Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiAnalyzer 6.4.2 CLI Reference
    6.4.2
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.8
    5.6.7
    5.6.7
    5.6.6
    5.6.6
    5.6.5
    5.6.5
    5.6.4
    5.6.4
    5.6.3
    5.6.3
    5.6.2
    5.6.2
    5.6.1
    5.6.1
    5.6.0
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.5
    5.4.4
    5.4.4
    5.4.3
    5.4.3
    5.4.2
    5.4.2
    5.4.1
    5.4.1
    5.4.0
    5.4.0
    5.2.10
    5.2.9
    5.2.9
    5.2.7
    5.2.7
    5.2.6
    5.2.6
    5.2.5
    5.2.5
    5.2.4
    5.2.4
    5.2.3
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.13
    5.0.13
    5.0.11
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    5.0.1
    4.3.0
    4.2.0
    4.1.0
    4.0.0

    snmp

    snmp

    Use the following commands to configure SNMP related settings.

    snmp community

    Use this command to configure SNMP communities on your FortiAnalyzer unit.

    You add SNMP communities so that SNMP managers, typically applications running on computers to monitor SNMP status information, can connect to the FortiAnalyzer unit (the SNMP agent) to view system information and receive SNMP traps. SNMP traps are triggered when system events happen such as when there is a system restart, or when the log disk is almost full.

    You can add up to three SNMP communities, and each community can have a different configuration for SNMP queries and traps. Each community can be configured to monitor the FortiAnalyzer unit for a different set of events.

    Hosts are the SNMP managers that make up this SNMP community. Host information includes the IPv4 address and interface that connects it to the FortiAnalyzer unit.

    For more information on SNMP traps and variables, see the Fortinet Document Library.

    Part of configuring an SNMP manager is to list it as a host in a community on the FortiAnalyzer unit that it will be monitoring. Otherwise that SNMP manager will not receive any traps or events from the FortiAnalyzer unit, and will be unable to query the FortiAnalyzer unit as well.

    Syntax

    config system snmp community

    edit <index_number>

    set events <events_list>

    set name <community_name>

    set query-v1-port <integer>

    set query-v1-status {enable | disable}

    set query-v2c-port <integer>

    set query-v2c-status {enable | disable}

    set status {enable | disable}

    set trap-v1-rport <integer>

    set trap-v1-status {enable | disable}

    set trap-v2c-rport <integer>

    set trap-v2c-status {enable | disable}

    config hosts

    edit <host_number>

    set interface <interface_name>

    set ip <ipv4_address>

    end

    config hosts6

    edit <host_number>

    set interface <interface_name>

    set ip <ipv6_address>

    end

    end

    Variable Description
    <index_number> Enter the index number of the community in the SNMP communities table. Enter an unused index number to create a new SNMP community.

    events <events_list>

    Enable the events for which the FortiManager unit should send traps to the SNMP managers in this community (default = All events enabled). The raid_changed event is only available for devices that support RAID.

    • cpu-high-exclude-nice: CPU usage exclude NICE threshold.
    • cpu_high: CPU usage too high.
    • disk_low: Disk usage too high.
    • ha_switch: HA switch.
    • intf_ip_chg: Interface IP address changed.
    • lic-dev-quota: High licensed device quota detected.
    • lic-gbday: High licensed log GB/day detected.
    • log-alert: Log base alert message.
    • log-data-rate: High incoming log data rate detected.
    • log-rate: High incoming log rate detected.
    • mem_low: Available memory is low.
    • raid_changed: RAID status changed.
    • sys_reboot: System reboot.
    name <community_name>

    Enter the name of the SNMP community. Names can be used to distinguish between the roles of the hosts in the groups.

    For example the Logging and Reporting group would be interested in the disk_low events, but likely not the other events.

    The name is included in SNMPv2c trap packets to the SNMP manager, and is also present in query packets from, the SNMP manager.
    query-v1-port <integer>

    Enter the SNMPv1 query port number used when SNMP managers query the FortiManager unit (1 - 65535, default = 161).
    query-v1-status {enable | disable}

    Enable/disable SNMPv1 queries for this SNMP community (default = enable).
    query-v2c-port <integer>

    Enter the SNMP v2c query port number used when SNMP managers query the FortiManager unit. SNMP v2c queries will include the name of the community (1 - 65535, default = 161).
    query-v2c-status {enable | disable}

    Enable/disable SNMPv2c queries for this SNMP community (default = enable).
    status {enable | disable}

    Enable/disable this SNMP community (default = enable).
    trap-v1-rport <integer>

    Enter the SNMPv1 remote port number used for sending traps to the SNMP managers (1 - 65535, default = 162).
    trap-v1-status {enable | disable}

    Enable/disable SNMPv1 traps for this SNMP community (default = enable).
    trap-v2c-rport <integer>

    Enter the SNMPv2c remote port number used for sending traps to the SNMP managers (1 - 65535, default = 162).
    trap-v2c-status {enable | disable}

    Enable/disable SNMPv2c traps for this SNMP community. SNMP v2c traps sent out to SNMP managers include the community name (default = enable).
    Variables for config hosts subcommand:
    <host_number>

    Enter the index number of the host in the table. Enter an unused index number to create a new host.
    interface <interface_name>

    Enter the name of the FortiAnalyzer unit that connects to the SNMP manager (default = any).
    ip <ipv4_address>

    Enter the IPv4 address of the SNMP manager.
    Variables for config hosts6 subcommand:
    <host_number>

    Enter the index number of the host in the table. Enter an unused index number to create a new host.
    interface <interface_name>

    Enter the name of the FortiAnalyzer unit that connects to the SNMP manager (default = any).
    ip <ipv6_address>

    Enter the IPv6 address of the SNMP manager.

    Example

    This example shows how to add a new SNMP community named SNMP_Com1. The default configuration can be used in most cases with only a few modifications. In the example below the community is added, given a name, and then because this community is for an SNMP manager that is SNMP v1 compatible, all v2c functionality is disabled. After the community is configured the SNMP manager, or host, is added. The SNMP manager IPv4 address is 192.168.20.34 and it connects to the FortiAnalyzer unit internal interface.

    config system snmp community

    edit 1

    set name SNMP_Com1

    set query-v2c-status disable

    set trap-v2c-status disable

    config hosts

    edit 1

    set interface internal

    set ip 192.168.10.34

    end

    end

    snmp sysinfo

    Use this command to enable the FortiAnalyzer SNMP agent and to enter basic system information used by the SNMP agent. Enter information about the FortiAnalyzer unit to identify it. When your SNMP manager receives traps from the FortiAnalyzer unit, you will know which unit sent the information. Some SNMP traps indicate high CPU usage, log full, or low memory.

    For more information on SNMP traps and variables, see the Fortinet Document Library.

    Syntax

    config system snmp sysinfo

    set contact-info <string>

    set description <description>

    set engine-id <string>

    set fortianalyzer-legacy-sysoid <string>

    set location <location>

    set status {enable | disable}

    set trap-cpu-high-exclude-nice-threshold <percentage>

    set trap-high-cpu-threshold <percentage>

    set trap-low-memory-threshold <percentage>

    end

    Variable

    Description

    contact-info <string>

    Add the contact information for the person responsible for this FortiAnalyzer unit (character limit = 255).

    description <description>

    Add a name or description of the FortiManager unit (character limit = 255).

    engine-id <string>

    Local SNMP engine ID string (character limit = 24).

    fortianalyzer-legacy-sysoid <string>

    Enable to switch back to legacy FortiAnalyzer sysObjectOID (default = disable)..

    location <location>

    Describe the physical location of the FortiAnalyzer unit (character limit = 255).

    status {enable | disable}

    Enable/disable the FortiAnalyzer SNMP agent (default = disable).

    trap-cpu-high-exclude-nice-threshold <percentage>

    SNMP trap for CPU usage threshold (excluding NICE processes), in percent (default = 80).

    trap-high-cpu-threshold <percentage>

    SNMP trap for CPU usage threshold, in percent (default = 80).

    trap-low-memory-threshold <percentage>

    SNMP trap for memory usage threshold, in percent (default = 80).

    Example

    This example shows how to enable the FortiAnalyzer SNMP agent and add basic SNMP information.

    config system snmp sysinfo

    set status enable

    set contact-info 'System Admin ext 245'

    set description 'Internal network unit'

    set location 'Server Room A121'

    end

    snmp user

    Use this command to configure SNMPv3 users on your FortiAnalyzer unit. To use SNMPv3, you will first need to enable the FortiAnalyzer SNMP agent. For more information, see snmp sysinfo. There should be a corresponding configuration on the SNMP server in order to query to or receive traps from FortiAnalyzer.

    For more information on SNMP traps and variables, see the Fortinet Document Library.

    Syntax

    config system snmp user

    edit <name>

    set auth-proto {md5 | sha}

    set auth-pwd <passwd>

    set events <events_list>

    set notify-hosts <ipv4_address>

    set notify-hosts6 <ipv6_address>

    set priv-proto {aes | des}

    set priv-pwd <passwd>

    set queries {enable | disable}

    set query-port <integer>

    set security-level {auth-no-priv | auth-priv | no-auth-no-priv}

    end

    end

    Variable

    Description

    <name>

    Enter a SNMPv3 user name to add, edit, or delete.

    auth-proto {md5 | sha}

    Authentication protocol. The security level must be set to auth-no-priv or auth-priv to use this variable:

    • md5: HMAC-MD5-96 authentication protocol
    • sha: HMAC-SHA-96 authentication protocol (default)

    auth-pwd <passwd>

    Password for the authentication protocol. The security level must be set to auth-no-priv or auth-priv to use this variable.

    events <events_list>

    Enable the events for which the FortiAnalyzer unit should send traps to the SNMPv3 managers in this community (default = All events enabled). The raid_changed event is only available for devices which support RAID.

    • cpu-high-exclude-nice: CPU usage exclude nice threshold.
    • cpu_high: The CPU usage is too high.
    • disk_low: The log disk is getting close to being full.
    • ha_switch: A new unit has become the primary HA.
    • intf_ip_chg: An interface IP address has changed.
    • lic-dev-quota: High licensed device quota detected.
    • lic-gbday: High licensed log GB/Day detected.
    • log-alert: Log base alert message.
    • log-data-rate: High incoming log data rate detected.
    • log-rate: High incoming log rate detected.
    • mem_low: The available memory is low.
    • raid_changed: RAID status changed.
    • sys_reboot: The FortiAnalyzer unit has rebooted.

    notify-hosts <ipv4_address>

    Hosts to send notifications (traps) to.

    notify-hosts6 <ipv6_address>

    Hosts to send notifications (traps) to.

    priv-proto {aes | des}

    Privacy (encryption) protocol. The security level must be set to auth-no-priv or auth-priv to use this variable:

    • aes: CFB128-AES-128 symmetric encryption protocol (default)
    • des: CBC-DES symmetric encryption protocol

    priv-pwd <passwd>

    Password for the privacy (encryption) protocol. The security level must be set to auth-no-priv or auth-priv to use this variable.

    queries {enable | disable}

    Enable/disable queries for this user (default = enable)

    query-port <integer>

    SNMPv3 query port (1 - 65535, default = 161).

    security-level {auth-no-priv | auth-priv | no-auth-no-priv}

    Security level for message authentication and encryption:

    • auth-no-priv: Message with authentication but no privacy (encryption).
    • auth-priv: Message with authentication and privacy (encryption).
    • no-auth-no-priv: Message with no authentication and no privacy (encryption) (default).
    Previous
    Next

    snmp

    snmp

    Use the following commands to configure SNMP related settings.

    snmp community

    Use this command to configure SNMP communities on your FortiAnalyzer unit.

    You add SNMP communities so that SNMP managers, typically applications running on computers to monitor SNMP status information, can connect to the FortiAnalyzer unit (the SNMP agent) to view system information and receive SNMP traps. SNMP traps are triggered when system events happen such as when there is a system restart, or when the log disk is almost full.

    You can add up to three SNMP communities, and each community can have a different configuration for SNMP queries and traps. Each community can be configured to monitor the FortiAnalyzer unit for a different set of events.

    Hosts are the SNMP managers that make up this SNMP community. Host information includes the IPv4 address and interface that connects it to the FortiAnalyzer unit.

    For more information on SNMP traps and variables, see the Fortinet Document Library.

    Part of configuring an SNMP manager is to list it as a host in a community on the FortiAnalyzer unit that it will be monitoring. Otherwise that SNMP manager will not receive any traps or events from the FortiAnalyzer unit, and will be unable to query the FortiAnalyzer unit as well.

    Syntax

    config system snmp community

    edit <index_number>

    set events <events_list>

    set name <community_name>

    set query-v1-port <integer>

    set query-v1-status {enable | disable}

    set query-v2c-port <integer>

    set query-v2c-status {enable | disable}

    set status {enable | disable}

    set trap-v1-rport <integer>

    set trap-v1-status {enable | disable}

    set trap-v2c-rport <integer>

    set trap-v2c-status {enable | disable}

    config hosts

    edit <host_number>

    set interface <interface_name>

    set ip <ipv4_address>

    end

    config hosts6

    edit <host_number>

    set interface <interface_name>

    set ip <ipv6_address>

    end

    end

    Variable Description
    <index_number> Enter the index number of the community in the SNMP communities table. Enter an unused index number to create a new SNMP community.

    events <events_list>

    Enable the events for which the FortiManager unit should send traps to the SNMP managers in this community (default = All events enabled). The raid_changed event is only available for devices that support RAID.

