I dont know if this has been brought up before but the log files
seem to be messed up. The information that it is spitting out is not
very usefull. I liked better when you could tell when someone was trying
to telnet, ftp, etc to your boxen. Here is a list of my log fles with
the type of logs its keeping:
[root@yojimbo log]# ls -al
total 16676
drwxr-xr-x 7 root root 4096 Jan 17 15:19 .
drwxr-xr-x 18 root root 4096 Jan 16 14:10 ..
-rw------- 1 root root 10177 Jan 17 15:16 boot.log
-rw------- 1 root root 36495 Jan 19 14:30 cron
-rw-r--r-- 1 root root 2671 Jan 16 14:25 dmesg
drwxr-sr-x 2 root root 4096 Jan 12 22:35 flexbackup
drwxr-xr-x 2 root root 4096 Jan 16 12:48 httpd
-rw-r--r-- 1 root root 1460584 Jan 19 14:34 lastlog
-rw------- 1 root root 27483 Jan 19 00:31 maillog
-rw------- 1 root root 16700870 Jan 19 14:35 messages
-rw-rw-rw- 1 mysql mysql 161755 Jan 19 00:31 mysqld.log
drwx--S--- 2 qmaill nofiles 4096 Jan 16 14:31 qmail
drwx------ 2 root root 4096 Jan 16 14:31 samba
-rw------- 1 root root 28641 Jan 19 00:31 secure
-rw------- 1 root root 0 Jan 16 14:06 spooler
drwxr-x--- 2 squid squid 4096 Jan 16 14:31 squid
-rw-rw-r-- 1 root utmp 9984 Jan 19 14:34 wtmp
If I am reading that right does that not say that the messages are 16
megs already ? This is only after its been up for 3 days.
[root@yojimbo log]# tail messages
Jan 19 16:40:50 yojimbo kernel: Packet log: denylog DENY eth1 PROTO=1
10.10.1.11:10 255.255.255.255:0 L=28 S=0x00 I=33600 F=0x0000 T=64 (#1)
Jan 19 16:40:51 yojimbo kernel: Packet log: denylog DENY eth1 PROTO=17
24.1.214.194:631 24.1.215.255:631 L=142 S=0x00 I=0 F=0x4000 T=64 (#1)
Jan 19 16:40:55 yojimbo kernel: Packet log: denylog DENY eth1 PROTO=1
24.1.212.200:10 224.0.0.2:0 L=28 S=0x00 I=4 F=0x0000 T=128 (#1)
Jan 19 16:40:57 yojimbo kernel: Packet log: denylog DENY eth1 PROTO=1
24.1.212.200:10 224.0.0.2:0 L=28 S=0x00 I=13 F=0x0000 T=128 (#1)
Jan 19 16:41:00 yojimbo kernel: Packet log: denylog DENY eth1 PROTO=1
24.1.212.200:10 224.0.0.2:0 L=28 S=0x00 I=17 F=0x0000 T=128 (#1)
Jan 19 16:41:07 yojimbo kernel: Packet log: denylog DENY eth1 PROTO=17
24.15.53.199:513 24.15.53.255:513 L=88 S=0x00 I=19435 F=0x0000 T=64 (#1)
Jan 19 16:41:22 yojimbo kernel: Packet log: denylog DENY eth1 PROTO=17
24.1.214.194:631 24.1.215.255:631 L=142 S=0x00 I=0 F=0x4000 T=64 (#1)
Jan 19 16:41:33 yojimbo kernel: Packet log: denylog DENY eth1 PROTO=17
24.1.208.33:67 24.1.215.255:68 L=328 S=0x00 I=15374 F=0x0000 T=60 (#1)
Jan 19 16:41:33 yojimbo kernel: Packet log: denylog DENY eth1 PROTO=17
24.1.208.34:67 24.1.215.255:68 L=328 S=0x00 I=34527 F=0x0000 T=60 (#1)
Jan 19 16:41:40 yojimbo kernel: Packet log: denylog DENY eth1 PROTO=17
24.1.213.106:513 24.1.255.255:513 L=88 S=0x00 I=39614 F=0x0000 T=64 (#1)
Its loggin these by the seconds.
[root@yojimbo log]# tail secure
Jan 19 02:21:29 yojimbo xinetd[4816]: USERID: imap OTHER :www
Jan 19 02:21:29 yojimbo xinetd[795]: EXIT: imap pid=4816 duration=0(sec)
Jan 19 02:26:30 yojimbo xinetd[795]: START: imap pid=4818 from=192.168.1.1
Jan 19 02:26:30 yojimbo xinetd[795]: START: auth pid=4819 from=192.168.1.1
Jan 19 02:26:30 yojimbo xinetd[4818]: USERID: imap OTHER :www
Jan 19 02:26:30 yojimbo xinetd[795]: EXIT: imap pid=4818 duration=0(sec)
Jan 19 02:31:31 yojimbo xinetd[795]: START: imap pid=4822 from=192.168.1.1
Jan 19 02:31:31 yojimbo xinetd[795]: START: auth pid=4823 from=192.168.1.1
Jan 19 02:31:31 yojimbo xinetd[4822]: USERID: imap OTHER :www
Jan 19 02:31:31 yojimbo xinetd[795]: EXIT: imap pid=4822 duration=0(sec)
Again I dont know what this log info is but it doesnt look to important.
Also I was wondering what the file lastlog was for?
Sorry if this has been covered already. I looked but didnt see it on the
beta3 update page.
Thank You
P-K