Ernest Byaruhanga wrote:
Ronny wrote the following on 12/20/2005 09:01 AM:
Hello buddies hope you are still in the moods of helping :-) .
Was wondering what on earth can stop syslogd from working.I recall 2
months back was messing around my 'test' machine that happens to be my
desktop too.But of recent I nolonger see new logs :-( .
Hope I wasn't *rooted * ;-)
syslog.conf looks ok, unless:
1. the /var partition is full
2. the /var partition is no longer writable by root (or whoever
user syslog runs as) *very unlikly situation*
so, ronnie, as basic as this might sound, first show us the output
of "df -h" :)
[EMAIL PROTECTED] log]# /usr/sbin/lvmdiskscan
/dev/hda [ 18.65 GB]
/dev/hda1 [ 101.94 MB]
/dev/hda2 [ 18.55 GB] LVM physical volume
1 disk
1 partition
0 LVM physical volume whole disks
1 LVM physical volume
As you can see 1 partion 1 disk :-) .Can the firewall coz
probs?
[EMAIL PROTECTED] log]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
18G 8.4G 8.5G 50% /
/dev/hda1 99M 13M 82M 13% /boot
none 125M 0 125M 0% /dev/shm
Would I be able to send this mail?
:-)
ernesto
See output below
[EMAIL PROTECTED] etc]# cat syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
[EMAIL PROTECTED] etc]#
[EMAIL PROTECTED] log]# cat secure
Oct 10 08:34:25 pixmail userhelper[2819]: running '/sbin/reboot' with
root privileges on behalfof 'root'
Oct 10 08:35:01 pixmail sshd[1927]: Received signal 15; terminating.
[EMAIL PROTECTED] log]#
Interesting! what was terminating what :-) and who gave authority to
that program (userhelper) to reboot on behalf of root!!.Can someone
advise what might have happened to syslog?
Strange but true ------->[EMAIL PROTECTED] log]# /sbin/syslogd
syslogd: Already running.
And nothing much from selinux side
<cough> it's dirsty!!
[EMAIL PROTECTED] log]# /usr/sbin/sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 19
Policy from config file:targeted
Policy booleans:
allow_execmem active
allow_execmod active
allow_execstack active
allow_kerberos inactive
allow_ypbind inactive
dhcpd_disable_trans inactive
httpd_builtin_scripting active
httpd_can_network_connectinactive
httpd_disable_trans inactive
httpd_enable_cgi active
httpd_enable_homedirs active
httpd_ssi_exec active
httpd_tty_comm inactive
httpd_unified active
mysqld_disable_trans inactive
named_disable_trans inactive
named_write_master_zonesinactive
nscd_disable_trans inactive
ntpd_disable_trans inactive
portmap_disable_trans inactive
postgresql_disable_transinactive
read_default_t active
snmpd_disable_trans inactive
squid_connect_any inactive
squid_disable_trans inactive
syslogd_disable_trans inactive
use_nfs_home_dirs inactive
use_samba_home_dirs inactive
winbind_disable_trans inactive
ypbind_disable_trans inactive
[EMAIL PROTECTED] log]#
Thanks for ya time but please need my box surveillance system up during
the holiday.And sorry for coloring it's festive season :-)
Merry-xmas
Ronny
--
*******************************************************************
PGP Fingerprint: 6695 794A B84E D922 88FB 73CC 6CBD 8036 B3CD 7304
We can't become what we need to be by remaining what we are
*******************************************************************
------------------------------------------------------------------------
_______________________________________________
LUG mailing list
[email protected]
http://kym.net/mailman/listinfo/lug
%LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way.
---------------------------------------
_______________________________________________
LUG mailing list
[email protected]
http://kym.net/mailman/listinfo/lug
%LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way.
---------------------------------------
|
_______________________________________________
LUG mailing list
[email protected]
http://kym.net/mailman/listinfo/lug
%LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
The above comments and data are owned by whoever posted them (including
attachments if any). The List's Host is not responsible for them in any way.
---------------------------------------
