If your running a recent distribution of Linux and it’s being polled by SNMP, chances are you see a log of this in your logs:
Aug 23 08:20:43 myserver snmpd[951]: Connection from UDP: [192.168.0.1]:51832->[192.168.0.8] Aug 23 08:20:43 myserver snmpd[951]: Connection from UDP: [192.168.0.1]:43120->[192.168.0.8] Aug 23 08:20:43 myserver snmpd[951]: Connection from UDP: [192.168.0.1]:55987->[192.168.0.8] Aug 23 08:20:43 myserver snmpd[951]: Connection from UDP: [192.168.0.1]:36068->[192.168.0.8]
While informative, it creates a lot of noise. There are different things you can do to get rid of it.
- Disable snmpd’s logging completely. Not recommended.
- Filter out the messages during log processing using third party tools (grep, sec, etc,ossec).
- Tell snmpd to not print these messages.
I’m only going to describe the last option, changing snmpd’s logging options.
The file that need updating depends on your distribution.
RedHat/CentOS/Scientific Linux: /etc/sysconfig/snmpd
Debian/Ubuntu: /etc/defaults/snmpd
You want to look for the line that passes the command line options to snmpd. On RedHat Enterprise 6 this looks like:
# OPTIONS="-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid"
The option to change is the -L option, that controls snmpd’s logging. You want change the range from 0-6 to 0-5. (On Redhat Enterprise 6 you also have to uncomment the line.) The result looks like:
OPTIONS="-LS0-5d -Lf /dev/null -p /var/run/snmpd.pid"
Restart snmpd and your done.