On a centralized log server running CentOS 5, I noticed a significant increase in the /var/log/messages file after recently implementing net-snmp. Some developers had written custom code that leverages snmpd, and they were polling devices ~25 times/second. While establishing dialogue with the developers to determine why there was a need to poll with such frequency, simultaneously I looked into a solution that would address the excessive generation of log data. Many of the entries looked like the one below:
Jul 1 04:08:27 10.1.1.45 snmpd[4925]: Connection from UDP: [127.0.0.1]:37987
The solution I found was in the /etc/init.d/snmpd file. Find the following line:
OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"
And change it to this:
OPTIONS="-Lf /dev/null -p /var/run/snmpd.pid -a"
After making this small change, the log messages generated by snmpd stopped and I could once again focus on log entries that matter. Yes, it is easy enough to employ filters after the fact, but when 95% of your log files are comprised of one piece of log data, logging said data becomes a worthless exercise.
