Reduce SNMPd logging verbosity

Question

SNMPd on my CentOS systems is sending log messages to syslog every time it receives a query from my monitoring tools. Is there a way to lower the verbosity of SNMPd? It adds a lot of clutter to the logs.

Sep 12 13:05:40 myhost snmpd[7073]: Received SNMP packet(s) from UDP: [ipaddr]:42874
Sep 12 13:05:40 myhost snmpd[7073]: Connection from UDP: [ipaddr]:49272

Thanks!

Andrew · Accepted Answer · 2011-09-14T02:45:05.830

Check the command that starts snmpd (possibly somewhere /etc/rc.d/ - in Ubuntu it's /etc/defaults/snmpd) for the logging options:

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -g root 0.0.0.0'

Or find it in the ps aux | grep snmpd output.

The man page gives the logging options:

-Ls FACILITY

Log messages via syslog, using the specified facility ('d' for LOG_DAEMON, 'u' for LOG_USER, or '0'-'7' for LOG_LOCAL0 through LOG_LOCAL7). There are also "upper case" versions of each of these options, which allow the corresponding logging mechanism to be restricted to certain priorities of message.

For -LF and -LS the priority specification comes before the file or facility token. The priorities recognised are:

0 or ! for LOG_EMERG,
1 or a for LOG_ALERT,
2 or c for LOG_CRIT,
3 or e for LOG_ERR,
4 or w for LOG_WARNING,
5 or n for LOG_NOTICE,
6 or i for LOG_INFO, and
7 or d for LOG_DEBUG.

The default is fairly verbose (only 2 levels below debug):

Normal output is (or will be!) logged at a priority level of LOG_NOTICE

If you're logging to syslog via LOG_DAEMON (-Lsd), you could reduce it to e.g. LOG_WARNING with -LSwd/-LS4d, or LOG_ERR with -LSed/-LS3d.

(Edited to put the options in the right order.)

I struggled to find the correct location on CentOS 6.5. It's not `/etc/snmp/snmpd.options` nor is it `/etc/sysconfig/snmpd.options` but actually it is `/etc/sysconfig/snmpd`. The `ps aux | grep snmpd` was really useful to see if the changes were working. — Eugene van der Merwe, May 04 '14 at 07:58
In Debian using systemd it is wired in `/lib/systemd/system/snmpd.service`, use `systemctl cat snmpd` and `systemctl edit snmpd` to *override* `[Service]ExecStart` only. `ExecStart` should be entered twice, the first time empty to clear the old (look for *systemd override vendor settings* feature) — Alex, Dec 01 '16 at 08:03

score 20 · Answer 2 · answered Sep 13 '11 at 19:39

20

In order to set the minimum priority to LOG_WARNING, (which is what I usually use) simply change the argopt:

-Lsd

to

-LSwd

Which stands for:

S: syslog, priority comes next
w: (or 4) log only warnings and more relevant messages
d: use the LOG_DAEMON facility

As stated in the man (but actually missing a clear example):

For -LF and -LS the priority specification comes before the file or facility token

answered Sep 13 '11 at 19:39

oxullo

301
1
3

Oops, I missed the order of priority/facility. – Andrew Sep 14 '11 at 02:45

sourcejedi · Answer 3 · 2019-03-11T23:45:56.443

12

dontLogTCPWrappersConnects

If the snmpd was compiled with TCP Wrapper support, it logs every connection made to the agent. This setting disables the log messages for accepted connections. Denied connections will still be logged.

I.e. add dontLogTCPWrappersConnects true to snmpd.conf.

I'm puzzled why this log message is considered above LOG_DEBUG, for a monitoring service (and one that supports UDP) :-( . journalctl -o verbose shows the message has PRIORITY=6 (INFO), which is the same as the normal startup messages for snmpd.

edited Mar 11 '19 at 23:45

answered Oct 17 '15 at 09:45

sourcejedi

1,050
10
19

Appears to work as well as changing the logging level from notice to warn, but in a way that is more focused on the connection logging. – jla Feb 08 '16 at 23:05
This worked best for me to remove logging for successful connection attempts, rather than narrowing the log criteria. – B Knight Mar 11 '19 at 20:02

score 6 · Answer 4 · answered Sep 14 '11 at 03:08

6

I completely remove the "-Lsd" directive from the /etc/sysconfig/snmpd.options file in CentOS/Redhat installations, leaving a file that reads:

# snmpd command line options
OPTIONS="-Lf /dev/null -p /var/run/snmpd.pid -a"

answered Sep 14 '11 at 03:08

ewwhite

194,921
91
434
799

does this completely stop all snmpd logs, or does it fall back to default logging? – Banjer Nov 16 '12 at 11:59

score 6 · Answer 5 · answered Jun 14 '17 at 19:54

Including the standard (included in the default /etc/snmp/snmp.conf file for CentOS 6.5) line worked for me to reduce the verbosity specifically with respect to TCP/UDP SNMP connection logging:

dontLogTCPWrappersConnects yes

Here is a more "verbose" excerpt from the default snmp.conf file:

# We do not want annoying "Connection from UDP: " messages in syslog.
# If the following option is commented out, snmpd will print each incoming
# connection, which can be useful for debugging.

dontLogTCPWrappersConnects yes

score -1 · Answer 6 · answered Apr 08 '19 at 12:30

-1

on the raspberry pi / raspbian, the file location is

/lib/systemd/system/snmpd.service

then you have to do a daemon-reload before restarting the snmpd service.

systemctl daemon-reload

answered Apr 08 '19 at 12:30

SkullKill

1

You probably shouldn't edit that file directly, instead create an override file by running `systemctl edit snmpd.service` which brings up a blank file, add three lines "[Service]\n ExecStart=\n ExecStart=/usr/sbin/snmpd " and save it. The `systemctl edit` takes care of the `daemon-reload` – barryp Mar 01 '20 at 17:30

Reduce SNMPd logging verbosity

6 Answers6

Linked

Related