问题1现象: snmp的日志信息不写入/var/log/messages 直接输出在控制台(不停的刷),类似信息如下
Feb 27 15:20:02 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:52503
Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:47345
Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:47345
Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:47345
Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:40172
Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:40172
Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:40172
Feb 27 15:21:01 shanghai-www1 last message repeated 3 times
Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:57822
Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:57822
解决思路和方法:
1.查看syslog 进程是否存在
[root@shanghai-www1 ~]# ps -ef|grep syslog
root 5713 4892 0 15:19 pts/1 00:00:00 grep syslog
2.再次确认syslog 服务状态
[root@shanghai-www1 ~]# service syslog status
syslogd is stopped
klogd is stopped
3. 启动syslog服务
[root@shanghai-www1 ~]# service syslog restart
Shutting down kernel logger: [FAILED]
Shutting down system logger: [FAILED]
Starting system logger: [ OK ]
Starting kernel logger: [ OK ]
4.检查是否恢复
[root@shanghai-www1 ~]# tailf /var/log/messages
Feb 27 15:20:02 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:52503
Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:47345
Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:47345
Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:47345
Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:40172
Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:40172
Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:40172
Feb 27 15:21:01 shanghai-www1 last message repeated 3 times
Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:57822
Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:57822
此问题参考:http://www.linuxdiyf.com/viewarticle.php?id=56007
问题2现象:/var/log/messages 中收到大量无用的 snmp udp 信息
原因:snmp日志 信息级别太低
解决思路和方法:
思路:查看/etc/init.d/snmpd 启动脚本
#!/bin/bash
# ucd-snmp init file for snmpd
#
# chkconfig: - 50 50
# description: Simple Network Management Protocol (SNMP) Daemon
#
# processname: /usr/sbin/snmpd
# config: /etc/snmp/snmpd.conf
# config: /usr/share/snmp/snmpd.conf
# pidfile: /var/run/snmpd
# source function library
. /etc/init.d/functions
OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a" #(note:此处OPTIONS为声明的变量)
if [ -e /etc/sysconfig/snmpd.options ]; then
. /etc/sysconfig/snmpd.options
fi
# (由此可知/etc/sysconfig/snmpd.options 比OPTIONS 级别高)
RETVAL=0
prog="snmpd"
start() {
echo -n $"Starting $prog: "
if [ $UID -ne 0 ]; then
RETVAL=1
failure
else
daemon /usr/sbin/snmpd $OPTIONS #(此处调用上面定义的OPTIONS变量)
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/snmpd
fi;
echo
return $RETVAL
}
1.修改snmpd 启动脚本或者/etc/sysconfig/snmpd.options
#vi /etc/init.d/snmpd
修改 OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a" 为
OPTIONS="-LS0-3d -Lf /dev/null -p /var/run/snmpd.pid"
或者echo "OPTIONS=\"-LS0-3d -Lf /dev/null -p /var/run/snmpd.pid\"" >> /etc/sysconfig/snmpd.options(推荐)
2.重启snmp 服务
#/etc/init.d/snmpd restart
3.snmpd 参数详解
#snmpd --help
-a log addresses
-A append to the logfile rather than truncating it #追加到日志文件,而不是截断
-c FILE[,...]read FILE(s) as configuration file(s) #指定配置文件
-Cdo not read the default configuration files #不适用默认的配置文件
-ddump sent and received SNMP packets #备份发送/接受的SNMP包
-D TOKEN[,...]turn on debugging output for the given TOKEN(s)
(try ALL for extremely verbose output)
-fdo not fork from the shell
-g GIDchange to this numeric gid after opening
transport endpoints
-h, --helpdisplay this usage message
-Hdisplay configuration file directives understood
-I [-]INITLISTlist of mib modules to initialize (or not)
(run snmpd with -Dmib_init for a list)
-L <LOGOPTS>toggle options controlling where to log to
e: log to standard error #-Le 日志到标准错误输出
o: log to standard output #-Lo 日志到标准输出
n: don't log at all #-Ln 不记录日志
f file: log to the specified file #-Lf 日志记录在指定的文件中。
s facility: log to syslog (via the specified facility) #-Ls 日志写syslog 即/var/log/messages
(variants)
[EON] pri: log to standard error, output or /dev/null for level 'pri' and above
[EON] p1-p2: log to standard error, output or /dev/null for levels 'p1' to 'p2'
[FS] pri token: log to file/syslog for level 'pri' and above
[FS] p1-p2 token: log to file/syslog for levels 'p1' to 'p2'
-m MIBLISTuse MIBLIST instead of the default MIB list
-M DIRLISTuse DIRLIST as the list of locations
to look for MIBs
-p FILEstore process id in FILE
-qprint information in a more parsable format
-rdo not exit if files only accessible to root
cannot be opened
-u UIDchange to this uid (numeric or textual) after
opening transport endpoints
-v, --versiondisplay version information
-Vverbose display
-x ADDRESSuse ADDRESS as AgentX address
-Xrun as an AgentX subagent rather than as an
SNMP master agent
Deprecated options:
-l FILEuse -Lf <FILE> instead
-Puse -p instead
-suse -Lsd instead
-S d|i|0-7use -Ls <facility> instead
snmpd 日志等级的定义:
0或! -- LOG_EMERG,
1或a -- LOG_ALERT,
2或c -- LOG_CRIT,
3或e -- LOG_ERR,
4或w -- LOG_WARNING,
5或n -- LOG_NOTICE,
6或i -- LOG_INFO,and
7或d -- LOG_DEBUG,
PS:此2种方法均可大大减少无用的SNMP的信息写入/var/log/messages ,但也不是完全靠谱 有时SNMP 重启的信息也是不能被完全写进日志。