###############################################################################

#

# EXAMPLE.conf:

# An example configuration file for configuring the Net-SNMP agent ('snmpd')

# See the 'snmpd.conf(5)' man page for details

#

# Some entries are deliberately commented out, and will need to be explicitly activated

#

###############################################################################

#

# AGENT BEHAVIOUR

#


# Listen for connections from the local system only

agentAddress udp:*.*.*.*:161

# Listen for connections on all interfaces (both IPv4 *and* IPv6)

#agentAddress udp:161,udp6:[::1]:161




###############################################################################

#

# SNMPv3 AUTHENTICATION

#

# Note that these particular settings don't actually belong here.

# They should be copied to the file /var/lib/snmp/snmpd.conf

# and the passwords changed, before being uncommented in that file *only*.

# Then restart the agent


# createUser authOnlyUser MD5 "remember to change this password"

# createUser authPrivUser SHA "remember to change this one too" DES

# createUser internalUser MD5 "this is only ever used internally, but still change the password"


# If you also change the usernames (which might be sensible),

# then remember to update the other occurances in this example config file to match.




###############################################################################

#

# ACCESS CONTROL

#


# system + hrSystem groups only

view systemonly included .1.3.6.1.2.1.1

view systemonly included .1.3.6.1.2.1.25.1


# Full access from the local host

#rocommunity public localhost

# Default access to basic system info

# rocommunity public default -V systemonly

rocommunity public default


# Full access from an example network

# Adjust this network address to match your local

# settings, change the community string,

# and check the 'agentAddress' setting above

#rocommunity secret 10.0.0.0/16


# Full read-only access for SNMPv3

rouser authOnlyUser

# Full write access for encrypted requests

# Remember to activate the 'createUser' lines above

#rwuser authPrivUser priv


# It's no longer typically necessary to use the full 'com2sec/group/access' configuration

# r[ou]user and r[ow]community, together with suitable views, should cover most requirements




###############################################################################

#

# SYSTEM INFORMATION

#


# Note that setting these values here, results in the corresponding MIB objects being 'read-only'

# See snmpd.conf(5) for more details

sysLocation Sitting on the Dock of the Bay

sysContact Me <me@example.org>

# Application + End-to-End layers

sysServices 72



#

# Process Monitoring

#

# At least one 'mountd' process

proc mountd

# No more than 4 'ntalkd' processes - 0 is OK

proc ntalkd 4

# At least one 'sendmail' process, but no more than 10

proc sendmail 10 1


# Walk the UCD-SNMP-MIB::prTable to see the resulting output

# Note that this table will be empty if there are no "proc" entries in the snmpd.conf file



#

# Disk Monitoring

#

# 10MBs required on root disk, 5% free on /var, 10% free on all other disks

disk / 10000

disk /var 5%

includeAllDisks 10%


# Walk the UCD-SNMP-MIB::dskTable to see the resulting output

# Note that this table will be empty if there are no "disk" entries in the snmpd.conf file



#

# System Load

#

# Unacceptable 1-, 5-, and 15-minute load averages

load 12 10 5


# Walk the UCD-SNMP-MIB::laTable to see the resulting output

# Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file




###############################################################################

#

# ACTIVE MONITORING

#


# send SNMPv1 traps

# trapsink localhost public

informsink localhost public

# send SNMPv2c traps

#trap2sink localhost public

# send SNMPv2c INFORMs

#informsink localhost public


# Note that you typically only want *one* of these three lines

# Uncommenting two (or all three) will result in multiple copies of each notification.



#

# Event MIB - automatically generate alerts

#

# Remember to activate the 'createUser' lines above

iquerySecName internalUser

rouser internalUser

# generate traps on UCD error conditions

defaultMonitors yes

# generate traps on linkUp/Down

linkUpDownNotifications yes




###############################################################################

#

# EXTENDING THE AGENT

#


#

# Arbitrary extension commands

#

extend test1 /bin/echo Hello, world!

extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35

#extend-sh test3 /bin/sh /tmp/shtest


# Note that this last entry requires the script '/tmp/shtest' to be created first,

# containing the same three shell commands, before the line is uncommented


# Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table

# and nsExtendOutput2Table) to see the resulting output


# Note that the "extend" directive supercedes the previous "exec" and "sh" directives

# However, walking the UCD-SNMP-MIB::extTable should still returns the same output,

# as well as the fuller results in the above tables.



#

# "Pass-through" MIB extension command

#

#pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest

#pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl


# Note that this requires one of the two 'passtest' scripts to be installed first,

# before the appropriate line is uncommented.

# These scripts can be found in the 'local' directory of the source distribution,

# and are not installed automatically.


# Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output



#

# AgentX Sub-agents

#

# Run as an AgentX master agent

master agentx

# Listen for network connections (from localhost)

# rather than the default named socket /var/agentx/master

#agentXSocket tcp:localhost:705


snmpDOPTS = '-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid'

view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc

access MyROSystem "" any noauth exact all none none