1 Frequently Asked Questions (FAQ) for the UCD/Net SNMP package
2 =============================================================
3 FAQ Author: Dave Shield
4 net-snmp Version: 5.0.9
5 net-snmp/ucd-snmp Project Leader: Wes Hardaker
6 Email: net-snmp-coders@lists.sourceforge.net
15 What documentation is available?
16 Are there binaries available?
17 What's the difference between UCD-SNMP and Net-SNMP?
18 What operating systems does it run on?
19 What happens if mine isn't listed?
20 Does it run on Windows?
21 How do I find out about new releases?
22 How can I find out what other people are doing?
23 How do I submit a patch or bug report?
24 Can I reuse the code in my commercial application?
25 What's the difference between SNMPv1, SNMPv2 and SNMPv3?
26 What are all these different SNMPv2's anyway?
27 Which versions of SNMP are supported in this package?
28 Can I use SNMPv1 requests with an SNMPv2 MIB (or vice versa)?
29 Where can I find more information about network management?
30 Is ucd-snmp thread safe?
33 How do I add a MIB to the tools?
34 Why can't I see anything from the agent?
35 Why can't I see values in the <INSERT ENTERPRISE HERE> tree?
36 Requests always seem to timeout, and don't give me anything back. Why?
37 I can see the system group, but nothing else. Why?
38 The agent worked for a while, then stopped responding. Why?
39 Requesting an object fails with "Unknown Object Identifier" Why?
40 Why do I get "noSuchName" when asking for "sysUpTime" (or similar)?
41 Why do I sometimes get "End of MIB" when walking a tree, and sometimes not?
42 I cannot set any variables in the MIB.
43 Variables seem to disappear when I try to set them. Why?
44 I still can't change sysLocation, though the access settings allow
46 I get an error when trying to set a negative value - why?
47 I get an error when trying to get a string-indexed table value - why?
48 How do I send traps and notifications?
49 How do I handle traps and notifications?
50 My traphandler script doesn't work when run like this - why not?
51 The ucdShutdown trap OID received by my manager is wrong. Why?
52 Why does snmptrapd complain about AgentX?
54 How big can an SNMP request (or reply) be?
55 How can I monitor my systems (disk, memory, etc)?
56 Applications complain about entries in your example 'snmp.conf' file. Why?
57 OK, what should I put in snmp.conf?
59 Where can I get the perl SNMP package?
60 How do I install the Perl SNMP modules?
61 But compiling this fails! Why?
62 Compiling the perl module works OK, but 'make test' fails. Why?
63 The perl 'make test' fails on the OID tests. Is it safe to continue?
64 I'm trying to use mib2c (or tkmib) and it can't locate SNMP.pm?
65 I'm trying to use mib2c (or tkmib) and it can't load SNMP.so?
66 I'm trying to use tkmib and it can't locate Tk.pm?
67 I've got a problem with the Net-SNMP module. Can you help?
69 Where can I find a MIB compiler?
70 I can't load any of the mib files, and they seem to be missing
71 the first two characters of the filename. What's happening?
72 Why aren't my mib files being read in?
73 I'm getting answers, but they're all numbers. Why?
74 What does "Cannot find module (XXX-MIB)" mean?
75 What about "unlinked OID"?
76 The parser doesn't handle comments properly. Why not?
77 How do I replace MIB values with new ones?
78 How can I get more information about these MIB file problems?
79 What's this about "too many imported symbols"?
81 What MIBs are supported?
82 What protocols are supported?
83 How do I configure the agent?
84 How do I add a MIB to the agent?
85 What's the difference between 'exec', 'sh' and 'pass'?
86 What's the difference between AgentX, SMUX and proxied SNMP?
87 What about 'dlmod' - what's that about?
89 Can I use AgentX when running under Windows?
90 How can I run AgentX with a different socket address?
91 How can I combine two copies of the 'mib2' tree from separate subagents?
92 What traps are sent by the agent?
93 How can I send a particular trap to selected destinations?
94 Why does calling 'snmp_v2trap' generate an SNMPv1 trap (or vice versa)?
95 When I run the agent it runs and then quits without staying around. Why?
96 After a while the agent stops responding, and starts eating CPU time. Why?
97 How can I stop other people getting at my agent?
98 How can I listen on just one particular interface?
99 How do I configure access control?
100 I don't understand the new access control stuff - what does it mean?
101 How do I configure SNMPv3 users?
102 The 'createUser' line disappears when I start the agent. Why?
103 What's the difference between /var/ucd-snmp and /usr/local/share/snmp?
104 My new agent is ignoring the old snmpd.conf file. Why?
105 Why am I getting "Connection refused"?
106 I'm getting errors about "bad security model" - why?
107 I'm getting errors about "bad prefix match parameter" - why?
108 Why can't I see values in the UCDavis 'extensible' or 'disk' trees?
109 Why can't I see values in the UCDavis 'memory' or 'vmstat' tree?
110 What do the CPU statistics mean - is this the load average?
111 What about multi-processor systems?
112 The speed/type of my network interfaces is wrong - how can I fix it?
113 The interface statistics for my subinterfaces are all zero - why?
114 What does "klread: bad address" mean?
115 What does "nlist err: wombat not found" (or similar) mean?
116 How about "Can't open /dev/kmem"?
117 The agent is complaining about 'snmpd.conf'. Where is this?
118 The system uptime (sysUpTime) returned is wrong!
119 How can I reduce the memory footprint?
121 How do I compile with 'cc' instead of 'gcc'?
122 But gcc doesn't compile it successfully on my new Solaris system. Why not?
123 How do I write C code to integrate with the agent?
124 How does the agent fetch the value of a variable from the system?
125 I've created a new module with 'mib2c' but it doesn't work. Why not?
126 Where should I put the files produced by 'mib2c'?
127 Mib2c only handles a single table in my MIB. How can I fix this?
128 Mib2c complains about a missing "mib reference" - what does this mean?
129 Mib2c complains about not having a "valid OID" - what does this mean?
130 Mib2c ignores my MIB and generates a pair of 'mib-2' code files. Why?
131 Mib2c talks about "configuration files". Why has this stopped working?
132 How can I get the agent to generate a trap (or inform)?
133 What if I'm using an AgentX sub-agent instead?
134 I'm getting an error "autoheader: not found" - what's wrong?
135 What about a failed dependency on 'libcrypto'? Where can I get that?
136 Why is the project workspace empty under Visual C++?
137 Why are packets requesting the same information larger with UC-Davis SNMP?
138 What ASN.1 parser is used?
139 What is the Official Slogan of the ucd-snmp-coders list?
148 - Various tools relating to the Simple Network Management Protocol
151 * An extensible agent
153 * tools to request or set information from SNMP agents
154 * tools to generate and handle SNMP traps
155 * a version of the unix 'netstat' command using SNMP
156 * a graphical Perl/Tk/SNMP based mib browser
158 This package is originally based on the Carnegie Mellon University
159 SNMP implementation (version 2.1.2.1), but has developed significantly
168 - http://www.net-snmp.org/download/
169 - ftp://ftp.net-snmp.org/pub/sourceforge/net-snmp/
171 - http://www.net-snmp.org/md5/
173 - http://www.net-snmp.org/
174 Sourceforge Project page:
175 - http://www.net-snmp.org/project/
176 Mirrors (note that sourceforge download servers are mirrored themselves):
177 - US: ftp://ftp.freesnmp.com/mirrors/net-snmp/
178 - Bulgaria: http://rtfm.uni-svishtov.bg/net-snmp/
179 - Japan: ftp://ftp.ayamura.org/pub/net-snmp/
180 - Germany: ftp://ftp.mpg.goe.ni.schule.de/pub/internet/net-snmp/
182 The old ucd-snmp.ucdavis.edu web site and ftp server is now
183 offline and should not be accessed any longer.
187 What documentation is available?
188 -------------------------------
195 man pages for the individual tools, files and the API
196 A guide for extending the agent
197 Tutorials for both ucd-snmp v4 and net-snmp v5
198 at http://www.net-snmp.org/tutorial/
199 and http://www.net-snmp.org/tutorial-5/ respectively
201 Most of this documentation (plus archives of the mailing lists)
202 is also available on our web page:
204 http://www.net-snmp.org/
208 Are there binaries available?
209 ----------------------------
211 - There are binaries for some systems available in the binaries
212 directory on the ftp site.
216 What's the difference between UCD-SNMP and Net-SNMP?
217 ---------------------------------------------------
219 Not a great deal, really.
220 Although the project originally started at UC Davis (hence the name),
221 and it has always been based there, most of the contributors have had
222 little or no connection with this institution.
224 The move to SourceForge was intended to provide a more flexible
225 environment for the project, and to distribute the administrative
226 workload more evenly. The change of name simply reflects this move,
227 which was the last remaining link with UC Davis.
229 The 4.2.x line is the last release line that uses the ucd-snmp name,
230 and all releases under this banner will be bug-fixes only. Release
231 5.0 is the first version using the net-snmp name, and all new features
232 and significant development will be released under this name.
233 (Though the dividing line between a bug-fix and a new feature is
234 something of a vague one, so some changes in the 4.2.x line may be
235 relatively non-trivial!)
237 Starting with the 5.0 release, we are also trying to review and
238 rework the underlying code base to improve the readability and
239 maintainability of the package. The 5.0 changes have mostly
240 concentrated on the agent architecture, though there have been some
241 significant changes to the library as well. Future releases may
242 include further restructuring of the library.
243 This process will probably result in some changes to the API,
244 though we will attempt to retain some form of backwards
245 compatibility as far as possible, and clearly mark anything that has
246 changed. The most significant change with the 5.0 release is a
247 restructuring of the header file organisation - not least a change
248 from <ucd-snmp/xxx.h> to <net-snmp/yyy.h>.
252 What operating systems does it run on?
253 -------------------------------------
255 Both the applications and the agent have been reported as running
256 (at least in part) on the following operating systems:
258 * HP-UX (10.20 to 9.01 and 11.0 -- see README.hpux11)
259 * Ultrix (4.5 to 4.2)
260 * Solaris (2.8 to 2.3) and SunOS (4.1.4 to 4.1.2)
262 * NetBSD (1.5alpha to 1.0)
263 * FreeBSD (4.1 to 2.2)
264 * BSDi (4.0.1 to 2.1)
265 * Linux (kernels 2.4 to 1.3)
269 * OS X (10.1.1 and 10.1.2)
272 We have also been informed about a port to the Stratus VOS.
273 See http://ftp.stratus.com/vos/network/network.html for details.
275 See the next question but one for the status of Windows support.
277 Certain systems (e.g. HP-UX 11, Irix?) fail to compile particular
278 portions of the agent. These can usually be persuaded to compile
279 (at the loss of some functionality) by omitting the modules affected.
280 See the next question for more details.
282 Also note that the presence of a particular configuration in this
283 list does not imply a perfect or complete implementation. This is
284 simply what various people have reported as seeming to work. (Or more
285 frequently, the configurations people have reported problems with
286 that we think we've fixed!)
290 What happens if mine isn't listed?
291 ---------------------------------
293 It's probably worth trying to compile it anyway. If your system
294 is reasonably similar to another supported configuration, it may
295 well compile with little or no difficulty. The most likely source
296 of problems will be MIB modules within the agent, as this tends to
297 be where the most system-specific code is found.
299 If only a few modules fail to compile, try removing them from
300 the agent by running "configure --with-out-mib-module=xxx,yyy",
301 and re-compiling. If a large number of modules fail, then it
302 might be easier to start from a relatively bare system, using
303 "configure --enable-mini-agent --with-defaults". Then if this
304 minimal agent compiles and runs successfully, try adding the
305 missing mibgroups using the configure option '--with-mib-module'.
307 If configure fails with "invalid configuration" messages, or
308 you get completely stuck, contact the coders list for advice.
309 Similarly, if you manage to get this working on a new system,
310 please let us know both details of the hardware you're using,
311 and what versions of the operating system you've tried it on.
312 The entry 'host' in the file 'config.status' will show this
313 information. Oh, and congratulations!
317 Does it run on Windows?
318 ----------------------
320 The suite should compile and run on Win32 platforms, including
321 the library, command-line tools and the basic agent framework.
322 Note that the agent now includes support for the MIB-II module,
323 but this requires Microsoft's Core Platform SDK. Instructions
324 for how to install this are given in README.win32.
326 Some other MIB modules, including the UCD pass-through extensions,
327 do not currently work under Windows. Volunteers to assist in
328 these missing modules are likely to welcomed with open arms :-)
330 Further details of Windows support (currently Visual C++ and
331 Cygnus cygwin32) is available in the file README.win32
335 How do I find out about new releases?
336 ------------------------------------
338 There is a mailing list for these announcements
340 net-snmp-announce@lists.sourceforge.net
342 To be added to (or removed from) this list, visit
343 http://www.net-snmp.org/lists/net-snmp-announce/. Or you can send a
344 message to the address
345 'net-snmp-announce-request@lists.sourceforge.net' with a subject
346 line of 'subscribe' (or 'unsubscribe' as appropriate).
348 Major code revisions may be announced more widely (e.g. on the
349 SNMP mailing lists, or comp.protocols.snmp) but this list is the most
350 reliable way to keep in touch with the status of this package.
