/var/log/messages 不写入直接输出在控制台

问题1现象: snmp的日志信息不写入/var/log/messages 直接输出在控制台(不停的刷),类似信息如下


Feb 27 15:20:02 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:52503

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:47345

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:47345

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:47345

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:40172

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:40172

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:40172

Feb 27 15:21:01 shanghai-www1 last message repeated 3 times

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:57822

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:57822


解决思路和方法:

1.查看syslog 进程是否存在

[root@shanghai-www1 ~]# ps -ef|grep syslog

root      5713  4892  0 15:19 pts/1    00:00:00 grep syslog

2.再次确认syslog 服务状态

[root@shanghai-www1 ~]# service syslog status

syslogd is stopped

klogd is stopped

3. 启动syslog服务

[root@shanghai-www1 ~]# service syslog restart

Shutting down kernel logger:                               [FAILED]

Shutting down system logger:                               [FAILED]

Starting system logger:                                    [  OK  ]

Starting kernel logger:                                    [  OK  ]

4.检查是否恢复

[root@shanghai-www1 ~]# tailf /var/log/messages

Feb 27 15:20:02 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:52503

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:47345

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:47345

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:47345

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:40172

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:40172

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:40172

Feb 27 15:21:01 shanghai-www1 last message repeated 3 times

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:57822

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:57822


此问题参考:http://www.linuxdiyf.com/viewarticle.php?id=56007

wKiom1Mm-7TzApNMAATc2g-l_Cs817.jpg


问题2现象:/var/log/messages 中收到大量无用的 snmp udp 信息

原因:snmp日志 信息级别太低

解决思路和方法:

思路:查看/etc/init.d/snmpd 启动脚本


#!/bin/bash

# ucd-snmp init file for snmpd

#

# chkconfig: - 50 50

# description: Simple Network Management Protocol (SNMP) Daemon

#

# processname: /usr/sbin/snmpd

# config: /etc/snmp/snmpd.conf

# config: /usr/share/snmp/snmpd.conf

# pidfile: /var/run/snmpd


# source function library

. /etc/init.d/functions


OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"  #(note:此处OPTIONS为声明的变量)

if [ -e /etc/sysconfig/snmpd.options ]; then

 . /etc/sysconfig/snmpd.options

fi

# (由此可知/etc/sysconfig/snmpd.options 比OPTIONS 级别高)

RETVAL=0

prog="snmpd"


start() {

       echo -n $"Starting $prog: "

       if [ $UID -ne 0 ]; then

               RETVAL=1

               failure

       else    

               daemon /usr/sbin/snmpd $OPTIONS      #(此处调用上面定义的OPTIONS变量)

               RETVAL=$?

               [ $RETVAL -eq 0 ] && touch /var/lock/subsys/snmpd

       fi;    

       echo    

       return $RETVAL

}




1.修改snmpd 启动脚本或者/etc/sysconfig/snmpd.options

#vi /etc/init.d/snmpd

修改 OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a" 为

OPTIONS="-LS0-3d -Lf /dev/null  -p /var/run/snmpd.pid"

或者echo "OPTIONS=\"-LS0-3d -Lf /dev/null -p /var/run/snmpd.pid\"" >> /etc/sysconfig/snmpd.options(推荐)


2.重启snmp 服务

#/etc/init.d/snmpd restart


3.snmpd  参数详解

#snmpd --help

-a log addresses

-A  append to the logfile rather than truncating it  #追加到日志文件,而不是截断

-c           FILE[,...]read FILE(s) as configuration file(s)    #指定配置文件

-Cdo not read the default configuration files      #不适用默认的配置文件

-ddump sent and received SNMP packets         #备份发送/接受的SNMP包

-D TOKEN[,...]turn on debugging output for the given TOKEN(s)

 (try ALL for extremely verbose output)

-fdo not fork from the shell                      

-g GIDchange to this numeric gid after opening

 transport endpoints

 -h, --helpdisplay this usage message

 -Hdisplay configuration file directives understood

 -I [-]INITLISTlist of mib modules to initialize (or not)

 (run snmpd with -Dmib_init for a list)

 -L <LOGOPTS>toggle options controlling where to log to

e:           log to standard error         #-Le 日志到标准错误输出

o:           log to standard output      #-Lo 日志到标准输出

n:           don't log at all                   #-Ln 不记录日志

f file:      log to the specified file        #-Lf 日志记录在指定的文件中。

s facility:  log to syslog (via the specified facility)    #-Ls  日志写syslog 即/var/log/messages


(variants)

[EON] pri:   log to standard error, output or /dev/null for level 'pri' and above

[EON] p1-p2: log to standard error, output or /dev/null for levels 'p1' to 'p2'

[FS] pri token:    log to file/syslog for level 'pri' and above

[FS] p1-p2 token:  log to file/syslog for levels 'p1' to 'p2'

 -m MIBLISTuse MIBLIST instead of the default MIB list

 -M DIRLISTuse DIRLIST as the list of locations

 to look for MIBs

 -p FILEstore process id in FILE

 -qprint information in a more parsable format

 -rdo not exit if files only accessible to root

 cannot be opened

 -u UIDchange to this uid (numeric or textual) after

 opening transport endpoints

 -v, --versiondisplay version information

 -Vverbose display

 -x ADDRESSuse ADDRESS as AgentX address

 -Xrun as an AgentX subagent rather than as an

 SNMP master agent


Deprecated options:

 -l FILEuse -Lf <FILE> instead

 -Puse -p instead

 -suse -Lsd instead

 -S d|i|0-7use -Ls <facility> instead


snmpd 日志等级的定义:

0或! -- LOG_EMERG,

1或a -- LOG_ALERT,

2或c -- LOG_CRIT,

3或e -- LOG_ERR,

4或w -- LOG_WARNING,

5或n -- LOG_NOTICE,

6或i -- LOG_INFO,and

7或d -- LOG_DEBUG,


PS:此2种方法均可大大减少无用的SNMP的信息写入/var/log/messages ,但也不是完全靠谱 有时SNMP 重启的信息也是不能被完全写进日志。


你可能感兴趣的:(日志级别,syslog,snmpd)