Snmpd: Connection from UDP: REFUSED and SNMP Logging

Connection from UDP: [IP]:[port] REFUSED

During setting up my monitoring system using Zenoss, I see some of the servers which run on RHEL 5 were returning following logs under /var/log/message :

Aug 2 10:47:55 server1 snmpd[30684]: Connection from UDP: [210.6.122.109]:56295 REFUSED
Aug 2 10:47:57 server1 snmpd[30684]: Connection from UDP: [210.6.122.109]:56295 REFUSED

To solve this, we need to allow the source connection IP in /etc/hosts.allow file by adding following line:

snmpd: 210.6.122.109

After changing the value, restart snmpd service:

$ service snmpd restart

Monitor the /var/log/message as below:

Aug 2 10:51:44 server1 snmpd[1771]: Connection from UDP: [210.6.122.109]:56797
Aug 2 10:51:44 server1 snmpd[1771]: Received SNMP packet(s) from UDP: [210.6.122.109]:56797
Aug 2 10:51:44 server1 snmpd[1771]: Connection from UDP: [210.6.122.109]:56797

 

SNMP Logging Flooding into /var/log/message

Another problem I have been facing with default installation of SNMP is the /var/log/message will be flooding with snmpd log as example above. To overcome this, add following line into /etc/sysconfig/snmpd using text editor:

OPTIONS="-LS 5 d"

Save and restart SNMPD to get affected. To verify, just run following command and make sure the options value is included:

$ ps aux | grep snmpd
root   32382   0.0   0.1   197160   5076   ? S   13:04   0:00        /usr/sbin/snmpd -LS 5 d

This options will log from level 0 to 4 based on log level below:

0 – Emergencies – System is unusable
1 – Alerts – Immediate action needed
2 – Critical – Critical conditions
3 – Errors – Error conditions
4 – Warnings – Warning conditions
5 – Notifications – Informational messages
6 – Informational – Normal but significant conditions
7 – Debugging – Debugging messages