I, along with many of my peers, complain that snmpd (from net-snmp) writes too many messages to the log file.
Jan 8 13:45:02 example snmpd[2048]: Connection from UDP: [10.0.0.1]:51890
Jan 8 13:45:02 example snmpd[2048]: Received SNMP packet(s) from UDP: [10.0.0.1]:51890
Jan 8 13:45:02 example last message repeated 2 times
Now imagine that repeated in every server, every time your monitoring server polls your host. This is a major mess and fills up the logs with crap. (If you can't imagine, it's 1,440 messages per host, and I monitor 18 hosts, which is 25,920 messages a day.)
The fault lies with tcpwrappers support. The firewalls are configured so that only the monitoring host can connect to the snmpd port. If you're not supposed to connect to snmpd, you can't. Thus, every connection is legitimate and doesn't need to be logged.
But how does one stop the logging?
The man page refers to a configuration option, dontLogTCPWrappersConnects, however this doesn't actually work and just gives an error. Let's ignore that then.
Reading the source (for 5.3.2) we find that the errors are written as follows: Skip code
--- net-snmp-5.3.2/agent/snmp_agent.c 2007-08-17 01:31:40.000000000 +1200
if ((log_addresses && (1 == rc)) ||
netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_VERBOSE)) {
snmp_log(LOG_INFO, "Received SNMP packet(s) from %s\n", addr);
}
...
if (hosts_ctl(name, STRING_UNKNOWN, sbuf, STRING_UNKNOWN)) {
snmp_log(allow_severity, "Connection from %s\n", addr_string);
} else {
snmp_log(deny_severity, "Connection from %s REFUSED\n",
addr_string);
As you can see, legitimate connections are logged at LOG_INFO and allow_severity (which is also set to LOG_INFO). Unfortunately, pretty much every other important message from snmpd is logged at this level, so if you're going to disable this silly chatter you have to disable almost every log message. If you're good at coding C, find the above blocks of code and comment out the snmp_log calls.
How? On Redhat Server 5 and Redhat Enterprise Linux 4 you simply create the file /etc/snmp/snmpd.options and put in there:
OPTIONS="-Lf /dev/null -p /var/run/snmpd.pid"
This is pretty much the default options (grep OPTIONS /etc/init.d/snmpd to compare) but with the removal of -Lsf, thus disabling logging.
For Fedora Core 10 and CentOS 5.2 the options file can be in /etc/sysconfig/snmpd.options, and if that file exists, use it instead.
Thank goodness for quiet log files!
摘自:http://www.stat.auckland.ac.nz/~kimihia/net-snmp
沒有留言:
張貼留言