Page MenuHomePhabricator

SNMP: reduce logging noise
Closed, ResolvedPublicFEATURE REQUEST

Description

show system log gets heavily spammed on SNMP queries ...

Aug  8 19:20:05 AC1 snmpd[2749]: Connection from UDP: [172.16.100.1]:37029->[172.16.254.100]:161
Aug  8 19:20:05 AC1 snmpd[2749]: Connection from UDP: [172.16.100.1]:49823->[172.16.254.100]:161
Aug  8 19:20:05 AC1 snmpd[2749]: Connection from UDP: [172.16.100.1]:40720->[172.16.254.100]:161
Aug  8 19:20:05 AC1 snmpd[2749]: Connection from UDP: [172.16.100.1]:53856->[172.16.254.100]:161
Aug  8 19:20:05 AC1 snmpd[2749]: Connection from UDP: [172.16.100.1]:56193->[172.16.254.100]:161
Aug  8 19:20:05 AC1 snmpd[2749]: Connection from UDP: [172.16.100.1]:56024->[172.16.254.100]:161
Aug  8 19:20:05 AC1 snmpd[2749]: Connection from UDP: [172.16.100.1]:59389->[172.16.254.100]:161
Aug  8 19:20:06 AC1 snmpd[2749]: Connection from UDP: [172.16.100.1]:33645->[172.16.254.100]:161
Aug  8 19:20:06 AC1 snmpd[2749]: Connection from UDP: [172.16.100.1]:39448->[172.16.254.100]:161
Aug  8 19:20:06 AC1 snmpd[2749]: Connection from UDP: [172.16.100.1]:49472->[172.16.254.100]:161

Maybe add something like set service snmp logging <foo|bar>

Manpge states:

Logging Options

The mechanism and destination to use for logging of warning and error messages can be controlled by passing various parameters to the -L flag.

-Le
Log messages to the standard error stream.

-Lf FILE
Log messages to the specified file.
-Lo
Log messages to the standard output stream.

-Ls FACILITY
Log messages via syslog, using the specified facility ('d' for LOG_DAEMON, 'u' for LOG_USER, or '0'-'7' for LOG_LOCAL0 through LOG_LOCAL7).
There are also "upper case" versions of each of these options, which allow the corresponding logging mechanism to be restricted to certain priorities of message. Using standard error logging as an example:
-LE pri
will log messages of priority 'pri' and above to standard error.
-LE p1-p2
will log messages with priority between 'p1' and 'p2' (inclusive) to standard error.
For -LF and -LS the priority specification comes before the file or facility token. The priorities recognised are:
0 or ! for LOG_EMERG,
1 or a for LOG_ALERT,
2 or c for LOG_CRIT,
3 or e for LOG_ERR,
4 or w for LOG_WARNING,
5 or n for LOG_NOTICE,
6 or i for LOG_INFO, and
7 or d for LOG_DEBUG.
Normal output is (or will be!) logged at a priority level of LOG_NOTICE

Details

Difficulty level
Easy (less than an hour)
Version
-
Why the issue appeared?
Will be filled on close

Related Objects

StatusAssignedTask
Resolvedc-po
DuplicateNone
c-po created this task.Aug 8 2018, 5:23 PM
c-po updated the task description. (Show Details)Aug 8 2018, 6:05 PM
c-po updated the task description. (Show Details)Aug 8 2018, 6:08 PM
c-po added a comment.Sep 1 2018, 11:42 AM

Starting with this daemon config reduces the logging entries dramatically:

cat  /etc/default/snmpd
# This file controls the activity of snmpd

# snmpd control (yes means start daemon).
SNMPDRUN=yes

# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS='-LSed -u snmp -g snmp -p /run/snmpd.pid'

now only messages greater or equal to error will be logged.

c-po claimed this task.Sep 1 2018, 12:23 PM
c-po closed this task as Resolved.
c-po triaged this task as Low priority.
c-po changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
c-po edited projects, added VyOS 1.2.x (VyOS 1.2.0-rc1); removed VyOS 1.2.x.
c-po added a comment.Sep 11 2018, 7:05 PM

In addition the old patches from https://phabricator.vyos.net/T17 have been re-applied to the net-snmp repository b/c they were lost in translation on the move to Debian Jessie.