SECURITY entry.
A default group is configured as if the following VACM_GROUP
entry had been specified:
VACM_GROUP initial USM initial readOnly. Three default access entries are configured as if the
following VACM_ACCESS entries had been specified:
VACM_ACCESS initial - exact none. USM restricted - restricted readOnly.
VACM_ACCESS initial - exact auth. USM internet internet internet readOnly
VACM_ACCESS initial - exact priv USM internet internet internet readOnly
Two default MIB views are configured as if the following
VACM_VIEW entries .had been specified:
VACM_VIEW internet internet - included readOnly
VACM_VIEW restricted system - included readOnly
VACM_VIEW restricted snmp - included readOnly
VACM_VIEW restricted snmpEngine - included readOnly
VACM_VIEW restricted snmpMPDStats - included readOnly
VACM_VIEW restricted usmStats - included readOnly
- minimum-secure
- The default (null) context is configured. If privacy is not requested,
a default user is configured as if the following USM_USER entry had
been specified. : USM_USER initial - HMAC-MD5 ### none - N permanent
where ### indicates the key generated from the password specified
on the DEFAULT_SECURITY entry.
If privacy is requested (and available with the additional
encryption product) , a default user is configured as if the following
USM_USER entry had been specified: USM_USER initial - HMAC-MD5 ###
DES ### N permanent where ### indicates the key generated from the
password specified on the DEFAULT_SECURITY entry.
A default
group is configured as if the following VACM_GROUP entry had been
specified: VACM_GROUP initial USM initial readOnly.
Three default access entries are configured as if the following VACM_ACCESS
entries had been specified:
VACM_ACCESS initial - exact none USM restricted - restricted readOnly
VACM_ACCESS initial - exact auth USM internet internet internet readOnly
VACM_ACCESS initial - exact priv USM internet internet internet
- readOnly
- Two default MIB views are configured as if the following VACM_VIEW
entries had been specified:
VACM_VIEW internet internet - included readOnly
VACM_VIEW restricted internet - included readOnly
- logging
- Directs logging from the configuration file. Format is:
logging file=</path/filename> enabled|disabled
logging size=<limit> level=<debug level>
There can be no white spaces around the "=" in the file, size and
level fields where </path/filename> specifies the complete path
and filename of the log file. Valid values are: An octet string of
1 to 255 octets (characters). Default value is /var/tmp/snmpdv3.log enabled|disabled. Valid values are: 'enabled' - turns logging on;
'disabled' - turns logging off. Default value is 'enabled'.
- <limit>
- Specifies the maximum size in bytes of the specified logfile Valid values are: '0' - meaning unlimited. An unsigned integer number
in the unit of byte. Default value is 0.
- <debug level>
- specifies the logging level. Valid values are: # 0, 1, 2, 3, or
4 Default value is 0.
logging file=/usr/tmp/snmpdv3.log enabled
logging size=0 level=0
- smux entry
- Sets the SMUX peer configuration parameters # Format is:
smux <client OIdentifier> <password> <address> <netmask>
Fields to the right of <client OIdentifier> are optional, with
the limitation that no fields to the left of a specified field are
omitted. Where <client OIdentifier> defines the unique object identifer
in dotted decimal notation of the SMUX peer client. Valid values are:
An unique object identifer in dotted decimal notation up to 128 sub-OIDs
of that SMUX peer. There is no default value.
- <password>
- Specifies the password that snmpd requires from the SMUX
peer client to authenticate the SMUX association. If no password is
specified, there is no authentication for the SMUX association. Valid
values are: An octet string of 8 to 255 octets (characters). Default
value is null string
- <address>
- Identifies the host on which the SMUX peer client is running.
The following values are valid:
- A host name of 1 through 80 characters or an IPv4 address that
must be specified in the format of a.b.c.d, where
a, b, c, and d are in the range of 0 through 255
- An IPv6 address.
The default value of the <address> member is 127.0.0.1
- <netmask>
- Specifies the network mask. Valid values are: network mask must
be specified as a.b.c.d where a, b, c and d are in the range of 0
to 255. Default value is 255.255.255.255.
smux 1.3.6.1.4.1.2.3.1.2.1.2 gated_password # gated
Any SNMP agent configuration entries added
by dynamic configuration (SET) requests get added to the end of the snmpdv3.conf file.