352 Patches to fix known problems are also made available via the web site:
354 http://www.net-snmp.org/patches/
358 How can I find out what other people are doing?
359 ----------------------------------------------
361 There is a general purpose discussion list
363 net-snmp-users@lists.sourceforge.net
365 To be added to (or removed from) this list, visit
366 http://www.net-snmp.org/lists/net-snmp-users. Or you can send a
367 message to the address 'net-snmp-users-request@lists.sourceforge.net'
368 with a subject line of 'subscribe' (or 'unsubscribe' as appropriate).
370 To find out what the developers are doing, and to help them out, please
371 read the PORTING file enclosed with the package.
373 There is also an net-snmp IRC channel set up on the freenode.net IRC
374 chat servers (you can use irc.freenode.net to connect and/or see
375 http://www.freenode.net/ for getting started with irc). Multiple
376 core developers hang out there on a regular basis.
380 How do I submit a patch or bug report?
381 -------------------------------------
383 All bug reports should be submitted to the bug database through the
384 interface found at http://www.net-snmp.org/bugs/. Be
385 sure to include the version of the package that you've been working
386 with, the output of the command 'uname -a', the precise command that
387 triggers the problem and a copy of the output it produces.
389 All patches should be submitted to the patch manager at
390 http://www.net-snmp.org/patches/. If possible, submit a
391 bug report describing the patch as well (referencing it by its patch
392 number) since the patch manager doesn't contain a decent description
395 Questions about using the package should be directed at the
396 net-snmp-users@lists.sourceforge.net mailing list. Note that this
397 mailing list is relatively busy, and the people answering these
398 questions are doing so out of the goodness of their hearts, and in
399 addition to their main employment. Please note the following:
401 - use plain text mail, rather than HTML
402 - don't resend questions more than once
403 (even if no-one answered immediately)
404 - include full details of exact commands and error messages
405 ("I've tried everything, and it doesn't work" isn't much use!)
406 - do *NOT* send messages to -users and -coders mailing lists
407 (most developers read both anyway)
408 - don't mail the developers privately - keep everything on the list
410 Remember that this is basically an unsupported package. Fundamentally
411 it's Open Source, so you have the source code. If you need something
412 fixing badly enough, it's up to you to do the work.
414 We can't promise to be able to solve all problems, but we'll
415 certainly try and help. But remember that this is basically an
416 unsupported package. It's Open Source, so if you need something
417 fixing badly enough, fundamentally it's up to you to do the work.
419 Can I reuse the code in my commercial application?
420 -------------------------------------------------
422 The details of the COPYRIGHTs on the package can be found in the
423 COPYING file. You should have your lawyer read this file if you wish
424 to use the code in your commercial application. We will not summarize
425 here what is in the file, as we're not lawyers and are unqualified to
429 What's the difference between SNMPv1, SNMPv2 and SNMPv3?
430 -------------------------------------------------------
431 What are all these different SNMPv2's anyway?
432 --------------------------------------------
435 A full description is probably beyond the scope of this FAQ.
436 Very briefly, the original protocol and framework was described
437 in RFCs 1155-1157, and is now known as SNMPv1.
439 Practical experience showed up various problems and
440 deficiencies with this, and a revised framework was developed to
441 try and address these. This was described in RFCs 1441-1452, and
442 known as "SNMPv2 classic".
443 The changes proposed include:
445 * new ways of defining information (MIB structure)
446 (SMI, Textual conventions, conformance statements)
447 * new protocol packet types and transport mappings
448 * new mechanisms for administration and security
449 * mechanisms for remote configuration
451 Unfortunately, while many of these were generally accepted, there
452 was some disagreement in these last two areas, security/admin
453 and remote configuration. This resulted in a number of variants and
454 alternative proposals:
456 SNMPv2c Contains the new protocol and MIB structure elements,
457 using the existing SNMPv1 administration structure.
458 This is the de-facto SNMPv2 standard (described in
459 RFCs 1901-1908), superseding SNMPv2 classic, and is
460 known as "Community-based SNMPv2" or simply "SNMPv2".
463 SNMPv2 usec } Alternative proposals to address the
464 SNMPv2* } limitations of SNMPv1 administration
465 } These are both super-sets of SNMPv2c
468 SNMP-NG An attempt to reach agreement between
469 the proponents of usec and v2star.
471 The formal successor to the SNMP-NG work has been termed SNMPv3.
472 This has now been effectively finalised, and is described in RFCs
473 2571-2575. This is currently a Proposed Standard, but is likely
474 to progress to full Standard in the relatively near future.
478 Which versions of SNMP are supported in this package?
479 ----------------------------------------------------
481 This package currently supports the original SNMPv1, Community-based
482 SNMPv2 (i.e. RFCs 1901-1908), and SNMPv3 (i.e. RFCs 2571-2575).
483 The agent will respond to requests using any of these protocols,
484 and all the tools take a command-line option to determine which
487 Support for SNMPv2 classic (a.k.a. "SNMPv2 historic" - RFCs 1441-1452)
488 was dropped with the 4.0 release of the UCD-snmp package.
492 Can I use SNMPv1 requests with an SNMPv2 MIB (or vice versa)?
493 ------------------------------------------------------------
497 The version of the syntax used to define a MIB file
498 is better referred to as SMIv1 or SMIv2, and is purely
499 concerned with defining the characteristics of the
500 various management objects. This is (almost) completely
501 unrelated to the versions of the protocol operations.
502 So it is quite reasonable to use SNMPv1 requests on
503 objects defined using SMIv2, or SNMPv2 (or SNMPv3)
504 requests on objects defined using SMIv1.
506 The one exception is objects of syntax Counter64,
507 which are only accessible using SNMPv2 or higher.
508 SNMPv1 requests will either treat such objects as an
509 error, or skip over them completely.
513 Where can I find more information about network management?
514 ----------------------------------------------------------
516 There are a number of sites with network management information on
517 the World Wide Web. Three of the most useful are
519 http://netman.cit.buffalo.edu/index.html
520 http://www.snmplink.org/
521 http://wwwsnmp.cs.utwente.nl/
523 There are two Usenet newsgroups which are relevant.
524 'comp.dcom.net-management'
525 which discusses general issues relating to network management
526 'comp.protocols.snmp'
527 which is specifically concerned with use of SNMP in particular
529 (though there is a large overlap between these two groups).
530 The SNMP group also has an FAQ (split into two parts) which discusses more
531 general issues related to SNMP, including books, software, other sites,
532 how to get an enterprise number, etc, etc.
533 This is available from
535 ftp://rtfm.mit.edu/pub/usenet/comp.protocols.snmp/
537 or via any of the Web sites above.
541 Is ucd-snmp thread safe?
542 -----------------------
544 Strictly speaking, no. However, it should be possible to use the
545 library in a thread-safe manner. This is covered in detail in the file
546 README.thread (shipped with the standard distribution), but can be
547 summarised as follows:
549 - Call 'snmp_sess_init()' prior to activating any threads.
550 This reads in and parses MIB information (which isn't thread-safe)
551 as well as preparing a session structure for subsequent use.
553 - Open an SNMP session using 'snmp_sess_open()' which returns an
554 opaque session handle, which is essentially independent of any
555 other sessions (regardless of thread).
557 - Resource locking is not handled within the library, and is the
558 responsibility of the main application.
560 The applications and the agent have not been designed for threaded use.
570 This is actually two separate questions, depending on whether you
571 are referring to the tools, or the agent (or both).
572 See the next question or the next section respectively.
576 How do I add a MIB to the tools?
577 -------------------------------
581 cp MY-MIB.txt /usr/local/share/snmp/mibs
586 mkdir $HOME/.snmp/mibs
587 cp MY-MIB.txt $HOME/.snmp/mibs
595 echo "mibs +MY-MIB" >> $HOME/.snmp/snmp.conf
597 Note that you need *both* steps.
598 The first command copies the file defining the new MIB to a
599 expected location for MIB files. This defaults to
600 /usr/local/share/snmp/mibs (or PREFIX/share/snmp/mibs if the the
601 suite was installed into a different base location). Some
602 ready-packaged distributions (such as Linux RPM packages) may look
603 for MIB files in a different location, such as /etc/snmp/mibs - put
604 the new file in this directory instead. This makes it available for
605 everyone on the system.
606 The tools will also look for mibs in your personal $HOME/.snmp/mibs
607 directory, but this will only work for you.
609 The second command tells the tools to load in this new MIB file as well
610 as the default set. Note that the tools do *not* load every MIB found
611 in the directory - this is to avoid slowing them down excessively when
612 there is a large collection of MIB files. If you do want the tools to
613 load all the MIB files, set the environmental variable MIBS to the special
616 Note that the value for this variable is the name of the MIB module,
617 *not* the name of the MIB file. These are typically the same (apart
618 from the .txt suffix), but if in doubt, check the contents of the file.
619 The value to use is the token immediately before the word DEFINITIONS
620 at the start of the file. Of course, if you load 'ALL' mibs, then this
621 distinction is irrelevant.
623 Most of the tools (apart from 'snmptable') will work quite happily
624 without any MIB files at all, as long as you are prepared to work with
625 numeric OIDs throughout. The MIB files are only used for translating
626 between numeric and textual forms for queries and responses.
627 The same holds true for the agent - see the AGENT section for details.
631 Why can't I see anything from the agent?
632 ---------------------------------------
634 There are two main general causes of problems retrieving information
635 from the agent. Firstly, the variable (or variables) specified may
636 not be recognised by the tools as valid names. In this case, the
637 tools will typically reject the request without ever contacting the
640 Alternatively, the tool may be happy with the request, but the agent
641 does not return the corresponding value(s). It may return an explicit
642 error message instead, or the request may time out without any response
643 being sent back at all. The next few entries look at these in more detail.
647 Why can't I see values in the <INSERT ENTERPRISE HERE> tree?
648 -----------------------------------------------------------
650 Having said that there are two main reasons for not getting a response,
651 the most likely cause of this problem is actually something else again.
653 The 'snmpwalk' command takes a point in the overall MIB tree, and tries
654 to display all the values that lie within this subtree. However, it
655 actually does this by issuing a series of "getnext" requests, until
656 the variable returned lies outside the subtree of interest. If the
657 very first request returns such an undesired value, then the command
658 will terminate, without having displayed anything at all.
660 If an expicit starting point is given to 'snmpwalk', then it is reasonably
661 clear what is happening, and that there is simply nothing in the subtree
662 specified. However, if 'snmpwalk' is called without giving an explicit
663 starting point, then it will display the contents of the 'mib-2' subtree.
664 It will not attempt to traverse any 'private.enterprise' subtree, such as
665 the UCD-specific objects (including any local extensions).
667 To walk the whole tree, specify a starting point of '.iso'
668 To walk a specific enterprise subtree, specify the root of this as
669 the starting point - e.g:
671 snmpwalk -v1 -c public localhost ucdavis
673 Or, of course, you can walk a selected portion of an enterprise subtree
674 by specifying the appropriate starting point - e.g:
676 snmpwalk -v1 -c public localhost ucdavis.version
678 If you still can't see any information, keep reading. The next few
679 questions will probably help you.
683 Requests always seem to timeout, and don't give me anything back. Why?
684 ----------------------------------------------------------------------
686 There are a number of possible causes of this.
688 The most likely is a problem with access control - the agent is not
689 configured to allow you to access these variables. This is commonly
690 seen with community-based requests (i.e. SNMPv1 and SNMPv2). While
691 you might expect this to return an error, the specification of the
692 protocol actually defines this as not returning any response at all.
693 The tools will retry the request a number of times, and then report
696 See the entries on access control in the AGENT section for how to
697 configure the UCD agent to allow suitable access. For other vendors'
698 agents, you will need to consult the relevant documentation.
700 Other possibilities to check:
701 - is the machine you are querying up and running?
702 (does it respond to 'ping' or similar requests?)
703 - is there an SNMP agent running on it?
704 - is the agent simply taking a long time to respond?
705 (try again with a long timeout value - e.g. '-t 120')
706 - are there firewall or TCP wrapper settings that block this request?
707 (see the entry 'Why am I getting "Connection refused"?')
709 But the most likely cause is definitely access control settings.
713 I can see the system group, but nothing else. Why?
714 --------------------------------------------------
716 This is probably the same as the previous question - a problem with
717 the access configuration of the agent. Many pre-configured systems
718 (such as most Linux distributions) will only allow access to the system
719 group by default, and need to be configured to enable more general access.
721 The easiest way to test this is to try a GETNEXT request, that ought
722 to return the entry of interest.
724 snmpgetnext -v1 -c public localhost ucdavis.version.versionTag
726 snmpget -v1 -c public localhost ucdavis.version.versionTag.0
728 If the agent responds with "end of MIB" or a different object, then
729 either the agent doesn't implement that particular object at all, or
730 the access control won't allow you access to it.
732 See the entries on access control in the AGENT section for how to
733 configure the UCD agent, or consult the agent's own documentation.
737 The agent worked for a while, then stopped responding. Why?
738 -----------------------------------------------------------
740 Assuming that the agent hasn't crashed completely, the most likely
741 explanation is that it's simply overloaded, and is taking longer to
742 respond than the querying tool is waiting. Since the agent handles
743 each request in turn, without regard to earlier activity, and most
744 tools will retry a request when it times out, the list of outstanding
745 requests can grow longer and longer.
747 To determine whether this is the cause or not, try leaving the
748 agent undisturbed for a while, and then probe it using a longer
749 timeout (e.g. '-t 120'). This should give the agent time to handle
750 each request first time round, and avoids overloading it with
753 This is not a full solution, of course, but at least it should
754 allow you to isolate the offending portion of the tree. The
755 developers may then be able to offer a more long-term solution.
