1.\" $OpenBSD: snmp.1,v 1.22 2022/03/31 17:27:27 naddy Exp $ 2.\" 3.\" Copyright (c) 2019 Martijn van Duren <martijn@openbsd.org> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" 17.Dd $Mdocdate: March 31 2022 $ 18.Dt SNMP 1 19.Os 20.Sh NAME 21.Nm snmp 22.Nd simple SNMP client 23.Sh SYNOPSIS 24.Nm 25.Cm get | getnext | bulkget 26.Op Ar options 27.Ar agent 28.Ar oid ... 29.Nm 30.Cm walk | bulkwalk 31.Op Ar options 32.Ar agent 33.Op Ar oid 34.Nm 35.Cm set 36.Op Ar options 37.Ar agent 38.Ar varoid type value 39.Oo Ar varoid type value Oc ... 40.Nm 41.Cm trap 42.Op Ar options 43.Ar agent uptime trapoid 44.Oo Ar varoid type value Oc ... 45.Nm 46.Cm df 47.Op Ar options 48.Ar agent 49.Nm 50.Cm mibtree 51.Op Fl O Ar fns 52.Op Ar oid ... 53.Sh DESCRIPTION 54The 55.Nm 56utility is a simple SNMP client. 57.Pp 58The subcommands are as follows: 59.Bl -tag -width Ds 60.It Xo 61.Nm snmp 62.Cm get 63.Op Ar options 64.Ar agent oid ... 65.Xc 66Retrieve the varbind for 67.Ar oid 68from the 69.Ar agent . 70If more than one 71.Ar oid 72is specified, retrieve the varbind for each one. 73.It Xo 74.Nm snmp 75.Cm getnext 76.Op Ar options 77.Ar agent oid ... 78.Xc 79Retrieve the varbind that follows 80.Ar oid 81from the 82.Ar agent . 83If more than one 84.Ar oid 85is specified, retrieve the varbind following each one of them. 86.It Nm snmp Cm walk Oo Ar options Oc Ar agent Op Ar oid 87Retrieve all the varbinds that are branches of 88.Ar oid 89from the 90.Ar agent . 91This uses the 92.Cm getnext 93subcommand internally and requests a single varbind at a time. 94If no 95.Ar oid 96is specified, it defaults to mib-2 97.Pq .1.3.6.1.2.1 . 98.It Xo 99.Nm snmp 100.Cm bulkget 101.Op Ar options 102.Ar agent oid ... 103.Xc 104Retrieve the next 10 varbinds following each 105.Ar oid 106from the 107.Ar agent . 108This command is not available for 109.Fl v Cm 1 . 110.It Xo 111.Nm snmp 112.Cm bulkwalk 113.Op Ar options 114.Ar agent 115.Op Ar oid 116.Xc 117Retrieve all the varbinds from the 118.Ar agent 119that are branches of 120.Ar oid . 121This uses the 122.Cm bulkget 123subcommand internally to retrieve multiple varbinds at a time. 124This command is not available for 125.Fl v Cm 1 . 126.It Xo 127.Nm snmp 128.Cm set 129.Op Ar options 130.Ar agent varoid type value ... 131.Xc 132Set one or more 133.Ar varoid to a new 134.Ar value . 135The format of the 136.Ar varoid type value 137triple is described in 138.Sx Data types , 139below. 140.It Xo 141.Nm snmp 142.Cm trap 143.Op Ar options 144.Ar agent uptime trapoid 145.Op Ar varoid type value ... 146.Xc 147Send a trap message to the 148.Ar agent . 149The 150.Ar uptime 151is specified in timeticks 152.Pq centiseconds 153or defaults to the system uptime if an empty string is given. 154The 155.Ar trapoid 156is the identification OID used by the trap handler to determine its action. 157This command is not available for 158.Fl v Cm 1 . 159.It Xo 160.Nm 161.Cm df 162.Op Ar options 163.Ar agent 164.Xc 165An SNMP based version of the 166.Xr df 1 167command. 168If no size suffix is shown, the sizes are in kilobytes. 169.It Nm Cm mibtree Oo Fl O Ar fnS Oc Op Ar oid ... 170Dump the tree of compiled-in MIB objects. 171If 172.Ar oid 173is specified it will print the objects in the requested output format if 174available, or print a warning if the object can't be found. 175.El 176.Pp 177The 178.Ar options 179are as follows: 180.Bl -tag -width Ds 181.It Fl A Ar authpass 182The authentication password for the user. 183This will be transformed to 184.Ar localauth . 185This option is only used by 186.Fl v Cm 3 . 187.It Fl a Ar digest 188Set the digest 189.Pq authentication 190protocol. 191Options are 192.Cm MD5 , 193.Cm SHA , 194.Cm SHA-224 , 195.Cm SHA-256 , 196.Cm SHA-384 197or 198.Cm SHA-512 . 199This option defaults to 200.Cm SHA . 201This option is only used by 202.Fl v Cm 3 . 203.It Fl C Ar appopt 204For the 205.Cm bulkget , 206.Cm bulkwalk , 207.Cm df , 208and 209.Cm walk 210subcommands, set the application specific 211.Ar appopt 212options by supplying a string of one or more 213of the following modifier letters: 214.Bl -tag -width Ds 215.It Cm c 216For 217.Cm walk 218and 219.Cm bulkwalk , 220disable checking the order of MIBs. 221On some devices that return MIBs out of order, 222this may cause an infinite loop. 223.It Cm E Ar endoid 224For 225.Cm walk , 226walk the tree up to but excluding 227.Ar endoid . 228The blank before 229.Ar endoid 230is mandatory. 231.It Cm h 232For 233.Cm df 234print the output in 235.Dq human-readable 236format. 237.It Cm I 238For 239.Cm walk , 240do not fall back to returning the original MIB via a 241.Cm get 242request. 243.It Cm i 244For 245.Cm walk 246and 247.Cm bulkwalk , 248always do a 249.Cm get 250request on the specified 251.Ar oid 252first. 253.It Cm n Ns Ar nonrep 254For 255.Cm bulkget 256and 257.Cm bulkwalk , 258Set the non-repeaters field in the request to the non-negative integer 259.Ar nonrep . 260This causes the first 261.Ar nonrep 262.Ar oid 263arguments to only return a single MIB instead of 264.Ar maxrep . 265This value defaults to 0. 266No blank is allowed before 267.Ar nonrep . 268.It Cm p 269For 270.Cm walk 271or 272.Cm bulkwalk , 273also show a summary of the total variables received. 274.It Cm r Ns Ar maxrep 275For 276.Cm bulkget , 277.Cm bulkwalk 278and 279.Cm df , 280set the max-repetitions field in the request to the positive integer 281.Ar maxrep . 282This determines the amount of MIBs to return for each specified OID. 283This value defaults to 10. 284No blank is allowed before 285.Ar maxrep . 286.It Cm s Ar skipoid 287For 288.Cm walk 289or 290.Cm bulkwalk 291don't include 292.Ar skipoid 293or its children in the walk output. 294The blank before 295.Ar skipoid 296is mandatory. 297.It Cm t 298For 299.Cm walk , 300Show how long it took to walk the entire tree. 301.El 302.It Fl c Ar community 303Set the 304.Ar community 305string. 306This option is only used by 307.Fl v Cm 1 308and 309.Fl v Cm 2c 310and has no default. 311.It Fl e Ar secengineid 312The USM security engine id. 313Under normal circumstances this value is discovered via snmpv3 discovery and 314does not need to be specified. 315This option is only used by 316.Fl v Cm 3 . 317.It Fl E Ar ctxengineid 318The snmpv3 context engine id. 319Most of the time this value can be safely ignored. 320This option is only used by 321.Fl v Cm 3 . 322.It Fl K Ar localpriv 323The localized privacy password for the user in hexadecimal format 324.Po 325optionally prefixed with a 326.Cm 0x 327.Pc . 328This option is only used by 329.Fl v Cm 3 . 330.It Fl k Ar localauth 331The localized authentication password for the user in hexadecimal format 332.Po 333optionally prefixed with a 334.Cm 0x 335.Pc . 336This option is only used by 337.Fl v Cm 3 . 338.It Fl l Ar seclevel 339The security level. 340Values can be 341.Cm noAuthNoPriv Pq default , 342.Cm authNoPriv 343.Po 344requires either 345.Fl A 346or 347.Fl k 348.Pc 349or 350.Cm authPriv 351.Po 352requires either 353.Fl X 354or 355.Fl K 356in addition to the 357.Cm authNoPriv 358requirements 359.Pc . 360This option is only used by 361.Fl v Cm 3 . 362.It Fl n Ar ctxname 363Sets the context name. 364Defaults to an empty string. 365This option is only used by 366.Fl v Cm 3 . 367.It Fl O Ar output 368Set the 369.Ar output 370options by supplying a string of one or more 371of the following modifier letters: 372.Bl -tag -width 1n 373.It Cm a 374Print the varbind string unchanged 375rather than replacing non-printable bytes with dots. 376.It Cm f 377When displaying an OID, include the full list of MIB objects. 378By default only the last textual MIB object is shown. 379.It Cm n 380Display the OID numerically. 381.It Cm Q 382Remove the type information. 383.It Cm q 384Remove the type information and the equal sign. 385.It Cm S 386Display the MIB name and the type information. 387This is the default behaviour. 388.It Cm v 389Only display the varbind value, removing the OID. 390.It Cm x 391Display the varbind string values as hexadecimal strings. 392.El 393.Pp 394The 395.Cm mibtree 396subcommand may only use the 397.Op Fl fnS 398output options; 399no output options are available for 400.Cm trap . 401.It Fl r Ar retries 402Set the number of 403.Ar retries 404in case of packet loss. 405Defaults to 5. 406.It Fl t Ar timeout 407Set the 408.Ar timeout 409to wait for a reply, in seconds. 410Defaults to 1. 411.It Fl u Ar user 412Sets the username. 413If 414.Fl v Cm 3 415is used, this option is required. 416This option is only used by 417.Fl v Cm 3 . 418.It Fl v Ar version 419Set the snmp protocol 420.Ar version 421to either 422.Cm 1 , 423.Cm 2c 424or 425.Cm 3 . 426Currently defaults to 427.Cm 3 . 428.It Fl X Ar privpass 429The privacy password for the user. 430This will be transformed to 431.Ar localpriv . 432This option is only used by 433.Fl v Cm 3 . 434.It Fl x Ar cipher 435Sets the cipher 436.Pq privacy 437protocol. 438Options are 439.Cm DES 440and 441.Cm AES . 442This option defaults to 443.Cm AES . 444This option is only used by 445.Fl v Cm 3 . 446.It Fl Z Ar boots , Ns Ar time 447Set the engine boots and engine time. 448Under normal circumstances this value is discovered via snmpv3 discovery and 449does not need to be specified. 450This option is only used by 451.Fl v Cm 3 . 452.El 453.Pp 454The syntax for the 455.Ar agent 456argument is 457.Oo Ar protocol : Oc Ns Ar address , 458with the following format: 459.Bl -column udp6XXXtcp6X address -offset indent 460.It Ar protocol Ta Ar address 461.It Cm udp | tcp Ta Ar hostname Ns Oo Pf : Ar port Oc | 462.Ar IPv4-address Ns Op Pf : Ar port 463.It Cm udp6 | tcp6 Ta Ar hostname Ns Oo Pf : Ar port Oc | 464.Cm \&[ Ns Ar IPv6-address Ns Cm \&] Ns Oo Pf : Ar port Oc | 465.Ar IPv6-address Ns Pf : Ar port 466.It Cm unix Ta Ar pathname 467.El 468.Pp 469The default 470.Ar protocol 471is 472.Cm udp 473and the default 474.Ar port 475is 161, except for the 476.Cm trap 477subcommand, which uses 162. 478.Cm udpv6 479and 480.Cm udpipv6 481are aliases for 482.Cm udp6 ; 483.Cm tcpv6 484and 485.Cm tcpipv6 486for 487.Cm tcp6 . 488To specify an IPv6-address without a 489.Ar port , 490the 491.Ar IPv6-address 492must be enclosed in square brackets. 493If the square brackets are omitted, 494the value after the last colon is always interpreted as a 495.Ar port . 496.Ss Data types 497Additional data sent to the server is formatted by specifying one or more 498triples of 499.Ar varoid , 500.Ar type , 501and 502.Ar value . 503Supported types are: 504.Bl -tag -width 1n -offset indent 505.It Cm a 506An IPv4 Address. 507.It Cm b 508A bitstring. 509A list of individual bit offsets separated by comma, space or tab. 510Must be supplied as a single argument. 511.It Cm c 512A counter32. 513.It Cm d 514A decimal string. 515A list of individual bytes in decimal form separated by space or tab. 516.It Cm i 517An integer. 518.It Cm n 519A null object. 520.It Cm o 521An OID. 522.It Cm s 523A regular string. 524.It Cm t 525Timeticks in centiseconds. 526.It Cm u 527Unsigned integer. 528.It Cm x 529A hex string. 530Similar to a decimal string, but in hexadecimal format. 531.El 532.Sh ENVIRONMENT 533.Bl -tag -width LC_CTYPE 534.It Ev LC_CTYPE 535The character encoding 536.Xr locale 1 537used for output. 538It decides whether objects having a display format of UTF-8 are printed as 539UTF-8, and whether each byte invalid according to the object's display format is 540printed as a UTF-8 replacement character 541.Pq Sq \[uFFFD] . 542.Pp 543If unset or set to 544.Qq C , 545.Qq POSIX , 546or an unsupported value, for objects having a display format of UTF-8, each 547.Em printable 548non-ASCII character is replaced with a single dot 549.Pq Sq \&. . 550Each byte invalid according to the object's display format is printed as a 551question mark 552.Pq Sq \&? . 553.Pp 554Each non-printable character is always replaced with a single dot 555.Pq Sq \&. . 556.El 557.Sh SEE ALSO 558.Xr snmpd 8 559.Sh HISTORY 560The 561.Nm 562program first appeared in 563.Ox 6.6 . 564.Sh AUTHORS 565The 566.Nm 567program was written by 568.An Martijn van Duren Aq Mt martijn@openbsd.org . 569