[unix-history] / usr / src / contrib / isode / snmp / snmpd.8c

.TH SNMPD 8C "14 Sep 1989"
.\" $Header: /f/osi/snmp/RCS/snmpd.8c,v 7.20 91/02/22 09:44:13 mrose Interim $
.\"
.\" Contributed by NYSERNet Inc.  This work was partially supported by the
.\" U.S. Defense Advanced Research Projects Agency and the Rome Air Development
.\" Center of the U.S. Air Force Systems Command under contract number
.\" F30602-88-C-0016.
.\"
.\"
.\" $Log:	snmpd.8c,v $
.\" Revision 7.20  91/02/22  09:44:13  mrose
.\" Interim 6.8
.\" 
.\" Revision 7.19  91/01/11  15:35:08  mrose
.\" sets
.\" 
.\" Revision 7.18  90/10/18  11:34:05  mrose
.\" psi
.\" 
.\" Revision 7.17  90/09/07  11:11:32  mrose
.\" update
.\" 
.\" Revision 7.16  90/09/03  12:57:37  mrose
.\" update
.\" 
.\" Revision 7.15  90/08/29  15:04:12  mrose
.\" doc
.\" 
.\" Revision 7.14  90/06/23  01:33:10  mrose
.\" proxy again
.\" 
.\" Revision 7.13  90/06/21  21:27:03  mrose
.\" proxy
.\" 
.\" Revision 7.12  90/06/20  23:52:55  mrose
.\" again
.\" 
.\" Revision 7.11  90/06/20  21:38:29  mrose
.\" update
.\" 
.\" Revision 7.10  90/06/13  17:58:41  mrose
.\" defaultView
.\" 
.\" Revision 7.9  90/06/12  05:19:02  mrose
.\" again
.\" 
.\" Revision 7.8  90/06/12  02:06:20  mrose
.\" views ...
.\" 
.\" Revision 7.7  90/06/12  02:05:32  mrose
.\" views ...
.\" 
.\" Revision 7.6  90/05/23  18:08:55  mrose
.\" 1158
.\" 
.\" Revision 7.5  90/05/13  17:54:37  mrose
.\" views again
.\" 
.\" Revision 7.4  90/05/13  16:08:10  mrose
.\" again
.\" 
.\" Revision 7.3  90/05/13  15:55:55  mrose
.\" update
.\" 
.\" Revision 7.2  90/02/19  19:17:01  mrose
.\" again
.\" 
.\" Revision 7.1  90/01/11  18:34:30  mrose
.\" real-sync
.\" 
.\" Revision 7.0  89/11/23  22:23:25  mrose
.\" Release 6.0
.\" 
.SH NAME
snmpd \- SNMP agent for BSD UNIX
.SH SYNOPSIS
.in +.5i
.ti -.5i
.B \*(SDsnmpd
\%[-b\ size]
\%[-d]
\%[\-t] \%[\-x] \%[\-z]
\%[-p\  portno]
\%[\-a\ x121address] \%[\-i\ pid]
\%[-r] \%[-s]
.in -.5i
(under /etc/rc.local)
.SH DESCRIPTION
The \fIsnmpd\fR server acts as a management agent,
implementing the Simple Network Management Protocol for Berkeley UNIX systems.
Upon receipt of a message,
it \*(lqauthenticates\*(rq the request,
attempts the operation,
and then returns a response.
.PP
The managed objects manipulated by \fIsnmpd\fR are defined in the file
\fBsnmpd.defs\fR,
kept in the system administrator's area.
These objects conform to the Internet-standard
\fIManagement Information Base\fR (commonly referred to as MIB-I),
which is defined in RFC 1156.
The rules used for naming and describing objects are taken from the
Internet-standard
\fIStructure of Management Information\fR (SMI),
which is defined in RFC 1155.
.PP
Most objects are realized via reading \fB/dev/kmem\fR.
There are some exceptions,
which can be set via a configuration file,
which is read once,
when the daemon starts.
.SH TRANSPORTS
For a UDP\-based network service,
the server listens on port 161 for SNMP messages.
The `\-p' option overrides the default UDP port.
.PP
For an X.25\-based network service,
the server implements the transport class 0 protocol,
decodes the connection request packet,
and execs the appropriate program to enter the protocol and provide the
service.
The `\-a' switch is used to specify the X.121 address of the local host
\(em this overrides the entry in the \fBisotailor\fP file.
In addition,
the `\-i' switch is used to specify the protocol ID to listen on
\(em the default is 03018200.
Note that on most X.25 implementations,
if the local X.121 address is not present in the \fBisotailor\fR file,
then the `-a' switch must be used in order for the server to
receive incoming calls.
.PP
For a TP4\-based transport service,
the server simply listens to any incoming connections for selector
\*(lqsnmp\*(rq.
.PP
By default,
all network services are enabled
(if defined in the configuration).
The `\-t' option specifies TCP\-only operation,
the `\-x' option specifies X.25\-only operation,
and the `\-z' option specifies TP4\-only operation.
.SH SMUX
The agent supports the SNMP Multiplexing (SMUX) protocol.
To disable this,
use the `\-s' option.
.SH CONFIGURATION
The \fBsnmpd.rc\fR file,
which is kept in the system administrator's area,
contains customization commands.
This file must be owned by root unless the `-r' option is given.
At present,
the directives are:
.TP
.B community\fR\0name\0address\0access\0view
defines an SNMP community called `name' with the indicated level of `access'.
The `address' token is either a hostname, an IP-address, or a
network address (using Kille's string syntax).
If present and a value other than 0.0.0.0 is used,
then incoming messages claiming to belong to the named community must
come from this address.
The `access' token,
if present,
is one of \*(lqreadOnly\*(rq, \*(lqreadWrite\*(rq, or \*(lqnone\*(rq,
and defaults to \*(lqreadOnly\*(rq.
The `view' token,
if present,
is an object identifier,
which names the corresponding view of MIB objects that this community
may access;
otherwise,
it defaults to a view containing all variables known to the agent.
.TP
.B view\fR\0name\0subtree\0...
defines a collection of manageable objects
with the given object identifier as its name.
All variables scoped by the `subtree' tokens,
each an object identifier,
given in the directive are placed in the view.
If no subtress are listed,
the view contains all variables known to the agent.
.TP
.B proxy\fR\0name\0domain\0address\0community
defines an SNMP proxy relationship,
in terms of a view called `name'.
Management requests for this view will be encapsulated via the access
method for `domain' and sent to the named address/community.
At present,
only the domain `rfc1157' (SNMP over UDP) is supported,
and the format of the `address' token is identical to that used by the
\fBcommunity\fR directive.
.TP
.B logging\fR\0ava\0...
sets the logging parameters accordingly.
The one or more `ava' tokens are of the form \*(lqattribute=value\*(rq.
The attributes are:
\fIfile\fR,
which is the filename for the log,
this is interpreted relative to the ISODE logging area,
unless the value starts with a slash;
\fIsize\fR,
which takes an integer value describing the maximum file size
(in KBytes) that the log should be allowed to grow;
\fIslevel\fR,
which takes a string value indicating which events should be logged
(one of \fInone\fR, \fIfatal\fR, \fIexceptions\fR, \fInotice\fR, \fItrace\fR,
\fIpdus\fR, \fIdebug\fR, or \fIall\fR);
\fIdlevel\fR,
which says which events should not be logged;
\fIsflags\fR,
which takes a string value indicating logging options should be enabled
(one of \fIclose\fR (to close the log after each entry),
\fIcreate\fR (to create the log if it does not already exist),
\fIzero\fR (to reset the log if the size is exceeded),
and \fItty\fR (to log events to the user's terminal in addition to the file));
and,
\fIdflags\fR,
which says which logging options should be disabled.
.TP
.B trap\fR\0name\0address\0view
defines a trap sink for the SNMP community called `name',
on the indicated address,
which is either a hostname, an IP-address, or a
network address (using Kille's string syntax).
Note that at present,
traps sinks must be reachable via UDP
(the network address must be an IP-address).
By default,
a view is not named for the trap sink.
.TP
.B variable\fR\0name\0value
sets the named variable to the indicated value.
At present,
these variables may be set:
\fIsysDescr\fR,
which takes a string value describing the management agent;
\fIsysObjectID\fR,
which takes an OBJECT IDENTIFIER value containing similar information;
\fIsysContact\fR,
which takes a string value describing the person responsible for the
node;
\fIsysName\fR,
which takes a string value giving an administratively assigned name
for the node;
\fIsysLocation\fR,
which takes a string value describing the location of the node;
and,
\fIsysServices\fR,
which takes an integer describing the services offered by the node.
See RFC 1156 for a more thorough explanation of these objects.
(The last four are defined in MIB-II, RFC 1158,
the follow-on to RFC 1156.)
.TP
.B variable\0snmpEnableAuthTraps\fR\0[ enabled | disabled ]
enables (or disables) the generation of authenticationFailure traps.
.TP
.B variable\0interface\fR\0name\0ava\0...
sets attributes for the named interface.
The `name' token is an interface name as reported by \*(lqnetstat\0-i\*(rq.
The one or more `ava' tokens are of the form \*(lqattribute=value\*(rq.
At present,
only three attributes may be set for each interface:
\fIifType\fR,
which takes an integer value describing the kind of interface;
\fIifSpeed\fR,
which takes an integer value describing the speed of the interface;
and,
\fIifAdminStatus\fR,
which takes an integer value describing the adminstrative state of the
interface.
See RFC 1156 for a more thorough explanation of these objects.
.SH "DEBUG OPERATION"
If \fIsnmpd\fR is started interactively,
or if the `\-d' switch is given,
then debug mode is entered.
In this case,
all logging activity is displayed on the user's terminal.
In addition,
the logging information is more verbose.
.PP
The `-b' switch can be used to specify the maximum message size
supported by the daemon.
(This is useful for testing how management stations recover from
tooBig errors.)
.SH FILES
.nf
.ta \w'\*(LDsnmpd.log  'u
\*(EDsnmpd.defs	MIB definitions
\*(EDsnmpd.rc	configuration file
\*(LDsnmpd.log	log file
/etc/snmpd.pid	daemon PID file
.re
.fi
.SH "NOTE WELL"
The names of the objects in \fBsnmpd.defs\fR are case sensitive.
This was necessary to improve the efficiency of the hashing algorithm
used for object lookup.
.SH "SEE ALSO"
RFCs 1155, 1156, and 1157.
.PP
S.E.\0Kille,
\fIA string encoding of Presentation Address\fR,
Research Note RN/89/14,
Department of Computer Science,
University College London,
(February, 1989).
.SH AUTHOR
Marshall T. Rose,
Performance Systems International
.PP
This work was partially supported by the
U.S. Defense Advanced Research Projects Agency and the Rome Air Development
Center of the U.S. Air Force Systems Command under contract number
F30602-88-C-0016.
.PP
Although this package is distributed with the ISODE,
it is not an OSI program, per se.
Inasmuch as the continued survival of the Internet hinges on all nodes
becoming network manageable,
this package was developed using the ISODE and is being freely
distributed with releases of Berkeley UNIX.
.PP
It must be stressed that this package is not a complete network management
system.
In particular,
whilst \fIsnmpd\fR provides a minimal agent functionality,
there are no Network Operation Center (NOC) tools--\fIsnmpi\fR is a
debugging aid only.
Commit	Line	Data
9e8e5516 C	1	.TH SNMPD 8C "14 Sep 1989"
	2	.\" $Header: /f/osi/snmp/RCS/snmpd.8c,v 7.20 91/02/22 09:44:13 mrose Interim $
	3	.\"
	4	.\" Contributed by NYSERNet Inc. This work was partially supported by the
	5	.\" U.S. Defense Advanced Research Projects Agency and the Rome Air Development
	6	.\" Center of the U.S. Air Force Systems Command under contract number
	7	.\" F30602-88-C-0016.
	8	.\"
	9	.\"
	10	.\" $Log: snmpd.8c,v $
	11	.\" Revision 7.20 91/02/22 09:44:13 mrose
	12	.\" Interim 6.8
	13	.\"
	14	.\" Revision 7.19 91/01/11 15:35:08 mrose
	15	.\" sets
	16	.\"
	17	.\" Revision 7.18 90/10/18 11:34:05 mrose
	18	.\" psi
	19	.\"
	20	.\" Revision 7.17 90/09/07 11:11:32 mrose
	21	.\" update
	22	.\"
	23	.\" Revision 7.16 90/09/03 12:57:37 mrose
	24	.\" update
	25	.\"
	26	.\" Revision 7.15 90/08/29 15:04:12 mrose
	27	.\" doc
	28	.\"
	29	.\" Revision 7.14 90/06/23 01:33:10 mrose
	30	.\" proxy again
	31	.\"
	32	.\" Revision 7.13 90/06/21 21:27:03 mrose
	33	.\" proxy
	34	.\"
	35	.\" Revision 7.12 90/06/20 23:52:55 mrose
	36	.\" again
	37	.\"
	38	.\" Revision 7.11 90/06/20 21:38:29 mrose
	39	.\" update
	40	.\"
	41	.\" Revision 7.10 90/06/13 17:58:41 mrose
	42	.\" defaultView
	43	.\"
	44	.\" Revision 7.9 90/06/12 05:19:02 mrose
	45	.\" again
	46	.\"
	47	.\" Revision 7.8 90/06/12 02:06:20 mrose
	48	.\" views ...
	49	.\"
	50	.\" Revision 7.7 90/06/12 02:05:32 mrose
	51	.\" views ...
	52	.\"
	53	.\" Revision 7.6 90/05/23 18:08:55 mrose
	54	.\" 1158
	55	.\"
	56	.\" Revision 7.5 90/05/13 17:54:37 mrose
	57	.\" views again
	58	.\"
	59	.\" Revision 7.4 90/05/13 16:08:10 mrose
	60	.\" again
	61	.\"
	62	.\" Revision 7.3 90/05/13 15:55:55 mrose
	63	.\" update
	64	.\"
65	.\" Revision 7.2 90/02/19 19:17:01 mrose
66	.\" again
67	.\"
68	.\" Revision 7.1 90/01/11 18:34:30 mrose
69	.\" real-sync
70	.\"
71	.\" Revision 7.0 89/11/23 22:23:25 mrose
72	.\" Release 6.0
73	.\"
74	.SH NAME
75	snmpd \- SNMP agent for BSD UNIX
76	.SH SYNOPSIS
77	.in +.5i
78	.ti -.5i
79	.B \*(SDsnmpd
80	\%[-b\ size]
81	\%[-d]
82	\%[\-t] \%[\-x] \%[\-z]
83	\%[-p\ portno]
84	\%[\-a\ x121address] \%[\-i\ pid]
85	\%[-r] \%[-s]
86	.in -.5i
87	(under /etc/rc.local)
88	.SH DESCRIPTION
89	The \fIsnmpd\fR server acts as a management agent,
90	implementing the Simple Network Management Protocol for Berkeley UNIX systems.
91	Upon receipt of a message,
92	it \(lqauthenticates\(rq the request,
93	attempts the operation,
94	and then returns a response.
95	.PP
96	The managed objects manipulated by \fIsnmpd\fR are defined in the file
97	\fBsnmpd.defs\fR,
98	kept in the system administrator's area.
99	These objects conform to the Internet-standard
100	\fIManagement Information Base\fR (commonly referred to as MIB-I),
101	which is defined in RFC 1156.
102	The rules used for naming and describing objects are taken from the
103	Internet-standard
104	\fIStructure of Management Information\fR (SMI),
105	which is defined in RFC 1155.
106	.PP
107	Most objects are realized via reading \fB/dev/kmem\fR.
108	There are some exceptions,
109	which can be set via a configuration file,
110	which is read once,
111	when the daemon starts.
112	.SH TRANSPORTS
113	For a UDP\-based network service,
114	the server listens on port 161 for SNMP messages.
115	The `\-p' option overrides the default UDP port.
116	.PP
117	For an X.25\-based network service,
118	the server implements the transport class 0 protocol,
119	decodes the connection request packet,
120	and execs the appropriate program to enter the protocol and provide the
121	service.
