# $FreeBSD$ # # Example configuration file for bsnmpd(1). # # # Set some common variables # location := "Room 200" contact := "sysmeister@example.com" system := 1 # FreeBSD traphost := localhost trapport := 162 # # Set the SNMP engine ID. # # The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via # this configuration file, an ID is assigned based on the value of the # kern.hostid variable # engine := 0x80:0x10:0x08:0x10:0x80:0x25 # snmpEngineID = $(engine) # Change this! read := "public" # Uncomment begemotSnmpdCommunityString.0.2 below that sets the community # string to enable write access. write := "geheim" trap := "mytrap" # # Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options # NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1 HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2 HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3 NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1 DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2 AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4 # # Enumerations from SNMP-FRAMEWORK-MIB # # Security models securityModelAny := 0 securityModelSNMPv1 := 1 securityModelSNMPv2c := 2 securityModelUSM := 3 # Message Processing models MPmodelSNMPv1 := 0 MPmodelSNMPv2c := 1 MPmodelSNMPv3 := 3 # Security levels noAuthNoPriv := 1 authNoPriv := 2 authPriv := 3 # SNMPv3 USM User definition # # The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD, # SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking # 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other # usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp" # with a private password "bsnmptest", localized for the above engine ID. # #user1 := "bsnmp" #user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60 # # Configuration # %snmpd begemotSnmpdDebugDumpPdus = 2 begemotSnmpdDebugSyslogPri = 7 # # Set the read and write communities. # # The default value of the community strings is NULL (note, that this is # different from the empty string). This disables both read and write access. # To enable read access only the read community string must be set. Setting # the write community string enables both read and write access with that # string. # # Be sure to understand the security implications of SNMPv2 - the community # strings are readable on the wire! # begemotSnmpdCommunityString.0.1 = $(read) # begemotSnmpdCommunityString.0.2 = $(write) begemotSnmpdCommunityDisable = 1 # open standard SNMP ports begemotSnmpdPortStatus.0.0.0.0.161 = 1 # open a unix domain socket begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1 begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4 # send traps to the traphost begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4 begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2 begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap) sysContact = $(contact) sysLocation = $(location) sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system) snmpEnableAuthenTraps = 2 # Uncomment `begemotSnmpdModulePath.".." = ".."' entries below to enable # modules # # Control configuration for the modules in the module specific sections, e.g. # the "usm" module (begemotSnmpdModulePath."usm") can be controlled in the # %usm specific section. You must uncomment the section specific header in # order to use the enclosed variables, e.g. `usmUserStatus.$(engine).$(user1)` # can only be used if %usm is uncommented. # # Modules are loaded in the order listed, so they must be before any # dependent modules, e.g. "mibII" vs "bridge". # # # MIB-2 module # begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so" # # Bridge module # This requires the mibII module. # #begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so" # # Host resources module # This requires the mibII module. # #begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so" # # LM75 Sensor module # #begemotSnmpdModulePath."lm75" = "/usr/lib/snmp_lm75.so" # # Netgraph module # #begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so" # # pf(4) module # #begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so" # # SNMPv3 Notification Targets # # begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so" # # SNMPv3 User-based security module - must be loaded for SNMPv3 USM # #begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so" # # SNMPv3 View-based Access Control module # #begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so" # # Wireless module # This requires the mibII module. # #begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so" # # SNMPv3 USM User definition. # #%usm # # The following block creates a user with name "bsnmp" and sets privacy # and encryption options to SHA256 message digests and AES encryption # for this user. # # usmUserStatus.$(engine).$(user1) = 5 # usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol) # usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd) # usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol) # usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd) # usmUserStatus.$(engine).$(user1) = 1 # # # The following block creates a user with name "public" with no authentication # or encryption options. # # usmUserStatus.$(engine).$(read) = 5 # usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol) # usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol) # usmUserStatus.$(engine).$(read) = 1 # # # Definition of view-based access control entries. # #%vacm # Definition of a SNMPv1 group # vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4 # vacmGroupName.$(securityModelSNMPv1).$(read) = $(read) # Definition of SNMPv2 group # vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4 # vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write) # Definition of SNMPv3 group with users "bsnmp" and "public" # vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4 # vacmGroupName.$(securityModelUSM).$(user1) = $(write) # vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4 # vacmGroupName.$(securityModelUSM).$(read) = $(write) # # The OID of the .iso.org.dod.internet subtree # # internetoid := 1.3.6.1 # internetoidlen := 4 # # Definitions of two views # # vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4 # vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4 # # Access control # # # Read-only access for SNMPv1 users # # vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4 # vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet" # # Read-write access for SNMPv2 users # # vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4 # vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" # vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet" # # Read-write-notify access for SNMPv3 USM users with noAuthNoPriv # # vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4 # vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" # vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" # vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet" # #Read-write-notify access to restricted for SNMPv3 USM users with authPriv # # vacmAccessStatus.$(write)."".$(securityModelUSM).$(authPriv) = 4 # vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" # vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" # vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(authPriv) = "restricted" #%target # Send notifications to target tag "test" # tag := "test" # snmpNotifyRowStatus.$(tag) = 4 # snmpNotifyTag.$(tag) = $(tag) # tagremote := "testremote" # snmpNotifyRowStatus.$(tagremote) = 4 # snmpNotifyTag.$(tagremote) = $(tagremote) # # Specify the target parameters for the notifications - send with the credentials # of user "bsnmp" # # snmpTargetParamsRowStatus.$(tag) = 5 # snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3) # snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM) # snmpTargetParamsSecurityName.$(tag) = $(user1) # snmpTargetParamsSecurityLevel.$(tag) = $(authPriv) # snmpTargetParamsRowStatus.$(tag) = 1 # # Define the notifications' target address - port 162 on localhost # # snmpTargetAddrRowStatus.$(tag) = 5 # snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2 # snmpTargetAddrTagList.$(tag) = "test notification" # snmpTargetAddrParams.$(tag) = $(tag) # snmpTargetAddrRowStatus.$(tag) = 1 # # Define the notifications' target address - port 162 on 10.0.0.1 # # snmpTargetAddrRowStatus.$(tagremote) = 5 # snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2 # snmpTargetAddrTagList.$(tagremote) = $(tagremote) # snmpTargetAddrParams.$(tagremote) = $(tag) # snmpTargetAddrRowStatus.$(tagremote) = 1 # Force a polling rate for the 64-bit interface counters in case # the automatic computation is wrong (which may be the case if an interface # announces the wrong bit rate via its MIB). #%mibII #begemotIfForcePoll = 2000 #%netgraph #begemotNgControlNodeName = "snmpd"