.\" $OpenBSD: snmp.1,v 1.7 2019/10/03 11:02:26 martijn Exp $ .\" .\" Copyright (c) 2019 Martijn van Duren .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .Dd $Mdocdate: October 3 2019 $ .Dt SNMP 1 .Os .Sh NAME .Nm snmp .Nd simple SNMP client .Sh SYNOPSIS .Nm .Cm get | getnext .Op Fl A Ar authpass .Op Fl a Ar digest .Op Fl c Ar community .Op Fl E Ar ctxengineid .Op Fl e Ar secengineid .Op Fl K Ar localpriv .Op Fl k Ar localauth .Op Fl l Ar seclevel .Op Fl n Ar ctxname .Op Fl O Cm afnQqSvx .Op Fl r Ar retries .Op Fl t Ar timeout .Op Fl u Ar user .Op Fl v Ar version .Op Fl X Ar privpass .Op Fl x Ar cipher .Op Fl Z Ar boots , Ns Ar time .Ar agent .Ar oid ... .Nm .Cm walk .Op Fl A Ar authpass .Op Fl a Ar digest .Op Fl c Ar community .Op Fl E Ar ctxengineid .Op Fl e Ar secengineid .Op Fl K Ar localpriv .Op Fl k Ar localauth .Op Fl l Ar seclevel .Op Fl n Ar ctxname .Op Fl O Cm afnQqSvx .Op Fl r Ar retries .Op Fl t Ar timeout .Op Fl u Ar user .Op Fl v Ar version .Op Fl X Ar privpass .Op Fl x Ar cipher .Op Fl Z Ar boots , Ns Ar time .Op Fl C Cm cIipt .Op Fl C Cm E Ar endoid .Ar agent .Op Ar oid .Nm .Cm bulkget .Op Fl A Ar authpass .Op Fl a Ar digest .Op Fl c Ar community .Op Fl E Ar ctxengineid .Op Fl e Ar secengineid .Op Fl K Ar localpriv .Op Fl k Ar localauth .Op Fl l Ar seclevel .Op Fl n Ar ctxname .Op Fl O Cm afnQqSvx .Op Fl r Ar retries .Op Fl t Ar timeout .Op Fl u Ar user .Op Fl v Ar version .Op Fl X Ar privpass .Op Fl x Ar cipher .Op Fl Z Ar boots , Ns Ar time .Op Fl C Cm n Ns Ar nonrep Ns Cm r Ns Ar maxrep .Ar agent .Ar oid ... .Nm .Cm bulkwalk .Op Fl A Ar authpass .Op Fl a Ar digest .Op Fl c Ar community .Op Fl E Ar ctxengineid .Op Fl e Ar secengineid .Op Fl K Ar localpriv .Op Fl k Ar localauth .Op Fl l Ar seclevel .Op Fl n Ar ctxname .Op Fl O Cm afnQqSvx .Op Fl r Ar retries .Op Fl t Ar timeout .Op Fl u Ar user .Op Fl v Ar version .Op Fl X Ar privpass .Op Fl x Ar cipher .Op Fl Z Ar boots , Ns Ar time .Op Fl C Cm cipn Ns Ar nonrep Ns Cm r Ns Ar maxrep .Ar agent .Op Ar oid .Nm .Cm set .Op Fl A Ar authpass .Op Fl a Ar digest .Op Fl c Ar community .Op Fl E Ar ctxengineid .Op Fl e Ar secengineid .Op Fl K Ar localpriv .Op Fl k Ar localauth .Op Fl l Ar seclevel .Op Fl n Ar ctxname .Op Fl O Cm afnQqSvx .Op Fl r Ar retries .Op Fl t Ar timeout .Op Fl u Ar user .Op Fl v Ar version .Op Fl X Ar privpass .Op Fl x Ar cipher .Op Fl Z Ar boots , Ns Ar time .Ar agent .Ar varoid type value .Oo Ar varoid type value Oc ... .Nm .Cm trap .Op Fl A Ar authpass .Op Fl a Ar digest .Op Fl c Ar community .Op Fl E Ar ctxengineid .Op Fl e Ar secengineid .Op Fl K Ar localpriv .Op Fl k Ar localauth .Op Fl l Ar seclevel .Op Fl n Ar ctxname .Op Fl r Ar retries .Op Fl t Ar timeout .Op Fl u Ar user .Op Fl v Ar version .Op Fl X Ar privpass .Op Fl x Ar cipher .Op Fl Z Ar boots , Ns Ar time .Ar agent uptime trapoid .Oo Ar varoid type value Oc ... .Nm .Cm mibtree .Op Fl O Cm fnS .Sh DESCRIPTION The .Nm utility is a simple SNMP client. .Pp The subcommands are as follows: .Bl -tag -width bulkwalk .It Cm get Retrieve the MIB for .Ar oid from the .Ar agent . If more than one .Ar oid is specified, retrieve the MIB for each one. .It Cm getnext Retrieve the MIB that follows .Ar oid from the .Ar agent . If more than one .Ar oid is specified, retrieve the MIB following each one of them. .It Cm walk Retrieve all the MIBs that are branches of .Ar oid from the .Ar agent . This uses the .Cm getnext subcommand internally and requests a single MIB at a time. If no OID is specified it defaults to mib-2 .Pq .1.3.6.1.2.1 . .It Cm bulkget Retrieve the next 10 MIBs following each .Ar oid from the .Ar agent . This command is not available for .Fl v Cm 1 . .It Cm bulkwalk Retrieve all the MIBs from the .Ar agent that are branches of .Ar oid . This uses the .Cm bulkget subcommand internally to retrieve multiple MIBs at a time. This command is not available for .Fl v Cm 1 . .It Cm set Set one or more OIDs to a new value. The triple .Ar varoid , type , value is described in .Sx Data types . .It Cm trap Send a trap message to the .Ar agent . The .Ar uptime is specified in timeticks .Pq centiseconds or defaults to the system uptime if an empty string is given. The .Ar trapoid is the identification OID used by the trap handler to determine its action. The triple .Op Ar varoid , type , value is described in .Sx Data types . This command is not available for .Fl v Cm 1 . .It Cm mibtree Dump the tree of compiled-in MIB objects. .El .Pp The options are as follows: .Bl -tag -width Ds .It Fl A Ar authpass The authentication password for the user. This will be transformed to .Ar localauth . This option is only used by .Fl v Cm 3 . .It Fl a Ar digest Set the digest .Pq authentication protocol. Options are .Cm MD5 , .Cm SHA , .Cm SHA-224 , .Cm SHA-256 , .Cm SHA-384 or .Cm SHA-512 . This option defaults to .Cm MD5 . This option is only used by .Fl v Cm 3 . .It Fl C Ar appopt Set the application specific .Ar appopt options by supplying a string of one or more of the following modifier letters: .Bl -tag -width Ds .It Cm c During a .Cm walk or .Cm bulkwalk , disable checking the order of MIBs. On some devices that return MIBs out of order, this may cause an infinite loop. .It Cm E Ar endoid Walk the tree up to but excluding .Ar endoid . The blank before .Ar endoid is mandatory. .It Cm I If no branches are found during a .Cm walk , do not fall back to returning the original MIB via a .Cm get request. .It Cm i Before starting a .Cm walk or .Cm bulkwalk , always do a .Cm get request on the specified .Ar oid first. .It Cm n Ns Ar nonrep Set the non-repeaters field in the request to the non-negative integer .Ar nonrep . This causes the first .Ar nonrep .Ar oid arguments to only return a single MIB instead of .Ar maxrep . This value defaults to 0. No blank is allowed before .Ar nonrep . .It Cm p At the end of a .Cm walk or .Cm bulkwalk , show a summary of the total variables received. .It Cm r Ns Ar maxrep Set the max-repetitions field in the request to the positive integer .Ar maxrep . For .Cm bulkget or .Cm bulkwalk this determines the amount of MIBs to return for each specified OID. This value defaults to 10. No blank is allowed before .Ar maxrep . .It Cm t Show how long it took to .Cm walk the entire tree. .El .It Fl c Ar community Set the .Ar community string. Defaults to .Cm public . This option is only used by .Fl v Cm 1 and .Fl v Cm 2c . .It Fl e Ar secengineid The USM security engine id. Under normal circumstances this value is discovered via snmpv3 discovery and does not need to be specified. This option is only used by .Fl v Cm 3 . .It Fl E Ar ctxengineid The snmpv3 context engine id. Most of the time this value can be safely ignored. This option is only used by .Fl v Cm 3 . .It Fl K Ar localpriv The localized privacy password for the user in hexadecimal format .Po optionally prefixed with a .Cm 0x .Pc . This option is only used by .Fl v Cm 3 . .It Fl k Ar localauth The localized authentication password for the user in hexadecimal format .Po optionally prefixed with a .Cm 0x .Pc . This option is only used by .Fl v Cm 3 . .It Fl l Ar seclevel The security level. Values can be .Cm noAuthNoPriv Pq default , .Cm authNoPriv .Po requires either .Fl A or .Fl k .Pc or .Cm authPriv .Po requires either .Fl X or .Fl K in