Net-SNMP and tcp-wrappers verbosity
Posted Mon, 26 Oct 2009
I see this in my server logs quiet often:
Oct 23 05:37:48 pww-5 snmpd: Connection from UDP: [XX.XX.XX.XX]:34650 Oct 23 05:37:48 pww-5 last message repeated 16 times Oct 23 05:37:48 pww-5 snmpd: Connection from UDP: [XX.XX.XX.XX]:34652 Oct 23 05:37:48 pww-5 last message repeated 24 timesGoogling points out that in snmpd.conf we should use "dontLogTCPWrappersConnects" - but thet top search results claim that it doesn't work (syntax errors, etc). I tried this:
dontLogTCPWrappersConnectsThis makes an error of:
/etc/snmp/snmpd.conf: line 29: Error: Blank line following dontLogTCPWrappersConnects token.So I took a guess and changed it to:
dontLogTCPWrappersConnects 1This works to quiet the 'Connection from UDP: ...' messages. However, it still logs things like:
Oct 22 23:17:35 pww-4 snmpd: Received SNMP packet(s) from UDP: [XX.XX.XX.XX]:42926Fixing this requires telling snmpd to log less stuff to syslog. The '-L' logging options support upper-case versions which set the level at which it will log. Fixing syslog to not log the snmp packet info means setting this flag "-LSnd". This means we'll log at 'notice' levels and above to syslog with the daemon facility. Setting this flag seems to make snmpd less chatty in logs about packets it gets. Setting the log level to '-LSid' (info level) will make it once again log the packet receipts.
In CentOS (and other redhat variants) you'll edit this file to make this change permanent: /etc/sysconfig/snmpd.options - just change "-Lsd" (default in my version of net-snmp) to "-LSnd" and make sure the OPTIONS line is uncommented.