snmp istek logunu kapatmak

snmp istek logunu kapatmak

Merhabalar,
Bazı sunucularda sunucu üzerine gelen her snmp isteklerini logladığınızı görürsünüz. Buda /var/log/messages dosyasının dolamasına hatta syslog kullanıyorsanız gereğinden fazla log attığını görürsünüz. Peki bu info mesajları nasıl kapatabiliriz sorunusu aradım. Çözüm basit. Bulduğum sayfanın orjinalinide ekliyorum.

vi /etc/sysconfig/snmpd.options   

 #aşağıda yazana benzer bir ifade bulacaksınız.sadece başındaki -LS0-4d kısmını benzetin. burda 0 ile 4 arasındakileri logla diyor.

 ... OPTIONS="-LS0-4d -Lf /var/log/snmpd.log -p /var/run/snmpd.pid -a" ...

Son olarak

service snmpd restart

 

 

(RHEL) HOWTO stop snmpd spamming /var/log/messages

Jump to: navigation, search

More Sharing Services Share Share on facebookShare on twitterShare on linkedinShare on email

Contents 1 Introduction 2 Reconfigure snmpd 3 Enhance log rotation 4 External Links

Introduction

The default installation of net-snmp package comes with a default configuration which cause snmpd to log at debug level within /var/log/messages. When using monitoring systems which make snmp requests every 5 minutes, it spams totally /var/log/messages with messages like:

Command: content of /var/log/messages

# tail /var/log/messages ... Jan 23 11:10:30 sv0143 snmpd[3968]: Received SNMP packet(s) from UDP: [192.168.0.2]:54579 Jan 23 11:10:30 sv0143 snmpd[3968]: Connection from UDP: [192.168.0.3]:50596 Jan 23 11:10:30 sv0143 snmpd[3968]: Received SNMP packet(s) from UDP: [192.168.0.3]:50596 Jan 23 11:10:30 sv0143 snmpd[3968]: Connection from UDP: [192.168.0.3]:50596 Jan 23 11:10:30 sv0143 snmpd[3968]: last message repeated 8 times

This annoying behavior can be corrected by reconfiguring the snmpd daemon to log within its own files and to log on only errors to /var/log/messages.

Reconfigure snmpd

To change the way snmpd is logging, it needs to be reconfigured as follow. As root, open the file /etc/sysconfig/snmpd.options using vi:

Command: editing /etc/sysconfig/snmpd.options

# vi /etc/sysconfig/snmpd.options

Add the following line:

Config File: /etc/sysconfig/snmpd.options

... OPTIONS="-LS0-4d -Lf /var/log/snmpd.log -p /var/run/snmpd.pid -a" ...

Which means:

• -LS0-4d : logging only log levels from 0 to 4 to syslog. Those levels are described below:
  • 0 or ! for LOG_EMERG,
  • 1 or a for LOG_ALERT,
  • 2 or c for LOG_CRIT,
  • 3 or e for LOG_ERR,
  • 4 or w for LOG_WARNING,
  • 5 or n for LOG_NOTICE,
  • 6 or i for LOG_INFO,
  • 7 or d for LOG_DEBUG.
• -Lf /var/log/snmpd.log: logging everything to /var/log/snmpd.log

Then restart the snmpd service using:

Command: restarting snmpd

# service snmpd restart

Enhance log rotation

To be sure that the new log file is rotated as wanted, check the file "/etc/logrotate.d/snmpd":

Command: editing /etc/sysconfig/snmpd.options

# vi /etc/logrotate.d/snmpd

In this case, the rotate 52 and compress will be added in the default configuration file to save an history of 52 weeks of compressed logs.

Config File: /etc/logrotate.d/snmpd

/var/log/snmpd.log { rotate 52 compress notifempty missingok postrotate /bin/kill -HUP `cat /var/run/snmpd.pid 2> /dev/null` 2> /dev/null || true endscript }

Note: Adding rotate 52 and compress to /etc/logrotate.d/snmpd is needed only if it was not defined globally in /etc/logrotate.conf

External Links

• Logging options in the man page of net-snmp