Template:FAQ:Agent 05

From Net-SNMP Wiki
Jump to: navigation, search

Deleting the text file for a MIB does not affect the agent (other than to prevent it from recognising MIB object names in the config files). It's necessary to tell the agent not to activate the relevant code that actually implements these objects. There are three ways to do this:

There are three options to prevent the agent returning information from a particular MIB:

  • re-run configure to exclude the given MIB module(s) from the build configuration, then recompile and reinstall:
         ./configure --with-out-mib-modules=path/to/unwanted   ....
         make
         make install

This specifies the path to the module code file, relative to the agent/mibgroup directory. Clearly, this approach is only possible if you are working with a source distribution.

  • disable the MIB at runtime
         snmpd -I -unwanted

Note that this relies on knowing which modules are used to implement the relevant MIB objects. If you're not sure, you could try walking the nsModuleName MIB object, which indicates the module responsible for each particular range of OIDs.

You can also check which MIB modules are loaded by getting the agent to report them as they are initialised: 

         snmpd -Dmib_init -H

From this information, it should then be fairly obvious which modules to disable.

  • use access control to exclude the mib from the view used to query the agent:
         view    almostEverything  included   .1
         view    almostEverything  excluded   unwantedMib
         
         rocommunity  public  default  -V almostEverything

This approach can also be used with the full com2sec/group/access configuration directives (e.g. with versions earlier than 5.3, which don't support the above mechanism).

Retrieved from "http://www.net-snmp.org/wiki/index.php?title=Template:FAQ:Agent_05&oldid=3878"