Disable the excessive logging of snmpd for RHEL 5

Jephe Wu - http://linuxtechres.blogspot.com

Problem: on RHEL 5 server, /var/log/messages logs too many logs such as the following:

snmpd[1901]: Received SNMP packet(s) from UDP: [127.0.0.1]:50736
snmpd[1901]: Connection from UDP: [127.0.0.1]:50736



Objective: suppress above logs.
Environment: RHEL 5.1

Concept: in order to suppress above logs, you need to remove -a (in /etc/sysconfig/snmpd.options) for snmpd sysconfig options (to suppress 'Received SNMP packets' line) and use dontLogTCPWrappersConnects option (only available since net-snmp 5.3.2.2 which in RHEL 5.3 update) in /etc/snmpd.conf (to suppress 'Connection from UDP' line)

You can run 'man snmpd' to search dontLogTCPWrappersConnects, you can only find in net-snmp 5.3.2.2 version.


Steps:
1. Firstly, you need to upgrade net-snmp rpm to the 5.3.2.2 which is included in RHEL 5.3 according to the RHEL 5.3 release notes at http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/pdf/Release_Notes.pdf  (search 'snmp trap' or 'dontLogTCPWrappersConnects', you will find it says:

Net-SNMP has been re-based to upstream version 5.3.2.2. This update adds Stream Control Transmission Protocol (SCTP) support and introduces two new configuration options ( to be used in /etc/snmpd.conf)

  • dontLogTCPWrappersConnects - suppresses logging of connection attempts
  • v1trapaddress - enables administrators to set an agent's IP address inside outgoing SNMP traps
 In order to upgrade to RHEL 5.3 update so that you will have version 5.3.2.2 of net-snmp, you can do:
yum install net-snmp   (assuming you registered redhat subscription for yum update, it will update 3 packages: net-snmp, net-snmp-utils, net-snmp-libs)


2. After upgrading net-snmp, make sure /etc/sysconfig/snmpd.options contains the following options:

OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid"

-a means "Log the source addresses of incoming requests" according to snmpd man page

3. edit /etc/snmp/snmpd.conf to include this line, check man page of snmpd for the meaning:
dontLogTCPWrappersConnects 1

4. restart snmpd daemon
service snmpd restart

5. check again
ps ax | grep snmpd 

you should see something like this:
/usr/sbin/snmpd -Lsd -Lf /dev/null -p /var/run/snmpd.pid 

6. check /var/log/messages to confirm the reduced log output

References:

a. access.redhat.com knowledge base search 'DOC-3466' and 'DOC-25144' for
How to disable the excessive logging of snmpd in Red Hat Enterprise Linux System?
and
How do I reduce the verbosity of SNMP logging?

at 9/12/2010 11:56:00 AM

Labels: