Under normal working conditions, when SNMP Managers query SNMP agents (snmpd) on RHEL 6, several lines of information similar to the following are logged into syslog:
May 27 17:39:14 MyLinuxHost snmpd[1521]: Connection from UDP: [192.168.100.200]:54907->[172.23.10.10]
As snmpd is typically queried frequently, your syslog (e.g. /var/log/messages) will be filled with several such informational lines as this can lead to “noise” and is truly not required.
SNMP Logging Levels are given below:
| LOG LEVEL | DESCRIPTION |
|---|---|
| 0 | Emergencies – System is unusable |
| 1 | Alerts – Immediate action needed |
| 2 | Critical – Critical conditions |
| 3 | Errors – Error conditions |
| 4 | Warnings – Warning conditions |
| 5 | Notifications – Informational messages |
| 6 | Informational – Normal but significant conditions |
| 7 | Debugging – Debugging messages |
By default, SNMP on RHEL 6 has logging levels 0-6 enabled. The redundant information in the logs is logged at level 6. Given below are steps to disable these informational messages for SNMP on RHEL 6:
STEP 1:Modify the SNMP Logging Level
Edit /etc/init.d/snmpd and modify the OPTIONS variable to reflect logging levels 0-5 as shown below:
OPTIONS="-LS0-5d -Lf /dev/null -p /var/run/snmpd.pid"
STEP 2:Restart the SNMP service
Restart the SNMP service for the changes to take effect:
sudo service snmpd restart
FYI… to save you many gray hairs. On Ubuntu 10.04.4 LTS and possibly many other distros the “-LS0-5d” gives an options parsing error on snmpd restart. After a long process of denial and error I figured out that the capital S in -LS is no longer supported, i.e. only “-Ls0-5d”. Therefore the above example the should read ”
OPTIONS=”-Ls0-5d -Lf /dev/null -p /var/run/snmpd.pid”
Oh, I almost forgot, modify SNMPDOPTS in /etc/default/snmpd and not in /etc/init.d/snmpd as the latter will be replaced at the next update … tisk tisk tisk, best practices please 🙂
Now since I was nice enough to post this I’m hoping that others will oblige and help me with the following. The %&*$#$ snmpd is sill logging to /var/log/messages and /var/log/syslog. Logging to three different logs the same blody thing is nuts, not to mention an incredible waste of time and a self kick in the n**s when trying to look for the logs that matter in a sea of snmpd BS logs. Can anyone please please help out with shutting up snmpd forever, i.e. no more logging to messages or syslog as well.
Thanks!