LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-26-2014, 04:15 AM   #1
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,676

Rep: Reputation: 47
Stop events like Received SNMP packet(s) from UDP: [1.2.3.4]:59675


On only 2 rhel boxes I have my /var/log/messages file is full of events similar to this

Received SNMP packet(s) from UDP: [1.2.3.4]:59675

Other than blocking the ip in iptables, what other options do I have to stop these if i can't make 1.2.3.4 stop talking to the servers?

Also, not sure if this matters, but i have webmin installed on these servers, not sure if that uses snmp for anything so just throwing it out there. although webmin is on the other servers that don't have this message constantly too.
 
Old 08-26-2014, 07:22 AM   #2
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,655

Rep: Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256
One way would be to check the service creating the message - the SNMP service configuration on RH should provide a notification level.

Another way is to have rsyslog discard it (rsyslog.conf).
 
1 members found this post helpful.
Old 08-26-2014, 08:21 AM   #3
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,676

Original Poster
Rep: Reputation: 47
The service on my machine getting the errors, or the one referenced by IP in the error? My /etc/snmp/snmpd.conf only has a rocommunity, syslocation, and syscontact in it.
I don't have a rsyslog.conf in /etc.
 
Old 08-26-2014, 11:24 AM   #4
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,655

Rep: Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256
The one generating the SNMP message should be the one modified for the service generating it.

The advantage is that you get to detect that something is happening from that machine... the disadvantage occurs when the message has no meaning. Since it appears to have no meaning it may be due to a default configuration that just notifies everything.
 
1 members found this post helpful.
Old 09-02-2014, 09:32 AM   #5
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,676

Original Poster
Rep: Reputation: 47
Yeah, my guess is someone installed something on here, but never configured it so it's just giving me default noise. But I'm still not really sure what I should change based on what's in the one file and not having the other.

Or do you think it's just best to disable SNMP? I don't know if that breaks webmin though.
 
Old 09-02-2014, 06:04 PM   #6
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,655

Rep: Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256
You could do that on that one machine. disabling in general depends on site policies.

It just looks like something on that machine is issuing SNMP traffic when it shouldn't.
 
Old 09-02-2014, 08:49 PM   #7
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,676

Original Poster
Rep: Reputation: 47
Maybe that might be the best route, as I know I don't use it for anything specifically. Just wish I knew if webmin needed it for sure or not, as webmin is a huge help to me so i'd hate to break that.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
20KB UDP message is not properly received zvivered Red Hat 1 05-26-2012 12:28 PM
status of UDP received buffers jkeertir Linux - Newbie 2 01-23-2011 08:42 PM
received UDP packet length sasubillis Linux - Software 1 02-12-2010 08:57 AM
how to get source physical address of received udp datagrams? lyeoh Linux - Networking 0 05-31-2006 06:35 AM
How To Stop a UDP Packet Flood ! murder Linux - Newbie 2 09-19-2005 11:14 AM


All times are GMT -5. The time now is 03:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration