rootninja

Why does snmpd try to log everything by default in Fedora? If you’re polling every five minutes or so for MRTG or a commercial product like Solarwinds, you might find /var/log/messages filling up with successful connection messages:

Oct 22 04:00:01 ServerName snmpd[2089]:last message repeated 5 times
Oct 22 04:00:01 ServerName snmpd[2089]: Connection from UDP: [127.0.0.1]:40732
Oct 22 04:00:01 ServerName snmpd[2089]: Received SNMP packet(s) from UDP: [127.0.0.1]:40732
Oct 22 04:00:01 ServerName snmpd[2089]: Connection from UDP: [127.0.0.1]:40732
Oct 22 04:05:01 ServerName snmpd[2089]:last message repeated 5 times
Oct 22 04:05:01 ServerName snmpd[2089]: Connection from UDP: [127.0.0.1]:34007
Oct 22 04:05:01 ServerName snmpd[2089]: Received SNMP packet(s) from UDP: [127.0.0.1]:34007
Oct 22 04:05:01 ServerName snmpd[2089]: Connection from UDP: [127.0.0.1]:34007

To stop this nonsense, override the default options being fed to snmpd in the init script. (no, don’t hack the init script!  You’ll forget to re-hack it when you update your system and your changes get overwritten, doh!)

Create /etc/snmp/snmpd.options and provide your own options to the snmpd daemon.  This is what I use on most clients to tell syslog to only log levels 0 through 4.

OPTIONS=”-LS 4 d -Lf /dev/null -p /var/run/snmpd.pid -a”

If you have a client that doesn’t have ipv6 addresses and you check TCP connections with snmp, you’ll want to change the 4 to a 2.  Otherwise you’ll still get messages like these:

Oct 22 04:20:31 ThisOldServer snmpd[21882]: could not open /proc/net/if_inet6
Oct 22 04:21:31 ThisOldServer snmpd[21882]: cannot open /proc/net/snmp6 …

In /etc/init.d/snmpd you should see where it’s looking for /etc/snmp/snmpd.options, and if it doesn’t find it, it provides a set of defaults, which is to let syslog log everything.

if [ -e /etc/snmp/snmpd.options ]; then
. /etc/snmp/snmpd.options
else
OPTIONS=”-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a”
fi

After you make your snmpd.options file in /etc/snmp/ just restart snmpd and it should find your file and not follow the else clause which was setting those options for you before.  Just to make sure, wait 5 minutes (or force a snmp check) and look at the logs.  You could add an entry to your logs with ‘logger’ just to make a note of when you made the change.  But it should be quite obvious if you don’t a ton of syslog traffic.  You should also see the log level in the process list since you made the change and restarted the service.

ninja@ThisOldServer ~$ ps -ef | grep snmpd
root     21900     1  0 14:21 ?        00:00:00 /usr/sbin/snmpd -LS 2 d -Lf /dev/null -p /var/run/snmpd.pid -a
acarr    21936 21915  0 14:56 pts/0    00:00:00 grep snmpd
ninja@ThisOldServer ~$