Reese Knowledgebase

snmpd floods /var/log/messages syslog

View Kristian Reese's profile on LinkedIn

If you like this article, please +1 or Recommend via FB with the provided buttons above:

Article ID: 140
by: Reese K.
Posted: 30 Oct, 2013
Last updated: 30 Oct, 2013
Views: 8005

Does snmpd flood your system log file?

How to stop the following snmpd messages from overtaking syslog:

Connection from UDP: ...
Received SNMP packet(s) from UDP: ...

The prescense of the above content within syslog is normal behavior of snmpd's default configuration, and does not indicate a problem per se, other than the fact it's an annoyance when administrators need to dig around in syslog to troubleshoot potential problems elsewhere.

A couple of options exist to change this behavior.

  1. turn off the logging feature all together
  2. force snmpd to send logging to its own user defined log file

Turn off the logging feature all together

snmpd's default options can be found by running the following command:

# grep OPTIONS /etc/init.d/snmpd

Depending on the version of RHEL, default options can also be defined in /etc/sysconfig/snmpd.options or /etc/sysconfig/snmpd.  Per the init.d script, anything defined within the /etc/sysconfig file overrides the grepped OPTIONS line from the command above.  To illustrate, here is the section of the /etc/init.d/snmpd script to show the precedence:

OPTIONS="-LS0-6d -Lf /dev/null -p /var/run/"
if [ -e /etc/sysconfig/snmpd ]; then
  . /etc/sysconfig/snmpd

To disable logging alltogether, input (or in some cases, comment out) this line into the /etc/sysconfig/snmpd or snmpd.options file:

OPTIONS="-Lf /dev/null -p /var/run/ -a"

Next: restart snmpd for the change to take effect.

force snmpd to send logging to its own user defined log file

There are two ways to do this.  The easiest way is to define the OPTIONS statement in the respective /etc/sysconfig file as follows:

OPTIONS="-Lf /var/log/snmpd.log"

The other way to redirect snmpd logging to its own file is to include this defined OPTIONS statement in the respective /etc/sysconfig config file:

OPTIONS="-Ls2 -Lf /dev/null -p /var/run/ -a"

Next, create a custom log facility for snmpd in /etc/syslog.conf as follows:

local2.*                           /var/log/snmpd.log

and be sure to add local2.none to the /var/log/messages entry within syslog.conf.  Otherwise, snmpd will log to both places:

*.info;mail.none;authpriv.none;cron.none;local2.none            /var/log/messages

Next, restart both snmpd and syslogd for the changes to take effect.

Read the man page for snmpd to learn how to invoke other changes to minimize logging.  For example, to disable "Connection from" messages, add the following line to the respective /etc/sysconfig configuration file:

dontLogTCPWrappersConnects 1

This article was:   Helpful | Not Helpful
Prev   Next
How to install ffmpeg, ffmpeg-php, pecl, and ImageMagick     Resizing an Online Multipath Device