Re: Permission changing for /var/log/httpd
On Fri, Jun 03, 2016 at 08:02:21PM +, Yong Huang wrote: > If logrotate (as Mark suggested) did not do it, you can use > SystemTap to do this sort of things. There are sample scripts on the > Internet that monitor file permission change. > Maybe these >help:https://www.sourceware.org/systemtap/SystemTap_Beginners_Guide/inodewatch2sect.html > > https://lwn.net/Articles/271796/ You can also do this with auditd and auditctl, which is a bit simpler to set up. https://www.redhat.com/archives/linux-audit/2013-September/msg00057.html This is an example. -- Jonathan BillingsCollege of Engineering - CAEN - Unix and Linux Support -- redhat-list mailing list unsubscribe mailto:redhat-list-requ...@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
Re: Permission changing for /var/log/httpd
If logrotate (as Mark suggested) did not do it, you can use SystemTap to do this sort of things. There are sample scripts on the Internet that monitor file permission change. Maybe these help:https://www.sourceware.org/systemtap/SystemTap_Beginners_Guide/inodewatch2sect.html https://lwn.net/Articles/271796/ Yong -- redhat-list mailing list unsubscribe mailto:redhat-list-requ...@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
Re: Permission changing for /var/log/httpd
That was a good guess, but the logrotate setting for httpd says: create 640 root adm The other 3 create lines in /etc/logrotate.d/ are for other log files. Tom Ekberg From: m.r...@5-cent.us To: "General Red Hat Linux discussion list" <redhat-list@redhat.com> Subject: Re: Permission changing for /var/log/httpd Message-ID: <306c4036d45edc3036a876df868edf9b.squir...@host290.hostmonster.com> Content-Type: text/plain;charset=utf-8 Tom Ekberg wrote: I have a non-root cron job that needs to look at files in /var/log/httpd and transfer them (scp) to another host. That user is a member of group adm and I changed the ownership of /var/log/httpd to root:adm and set permissions to 750. This works file as the cron job can read the files. The problem is that once a month some process changes the ownership of this directory to root:root and permissions to 700. I looked at the audit logs and can see this happen but I have no idea what process is doing this. I looked at /etc/cron.monthly and there is only one entry that doesn't appear to cause that. Do you happen to know what process changes the ownership and permission of /var/log/httpd? Mark Added: Possibly the log rotation. mark -- redhat-list mailing list unsubscribe mailto:redhat-list-requ...@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
Re: Permission changing for /var/log/httpd
Tom Ekberg wrote: > I have a non-root cron job that needs to look at files in /var/log/httpd > and transfer them (scp) to another host. That user is a member of group > adm and I changed the ownership of /var/log/httpd to root:adm and set > permissions to 750. This works file as the cron job can read the files. > The problem is that once a month some process changes the ownership of > this directory to root:root and permissions to 700. I looked at the audit > logs and can see this happen but I have no idea what process is doing > this. I looked at /etc/cron.monthly and there is only one entry that > doesn't appear to cause that. Do you happen to know what process changes > the ownership and permission of /var/log/httpd? > Possibly the log rotation. mark -- redhat-list mailing list unsubscribe mailto:redhat-list-requ...@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
Permission changing for /var/log/httpd
I have a non-root cron job that needs to look at files in /var/log/httpd and transfer them (scp) to another host. That user is a member of group adm and I changed the ownership of /var/log/httpd to root:adm and set permissions to 750. This works file as the cron job can read the files. The problem is that once a month some process changes the ownership of this directory to root:root and permissions to 700. I looked at the audit logs and can see this happen but I have no idea what process is doing this. I looked at /etc/cron.monthly and there is only one entry that doesn't appear to cause that. Do you happen to know what process changes the ownership and permission of /var/log/httpd? Tom Ekberg Senior Computer Specialist, Lab Medicine University of Washington Medical Center 1959 NE Pacific St, MS 357110 Seattle WA 98195 work: (206) 598-8544 email: tekb...@uw.edu -- redhat-list mailing list unsubscribe mailto:redhat-list-requ...@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
/var/log/secure messages?
I see the following in /var/log/secure. Can anyone tell me what this means? They are not always paired up like this. I often see the second message without the first. Sep 22 15:27:59 avalon sshd[4643]: scanned from 69.44.57.202 with SSH-1.0-SSH_Version_Mapper. Don't panic. Sep 22 15:27:59 avalon sshd[4642]: Did not receive identification string from 69.44.57.202 -- Robert C. Paulsen, Jr. [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/secure messages?
I see the following in /var/log/secure. Can anyone tell me what this means? They are not always paired up like this. I often see the second message without the first. Sep 22 15:27:59 avalon sshd[4643]: scanned from 69.44.57.202 with SSH-1.0-SSH_Version_Mapper. Don't panic. Sep 22 15:27:59 avalon sshd[4642]: Did not receive identification string from 69.44.57.202 Hello. Google for with SSH-1.0-SSH_Version_Mapper. Don't panic. (with quotes) and check the first 3 results. Regards Goncalo -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
/var/log/message error question
Hi all, Was wondering if anyone has ever seen something like this in there message log file: *Aug 31 05:28:56 localhost pppoe[7106]: Inactivity timeout... something wicked happened on session 40919* I am running RH9 with all of the latest updates. I have a DSL connection setup and have 2 windozes PC hooked up using the Linux Box as a gateway for them to reach the net. Is this something that is happening from my ISP? Thanks for any info that would help explain this. Lee Perez -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/message error question
I'm assuming that you are running rp-pppoe for your pppoe connection. I recently switched to britsys.net ('cause they give me a static ip for very little more than I was paying for dynamic) so I don't use pppoe anymore, but that error means that the connection was dropped for inactivity (something wicked). Mark On Mon, 1 Sep 2003, cajun wrote: Hi all, Was wondering if anyone has ever seen something like this in there message log file: *Aug 31 05:28:56 localhost pppoe[7106]: Inactivity timeout... something wicked happened on session 40919* I am running RH9 with all of the latest updates. I have a DSL connection setup and have 2 windozes PC hooked up using the Linux Box as a gateway for them to reach the net. Is this something that is happening from my ISP? Thanks for any info that would help explain this. Lee Perez -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
On Sun, 2003-08-24 at 18:56, Rodolfo J. Paiz wrote: At 8/23/2003 10:13 +0200, you wrote: The problem with your WAV files is not that they contain sparse blocks. If they did, they would not sound good, because you would hear every blank block. And since they are listed as 20 times the original size, you would hear a lot of silence, and each of them would play for several hours. ;) But as you've mentioned, two arbitrary 1GB songs still sound good. Just out of curiousity, what do you get when you gzip such a huge file, transfer it to another machine and gunzip it? Sorry to take so long to respond. Didn't have another Linux machine at hand, so I gzipped it (took all of six seconds) and transferred the compressed file (down from 1.18GB to an expected 53MB) to another drive. Gunzipping the file resulted again in a 1.18GB file. Color me baffled. Sorry, I'm joining this thread way after the fact. The only thing I'll mention is that I *have* seen certain applications zero out a very large filesize in preparation for filling up that space with a series of chunks. Bit-torrent is the *perfect* example of that. Say you start to download a 500M ISO image. It breaks it into chunks so it can perform parallel downloads from multiple clients. Even though the total download at any one time may only be a fraction of that size, the file is reserved at its maximum size. I don't know how it does it, but it does. :) Does this sound like a possibility? -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 24 Aug 2003 16:56:52 -0600, Rodolfo J. Paiz wrote: The problem with your WAV files is not that they contain sparse blocks. If they did, they would not sound good, because you would hear every blank block. And since they are listed as 20 times the original size, you would hear a lot of silence, and each of them would play for several hours. ;) But as you've mentioned, two arbitrary 1GB songs still sound good. Just out of curiousity, what do you get when you gzip such a huge file, transfer it to another machine and gunzip it? Sorry to take so long to respond. Didn't have another Linux machine at hand, so I gzipped it (took all of six seconds) and transferred the compressed file (down from 1.18GB to an expected 53MB) to another drive. Gunzipping the file resulted again in a 1.18GB file. Color me baffled. Okay. What else can you report about the integrity of the WAV files? When you load them into a somewhat capable audio player, is the displayed playtime correct? In that case, the internal file size in the WAV header would be correct. What do you see at the end of the files when you display them in a hex-editor (e.g. khexedit)? Could it be that they have ~1 GiB of zeroes at the end? - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/SUvB0iMVcrivHFQRAhlSAJ9FIS00i9KH3cvVz9vh8epIVZJs2ACfWwOL xNCSPF7sT38/eLKzrQRhHbc= =xfuZ -END PGP SIGNATURE- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
