Default snmp to less verbose logging

Currently we just use what puppet-snmp provides in terms of defaults. This means that currently every single snmp query gets logged with the following: May 15 10:51:30 centos.localdomain snmpd[5159]: Connection from UDP: [127.0.0.1]:57799->[127.0.0.1]:161 May 15 10:51:30 centos.localdomain snmpd[5159]: Connection from UDP: [127.0.0.1]:57799->[127.0.0.1]:161 May 15 10:51:32 centos.localdomain snmpd[5159]: Connection from UDP: [127.0.0.1]:50566->[127.0.0.1]:161 The reason is that we use '-LS0-6d' as the default content for /etc/sysconfig/snmpd: https://github.com/razorsedge/puppet-snmp/blob/master/manifests/params.pp#L322 This default means that we are logging from 0 (LOG_EMERG) to 6 (LOG_INFO). The above messages bring nothing in a default installation and only spam the log files, so let's lower the upper log level to 5 (LOG_NOTICE) by default, so we properly do not see every single query in the logs. We add an option so the operator can still configure the desired log level via a Heat parameter. Change-Id: I8d3dfdb4d549cd27131346fc477755ad72313449
2017-05-15 11:03:53 +02:00 · 2017-05-15 11:03:53 +02:00 · c634f4eb18
parent 16cae1759f
commit c634f4eb18
2 changed files with 11 additions and 0 deletions
--- a/puppet/services/snmp.yaml
+++ b/puppet/services/snmp.yaml
@ -40,6 +40,10 @@ parameters:
    description: An array of bind host addresses on which SNMP daemon will listen.
    type: comma_delimited_list
    default: ['udp:161','udp6:[::1]:161']
+  SnmpdOptions:
+    description: A string containing the commandline options passed to snmpd
+    type: string
+    default: '-LS0-5d'

 outputs:
  role_data:
@ -50,6 +54,7 @@ outputs:
        tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName}
        tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword}
        snmp::agentaddress: {get_param: SnmpdBindHost}
+        snmp::snmpd_options: {get_param: SnmpdOptions}
        tripleo.snmp.firewall_rules:
          '127 snmp':
            dport: 161
--- a/releasenotes/notes/configurable-snmpd-options-3954c5858e2c7656.yaml
+++ b/releasenotes/notes/configurable-snmpd-options-3954c5858e2c7656.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Per default, don't log a message in syslog for each incoming SNMP query.
+    So set the default log level to '-LS0-5d'. Allow the operator to customize
+    the log level via a parameter.