歡迎您光臨本站 註冊首頁
開源互助社區>文檔>運維技術

[求助]一個奇怪的系統日誌,請教高手!

←手機掃碼閱讀     火星人 @ 2014-03-05 , reply:0

[求助]一個奇怪的系統日誌,請教高手!

系統環境:Redhat Advanced Server 4.0
服務設置:Bind(系統自帶的)\Merak Mail Server\Samba
日誌內容:cat /var/log/messages |less

這裡面有95%內容都是一樣的出錯信息
Dec 19 13:50:41 Server03 avgscan: connection accepted from unix socket
Dec 19 13:50:41 Server03 avgscan: connection lost
Dec 19 13:50:41 Server03 avgscan: connection accepted from unix socket
Dec 19 13:50:41 Server03 avgscan: connection lost
Dec 19 13:50:41 Server03 avgscan: connection accepted from unix socket
Dec 19 13:50:41 Server03 avgscan: connection lost
Dec 19 13:51:11 Server03 avgscan: connection accepted from unix socket
Dec 19 13:51:11 Server03 avgscan: connection lost
Dec 19 13:51:11 Server03 avgscan: connection accepted from unix socket
Dec 19 13:51:11 Server03 avgscan: connection lost
Dec 19 13:51:21 Server03 avgscan: connection accepted from unix socket
Dec 19 13:51:21 Server03 avgscan: connection lost
Dec 19 13:51:21 Server03 avgscan: connection accepted from unix socket
Dec 19 13:51:21 Server03 avgscan: connection lost
Dec 19 13:51:51 Server03 snmpd: Received SNMP packet(s) from 192.168.203.104
Dec 19 13:51:51 Server03 kernel: audit(1166507511.341:0): avc:  denied  { read append } for  pid=8198 exe=/usr/sbin/snmpd name=snmpd.log dev=dm-3 ino=55418 scontext=system_u:system_r:snmpd_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 19 13:52:02 Server03 avgscan: connection accepted from unix socket
Dec 19 13:52:02 Server03 avgscan: connection lost
Dec 19 13:52:02 Server03 avgscan: connection accepted from unix socket
Dec 19 13:52:02 Server03 avgscan: connection lost
Dec 19 13:52:02 Server03 avgscan: connection accepted from unix socket
Dec 19 13:52:02 Server03 avgscan: connection accepted from unix socket
Dec 19 13:52:02 Server03 avgscan: connection lost
Dec 19 13:52:02 Server03 avgscan: connection lost
Dec 19 13:52:02 Server03 avgscan: connection accepted from unix socket
Dec 19 13:52:02 Server03 avgscan: connection accepted from unix socket
Dec 19 13:52:02 Server03 avgscan: connection lost
Dec 19 13:52:02 Server03 avgscan: connection accepted from unix socket
Dec 19 13:52:02 Server03 avgscan: connection lost
Dec 19 13:52:02 Server03 avgscan: connection accepted from unix socket
Dec 19 13:52:02 Server03 avgscan: connection lost
Dec 19 13:52:02 Server03 avgscan: connection accepted from unix socket
Dec 19 13:52:02 Server03 avgscan: connection lost
Dec 19 13:52:02 Server03 avgscan: connection lost
Dec 19 13:52:02 Server03 avgscan: connection accepted from unix socket
Dec 19 13:52:02 Server03 avgscan: connection accepted from unix socket
Dec 19 13:52:02 Server03 avgscan: connection lost
Dec 19 13:52:02 Server03 avgscan: connection lost
Dec 19 13:52:02 Server03 avgscan: connection accepted from unix socket
Dec 19 13:52:02 Server03 avgscan: connection lost
Dec 19 13:52:08 Server03 snmpd: Received SNMP packet(s) from 192.168.203.104
Dec 19 13:52:08 Server03 kernel: audit(1166507528.125:0): avc:  denied  { read append } for  pid=8198 exe=/usr/sbin/snmpd name=snmpd.log dev=dm-3 ino=55418 scontext=system_u:system_r:snmpd_t tcontext=user_u:object_r:var_log_t tclass=file
Dec 19 13:52:33 Server03 avgscan: connection accepted from unix socket
Dec 19 13:52:33 Server03 avgscan: connection lost
Dec 19 13:52:33 Server03 avgscan: connection accepted from unix socket
Dec 19 13:52:33 Server03 avgscan: connection lost
Dec 19 13:53:26 Server03 avgscan: connection accepted from unix socket
Dec 19 13:53:26 Server03 avgscan: connection lost
Dec 19 13:53:26 Server03 avgscan: connection accepted from unix socket
Dec 19 13:53:26 Server03 avgscan: connection lost

......

這些內容反覆在messages文件中出現,幾乎佔據了95%的內容。

最近發現郵件伺服器向某些域名發送郵件的時候出現這樣的錯誤情況,而且這種情況越來越多。
以下就是其中一個郵件投遞錯誤信息,其他的郵件發不出的日誌是一模一樣的。

SYSTEM          13:26:27 Client session Message id WJD61527 item 200612181511271754.tm$
SYSTEM          13:26:27 Client session DNS query 'niit.com.cn' 0 (1)
SYSTEM          13:26:27 Client session Connecting to 'mail.niit.com.cn'
202.109.110.87   13:26:27 Client session Connected
202.109.110.87   13:26:27 Client session <<< 220 ESMTP on WinWebMail ready.  http://www.winwebmail.com
202.109.110.87   13:26:27 Client session >>> EHLO server03.lqcentury.com.cn
202.109.110.87   13:26:27 Client session <<< 250 AUTH LOGIN
202.109.110.87   13:26:27 Client session >>> STARTTLS
202.109.110.87   13:26:27 Client session <<< 220 Go ahead
SYSTEM          13:26:27 Client session SSL: Not verified (20) - proceed anyway
202.109.110.87   13:26:27 Client session >>> EHLO server03.lqcentury.com.cn
202.109.110.87   13:26:27 Client session <<< 250 AUTH LOGIN
202.109.110.87   13:26:27 Client session >>> MAIL From:<wei.shengnan@lqcentury> SIZE=38668
202.109.110.87   13:26:27 Client session <<< 250 OK
202.109.110.87   13:26:27 Client session >>> RCPT To:<david.zxx@niit.com.cn>
202.109.110.87   13:26:27 Client session <<< 250 OK, recipient accepted
202.109.110.87   13:26:27 Client session >>> DATA
202.109.110.87   13:26:27 Client session <<< 354 Send checkpointed message, ending in CRLF.CRLF
SYSTEM          13:26:27 Client session Disconnected

請各位前輩高手們幫我分析一下,小弟萬分感激!

[火星人 ] [求助]一個奇怪的系統日誌,請教高手!已經有319次圍觀

http://coctec.com/docs/service/show-post-43008.html

熱門文章

  1. sed當中使用變數替換以及執行外部命令
  2. 英特爾的VT-x、VT-d、VT-c技術概述
  3. NXDomain指的是什麼意思?
  4. CACTI不能顯示圖像,rra下沒有文件!許可權,PATH,snmpwalk沒問題
  5. VPN技術討論——IPsec VPN與SSL VPN的比較。
  6. vsftp的問題500 OOPS: unrecognised variable in config file: cal_root
  7. openldap 很慢問題
  8. 為何htpasswd命令不能用
  9. tomcat的CLOSE_WAIT是怎麼回事
  10. 開源資產管理軟體—OCS-NG

最新文章

  1. 如何使用DMA66的硬碟
  2. 網卡設置指南
  3. Linux下新手裝網卡指南
  4. 設置串列埠和數據機
  5. 如何在Linux上使用HAProxy配置HTTP負載均衡系統
  6. 解決 502 bad gateway
  7. 配置mysql5.5主從伺服器
  8. Mongodb中關於GUID的顯示問題詳析
  9. Openssl實現雙向認證教程(附服務端客戶端程式碼)
  10. JVM執行時資料區劃分原理詳解