Change SNMP Attributes (CHGSNMPA)

Where allowed to run: All environments (*ALL)
Threadsafe: No

The Change SNMP Attributes (CHGSNMPA) command changes values and options used by the IBM i SNMP agent. The command also is used to specify which SNMP managers receive traps generated by the local system.

The SNMP agent is shipped with the following values for the SNMP attributes.

Keyword: Value
SYSD: *SYSGEN
SYSCONTACT: *NONE
SYSLOC: *NONE
SNDAUTTRP: *YES
AUTOSTART: *NO
OBJACC: *READ
LOGSET: *NO
LOGGET: *NO
LOGTRP: *NO
TRPMGR: *NONE
ALWSNMPV3: *NO
DFTTIMEOUT: *DFT
MAXTIMEOUT: *DFT
ALWDUPID: *YES
SNMPENGID: *SYSGEN
SNMPENGB: *DFT

Restrictions:

You must have input/output system configuration (*IOSYSCFG) special authority to use this command.

Top

Parameters

Keyword	Description	Choices	Notes
SYSD	System description	Character value, SAME, NONE, *SYSGEN	Optional
SYSCONTACT	System contact	Character value, SAME, NONE, *CNTINF	Optional
SYSLOC	System location	Character value, SAME, NONE, *CNTINF	Optional
SNDAUTTRP	Send authentication traps	SAME, YES, *NO	Optional
AUTOSTART	Automatic start	SAME, YES, *NO	Optional
OBJACC	Object access	SAME, READ, WRITE, NONE	Optional
LOGSET	Log set requests	SAME, YES, *NO	Optional
LOGGET	Log get requests	SAME, YES, *NO	Optional
LOGTRP	Log traps	SAME, YES, *NO	Optional
TRPMGR	Trap managers	Single values: SAME, NONE Other values (up to 300 repetitions): Element list	Optional
	Element 1: Manager internet address	Character value
	Element 2: Manager internet address mask	Character value
	Element 3: Community name	Character value
	Element 4: Translate community name	YES, NO
ALWSNMPV3	Allow SNMPv3 support	SAME, YES, *NO	Optional
DFTTIMEOUT	Default sub-agent timeout	1-3600, SAME, DFT	Optional
MAXTIMEOUT	Maximum sub-agent timeout	1-3600, SAME, DFT	Optional
ALWDUPID	Allow duplicate identifiers	SAME, YES, *NO	Optional
SNMPENGID	SNMP engine identifier	Character value, SAME, SYSGEN	Optional
SNMPENGB	SNMP engine boots	0-2147483647, SAME, DFT	Optional

Top

System description (SYSD)

Specifies a textual description of the IBM i. It is suggested that this value should include the full name and version identification of the system's hardware type, software operating system, and/or networking software.

*SAME: The value does not change.
*SYSGEN: The description is generated by the system.
*NONE: No system description exists.
system-description: Specify the description of the system.

Top

System contact (SYSCONTACT)

Specifies the name of the contact person for this IBM i, along with information on how to contact this person. This value is used only by SNMP-specific functions. This value also may be read or modified by an authorized SNMP manager.

*SAME: The value does not change.
*NONE: No system contact exists.
*CNTINF: The value is obtained from the service contact information specified by using the Work with Contact Information (WRKCNTINF) command. The value obtained consists of the contact person and the contact telephone numbers.
system-contact: Specify the name of the contact person and other contact information.

Top

System location (SYSLOC)

Specifies the physical location of this IBM i. This value is used only by SNMP-specific functions. This value also may be read or modified by an authorized SNMP manager.

*SAME: The value does not change.
*NONE: No system location information exists.
*CNTINF: The value is obtained from the service contact information specified by using the Work with Contact Information (WRKCNTINF) command. The value obtained consists of the mailing address.
system-location: Specify the physical location of the system.

Top

Send authentication traps (SNDAUTTRP)

Specifies whether the SNMP agent may send any authenticationFailure traps to any defined SNMP managers. An authenticationFailure trap is sent by the SNMP agent if a request is received from an SNMP manager that contains a community name that is not recognized by the SNMP agent. This trap is only sent when SNDAUTTRP is *YES and when at least one trap manager has been defined. This value may also be read or modified by an authorized SNMP manager.

*SAME: The value does not change.
*YES: authenticationFailure traps may be sent.
*NO: authenticationFailure traps are not sent.

Top

Automatic start (AUTOSTART)

Specifies whether the SNMP agent is started when the STRTCP command or STRTCPSVR SERVER(*AUTOSTART) command runs.

*SAME: The value does not change.
*YES: The SNMP agent is started when the STRTCP command or STRTCPSVR SERVER(*AUTOSTART) command runs.
*NO: The SNMP agent is not started when the STRTCP command runs.

Top

Object access (OBJACC)

Specifies the default object access for SNMP communities.

*SAME: The value does not change.
*READ: Allow SNMP managers that are part of a community to read all management information base (MIB) objects. Modification of MIB objects by SNMP managers is not permitted.
*WRITE: Allow SNMP managers that are part of a community to modify all MIB objects that can be modified. Specifying *WRITE implies *READ access.
*NONE: Do not allow SNMP managers that are part of a community to modify any MIB objects.

Top

Log set requests (LOGSET)

Specifies the default value for whether set requests from SNMP managers in a community are logged in journal QSNMP in library QUSRSYS.

*SAME: The value does not change.
*YES: Set requests are logged.
*NO: Set requests are not logged.

Top

Log get requests (LOGGET)

Specifies the default value for whether get requests and get-next requests from SNMP managers in a community are logged in journal QSNMP in library QUSRSYS.

*SAME: The value does not change.
*YES: Get requests and get-next requests are logged.
*NO: Get requests and get-next requests are not logged.

Top

Log traps (LOGTRP)

Specifies whether traps are logged in journal QSNMP in library QUSRSYS.

*SAME: The value does not change.
*YES: Traps are logged.
*NO: Traps are not logged.

Top

Trap managers (TRPMGR)

Specifies which SNMP managers receive traps generated by the IBM i SNMP agent.

*SAME: The value does not change.
*NONE: No SNMP managers receive traps.
Element 1: Manager Internet Address
manager-internet-address: Specify the internet address of the SNMP manager. The internet address may be an IPv4 or IPv6 address. An IPv4 internet address is specified in the form nnn.nnn.nnn.nnn, where nnn is a decimal number ranging from 0 through 255. An IPv4 internet address is not valid if it has a value of all binary ones or all binary zeros for the network identifier (ID) portion or the host ID portion of the address. An IPv6 internet address is specified in the form x:x:x:x:x:x:x:x, where x is a hexadecimal number ranging from 0 through X'FFFF'. "::" may be used once in the IPv6 address to indicate one or more groups of 16 bits of zeros. The "::" may be used to compress leading, imbedded, or trailing zeros in the address. This address is independent of the manager internet address specified on the ADDCOMSNMP and CHGCOMSNMP commands.
Element 2: IP address mask
manager-internet-address-mask: If the associated manager address is an IPv6 address, then the internet address mask is either an IPv6 address mask (for example, FFFF:FFFF::) or an integer from 0 to 128 specifying the number of IPv6 address prefix bits used to construct an IPv6 address mask. If the manager internet address is an IPv4 address, then internet address mask is either an IPv4 address mask (for example, 255.255.255.0) or an integer from 0 to 32 specifying the number of IPv4 address prefix bits used to construct an IPv4 address mask.
Element 3: Community Name
community-name: Specify the SNMP community name to be placed in the traps sent to this SNMP manager. The community name specified in this element is independent of the community name specified on the ADDCOMSNMP, CHGCOMSNMP, and RMVCOMSNMP commands. The name may contain characters that cannot be displayed.
Element 4: Translate Community Name
*YES: The community name is translated to ASCII characters when a trap is sent to the SNMP manager. This value should be specified when the community name consists entirely of characters that can be displayed. An error message is sent if the community name cannot be translated to ASCII characters.
*NO: The community name is not translated to ASCII characters when a trap is sent to the SNMP manager. This value should be specified when the community name contains one or more characters that cannot be displayed.

Top

Allow SNMPv3 support (ALWSNMPV3)

Specifies if SNMP version 3 (SNMPv3) support is enabled. The primary goal of SNMPv3 is to define a secure version of the SNMP by protecting the system from common threats such as modification of information, masquerade, disclosure, and message stream modification. SNMPv3 allows the configuration of SNMP users and access control to the managed objects based on the user trying to access them. SNMPv3 also facilitates remote configuration of the SNMP entities, which make remote administration of SNMP entities a much simpler task. In order to configure the list of SNMP users, the CFGTCPSNMP option 3 command can be used. The SNMPD.CONF file located in /QIBM/UserData/OS/SNMP/ is the SNMPv3 configuration file and is where all the users and their associated views are added.

*SAME: The value does not change.
*YES: SNMPv3 support is enabled.
*NO: SNMPv3 support is not enabled.

Top

Default sub-agent timeout (DFTTIMEOUT)

Specifies the default timeout (in seconds) that this agent waits for a response from a Subagent. This value is used if a timeout value is not specified for the subtree nor for the subagent that exports.

*SAME: The value does not change.
*DFT: The default timeout value of 5 seconds is used.
1-3600: Specify the number of seconds to be used for the default sub-agent timeout value. NOTEThis value should be equal or less than the value specified for MAXTIMEOUT.

Top

Maximum sub-agent timeout (MAXTIMEOUT)

Specifies the maximum timeout (in seconds) that this agent allows for timeout values for Sub-agents. When you try to set any other timeout value it must be between 1 and this maximum value.

*SAME: The value does not change.
*DFT: The default timeout value of 60 seconds is used.
1-3600: Specify the number of seconds to be used for the maximum sub-agent timeout value.

Top

Allow duplicate identifiers (ALWDUPID)

Specifies if multiple instances of a sub-agent (as identified by the sub-agent Identifier) are allowed. Setting this parameter to the value *NO will prevent (new) duplicate sub-agent identifiers. However, if any duplicates exist when the parameter value is set to *NO, the agent will not remove them, that is considered a manager responsibility. This parameter must be set to *YES in order to allow multiple Distributed Program Interface (DPI) version 1 sub-agents.

*SAME: The value does not change.
*YES: Duplicate sub-agent identifiers are allowed.
*NO: Duplicate sub-agent identifiers are not allowed.

Top

SNMP engine identifier (SNMPENGID)

Uniquely identifies the agent within an administrative domain. By default, the engine identifier is created using a vendor-specific formula and incorporates the IP address of the agent. However, any engine identifier that is consistent with the snmpEngineID definition in RFC 3411 and that is also unique within the administrative domain can be specified.

*SAME: The value does not change.
*SYSGEN: The engine identifier is generated by the IBM i SNMP agent.
engine-identifier: Specify the engine identifier to be be used for the IBM i SNMP agent.

Top

SNMP engine boots (SNMPENGB)

Specifies the number of times the agent has been restarted since the SNMP engine identifier was last changed.

*SAME: The value does not change.
*DFT: The default value of 0 is used.
0-2147483647: Specify the number of times the IBM i SNMP agent has been restarted since the last change of the engine identifier. Note that a value of 2147483647 is used to indicate that the SNMP agent was unable to determine its latest SNMP engine boots value or that it has reached the maximum number of boots. In order for the SNMP server to start, this value should be set to a value different from 2147483647 either by reseting the value of the SNMP engine boots or by changing the SNMP engine identifier.

Top

Examples

Example 1: Changing System Description, System Contact and Automatic Start

CHGSNMPA SYSD('IBM i 7.1 SNMP agent')  SYSCONTACT('JOE SMITH, PHONE 555-
         1212') AUTOSTART(*NO)

This command changes the system description and system contact information, and specifies that the SNMP agent should not start when the STRTCP command runs. All other values are unchanged.

Example 2: Changing Trap Managers

CHGSNMPA   TRPMGR(('9.8.7.6' '255.255.0.0' 'TRAPCOMMUNITY')
                  ('2001:db8::10f' 64 'TRAPCOMMUNITY2'))

This command causes any traps generated by the local System i5 to be sent to SNMP managers that have internet protocol addresses 9.8.7.6 and 2001:db8::10f. Community name TRAPCOMMUNITY is placed in traps sent to 9.8.7.6, and community name TRAPCOMMUNITY2 is placed in traps sent to 2001:db8::10f. For both managers the community name is translated to ASCII characters before being placed in the trap.

Example 3: Enabling SNMPv3, changing the Default and Maximum Sub-agent Timeout, allowing Duplicate Sub-agent IDs, regenerating the SNMP engine ID and reseting the SNMP engine boots value

CHGSNMPA   ALWSNMPV3(*YES) DFTTIMEOUT(10) MAXTIMEOUT(3600) ALWDUPID(*YES)
SNMPENGID(*SYSGEN) SNMPENGB(0)

This command allows SNMPv3 to be enabled in the system and changes the default subagent timeout to 10 and the maximum sub-agent timeout to 3600. This command also allows multiple instances of sub-agent identifiers, indicates the IBM i agent to generate the SNMP engine and resets the SNMP engine boots count. All other values are unchanged.

Top

Error messages

*ESCAPE Messages

TCP4001: Error occurred accessing SNMP configuration information.
TCP8050: *IOSYSCFG authority required to use &1.

Top