(RHEL) HOWTO stop snmpd spamming /var/log/messages

From DGZWiki
Jump to: navigation, search

Introduction

The default installation of net-snmp package comes with a default configuration which cause snmpd to log at debug level within /var/log/messages. When using monitoring systems which make snmp requests every 5 minutes, it spams totally /var/log/messages with messages like:

Command: content of /var/log/messages
# tail /var/log/messages
...
Jan 23 11:10:30 sv0143 snmpd[3968]: Received SNMP packet(s) from UDP: [192.168.0.2]:54579
Jan 23 11:10:30 sv0143 snmpd[3968]: Connection from UDP: [192.168.0.3]:50596
Jan 23 11:10:30 sv0143 snmpd[3968]: Received SNMP packet(s) from UDP: [192.168.0.3]:50596
Jan 23 11:10:30 sv0143 snmpd[3968]: Connection from UDP: [192.168.0.3]:50596
Jan 23 11:10:30 sv0143 snmpd[3968]: last message repeated 8 times

This annoying behavior can be corrected by reconfiguring the snmpd daemon to log within its own files and to log on only errors to /var/log/messages.

Reconfigure snmpd

To change the way snmpd is logging, it needs to be reconfigured as follow. As root, open the file /etc/sysconfig/snmpd.options using vi:

Command: editing /etc/sysconfig/snmpd.options
# vi /etc/sysconfig/snmpd.options

Add the following line:

Config File: /etc/sysconfig/snmpd.options
...
OPTIONS="-LS0-4d -Lf /var/log/snmpd.log -p /var/run/snmpd.pid -a" 
...

Which means:

  • -LS0-4d : logging only log levels from 0 to 4 to syslog. Those levels are described below:
    • 0 or ! for LOG_EMERG,
    • 1 or a for LOG_ALERT,
    • 2 or c for LOG_CRIT,
    • 3 or e for LOG_ERR,
    • 4 or w for LOG_WARNING,
    • 5 or n for LOG_NOTICE,
    • 6 or i for LOG_INFO,
    • 7 or d for LOG_DEBUG.
  • -Lf /var/log/snmpd.log: logging everything to /var/log/snmpd.log

Then restart the snmpd service using:

Command: restarting snmpd
# service snmpd restart

Enhance log rotation

To be sure that the new log file is rotated as wanted, check the file "/etc/logrotate.d/snmpd":

Command: editing /etc/sysconfig/snmpd.options
# vi /etc/logrotate.d/snmpd

In this case, the rotate 52 and compress will be added in the default configuration file to save an history of 52 weeks of compressed logs.

Config File: /etc/logrotate.d/snmpd
  /var/log/snmpd.log {
    rotate 52
    compress
    notifempty
    missingok
    postrotate
      /bin/kill -HUP `cat /var/run/snmpd.pid 2> /dev/null` 2> /dev/null || true
    endscript
  }
Note Note: Adding rotate 52 and compress to /etc/logrotate.d/snmpd is needed only if it was not defined globally in /etc/logrotate.conf

External Links