SNMP4J-CLT-Usage
Last modified by Frank Fock on 2024/05/25 10:51
SNMP4J Command-Line Tool, version 3.5.x
Type
java -SNMP4J-CLT.jar help <command>
for help on a specific command.
Type
java -jar SNMP4J-CLT.jar example <command>
for examples on a specific command.
Type
java -jar SNMP4J-CLT.jar version
to see the program version.
Type
java -jar SNMP4J-CLT.jar -L "<license>" "<key>" defaults list
to register your license (you then do not need to enter it for subsequent commands).
Most commands take agent address and OID list arguments. A list of the
available options for each command is listed after the command description.
The description of all options follows the command list.
Standard parameter formats are:
<OID>:
- An object identifier is either a dotted notation like '1.3.6.1.2.2.1.0'.
- An object name with dotted numeric suffix like 'IF-MIB:ifDescr.0' or 'sysName' (requires MIB information).
- An columnar OBJECT-TYPE name with formatted index, e.g. vacmAccessContextMatch."v3group"."".3.'authPriv(3)' (requires MIB information).
<address>: [upd:|tcp:]<host>[/<port>]
Host is either an IP address or hostname and port is the SNMP port
of the target SNMP entity.
create-snapshot:
create-snapshot <file> <address> <OID>
defaults:
defaults <action>
list
reset
save
dump-snapshot:
dump-snapshot <file>
example:
example <command>
get:
get <address> <OID> [..]
getbulk:
[-Cr <repeaters>] [-Cn <non-repeaters>] getbulk <address> <OID> [..]
getnext:
getnext <address> <OID> [..]
help:
help [command]|all
inform:
inform <address> <OID>={<type>}<value> [..]
license:
license
listen:
listen <address>
mib:
mib <action> [<mib>]
add <mib-file>
del <mib-module-name>
list
oid:
oid [find|find-by-descr] <regex>
find oid find <regex>
find-by-descr oid find-by-descr <regex>
set:
set <address> <OID>={<type>}<value> [..]
smi:
smi <OID> [..]
table:
table <address> <OID> [..]
trap:
[-To <notificationID>] trap <address> <OID>={<type>}<value> [..]
usmDHKey:
usmKey auth|priv|authPriv <address> <oldpwd> <newpwd> [<user>]
auth usmDHKey auth <address> [<user>]
priv usmDHKey priv <address> [<user>]
authPriv usmDHKey authPriv <address> [<user>]
usmDHKickstartInit:
usmDHKickstartInit -privateKeysFile <dhKickstartPrivKeys.properties> <address> [<user> ..]
usmDHKickstartRun:
usmDHKickstartRun -privateKeysFile <dhKickstartPrivKeys.properties> <address> [<user> ..]
usmKey:
usmKey auth|priv|authPriv <address> <old> <new> [<user>]
auth usmKey auth <address> <old> <new> [<user>]
priv usmKey priv <address> <old> <new> [<user>]
authPriv usmKey authPriv <address> <oldpwd> <newpwd> [<user>]
usmUser:
usmUser create|delete <address> <user> [<cloneFromUser> [<cloneFromEngineID>]]
create [-CE <usmUserEngineID>] [-createAndWait] usmUser create <address> <user> [<cloneFromUser> [<cloneFromEngineID>]]
delete [-CE <usmUserEngineID>] usmUser delete <address> <user>
v1trap:
-Te eid -Ts sid -Tg gid -Ta addr v1trap <address> <OID>={<type>}<value> [..]
version:
version
walk:
walk <address> <OID>
xml:
xml <output-dir>
OPTIONS:
-A authPassphrase Set the authentication pass phrase for
authenticated SNMPv3 messages.
-CB Display brief column headers. Common prefixes will
be dropped.
-CE usmUserTableEngineID Set usmUserTableEngineID to be used as part of
the index of the usmUserTable. Default is to use
the authoritative engine ID (set via -e or probed)
as the usmUserTableEngineID.
-CH Do not display column headers.
-Cb bufferSize The number of table rows to buffer before computing
column sizes.
-Cc columnWidth Print table columns with specified character width.
-Cf columnSeparator Separate table columns with the specified separator
string. The table is printed in compact form. By
default, columns are separated by spaces and
aligned.
-Ch Display only column headers.
-Ci Prepend the index for each printed row.
-Cil lowerBoundIndex Set the lower bound index for TABLE operations.
-Ciu upperBoundIndex Set the upper bound index for TABLE operations.
-Cl Left justify all cells when printing a table.
-Cn non-repeaters Set the non-repeaters field for GETBULK PDUs. It
specifies the number of supplied variables that
should not be iterated over. The default is 0.
-Cr max-repetitions Set the max-repetitions field for GETBULK PDUs.
This specifies the maximum number of iterations
over the repeating variables. The default is 10.
-Cw Specify the line width when printing tables
-Djavax.net.ssl.keyStore keyStoreFile The key store file with SSL keys for
the TLS protocol.
-Djavax.net.ssl.keyStorePassword keyStorePassword The password for the key
store file with SSL keys for TLS.
-Djavax.net.ssl.trustStore keyStoreFile The trust store file with trusted
(public) SSL keys for the TLS protocol.
-Djavax.net.ssl.trustStorePassword keyStorePassword The password for the
trust store file.
-Dn Do not use any default option values stored in
config.
-E contextEngineID Set the context engine ID used for the SNMPv3
scoped PDU. The authoritative engine ID will be
used for the context engine ID, if the latter is
not specified.
-L license key Specify license and associated key. The license
info will be saved in the SNMP4J-CLT config file in
your home directory. Enter each license part
enclosed in quotes, for example by '-L "b6 80 4d 68
3a 8 c0 f4" "O?fWO-3s"'
-M mibRepositoryPath Set the path to the MIB repository to be used to
resolve object names (OIDs) and parse/format object
values ('repository' is the default). The
repository directory must contain compiled MIB
modules files only.
-Oesc escapeCharacter Escape character used in non-printable OCTET-STRING
values to print them as strings (instead of
hex-strings). Default is '_' and 'x' disables
escaping and enables hex-string output.
-Ors maxSizeRespPDU The maximum size of the response PDU in bytes.
-OtCSV For each SNMP row received exactly one row of comma
separated values will be printed to the console
where the first column contains the row index.
-Otd Activates dense table operation mode which improves
table retrieval performance on regular (dense)
tables. This option must not be used with sparse
tables.
-Otmr tableMaxRows Specifies the maximum number of table rows to
retrieve (default is no limit: 0).
-OttCSV Same as -OtCSV except that each row's first column
will report the current time (millis after
1.1.1970) when the request has been sent.
-Ta agentAddress Set the agent address field of a V1TRAP PDU. The
default value is '0.0.0.0'.
-Te enterpriseOID Set the enterprise OID field of a V1TRAP PDU.
-Tg genericID Set the generic ID for SNMPv1 TRAPs (V1TRAP). The
default is 0 (coldStart).
-To trapOID Sets the trapOID (1.3.6.1.6.3.1.1.4.1.0) of an
INFORM or TRAP PDU. The default is
1.3.6.1.6.3.1.1.5.1.
-Ts specificID Set the specific ID for V1TRAP PDU. The default is
0.
-Tu upTime Set the sysUpTime field of an INFORM, TRAP, or
V1TRAP PDU.
-Y privacyPassphrase Set the privacy pass phrase for encrypted SNMPv3
messages.
-a authProtocol Set the authentication protocol used to
authenticate SNMPv3 messages. Valid values are MD5
and SHA, SHA224, SHA256, SHA384, and SHA512.
-b bindAddress Set local interface and port to use for outgoing
SNMP messages. By default, this is 0.0.0.0/0 (host
chosen port on all local IPv4 addresses).
-bc engineBootCount Set the engine boot count to the specified value
greater or equal to zero. Default is zero.
-c community Set the community for SNMPv1/v2c messages.
-createAndWait Use the createAndWait(5) RowStatus to create new
rows instead of createAndGo(4) which might not be
supported on certain devices.
-d debugLevel Set the global debug level for Log4J logging
output. Valid values are OFF, ERROR, WARN, INFO,
and DEBUG.
-dhp usmDHParameters The octet string (provided as colon separated
hexadecimal string) containing the BER encoded
ASN.1 sequence of prime (p) and base (g) as defined
by RFC2786 usmDHParamters OBJECT-TYPE. The default
value is (without line breaks):
10:69:02:61:00:ff:ff:ff:ff:ff:ff:ff:ff:c9:0f:
da:a2:21:68:c2:34:c4:c6:62:8b:80:dc:1c:d1:29:
02:4e:08:8a:67:cc:74:02:0b:be:a6:3b:13:9b:22:
51:4a:08:79:8e:34:04:dd:ef:95:19:b3:cd:3a:43:
1b:30:2b:0a:6d:f2:5f:14:37:4f:e1:35:6d:6d:51:
c2:45:e4:85:b5:76:62:5e:7e:c6:f4:4c:42:e9:a6:
3a:36:20:ff:ff:ff:ff:ff:ff:ff:ff:02:01:02:02:
01:10
-dhx diffieHellmanPropertyPrefix The property prefix used with the
privateKeysFile for the usmDHKickstartInit and
usmDHKickstartRun commands. By default
'org.snmp4j.' is used.
-dtls-version dtlsVersion Specifies the DTLS version to use. Possible
values are DTLSv1.0 and DTLSv1.2 (default).
-e engineID Set the authoritative engine ID of the command
responder used for SNMPv3 request messages. If not
supplied, the engine ID will be discovered.
-f 1|2|3|4 Set the OID output format, where 1 = numeric, 2 =
last name and numeric index, 3 = last name and
formatted index without quoting, and 4 = last name
and formatted index including hex-formatting of
non-printable strings. The default is 4.
-h windowSize Set the window height in rows. If the value is
greater than zero, every windowSize rows the user
is prompted to continue output. Default is zero.
-ilo Do not check for lexicographic ordering errors
while walking a subtree. Using this option may
cause endless looping if an agent does not
implement lexicographic ordering correctly!
-l localEngineID Set the local engine ID of the command generator
and the notification receiver used for SNMPv3
request messages. This option can be used to avoid
engine ID clashes through duplicate IDs leading to
usmStatsNotInTimeWindows reports.
-m mibModuleName Load the specified MIB module from the MIB
repository specified by the -M option. The
mibModuleName can be a regular expression, e.g. use
'SNMPv2-.*' to load all MIB modules in the
repository that start with 'SNMPv2-'.
-n contextName Set the target context name for SNMPv3 messages.
Default is the empty string.
-p Dump sent and received packets as hex string.
-r retries Set the number of retries used for requests. A zero
value will send out a request exactly once. Default
is 1.
-rsl low|basic|secure Set the security level strategy for auto-responses
to REPORT PDUs The default is 'low' for better
error handling. Use 'secure' for max. security
(i.e. never send noAuthNoPriv). The basic level is
conforming to RFC 3412 and 3414 allowing
'noAuthNoPriv' for engine ID discovery and wrong
username reports.
-s Suppress any output on stderr (silent mode).
-t timeout Set the timeout in milliseconds between retries.
Default is 1000 milliseconds.
-tls-cert-fingerprint certFingerprint The fingerprint of the trusted
certificate presented by the remote SNMP engine as
hex string. If the fingerprint does not match,
connection will not be established. Use this option
with the "tls:" or "dtls:" transport domain.
-tls-local-id certAlias The local certificate alias identity which selects
a certificate chain from the local key store. Only
the selected certificate chain will be presented to
the remote SNMP engine. Use this option with the
"tls:" or "dtls:" transport domain.
-tls-peer-id subjectDN The subject DN (e.g., "EMAILADDRESS=email@host.com,
C=US, CN=My Name") of the trusted certificate
presented by the remote SNMP engine ID. Use this
option with the "tls:" or "dtls:" transport domain.
-tls-trust-ca issuerDN The issuer DN (e.g., "Company Name CA") of a
trusted certification authority (CA) presented by
the remote SNMP engine ID for TLS and DTLS.
-tls-version tlsVersion The TLS version to use with the 'tls:' transport
protocol. Currently only 'TLSv1', 'TLSv1.1', and
'TLSv1.2' are supported with Java 7 or later.
'TLSv1' is the default which is supported with Java
6 too.
-u securityName Set the security name for authenticated v3
messages.
-v 1|2c|3 Set the SNMP protocol version to be used. Default
is 3.
-w consoleWidth Specifies the width of the console output, default
is 80 characters.
-y privacyProtocol Set the privacy protocol to be used to encrypt
SNMPv3 messages. Valid values are DES, AES
(AES128), AES192, AES256, AES192p, AES256p, and
3DES(DESEDE). The AES protocols that end with 'p'
(for proprietary) are using a non-standardized key
extension algorithm from 3DES.
create-snapshot <file> <address> <OID>
defaults:
defaults <action>
list
reset
save
dump-snapshot:
dump-snapshot <file>
example:
example <command>
get:
get <address> <OID> [..]
getbulk:
[-Cr <repeaters>] [-Cn <non-repeaters>] getbulk <address> <OID> [..]
getnext:
getnext <address> <OID> [..]
help:
help [command]|all
inform:
inform <address> <OID>={<type>}<value> [..]
license:
license
listen:
listen <address>
mib:
mib <action> [<mib>]
add <mib-file>
del <mib-module-name>
list
oid:
oid [find|find-by-descr] <regex>
find oid find <regex>
find-by-descr oid find-by-descr <regex>
set:
set <address> <OID>={<type>}<value> [..]
smi:
smi <OID> [..]
table:
table <address> <OID> [..]
trap:
[-To <notificationID>] trap <address> <OID>={<type>}<value> [..]
usmDHKey:
usmKey auth|priv|authPriv <address> <oldpwd> <newpwd> [<user>]
auth usmDHKey auth <address> [<user>]
priv usmDHKey priv <address> [<user>]
authPriv usmDHKey authPriv <address> [<user>]
usmDHKickstartInit:
usmDHKickstartInit -privateKeysFile <dhKickstartPrivKeys.properties> <address> [<user> ..]
usmDHKickstartRun:
usmDHKickstartRun -privateKeysFile <dhKickstartPrivKeys.properties> <address> [<user> ..]
usmKey:
usmKey auth|priv|authPriv <address> <old> <new> [<user>]
auth usmKey auth <address> <old> <new> [<user>]
priv usmKey priv <address> <old> <new> [<user>]
authPriv usmKey authPriv <address> <oldpwd> <newpwd> [<user>]
usmUser:
usmUser create|delete <address> <user> [<cloneFromUser> [<cloneFromEngineID>]]
create [-CE <usmUserEngineID>] [-createAndWait] usmUser create <address> <user> [<cloneFromUser> [<cloneFromEngineID>]]
delete [-CE <usmUserEngineID>] usmUser delete <address> <user>
v1trap:
-Te eid -Ts sid -Tg gid -Ta addr v1trap <address> <OID>={<type>}<value> [..]
version:
version
walk:
walk <address> <OID>
xml:
xml <output-dir>
OPTIONS:
-A authPassphrase Set the authentication pass phrase for
authenticated SNMPv3 messages.
-CB Display brief column headers. Common prefixes will
be dropped.
-CE usmUserTableEngineID Set usmUserTableEngineID to be used as part of
the index of the usmUserTable. Default is to use
the authoritative engine ID (set via -e or probed)
as the usmUserTableEngineID.
-CH Do not display column headers.
-Cb bufferSize The number of table rows to buffer before computing
column sizes.
-Cc columnWidth Print table columns with specified character width.
-Cf columnSeparator Separate table columns with the specified separator
string. The table is printed in compact form. By
default, columns are separated by spaces and
aligned.
-Ch Display only column headers.
-Ci Prepend the index for each printed row.
-Cil lowerBoundIndex Set the lower bound index for TABLE operations.
-Ciu upperBoundIndex Set the upper bound index for TABLE operations.
-Cl Left justify all cells when printing a table.
-Cn non-repeaters Set the non-repeaters field for GETBULK PDUs. It
specifies the number of supplied variables that
should not be iterated over. The default is 0.
-Cr max-repetitions Set the max-repetitions field for GETBULK PDUs.
This specifies the maximum number of iterations
over the repeating variables. The default is 10.
-Cw Specify the line width when printing tables
-Djavax.net.ssl.keyStore keyStoreFile The key store file with SSL keys for
the TLS protocol.
-Djavax.net.ssl.keyStorePassword keyStorePassword The password for the key
store file with SSL keys for TLS.
-Djavax.net.ssl.trustStore keyStoreFile The trust store file with trusted
(public) SSL keys for the TLS protocol.
-Djavax.net.ssl.trustStorePassword keyStorePassword The password for the
trust store file.
-Dn Do not use any default option values stored in
config.
-E contextEngineID Set the context engine ID used for the SNMPv3
scoped PDU. The authoritative engine ID will be
used for the context engine ID, if the latter is
not specified.
-L license key Specify license and associated key. The license
info will be saved in the SNMP4J-CLT config file in
your home directory. Enter each license part
enclosed in quotes, for example by '-L "b6 80 4d 68
3a 8 c0 f4" "O?fWO-3s"'
-M mibRepositoryPath Set the path to the MIB repository to be used to
resolve object names (OIDs) and parse/format object
values ('repository' is the default). The
repository directory must contain compiled MIB
modules files only.
-Oesc escapeCharacter Escape character used in non-printable OCTET-STRING
values to print them as strings (instead of
hex-strings). Default is '_' and 'x' disables
escaping and enables hex-string output.
-Ors maxSizeRespPDU The maximum size of the response PDU in bytes.
-OtCSV For each SNMP row received exactly one row of comma
separated values will be printed to the console
where the first column contains the row index.
-Otd Activates dense table operation mode which improves
table retrieval performance on regular (dense)
tables. This option must not be used with sparse
tables.
-Otmr tableMaxRows Specifies the maximum number of table rows to
retrieve (default is no limit: 0).
-OttCSV Same as -OtCSV except that each row's first column
will report the current time (millis after
1.1.1970) when the request has been sent.
-Ta agentAddress Set the agent address field of a V1TRAP PDU. The
default value is '0.0.0.0'.
-Te enterpriseOID Set the enterprise OID field of a V1TRAP PDU.
-Tg genericID Set the generic ID for SNMPv1 TRAPs (V1TRAP). The
default is 0 (coldStart).
-To trapOID Sets the trapOID (1.3.6.1.6.3.1.1.4.1.0) of an
INFORM or TRAP PDU. The default is
1.3.6.1.6.3.1.1.5.1.
-Ts specificID Set the specific ID for V1TRAP PDU. The default is
0.
-Tu upTime Set the sysUpTime field of an INFORM, TRAP, or
V1TRAP PDU.
-Y privacyPassphrase Set the privacy pass phrase for encrypted SNMPv3
messages.
-a authProtocol Set the authentication protocol used to
authenticate SNMPv3 messages. Valid values are MD5
and SHA, SHA224, SHA256, SHA384, and SHA512.
-b bindAddress Set local interface and port to use for outgoing
SNMP messages. By default, this is 0.0.0.0/0 (host
chosen port on all local IPv4 addresses).
-bc engineBootCount Set the engine boot count to the specified value
greater or equal to zero. Default is zero.
-c community Set the community for SNMPv1/v2c messages.
-createAndWait Use the createAndWait(5) RowStatus to create new
rows instead of createAndGo(4) which might not be
supported on certain devices.
-d debugLevel Set the global debug level for Log4J logging
output. Valid values are OFF, ERROR, WARN, INFO,
and DEBUG.
-dhp usmDHParameters The octet string (provided as colon separated
hexadecimal string) containing the BER encoded
ASN.1 sequence of prime (p) and base (g) as defined
by RFC2786 usmDHParamters OBJECT-TYPE. The default
value is (without line breaks):
10:69:02:61:00:ff:ff:ff:ff:ff:ff:ff:ff:c9:0f:
da:a2:21:68:c2:34:c4:c6:62:8b:80:dc:1c:d1:29:
02:4e:08:8a:67:cc:74:02:0b:be:a6:3b:13:9b:22:
51:4a:08:79:8e:34:04:dd:ef:95:19:b3:cd:3a:43:
1b:30:2b:0a:6d:f2:5f:14:37:4f:e1:35:6d:6d:51:
c2:45:e4:85:b5:76:62:5e:7e:c6:f4:4c:42:e9:a6:
3a:36:20:ff:ff:ff:ff:ff:ff:ff:ff:02:01:02:02:
01:10
-dhx diffieHellmanPropertyPrefix The property prefix used with the
privateKeysFile for the usmDHKickstartInit and
usmDHKickstartRun commands. By default
'org.snmp4j.' is used.
-dtls-version dtlsVersion Specifies the DTLS version to use. Possible
values are DTLSv1.0 and DTLSv1.2 (default).
-e engineID Set the authoritative engine ID of the command
responder used for SNMPv3 request messages. If not
supplied, the engine ID will be discovered.
-f 1|2|3|4 Set the OID output format, where 1 = numeric, 2 =
last name and numeric index, 3 = last name and
formatted index without quoting, and 4 = last name
and formatted index including hex-formatting of
non-printable strings. The default is 4.
-h windowSize Set the window height in rows. If the value is
greater than zero, every windowSize rows the user
is prompted to continue output. Default is zero.
-ilo Do not check for lexicographic ordering errors
while walking a subtree. Using this option may
cause endless looping if an agent does not
implement lexicographic ordering correctly!
-l localEngineID Set the local engine ID of the command generator
and the notification receiver used for SNMPv3
request messages. This option can be used to avoid
engine ID clashes through duplicate IDs leading to
usmStatsNotInTimeWindows reports.
-m mibModuleName Load the specified MIB module from the MIB
repository specified by the -M option. The
mibModuleName can be a regular expression, e.g. use
'SNMPv2-.*' to load all MIB modules in the
repository that start with 'SNMPv2-'.
-n contextName Set the target context name for SNMPv3 messages.
Default is the empty string.
-p Dump sent and received packets as hex string.
-r retries Set the number of retries used for requests. A zero
value will send out a request exactly once. Default
is 1.
-rsl low|basic|secure Set the security level strategy for auto-responses
to REPORT PDUs The default is 'low' for better
error handling. Use 'secure' for max. security
(i.e. never send noAuthNoPriv). The basic level is
conforming to RFC 3412 and 3414 allowing
'noAuthNoPriv' for engine ID discovery and wrong
username reports.
-s Suppress any output on stderr (silent mode).
-t timeout Set the timeout in milliseconds between retries.
Default is 1000 milliseconds.
-tls-cert-fingerprint certFingerprint The fingerprint of the trusted
certificate presented by the remote SNMP engine as
hex string. If the fingerprint does not match,
connection will not be established. Use this option
with the "tls:" or "dtls:" transport domain.
-tls-local-id certAlias The local certificate alias identity which selects
a certificate chain from the local key store. Only
the selected certificate chain will be presented to
the remote SNMP engine. Use this option with the
"tls:" or "dtls:" transport domain.
-tls-peer-id subjectDN The subject DN (e.g., "EMAILADDRESS=email@host.com,
C=US, CN=My Name") of the trusted certificate
presented by the remote SNMP engine ID. Use this
option with the "tls:" or "dtls:" transport domain.
-tls-trust-ca issuerDN The issuer DN (e.g., "Company Name CA") of a
trusted certification authority (CA) presented by
the remote SNMP engine ID for TLS and DTLS.
-tls-version tlsVersion The TLS version to use with the 'tls:' transport
protocol. Currently only 'TLSv1', 'TLSv1.1', and
'TLSv1.2' are supported with Java 7 or later.
'TLSv1' is the default which is supported with Java
6 too.
-u securityName Set the security name for authenticated v3
messages.
-v 1|2c|3 Set the SNMP protocol version to be used. Default
is 3.
-w consoleWidth Specifies the width of the console output, default
is 80 characters.
-y privacyProtocol Set the privacy protocol to be used to encrypt
SNMPv3 messages. Valid values are DES, AES
(AES128), AES192, AES256, AES192p, AES256p, and
3DES(DESEDE). The AES protocols that end with 'p'
(for proprietary) are using a non-standardized key
extension algorithm from 3DES.