Reduce SNMPd logging verbosity

SNMPd on my CentOS systems is sending log messages to syslog every time it receives a query from my monitoring tools. Is there a way to lower the verbosity of SNMPd? It adds a lot of clutter to the logs.

Sep 12 13:05:40 myhost snmpd[7073]: Received SNMP packet(s) from UDP: [ipaddr]:42874
Sep 12 13:05:40 myhost snmpd[7073]: Connection from UDP: [ipaddr]:49272

Thanks!


Check the command that starts snmpd (possibly somewhere /etc/rc.d/ - in Ubuntu it's /etc/defaults/snmpd) for the logging options:

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -g root 0.0.0.0'

Or find it in the ps aux | grep snmpd output.

The man page gives the logging options:

-Ls FACILITY

Log messages via syslog, using the specified facility ('d' for LOG_DAEMON, 'u' for LOG_USER, or '0'-'7' for LOG_LOCAL0 through LOG_LOCAL7). There are also "upper case" versions of each of these options, which allow the corresponding logging mechanism to be restricted to certain priorities of message.

For -LF and -LS the priority specification comes before the file or facility token. The priorities recognised are:

0 or ! for LOG_EMERG,
1 or a for LOG_ALERT,
2 or c for LOG_CRIT,
3 or e for LOG_ERR,
4 or w for LOG_WARNING,
5 or n for LOG_NOTICE,
6 or i for LOG_INFO, and
7 or d for LOG_DEBUG. 

The default is fairly verbose (only 2 levels below debug):

Normal output is (or will be!) logged at a priority level of LOG_NOTICE

If you're logging to syslog via LOG_DAEMON (-Lsd), you could reduce it to e.g. LOG_WARNING with -LSwd/-LS4d, or LOG_ERR with -LSed/-LS3d.

(Edited to put the options in the right order.)


In order to set the minimum priority to LOG_WARNING, (which is what I usually use) simply change the argopt:

-Lsd

to

-LSwd

Which stands for:

  • S: syslog, priority comes next
  • w: (or 4) log only warnings and more relevant messages
  • d: use the LOG_DAEMON facility

As stated in the man (but actually missing a clear example):

For -LF and -LS the priority specification comes before the file or facility token


dontLogTCPWrappersConnects

If the snmpd was compiled with TCP Wrapper support, it logs every connection made to the agent. This setting disables the log messages for accepted connections. Denied connections will still be logged.

I.e. add dontLogTCPWrappersConnects true to snmpd.conf.

I'm puzzled why this log message is considered above LOG_DEBUG, for a monitoring service (and one that supports UDP) :-( . journalctl -o verbose shows the message has PRIORITY=6 (INFO), which is the same as the normal startup messages for snmpd.


I completely remove the "-Lsd" directive from the /etc/sysconfig/snmpd.options file in CentOS/Redhat installations, leaving a file that reads:

# snmpd command line options
OPTIONS="-Lf /dev/null -p /var/run/snmpd.pid -a"

Including the standard (included in the default /etc/snmp/snmp.conf file for CentOS 6.5) line worked for me to reduce the verbosity specifically with respect to TCP/UDP SNMP connection logging:

dontLogTCPWrappersConnects yes

Here is a more "verbose" excerpt from the default snmp.conf file:

# We do not want annoying "Connection from UDP: " messages in syslog.
# If the following option is commented out, snmpd will print each incoming
# connection, which can be useful for debugging.

dontLogTCPWrappersConnects yes