122	The `\-a' switch is used to specify the X.121 address of the local host
123	\(em this overrides the entry in the \fBisotailor\fP file.
124	In addition,
125	the `\-i' switch is used to specify the protocol ID to listen on
126	\(em the default is 03018200.
127	Note that on most X.25 implementations,
128	if the local X.121 address is not present in the \fBisotailor\fR file,
129	then the `-a' switch must be used in order for the server to
130	receive incoming calls.
131	.PP
132	For a TP4\-based transport service,
133	the server simply listens to any incoming connections for selector
134	\(lqsnmp\(rq.
135	.PP
136	By default,
137	all network services are enabled
138	(if defined in the configuration).
139	The `\-t' option specifies TCP\-only operation,
140	the `\-x' option specifies X.25\-only operation,
141	and the `\-z' option specifies TP4\-only operation.
142	.SH SMUX
143	The agent supports the SNMP Multiplexing (SMUX) protocol.
144	To disable this,
145	use the `\-s' option.
146	.SH CONFIGURATION
147	The \fBsnmpd.rc\fR file,
148	which is kept in the system administrator's area,
149	contains customization commands.
150	This file must be owned by root unless the `-r' option is given.
151	At present,
152	the directives are:
153	.TP
154	.B community\fR\0name\0address\0access\0view
155	defines an SNMP community called `name' with the indicated level of `access'.
156	The `address' token is either a hostname, an IP-address, or a
157	network address (using Kille's string syntax).
158	If present and a value other than 0.0.0.0 is used,
159	then incoming messages claiming to belong to the named community must
160	come from this address.
161	The `access' token,
162	if present,
163	is one of \(lqreadOnly\(rq, \(lqreadWrite\(rq, or \(lqnone\(rq,
164	and defaults to \(lqreadOnly\(rq.
165	The `view' token,
166	if present,
167	is an object identifier,
168	which names the corresponding view of MIB objects that this community
169	may access;
170	otherwise,
171	it defaults to a view containing all variables known to the agent.
172	.TP
173	.B view\fR\0name\0subtree\0...
174	defines a collection of manageable objects
175	with the given object identifier as its name.
176	All variables scoped by the `subtree' tokens,
177	each an object identifier,
178	given in the directive are placed in the view.
179	If no subtress are listed,
180	the view contains all variables known to the agent.
181	.TP
182	.B proxy\fR\0name\0domain\0address\0community
183	defines an SNMP proxy relationship,
184	in terms of a view called `name'.
185	Management requests for this view will be encapsulated via the access
186	method for `domain' and sent to the named address/community.
187	At present,
188	only the domain `rfc1157' (SNMP over UDP) is supported,
189	and the format of the `address' token is identical to that used by the
190	\fBcommunity\fR directive.
191	.TP
192	.B logging\fR\0ava\0...
193	sets the logging parameters accordingly.
194	The one or more `ava' tokens are of the form \(lqattribute=value\(rq.
195	The attributes are:
196	\fIfile\fR,
197	which is the filename for the log,
198	this is interpreted relative to the ISODE logging area,
199	unless the value starts with a slash;
200	\fIsize\fR,
201	which takes an integer value describing the maximum file size
202	(in KBytes) that the log should be allowed to grow;
203	\fIslevel\fR,
204	which takes a string value indicating which events should be logged
205	(one of \fInone\fR, \fIfatal\fR, \fIexceptions\fR, \fInotice\fR, \fItrace\fR,
206	\fIpdus\fR, \fIdebug\fR, or \fIall\fR);
207	\fIdlevel\fR,
208	which says which events should not be logged;
209	\fIsflags\fR,
210	which takes a string value indicating logging options should be enabled
211	(one of \fIclose\fR (to close the log after each entry),
212	\fIcreate\fR (to create the log if it does not already exist),
213	\fIzero\fR (to reset the log if the size is exceeded),
214	and \fItty\fR (to log events to the user's terminal in addition to the file));
215	and,
216	\fIdflags\fR,
217	which says which logging options should be disabled.
218	.TP
219	.B trap\fR\0name\0address\0view
220	defines a trap sink for the SNMP community called `name',
221	on the indicated address,
222	which is either a hostname, an IP-address, or a
223	network address (using Kille's string syntax).
224	Note that at present,
225	traps sinks must be reachable via UDP
226	(the network address must be an IP-address).
227	By default,
228	a view is not named for the trap sink.
229	.TP
230	.B variable\fR\0name\0value
231	sets the named variable to the indicated value.
232	At present,
233	these variables may be set:
234	\fIsysDescr\fR,
235	which takes a string value describing the management agent;
236	\fIsysObjectID\fR,
237	which takes an OBJECT IDENTIFIER value containing similar information;
238	\fIsysContact\fR,
239	which takes a string value describing the person responsible for the
240	node;
241	\fIsysName\fR,
242	which takes a string value giving an administratively assigned name
243	for the node;
244	\fIsysLocation\fR,
245	which takes a string value describing the location of the node;
246	and,
247	\fIsysServices\fR,
248	which takes an integer describing the services offered by the node.
249	See RFC 1156 for a more thorough explanation of these objects.
250	(The last four are defined in MIB-II, RFC 1158,
251	the follow-on to RFC 1156.)
252	.TP
253	.B variable\0snmpEnableAuthTraps\fR\0[ enabled \| disabled ]
254	enables (or disables) the generation of authenticationFailure traps.
255	.TP
256	.B variable\0interface\fR\0name\0ava\0...
257	sets attributes for the named interface.
258	The `name' token is an interface name as reported by \(lqnetstat\0-i\(rq.
259	The one or more `ava' tokens are of the form \(lqattribute=value\(rq.
260	At present,
261	only three attributes may be set for each interface:
262	\fIifType\fR,
263	which takes an integer value describing the kind of interface;
264	\fIifSpeed\fR,
265	which takes an integer value describing the speed of the interface;
266	and,
267	\fIifAdminStatus\fR,
268	which takes an integer value describing the adminstrative state of the
269	interface.
270	See RFC 1156 for a more thorough explanation of these objects.
271	.SH "DEBUG OPERATION"
272	If \fIsnmpd\fR is started interactively,
273	or if the `\-d' switch is given,
274	then debug mode is entered.
275	In this case,
276	all logging activity is displayed on the user's terminal.
277	In addition,
278	the logging information is more verbose.
279	.PP
280	The `-b' switch can be used to specify the maximum message size
281	supported by the daemon.
282	(This is useful for testing how management stations recover from
283	tooBig errors.)
284	.SH FILES
285	.nf
286	.ta \w'\*(LDsnmpd.log 'u
287	\*(EDsnmpd.defs MIB definitions
288	\*(EDsnmpd.rc configuration file
289	\*(LDsnmpd.log log file
290	/etc/snmpd.pid daemon PID file
291	.re
292	.fi
293	.SH "NOTE WELL"
294	The names of the objects in \fBsnmpd.defs\fR are case sensitive.
295	This was necessary to improve the efficiency of the hashing algorithm
296	used for object lookup.
297	.SH "SEE ALSO"
298	RFCs 1155, 1156, and 1157.
299	.PP
300	S.E.\0Kille,
301	\fIA string encoding of Presentation Address\fR,
302	Research Note RN/89/14,
303	Department of Computer Science,
304	University College London,
305	(February, 1989).
306	.SH AUTHOR
307	Marshall T. Rose,
308	Performance Systems International
309	.PP
310	This work was partially supported by the
311	U.S. Defense Advanced Research Projects Agency and the Rome Air Development
312	Center of the U.S. Air Force Systems Command under contract number
313	F30602-88-C-0016.
314	.PP
315	Although this package is distributed with the ISODE,
316	it is not an OSI program, per se.
317	Inasmuch as the continued survival of the Internet hinges on all nodes
318	becoming network manageable,
319	this package was developed using the ISODE and is being freely
320	distributed with releases of Berkeley UNIX.
321	.PP
322	It must be stressed that this package is not a complete network management
323	system.
324	In particular,
325	whilst \fIsnmpd\fR provides a minimal agent functionality,
326	there are no Network Operation Center (NOC) tools--\fIsnmpi\fR is a
327	debugging aid only.