Hi William,
Under "file messages" stanza, you can filter them:
match "!(.*
unauthorized SNMP community from x.x.x.x.*)"
Yours sincerely.
Original Message:
Sent: 01-05-2021 17:26
From: Unknown User
Subject: snmpd_auth_failure from x to x
related post
Junos OS
So I was looking at a switch logs I noticed a flood of snmpd[1435]: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from x.x.x.x(publicIP) to (x.x.x.x public IP) (public) note the two public IPs that the failure is logging are not the same and are not the IP of the router. I have a filter in place to block any SNMP requests outside my snmp servers so I'm not sure why the switch is logging these failures as if they are hitting the control plane. The to IP is an IP that is routed through this switch though. No filters are in place to the egress ports for those publicly routable to IP's and they should not be filters because they are networks that whoever is on the other end will filter if they want.
The failures are logging about every 5-10 second so I'd like to ignore these or clean them up so there is not a lot of noise in my logs.
my logging on the switch is as follows
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog host x.x.x.x any notice
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file interface-logs any any
set system syslog file interface-logs match ifOperStatus
This is a EX4550 running 15.1.R7.9