svn commit: r216595 - head/etc

Shteryana Shopova syrinx at FreeBSD.org
Mon Dec 20 17:28:15 UTC 2010


Author: syrinx
Date: Mon Dec 20 17:28:15 2010
New Revision: 216595
URL: http://svn.freebsd.org/changeset/base/216595

Log:
  Add (disabled) sample configuration lines needed to enable snmp_target(3) module
  and configure minimal target addresses & notifications needed for bsnmpd(1)
  to send SNMPv3 notifications.
  
  Sponsored by:	The FreeBSD Foundation
  Reviewed by:	philip
  Approved by:	philip

Modified:
  head/etc/snmpd.config

Modified: head/etc/snmpd.config
==============================================================================
--- head/etc/snmpd.config	Mon Dec 20 17:13:14 2010	(r216594)
+++ head/etc/snmpd.config	Mon Dec 20 17:28:15 2010	(r216595)
@@ -28,7 +28,10 @@ read := "public"
 write := "geheim"
 trap := "mytrap"
 
+#
 # Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options
+#
+
 NoAuthProtocol		:= 1.3.6.1.6.3.10.1.1.1
 HMACMD5AuthProtocol	:= 1.3.6.1.6.3.10.1.1.2
 HMACSHAAuthProtocol	:= 1.3.6.1.6.3.10.1.1.3
@@ -37,16 +40,36 @@ DESPrivProtocol		:= 1.3.6.1.6.3.10.1.2.2
 AesCfb128Protocol	:= 1.3.6.1.6.3.10.1.2.4
 
 #
+# Enumerations from SNMP-FRAMEWORK-MIB
+#
+
+# Security models
+securityModelAny	:= 0
+securityModelSNMPv1	:= 1
+securityModelSNMPv2c	:= 2
+securityModelUSM	:= 3
+
+# Message Processing models
+MPmodelSNMPv1		:= 0
+MPmodelSNMPv2c		:= 1
+MPmodelSNMPv3		:= 3
+
+# Security levels
+noAuthNoPriv := 1
+authNoPriv := 2
+authPriv := 3
+
+
 # SNMPv3 USM User definition
 #
 # The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD,
 # SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking
 # 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other
 # usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp"
-# with a private password "bsnmp", localized for the above engine ID.
+# with a private password "bsnmptest", localized for the above engine ID.
 #
-# user1 := "bsnmp"
-# user1passwd := 0x1b:0x6d:0x9e:0x94:0xbe:0x19:0x17:0xfb:0xde:0x60:0x46:0xfe:0x59:0x6f:0x61:0x95:0xf2:0xc9:0x57:0x1f
+#user1 := "bsnmp"
+#user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60
 
 #
 # Configuration
@@ -90,17 +113,6 @@ sysObjectId 	= 1.3.6.1.4.1.12325.1.1.2.1
 snmpEnableAuthenTraps = 2
 
 #
-# Load MIB-2 module
-#
-begemotSnmpdModulePath."mibII"	= "/usr/lib/snmp_mibII.so"
-
-# Force a polling rate for the 64-bit interface counters in case
-# the automatic computation is wrong (which may be the case if an interface
-# announces the wrong bit rate via its MIB).
-#%mibII
-#begemotIfForcePoll = 2000
-
-#
 # SNMPv3 User-based security module - must be loaded for SNMPv3 USM
 #
 #begemotSnmpdModulePath."usm"	= "/usr/lib/snmp_usm.so"
@@ -145,18 +157,18 @@ begemotSnmpdModulePath."mibII"	= "/usr/l
 #%vacm
 
 # Definition of a SNMPv1 group
-# vacmSecurityToGroupStatus.1.$(read) = 4
-# vacmGroupName.1.$(read) = $(read)
+# vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4
+# vacmGroupName.$(securityModelSNMPv1).$(read) = $(read)
 
 # Definition of SNMPv2 group
-# vacmSecurityToGroupStatus.2.$(write) = 4
-# vacmGroupName.2.$(write) = $(write)
+# vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4
+# vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write)
 
 # Definition of SNMPv3 group with users "bsnmp" and "public"
-# vacmSecurityToGroupStatus.3.$(user1) = 4
-# vacmGroupName.3.$(user1) = $(write)
-# vacmSecurityToGroupStatus.3.$(read) = 4
-# vacmGroupName.3.$(read) = $(write)
+# vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4
+# vacmGroupName.$(securityModelUSM).$(user1) = $(write)
+# vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4
+# vacmGroupName.$(securityModelUSM).$(read) = $(write)
 
 # 
 # The OID of the .iso.org.dod.internet subtree
@@ -164,11 +176,6 @@ begemotSnmpdModulePath."mibII"	= "/usr/l
 # internetoid := 1.3.6.1
 # internetoidlen := 4
 
-# Enumerated values for the privacy options
-# noAuthNoPriv := 1
-# authNoPriv := 2
-# authPriv := 3
-
 #
 # Definitions of two views
 #
@@ -182,23 +189,23 @@ begemotSnmpdModulePath."mibII"	= "/usr/l
 #
 # Read-only access for SNMPv1 users
 #
-# vacmAccessStatus.$(read)."".1.1 = 4
-# vacmAccessReadViewName.$(read)."".1.1 = "internet"
+# vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4
+# vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet"
 
 #
 # Read-write access for SNMPv2 users 
 #
-# vacmAccessStatus.$(write)."".2.1 = 4
-# vacmAccessReadViewName.$(write)."".2.1 = "internet"
-# vacmAccessWriteViewName.$(write)."".2.1 = "internet"
+# vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4
+# vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
+# vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
 
 #
 # Read-write-notify access for SNMPv3 USM users with noAuthNoPriv
 #
 # vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4
-# vacmAccessReadViewName.$(write)."".3.$(noAuthNoPriv) = "internet"
-# vacmAccessWriteViewName.$(write)."".3.$(noAuthNoPriv) = "internet"
-# vacmAccessNotifyViewName.$(write)."".3.$(noAuthNoPriv) = "internet"
+# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
+# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
+# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
 
 #
 #Read-write-notify access to restricted for SNMPv3 USM users with authPriv
@@ -208,6 +215,62 @@ begemotSnmpdModulePath."mibII"	= "/usr/l
 # vacmAccessWriteViewName.$(write)."".3.$(authPriv) = "restricted"
 # vacmAccessNotifyViewName.$(write)."".3.$(authPriv) = "restricted"
 
+#
+# SNMPv3 Notification Targets
+#
+# begemotSnmpdModulePath."target"	= "/usr/lib/snmp_target.so"
+
+#%target
+# Send notifications to target tag "test"
+# tag		:= "test"
+# snmpNotifyRowStatus.$(tag) = 4
+# snmpNotifyTag.$(tag) = $(tag)
+
+# tagremote		:= "testremote"
+# snmpNotifyRowStatus.$(tagremote) = 4
+# snmpNotifyTag.$(tagremote) = $(tagremote)
+
+#
+# Specify the target parameters for the notifications - send with the credentials
+# of user "bsnmp"
+#
+# snmpTargetParamsRowStatus.$(tag) = 5
+# snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3)
+# snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM)
+# snmpTargetParamsSecurityName.$(tag) = $(user1)
+# snmpTargetParamsSecurityLevel.$(tag) = $(authPriv)
+# snmpTargetParamsRowStatus.$(tag) = 1
+
+#
+# Define the notifications' target address - port 162 on localhost
+#
+# snmpTargetAddrRowStatus.$(tag) = 5
+# snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2
+# snmpTargetAddrTagList.$(tag) = "test notification"
+# snmpTargetAddrParams.$(tag) = $(tag)
+# snmpTargetAddrRowStatus.$(tag) = 1
+
+#
+# Define the notifications' target address - port 162 on 10.0.0.1
+#
+# snmpTargetAddrRowStatus.$(tagremote) = 5
+# snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2
+# snmpTargetAddrTagList.$(tagremote) = $(tagremote)
+# snmpTargetAddrParams.$(tagremote) = $(tag)
+# snmpTargetAddrRowStatus.$(tagremote) = 1
+
+#
+# Load MIB-2 module
+#
+begemotSnmpdModulePath."mibII"	= "/usr/lib/snmp_mibII.so"
+
+# Force a polling rate for the 64-bit interface counters in case
+# the automatic computation is wrong (which may be the case if an interface
+# announces the wrong bit rate via its MIB).
+#%mibII
+#begemotIfForcePoll = 2000
+
+
 # Netgraph module
 #
 #begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so"


More information about the svn-src-all mailing list