1. Overview

SNMP (Simple Network Management Protocol) is a widely used protocol for monitoring and managing network devices and services such as servers, routers, and printers.

The SNMP daemon in Linux, snmpd, is an SNMP agent that can accept SNMP requests and respond to them. It also collects information about the status of the host. snmpd writes its logs to syslog by default. Sometimes, the number of log messages written to syslog might be high. However, we can change the logging level of snmpd to reduce the number of log messages.

In this tutorial, we’ll discuss how to reduce the logging level of the SNMP daemon.

2. Preparing the Setup

We’ll prepare the necessary setup in this section to test the changes in the SNMP daemon’s logging level. We perform the tests on RHEL 8.

2.1. Checking the SNMP Daemon

The SNMP daemon, snmpd, must be running. Let’s check its status using systemctl status:

$ systemctl status snmpd
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
   Loaded: loaded (/usr/lib/systemd/system/snmpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2024-05-06 15:49:05 +03; 1min 12s ago
 Main PID: 1286 (snmpd)
    Tasks: 1 (limit: 11270)
   Memory: 9.4M
   CGroup: /system.slice/snmpd.service
           └─1286 /usr/sbin/snmpd -a -LS0-6d -f

May 06 15:49:05 local_machine systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....
May 06 15:49:05 local_machine snmpd[1286]: NET-SNMP version 5.8
May 06 15:49:05 local_machine systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon..

The SNMP daemon is up and running. The service manager, systemd, seems to have started the daemon by running the /usr/sbin/snmpd -a -LS0-6d f command.

The net-snmp package provides the SNMP daemon. Therefore, if it isn’t installed, we must install the net-snmp package, which is available for all major Linux distros. Additionally, we must enable and start the service after the installation.

2.2. Installing net-snmp-utils

We’ll use the snmpget command to get information from snmpd using SNMP GET requests. Therefore, we need to install the net-snmp-utils package, which provides several SNMP tools, including snmpget:

$ sudo dnf install net-snmp-utils

Installing a package using dnf install requires root privileges, so we use it together with the sudo command.

2.3. Appending Logs to syslog

When we run the snmpget command, it sends an SNMP packet to snmpd using UDP. We can print the logs of snmpd using journalctl:

$ journalctl -u snmpd
-- Logs begin at Mon 2024-05-06 15:49:01 +03, end at Mon 2024-05-06 16:00:40 +03. --
May 06 15:49:05 local_machine systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....
May 06 15:49:05 local_machine snmpd[1286]: NET-SNMP version 5.8
May 06 15:49:05 local_machine systemd[1]: Started Simple Network Management Protocol (SNMP) 

The -u option specifies the service, which is snmpd in our case.

Now, let’s make a simple SNMP query using snmpget:

$ snmpget -v 2c -c public localhost system.sysUpTime.0
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (127383) 0:21:13.83

The -v option of snmpget specifies the version of the SNMP protocol, which is 2c in our case. The -c option, on the other hand, sets the community string as public. The localhost argument specifies the SNMP agent with which to communicate. Finally, we pass system.sysUpTime.0 as the last argument. This object identifier (OID) corresponds to the uptime of the system.

Let’s check the logs of snmpd again using journalctl:

$ journalctl -u snmpd
- Logs begin at Mon 2024-05-06 15:49:01 +03, end at Mon 2024-05-06 16:10:19 +03. --
May 06 15:49:05 local_machine systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....
May 06 15:49:05 local_machine snmpd[1286]: NET-SNMP version 5.8
May 06 15:49:05 local_machine systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon..
May 06 16:10:19 local_machine snmpd[1286]: Received SNMP packet(s) from UDP: [127.0.0.1]:37866->[127.0.0.1]:161

As is apparent from the last line in the output, a new log was appended after running the snmpget command. snmpd received an SNMP packet using UDP according to this log message. The source address and port are 127.0.0.1 and 37866, respectively. Similarly, the destination address and port are 127.0.0.1 and 161, respectively. 127.0.0.1 is the loopback address. By default, snmpd receives requests on the UDP port 161.

Our goal is to suppress these logs that show the addresses of incoming requests by reducing the logging level of snmpd.

