Enable an SNMP Script
Store SNMP Scripts
SNMP scripts are stored on a device’s hard drive in the
/var/db/scripts/snmp directory or on the flash drive in the
/config/scripts/snmp directory. Only users in the
super-user login class can access and edit files in these directories.
For information about setting the storage location for scripts, see Storing and
Enabling Scripts and Storing
Scripts in Flash Memory.
To prevent the execution of unauthorized Python code on Junos devices, unsigned Python
scripts must meet certain requirements before you can execute the scripts on a device.
Unsigned Python scripts must be owned by either root or a user in the
super-user login class, and only the file owner can have write permission
for the file. For detailed information about the requirements for executing Python
automation scripts, see Requirements for Executing Python Automation Scripts on Junos Devices.
If the device has dual Routing Engines and you want to enable an SNMP script to execute
on both Routing Engines, you can copy the script to the
/var/db/scripts/snmp or /config/scripts/snmp
directory on both Routing Engines, or you can issue the commit synchronize
scripts command to synchronize the configuration and copy the scripts to the
other Routing Engine as part of the commit operation.
Enable SNMP Scripts
You must enable an SNMP script before you can execute it. To enable an SNMP script, include
the file filename statement at the [edit system
scripts snmp] hierarchy level, and specify the filename of the SNMP script. Only
users in the super-user login class can enable SNMP scripts.
[edit system scripts snmp] user@host# set file filename
SLAX and Python scripts must include the .slax or .py filename extension, respectively, in both the actual script name and the filename in the configuration. XSLT scripts do not require a filename extension, but we strongly recommend that you append the .xsl extension. In either case, the configured filename must exactly match the filename of the script in the directory. For example, if the XSLT script filename is script1.xsl, then you must include script1.xsl in the configuration. Likewise, if the XSLT script filename is script1, then you must include script1 in the configuration.
By default, you cannot execute unsigned Python scripts on Junos devices. To enable the
execution of unsigned Python automation scripts that meet the requirements outlined in Requirements for Executing Python Automation Scripts on Devices Running Junos OS,
you must configure the language python or language python3
statement at the [edit system scripts] hierarchy level.
[edit system scripts] user@host# set language (python | python3)
To determine which SNMP scripts are currently enabled on the device, display the files
configured at the [edit system scripts snmp] hierarchy level.
user@host> show configuration system scripts snmp
To ensure that the enabled files are on the device, list the contents of the /var/run/scripts/snmp/ directory.
user@host> file list /var/run/scripts/snmp
In order for SNMP scripts to return values for OIDs, SNMP must be configured on the device running Junos OS. For more information about configuring SNMP, see the Network Management and Monitoring Guide.
SNMP Script Access Privileges
By default, Junos devices execute Python SNMP scripts with the access privileges of the
generic, unprivileged user and group nobody. However, you can configure
Python SNMP scripts to execute with the access privileges of a specific user. To specify the
user, configure the python-script-user username
statement at the [edit system scripts snmp file
filename] hierarchy level. You cannot configure Python SNMP
event scripts to execute with root access privileges.
[edit system scripts snmp file filename] user@host# set python-script-user username
To enable a user who does not belong to the file’s user or group class to execute an unsigned Python automation script, the script’s file permissions must include read permission for others.
Example: Enable an SNMP Script
To enable an SNMP script:
Place the script in the appropriate directory:
/var/db/scripts/snmp directory on the hard disk
/config/scripts/snmp directory on the flash drive
If you store scripts on the flash drive, configure the
load-scripts-from-flashstatement.[edit system scripts] user@host# set load-scripts-from-flash
For unsigned Python scripts, ensure that the following requirements are met:
File owner is either root or a user in the
super-userlogin class.Only the file owner has write permission for the file.
The
language pythonorlanguage python3statement is configured at the[edit system scripts]hierarchy level.[edit system scripts] user@host# set language (python | python3)
Enable the script.
[edit system scripts] user@host# set snmp file filename
For example:
[edit system scripts] user@host# set snmp file sample_snmp.py
For Python scripts, configure the script to execute under the access privileges of a specific user.
Configure a user with a local user account. You cannot configure the root user.
[edit system scripts snmp file filename] user@host# set python-script-user username
For example:
[edit system scripts snmp file filename] user@host# set python-script-user snmp-user
Commit the configuration.
[edit] user@host# commit