addition to the .Cm authNoPriv requirements .Pc . This option is only used by .Fl v Cm 3 . .It Fl n Ar ctxname Sets the context name. Defaults to an empty string. This option is only used by .Fl v Cm 3 . .It Fl O Ar output Set the .Ar output options by supplying a string of one or more of the following modifier letters: .Bl -tag -width 1n .It Cm a Print the varbind string unchanged rather than replacing non-printable bytes with dots. .It Cm f When displaying an OID, include the full list of MIB objects. By default only the last textual MIB object is shown. .It Cm n Display the OID numerically. .It Cm Q Remove the type information. .It Cm q Remove the type information and the equal sign. .It Cm S Display the MIB name and the type information. This is the default behaviour. .It Cm v Only display the varbind value, removing the OID. .It Cm x Display the varbind string values as hexadecimal strings. .El .It Fl r Ar retries Set the number of .Ar retries in case of packet loss. Defaults to 5. .It Fl t Ar timeout Set the .Ar timeout to wait for a reply, in seconds. Defaults to 1. .It Fl u Ar user Sets the username. If .Fl v Cm 3 is used this option is required. This option is only used by .Fl v Cm 3 . .It Fl v Ar version Set the snmp protocol .Ar version to either .Cm 1 , .Cm 2c or .Cm 3 . Currently defaults to .Cm 2c . .It Fl X Ar privpass The privacy password for the user. This will be tansformed to .Ar localpriv . This option is only used by .Fl v Cm 3 . .It Fl x Ar cipher Sets the cipher .Pq privacy protocol. Options are .Cm DES and .Cm AES . This option is only used by .Fl v Cm 3 . .It Fl Z Ar boots , Ns Ar time Set the engine boots and engine time. Under normal circumstances this value is discovered via snmpv3 discovery and does not need to be specified. This option is only used by .Fl v Cm 3 . .El .Pp The syntax for the .Ar agent argument is .Oo Ar protocol : Oc Ns Ar address with the follwing forms: .Bl -column udp6XXXtcp6X address -offset indent .It Ar protocol Ta Ar address .It Cm udp | tcp Ta Ar hostname Ns Oo Pf : Ar port Oc | .Ar IPv4-address Ns Op Pf : Ar port .It Cm udp6 | tcp6 Ta Ar hostname Ns Oo Pf : Ar port Oc | .Cm \&[ Ns Ar IPv6-address Ns Cm \&] Ns Oo Pf : Ar port Oc | .Ar IPv6-address Ns Pf : Ar port .It Cm unix Ta Ar pathname .El .Pp The default .Ar protocol is .Cm udp and the default .Ar port is 161; except for the .Nm snmp Cm trap command which uses 162. .Cm udpv6 and .Cm udpipv6 are aliases for .Cm udp6 ; .Cm tcpv6 and .Cm tcpipv6 for .Cm tcp6 . To specify an IPv6-address without a .Ar port , the .Ar IPv6-address must be enclosed in square brackets. If the square brackets are omitted, the value after the last colon is always interpreted as a .Ar port . .Ss Data types Additional data sent to the server is formatted by specifying one or more triples of .Ar varoid , .Ar type , and .Ar value . Supported types are: .Bl -tag -width 1n .It Cm a An IPv4 Address. .It Cm b A bitstring. A list of individual bit offsets separated by comma, space or tab. Must be supplied as a single argument. .It Cm c A counter32. .It Cm d A decimal string. A list of individual bytes in decimal form separated by space or tab. .It Cm i An integer. .It Cm n A null object. .It Cm o An OID. .It Cm s A regular string. .It Cm t Timeticks in centiseconds. .It Cm u Unsigned integer. Actually a normal integer for compatibility with netsnmp. .It Cm x A hex string. Similar to a decimal string, but in hexadecimal format. .El .Sh SEE ALSO .Xr snmpd 8 .Sh HISTORY The .Nm program first appeared in .Ox 6.6 . .Sh AUTHORS The .Nm program was written by .An Martijn van Duren Aq Mt martijn@openbsd.org .