I installed zabbix 1.0 in my Linux environment. It was running fine until I saw the log files which were increasing exponentially in size, due to the messages generated by zabbix in /var/log directory. In this directory three files were affected namely /var/log/auth.all, /var/log/messeges and /var/log/mail.

Partial log file contents are pasted below :

/var/log/auth.all :

Jul 6 09:26:50 bwga092 sshd[14163]: fatal: Read from socket failed: Broken pipe
Jul 6 09:26:52 bwga092 popper[14165]: connect from 127.0.0.1 (127.0.0.1)
Jul 6 09:26:52 bwga092 popper[14165]: error: cannot execute /usr/sbin/popper: No such file or directory
Jul 6 09:27:34 bwga092 proftpd[14176]: connect from 127.0.0.1 (127.0.0.1)
Jul 6 09:28:12 bwga092 sshd[14180]: fatal: Read from socket failed: Broken pipe

/var/log/messages :

Jul 6 09:27:34 bwga092 proftpd[14176]: bwga092.ts.siemens.de (localhost[127.0.0.1]) - FTP session closed.
Jul 6 09:28:41 bwga092 proftpd[14201]: bwga092.ts.siemens.de (localhost[127.0.0.1]) - FTP session closed.
Jul 6 09:29:46 bwga092 proftpd[14217]: bwga092.ts.siemens.de (localhost[127.0.0.1]) - FTP session closed.

/var/log/mail :

Jul 6 09:26:51 bwga092 sendmail[14164]: NOQUEUE: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 6 09:28:13 bwga092 sendmail[14181]: NOQUEUE: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 6 09:29:23 bwga092 sendmail[14211]: NOQUEUE: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA


Please let me know , what should I do, so that I can stop these messages from going into above mentioned files.

As u can see every 2 minute one message is getting added in all three files. Due to which size of the files are increasing.

Where I am doing wrong...I am unable to trace till date...any hint will be highly appreciated.

Thanks,
Rajeev Tomar

These log entries are not from zabbix... ?

Thanks for your reply.

I am pretty sure that these messages are getting logged in above mentioned files because of Zabbix agent. I am saying this because when I am starting zabbix_agentd ...these messages are getting logged and the moment, I stop it. It is stopped.

I could fine, solution for one problem out of three mentioned files:

As you can see FTP seession closed is getting logged every minute in /var/log/messages. In the ITEM section from front end...I updated the parameter value of "Update interval (in sec)" to 300 from 60 Seconds. And this message start appearing after every 5 minutess in place of 1 minute..

So this is resolved. I posted this , so that In future it may help others.

But , Still if somebody has any clue for the rest two ...please let me know.

Regards,
Rajeev Tomar

i think what you're seeing is normal behavior from individual applications whenever the zabbix agent does its checks. if i understand correctly, you don't want to log messages that were caused by the zabbix agent. i don't see how this is possible, since the individual applications dont know anything about zabbix. they just see another connection attempt and log it as such.

As the above poster said, we're assuming a lot.
But if he's correct perhaps you could configure your syslog deamon (syslog-ng I hope) to not log connections from localhost?

Sorry for late response...I was away on holiday.

I am working on this problem and will update you guys at the earlieast.

Thanks, Rajeev

Greetings,

Gyratedotorg is correct. This is normal behavior when you are attempting to test services.

Zabbix tests these services by making a connection, and if sucessful, closing the connection. What you are seeing in your logs is that Zabbix agent, based on your configuration, is polling these services.

My first thoughts are that you might want to change the periodicity of the checks from 30 - 60 to around 5 minutes for things like ftp, sendmail and your pop mail daemon. You can leave them there of course, but you will have to customize your logging system to filter out these checks as Elkor suggested.

Thanks for the reponse. Yes, you are right , we will have to configure zabbix in such a manner so that , we dont see too many logs.

Regards, Rajeev