Category Archives: Uncategorized

Find all log files in various directories and grep them….

My central syslog server creates a folder hierarchy as follows:

/data/logs/[system name]/month/day.log

Sometime I need to grep multiple logs across several specific devices.  Using find, grep and xargs we can accomplish this as follows:

find *server* -type f | grep 08/03.log | xargs grep interesting_traffic

The above will return a list of all the files within any folder containing the phrase `server`, then it filters out the logs for the date 08/03 and lastly it greps them for the phrase `interesting_traffic`.  Easy!

Ubuntu 9.04 Snmpd filling up /var/log/messages and sending excessive syslog

I recently upgraded to Ubuntu 9.04 and found that snmpd was going overboard with the amount of syslog messages it was sending to my syslog server.

Example:

May 22 12:49:55 Server snmpd[4386]: Connection from UDP: [10.1.1.1]:58410
May 22 12:49:55 Server snmpd[4386]: Connection from UDP: [10.1.1.1]:56401
May 22 12:49:55 Server snmpd[4386]: Connection from UDP: [10.1.1.1]:51123
May 22 12:49:55 Server snmpd[4386]: Connection from UDP: [10.1.1.1]:49181
May 22 12:49:55 Server snmpd[4386]: Connection from UDP: [10.1.1.1]:42994
May 22 12:49:55 Server snmpd[4386]: Connection from UDP: [10.1.1.1]:46429
May 22 12:49:55 Server snmpd[4386]: Connection from UDP: [10.1.1.1]:60154

The fix was to modify the following line in my /etc/default/snmpd file:

Before:
SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 0.0.0.0′

After:
SNMPDOPTS=’-LS4d -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 0.0.0.0′

Once this is done restart snmpd: sudo /etc/init.d/snmpd restart

Enjoy!

Update:

I checked on my Ubuntu 8.04 server (64bit) and saw that I was suffering from the same snmpd logging issue. I saw that this box was too running snmpd v5.4.1. I tried the same fix detailed above but it did not take and snmpd would complain about the options used. I was able to resolve the issue with the followng line in my /etc/default/snmpd :

SNMPDOPTS=’-LS 0-4 d -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 0.0.0.0′

Php-syslog-ng for Ubuntu / Apache2

As I mentioned before I recently replaced my Windows Kiwi Syslog server with syslog-ng for syslog capturing and alerting. It has been running great for the past few months, however it lacks one nice feature of Kiwi and that was a front end GUI for easy viewing. To overcome this I decided to install php-syslog-ng. This app has some nice features, not only does it let you view the current log but you can do historical searches and filters. I have to say Im really pleased with it. Take a look at Openmaniak’s tutorial for more information on how to get it up and running on your box.