    • cpu-high-exclude-nice: CPU usage exclude NICE threshold.
    • cpu_high: CPU usage too high.
    • disk_low: Disk usage too high.
    • ha_switch: HA switch.
    • intf_ip_chg: Interface IP address changed.
    • lic-dev-quota: High licensed device quota detected.
    • lic-gbday: High licensed log GB/day detected.
    • log-alert: Log base alert message.
    • log-data-rate: High incoming log data rate detected.
    • log-rate: High incoming log rate detected.
    • mem_low: Available memory is low.
    • raid_changed: RAID status changed.
    • sys_reboot: System reboot.
    name <community_name>

    Enter the name of the SNMP community. Names can be used to distinguish between the roles of the hosts in the groups.

    For example the Logging and Reporting group would be interested in the disk_low events, but likely not the other events.

    The name is included in SNMPv2c trap packets to the SNMP manager, and is also present in query packets from, the SNMP manager.
    query-v1-port <integer>

    Enter the SNMPv1 query port number used when SNMP managers query the FortiManager unit (1 - 65535, default = 161).
    query-v1-status {enable | disable}

    Enable/disable SNMPv1 queries for this SNMP community (default = enable).
    query-v2c-port <integer>

    Enter the SNMP v2c query port number used when SNMP managers query the FortiManager unit. SNMP v2c queries will include the name of the community (1 - 65535, default = 161).
    query-v2c-status {enable | disable}

    Enable/disable SNMPv2c queries for this SNMP community (default = enable).
    status {enable | disable}

    Enable/disable this SNMP community (default = enable).
    trap-v1-rport <integer>

    Enter the SNMPv1 remote port number used for sending traps to the SNMP managers (1 - 65535, default = 162).
    trap-v1-status {enable | disable}

    Enable/disable SNMPv1 traps for this SNMP community (default = enable).
    trap-v2c-rport <integer>

    Enter the SNMPv2c remote port number used for sending traps to the SNMP managers (1 - 65535, default = 162).
    trap-v2c-status {enable | disable}

    Enable/disable SNMPv2c traps for this SNMP community. SNMP v2c traps sent out to SNMP managers include the community name (default = enable).
    Variables for config hosts subcommand:
    <host_number>

    Enter the index number of the host in the table. Enter an unused index number to create a new host.
    interface <interface_name>

    Enter the name of the FortiAnalyzer unit that connects to the SNMP manager (default = any).
    ip <ipv4_address>

    Enter the IPv4 address of the SNMP manager.
    Variables for config hosts6 subcommand:
    <host_number>

    Enter the index number of the host in the table. Enter an unused index number to create a new host.
    interface <interface_name>

    Enter the name of the FortiAnalyzer unit that connects to the SNMP manager (default = any).
    ip <ipv6_address>

    Enter the IPv6 address of the SNMP manager.

    Example

    This example shows how to add a new SNMP community named SNMP_Com1. The default configuration can be used in most cases with only a few modifications. In the example below the community is added, given a name, and then because this community is for an SNMP manager that is SNMP v1 compatible, all v2c functionality is disabled. After the community is configured the SNMP manager, or host, is added. The SNMP manager IPv4 address is 192.168.20.34 and it connects to the FortiAnalyzer unit internal interface.

    config system snmp community

    edit 1

    set name SNMP_Com1

    set query-v2c-status disable

    set trap-v2c-status disable

    config hosts

    edit 1

    set interface internal

    set ip 192.168.10.34

    end

    end

    snmp sysinfo

    Use this command to enable the FortiAnalyzer SNMP agent and to enter basic system information used by the SNMP agent. Enter information about the FortiAnalyzer unit to identify it. When your SNMP manager receives traps from the FortiAnalyzer unit, you will know which unit sent the information. Some SNMP traps indicate high CPU usage, log full, or low memory.

    For more information on SNMP traps and variables, see the Fortinet Document Library.

