How to configure the hp-ux Emanate SNMP Agent for v3 access

  • KM00668198
  • 03-Dec-2013
  • 10-Aug-2018


This document shows how to configure the native hp-ux Emanate SNMP Agent for SNMP v3 access and to send SNMP v3 traps.


How can the hp-ux 11i native Emanate SNMP agent be configured to accept SNMP v3 queries and send SNMP v3 traps?


The hp-ux native Emanate SNMP agent is pre-installed on most hp-ux servers. By default, the Emanate SNMP agent is not configered to accept SNMP v3 requests. The system administrator needs to enable the Emanate Agent configuration for SNMP v3. The below procedure can be used to setup a default v3 configuration.

Procedure to create a new SNMP v3 configuration from scratch

1. Check the Emanate SNMP agent version by running the system command 'what' on the Emanate Agent binary, the version needs to list SNMP Research Distribution version or higher. Run the below commands as user 'root' to ensure proper access to the directories and files.

# what snmpdm
        $Revision: 92453-07 linker linker crt0.o B.11.37 031205 $
        HP92453-02A.11.00 HP-UX SYMBOLIC DEBUGGER (END.O ILP32) $Revision: 75.04 $
        Copyright 1992-2005 SNMP Research, Incorporated
        SNMP Research Distribution version

Note: The hp-ux CPE team releases Emanate Agent patches on a regular basis. The recent patche IDs are:

IA-64: PHSS_43647

2. Get the current Emanate Agent configuration by running a 'snmpwalk' on the system table, the information in this table is needed later on to setup the SNMP v3 basic agent configuration.

# nnmsnmpwalk.ovpl <hp-ux hostname> system

sysDescr.0 : OCTET STRING- (ascii): HP-UX l3000 B.11.11 U 9000/800 1184494621
sysUpTime.0 : Timeticks: (1987) 0:00:19.87
sysContact.0 : OCTET STRING- (ascii): hp-ux support team
sysName.0 : OCTET STRING- (ascii): l3000
sysLocation.0 : OCTET STRING- (ascii): HP Bern / BSC


3. Stop the running agent

To stop a running Emanate Agent run a kill -9 on the snmpdm pid

# ps -ef | grep snmpdm
# kill -9 <pid of snmpdm>

4. It is assumed that SNMP v3 has not been configured before. In order to enable v3, the directory /etc/srconf/agt must manually be created. If the directory already exists and contains a snmpd.cnf file, then skip to the procedure to add or modify an existing user at the end of this document.

# mkdir -p /etc/srconf/agt

5. Start the Emanate Agent to create the initial v3 setup and answer the questions. Highlighted in blue are the answers based on the system table queried in step 2:

# /usr/sbin/snmpdm
HP OpenView EMANATE Agent Version
Copyright 1989-2005 Hewlett-Packard Development Company, LP.
Enter sysDescr: HP-UX l3000 B.11.11 U 9000/800 1184494621
Enter sysLocation:
HP Bern / BSC
Enter sysContact:
hp-ux support team
Enter sysName: l3000
The following security postures are available (see RFCs 3414 and 3415):
    1) Minimum-secure
    2) Semi-secure
    3) Very-secure
Select a security posture: 2
You must enter passwords for the initial user.
Enter Authentication Password: authpass
Enter Privacy Password       : privpass
Enter IP address for trap destination: <trap-dest-ip-address>

6. As the above started the Emanate SNMP Master agent, it needs to be stopped once more to make a final modification to the configuration file.

ps -ef | grep snmpdm
kill -9 <pid of snmpmd>

7. Edit /etc/srconf/agt/snmpd.cnf

- locate the sysObjectID, change it from 0.0 to nm.3.2.5 (the value from step 2, nm can be used as a shortcut for .

# Entry type: sysObjectID
# Entry format: OID
sysObjectID  nm.3.2.5

8. Save the snmpd.cnf file.

9. Start the Emanate SNMP agent and the subagents:

# /usr/sbin/snmpd      (note: do not run /usr/sbin/snmpdm as this would only start the Emanate Master agent)

10. Revisit the snmpd.cnf file and note the 'default' v3 user name 'initial', this user now needs to be configured into the NNMi system as a v3 configuration item for this node:

User name: initial
Context: <empty>
Authentication pass phrase: authpass
Privacy pass phrase: privpass

Procedure to add a new v3 user to the existing SNMP v3 configuration (when configured using above method)

1.  Edit the file /etc/srconf/agt/snmpd.cnf

- locate the "usmUserEntry" block and add a new user, for example "v3user" with authentication pass phrase "authpass" and privacy pass phrase "privpass"
usmUserEntry  localSnmpID v3user usmHMACMD5AuthProtocol usmDESPrivProtocol \
    nonVolatile - \
"authpass" \
- locate the "vacmSecurityToGroupEntry" block and add a new group entry for the user v3user, pointing to the previously created group initial

vacmSecurityToGroupEntry  usm v3user initial nonVolatile

2. Save the file

3. Kill and restart the Emanate SNMP agent

ps -ef | grep snmpdm
kill -9 <pid of snmpdm>


Procedure to add a new user to existing SNMP v3 including new trap destinations

1.  Edit the file /etc/srconf/agt/snmpd.cnf

- scroll to the end of the file and add these lines defining a new user "root" with "authpass" and "privpass" authentication and privacy pass phrases. This user has access to all MIBs and sends traps to the destination and

# define the user "root" with authentication and privacy
usmUserEntry  localSnmpID root usmHMACMD5AuthProtocol usmDESPrivProtocol \
  nonVolatile anywhereTag \
  "authpass" \

# assign the user "root" to the Administator group
vacmSecurityToGroupEntry  usm root Administrator nonVolatile

# define the "Administator" access for the group "All"
vacmAccessEntry  Administrator - usm noAuthNoPriv exact All - All nonVolatile

# allow the group "All" to read the entire MIB (iso)
vacmViewTreeFamilyEntry  All iso - included nonVolatile

# add a new line per trap destination where the name (second) entry
# can be anything, it will be referenced in the next block to match against a target address
snmpNotifyEntry node1 Traps trap nonVolatile
snmpNotifyEntry node2 Traps trap nonVolatile

# Note: snmpTargetAddrEntry has 2 meanings:
# the first entry allows SNMP requests from any source
# the 2 next entries define trap destinations
snmpTargetAddrEntry  anywhere snmpUDPDomain 0 0 anywhereTag none \
    nonVolatile 2048
snmpTargetAddrEntry node1 snmpUDPDomain 100 3 Traps v3Params \
    nonVolatile 2048
snmpTargetAddrEntry node2 snmpUDPDomain 100 3 Traps v3Params \
    nonVolatile 2048

# defines the v3Params
snmpTargetParamsEntry v3Params 3 usm root noAuthNoPriv nonVolatile

2. Save the file

3. Kill and restart the Emanate SNMP agent

ps -ef | grep snmpdm
kill -9 <pid of snmpdm>

Note: To restart from scratch:
- kill -9 <pid of snmpdm>
- mv /etc/srcconf/agt/snmpd.* /tmp
- /usr/sbin/snmpdm  (and answer the questions)