759 Requesting an object fails with "Unknown Object Identifier" Why?
760 ----------------------------------------------------------------
762 If a general snmpwalk shows the entry, but asking for it more
763 specifically gives a "sub-identifier not found:" or "Unknown Object
764 Identifier" error, then that's a problem with the tool, rather than
767 Firstly, make sure that you're asking for the object by the right name.
768 Object descriptors are case-sensitive, so asking for 'sysuptime' will
769 not be recognised, but 'sysUpTime' will.
771 Secondly, the object may be defined in a MIB that hasn't been loaded.
772 Try loading in all the MIB files:
774 snmpget -m ALL -v1 -c public localhost sysUpTime.0
776 (though if snmpwalk translates it OK, that's less likely to be the cause).
778 Thirdly, earlier versions of the UCD software expected "full" paths
779 for object names, either based at the root of the whole MIB tree
780 (".iso.org.dod.internet.mgmt.mib-2.system.sysUpTime") or the 'mib-2'
781 subtree ("system.sysUpTime"). Try:
783 snmpget -v1 -c public myhost system.sysUpTime.0
785 These earlier versions of the tools may take a command-line option '-R'
786 or '-IR' (depending on vintage) to invoke this "random-access" mode.
787 Note that snmptranslate still requires "random-access" to be specified
788 explicitly - all other command tools now use this mode by defaults.
790 All versions of the UCD tools accept the syntax
792 snmpget -v1 -c public myhost RFC1213-MIB:sysUpTime.0
794 to denote a particular object in a specific MIB module. Note that this
795 uses the name of the *module*, not the name of the file. See the second
796 question in this section for the distinction.
800 Why do I get "noSuchName" when asking for "sysUpTime" (or similar)?
801 ------------------------------------------------------------------
803 There are a number of possible causes of this (scattered throughout
804 this FAQ, so keep reading!). But one of the most likely snares for
805 the unwary is forgetting the instance subidentifier for 'non-table'
806 objects. If you walk the 'system' tree, you'll notice that all the
807 results (apart from the sysORTable), have a '.0' at the end of the OID.
808 This is the "instance sub-identifier" - which *must* be included for
810 Compare the following:
812 $ snmpget -v1 -c public localhost sysUpTime
814 Reason: (noSuchName) There is no such variable name in this MIB.
815 This name doesn't exist: system.sysUpTime
816 $ snmpget -v1 -c public localhost sysUpTime.0
817 system.sysUpTime.0 = Timeticks: (69189271) 8 days, 0:11:32.71
819 This is a little less obscure when using SNMPv2c or v3 requests:
821 $ snmpget -v 2c -c public localhost sysUpTime
822 system.sysUpTime = No Such Instance currently exists
826 Why do I sometimes get "End of MIB" when walking a tree, and sometimes not?
827 --------------------------------------------------------------------------
829 This depends on which MIB modules are supported by the agent you are
830 querying and what you're asking for.
832 Recall that a tree is walked by repeatedly asking for "the next entry" until
833 all the values under that tree have been retrieved. However, the agent has
834 no idea that this is what's happening - all it sees is a request for "the
837 If the object X happens to be the last entry in a sub-tree, the agent will
838 provide the next object supported (as requested) even though this will be
839 in a different subtree. It's up to the querying tool to recognise that
840 this last result lies outside the area of interest, and simply discard it.
842 If the object X happens to be the last entry supported by the agent, it
843 doesn't have another object to provide, so returns an "end of MIB"
844 indication. The UCD tools report this with the message above.
846 But in either case, the actual information provided will be the same.
850 I cannot set any variables in the MIB.
851 -------------------------------------
853 There are three possible reasons for this:
855 The majority of MIB objects are defined as "read-only" and inherently
856 cannot be changed via SET requests.
858 Of those that can in principle be changed, not all have been implemented
859 as such in this agent.
861 Even if SET support has been implemented, the agent may not be configured
862 to allow write access to this object.
864 The example configuration file shipped with the basic distribution only
865 allows write access for the local host itself (and a suitable community
866 name must be configured first).
867 Ready-installed distributions (such as those shipped with Linux) tend
868 to be configured with read-only access to part of the mib tree (typically
869 just the system group) and no write access at all.
871 To change this, you will need to set up the agent's access control
872 configuration. See the AGENT section for more details.
874 Note that neither the community string "public" nor "private" can be
875 used to set variables in a typical default configuration.
879 Variables seem to disappear when I try to set them. Why?
880 --------------------------------------------------------
882 This is actually the same as the previous question - it just isn't
883 particularly obvious, particularly when using SNMPv1. A typical
884 example of this effect would be
886 $ snmpget -v1 -c public localhost system.sysLocation.0
887 system.sysLocation.0 = somewhere nearby
889 $ snmpset -v1 -c public localhost system.sysLocation.0 s "right here"
891 Reason: (noSuchName) There is no such variable name in this MIB.
892 This name doesn't exist: system.sysLocation.0
894 Trying the same request using SNMPv2 or above is somewhat more informative:
896 $ snmpset -v 2c -c public localhost system.sysLocation.0 s "right here"
900 The SNMPv1 error 'noSuchName' actually means:
902 "You can't do that to this variable"
904 This might be because the variable doesn't exist, it does exist but
905 you don't have access to it (but someone else may do), or it exists
906 but you can't perform that particular operation (i.e. changing it).
907 Similarly, the SNMPv2 error 'notWritable' means "not writable in
908 this particular case" rather than "not writable under any circumstances".
910 If you are sure that the object is writable (and has been implemented
911 as such), then you probably need to look at the agent access control.
912 See the AGENT section for more details.
916 I still can't change sysLocation, though the access settings allow it. Why not?
917 -------------------------------------------------------------------------------
919 One other possibility for the 'sysLocation' and 'sysContact' objects,
920 is that you've got a configuration option in the 'snmpd.conf' file which
921 already sets the corresponding value there.
923 Earlier versions of the agent would allow you to write to these objects,
924 but the new value would be forgotten the next time the agent was re-started.
925 More recent versions of the agent reject such write requests if there's a
926 value set via the config file. If there isn't such a config setting, then
927 the write request will succeed (assuming the access settings allow it), and
928 the new value will be retained the next time the agent restarts.
932 I get an error when trying to set a negative value - why?
933 --------------------------------------------------------
935 This is a different problem. What's happening here is that the
936 routine that parses the arguments to the 'snmpset' command is seeing
937 the '-' of the new value, and treating it as a command-line option.
938 This normally generates an error (since digits probably aren't valid
939 command line option).
941 The easiest way to solve this is include the "end-of-option"
942 indicator '--' in the command line, somewhere before the new value
943 (but after all of the options, obviously). For example:
945 snmpset -v 2c -c public localhost -- versionRestartAgent.0 i -1
947 (This will also fail, since -1 isn't an acceptable value for this
948 object, but it will be rejected by the agent, rather than confusing
949 the snmpset command!)
953 I get an error when trying to get a string-indexed table value - why?
954 --------------------------------------------------------------------
956 This is probably due to the shell swallowing the quotes, before
957 they ever get to the SNMP command's OID parser. Try escaping them:
959 snmpget ..... vacmSecurityModel.0.\"wes\"
960 or snmpget ..... 'vacmSecurityModel.0."wes"'
964 How do I send traps and notifications?
965 ---------------------------------------
967 Traps and notifications can be sent using the command 'snmptrap'.
968 The following examples generate the generic trap 'coldStart' and a
969 (dummy) enterprise specific trap '99' respectively:
971 snmptrap -v 1 -c public localhost "" "" 0 0 ""
972 snmptrap -v 1 -c public localhost "" "" 6 99 ""
974 The empty parameters "" will use suitable defaults for the relevant
975 values (enterprise OID, address of sender and current sysuptime).
977 An SNMPv2 or SNMPv3 notification (either trap or inform) takes
978 the OID of the trap to send:
980 snmptrap -v 2c -c public localhost "" UCD-SNMP-MIB::ucdStart
981 snmptrap -v 2c -c public localhost "" .1.3.6.1.4.1.2021.251.1
983 (These two are equivalent ways of specifying the same trap).
985 Any of these commands can be followed by one or more varbinds,
986 using the same (OID/type/value) syntax as for 'snmpset':
988 snmptrap -v 2c -c public localhost "" ucdStart sysContact.0 s "Dave"
990 Generating traps from within the agent is covered in the AGENT and
993 You should also read the snmptrap tutorial at
994 http://www.net-snmp.org/tutorial-5/commands/snmptrap.html
995 which will help you understand everything you need to know about traps.
999 How do I handle traps and notifications?
1000 ---------------------------------------
1002 Handling received traps is done using the tool 'snmptrapd'.
1003 This can log these traps via the syslog mechanism:
1005 snmptrapd -s -l7 (log to 'LOCAL7')
1007 printed to standard output
1011 or pass them to an external command. This last approach uses
1012 a 'traphandle' directive in the configuration file 'snmptrapd.conf'.
1013 A typical file might look something like:
1015 traphandle .1.3.6.1.6.3.1.5.1 page_me up
1016 traphandle .1.3.6.1.4.1.2021.251.1 page_me up
1017 traphandle .1.3.6.1.4.1.2021.251.2 page_me down
1018 traphandle default log_it
1020 where 'page_me' and 'log_it' are the command to be run. (You probably
1021 need to specify full pathnames, to ensure that the commands will be
1022 found. They're just short here for readability).
1024 Note that the first entry uses the OID corresponding to the SNMPv1
1025 'coldStart' trap. See the co-existence RFC (RFC 2576) for details
1026 of mapping SNMPv1 traps to SNMPv2 OIDs.
1028 There's a tutorial with more details on the web site at
1029 http://www.net-snmp.org/tutorial-5/commands/snmptrap.html
1033 My traphandler script doesn't work when run like this - why not?
1034 ---------------------------------------------------------------
1036 If a traphandler script works fine when run manually from the
1037 command line, but generates an error when triggered by an incoming
1038 notification, then this is probably down to one of two likely causes.
1040 Firstly, the interactive shell environment may not be precisely
1041 the same as that for programs executed by the snmptrapd daemon.
1042 In particular, it's quite possible that the PATH environmental
1043 variable may not include all the additional directories that are
1044 commonly set up for a personal login configuration. To avoid this
1045 problem (particularly for traphandler shell scripts), it's worth
1046 giving the full path to all programs used within the script.
1048 Secondly, the snmptrapd daemon may not always recognise the
1049 appropriate interpreter to use for a particular trap handler.
1050 If this is the case, then you can specify this interpreter
1051 explicitly as part of the trap handle directive:
1053 traphandle default /usr/bin/perl /usr/local/bin/log_it
1055 Note that in this case, it's almost certain that you'll also
1056 need to give the full path to the traphandle script (as shown)
1060 The ucdShutdown trap OID received by my manager is wrong. Why?
1061 -------------------------------------------------------------
1063 This is due to the way that traps are converted between
1064 SNMPv1 and SNMPv2 formats. The algorithm used for converting
1065 from an SNMPv1 enterprise-specific trap number, to an SNMPv2
1066 trap OID results in a penultimate '0' subidentifier, before
1067 the trap number itself. The definition of the trap objects
1068 in the UCD-SNMP-MIB file does not include this subidentifier.
1070 In due course, the intention is to define a new set of MIB
1071 objects, under the 'net-snmp' enterprise tree. This will
1072 include new trap OIDs, which will be designed such that
1073 this problem does not arise in the future.
1077 Why does snmptrapd complain about AgentX?
1078 ----------------------------------------
1080 Starting from the v5 release, the trap handling daemon has
1081 implemented the notification logging aspects of the NOTIFICATION-MIB
1082 (RFC 3014). This is handled by the trap handler daemon registering
1083 as an AgentX subagent, to supply this statistical information.
1085 If there is no AgentX master agent available, this registration
1086 fails, generating the warning about "failed to connect to the agentx
1087 master". This warning only appears between version 5.0 and 5.0.4
1088 (in 5.0.4 and after the warning was silenced). This failure does
1089 not affect the main operation of the trap handler. It simply means
1090 that the nsmLog information won't be available for query via SNMP.
1092 Basically, this is a warning that can safely be ignored.
1096 How do I use SNMPv3?
1099 The simplest form of SNMPv3 request (unauthenticated, unencrypted)
1100 would be something like:
1102 snmpget -v 3 -l noAuthNoPriv localhost sysUpTime.0
1104 An authenticated request would specify a username and pass phrase:
1106 snmpget -v 3 -l authNoPriv -u dave -A "Open the Door"
1107 localhost sysUpTime.0
1109 A fully secure request would also specify the privacy pass phrase:
1111 snmpget -v 3 -l authPriv -u dave -A "Open the Door"
1112 -X "Bet you can't see me" localhost sysUpTime.0
1114 In practise, most of these would probably be set via configuration
1115 directives in a personal $HOME/.snmp/snmp.conf file (note, *not* the
1116 agent's snmpd.conf file). The equivalent settings for the third
1119 defSecurityName dave
1120 defSecurityLevel authPriv
1121 defAuthPassphrase "Open the Door"
1122 defPrivPassphrase "Bet you can't see me"
1124 If the AuthPassphrase and the PrivPassphrase are the same, then you
1126 defPassphrase "Open the Door and see me"
1129 For how to configure the agent to respond to SNMPv3 requests, see
1134 How big can an SNMP request (or reply) be?
1135 -----------------------------------------
1137 The protocol definition specifies a "minimum maximum" packet size
1138 (484 bytes for UDP), which all systems must support, but does not
1139 attempt to define an upper bound for this maximum size. This is left
1140 to each individual implementation.
1142 The UCD software uses a fixed size buffer of 1472 bytes to hold the
1143 encoded packet, so all requests and responses must fit within this.
1144 Unfortunately, it's not possible to predict how many varbinds this
1145 corresponds to, since it depends on the type and actual values being
1146 sent, as well as the corresponding OIDs.
1148 As a rule of thumb, sending 400 integer-valued varbinds seems to
1149 work OK, while 300 string-valued varbinds triggers an overrun.
1153 How can I monitor my systems (disk, memory, etc)?
1154 ------------------------------------------------
1156 In general, the UCD suite consists of relatively low-level tools,
1157 and there is nothing included that is designed for high-level,
1158 long-term monitoring of trends in network traffic, disk or memory
1161 There are a number of packages available that are designed for this
1162 purpose. Two of the most widely used are MRTG (http://www.mrtg.org/)
1163 and Cricket (http://cricket.sourceforge.net/). There are details of
1164 how to set up Cricket to monitor some of the UCD extensions at
1165 http://www.afn.org/~jam/software/cricket/
1167 We have also set up a page that describes in detail how MRTG
1168 can be set up to monitor disk, memory and cpu activity at
1169 http://www.net-snmp.org/tutorial-5/mrtg/index.html
1171 The net-snmp package contains a web based manager itself that
1172 runs on top of a mysql database, but it is extremely beta in
1173 nature. See the manager/README file for details.
1177 Applications complain about entries in your example 'snmp.conf' file. Why?
1178 --------------------------------------------------------------------------
1180 The example configuration file 'EXAMPLE.conf' is designed as a config
1181 for the agent, and should be installed as 'snmpd.conf' (note the 'd').
1182 The file 'snmp.conf' is intended for general configuration options,
1183 applicable to all applications (via the SNMP library).
1184 Rename (or merge) the 'snmp.conf' file to 'snmpd.conf', and this should
1186 Note that there is no example snmp.conf shipped with the standard
1191 OK, what should I put in snmp.conf?
1192 ----------------------------------
1194 This is used to set common configuration values for most of the
1195 applications, to avoid having to specify them every time. Examples
1196 include the SNMPv3 settings mentioned above, defaults for which MIBs
1197 to load and where from, and the default SNMP version, port and
1198 (if appropriate) the community string to use.
1200 Some of these (such as the MIB file location), might belong in a
1201 shared snmp.conf file (typically /usr/local/share/snmp/snmp.conf or
1202 /etc/snmp/snmp.conf) to apply to all users of the system. Others
1203 (particularly the SNMPv3 security settings), are more likely to refer
1204 to a particular user, and should go in a personal snmp.conf file
1205 (typically $HOME/.snmp/snmp.conf).
1207 Note that the UCD package does not come with an example snmp.conf file.
1208 See 'snmpget -H' and/or the snmp.conf(5) man page for more details.
1210 You can also use the "snmpconf" command to help you generate your
1211 snmp.conf configuration file (just run it and answer its questions).
1218 Where can I get the perl SNMP package?
1219 -------------------------------------
1221 Joe Marzot's excellent perl SNMP module, which requires the ucd-snmp
1222 library, is now included in the ucd-snmp source release. It's
1223 located in the perl/SNMP subdirectory of the ucd-snmp source tree.
1225 It can also be found at any Comprehensive Perl Archive Network
1226 (CPAN) site mirror in modules/by-module/SNMP. To find the CPAN site
1227 nearest you, please see http://www.cpan.org/SITES.html.
1229 With the v5 release of the Net-SNMP suite, this is now accompanied by
1230 a number of perl modules grouped together under the NetSNMP namespace.
1232 Consult the README file in the SNMP perl module distribution to find
1233 out what version of the ucd-snmp library it needs to be linked against.
1237 How do I install the Perl SNMP modules?
1238 --------------------------------------
1240 Assuming you have a reasonably new (and properly configured) perl system,
1241 this should be simply:
1244 or cd perl/SNMP (for 4.2.x)
1246 (press RETURN when prompted for host and community)
1249 make install (probably as root)
1251 Note that with the 5.0 release line, there are additional SNMP-related
1252 perl modules that should probably be installed as well. These can also
1253 be found under the 'perl' subdirectory. At the very least, install the
1254 'default_store' module.
1255 This is not necessary with the 4.2.x releases.
1259 But compiling this fails! Why?
1260 -----------------------------
1262 The perl module tends to delve quite deeply into the internals of the
1263 main UCD snmp library, and so is quite sensitive to changes within the
1264 library. It's important to use the correct version of the module, that
1265 corresponds to the version of the library you have installed. If you're
1266 working with the main UCD distribution, the appropriate version of the
1267 perl module is shipped as part of this, but you *must* have
1268 run "make install" on the main UCD distribution *first*.
1270 If you're working with a ready-installed version of the library, make
1271 sure you obtain a compatible version of the perl module.
1273 Note that the perl modules will be compiled using the compiler
1274 (and compiler settings) used for compiling the original perl binary,
1275 *not* those used for compiling the Net-SNMP (or UCD) library.
1276 If these are different (e.g. 'gcc' used for one and 'cc' for the other)
1277 then this may well cause problems. It's much safer to use a consistent
1278 environment for both. This issue is discussed in greater detail in
1279 the README.solaris file.
1281 Also note that the v5 Net-SNMP suite *must* be configured to provide
1282 shared libraries in order for the perl modules to work correctly. This
1283 is not necessary with the v4 UCD-SNMP libraries.
1287 Compiling the perl module works OK, but 'make test' fails. Why?
1288 --------------------------------------------------------------
1290 That's difficult to answer in general.
1291 Some of the perl tests are rather picky, so this may simply be
1292 some minor inconsistency between your precise setup, and the
1293 expectations of the test environment.
1295 Check that you are working with the perl distribution that matches
1296 the SNMP libraries (use the 'perl/SNMP' in preference to CPAN), and
1297 that you have installed the main libraries successfully (uninstall
1298 any old versions if you're having trouble).
1300 If all this looks OK, and if most of the tests pass, then it's
1301 probably safe to run 'make install' anyway. Probably.
1305 The perl 'make test' fails on the OID tests. Is it safe to continue?
1306 -------------------------------------------------------------------
1308 No. Almost certainly not. If the "perl/OID" tests fail the first
1309 four tests, and then crashes out complaining about a "netsnmp_oidPtr",
1310 then this is a sign of a more fundamental problem.
1312 The 4.2.x line perl support was a single module, so was independent
1313 of the way that the C library was configured. In contrast to this,
1314 the 5.0.x perl support consist of a number of inter-cooperating modules,
1315 which rely on sharing a consistent C library environment. In practise,
1316 this means that the perl modules *MUST* be configured and compiled using
1317 a shared version of the C library. Unfortunately, the default for
1318 most early versions of the Net-SNMP suite was to compile using static
1319 libraries unless explicitly configured to use shared libraries. The
1320 default should be to use shared libraries from 5.0.7 onwards.
1322 The error "oid1 is not of type netsnmp_oidPtr" is a fairly sure indication
1323 that the C library was compiled statically. You'll need to re-configure
1324 the main Net-SNMP package using the "--enable-shared" configure flag.
1325 Then re-install the C library before re-configuring and re-compiling
1326 the perl module support.
1328 Note that this problem does not arise when using the 4.2.x version
1333 I'm trying to use mib2c (or tkmib) and it can't locate SNMP.pm?
1334 ------------------------------------------------------------
1336 That's probably because the SNMP perl module hasn't been installed.
1337 It's not part of the standard perl distribution, nor is it installed
1338 by default in RedHat Linux (for example).
1339 You'll need to install it. See the previous two questions.
1343 I'm trying to use mib2c (or tkmib) and it can't load SNMP.so?
1344 ------------------------------------------------------------
1346 This is probably the same problem. Either the SNMP module
1347 hasn't been installed, or it's the wrong version. See the
1348 previous two questions.
1352 I'm trying to use tkmib and it can't locate Tk.pm?
1353 -------------------------------------------------
1355 Tk.pm is another Perl package that needs to be installed before tkmib
1356 will run. It's also available on Perl CPAN. We suggest using version
1357 "Tk800.011" or later. It can be installed by issuing the command:
1359 perl -MCPAN -e shell ; "install Tk"
1363 I've got a problem with the Net-SNMP module. Can you help?
1364 ----------------------------------------------------------
1366 Sorry, despite the similar-sounding name, the Net-SNMP (or Net::SNMP)
1367 module is nothing to do with this package, or the NetSNMP modules.
1368 Net::SNMP is a "pure-perl" implementation of SNMP support, developed
1369 by David Town. The developers of the (C-based) Net-SNMP suite do
1370 not have any significant experience in using this particular module,
1371 and you'll probably be better off asking for help via CPAN or some
1372 other perl-related forum.
1379 Where can I find a MIB compiler?
1380 -------------------------------
1382 That depends what you mean by a "MIB compiler". There are at least two
1383 types of tool that are commonly referred to by this name.
1385 The first is a tool to check MIB files for validity. The functionality
1386 of this is mostly integrated within the MIB parser (part of the UCD library)
1387 and hence included in all the applications. The tool 'snmptranslate' is
1388 probably the most appropriate for this purpose.
1389 Note that the parser is fairly forgiving (see 'What ASN.1 parser is used'
1390 below), so this should not be regarded as a stamp of approval.
1392 The second type of tool is one to turn a MIB specification into C code,
1393 specifically one designed to aid agent implementation. The command 'mib2c'
1394 is an example of such a tool for the UCD agent.
1395 See the CODING section for more information.
1399 I can't load any of the mib files, and they seem to be missing
1400 the first two characters of the filename. What's happening?
1401 -----------------------------------------------------------
1403 This is a problem experienced with Sun systems when the tools have
1404 been compiled with a mixture of BSD and Solaris environments.
1405 You'll need to re-configure and compile the tools, making sure that
1406 '/usr/ucb' is not in your PATH (or at least comes at the end).
1410 Why aren't my mib files being read in?
1411 -------------------------------------
1413 The UCD library only loads a subset of MIB files by default. This
1414 list is set at when the suite is first configured and compiled, and
1415 basically corresponds to the list of modules that the agent supports.
1416 (This is a simplification, but is a reasonable first approximation).
1418 You can override this by using the command-line option '-m', the
1419 environmental variable 'MIBS' or the snmp.conf directive 'mibs'.
1420 Each of these take a (colon-separated) list of MIB module names
1421 to load. Starting the list with a '+' character will add them to
1422 the default list - otherwise it replaces the defaults.
1424 Using the special value 'ALL' will load all the MIB files that
1425 the library can find.
1428 Alternatively, the tools may be looking in the wrong place.
1429 The default location for the mib files is /usr/local/share/snmp/mibs.
1430 Again, this is set when the suite is first configured and compiled.
1431 This can be changed using the environmental variable 'MIBDIRS'
1432 or the snmp.conf directive 'mibdirs'.
1434 Note that this may very well affect you if you've installed a
1435 new version of the suite manually, replacing one provided by the
1436 supplier (which typically would use a more 'central' location).
1439 Finally, are you sure that you've installed the MIB files?
1440 If you've compiled the suite from scratch, you need to run
1441 "make install" at least once, before the tools will be able to
1442 find the MIB files. This is unlikely to be a problem if you've
1443 been working with the tools for a while, but can bite those coming
1444 fresh to the SNMP world.
1448 I'm getting answers, but they're all numbers. Why?
1449 -------------------------------------------------
1451 This is actually the same as the previous question. Because the tools
1452 don't read in every MIB module they can find, it is quite possible
1453 for results from an agent to refer to modules that have not been loaded
1454 (particularly with GETNEXT requests, or when walking a tree).
1455 The tools will report the answer quite correctly, but won't translate
1456 identifiers and enumerations into readable strings. To fix this, use
1457 the environmental variables MIBS or MIBFILES (or the '-m' and '-M' flags)
1458 to read in the relevant module files.
1462 What does "Cannot find module (XXX-MIB)" mean?
1463 ---------------------------------------------
1465 This is similar to the previous questions. In this case, it's
1466 stating that it can't find the specified module - either because
1467 it's not installed properly, or the name used is subtly wrong.
1469 If it's just one or two modules that are not being found, check
1470 that the files are in the expected location, are readable, and the
1471 name being used is correct. Note that the name reported is the
1472 name of the MIB module, which is not necessarily the same as the
1473 name of the file. See the question 'How do I add a MIB to the tools?'
1474 for more details on this.
1476 If the tool is generating a whole slew of errors, then it's
1477 likely that either the MIB files haven't been installed at all,
1478 or the library is looking in the wrong place. See the previous
1483 What about "unlinked OID"?
1484 -------------------------
1486 This means that the library has been able to find the MIB module,
1487 and parse the individual objects defined in it, but is having problems
1488 linking them together into a consistent tree. In particular, it
1489 can't find an object corresponding to the name within the braces
1490 (i.e. the 'xxx' in '{xxx 99}').
1492 This is probably due either to a typo in this name (remember that
1493 names are case sensitive, so a reference to 'xxx' will *not* match
1494 a definition of 'Xxx'), or else the name is defined in another MIB
1495 file, and this dependency is missing from the IMPORT clause of this
1500 The parser doesn't handle comments properly. Why not?
1501 ------------------------------------------------------------
1503 The most likely reason is that the line in question contains two
1504 (or more) sequences of pairs of dashes. This is often used to try
1505 and "comment out" an unwanted line that already contains a comment:
1507 -- broken ::= { myMIB 1 } -- This isn't working yet
1509 The assumption here is that a comment continues to the end of the line.
1510 Unfortunately, this assumption is not correct.
1511 A comment will continue either to the end of the line, or the next
1512 occurance of a pair of dashes. Thus in this case, the definition of
1513 "broken" is commented out (as intended) but the following text is
1514 treated as part of the MIB, and will generate an error.
1516 A similar effect can be obtained when a line of dashes has been used
1517 to try and mark separate parts of a MIB file.
1519 Most of the applications have a command-line option (-Pc) which will
1520 work around this problem by treating the whole line as a comment. But
1521 this is not strictly legal, and the offending MIB file should really be
1526 How do I replace MIB values with new ones?
1527 -----------------------------------------
1529 The UCD parser generally takes the first definition it sees for each
1530 object in the MIB hierarchy. Even if you specify your file to be read
1531 first, if the IMPORTS clauses reference a MIB with competing objects,
1532 those objects will be parsed first.
1534 When specifying the Replace MIB command-line option (-PR), the parser
1535 will use definitions sourced from the most recent MIB file.
1536 The parser will replace MIB objects when the sub-identifier and name match.
1538 Caution: Using Replace MIB, there is NO guarantee that the resulting
1539 MIB tree will be correct. Other MIB objects matching the name but
1540 not the sub-identifier will persist. Sub-hierarchies may be reparented.
1541 In particular, random access searching [see man 1 snmpcmd]
1542 may give unexpected result.
1543 The Replace MIB option is experimental, buyer beware, carpe diem, etc.
1545 Here are a few considerations to help you obtain good results.
1546 These hold true even if you never use the Replace MIB feature.
1547 Your suggestions for improvement are welcomed.
1549 1. The parser searches the specified directories and attempt
1550 to parse every file whose path does not begin with "." (period).
1551 Remove (or rename) older MIB files from these directories.
1552 Rename "README" to ".README" , etc.
1554 2. Hint: the parser's module list is in LIFO order. You may see better
1555 results if the directory with the most correct MIB files is
1556 specified last in the MIBDIRS environment.
1558 3. Constrain the parser to not read in default MIB files by setting
1559 the MIBS environmental variable to the appropriate separator character
1560 (semi-colon on win32, colon everywhere else).
1561 Setting this to "" may also have the same effect.
1563 4. The MIBFILES environment can specify the path of the new MIB file.
1565 Within a program, the call:
1567 ds_set_boolean(DS_LIBRARY_ID, DS_LIB_MIB_REPLACE, 1 | 0);
1569 or, if using the 5.0.x series code:
1571 netsnmp_ds_set_boolean(NETSNMP_DS_LIBRARY_ID,
1572 NETSNMP_DS_LIB_MIB_REPLACE, 1 | 0);
1574 will enable or disable the Replace MIB feature respectively.
1575 If you're having problems loading a particular MIB file, this
1576 call can be used to disable this feature, before using read_mib() to
1577 load the required file, and then re-enabling the Replace MIB feature.
1578 (or vice versa, as appropriate).
1582 How can I get more information about these MIB file problems?
1583 ------------------------------------------------------------
1585 The command 'snmptranslate' is used to translate between numeric
1586 and symbolic forms of OIDs. It uses the same routines as the
1587 'active' commands, but does not rely on communicating successfully
1588 with a network management agent. As such, it is a useful tool
1589 for identifying problems with reading in MIB files.
1591 In particular, the following options may be useful in
1592 identifying problems:
1593 -Pw warns about conflicting symbols
1594 -PW prints more verbose warnings about other problems as well
1595 (in both cases, ignore the 'xmalloc' reports)
1596 -T provides sub-options for various views of these entries
1598 There are other '-P' options to control various aspects of MIB parsing.
1599 See the 'snmptranslate(1)' and 'snmpcmd(1)' man pages for more details,
1601 http://www.net-snmp.org/tutorial-5/commands/snmptranslate.html
1605 What's this about "too many imported symbols"?
1606 ---------------------------------------------
1608 Any MIB file starts with an (optional) list of identifiers that
1609 it "imports" from other files. The parser implements this using
1610 a fixed size buffer to hold the import information.
1611 There are two circumstances in which this can result in the
1612 error message shown above.
1614 Firstly, if the MIB file refers to an unusually large number
1615 of external identifiers. Handling this case requires a (trivial)
1616 patch to the parsing code. Contact the coders list for advice.
1617 (This is extremely rare - the only example that
1618 we've come across is the Cabletron Trap MIB).
1620 Much more common is a syntax error in the IMPORTS clause of the
1621 MIB file in question. In particular, check that this ends in a
1622 semicolon, before going on to the main definition section.
1629 What MIBs are supported?
1630 -----------------------
1632 The following MIBs are supported (at least in part and on some systems):
1634 - MIB-2 General network statistics (RFC 1213)
1635 - UCD agent extensions
1636 (processes, disks, memory, load average,
1637 shell commands, error handling)
1638 - Host Resources (RFC 1514) initial implementation
1639 - SNMPv3 MIBS (RFCs 2571-6)
1641 The SNMPv2 Party and Manager-to-Manager MIBs (RFCs 1447 & 1451) have been
1646 What protocols are supported?
1647 ----------------------------
1649 The agent supports all three current versions of SNMP (v1, v2c and v3),
1650 over both UDP and TCP transports, as well as a SMUX (RFC 1227) master
1651 agent, AgentX (RFC 2257 ) in both master and subagent roles, and SNMP
1656 How do I configure the agent?
1657 ----------------------------
1659 That depends on what you want it to do. See the snmpd.conf(5) manual
1660 page for the possibilities.
1662 You can also run the "snmpconf" perl script to help you create this
1663 file. Start off with 'snmpconf -g basic_setup' to get you going.
1667 How do I add a MIB to the agent?
1668 -------------------------------
1669 How do I add functionality?
1670 --------------------------
1672 While simply adding a file to the MIB directory (and possibly tweaking
1673 the list of MIBs to load) is sufficient for the tools, unfortunately
1674 extending the functionality of the agent to include this is not so simple.
1675 In fact, the agent makes little or no use of these files, and will work
1676 quite happily without them. All the information about the syntax and
1677 scope of the variables supported is hardwired into the implementation
1680 There are a number of alternative ways to add functionality for a new
1683 Firstly, it is possible that the agent distribution already includes
1684 the desired functionality, but this has simply not been configured in
1685 to the running version. This is done using the configure option
1686 --with-mib-modules="list"
1687 (where "list" is a space-separated list of modules to include) then
1688 recompiling the agent.
1689 Note that some functionality concerned with monitoring and managing
1690 unix hosts is included in the UCD extension modules, which are located
1691 within the 'private' branch of the MIB tree. This is covered in a later
1692 question in this FAQ.
1694 Secondly, it is possible for the agent to run commands or shell scripts
1695 in response to queries. These can obtain and report the necessary
1696 information, or perform actions as required.
1697 Detailed information and examples are provided in the snmpd(8) and
1698 snmpd.conf(5) manual pages, and the EXAMPLE.conf file.
1699 This is known as "pass-through" support.
1701 Thirdly, it may be possible to link another agent (which already
1702 supports the desired MIB), as a "subagent" of the UCD master (or
1703 vice versa). The possibilities here are SMUX, AgentX or proxied
1704 SNMP (see the next question but one).
1706 Finally, the agent itself can be extended to support additional MIB
1707 groups, by writing the necessary C code, and including this within
1708 the main agent - either statically compiled in, or dynamically loaded.
1709 This is covered further in the next section.
1711 Note that there is no visible difference between 'pass-through'
1712 MIB support, subagents, and modules implemented within the main agent
1713 itself. Tools querying the agent will see a single MIB structure.
1717 What's the difference between 'exec', 'sh' and 'pass'?
1718 -----------------------------------------------------
1720 'exec' will fork off the specified command and return the exit status
1721 and/or the output. Arguments are passed directly to the command.
1723 'sh' is similar, but invokes a shell to run the command line given.
1724 This means that quoted arguments will be recognised as such, and also
1725 allows redirection, and other similar shell interpretation.
1727 Neither of these mechanisms require the command to have any knowledge
1728 of the fact that they are being used in this manner. Note that return
1729 values are cached within the agent for 30 seconds, rather than invoking
1730 the command for every request.
1733 'pass' is a more general mechanism for extending the agent, and the
1734 command given will be invoked for any request within the specific MIB
1735 subtree. Details of precisely how this command will be called in
1736 various circumstances is given in the 'snmpd.conf(5)' man page.
1738 'pass-persist' is similar, but the command will continue running
1739 even once the initial request has been answered.
1741 See 'snmpd.conf(5)' for more details.
1745 What's the difference between AgentX, SMUX and proxied SNMP?
1746 -----------------------------------------------------------
1748 All three are protocols that can be used to make two or more agents
1749 appear as one to the querying application. In each case, one agent
1750 takes the role of "master", and delegates requests to one of the others
1751 as and where this is appropriate. The differences between them mainly
1752 relate to how data is represented, and the mechanisms for communication
1753 between master and subagents.
1755 SMUX and proxy SNMP both essentially use the standard SNMP packet format.
1756 The main difference is that a proxy SNMP subagent need not be aware that
1757 it is acting in such a role. It typically listens on a non-standard port,
1758 and simply receives requests as usual, forwarded from the master agent.
1759 The main issue to be aware of is that such requests will usually appear
1760 to come from the local host, and this may affect how the access control
1761 mechanisms need to be set up.
1763 SMUX uses a similar packet format, but the subagent "registers" with
1764 the master agent, providing a suitable password. The UCD agent includes
1765 the possibility of acting as a SMUX master agent, but the suite does not
1766 include a subagent API. Note that the SMUX protocol has essentially
1767 been superceded by AgentX, but is still provided in order to support
1768 existing SMUX subagents.
1769 See the file 'agent/mibgroup/README.smux' for details.
1771 AgentX uses a more compact (and simpler) packet format, with a richer
1772 range of administrative commands, and provides a more flexible and reliable
1773 extension mechanism. The UCD agent can be used in both master and subagent
1774 roles, and the agent library can also be used to embed an AgentX subagent
1775 within another application.
1776 See the file 'README.agentx' for details.
1778 Note that support for SMUX is not configured in by default. You will
1779 need to run configure with the option
1781 --with-mib-modules=smux
1783 Starting from release 4.2.1, AgentX support is now included by default,
1784 but needs to be explicitly activated in the master agent. Do this by
1789 to the snmpd.conf file before starting the agent. Note that there are
1790 a number of known problems with the AgentX support in the 4.x line, and
1791 this should not be used on production systems. The 5.0 AgentX support
1792 has been significantly improved, and production use is less foolhardy.
1793 See README.agentx for details.
1797 What about 'dlmod' - what's that about?
1798 --------------------------------------
1800 Dynamically loaded modules are a means of including a MIB implementation
1801 module within the main SNMP agent (or an AgentX subagent) without needing
1802 to re-compile and re-link the agent binary. Instead, details of the
1803 module(s) to load are specified in the configuration file, and the agent
1804 locates the files listed, and merges them in at run time.
1806 See http://www.net-snmp.org/tutorial-5/toolkit/dlmod/ for more information.
1813 That's a difficult question.
1815 Comparing the three protocols, SNMP was not originally designed
1816 as an internal subagent-communication protocol, and there are
1817 certain architectural limitations to SMUX, which were addressed
1818 as part of the design of AgentX. These include such aspects as
1819 reliable handling of SET requests (particularly in the face of
1820 failures), a common value for sysUpTime, and a mechanism for
1821 sharing tables across multiple subagents.
1822 So from a purely functional point of view, AgentX is the most
1823 appropriate choice for subagent communication.
1825 In terms of implementation, SMUX is the most mature of the three,
1826 but is no longer being actively maintained. The original author
1827 has moved on, and the current developers don't use this facility.
1828 It also only includes master agent support - the package does not
1829 provide a SMUX sub-agent API.
1830 The AgentX support in the 4.x line has a number of known problems,
1831 and is not suitable for use in front-line situations (though it's
1832 probably sufficiently stable and functional for simple day-to-day
1833 use). The 5.0 agent has seen a significant amount of development,
1834 and is a much more reliable beast.
1835 Bear in mind that the AgentX and proxy SNMP implementations are
1836 relatively new code, so have not received the same level of active
1837 service that the core agent has. But with that caveat, either of
1838 these options should be suitable for most use.
1840 This decision will probably be dictated by external considerations
1841 (i.e. the other agents you need to combine with). Ideally, you
1842 should be looking towards AgentX, but this is not always possible.
1844 Dynamically loaded modules serve a somewhat different purpose,
1845 and are purely concerned with how the individual MIB implementation
1846 modules are located. These can be combined with either a "pure SNMP"
1847 model, an AgentX subagent or a proxied SNMP agent. They will involve
1848 a slightly greater load on agent start-up (plus an extra level of
1849 complexity if things go wrong) - balanced against the ability to
1850 avoid re-compiling and re-linking a working binary.
1852 Note that as far as individual MIB modules are concerned, the
1853 protocol used to transport the request is more or less irrelevant.
1854 The same information is being requested (or set) each time, so
1855 a MIB module ought to be protocol-independent. This was one of
1856 the design aims of the AgentX support, and the exact same module
1857 code can be included as part of a pure-SNMP master agent, or an
1858 AgentX subagent, either compiled in or dynamically loaded with no
1859 modifications needed to the MIB module code itself.
1863 Can I use AgentX when running under Windows?
1864 -------------------------------------------
1866 Yes, but there are a couple of things to be aware of.
1868 Firstly, by default the AgentX master listens on the Unix domain
1869 socket '/var/agentx/master', which doesn't work under Windows.
1870 You'll need to tell it to listen on a TCP port, either by using
1871 the command-line option "-x localhost:705", or by adding the
1872 directive "agentxAddress localhost:705" to the snmpd.conf file.
1874 Secondly, be aware that the security of AgentX connectivity is not
1875 particularly strong. The examples given here would allow any process
1876 running on the local machine to register as an AgentX subagent. The
1877 more obvious settings "-x 705" or "agentxAddress 705" would allow
1878 a system *anywhere* on the network (or even from remote networks) to
1879 register as an AgentX subagent. This could potentially be used to
1880 hijack the agent, or provide false information.
1884 How can I run AgentX with a different socket address?
1885 ----------------------------------------------------
1887 There are two sides to an AgentX connection, and they need to
1888 agree about which socket address to use. So if you want to use
1889 a different socket, you need to configure both sides accordingly.
1891 For the Net-SNMP master agent, this is done using the command-line
1892 option '-x'. The command
1893 "snmpd -x localhost:705 ...."
1894 would start the agent listening on the TCP port 705 for connections
1895 from the local system.
1897 The main Net-SNMP agent can also be run in a "subagent" mode, and
1898 this uses the same command-line option to specify a different
1900 "snmpd -X -x localhost:705 ...."
1901 would start it as a subagent, and connect to the master agent
1902 listening on TCP port 705 on the same system.
1904 A subagent running embedded within some other application will
1905 typically not understand the same command-line options. This
1906 will need to set the same configuration programmatically.
1907 For example, the example subagent driving code from the Net-SNMP
1908 "subagent program" tutorial (on the project web pages) could
1909 be made to connect to the same TCP port by adding the line
1910 netsnmp_ds_set_string(NETSNMP_DS_APPLICATION_ID,
1911 NETSNMP_DS_AGENT_X_SOCKET, "localhost:705");
1912 before the 'init_agent' call.
1914 However, see the mention of AgentX security (or the lack of it!)
1915 in the previous entry.
1919 How can I combine two copies of the 'mib2' tree from separate subagents?
1920 -----------------------------------------------------------------------
1922 With the 4.x line agent, you can't. Sorry about that.
1924 With the 5.0 agent, this is possible by using the SNMPv3 context string
1925 to distinguish between parallel MIB trees. This can be set up for an
1926 individual MIB implementation module when it registers itself with the
1927 main agent framework (either directly, or via AgentX). It can also
1928 be set up for a proxied subagent as part of the proxy configuration
1929 entry (see 'snmpd.conf(5)').
1930 This facility is not currently available for SNMPv1 or SNMPv2c
1931 requests (although it ought to be possible to use the community
1932 string in a similar way).
1934 Another way to handle this would be to tweak one of the subagents to
1935 use a different set of (non-standard) OID assignments - perhaps by
1936 relocating the whole of the subtree to another (private) OID. This
1937 is not ideal, but should work with all configurations.
1941 What traps are sent by the agent?
1942 --------------------------------
1944 The agent sends a 'coldStart(0)' trap when it first starts up, and a
1945 UCD-specific trap 'ucdShutdown' when it stops. It can also be configured
1946 to send an 'authenticationFailure(4)' trap when it receives an SNMPv1
1947 request using an unknown community name. It does not currently generate
1948 either 'coldStart(0)' or 'warmStart(1)' traps on being re-configured,
1949 though this would be fairly simple to add. (The main difficulty would
1950 be determining whether the configuration had changed or not).
1952 The agent does not send 'linkUp' or 'linkDown' traps. Nor does it
1953 generate traps when one of the monitored characteristics (disk usage,
1954 running processes, etc) enters or leaves an error state. Generating such
1955 traps would be simple enough, but the difficulty is in recognising when
1956 they should be generated. See the question on generating traps in the
1957 CODING section for more discussion of this.
1959 With all these alerts, the agent also needs to be configured with
1960 (one or more) destinations to send them to, specifying the type of
1961 notification (v1 or v2 trap, or v2 inform) and the community name to
1962 use. This uses the snmpd.conf directives 'trapsink', 'trap2sink' and
1963 'informsink' for the destination type, and 'trapcommunity' for the
1964 community name. SNMPv3 destinations can be configured using the directive
1965 'trapsess'. See the snmpd.conf man page for details.
1967 Note that all notifications will be sent to all destinations. The
1968 agent does not (currently) support notification filtering.
1972 How can I send a particular trap to selected destinations?
1973 ----------------------------------------------------------
1975 With the 4.2.x agent, this isn't possible (or at least not
1976 easily). When you request the agent to generate a trap (using
1977 either 'snmp_v2trap' or 'snmp_easy_trap'), this will be send
1978 to all the known destinations.
1980 The 5.0 agent introduces preliminary support for the
1981 snmpNotifyFilterTable which is designed to allow this sort of
1982 selective trap direction, though this is not currently active.
1983 (The tables are present, but the information is not consulted)
1984 Documentation on how to use this facility will appear once the
1985 functionality is working properly.
1989 Why does calling 'snmp_v2trap' generate an SNMPv1 trap (or vice versa)?
1990 ----------------------------------------------------------------------
1992 The two versions of the trap API calls are concerned with how
1993 the trap is represented when it is passed *in* to the API, not
1994 the version of the trap PDU that will actually be generated by
1995 the agent. That is determined by the configuration token used
1996 to set up the trap destination.
1998 Remember that in general, all traps are sent to all destinations.
1999 This means that a trap specified using the SNMPv1 trap syntax
2000 needs to be converted to the SNMPv2 format before it can be sent
2001 to an SNMPv2 (or SNMPv3) destination. Similarly, a trap specified
2002 using the SNMPv2 syntax needs to be converted to the SNMPv1 format
2003 before it can be sent to an SNMPv1 sink.
2005 Essentially, the API call to use depends on what you asking for,
2006 which is not necessarily what the recipients will actually get!
2010 When I run the agent it runs and then quits without staying around. Why?
2011 -----------------------------------------------------------------------
2013 Firstly, are you certain that this is what is happening?
2015 The normal operation of the agent is to 'fork' itself into the
2016 background, detaching itself so that it will continue running even
2017 when you log out, and freeing the command line for subsequent use.
2018 This looks at first sight as if the agent has died, but using 'ps'
2019 to show all processes should reveal that the agent is still running.
2021 To prevent this behaviour (such as when attempting to debug the
2022 agent), you can start it with the '-f' flag. This suppresses the
2023 fork, and the agent will run as a 'normal' command. It's also often
2024 useful to use the '-L' flag, to log messages to stdout.
2026 On the other hand, if 'ps' shows that the agent is not running, then
2027 this is an error, and probably show that something went wrong in
2028 starting the agent up. Check the agent log file for any error messages,
2029 or run it with '-f -L' and see what it reports.
2031 One known example of this is the 'ucd-snmp' RPM distributed by RedHat.
2032 This agent crashes if there is a 'disk' configuration entry in the
2033 snmpd.conf file. It is not currently known what causes this, as this
2034 setting works correctly if the agent is compiled from source.
2038 After a while the agent stops responding, and starts eating CPU time. Why?
2039 --------------------------------------------------------------------------
2041 This is most commonly seen when performing an "snmpwalk" on an agent
2042 that's either using a default "vendor provided" configuration
2043 (typically access to the 'system' group only), or which is trying
2044 to restrict access for individual users or communities to a subset
2045 of the whole OID tree.
2047 The agent implementation of "GetNext" processing is relatively
2048 inefficient when dealing with inaccessible objects, and it is quite
2049 easy for the clients to time-out and retry a request, while the agent
2050 is still trying to process the original. If this happens continually
2051 (as is typically the case with an snmpwalk), the agent can get swamped
2054 The 5.0.x line has now addressed this, starting with the 5.0.7 release.
2055 The 4.2.x line still suffers from this problem, and it is unlikely that
2056 this will be fixed. (The 5.0.7 approach relies on some of the new
2057 features in the 5.0.x line, and it has not proved possible to apply
2058 this to the 4.2.x code base).
2062 How can I stop other people getting at my agent?
2063 -----------------------------------------------
2065 Firstly, are you concerned with read access or write access?
2067 As far as changing things on the agent is concerned, there is relatively
2068 little that can actually be altered (see the answer to " I cannot set
2069 any variables in the MIB" above).
2071 If you are using the example config file, this is set up to allow
2072 read access from your local network, and write access only from the
2073 system itself (accessed as 'localhost'), both using the community name
2074 specified. You will need to set appropriate values for both NETWORK
2075 and COMMUNITY in this file before using it.
2076 This mechanism can also be used to control access much more precisely.
2077 (see the next questions for details)
2079 Other options include:
2080 - Blocking access to port 161 from outside your organisation
2081 (using filters on network routers)
2082 - Configuring TCP wrapper support ("--with-libwrap")
2083 This uses the TCP 'libwrap' library (available separately)
2084 to allow/deny access via /etc/hosts.{allow,deny}
2086 For strict security you should use only SNMPv3, which is the secure
2087 form of the protocol.
2091 How can I listen on just one particular interface?
2092 -------------------------------------------------
2094 Normally, the agent will bind to the specified port on all interfaces
2095 on the system, and accept request received from any of them. With
2096 version 4.2, the '-p' option can now be used to listen on individual
2097 interfaces. For example,
2099 snmpd -p 161@127.0.0.1
2101 will listen (on the standard port) on the loopback interface only, and
2103 snmpd -p 6161@10.0.0.1
2105 will listen on port 6161, on the (internal network) interface with address
2106 10.0.0.1. If you want to listen on multiple interfaces (but not all),
2107 then simply repeat this option for each one:
2109 snmpd -p 161@127.0.0.1 -p 6161@10.0.0.1
2111 The 5.0 agent has a similar facility, but does not use the '-p' command
2112 line option flag. Instead, the ports and/or interfaces to listen on are
2113 simply listed on the command line, following any other options. Also,
2114 the syntax of port and interface is slightly different (interface:port).
2115 So the three examples above would be
2118 snmpd 127.0.0.1:6161
2119 snmpd 127.0.0.1:161 127.0.0.1:6161
2121 The AgentX port option ('-x') works in much the same way, using the
2122 "host:port" syntax (in both 4.2 and 5.0 lines - and yes, this *is* an
2123 inconsistency in 4.2!)
2127 How do I configure access control?
2128 ---------------------------------
2130 The simplest way is to use the configure directives:
2132 rocommunity public (for SNMPv1/2c)
2135 rouser user1 (for SNMPv3)
2138 These specify the community names or security names to accept for
2139 read-only and read-write access to the whole of the supported MIB tree.
2140 (Obviously you should change these names to match your requirements -
2141 which is a particularly good idea in the case of 'rwcommunity'!)
2143 These can also be restricted to particular subtrees, and/or request
2144 sources. Similarly, the configure directives 'rouser' and 'rwuser'
2145 can be used to allow the specified SNMPv3-authenticated users access
2146 to all or part of the MIB tree. See 'snmpd.conf(5)'.
2148 These are effectively wrappers round the core access control
2149 mechanisms. This uses four directives 'com2sec', 'group', 'view'
2150 and 'access', and provides a more efficient and flexible control
2151 over who can access what portions of the tree.
2153 See the next question for the gory details, and the entry after
2154 that for setting up SNMPv3 users.
2158 I don't understand the new access control stuff - what does it mean?
2159 -------------------------------------------------------------------
2161 The idea behind the new access control model is to give a more flexible
2162 way of specifying who can see and do what within the MIB tree.
2163 It's more complicated to understand than the simple example above, but
2164 that's because it can do a whole lot more.
2166 There are four configuration keywords in the new scheme:
2167 'com2sec', 'group', 'view', and 'access'
2169 We'll consider these one at a time, starting with 'access'.
2170 (Because I feel like starting with the last one, that's why - OK?)
2173 The "access" keyword has the job of specifying who has access to
2174 which bits of the MIB tree. This has eight parameters, so can look
2175 rather offputting. Most of these can be safely left with default values
2176 in most cases (so don't you worry your pretty little head about them).
2179 access {group} "" any noauth exact {read-tree} {write-tree} {notify-tree}
2181 where the entries in braces need to be defined elsewhere (I'm coming
2182 to that - be patient!), and the rest can be left as shown here.
2184 [ If you really want to know, the 'sec.model' field can be used
2185 to have an access line that's only relevant to particular
2186 versions of SNMP (such v1 or v2c) rather than "any" version,
2187 and the 'sec.level' field can be used to ensure that the
2188 request is authenticated or encrypted.
2189 You'll have to ask Niels about the other two!]
2192 The "view" keyword is used to define particular bits of the MIB tree,
2193 for use in the last three field of the access entry.
2196 view {name} included/excluded {subtree} {mask}
2198 where {name} is the identifier to be used for this view (i.e. what should
2199 appear in the access entry), and {subtree} is the portion of the MIB tree
2200 that this name refers to (in either numeric or named form).
2201 Note that the name of the view does not have to have anything to do
2202 with the MIB sub-identifier names - it's purely an identifying tag for
2203 use within the config file (though choosing a meaningful name is, as
2204 always, a very good idea).
2206 The {mask} field can be used to control which elements of the OID subtree
2207 should be regarded as relevant when determining which view an OID is in.
2208 Normally, the whole of the OID should be included, and in this case the
2209 mask field can be omitted. See snmpd.conf for a description of how this
2211 The third field can be used to include or exclude particular portions
2212 of the MIB from the view, and different lines can use the same view name
2213 to build up a more complicated view, if that's what's needed.
2215 The three view fields in the access line are used to control which
2216 portions of the MIB tree a particular {group} can see (GET et al),
2217 alter (SET), or request NOTIFYs on.
2221 That's dealt with the "what" - now for the "who".
2222 This is the role of the "group" and "com2sec" entries.
2224 The "group" keyword gives general control, by mapping between a "security
2225 name" (for a particular protocol version), and the internal name used in the
2226 access line. Note that the token "any" is no longer acceptable for the
2227 security model - the original support for this was due due to a misreading
2228 of the RFC. You should replace any such line with separate versions for
2229 each of the desired security models ('v1', 'v2c' & 'usm').
2231 For SNMPv1 and SNMPv2c, the group line is just an intermediate step
2232 between the "access" line and the "com2sec" line, which is the last bit
2233 of the jigsaw. The "com2sec" entry is used to determine a "security name"
2234 from the traditional community string, taking into account where the request
2235 has come from. Thus the same community string can give access to different
2236 portions of the tree, depending on where the request is sent from.
2238 For example, in an earlier version of the example config file, there
2239 were two com2sec lines with the community string "public" - one was valid
2240 from anywhere (with the security name "public") and one was only valid
2241 from the local network (using the security name "mynet").
2242 The group lines converted these security names into the groups "public"
2243 and "mygroup" respectively, and the access lines gave these two groups
2244 the ability to GET values in the 'system' sub-tree (from anywhere) or
2245 the 'mib-2' sub-tree (from the local network). Neither of these could
2246 SET any values though, (since the write-tree was "none" in both cases).
2247 Someone on the local machine, using the community string "private",
2248 had the security name "local" and the group name "local", and hence had
2249 full access (both GET and SET, as well as NOTIFY) to the whole of the
2250 MIB tree (or at least everything under .1, which covers most things!)
2252 Note that the three occurrences of "public", as community string,
2253 security name and group name, were three totally separate things.
2254 You can't use a community string in a security name field, or either
2255 of these as a group name (or vice versa), unless you set up suitable
2256 entries to map one name onto the other.
2258 With SNMPv3, the security name is part of the basic protocol, and can
2259 be used directly in a group definition.
2261 And here concludes our tour of the view-based access control mechanism.
2266 How do I configure SNMPv3 users?
2267 -------------------------------
2269 Create a file /var/ucd-snmp/snmpd.conf file, containing the line
2271 createUser {myUser} MD5 {myPassword} DES
2273 (where {myUser} and {myPassword} are the appropriate values, _without_
2274 the braces!). Then start (or re-start) the snmpd agent.
2275 This will create the new user. See the access control entries above
2276 for how to use this, and the file 'README.snmpv3' for more details.
2280 The 'createUser' line disappears when I start the agent. Why?
2281 -------------------------------------------------------------
2283 That's deliberate. The agent removes the (human-readable) 'createUser'
2284 directive, and replaces it with an equivalent 'usmUser'. This
2285 contains the same information, but in a form that's only meaningful
2286 internally. This means that the password is not longer stored in
2287 a human-readable form. Additionally, the password has been converted
2288 to a key that can only be used to access the local machine. If someone
2289 stole the new usmUser line on this machine, they could not use that
2290 information to access any of your other agents.
2294 What's the difference between /var/ucd-snmp and /usr/local/share/snmp?
2295 ---------------------------------------------------------------------
2297 Most "static" agent configuration should go in the traditional location
2298 (typically /usr/local/share/snmp/snmpd.conf or /etc/snmp). The
2299 /var/ucd-snmp (or /var/net-snmp) location is used for information set during
2300 the running of the agent, which needs to be persistent between one run of
2301 the agent and the next.
2303 Putting the 'createUser' line in this persistent file is an exception,
2304 for security reasons (see above). In general you shouldn't need to put
2309 My new agent is ignoring the old snmpd.conf file. Why?
2310 -----------------------------------------------------
2312 The most likely explanation is that the new version of the agent is
2313 looking in a different location than the previous one. This is commonly
2314 experienced when replacing a ready-installed version (e.g. from a Linux
2315 distribution), with the current release installed from the source.
2317 The default location for this file with the basic distribution is
2318 /usr/local/share/snmp/snmpd.conf (or PREFIX/share/snmp/snmpd.conf).
2319 Ready-installed versions often look for the file as /etc/snmpd.conf,
2320 or /etc/snmp/snmpd.conf. Try moving the old config file to the new
2321 location, and restart the agent.
2323 With release 5.0, the name of the package is changing from "ucd-snmp"
2324 to "net-snmp", and this change is reflected in the name of the persistent
2325 /var directory. So a 5.0 agent will not look in /var/ucd-snmp/snmpd.conf
2326 for settings from a previous (UCD) agent.
2330 Why am I getting "Connection refused"?
2331 -------------------------------------
2333 This is actually nothing to do with the access control mechanism
2334 (though that's an understandable mistake). This is the result of
2335 the TCP wrapper mechanism using the files 'hosts.allow' and 'hosts.deny'
2336 to control access to the service. Some distributions may come with
2337 this enabled automatically - otherwise you need to select it explicitly
2338 by configuring using '--with-libwrap'.
2340 The simplest way to avoid this problem is to add the line
2344 in the file /etc/hosts.allow (or wherever this file is on your system).
2345 Though be aware that doing this removes one level of protection and allows
2346 anyone to try and query your agent (though the agent's own access control
2347 mechanisms can still be used to restrict what - if anything - they can see).
2349 Note that personal firewalls (such as Linux' ipchains mechanism) may have
2350 a similar effect (though typically this won't be logged).
2354 I'm getting errors about "bad security model" - why?
2355 ----------------------------------------------------
2357 Until release 4.2, the access control handling accepted the token "any"
2358 to cover all of the recognised security models. This is explicitly
2359 forbidden in the relevant RFC, so support for this is being withdrawn.
2360 As an interim measure, it is currently accepted (with the warning you
2361 see), but this will not be the case in future releases of the agent.
2363 You should replace the token 'any' with 'v1', 'v2c' or 'usm' as
2364 appropriate. If you want to support all three of these security models,
2365 you'll need to use three distinct group lines, one for each. See the
2366 example snmpd.conf file for details.
2370 I'm getting errors about "bad prefix match parameter" - why?
2371 ------------------------------------------------------------
2373 This is similar to the previous question. With 4.2, the syntax of the
2374 'access' configure line has changed, and a value of '0' is no longer
2375 acceptable for the sixth field. Simply replace this with the word 'exact'.
2379 Why can't I see values in the UCDavis 'extensible' or 'disk' trees?
2380 ------------------------------------------------------------------
2382 Both these trees are designed to report things you ask it to report
2383 on. If you don't declare anything in the snmpd.conf file for it to
2384 monitor, it will not report anything. See the snmpd.conf manual page
2385 and the EXAMPLE.conf file for details on configuring the agent.
2387 Optionally, run snmpconf -g monitoring to help you set up this
2388 section of the snmpd.conf file.
2392 Why can't I see values in the UCDavis 'memory' or 'vmstat' trees?
2393 ----------------------------------------------------------------
2395 These mib modules are not supported on all operating systems, and
2396 will not be included on any other system. Currently, they are only
2397 supported on Linux, HP-UX (memory only), Solaris, BSDi (vmstat on
2398 BSDi4 only), Dynix, FreeBSD, NetBSD and OpenBSD.
2399 If you want to help port it to other systems, let us know.
2401 Note that these subtrees only report the current usage when
2402 explicitly queried. They do *not* generate traps when the
2403 usage strays outside the configured bounds.
2407 What do the CPU statistics mean - is this the load average?
2408 ----------------------------------------------------------
2410 No. Unfortunately, the original definition of the various CPU statistics
2411 was a little vague. It referred to a "percentage", without specifying
2412 what period this should be calculated over. It was therefore
2413 implemented slightly differently on different architectures.
2415 Recent releases includes "raw counters", which can be used to
2416 calculate the percentage usage over any desired period. This is
2417 the "right" way to handle things in the SNMP model. The original
2418 flawed percentage objects should not be used, and will be removed
2419 in a future release of the agent.
2421 Note that this is different from the Unix load average, which is
2422 available via the loadTable, and is supported on all architectures.
2426 What about multi-processor systems?
2427 ----------------------------------
2429 Sorry - the CPU statistics (both original percentages, and the
2430 newer raw statistics) both refer to the system as a whole. There
2431 is currently no way to access individual statistics for a particular
2434 Note that although the Host Resources table includes a hrProcessorTable,
2435 the current implementation suffers from two major flaws. Firstly, it
2436 doesn't currently recognise the presence of multiple processors, and
2437 simply assumes that all systems have precisely one CPU. Secondly, it
2438 doesn't calculate the hrProcessorLoad value correctly, and either returns
2439 a dummy value (based on the load average) or nothing at all.
2441 If you want to monitor a multi-processor system, you're currently
2442 out of luck. We hope to address this in a future release of the agent.
2443 But you've got the source, so you can always have a go yourself :-)
2447 The speed/type of my network interfaces is wrong - how can I fix it?
2448 -------------------------------------------------------------------
2450 Some operating systems will provide a mechanism for determining
2451 the speed and type of network interfaces, but many do not. In this
2452 case, the agent attempts to guess the most appropriate values, based
2453 on the name of the interface.
2454 Version 4.2 allows you to override these guessed values, using the
2455 configuration directive 'interface', specifying the name, type and
2456 speed of a particular interface. This is particularly useful for
2457 fast-ethernet, or dial-up interfaces, where the speed cannot be
2458 guessed from the name.
2459 See the snmpd.conf(5) man page for details.
2463 The interface statistics for my subinterfaces are all zero - why?
2464 ----------------------------------------------------------------
2466 Unfortunately, most kernels that support multiple logical
2467 interfaces on a single physical interface, don't keep separate
2468 statistics for each of these. They simply report the overall
2469 statistics for the physical interface itself.
2470 There's no easy way around this problem - the agent can only
2471 report such values as it can find out. If the kernel doesn't
2472 keep track of these figures, the agent can't report them.
2476 What does "klread: bad address" mean?
2477 -------------------------------------
2479 This means that the agent was unable to extract some of the
2480 necessary information from the kernel structures. This is
2482 - either looking in the wrong place for kernel information
2483 (check the value of KERNEL_LOC)
2484 - an error in the implementation of part of the MIB tree
2485 for that architecture. Try and identify which
2486 OID is generating the error, and contact the
2487 list 'net-snmp-coders@lists.sourceforge.net'
2488 Remember to tell us what architecture you have!
2492 What does "nlist err: wombat not found" (or similar) mean?
2493 ----------------------------------------------------------
2495 This means that the agent wasn't able to locate one of the
2496 kernel structures it was looking for. This may or may not
2497 be important - some systems provide alternative mechanisms
2498 for obtaining the necessary information - Solaris, for example,
2499 can produce a whole slew of such messages, but still provide
2500 the correct information.
2501 This error only occurs if you have used the flag
2502 '--enable-debugging' as part of the initial configuration.
2503 Reconfigure the agent with '--disable-debugging' and these
2504 messages will disappear. (It won't fix the underlying problem,
2505 but at least you won't be nagged about it).
2509 How about "Can't open /dev/kmem"?
2510 --------------------------------
2512 This device is normally restricted to just being accessible by root
2513 (or possibly by a special group such as 'kmem' or 'sys'). The agent
2514 must be able to read this device to obtain the necessary information
2515 about the running system.
2516 Check that the agent was started by root, and is running with UID 0
2517 (or suitable GID if appropriate). The agent will normally continue
2518 to run without this level of access permission, but won't be able to
2519 report values for many of the variables (particularly those relating
2520 to network statistics).
2524 The agent is complaining about 'snmpd.conf'. Where is this?
2525 -----------------------------------------------------------
2527 It doesn't exist in the distribution as shipped. You need to
2528 create it to reflect your local requirement.
2529 To get started, you can either just create this as an empty file,
2530 or run snmpconf to help you create one.
2531 See the snmpd.conf(5) manual page for further details.
2535 The system uptime (sysUpTime) returned is wrong!
2536 -----------------------------------------------
2539 The defined meaning of 'sysUpTime' is
2540 "the time ... since the *network management*
2541 portion of the system was re-initialized."
2543 In other words, when the snmp agent was started, not when the
2544 system itself last booted. This latter information is available
2545 in the Host Resources MIB as "host.hrSystem.hrSystemUpTime"
2546 Note that even if the full Host Resources is not supported on
2547 your system, it's worth configuring in the system portion using
2549 '--with-mib-modules=host/hr_system'
2551 and recompiling. This particular group is reasonably likely to
2552 work, even if some of the other more system-specific groups don't.
2556 How can I reduce the memory footprint?
2557 --------------------------------------
2559 In order to reduce the memory footprint (for instance, to
2560 embed the snmpd into a device), the following configure options
2563 '--disable-debugging'
2564 This turns off all compilation of debugging info.
2566 '--enable-mini-agent' '--with-out-mib-modules=examples/ucdDemoPublic'
2567 This creates an agent the minimum amount of MIB modules
2569 NOTE: If you need more MIB modules add then with the option
2570 '--with-mib-modules=...' you add of course extra memory footprint.
2572 '--with-transports=UDP'
2573 This option specifies the transports domain you need.
2574 For a simple agent UDP should be sufficient.
2576 '--without-kmem-usage'
2577 This can be used in order not to include the code that
2578 operates on the /dev/kmem. This option cannot be used when
2579 you do want a MIB module compiled in that depends on it.
2581 '--with-mibdirs=' and '--with-mibs='
2582 These options specify not loading the MIB modules for the
2583 agent. It reduces the memory footprint only during
2586 On top of this one could even attempt to exclude the complete
2587 MIB loading functionality, but there is currently no
2588 configure option for this.
2590 Once the agent (snmpd) has been linked, you might also try running
2591 'strip snmpd' to remove un-necessary debug/symbol information.
2598 How do I compile with 'cc' instead of 'gcc'?
2599 -------------------------------------------
2601 Run configure with --with-cc=cc
2603 Note that if you've already run configure once, it will probably have
2604 detected the presence of 'gcc', cached this information, and may still
2605 try to use this anyway. In which case, simply remove the 'config.cache'
2606 file before re-running configure.
2610 But gcc doesn't compile it successfully on my new Solaris system. Why not?
2611 -------------------------------------------------------------------------
2613 Whenever you upgrade the operating system under Solaris, you need to
2614 reinstall gcc, and run the 'fixincludes' script. (This is probably
2615 a sensible step to take when you upgrade any operating system).
2616 Under Solaris 2.6, there is also a bug in the gcc 'fixinc.sv4' script.
2617 This needs an additional line as follows:
2619 *** fixinc.svr4.cln Thu Jun 15 22:03:29 1995
2620 --- fixinc.svr4 Tue Nov 25 09:47:57 1997
2624 s/__STDC__ - 0 == 0/!defined (__STRICT_ANSI__)/g
2625 + s/__STDC__ - 0 == 1/defined (__STRICT_ANSI__)/g
2629 How do I write C code to integrate with the agent?
2630 -------------------------------------------------
2632 At the moment, there are three methods for integrating external C code
2635 The code can be included within the agent itself, statically configured
2636 and linked in when the agent is compiled. Alternatively, with the 4.2
2637 release of the agent, it's possible to dynamically load MIB modules once
2638 the agent is running. Finally, the agent can be configured to pass certain
2639 portions of the MIB tree off to one or more subagents. See the earlier
2640 question on AgentX, SMUX and proxied SNMP for more details.
2642 All three mechanisms use the same module API. This is described (in
2643 excruciating detail) in the file AGENT.txt, shipped with the standard
2644 distribution. There is also an HTML version accessible via the project
2645 web page. This task can be aided using the tool 'mib2c' which generates
2646 most of the necessary skeleton code from the description in the MIB file.
2648 Note that the UCD suite does not include support for SMUX subagents.
2652 How does the agent fetch the value of a variable from the system?
2653 ----------------------------------------------------------------
2655 Much of the information is extracted from kernel memory - usually
2656 by seeking to the appropriate location and reading the structures
2658 Some systems provide cleaner interfaces to such kernel information
2659 (it would be hard to think of a less clean interface!), via ioctl()
2660 calls or similar system routines and these mechanisms are usually used
2665 I've created a new module with 'mib2c' but it doesn't work. Why not?
2666 --------------------------------------------------------------------
2668 Remember that 'mib2c' generates a template for the MIB implementation.
2669 It doesn't fill in all the details for you. In particular, it cannot
2670 know how to obtain the information needed to answer particular queries.
2671 That's the job of the MIB module programmer (you!) - See the previous
2672 question for how to proceed.
2674 Essentially mib2c handles the syntax of the MIB implementation,
2675 leaving you to concentrate on the semantics.
2679 Where should I put the files produced by 'mib2c'?
2680 ------------------------------------------------
2682 If you're using the main source tree to compile your new module, then
2683 put these two files (mymib.[ch]) in the directory 'agent/mibgroup'.
2684 You should then re-run configure to add in your new module
2685 ("configure --with-mib-modules=mymib") and recompile.
2687 If you've got a number of new modules to add, it might be
2688 sensible to put them all into a single subdirectory of 'mibgroup'.
2689 Then create a header file, listing the individual components.
2690 This might look something like:
2692 config_require(mymib/myObjects)
2693 config_require(mymib/myTable)
2694 config_require(mymib/myOtherTable)
2696 If this was saved as the file 'mymib.h', then the same configure
2697 line given above, would pull in all three modules. See the
2698 current contents of 'agent/mibgroup' for examples of this.
2702 Mib2c only handles a single table in my MIB. How can I fix this?
2703 ---------------------------------------------------------------
2705 This was a bug in the mib2c script, which was corrected with
2706 the 4.2 release. Earlier versions can be fixed by applying the
2709 $ diff -u mib2c.cln mib2c
2710 --- mib2c.cln Wed Nov 29 15:12:47 2000
2711 +++ mib2c Wed Nov 29 15:13:18 2000
2713 #============================================
2714 foreach $vtable (@table_list) {
2715 foreach $ptable (@processtable) {
2716 - $variables{$ptable}{'processed'} =
2717 + $variables{$ptable}{'processed'} .=
2718 (eval "\"$variables{$ptable}{'code'}\"") . "\n\n";
2723 Mib2c complains about a missing "mib reference" - what does this mean?
2724 ---------------------------------------------------------------------
2726 This basically means that it hasn't loaded the MIB file containing
2727 the definition of the MIB subtree you're trying to implement. This
2728 might be because it hasn't been installed, the name is wrong, or
2729 (most likely), because it isn't in the default list. See the MIBS
2730 section for more details.
2734 Mib2c complains about not having a "valid OID" - what does this mean?
2735 ---------------------------------------------------------------------
2737 This probably means that you gave it the name of a MIB file (or
2738 module), rather than the name of an object defined in that file.
2739 Mib2c expects the name of a 'root' object, and will generate a
2740 template for the sub-tree starting from there.
2742 If you've got a file 'MY-MIB.txt', defining the MIB module
2743 'MY-MIB' which contains a subtree based on the object 'myMib',
2744 then you should invoke mib2c as
2747 "mib2c .... MY-MIB.txt"
2748 or "mib2c .... MY-MIB"
2750 Note that you'll probably also have to add your MIB to the list of
2751 MIBs that are loaded automatically, in order for mib2c to recognise
2752 the name of this object. So the command would typically be
2753 "MIBS=+MY-MIB mib2c .... myMib"
2754 or "MIBS=ALL mib2c .... myMib"
2758 Mib2c ignores my MIB and generates a pair of 'mib-2' code files. Why?
2759 ---------------------------------------------------------------------
2761 This is the same problem as above - giving mib2c the name of
2762 the file containing the MIB, rather than an object within it.
2763 Earlier versions of mib2c didn't detect this situation, and
2764 rather than report an error, it merrily constructed a template
2765 for a default starting point of the mib-2 node.
2767 More recent versions issue the error mentioned above, instead.
2771 Mib2c talks about "configuration files". Why has this stopped working?
2772 ---------------------------------------------------------------------
2774 You've probably upgraded to the v5 net-snmp release (from the
2775 v4 ucd-snmp release). This introduced a new approach to agent
2776 module development, including a number of different "helpers".
2777 The mib2c tool comes with configurations to generate code for
2778 many of these, but you'll need to select which is most convenient
2779 for your particular case.
2783 How can I get the agent to generate a trap (or inform)?
2784 ------------------------------------------------------
2786 Actually generating a trap is reasonably simple - just call one
2787 of the utility routines 'send_easy_trap()' or 'send_v2trap' with
2788 the relevant information (trap values, or varbind list respectively).
2789 See the 'snmp_trap_api(3)' man page for details. But note that
2790 these interfaces are only available within the agent (or subagents).
2791 They are not available to stand-alone applications. See the code
2792 for 'snmptrap' for the approach to use in this case.
2794 Determining _when_ to generate the trap is often harder.
2795 If the trap is generated in response to some action within the
2796 agent, (e.g. as the result of a SET), then this isn't too much
2799 But if the trap is intended to report on a change of status
2800 (e.g. a network interface going up or down, or a disk filling up),
2801 then actually detecting this is non-trivial. It's necessary to
2802 poll the value(s) on a regular basis, save the results and compare
2803 them with the new values the next time round.
2804 This can be done using the routines documented in 'snmp_alarm(3)',
2805 though unfortunately we don't have any examples of how to do this.
2806 Eventually, the intention is to implement the Event MIB (from the
2807 Distributed Management working group), which will provide this
2808 functionality in a flexible, standardised manner.
2810 In the meantime, the simplest approach is probably to set up
2811 an external program, to poll the agent for the desired values,
2812 and generate a trap when values change. E.g:
2814 old_value=`snmpget myObject.0`
2818 new_value=`snmpget myObject.0`
2819 if [ $old_value != $new_value ]
2821 snmptrap .... myObject.0 i $new_value
2823 old_value=$new_value
2826 (Obviously, this is not complete, but should give you the
2831 What if I'm using an AgentX sub-agent instead?
2832 ---------------------------------------------
2834 That doesn't matter - the routines described in 'snmp_trap_api(3)'
2835 can still be used, and the subagent will do the Right Thing.
2837 One of the original design aims of the AgentX support was that this
2838 should be transparent to a MIB module implementer. The agent-module
2839 interface should be independent of the protocol used to receive the
2840 original request. So the exact same MIB module code could be used
2841 within a traditional SNMP-only agent, or an AgentX subagent, with no
2843 In fact, the main agent supplied as part of the package can indeed
2844 be run as an SNMP agent or an AgentX subagent, simply based on command
2845 line flags (or similar configuration options).
2849 I'm getting an error "autoheader: not found" - what's wrong?
2850 -----------------------------------------------------------
2852 This usually appears when compiling the current development source
2853 version, obtained via CVS. Unfortunately, the timestamps on some of
2854 the configure files are such that make assumes (mistakenly) that the
2855 configure script needs to be re-generated.
2856 A similar problem may arise relating to 'autoconf'.
2858 In both cases, this can be corrected by running the command
2859 "make -k touchit" before attempting to make the main package.
2863 What about a failed dependency on 'libcrypto'? Where can I get that?
2864 --------------------------------------------------------------------
2866 This is typically encountered when installing a Linux RPM of
2867 the ucd-snmp package. This library is part of the 'openssl'
2868 suite, so simply install that RPM first, or download the source
2869 from ftp://ftp.openssl.org and compile and install that.
2871 When compiling {UCD,Net}-SNMP from source, the configure script
2872 should detect that this library is not present, and use alternative
2873 arrangements for MD5-based authentication.
2875 If encryption (or SHA1-based authentication) is required, then
2876 this typically requires compiling from source. Under Linux, both
2877 the 'openssl' and 'openssl-devel' RPMs should be installed, and the
2878 'config.cache' file removed before running "configure --with-openssl"
2883 Why is the project workspace empty under Visual C++?
2884 ---------------------------------------------------
2886 This is probably due to the different ways that Unix and Windows
2887 handle text file line termination. Older versions of WinZip don't
2888 handle this properly, and Visual C++ gets confused (poor dear!).
2889 The latest version of WinZip is reported to unpack this correctly.
2893 Why are packets requesting the same information larger with UC-Davis SNMP?
2894 -------------------------------------------------------------------------
2896 This shouldn't happen with version 4.2 or later, but for older
2897 version the following still applies:
2899 Some users note that UCD-SNMP applications always generate larger PDUs
2900 than other SNMP packages, even if the information requested is the same.
2901 Further, there are some agents that refuse PDUs from UCD-SNMP applications
2902 but accept PDUs from other applications.
2904 UCD-SNMP is based on the CMU code from a long time ago which encoded things
2905 using the long form of length encoding. Some agents use the short form
2906 of length encoding only, and do not understand the long form.
2908 Get version 4.2 or higher to use the shorter encoding lengths.
2912 What ASN.1 parser is used?
2913 -------------------------
2915 The parser used by both the agent and client programs is coded by hand.
2916 This parser has recently been re-vamped to allow control of which of
2917 the available MIBs should be included, and to handle duplicate object
2919 The source code can be found in the snmplib directory (in 'parse.c'),
2920 and the parser is usually bundled into the library 'libsnmp.a'
2922 Note that the parser attempts to be fairly forgiving of some common
2923 errors and incompatibilities in MIB files. The UCD tools accepting a
2924 MIB file without complaint does not imply that the MIB is strictly
2926 Certain MIBs may need some amendments to allow them to be read
2927 correctly by the parser. Contact the coders' list for advice.
2931 What is the Official Slogan of the ucd-snmp-coders list?
2932 -------------------------------------------------------
2934 "The current implementation is non-obvious and may need to be improved."
2935 (with thanks to Rohit Dube)
2937 And an alternate, added 26-Apr-2000:
2939 "In theory, it shouldn't be that hard, but it just needs to be done."