    Syntax

    config system snmp sysinfo

    set contact-info <string>

    set description <description>

    set engine-id <string>

    set fortianalyzer-legacy-sysoid <string>

    set location <location>

    set status {enable | disable}

    set trap-cpu-high-exclude-nice-threshold <percentage>

    set trap-high-cpu-threshold <percentage>

    set trap-low-memory-threshold <percentage>

    end

    Variable

    Description

    contact-info <string>

    Add the contact information for the person responsible for this FortiAnalyzer unit (character limit = 255).

    description <description>

    Add a name or description of the FortiManager unit (character limit = 255).

    engine-id <string>

    Local SNMP engine ID string (character limit = 24).

    fortianalyzer-legacy-sysoid <string>

    Enable to switch back to legacy FortiAnalyzer sysObjectOID (default = disable)..

    location <location>

    Describe the physical location of the FortiAnalyzer unit (character limit = 255).

    status {enable | disable}

    Enable/disable the FortiAnalyzer SNMP agent (default = disable).

    trap-cpu-high-exclude-nice-threshold <percentage>

    SNMP trap for CPU usage threshold (excluding NICE processes), in percent (default = 80).

    trap-high-cpu-threshold <percentage>

    SNMP trap for CPU usage threshold, in percent (default = 80).

    trap-low-memory-threshold <percentage>

    SNMP trap for memory usage threshold, in percent (default = 80).

    Example

    This example shows how to enable the FortiAnalyzer SNMP agent and add basic SNMP information.

    config system snmp sysinfo

    set status enable

    set contact-info 'System Admin ext 245'

    set description 'Internal network unit'

    set location 'Server Room A121'

    end

    snmp user

    Use this command to configure SNMPv3 users on your FortiAnalyzer unit. To use SNMPv3, you will first need to enable the FortiAnalyzer SNMP agent. For more information, see snmp sysinfo. There should be a corresponding configuration on the SNMP server in order to query to or receive traps from FortiAnalyzer.

    For more information on SNMP traps and variables, see the Fortinet Document Library.

    Syntax

    config system snmp user

    edit <name>

    set auth-proto {md5 | sha}

    set auth-pwd <passwd>

    set events <events_list>

    set notify-hosts <ipv4_address>

    set notify-hosts6 <ipv6_address>

    set priv-proto {aes | des}

    set priv-pwd <passwd>

    set queries {enable | disable}

    set query-port <integer>

    set security-level {auth-no-priv | auth-priv | no-auth-no-priv}

    end

    end

    Variable

    Description

    <name>

    Enter a SNMPv3 user name to add, edit, or delete.

    auth-proto {md5 | sha}

    Authentication protocol. The security level must be set to auth-no-priv or auth-priv to use this variable:

    • md5: HMAC-MD5-96 authentication protocol
    • sha: HMAC-SHA-96 authentication protocol (default)

    auth-pwd <passwd>

    Password for the authentication protocol. The security level must be set to auth-no-priv or auth-priv to use this variable.

    events <events_list>

    Enable the events for which the FortiAnalyzer unit should send traps to the SNMPv3 managers in this community (default = All events enabled). The raid_changed event is only available for devices which support RAID.

    • cpu-high-exclude-nice: CPU usage exclude nice threshold.
    • cpu_high: The CPU usage is too high.
    • disk_low: The log disk is getting close to being full.
    • ha_switch: A new unit has become the primary HA.
    • intf_ip_chg: An interface IP address has changed.
    • lic-dev-quota: High licensed device quota detected.
    • lic-gbday: High licensed log GB/Day detected.
    • log-alert: Log base alert message.
    • log-data-rate: High incoming log data rate detected.
    • log-rate: High incoming log rate detected.
    • mem_low: The available memory is low.
    • raid_changed: RAID status changed.
    • sys_reboot: The FortiAnalyzer unit has rebooted.

    notify-hosts <ipv4_address>

    Hosts to send notifications (traps) to.

    notify-hosts6 <ipv6_address>

    Hosts to send notifications (traps) to.

    priv-proto {aes | des}

    Privacy (encryption) protocol. The security level must be set to auth-no-priv or auth-priv to use this variable:

    • aes: CFB128-AES-128 symmetric encryption protocol (default)
    • des: CBC-DES symmetric encryption protocol

    priv-pwd <passwd>

    Password for the privacy (encryption) protocol. The security level must be set to auth-no-priv or auth-priv to use this variable.

    queries {enable | disable}

    Enable/disable queries for this user (default = enable)

    query-port <integer>

    SNMPv3 query port (1 - 65535, default = 161).

    security-level {auth-no-priv | auth-priv | no-auth-no-priv}

    Security level for message authentication and encryption:

    • auth-no-priv: Message with authentication but no privacy (encryption).
    • auth-priv: Message with authentication and privacy (encryption).
    • no-auth-no-priv: Message with no authentication and no privacy (encryption) (default).
    Previous
    Next