summaryrefslogtreecommitdiff
path: root/data/templates/snmp/etc.snmpd.conf.tmpl
blob: ca9b4d61787dad44fe017416335e036db0576db9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
### Autogenerated by snmp.py ###

# non configurable defaults
sysObjectID 1.3.6.1.4.1.44641
sysServices 14
master agentx
agentXPerms 0777 0777
pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias
smuxpeer .1.3.6.1.2.1.83
smuxpeer .1.3.6.1.2.1.157
smuxsocket localhost

# linkUp/Down configure the Event MIB tables to monitor
# the ifTable for network interfaces being taken up or down
# for making internal queries to retrieve any necessary information
iquerySecName {{ vyos_user }}

# Modified from the default linkUpDownNotification
# to include more OIDs and poll more frequently
notificationEvent  linkUpTrap    linkUp   ifIndex ifDescr ifType ifAdminStatus ifOperStatus
notificationEvent  linkDownTrap  linkDown ifIndex ifDescr ifType ifAdminStatus ifOperStatus
monitor  -r 10 -e linkUpTrap   "Generate linkUp" ifOperStatus != 2
monitor  -r 10 -e linkDownTrap "Generate linkDown" ifOperStatus == 2

# Remove all old ifTable entries with the same ifName as newly appeared
# interface (with different ifIndex) - this is the case on e.g. ppp interfaces
interface_replace_old yes

########################
# configurable section #
########################

# Default system description is VyOS version
sysDescr VyOS {{ version }}

{% if description %}
# Description
SysDescr {{ description }}
{% endif %}

# Listen
agentaddress unix:/run/snmpd.socket{% if listen_on %}{% for li in listen_on %},{{ li }}{% endfor %}{% else %},{{protocol}}:161{% if ipv6_enabled %},{{protocol}}6:161{% endif %}{% endif %}

# SNMP communities
{% for c in communities %}
{%   if c.network_v4 %}
{%     for network in c.network_v4 %}
{{ c.authorization }}community {{ c.name }} {{ network }}
{%     endfor %}
{%   elif not c.has_source %}
{{ c.authorization }}community {{ c.name }}
{%   endif %}
{%   if c.network_v6 %}
{%     for network in c.network_v6 %}
{{ c.authorization }}community6 {{ c.name }} {{ network }}
{%     endfor %}
{%   elif not c.has_source %}
{{ c.authorization }}community6 {{ c.name }}
{%   endif %}
{% endfor %}

{% if contact %}
# system contact information
SysContact {{ contact }}
{% endif %}

{% if location %}
# system location information
SysLocation {{ location }}
{% endif %}

{% if smux_peers %}
# additional smux peers
{%   for sp in smux_peers %}
smuxpeer {{ sp }}
{%   endfor %}
{% endif %}

{% if trap_targets %}
# if there is a problem - tell someone!
{%   for trap in trap_targets %}
trap2sink {{ trap.target }}{{ ":" + trap.port if trap.port is defined }} {{ trap.community }}
{%   endfor %}
{% endif %}

{% if v3_enabled %}
#
# SNMPv3 stuff goes here
#
# views
{%   for view in v3_views %}
{%     for oid in view.oids %}
view {{ view.name }} included .{{ oid.oid }}
{%         if oid.exclude %}
{%             for excl in oid.exclude %}
view {{ view.name }} excluded .{{ excl }}
{%             endfor %}
{%         endif %}
{%     endfor %}
{%   endfor %}

# access
#             context sec.model sec.level match  read    write  notif
{%   for group in v3_groups %}
access {{ group.name }} "" usm {{ group.seclevel }} exact {{ group.view }} {% if group.mode == 'ro' %}none{% else %}{{ group.view }}{% endif %} none
{%   endfor %}

# trap-target
{%   for t in v3_traps %}
trapsess -v 3 {{ '-Ci' if t.type == 'inform' }} -e {{ v3_engineid }} -u {{ t.secName }} -l {{ t.secLevel }} -a {{ t.authProtocol }} {% if t.authPassword %}-A {{ t.authPassword }}{% elif t.authMasterKey %}-3m {{ t.authMasterKey }}{% endif %} -x {{ t.privProtocol }} {% if t.privPassword %}-X {{ t.privPassword }}{% elif t.privMasterKey %}-3M {{ t.privMasterKey }}{% endif %} {{ t.ipProto }}:{{ t.ipAddr }}:{{ t.ipPort }}
{%   endfor %}

# group
{%   for u in v3_users %}
group {{ u.group }} usm {{ u.name }}
{%   endfor %}
{% endif %}

{% if script_ext %}
# extension scripts
{%   for ext in script_ext|sort(attribute='name') %}
extend {{ ext.name }} {{ ext.script }}
{%   endfor %}
{% endif %}