Reduce SNMPd logging verbosity
SNMPd on my CentOS systems is sending log messages to syslog every time it receives a query from my monitoring tools. Is there a way to lower the verbosity of SNMPd? It adds a lot of clutter to the logs.
Sep 12 13:05:40 myhost snmpd[7073]: Received SNMP packet(s) from UDP: [ipaddr]:42874
Sep 12 13:05:40 myhost snmpd[7073]: Connection from UDP: [ipaddr]:49272
Thanks!
Check the command that starts snmpd
(possibly somewhere /etc/rc.d/
- in Ubuntu it's /etc/defaults/snmpd
) for the logging options:
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -g root 0.0.0.0'
Or find it in the ps aux | grep snmpd
output.
The man page gives the logging options:
-Ls FACILITY
Log messages via syslog, using the specified facility ('d' for LOG_DAEMON, 'u' for LOG_USER, or '0'-'7' for LOG_LOCAL0 through LOG_LOCAL7). There are also "upper case" versions of each of these options, which allow the corresponding logging mechanism to be restricted to certain priorities of message.
For -LF and -LS the priority specification comes before the file or facility token. The priorities recognised are:
0 or ! for LOG_EMERG,
1 or a for LOG_ALERT,
2 or c for LOG_CRIT,
3 or e for LOG_ERR,
4 or w for LOG_WARNING,
5 or n for LOG_NOTICE,
6 or i for LOG_INFO, and
7 or d for LOG_DEBUG.
The default is fairly verbose (only 2 levels below debug):
Normal output is (or will be!) logged at a priority level of LOG_NOTICE
If you're logging to syslog via LOG_DAEMON (-Lsd), you could reduce it to e.g. LOG_WARNING with -LSwd
/-LS4d
, or LOG_ERR with -LSed
/-LS3d
.
(Edited to put the options in the right order.)
In order to set the minimum priority to LOG_WARNING, (which is what I usually use) simply change the argopt:
-Lsd
to
-LSwd
Which stands for:
- S: syslog, priority comes next
- w: (or 4) log only warnings and more relevant messages
- d: use the LOG_DAEMON facility
As stated in the man (but actually missing a clear example):
For -LF and -LS the priority specification comes before the file or facility token
dontLogTCPWrappersConnects
If the snmpd was compiled with TCP Wrapper support, it logs every connection made to the agent. This setting disables the log messages for accepted connections. Denied connections will still be logged.
I.e. add dontLogTCPWrappersConnects true
to snmpd.conf.
I'm puzzled why this log message is considered above LOG_DEBUG, for a monitoring service (and one that supports UDP) :-( . journalctl -o verbose
shows the message has PRIORITY=6 (INFO), which is the same as the normal startup messages for snmpd.
I completely remove the "-Lsd" directive from the /etc/sysconfig/snmpd.options
file in CentOS/Redhat installations, leaving a file that reads:
# snmpd command line options
OPTIONS="-Lf /dev/null -p /var/run/snmpd.pid -a"
Including the standard (included in the default /etc/snmp/snmp.conf
file for CentOS 6.5) line worked for me to reduce the verbosity specifically with respect to TCP/UDP SNMP connection logging:
dontLogTCPWrappersConnects yes
Here is a more "verbose" excerpt from the default snmp.conf
file:
# We do not want annoying "Connection from UDP: " messages in syslog.
# If the following option is commented out, snmpd will print each incoming
# connection, which can be useful for debugging.
dontLogTCPWrappersConnects yes