snmpd - daemon to respond to SNMP request packets.




   snmpd  is  an SNMP agent which binds to a port and awaits requests from
   SNMP management software.  Upon receiving a request, it  processes  the
   request(s),  collects  the  requested  information  and/or performs the
   requested operation(s) and returns the information to the sender.


   -a      Log the source addresses of incoming requests.

   -A      Append to the log file rather than truncating it.

   -c FILE Read FILE as a configuration file (or a comma-separated list of
           configuration  files).   Note  that  the  loaded file will only
           understand snmpd.conf tokens, unless the configuration type  is
           specified  in the file as described in the snmp_config man page

   -C      Do not read any configuration files except the ones  optionally
           specified  by  the  -c  option.   Note that this behaviour also
           covers the persistent configuration files.  This may result  in
           dynamically-assigned  values  being  reset  following  an agent
           restart,  unless  the  relevant  persistent  config  files  are
           explicitly loaded using the -c option.

   -d      Dump (in hexadecimal) the sent and received SNMP packets.

           Turn  on  debugging output for the given TOKEN(s).  Without any
           tokens specified, it defaults to printing all the tokens (which
           is equivalent to the keyword "ALL").  You might want to try ALL
           for extremely verbose output.  Note: You can not  put  a  space
           between the -D flag and the listed TOKENs.

   -f      Do not fork() from the calling shell.

   -g GID  Change  to  the  numerical group ID GID after opening listening

   -h, --help
           Display a brief usage message and then exit.

   -H      Display a list of configuration file directives  understood  by
           the agent and then exit.

           Specifies  which  modules should (or should not) be initialized
           when the agent starts up.  If the comma-separated  INITLIST  is
           preceded  with a '-', it is the list of modules that should not
           be started.  Otherwise this is the list  of  the  only  modules
           that should be started.

           To  get  a  list  of  compiled  modules, run the agent with the
           arguments -Dmib_init -H (assuming debugging  support  has  been
           compiled in).

           Specify where logging output should be directed (standard error
           or output, to a file or via syslog).  See  LOGGING  OPTIONS  in
           snmpcmd(1) for details.

           Specifies  a  colon  separated  list of MIB modules to load for
           this application.   This  overrides  the  environment  variable
           MIBS.  See snmpcmd(1) for details.

           Specifies  a  colon separated list of directories to search for
           MIBs.  This overrides the environment  variable  MIBDIRS.   See
           snmpcmd(1) for details.

   -n NAME Set  an  alternative  application  name  (which will affect the
           configuration files loaded).  By default this  will  be  snmpd,
           regardless of the name of the actual binary.

   -p FILE Save the process ID of the daemon in FILE.

   -q      Print simpler output for easier automated parsing.

   -r      Do not require root access to run the daemon.  Specifically, do
           not exit if files only accessible to root  (such  as  /dev/kmem
           etc.) cannot be opened.

   -u UID  Change  to  the user ID UID (which can be given in numerical or
           textual form) after opening listening sockets.

   -U      Instructs the agent to not remove its  pid  file  (see  the  -p
           option)  on  shutdown. Overrides the leave_pidfile token in the
           snmpd.conf file, see snmpd.conf(5).

   -v, --version
           Print version information for the agent and then exit.

   -V      Symbolically dump SNMP transactions.

           Listens for AgentX connections on the specified address  rather
           than  the default "/var/agentx/master".  The address can either
           be a Unix domain socket path,  or  the  address  of  a  network
           interface.   The  format is the same as the format of listening
           addresses described below.

   -X      Run as an AgentX subagent rather than as an SNMP master agent.

           Allows one to specify  any  token  ("name")  supported  in  the
           snmpd.conf  file  and  sets its value to "value". Overrides the
           corresponding token in the snmpd.conf file.  See  snmpd.conf(5)
           for the full list of tokens.


