How to Reduce SNMPd Logging Verbosity on CentOS for Cleaner Syslog


2 views

Many administrators running SNMPd on CentOS servers notice excessive logging entries like these:

Sep 12 13:05:40 myhost snmpd[7073]: Received SNMP packet(s) from UDP: [ipaddr]:42874
Sep 12 13:05:40 myhost snmpd[7073]: Connection from UDP: [ipaddr]:49272

These messages appear for every SNMP query, creating log clutter that makes it harder to spot genuine issues.

The primary solution involves modifying the /etc/snmp/snmpd.conf file. Add these directives:

# Reduce connection logging
dontLogTCPWrappersConnects yes

# Set syslog facility and priority
syslogLevel emerg

If you prefer keeping SNMPd logging intact but want to filter messages:

# Add to /etc/rsyslog.conf
:msg, contains, "snmpd" ~
:msg, contains, "Received SNMP packet" ~

Here's a production-tested minimal configuration:

# /etc/snmp/snmpd.conf
syslocation Server Room
syscontact admin@example.com
rocommunity public 192.168.1.0/24
dontLogTCPWrappersConnects yes
syslogLevel crit

After modifying the configuration:

systemctl restart snmpd
tail -f /var/log/messages | grep snmpd

You should only see critical messages now.

Many CentOS/RHEL administrators notice their syslog filling up with repetitive SNMPd messages like these:

Sep 12 13:05:40 myhost snmpd[7073]: Received SNMP packet(s) from UDP: [ipaddr]:42874
Sep 12 13:05:40 myhost snmpd[7073]: Connection from UDP: [ipaddr]:49272

These connection logs are generated by default and can create significant noise when you have multiple monitoring systems polling your SNMP service.

The most effective way to control SNMPd logging is through its configuration file (/etc/snmp/snmpd.conf). Here are the key directives:

# Disable connection logging
dontLogTCPWrappersConnects yes

# Set logging level (1=errors only, 2=warnings, 3=info, 4=debug)
logLevel 1

# Alternative - log to separate file instead of syslog
logfile /var/log/snmpd.log

For a production environment where you only want to see errors, use this minimal configuration:

# /etc/snmp/snmpd.conf
dontLogTCPWrappersConnects yes
logLevel 1

After making changes, restart the service:

systemctl restart snmpd

Monitor your syslog to confirm the change took effect:

tail -f /var/log/messages
# Or for modern systems using journalctl:
journalctl -u snmpd -f

For more granular control, you can implement conditional logging using these approaches:

# Only log for specific hosts
access notConfigGroup "" any noauth exact all none none

# Log only failed authentication attempts
authCommunity log,execute,net public

Remember that reducing logs too much might make troubleshooting harder. Consider keeping warning level (2) in production unless you have specific noise issues.