linux 日志 不打印 参数,/var/log/messages 不写入直接输出在控制台

问题1现象: snmp的日志信息不写入/var/log/messages 直接输出在控制台(不停的刷)，类似信息如下

Feb 27 15:20:02 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:52503

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:47345

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:47345

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:47345

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:40172

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:40172

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:40172

Feb 27 15:21:01 shanghai-www1 last message repeated 3 times

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:57822

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:57822

解决思路和方法：

1.查看syslog 进程是否存在

[root@shanghai-www1 ~]# ps -ef|grep syslog

root      5713  4892  0 15:19 pts/1    00:00:00 grep syslog

2.再次确认syslog 服务状态

[root@shanghai-www1 ~]# service syslog status

syslogd is stopped

klogd is stopped

3. 启动syslog服务

[root@shanghai-www1 ~]# service syslog restart

Shutting down kernel logger:                               [FAILED]

Shutting down system logger:                               [FAILED]

Starting system logger:                                    [  OK  ]

Starting kernel logger:                                    [  OK  ]

4.检查是否恢复

[root@shanghai-www1 ~]# tailf /var/log/messages

Feb 27 15:20:02 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:52503

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:47345

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:47345

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:47345

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:40172

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:40172

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:40172

Feb 27 15:21:01 shanghai-www1 last message repeated 3 times

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Connection from UDP: [10.5.10.100]:57822

Feb 27 15:21:01 shanghai-www1 snmpd[5197]: Received SNMP packet(s) from UDP: [10.5.10.100]:57822

问题2现象：/var/log/messages 中收到大量无用的 snmp udp 信息

原因：snmp日志 信息级别太低

解决思路和方法：

思路：查看/etc/init.d/snmpd 启动脚本

#!/bin/bash

# ucd-snmp init file for snmpd

#

# chkconfig: - 50 50

# description: Simple Network Management Protocol (SNMP) Daemon

#

# processname: /usr/sbin/snmpd

# config: /etc/snmp/snmpd.conf

# config: /usr/share/snmp/snmpd.conf

# pidfile: /var/run/snmpd

# source function library

. /etc/init.d/functions

OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"  #(note:此处OPTIONS为声明的变量)

if [ -e /etc/sysconfig/snmpd.options ]; then

. /etc/sysconfig/snmpd.options

fi

# (由此可知/etc/sysconfig/snmpd.options 比OPTIONS 级别高)

RETVAL=0

prog="snmpd"

start() {

echo -n $"Starting $prog: "

if [ $UID -ne 0 ]; then

RETVAL=1

failure

else

daemon /usr/sbin/snmpd $OPTIONS      #(此处调用上面定义的OPTIONS变量)

RETVAL=$?

[ $RETVAL -eq 0 ] && touch /var/lock/subsys/snmpd

fi;

echo

return $RETVAL

}

1.修改snmpd 启动脚本或者/etc/sysconfig/snmpd.options

#vi /etc/init.d/snmpd

修改 OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a" 为

OPTIONS="-LS0-3d -Lf /dev/null  -p /var/run/snmpd.pid"

或者echo "OPTIONS=\"-LS0-3d -Lf /dev/null -p /var/run/snmpd.pid\"" >> /etc/sysconfig/snmpd.options(推荐)

2.重启snmp 服务

#/etc/init.d/snmpd restart

3.snmpd  参数详解

#snmpd --help

-a log addresses

-A  append to the logfile rather than truncating it  #追加到日志文件，而不是截断

-c           FILE[,...]read FILE(s) as configuration file(s)    #指定配置文件

-Cdo not read the default configuration files      #不适用默认的配置文件

-ddump sent and received SNMP packets         #备份发送/接受的SNMP包

-D TOKEN[,...]turn on debugging output for the given TOKEN(s)

(try ALL for extremely verbose output)

-fdo not fork from the shell

-g GIDchange to this numeric gid after opening

transport endpoints

-h, --helpdisplay this usage message

-Hdisplay configuration file directives understood

-I [-]INITLISTlist of mib modules to initialize (or not)

(run snmpd with -Dmib_init for a list)

-L toggle options controlling where to log to

e:           log to standard error         #-Le 日志到标准错误输出

o:           log to standard output      #-Lo 日志到标准输出

n:           don't log at all                   #-Ln 不记录日志

f file:      log to the specified file        #-Lf 日志记录在指定的文件中。

s facility:  log to syslog (via the specified facility)    #-Ls  日志写syslog 即/var/log/messages

(variants)

[EON] pri:   log to standard error, output or /dev/null for level 'pri' and above

[EON] p1-p2: log to standard error, output or /dev/null for levels 'p1' to 'p2'

[FS] pri token:    log to file/syslog for level 'pri' and above

[FS] p1-p2 token:  log to file/syslog for levels 'p1' to 'p2'

-m MIBLISTuse MIBLIST instead of the default MIB list

-M DIRLISTuse DIRLIST as the list of locations

to look for MIBs

-p FILEstore process id in FILE

-qprint information in a more parsable format

-rdo not exit if files only accessible to root

cannot be opened

-u UIDchange to this uid (numeric or textual) after

opening transport endpoints

-v, --versiondisplay version information

-Vverbose display

-x ADDRESSuse ADDRESS as AgentX address

-Xrun as an AgentX subagent rather than as an

SNMP master agent

Deprecated options:

-l FILEuse -Lf instead

-Puse -p instead

-suse -Lsd instead

-S d|i|0-7use -Ls instead

snmpd 日志等级的定义：

0或！ -- LOG_EMERG,

1或a -- LOG_ALERT,

2或c -- LOG_CRIT,

3或e -- LOG_ERR,

4或w -- LOG_WARNING,

5或n -- LOG_NOTICE,

6或i -- LOG_INFO,and

7或d -- LOG_DEBUG,

PS:此2种方法均可大大减少无用的SNMP的信息写入/var/log/messages ，但也不是完全靠谱 有时SNMP 重启的信息也是不能被完全写进日志。