   By default, snmpd listens for incoming SNMP requests on UDP port 161 on
   all IPv4 interfaces.  However, it is possible to modify this  behaviour
   by specifying one or more listening addresses as arguments to snmpd.  A
   listening address takes the form:


   At its simplest, a listening address may consist only of a port number,
   in  which  case  snmpd listens on that UDP port on all IPv4 interfaces.
   Otherwise, the <transport-address> part of the specification is  parsed
   according to the following table:

       <transport-specifier>       <transport-address> format

       udp (default)               hostname[:port] or IPv4-address[:port]

       tcp                         hostname[:port] or IPv4-address[:port]

       unix                        pathname

       ipx                         [network]:node[/port]

       aal5pvc or pvc              [interface.][VPI.]VCI

       udp6 or udpv6 or udpipv6    hostname[:port] or IPv6-address[:port]

       tcp6 or tcpv6 or tcpipv6    hostname[:port] or IPv6-address[:port]

       ssh                         hostname:port

       dtlsudp                     hostname:port

   Note  that  <transport-specifier> strings are case-insensitive so that,
   for example, "tcp" and "TCP" are equivalent.  Here are  some  examples,
   along with their interpretation:           listen  on  UDP  port  161,  but  only  on  the
                           loopback interface.  This prevents snmpd  being
                           queried   remotely.   The   port  specification
                           ":161" is not strictly necessary since that  is
                           the default SNMP port.

   TCP:1161                listen on TCP port 1161 on all IPv4 interfaces.

   ipx:/40000              listen on IPX port 40000 on all IPX interfaces.

   unix:/tmp/local-agent   listen    on    the    Unix    domain    socket

   /tmp/local-agent        is identical  to  the  previous  specification,
                           since  the  Unix domain is assumed if the first
                           character of the <transport-address> is '/'.

   PVC:161                 listen on the AAL5  permanent  virtual  circuit
                           with  VPI=0  and VCI=161 (decimal) on the first
                           ATM adapter in the machine.

   udp6:10161              listen on port 10161 on all IPv6 interfaces.

   ssh:        Allows connections from the snmp  subsystem  on
                           the  ssh  server  on  port  22.  The details of
                           using SNMP over SSH are defined below.

   dtlsudp:  Listen for connections over DTLS  on  UDP  port
                           9161.    The   snmp.conf  file  must  have  the
                           serverCert, configuration tokens defined.

   Note that not all the transport domains listed  above  will  always  be
   available; for instance, hosts with no IPv6 support will not be able to
   use udp6 transport addresses, and attempts to do so will result in  the
   error  "Error  opening  specified  endpoint".  Likewise, since AAL5 PVC
   support is only currently available on Linux, it  will  fail  with  the
   same error on other platforms.

Transport Specific Notes

   ssh     The  SSH transport, on the server side, is actually just a unix
           named pipe that  can  be  connected  to  via  a  ssh  subsystem
           configured   in   the  main  ssh  server.   The  pipe  location
           (configurable with the sshtosnmpsocket token in  snmp.conf)  is
           /var/net-snmp/sshtosnmp.  Packets should be submitted to it via
           the sshtosnmp application, which also sends the user ID as well
           when starting the connection.  The TSM security model should be
           used when packets should process it.

           The sshtosnmp command knows how to connect  to  this  pipe  and
           talk  to  it.   It  should  be  configured  in the OpenSSH sshd
           configuration  file  (which  is  normally  /etc/ssh/sshd_config
           using the following configuration line:

                  Subsystem snmp /usr/local/bin/sshtosnmp

           The  sshtosnmp  command  will  need  read/write  access  to the
           /var/net-snmp/sshtosnmp pipe.  Although  it  should  be  fairly
           safe  to  grant  access  to  the  average  user  since it still
           requires modifications to the ACM settings before the user  can
           perform  operations,  paranoid  administrators may want to make
           the /var/net-snmp directory  accessible  only  by  users  in  a
           particular   group.   Use  the  sshtosnmpsocketperms  snmp.conf
           configure option to set the permissions, owner and group of the
           created socket.

           Access  control  can  be  granted  to  the user "foo" using the
           following style of simple snmpd.conf settings:

                  rouser -s tsm foo authpriv

           Note that "authpriv" is acceptable  assuming  as  SSH  protects
           everything  that  way  (assuming  you have a non-insane setup).
           snmpd has no notion of how SSH has actually protected a  packet
           and  thus the snmp agent assumes all packets passed through the
           SSH transport have been protected at the authpriv level.

   dtlsudp The DTLS protocol, which is based off  of  TLS,  requires  both
           client  and server certificates to establish the connection and
           authenticate both sides.  In order to do this, the client  will
           need  to  configure  the  snmp.conf  file  with  the clientCert
           configuration tokens.  The server will need  to  configure  the
           snmp.conf   file   with  the  serverCert  configuration  tokens

           Access control setup is similar to the ssh transport as the TSM
           security model should be used to protect the packet.


   snmpd checks for the existence of and parses the following files:

         Common   configuration   for  the  agent  and  applications.  See
         snmp.conf(5) for details.


         Agent-specific configuration.   See  snmpd.conf(5)  for  details.
         These  files  are  optional  and  may be used to configure access
         control,  trap  generation,  subagent  protocols  and  much  else

         In  addition  to  these two configuration files in /etc/snmp, the
         agent  will  read  any  files  with  the  names  snmpd.conf   and
         snmpd.local.conf  in  a  colon  separated  path  specified in the
         SNMPCONFPATH environment variable.

         The agent will also load all files in this directory as MIBs.  It
         will  not,  however,  load  any  file  that  begins with a '.' or
         descend into subdirectories.


   (in recommended reading order)

   snmp_config(5), snmp.conf(5), snmpd.conf(5)

More Linux Commands

Net::Server::SIG(3pm) - adpf - Safer signal handling........
Signals in Perl 5 are unsafe. Some future releases may be able to fix some of this (ie Perl 5.8 or 6.0), but it would be nice to have some safe, portable signal

pcre16_utf16_to_host_byte_order(3) Perl-compatible regular e
pcre16_utf16_to_host_byte_order.3 - This function, which exists only in the 16-bit library, converts a UTF-16 string to the correct order for the current host,

pcre32_jit_stack_alloc(3) Perl-compatible regular expression
This function is used to create a stack for use by the code compiled by the JIT optimization of pcre[16|32]_study(). The arguments are a starting size for the s

mergecap(1) - Merges two or more capture files into one.....
Mergecap is a program that combines multiple saved capture files into a single output file specified by the -w argument. Mergecap knows how to read pcap capture

hook(3menu) - set hooks for automatic invocation by applicat
These functions make it possible to set hook functions to be called at various points in the automatic processing of input event codes by menu_driver. The funct

genprof(8) profile generation utility for AppArmor..........
When running aa-genprof, you must specify a program to profile. If the specified program is not a fully-qualified path, aa-genprof will search $PATH in order to

rand(3) - pseudo-random number generator - Linux man page...
The rand() function returns a pseudo-random integer in the range 0 to RAND_MAX inclusive (i.e., the mathematical range [0, RAND_MAX]). The srand() function sets

agentxtrap(1) - send an AgentX NotifyPDU to an AgentX master
agentxtrap issues an AgentX NotifyPDU to a master agent. One or more object identifiers (OIDs) can be given as arguments on the command line. A type and a value

XkbSetIgnoreLockMods(3) - Sets the modifiers that, if locked
XkbSetIgnoreLockMods.3 - The core protocol does not provide a way to exclude specific modifiers from grab calculations, with the result that locking modifiers s

XUnionRectWithRegion(3) - region arithmetic - Linux man page
The XIntersectRegion function computes the intersection of two regions. The XUnionRegion function computes the union of two regions. The XUnionRectWithRegion fu

Tcl_ThreadAlert(3) - the event queue and notifier interfaces
The interfaces described here are used to customize the Tcl event loop. The two most common customizations are to add new sources of events and to merge Tcls ev

form_data(3form) - test for off-screen data in given forms
The function data_ahead tests whether there is off-screen data ahead in the given form. It returns TRUE 411toppm(1) or FALSE (0). The function data_behind tests

We can't live, work or learn in freedom unless the software we use is free.