- net-snmp 5.3.2.2 filling /var/log/messages - problem description and solution
- Overview
- Cause of the problem
- Solution
net-snmp 5.3.2.2 filling /var/log/messages - problem description and solution
Overview
In the most recent (as of April 2009) RedHat Enterprise Linux (RHEL) 5 / Centos 5 RPM of net-snmp ( net-snmp-5.3.2.2-5.el5 ) there is a bug affecting the logging functionality of snmpd
The default installation causes messages like the following to fill the syslog
Apr 23 22:35:02 hostname snmpd[25564]: Connection from UDP: [127.0.0.1]:52863
Apr 23 22:35:02 hostname snmpd[25564]: Received SNMP packet(s) from UDP: [127.0.0.1]:52863
The man page and “snmpd –help” output indicate that you can control the priority of the logging messages that you want sent to syslog :
Man page of snmpcmd
...
-Ls FACILITY
Log messages via syslog, using the specified facility ('d' for
LOG_DAEMON, 'u' for LOG_USER, or '0'-'7' for LOG_LOCAL0 through
LOG_LOCAL7).
There are also "upper case" versions of each of these options, which allow
the corresponding logging mechanism to be restricted to certain priorities of
message. Using standard error logging as an example:
-LE pri
will log messages of priority 'pri' and above to standard error.
-LE p1-p2
will log messages with priority between 'p1' and 'p2' (inclusive) to
standard error.
For -LF and -LS the priority specification comes before the file or facility
token. The priorities recognised are:
0 or ! for LOG_EMERG,
1 or a for LOG_ALERT,
2 or c for LOG_CRIT,
3 or e for LOG_ERR,
4 or w for LOG_WARNING,
5 or n for LOG_NOTICE,
6 or i for LOG_INFO, and
7 or d for LOG_DEBUG.
Normal output is (or will be!) logged at a priority level of LOG_NOTICE
snmpd –help
...
-L <LOGOPTS> toggle options controlling where to log to
e: log to standard error
o: log to standard output
n: don't log at all
f file: log to the specified file
s facility: log to syslog (via the specified facility)
(variants)
[EON] pri: log to standard error, output or /dev/null for level 'pri' and above
[EON] p1-p2: log to standard error, output or /dev/null for levels 'p1' to 'p2'
[FS] pri token: log to file/syslog for level 'pri' and above
[FS] p1-p2 token: log to file/syslog for levels 'p1' to 'p2'
Cause of the problem
This is caused by a bug which was patched in patch 1806336 and released in net-snmp 5.4.2.1 (changelog here).
As of net-snmp-5.3.2.2-5.el5.i386.rpm this patch has not been backported into the 5.3.2.2 rpm.
Solution
Your options are :
- find an RPM of net-snmp at 5.4.2 or newer with the patch
- turn off all logging by using either the “-Ln” or the “-Lf /dev/null” parameters. This can be done in the /etc/sysconfig/snmpd.options file by changing the default contens of :
# snmpd command line options # OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"
to
# snmpd command line options # OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a" OPTIONS="Lf /dev/null -p /var/run/snmpd.pid -a"
- configure syslog to send all messages of a given facility (facility 0 - 7) to a separate file, then configure net-snmp to send to that facility. This will prevent the messages from filling your /var/log/messages file, but you’ll still be able to look at them if you need to.