On Friday 09 November 2001 6:39 am, Colin Jenkins wrote: > Hi all, > Just had a problem when reebooting (lm8) > lots of failures including X. > did a du and found my drive was full... it turned out to be a 1.5G log > file in /var/log/samba .. the file was logging my sons win98 box. > I deleted the file and managed to boot up ok, except I seem to have > lost kde and gnome (only have ice now) > when I checked the log file had been recreated (log.elendil.old) and > was rapidly growing. I deleted it a few times and things seem to have > settled down... then I noticed 2 other log file for unknown user > ..log.james and log .elite3 > does this sound like an intruder or some other problem? >
I can't comment on an intruder, but your samba file should never get that large. By default a cron job runs once a day which will start logrotate Logrotate will compress and archive all the logs, and delete old archives. This is obviously not working in your computer. You can test logrotate with 'logrotate -v /etc/logrotate.conf' There is a config file for samba in /etc/logrotate.d You can set maximum file sizes for any log, and how many archives are kept. I had trouble with it because my syslog appeared in the config file twice and that caused it to never execute. If you are worried about intruders I recommend portsentry which will log all suspicious activity in the log, and another application called logcheck which will go through the logs each day and send you an email of anything suspicious. Both applications are on Sourceforge I think. Derek > > > > ================================================================ > Colin Jenkins > ICQ: 650611 registered linux user 223862 > If you can keep your head when all about you are losing theirs, obviously > you have no conception of the magnitude of the problem. > ================================================================
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
