Currently we just use what puppet-snmp provides in terms of defaults.
This means that currently every single snmp query gets logged with
the following:
May 15 10:51:30 centos.localdomain snmpd[5159]: Connection from UDP: [127.0.0.1]:57799->[127.0.0.1]:161
May 15 10:51:30 centos.localdomain snmpd[5159]: Connection from UDP: [127.0.0.1]:57799->[127.0.0.1]:161
May 15 10:51:32 centos.localdomain snmpd[5159]: Connection from UDP: [127.0.0.1]:50566->[127.0.0.1]:161
The reason is that we use '-LS0-6d' as the default content for
/etc/sysconfig/snmpd:
https://github.com/razorsedge/puppet-snmp/blob/master/manifests/params.pp#L322
This default means that we are logging from 0 (LOG_EMERG) to 6
(LOG_INFO). The above messages bring nothing in a default installation
and only spam the log files, so let's lower the upper log level to 5
(LOG_NOTICE) by default, so we properly do not see every single query in
the logs. We add an option so the operator can still configure the
desired log level via a Heat parameter.
Change-Id: I8d3dfdb4d549cd27131346fc477755ad72313449
description: An array of bind host addresses on which SNMP daemon will listen.
type: comma_delimited_list
default: ['udp:161','udp6:[::1]:161']
+ SnmpdOptions:
+ description: A string containing the commandline options passed to snmpd
+ type: string
+ default: '-LS0-5d'
outputs:
role_data:
tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName}
tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword}
snmp::agentaddress: {get_param: SnmpdBindHost}
+ snmp::snmpd_options: {get_param: SnmpdOptions}
tripleo.snmp.firewall_rules:
'127 snmp':
dport: 161
--- /dev/null
+---
+features:
+ - |
+ Per default, don't log a message in syslog for each incoming SNMP query.
+ So set the default log level to '-LS0-5d'. Allow the operator to customize
+ the log level via a parameter.