Stop events like Received SNMP packet(s) from UDP: [1.2.3.4]:59675
 

On only 2 rhel boxes I have my /var/log/messages file is full of events similar to this

Received SNMP packet(s) from UDP: [1.2.3.4]:59675

Other than blocking the ip in iptables, what other options do I have to stop these if i can't make 1.2.3.4 stop talking to the servers?

Also, not sure if this matters, but i have webmin installed on these servers, not sure if that uses snmp for anything so just throwing it out there. although webmin is on the other servers that don't have this message constantly too.

One way would be to check the service creating the message - the SNMP service configuration on RH should provide a notification level.

Another way is to have rsyslog discard it (rsyslog.conf).

The service on my machine getting the errors, or the one referenced by IP in the error? My /etc/snmp/snmpd.conf only has a rocommunity, syslocation, and syscontact in it.
I don't have a rsyslog.conf in /etc.

The one generating the SNMP message should be the one modified for the service generating it.

The advantage is that you get to detect that something is happening from that machine... the disadvantage occurs when the message has no meaning. Since it appears to have no meaning it may be due to a default configuration that just notifies everything.

Yeah, my guess is someone installed something on here, but never configured it so it's just giving me default noise. But I'm still not really sure what I should change based on what's in the one file and not having the other.

Or do you think it's just best to disable SNMP? I don't know if that breaks webmin though.

You could do that on that one machine. disabling in general depends on site policies.

It just looks like something on that machine is issuing SNMP traffic when it shouldn't.

Maybe that might be the best route, as I know I don't use it for anything specifically. Just wish I knew if webmin needed it for sure or not, as webmin is a huge help to me so i'd hate to break that.