> On behalf of Nahum Cohen:
>
> ---------- Forwarded message ---------- Date: Fri, 23 Jan 2004
> 12:37:43 +0200 From: "Cohen, Nahum" <[EMAIL PROTECTED]>
> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Subject: [Haifux]
> "/var/log/messages" question
>
>> Hi,
>>
>> Where can I find information about the error messages in
>> /var/log/messages ?
>>
>> I get all kind of messages and I want to know what they mean. For
>> example: Jan 19 23:38:58 nahum-x telnetd[24258]: ttloop: peer
>> died: EOF Jan 19 23:38:58 nahum-x telnetd[24375]: ttloop: read:
>> Connection reset by peer
>>
>> And this one that is much more to worry about: Jan 21 02:42:57
>> nahum-x kernel: eth0: Too much work in interrupt, status 8401.
>>
>> The reason I'm asking is because from time to time my telnetd is
>> like not responding ... Then I have to run "service xinetd
>> restart" to restart the telnetd.
>>
>> Any information will be appreciate.
>>
>>
>
> --------------------------------------------------------------------------
> Haifa Linux Club Mailing List (http://www.haifux.org) To unsub
> send an empty message to [EMAIL PROTECTED]
>
>
It could be some kind of attack or some network device error, if you
get those messages with a ?onstant periodicity. If you decided to use
a telnet instead of ssh, try to run ( % script_name.sh & ) this little
script. It will write to the file /var/log/ttloop_log the network
connections to your telnetd at the moment of the error event...
#!/bin/sh while :; do tail -0f /var/log/messages | grep -q ttloop; date >> /var/log/ttloop_log; netstat -ntp | grep ':23 ' >> /var/log/ttloop_log; done
Also, you maybe need to check the basic security rules like iptables, xinetd attributes only_from or no_access - restrict an access to telnetd by IP/Submask, access_times 00:00 - 08:00 ... , cps x y - if exceeds x connections per sec, delays for y sec ( default 50 (or 25) 10 ).
I hope it will help ...
- Slava.
-------------------------------------------------------------------------- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]
