RSYSLOG – new file for SNMP

Sometimes it is annoying that all entries are written inti the /var/log/messages log file. Especially of you run SNMP on your host and each single packet gets recorded.
There are two options available. The first one is to reduce the verbosity on SNMP, which I usually do not want to because sometimes it is worth having a full log file.

Second option is to create new log file for snmp messages on rsyslog.

This can be achieved by adding a new file into the /etc/rsyslog.d/ folder. I named it 30-snmp.log

note: ensure that the number infront is smaler than the default policy one.

# SNMP entries seperated into a new log file
if  ($programname == 'snmpd')
then {
    -/var/log/snmp.log
    stop
}

This did the magic. Solution derived from: http://unix.stackexchange.com

To finialise and to make sure that this log file does not lockup too much space the logrotate deamon needs to get some information.

Just create /etc/logrotate.d/snmp with the following input:

 

/var/log/snmp.log {
        rotate 7
        size 500k
        notifempty
        compress
        postrotate
                invoke-rc.d rsyslog rotate > /dev/null
        endscript
}

Leave a Reply

Your email address will not be published. Required fields are marked *