• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1646
  • Last Modified:

SNMP logs on Linux

Hello,
We have an issue with our Linux and HPUX boxes on the logs that are created by SNMP monitoring.

The logs are full of lines like this:

Jan  9 09:53:23 monitored server snmpd[7328]: Received SNMP packet(s) from UDP: [xx.xxx.xxx.xx]:62547
Jan  9 09:53:23 monitored server snmpd[7328]: Connection from UDP: [xx.xxx.xxx.xx]:62547
Jan  9 09:53:23 monitored server last message repeated 5 times
Jan  9 09:53:25 monitored server snmpd[7328]: Connection from UDP: [xx.xxx.xxx.xx]:54926
Jan  9 09:53:25 monitored server snmpd[7328]: Received SNMP packet(s) from UDP: [xx.xxx.xxx.xx]:54926
Jan  9 09:53:25 monitored server snmpd[7328]: Connection from UDP: [xx.xxx.xxx.xx]:54926
Jan  9 09:53:25 monitored server last message repeated 7 times
Jan  9 09:54:08 monitored server snmpd[7328]: Connection from UDP: [xx.xxx.xxx.xx]:52233
Jan  9 09:54:08 monitored server snmpd[7328]: Received SNMP packet(s) from UDP: [xx.xxx.xxx.xx]:52233
Jan  9 09:54:38 monitored server snmpd[7328]: Connection from UDP: [xx.xxx.xxx.xx]:49610
Jan  9 09:54:38 monitored server snmpd[7328]: Received SNMP packet(s) from UDP: [xx.xxx.xxx.xx]:49610
Jan  9 09:54:47 monitored server snmpd[7328]: Connection from UDP: [xx.xxx.xxx.xx]:61334
Jan  9 09:54:47 monitored server snmpd[7328]: Received SNMP packet(s) from UDP: [xx.xxx.xxx.xx]:61334
Jan  9 09:55:09 monitored server snmpd[7328]: Connection from UDP: [xx.xxx.xxx.xx]:64176
Jan  9 09:55:09 monitored server snmpd[7328]: Received SNMP packet(s) from UDP: [xx.xxx.xxx.xx]:64176
Jan  9 09:55:09 monitored server snmpd[7328]: Connection from UDP: [xx.xxx.xxx.xx]:64176
Jan  9 09:55:25 monitored server snmpd[7328]: Connection from UDP: [xx.xxx.xxx.xx]:51500
Jan  9 09:55:25 monitored server snmpd[7328]: Received SNMP packet(s) from UDP: [xx.xxx.xxx.xx]:51500
Jan  9 09:55:25 monitored server snmpd[7328]: Connection from UDP: [xx.xxx.xxx.xx]:51500
Jan  9 09:55:25 monitored server last message repeated 7 times
Jan  9 09:56:03 monitored server snmpd[7328]: Connection from UDP: [xx.xxx.xxx.xx]:59116


The issue is that the logs are getting full, so, I´d like to remove this logging on the monitored servers.
Thanks in advance for your help
0
andressk
Asked:
andressk
  • 3
  • 3
  • 2
2 Solutions
 
arnoldCommented:
The log entries suggest connections from remote system I.e. hp openview or something similar.

You need to make sure that you have a log rotation process in place to manage their size.
Is the IP reflected in the log the same?
Do the systems that are referenced have snmp monitoring, poling functions?
0
 
andresskAuthor Commented:
Hello Arnold,

Thanks for your reply.

Below are the answers:

Yes, the IP reflected in the log is the same of the monitoring tool.
No, the monitored boxes don´t have polling functions, they are only monitored by snmp for resources and for some processes.

How works the log rotation process or how can I avoid the writing on these logs?

Regards
0
 
Rakesh Madupu JNCIE-SP #02079 CCIE-SP#47613Network Development EngineerCommented:
Hello Andressk,

I see that you are looking for filtering out these messages , some thing like input filter. I am not much of a linux guy, but I am pretty sure, Your Device who ever is generating this log, should have a good capability to avoid sending this log message to this server. Can you let me know what sort of device is generating these logs , are they Linux/hp server itself , if thats the case the you should very well have a regex to filter the incoming log as well.

Regards
Rakesh M
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
arnoldCommented:
The monitoring function is a polling function.
i.e. polling means connecting via SNMP and requesting a specific parameter/s.

on Linux there is a logrotate /etc/logrotate.d
where you create a config file that will rotate the snmp log file you were accessing and.

I am unfamiliar with AIX's log management.
http://www.web-manual.net/aix/managing-log-rotation-for-aix/

Avoid writing into the logs can be done in two ways, one way you can disable snmpd.* within the configuration in /etc/syslog.conf or a syslog variant.
Depending on which SNMP is in use, it may have an option not to record SNMP connection events.
0
 
andresskAuthor Commented:
Hi Rakesh,

It´s happening on all Linux boxes (red hat and ubuntu), not only on a specific one. The tool that we are using has not other configuration options for filtering, so, the change has to be done on the servers.

Thanks
0
 
Rakesh Madupu JNCIE-SP #02079 CCIE-SP#47613Network Development EngineerCommented:
Well, the log looks like they are at Log level 6 which are informational, and it does not indicate any error on the system , but as per the below article ,if you are going to disable log level 6 logging ,you are going to miss out on many log level 6 messages as well. The following webpage was suggested by one of my friends in a quick chat . This might help you ,i do this everyday on a router and switch so this be possible on a server end, just that i have never done this before :)

http://www.stat.auckland.ac.nz/~kimihia/net-snmp

Regards
0
 
andresskAuthor Commented:
Hi Arnold,

Can you please give me a step by step process to avoid writing into the log on a Red Hat Enterprise Linux Server with snmpd enabled?

Thank you
0
 
arnoldCommented:
editor nano, vi
/etc/syslog.conf or /etc/rsyslog.conf

search for snmpd or the log filename to which the entry is currently being added
either change from snmpd.<something> to
snmpd.none  
ps -ef | grep syslog

if it is a file, comment the line out
#line with /var/log/snmp.log
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now