aug 202013
 

snmpIf your running a recent distribution of Linux and it’s being polled by SNMP, chances are you see a log of this in your logs:

 

 

Aug 23 08:20:43 myserver snmpd[951]: Connection from UDP: [192.168.0.1]:51832->[192.168.0.8]
Aug 23 08:20:43 myserver snmpd[951]: Connection from UDP: [192.168.0.1]:43120->[192.168.0.8]
Aug 23 08:20:43 myserver snmpd[951]: Connection from UDP: [192.168.0.1]:55987->[192.168.0.8]
Aug 23 08:20:43 myserver snmpd[951]: Connection from UDP: [192.168.0.1]:36068->[192.168.0.8]

While informative, it creates a lot of noise. There are different things you can do to get rid of it.

  • Disable snmpd’s logging completely. Not recommended.
  • Filter out the messages during log processing using third party tools (grep, sec, etc,ossec).
  • Tell snmpd to not print these messages.

I’m only going to describe the last option, changing snmpd’s logging options.

The file that need updating depends on your distribution.

RedHat/CentOS/Scientific Linux: /etc/sysconfig/snmpd
Debian/Ubuntu: /etc/defaults/snmpd

You want to look for the line that passes the command line options to snmpd.  On RedHat Enterprise 6 this looks like:

# OPTIONS="-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid"

The option to change is the -L option, that controls snmpd’s logging.  You want change the range from 0-6 to 0-5.  (On Redhat Enterprise 6 you also have to uncomment the line.)   The result looks like:

OPTIONS="-LS0-5d -Lf /dev/null -p /var/run/snmpd.pid"

Restart snmpd and your done.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)