Simple Network Management Protocol daemon
is the configuration file for the
file is divided into three main
- User-defined variables may be defined and used later,
simplifying the configuration file.
- Global runtime settings for
- USM user definitions.
- Custom configuration of SNMP object identifiers and
The current line can be extended over multiple lines using a backslash
(‘\’). Comments can be put anywhere in the file using a hash
mark (‘#’), and extend to the end of the current line. Care
should be taken when commenting out multi-line text: the comment is effective
until the end of the entire block.
Argument names not beginning with a letter, digit, or underscore must be quoted.
Additional configuration files can be included with the
keyword, for example:
Macros can be defined that will later be expanded in context. Macro names must
start with a letter, digit, or underscore, and may contain any of those
characters. Macro names may not be reserved words (for example,
). Macros are not expanded inside quotes.
listen on $ext_addr
The following options can be set globally:
(yes | no)
- If set to yes, ask the kernel
to filter route update messages on the routing socket. Routing table
information will not be available, but CPU use will be reduced during bulk
updates. The default is no.
- Specify the local address
snmpd(8) should listen on for
incoming SNMP messages.
- Specify the name of the read-only community. The default
value is public.
- Specify the name of the read-write community, or disallow
writes completely. The default value is
(none | auth |
- Specify the lowest security level that
If the chosen value is different from none
snmpd(8) will accept only
SNMPv3 requests since older versions neither support authentication nor
- Both authentication and encryption of messages is
optional. This is the default value.
- Authentication of messages is mandatory.
snmpd(8) will discard any
messages that don't have a valid digest. Encryption of messages is
- Messages must be encrypted and must have a valid digest
for authentication. Otherwise they will be discarded.
- Create a control socket at
restricted is specified, a restricted control
socket will be created. If agentx is
specified, a socket which speaks the AgentX protocol will be created.
Multiple restricted and
agentx sockets may be created. By default
/var/run/snmpd.sock is created and no other
sockets are created.
- Specify the name or description of the system contact,
typically a name or an email address. The default value is
root@hostname using the hostname of the
- Specify a description of the local system. The default
value is the operating system identification as printed by the
uname(1) command using the
OpenBSD myhost.example.com 4.2 GENERIC#595 i386
- Specify the string describing the location of the local
system, typically a physical location. The default value is an empty
- Specify the name of the local system, typically a
fully-qualified domain name. The default value is the hostname of the
- Specify the authoritative identification of the local
system. The default value is
(iso.org.dod.internet.private.enterprises.openbsd.23.1) identifying a
common OpenBSD system.
- Specify a magic value which indicates the set of services
that the local system may provide. Refer to the
sysServices description in the SNMP MIB
- Specify the name of the trap community. The default value
- Execute command upon receipt
of an SNMP trap that begins with a prefix of
oid. Alternately, the string
“default” may be used, in which
case the prefix used is 1.3. The invoked
command will receive the following
information about the trap on standard input, one per line, in this order:
the resolved hostname of the host sending the trap, the IP address of the
host sending the trap, and any variable bindings contained in the trap
(the OID followed by the value, separated by a single space).
- Specify the address or FQDN of a remote trap receiver for
outgoing traps sent by
snmpd(8). This option may be
specified multiple times. The daemon will send outgoing traps using the
revised SNMPv2 format and the configured trap community. The default
community is specified by the global trap
community option. The IPv4 or IPv6 source address of the traps can be
enforced using source-address.
Users for the SNMP User-based Security Model (USM, RFC 3414) must be defined in
the configuration file:
- Defines a known user. The
authkey keyword is required to specify the
digest key used to authenticate messages. If this keyword is omitted then
authentication is disabled for this user account. Optionally the HMAC
algorithm used for authentication can be specified.
hmac must be either
hmac-sha1. If omitted the default is
With enckey the encryption key used to encrypt
and decrypt messages for privacy is defined. Without an
enckey specification the user account will
neither accept encrypted incoming messages nor will it encrypt outgoing
messages. The enc algorithm can be either
des or aes and
defaults to des.
Any user account that has encryption enabled requires authentication to be
It is possible to specify user-defined OIDs in the configuration file:
- Return the specified value to the client for this OID. The
read-write option may allow the client to
override it, and the type is either string or
- Default location of the configuration file.
The following example will tell
to listen on localhost,
override the default system OID, set the magic services value and provides
some custom OID values:
listen on 127.0.0.1
system oid 220.127.116.11.4.1.30155.23.2
system services 74
oid 18.104.22.168.4.1.30155.42.1 name myName read-only string "humppa"
oid 22.214.171.124.4.1.30155.42.2 name myStatus read-only integer 1
The next example will enforce SNMPv3 with authenticated and encrypted
communication and the user-based security model. The configuration defines two
users, the first one is using the aes
algorithm and the second one the default des
user "hans" authkey "password123" enc aes enckey "321drowssap"
user "sophie" authkey "password456" enckey "654drowssap"
file format first appeared in
program was written by