Does snmpd flood your system log file?
How to stop the following snmpd messages from overtaking syslog:
Connection from UDP: ...
Received SNMP packet(s) from UDP: ...
The prescense of the above content within syslog is normal behavior of snmpd's default configuration, and does not indicate a problem per se, other than the fact it's an annoyance when administrators need to dig around in syslog to troubleshoot potential problems elsewhere.
A couple of options exist to change this behavior.
- turn off the logging feature all together
- force snmpd to send logging to its own user defined log file
Turn off the logging feature all together
snmpd's default options can be found by running the following command:
# grep OPTIONS /etc/init.d/snmpd
Depending on the version of RHEL, default options can also be defined in /etc/sysconfig/snmpd.options or /etc/sysconfig/snmpd. Per the init.d script, anything defined within the /etc/sysconfig file overrides the grepped OPTIONS line from the command above. To illustrate, here is the section of the /etc/init.d/snmpd script to show the precedence:
OPTIONS="-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid"
if [ -e /etc/sysconfig/snmpd ]; then
To disable logging alltogether, input (or in some cases, comment out) this line into the /etc/sysconfig/snmpd or snmpd.options file:
OPTIONS="-Lf /dev/null -p /var/run/snmpd.pid -a"
Next: restart snmpd for the change to take effect.
force snmpd to send logging to its own user defined log file
There are two ways to do this. The easiest way is to define the OPTIONS statement in the respective /etc/sysconfig file as follows:
The other way to redirect snmpd logging to its own file is to include this defined OPTIONS statement in the respective /etc/sysconfig config file:
OPTIONS="-Ls2 -Lf /dev/null -p /var/run/snmpd.pid -a"
Next, create a custom log facility for snmpd in /etc/syslog.conf as follows:
and be sure to add local2.none to the /var/log/messages entry within syslog.conf. Otherwise, snmpd will log to both places:
Next, restart both snmpd and syslogd for the changes to take effect.
Read the man page for snmpd to learn how to invoke other changes to minimize logging. For example, to disable "Connection from" messages, add the following line to the respective /etc/sysconfig configuration file: