Menu Close

How to disable redundant SNMP logging (connection information) in RHEL 6

Under normal working conditions, when SNMP Managers query SNMP agents (snmpd) on RHEL 6, several lines of information similar to the following are logged into syslog:

 May 27 17:39:14 MyLinuxHost snmpd[1521]: Connection from UDP: [192.168.100.200]:54907->[172.23.10.10] 

As snmpd is typically queried frequently, your syslog (e.g. /var/log/messages) will be filled with several such informational lines as this can lead to “noise” and is truly not required.

SNMP Logging Levels are given below:

LOG LEVEL DESCRIPTION
0 Emergencies – System is unusable
1 Alerts – Immediate action needed
2 Critical – Critical conditions
3 Errors – Error conditions
4 Warnings – Warning conditions
5 Notifications – Informational messages
6 Informational – Normal but significant conditions
7 Debugging – Debugging messages

By default, SNMP on RHEL 6 has logging levels 0-6 enabled. The redundant information in the logs is logged at level 6. Given below are steps to disable these informational messages for SNMP on RHEL 6:

STEP 1:Modify the SNMP Logging Level

Edit /etc/init.d/snmpd and modify the OPTIONS variable to reflect logging levels 0-5 as shown below:

 OPTIONS="-LS0-5d -Lf /dev/null -p /var/run/snmpd.pid" 

STEP 2:Restart the SNMP service

Restart the SNMP service for the changes to take effect:

 sudo service snmpd restart 
VN:F [1.9.22_1171]
Rating: +17 (from 23 votes)
Print Friendly, PDF & Email
(Visited 13 times, 1 visits today)

1 Comment

  1. Gigi Semiduru

    FYI… to save you many gray hairs. On Ubuntu 10.04.4 LTS and possibly many other distros the “-LS0-5d” gives an options parsing error on snmpd restart. After a long process of denial and error I figured out that the capital S in -LS is no longer supported, i.e. only “-Ls0-5d”. Therefore the above example the should read ”

    OPTIONS=”-Ls0-5d -Lf /dev/null -p /var/run/snmpd.pid”

    Oh, I almost forgot, modify SNMPDOPTS in /etc/default/snmpd and not in /etc/init.d/snmpd as the latter will be replaced at the next update … tisk tisk tisk, best practices please 🙂

    Now since I was nice enough to post this I’m hoping that others will oblige and help me with the following. The %&*$#$ snmpd is sill logging to /var/log/messages and /var/log/syslog. Logging to three different logs the same blody thing is nuts, not to mention an incredible waste of time and a self kick in the n**s when trying to look for the logs that matter in a sea of snmpd BS logs. Can anyone please please help out with shutting up snmpd forever, i.e. no more logging to messages or syslog as well.

    Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *