Centralizing logs is important as soon you have more than 2 servers. In my environment the bare metal is monitored with Net-SNMP and my services are deployed as containers with Docker. All system logs are sent to a Graylog2 instance and I quickly noticed a few ugly entries caused by snmpd.

Cannot statfs /run/docker/netns/...: Permission denied

You will notice a few of them. First approach try to increase the logging level in /etc/default/snmpd from SNMP daemon with

SNMPDOPTS='-Ls3d -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid'

The man page from Net-SNMP described the logging and I've increased with -Ls3d the level to "Error" instead of "Warning", but it didn't help. I researched in the web and found this topic in Red Hats Bugzilla.

It turns out snmpd is reading /proc/mount and runs statfs and logs an error. One of the authors in the comment section found a solution to use rsyslog filtering this type of message with:

if $programname == 'snmpd' and $msg contains 'statfs' then {
    stop
}

The result is now a much cleaner log with less garbage.

Happy Logging

comments powered by Disqus

OUCE 2013 Lab Setup

System Ubuntu 12.10 Language: English Keyboard Layout: English Login: opennms Pass: ouce2013 Admins toolbox sudo -s apt-get install openss…… Continue reading

Docker Shell Corner Case

Published on January 18, 2017

Monitoring DevOps and the Status Quo

Published on March 09, 2017