3. Reducing the SNMP Daemon’s Logging Level

We’ll see how to reduce the logging level of the SNMP daemon in this section. However, let’s first examine the options passed to snmpd, which is spawned by running:

/usr/sbin/snmpd -a -LS0-6d -f

3.1. The Options Passed to the SNMP Daemon

The -a option of snmpd logs the source address of incoming requests. Normally, this option isn’t passed to snmpd in the default installation of net-snmp. We pass it to snmpd on purpose to log the addresses of incoming requests in syslog. As we’ll see shortly, we can add it using the unit file of snmpd.

The -f option specifies not to fork the daemon from the calling shell.

The -LS0-6d part of the command is of interest to us. The -LS option specifies syslog as the target of the logging output. Other options for redirecting the logs are the standard output, the standard error, and any other file.

The 0-6 part in -LS0-6d specifies the debug levels or priorities of the log messages. The priority of the log messages can take the following values:

  • 0: EMERGENCY
  • 1: ALERT
  • 2: CRITICAL
  • 3: ERROR
  • 4: WARNING
  • 5: NOTICE
  • 6: INFO
  • 7: DEBUG

Therefore, specifying 0-6 prints all log messages with priorities between 0 and 6. The range is inclusive.

Finally, the d part of -LS0-6d specifies that the program that logs the messages is a daemon, LOG_DAEMON.

The logs showing the addresses of incoming requests when we run snmpget have priority 6 (INFO). Therefore, if we change the priority range from 0-6 to 0-5, we shouldn’t see those messages in syslog. We need to modify the unit file of snmpd for this purpose.

3.2. Updating the Unit File

The unit file of snmpd is in the /lib/systemd/system directory:

$ cat /lib/systemd/system/snmpd.service
[Unit]
Description=Simple Network Management Protocol (SNMP) Daemon.
After=syslog.target network-online.target

[Service]
Type=notify
Environment=OPTIONS="-a -LS0-6d"
EnvironmentFile=-/etc/sysconfig/snmpd
ExecStart=/usr/sbin/snmpd $OPTIONS -f
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

We need to change the Environment=OPTIONS=”-a -LS0-6d” line in snmpd.service to Environment=OPTIONS=”-a -LS0-5d”. After changing the unit file with a text editor like vi and saving it, we need to restart the snmpd daemon:

$ sudo systemctl daemon-reload
$ sudo systemctl restart snmpd

Because we updated the unit file, we first run systemctl daemon-reload so that the new settings take effect. Then, we restart the service using systemctl restart snmpd. Both commands require root privileges, so we run them together with sudo.

Notably, it’s possible to specify a single priority level. For example, we can use -LS5d instead of -LS0-5d as they have the same effect. Both will log messages of priority 0 to 5, inclusive.

3.3. Checking Logs in syslog

Let’s check the logs of snmpd using journalctl after restarting it:

$ journalctl -u snmpd
-- Logs begin at Mon 2024-05-06 15:49:01 +03, end at Mon 2024-05-06 16:34:41 +03. --
...
May 06 16:33:06 local_machine systemd[1]: Stopped Simple Network Management Protocol (SNMP) Daemon..
May 06 16:33:06 local_machine systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....
May 06 16:33:06 local_machine systemd systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon..

The last message is about the start of the service. Now, let’s run snmpget again:

$ snmpget -v 2c -c public localhost system.sysUpTime.0
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (28015) 0:04:40.15

Let’s check the logs of snmpd once more:

$ journalctl -u snmpd
-- Logs begin at Mon 2024-05-06 15:49:01 +03, end at Mon 2024-05-06 16:34:41 +03. --
...
May 06 16:33:06 local_machine systemd[1]: Stopped Simple Network Management Protocol (SNMP) Daemon..
May 06 16:33:06 local_machine systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....
May 06 16:33:06 local_machine systemd systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon..

There aren’t any messages appended to the logs this time. Therefore, we succeeded in reducing the log level of the SNMP daemon.

4. Conclusion

In this article, we discussed how to reduce the logging level of the SNMP Daemon. First, we prepared the necessary setup. Then, we saw that the logging levels of messages are specified as a range in the unit file of snmpd. Additionally, we learned that we must run the systemctl daemon-reload command for the new settings to take effect before restarting the service.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments