Oct 152012
 

On a centralized log server running CentOS 5, I noticed a significant increase in the /var/log/messages file after recently implementing net-snmp. Some developers had written custom code that leverages snmpd, and they were polling devices ~25 times/second. While establishing dialogue with the developers to determine why there was a need to poll with such frequency, simultaneously I looked into a solution that would address the excessive generation of log data. Many of the entries looked like the one below:

Jul 1 04:08:27 10.1.1.45 snmpd[4925]: Connection from UDP: [127.0.0.1]:37987

The solution I found was in the /etc/init.d/snmpd file. Find the following line:

OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"

And change it to this:

OPTIONS="-Lf /dev/null -p /var/run/snmpd.pid -a"

After making this small change, the log messages generated by snmpd stopped and I could once again focus on log entries that matter. Yes, it is easy enough to employ filters after the fact, but when 95% of your log files are comprised of one piece of log data, logging said data becomes a worthless exercise.

 

Additional Reading

http://www.stat.auckland.ac.nz/~kimihia/net-snmp