- net-snmp 184.108.40.206 filling /var/log/messages - problem description and solution
- Cause of the problem
net-snmp 220.127.116.11 filling /var/log/messages - problem description and solution
In the most recent (as of April 2009) RedHat Enterprise Linux (RHEL) 5 / Centos 5 RPM of net-snmp ( net-snmp-18.104.22.168-5.el5 ) there is a bug affecting the logging functionality of snmpd
The default installation causes messages like the following to fill the syslog
Apr 23 22:35:02 hostname snmpd: Connection from UDP: [127.0.0.1]:52863 Apr 23 22:35:02 hostname snmpd: Received SNMP packet(s) from UDP: [127.0.0.1]:52863
The man page and “snmpd –help” output indicate that you can control the priority of the logging messages that you want sent to syslog :
Man page of snmpcmd
... -Ls FACILITY Log messages via syslog, using the specified facility ('d' for LOG_DAEMON, 'u' for LOG_USER, or '0'-'7' for LOG_LOCAL0 through LOG_LOCAL7). There are also "upper case" versions of each of these options, which allow the corresponding logging mechanism to be restricted to certain priorities of message. Using standard error logging as an example: -LE pri will log messages of priority 'pri' and above to standard error. -LE p1-p2 will log messages with priority between 'p1' and 'p2' (inclusive) to standard error. For -LF and -LS the priority specification comes before the file or facility token. The priorities recognised are: 0 or ! for LOG_EMERG, 1 or a for LOG_ALERT, 2 or c for LOG_CRIT, 3 or e for LOG_ERR, 4 or w for LOG_WARNING, 5 or n for LOG_NOTICE, 6 or i for LOG_INFO, and 7 or d for LOG_DEBUG. Normal output is (or will be!) logged at a priority level of LOG_NOTICE
... -L <LOGOPTS> toggle options controlling where to log to e: log to standard error o: log to standard output n: don't log at all f file: log to the specified file s facility: log to syslog (via the specified facility) (variants) [EON] pri: log to standard error, output or /dev/null for level 'pri' and above [EON] p1-p2: log to standard error, output or /dev/null for levels 'p1' to 'p2' [FS] pri token: log to file/syslog for level 'pri' and above [FS] p1-p2 token: log to file/syslog for levels 'p1' to 'p2'
Cause of the problem
As of net-snmp-22.214.171.124-5.el5.i386.rpm this patch has not been backported into the 126.96.36.199 rpm.
Your options are :
- find an RPM of net-snmp at 5.4.2 or newer with the patch
- turn off all logging by using either the “-Ln” or the “-Lf /dev/null” parameters. This can be done in the /etc/sysconfig/snmpd.options file by changing the default contens of :
# snmpd command line options # OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"
# snmpd command line options # OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a" OPTIONS="Lf /dev/null -p /var/run/snmpd.pid -a"
- configure syslog to send all messages of a given facility (facility 0 - 7) to a separate file, then configure net-snmp to send to that facility. This will prevent the messages from filling your /var/log/messages file, but you’ll still be able to look at them if you need to.