At 8/24/2003 19:07 -0400, you wrote: Sorry, I'm joining this thread way after the fact. The only thing I'll mention is that I *have* seen certain applications zero out a very large filesize in preparation for filling up that space with a series of chunks. Bit-torrent is the *perfect* example of that. Say you start to download a 500M ISO image. It breaks it into chunks so it can perform parallel downloads from multiple clients. Even though the total download at any one time may only be a fraction of that size, the file is reserved at its maximum size. I don't know how it does it, but it does. :) Does this sound like a possibility? Not at all... these are standard WAV files, originally ripped from the (original, purchased) music CD. They average 45-50MB, but when I moved them to a second hard drive some of them started getting reported by ls -l as being roughly 20 times larger (900MB to 1.2GB). Oddly, ls -sh reports their sizes correctly, as does du -h. Trying to figure out what caused this wrong listing and fix it, since copying the file does take the whole 1.2GB. Also, I share this folder with Windows which reports total usage as 1.6TB instead of the actual 63GB (25x). -- Rodolfo J. Paiz [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
At 8/25/2003 01:35 +0200, you wrote: Okay. What else can you report about the integrity of the WAV files? When you load them into a somewhat capable audio player, is the displayed playtime correct? In that case, the internal file size in the WAV header would be correct. What do you see at the end of the files when you display them in a hex-editor (e.g. khexedit)? Could it be that they have ~1 GiB of zeroes at the end? They are shared via Samba, and I've created playlists with MusicMatch Jukebox showing all files. Every file seems to have a reasonable file size, and playing one or two songs gives no errors plus the playtime is accurately reported. I could not open the file with khexedit, since it complained about insufficient memory (I have only 256MB of RAM in this machine). But the theory of it actually having spaces or zeroes at the end does not seem logical: what on God's green Earth would tack on 1GB of zeroes at the end, and if so, why does ls -sh report the file size correctly? If this space was indeed being used, then 63GB would have _actually_ expanded to 1.6TB, instead of just _apparently_ having done so. And then it wouldn't fit on the 120GB disk, whereas df -m shows the expected 45GB free and I just moved 10GB to that drive as a test with no problems. AFAICS, that 1TB discrepancy between listings does seem to be a phantom... but from what, how, why, and how to fix it? I have no idea how to even start looking for this one, but while you guys attempt to help me, is there perhaps some docs I should be reading at the same time? Thanks, -- Rodolfo J. Paiz [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
On Sunday, Aug 24, 2003, at 20:31 America/New_York, Rodolfo J. Paiz wrote: At 8/24/2003 19:07 -0400, you wrote: Sorry, I'm joining this thread way after the fact. The only thing I'll mention is that I *have* seen certain applications zero out a very large filesize in preparation for filling up that space with a series of chunks. Bit-torrent is the *perfect* example of that. Say you start to download a 500M ISO image. It breaks it into chunks so it can perform parallel downloads from multiple clients. Even though the total download at any one time may only be a fraction of that size, the file is reserved at its maximum size. I don't know how it does it, but it does. :) Does this sound like a possibility? Not at all... these are standard WAV files, originally ripped from the (original, purchased) music CD. They average 45-50MB, but when I moved them to a second hard drive some of them started getting reported by ls -l as being roughly 20 times larger (900MB to 1.2GB). Oddly, ls -sh reports their sizes correctly, as does du -h. Trying to figure out what caused this wrong listing and fix it, since copying the file does take the whole 1.2GB. Also, I share this folder with Windows which reports total usage as 1.6TB instead of the actual 63GB (25x). -- Rodolfo J. Paiz [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list Here's a stab in the dark- do you have the SIZE or BLOCKSIZE environment variable set (esp. when the wav files were originally magnified)? -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: /var/log/lastlog -- why is it 19 megabytes?
-Original Message- From: [EMAIL PROTECTED] [mailto:redhat-list- [EMAIL PROTECTED] On Behalf Of Rodolfo J. Paiz Sent: Sunday, August 24, 2003 7:32 PM To: [EMAIL PROTECTED] Subject: Re: /var/log/lastlog -- why is it 19 megabytes? At 8/24/2003 19:07 -0400, you wrote: Sorry, I'm joining this thread way after the fact. The only thing I'll mention is that I *have* seen certain applications zero out a very large filesize in preparation for filling up that space with a series of chunks. Bit-torrent is the *perfect* example of that. Say you start to download a 500M ISO image. It breaks it into chunks so it can perform parallel downloads from multiple clients. Even though the total download at any one time may only be a fraction of that size, the file is reserved at its maximum size. I don't know how it does it, but it does. :) Does this sound like a possibility? Not at all... these are standard WAV files, originally ripped from the (original, purchased) music CD. They average 45-50MB, but when I moved them to a second hard drive some of them started getting reported by ls - l as being roughly 20 times larger (900MB to 1.2GB). Oddly, ls -sh reports their sizes correctly, as does du -h. Trying to figure out what caused this wrong listing and fix it, since copying the file does take the whole 1.2GB. Also, I share this folder with Windows which reports total usage as 1.6TB instead of the actual 63GB (25x). -- Rodolfo J. Paiz [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list This maybe absolutely correct reporting. You said that windows and linux are sharing the disk that these files are stored. Well windows reports the total byte count for the files and linux reports the number of 512 byte blocks in a file (or something to that effect), but you are storing the files on a vfat partition and linux maybe(I don't know for sure) reporting the total byte count of the file. In which case linux is reporting the actual byte count, but windows is reporting the allocated byte count hence the discrepancies between the files in a linux partition and the listing o=n the vfat partition and the differences between the linux and windows listing. I think this is what is happening. I've seen this on Unix system sharing with windows but I've never seen it with linux before. A way of resolving maybe to copy the files back from the shared disk to a linux partition and then get a listing. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
At 8/24/2003 20:56 -0400, you wrote: Here's a stab in the dark- do you have the SIZE or BLOCKSIZE environment variable set (esp. when the wav files were originally magnified)? Stab away, any effort welcome. I have never set those variables manually, and doing a set | grep -i size right now from both my user account and root does not show either as being set. Whether they were or were not set at some point in the past is hard to say (the machine had RH8.0 until about three weeks ago and was reinstalled with RH9), but I would assume this is an unlikely thing. All I can think of as unusual that happened in recent history is: 1. Reinstalled from 8.0 to 9. Reinstall does not affect the /music partition since it is on its own disk. 2. Moved all the music (rsync -av IIRC) from /data/music (/dev/hdg1, a 120GB disk) to /music (/dev/hdh1, another 120GB disk). I can not see how either of those could have caused this, but they are the only ideas I have. -- Rodolfo J. Paiz [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: /var/log/lastlog -- why is it 19 megabytes?
At 8/24/2003 19:55 -0500, you wrote: This maybe absolutely correct reporting. You said that windows and linux are sharing the disk that these files are stored. Ah, but the files are on an ext3 partition, on the Linux server, and only shared via Samba to the Windows boxen. So, while reasonable, we can prove that this theory is not correct. Besides, at some point in the past, Windows and Linux both showed the correct values... so it _did_ work, and then something changed. I've seen this on Unix system sharing with windows but I've never seen it with linux before. A way of resolving maybe to copy the files back from the shared disk to a linux partition and then get a listing. I apologize if I gave the impression that the disks were on the Windows box; they are already (and always have been) on the Linux box, in Linux partitions. -- Rodolfo J. Paiz [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: /var/log/lastlog -- why is it 19 megabytes?
-Original Message- From: [EMAIL PROTECTED] [mailto:redhat-list- [EMAIL PROTECTED] On Behalf Of Rodolfo J. Paiz Sent: Sunday, August 24, 2003 8:07 PM To: [EMAIL PROTECTED] Subject: RE: /var/log/lastlog -- why is it 19 megabytes? At 8/24/2003 19:55 -0500, you wrote: This maybe absolutely correct reporting. You said that windows and linux are sharing the disk that these files are stored. Ah, but the files are on an ext3 partition, on the Linux server, and only shared via Samba to the Windows boxen. So, while reasonable, we can prove that this theory is not correct. Besides, at some point in the past, Windows and Linux both showed the correct values... so it _did_ work, and then something changed. I've seen this on Unix system sharing with windows but I've never seen it with linux before. A way of resolving maybe to copy the files back from the shared disk to a linux partition and then get a listing. I apologize if I gave the impression that the disks were on the Windows box; they are already (and always have been) on the Linux box, in Linux partitions. -- Rodolfo J. Paiz [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list Okay, I see. There is probably some other explanation then. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: /var/log/lastlog -- why is it 19 megabytes?
-Original Message- From: [EMAIL PROTECTED] [mailto:redhat-list- [EMAIL PROTECTED] On Behalf Of jurvis lasalle Sent: Sunday, August 24, 2003 7:57 PM To: [EMAIL PROTECTED] Subject: Re: /var/log/lastlog -- why is it 19 megabytes? On Sunday, Aug 24, 2003, at 20:31 America/New_York, Rodolfo J. Paiz wrote: At 8/24/2003 19:07 -0400, you wrote: Sorry, I'm joining this thread way after the fact. The only thing I'll mention is that I *have* seen certain applications zero out a very large filesize in preparation for filling up that space with a series of chunks. Bit-torrent is the *perfect* example of that. Say you start to download a 500M ISO image. It breaks it into chunks so it can perform parallel downloads from multiple clients. Even though the total download at any one time may only be a fraction of that size, the file is reserved at its maximum size. I don't know how it does it, but it does. :) Does this sound like a possibility? Not at all... these are standard WAV files, originally ripped from the (original, purchased) music CD. They average 45-50MB, but when I moved them to a second hard drive some of them started getting reported by ls -l as being roughly 20 times larger (900MB to 1.2GB). Oddly, ls -sh reports their sizes correctly, as does du -h. Trying to figure out what caused this wrong listing and fix it, since copying the file does take the whole 1.2GB. Also, I share this folder with Windows which reports total usage as 1.6TB instead of the actual 63GB (25x). -- Rodolfo J. Paiz [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:redhat-list- [EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list Here's a stab in the dark- do you have the SIZE or BLOCKSIZE environment variable set (esp. when the wav files were originally magnified)? -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list let me further explain with a example. Suppose you have a file that is 1024 bytes on linux and you do a ls it will list as 2 block (2 512 byte blocks). You copy this file to a vfat partition to be shared with windows and the allocation units is 5 512 blocks. Now when you do the listing linux list it as 1024 bytes and windows will list it 2560 bytes. Maybe this is what is happening and when you force linux to list using linux units it will list it correctly as 2 blocks. IMHO this what I think. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: /var/log/lastlog -- why is it 19 megabytes?
At 8/24/2003 20:08 -0500, you wrote: let me further explain with a example. Suppose you have a file that is 1024 bytes on linux and you do a ls it will list as 2 block (2 512 byte blocks). OK... but here the error would be at most a few KB, not an additional 1,130MB. You copy this file to a vfat partition to be shared with windows and the allocation units is 5 512 blocks. Now when you do the listing linux list it as 1024 bytes and windows will list it 2560 bytes. I understand your concept; but these files have only been copied once, from disk /dev/hdg on the Linux server (using ext3) to disk /dev/hdh ON THE SAME SERVER, also using ext3. No copying to Windows has occurred... all I've done is to allow Windows machines to read them via Samba. -- Rodolfo J. Paiz [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: /var/log/lastlog -- why is it 19 megabytes?
-Original Message- From: [EMAIL PROTECTED] [mailto:redhat-list- [EMAIL PROTECTED] On Behalf Of Rodolfo J. Paiz Sent: Sunday, August 24, 2003 8:45 PM To: [EMAIL PROTECTED] Subject: RE: /var/log/lastlog -- why is it 19 megabytes? At 8/24/2003 20:08 -0500, you wrote: let me further explain with a example. Suppose you have a file that is 1024 bytes on linux and you do a ls it will list as 2 block (2 512 byte blocks). OK... but here the error would be at most a few KB, not an additional 1,130MB. You copy this file to a vfat partition to be shared with windows and the allocation units is 5 512 blocks. Now when you do the listing linux list it as 1024 bytes and windows will list it 2560 bytes. I understand your concept; but these files have only been copied once, from disk /dev/hdg on the Linux server (using ext3) to disk /dev/hdh ON THE SAME SERVER, also using ext3. No copying to Windows has occurred... all I've done is to allow Windows machines to read them via Samba. -- Rodolfo J. Paiz [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list Sorry, This list delivers some responses out of sequence. I think I conceded the fact that there is some other explanation. I'm thinking. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
Rodolfo J. Paiz wrote: I have no idea how to even start looking for this one Well, you could try unsparsing a file.. it's a blind shot, it makes no sense, but it's worth a try (on the smallest huge file). cp --sparse=always big.wav test.wav -- Herculano de Lima Einloft Neto [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
I wrote: Well, you could try unsparsing a file.. it's a blind shot, it makes no sense, but it's worth a try (on the smallest huge file). cp --sparse=always big.wav test.wav Please disconsider this - it's confuse. I didn't read all your posts well. Your files would be sparsed already if sparsing had anything to do with it. But it could have (smth to do with it). -- Herculano de Lima Einloft Neto [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
Rodolfo J. Paiz Trying to figure out what caused this wrong listing and fix it, since copying the file does take the whole 1.2GB Just got it, this is what I meant: if the files are sparse, cp --sparse=always wouldn't take the whole 1.2 GB. -- Herculano de Lima Einloft Neto [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
On Sunday 24 August 2003 07:07 pm, Jason Dixon wrote: Sorry, I'm joining this thread way after the fact. The only thing I'll mention is that I *have* seen certain applications zero out a very large filesize in preparation for filling up that space with a series of chunks. Bit-torrent is the *perfect* example of that. Say you start to download a 500M ISO image. It breaks it into chunks so it can perform parallel downloads from multiple clients. Even though the total download at any one time may only be a fraction of that size, the file is reserved at its maximum size. I don't know how it does it, but it does. :) Dunno if that's his problem, but it's quite common. They are called sparse files. The application fopen()s the file, does an fseek() or fsetpos() to how big the file should be. This is done a lot for buffers that need to work fast, like DBMS space, ring buffers, etc. Note that inodes are only allocated as the space is used, so this is not as wasteful as you would think. The same thing happens with RAM. You can malloc() much more ram than you have (even virtual RAM), but it doesn't actually allocate memory until you write to it. This can have unfortunate effects if you actually use more memory than you have, but it's generally not a problem for a correctly-speced system. But your program can run out of memory at write time instead of malloc time for this reason. RAM allocation is even more complicated, because the OS takes unused memory and uses it for buffers and cache, and gives them back as needed. So you have RAM that is free, RAM that is allocated, and RAM that is borrowed to be returned as needed. -- David Kramer [EMAIL PROTECTED] http://thekramers.net DK KD DKK D The avalanche has already begun. DK KD It is too late for the pebbles to vote. - Kosh, babylon 5 -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
At 8/24/2003 23:17 -0300, you wrote: Rodolfo J. Paiz wrote: I have no idea how to even start looking for this one Well, you could try unsparsing a file.. it's a blind shot, it makes no sense, but it's worth a try (on the smallest huge file). cp --sparse=always big.wav test.wav That's actually how I ended up on this thread... no one was paying me any attention on my other attempts to get help on this issue, and sparse files sounded like a possible explanation so I went through the thread and made attempts to sparse or unsparse with both cp and rsync. No dice... I still get 1.2GB worth of file, yet the darn thing plays properly in a media player and displays correctly in certain incantations of ls. Is there someone out there with some coding expertise, who can maybe explain why ls -l and ls -sh give different results? Like this: ls -l: -rwxr--r--1 rpaizrpaiz1177207676 Aug 3 18:09 Kansas ~ Best of Kansas ~ 04 ~ Dust in the Wind ~ 890B500A.wav ls -sh: 35M Kansas ~ Best of Kansas ~ 04 ~ Dust in the Wind ~ 890B500A.wav Worse yet, the file that I gzipped and then gunzipped is now really and truly taking up 1.2GB: ls -l: -rwxr--r--1 rpaizrpaiz1181163340 Aug 3 18:09 Kansas ~ Best of Kansas ~ 01 ~ Carry on Wayward Son ~ 890B500A.wav ls -sh: 1.2G Kansas ~ Best of Kansas ~ 01 ~ Carry on Wayward Son ~ 890B500A.wav Any listing of it now shows 1.2GB, and total space used in the directory du -ms as well as disk free space df -m reflect the increase. It still plays fine in my media player, though! Arrrgh!!! -- Rodolfo J. Paiz [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
At 8/24/2003 22:04 -0400, you wrote: On Sunday 24 August 2003 07:07 pm, Jason Dixon wrote: Sorry, I'm joining this thread way after the fact. The only thing I'll mention is that I *have* seen certain applications zero out a very large filesize in preparation for filling up that space with a series of chunks. Bit-torrent is the *perfect* example of that. Dunno if that's his problem, but it's quite common. They are called sparse files. This is something I only just heard about for the first time two days ago, but it's definitely not my problem (insofar as testing with cp and rsync and their sparse parameters can tell me). -- Rodolfo J. Paiz [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
Rodolfo, On Sunday August 24, 2003 11:28, Rodolfo J. Paiz wrote: Is there someone out there with some coding expertise, who can maybe explain why ls -l and ls -sh give different results? Like this: Not that I read the code but it isn't too hard to derive the answer from the info page of ls. `-s' `--size' Print the disk allocation of each file to the left of the file name. This is the amount of disk space used by the file, which is usually a bit more than the file's size, but it can be less if the file has holes. Normally the disk allocation is printed in units of 1024 bytes, but this can be overridden (*note Block size::). `-l' `--format=long' `--format=verbose' In addition to the name of each file, print the file type, permissions, number of hard links, owner name, group name, size in bytes, and timestamp (*note Formatting file timestamps::), normally the modification time. So in this case it appears you have some VERY holey files. Since the -s is telling you the space used and the -l is calculating the bytes used by (number of blocks allocated - 1) * 512 + remainder. Perhaps try running stat on a file and see if this is accurate. I'll give some examples to try and illustrate this. Here is an example file of ~40MB. You will see the blocks in the first version and the human interpretation of those blocks. By default, ls uses 1K blocks for it's output of the -s flag. [EMAIL PROTECTED] test]$ ls -ls testfile 39376 -rw-r--r--1 brianbrian40274705 Jan 20 2003 testfile [EMAIL PROTECTED] test]$ ls -lsh testfile 39M -rw-r--r--1 brianbrian 38M Jan 20 2003 testfile Note how what the man page told us holds true here as the two numbers don't match. This is because of using (blocks * blocksize) and each having different numbers to use. Now let's see what the system _really_ thinks about this file. [EMAIL PROTECTED] test]$ stat testfile File: `testfile' Size: 40274705Blocks: 78752 IO Block: 4096 Regular File Device: 305h/773d Inode: 109 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 500/ brian) Gid: ( 500/ brian) Access: 2003-08-25 02:24:01.0 -0400 Modify: 2003-01-20 10:34:12.0 -0500 Change: 2003-01-20 10:34:12.0 -0500 Now we see we actually have a 4K blocksize. But the number of blocks is still in the default 512b size. So let's tell ls what the blocksize actually is and see what it tells us. [EMAIL PROTECTED] test]$ ls --block-size=4K -ls testfile 9844 -rw-r--r--1 brianbrian40274705 Jan 20 2003 testfile Notice the number of blocks changes but the file size doesn't. So now we can see that the blocksize is playing a large part in how even the same command can interpret what it is seeing. However this doesn't explain what's going on, just what you see. Everything from here on is either pure speculation or WAG. ;) ls -l: -rwxr--r--1 rpaizrpaiz1177207676 Aug 3 18:09 Kansas ~ Best of Kansas ~ 04 ~ Dust in the Wind ~ 890B500A.wav ls -sh: 35M Kansas ~ Best of Kansas ~ 04 ~ Dust in the Wind ~ 890B500A.wav The difference here looks like a 32 times in difference (35 * 1024 * 1024 * 32 = 1174405120 (which is pretty close to the 1177207676 you see above considering rounding)). Which the only thing I can guess at is perhaps one of the two drives has a 32K blocksize and the other has a 1K blocksize. Further it would seem that somehow the rsync command you used (or something else) transfered blocks instead of bytes and really screwed up the layout of the filesystem. I believe you mentioned that you had seen a 98% fragmented system and this would seem congruent with some very holey files. Hence the vast difference in reported sizes. You really need to take a look inside these files to see what's going on. That way you can see if there are real file issues or some sort of filesystem confusion. You had mentioned earlier that you can't read a file in a hex editor due to memory constraints. You should try something like head -c 64k filename | od -c to get a feel for what's in the file (look for zeroes). The only thing I can think to recommend that would make sense is to grab a defrag tool and see if it can fix it. Or if you can copy a file back to the old drive using the same method and then use a different one to get it back on the desired drive if that seems to restore sanity to the files. Anyway, it's late here and there could be some inaccuracies, but perhaps you can either get it fixed or provide some new info. I left out using debugfs for now, since it can get very confusing if you're not used to it. -- Brian Ashe CTO Dee-Web Software Services, LLC. [EMAIL PROTECTED] http://www.dee-web.com/ -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 24 Aug 2003 18:54:04 -0600, Rodolfo J. Paiz wrote: I could not open the file with khexedit, since it complained about insufficient memory (I have only 256MB of RAM in this machine). But the theory of it actually having spaces or zeroes at the end does not seem logical: what on God's green Earth would tack on 1GB of zeroes at the end, rsync and if so, why does ls -sh report the file size correctly? ls -sh is like du -h and reports disk usage in blocks. If this space was indeed being used, then 63GB would have _actually_ expanded to 1.6TB, instead of just _apparently_ having done so. But that is impossible because your disk is not that big. So, it could still be sparse blocks (or similar symptoms) at the _end_ of a file. You don't hear that, when the music player relies on the WAV length as found in the WAV file header. You would only hear the effect of sparse blocks in the beginning of the file, where empty blocks would be mixed into the WAV stream. And then it wouldn't fit on the 120GB disk, whereas df -m shows the expected 45GB free and I just moved 10GB to that drive as a test with no problems. AFAICS, that 1TB discrepancy between listings does seem to be a phantom... but from what, how, why, and how to fix it? I have no idea how to even start looking for this one, but while you guys attempt to help me, is there perhaps some docs I should be reading at the same time? A WAV editor which saves only the WAV content size as specified in the WAV header would be able to repair the files. - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/Sfgp0iMVcrivHFQRAksCAJ9VCkyWdI4zecILbnVDktx42V/GqwCggC/2 wHpqXMrvH21tFQo3ThNKtc4= =47DG -END PGP SIGNATURE- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 24 Aug 2003 21:28:18 -0600, Rodolfo J. Paiz wrote: Well, you could try unsparsing a file.. it's a blind shot, it makes no sense, but it's worth a try (on the smallest huge file). cp --sparse=always big.wav test.wav That's actually how I ended up on this thread... no one was paying me any attention on my other attempts to get help on this issue, and sparse files sounded like a possible explanation so I went through the thread and made attempts to sparse or unsparse with both cp and rsync. No dice... I still get 1.2GB worth of file, yet the darn thing plays properly in a media player and displays correctly in certain incantations of ls. Because it makes no sense. The proposed unsparsing the file would expand the empty blocks and create a file that occupies as much space on disk as normal ls -l shows. What you would need in case of sparse files with lots of omitted blocks at the end, is a way to _cut off_ the files at the end. - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/Sfm50iMVcrivHFQRArVuAJ975eaxSC4lqNcFNRnXhxed1G6BKACfSZuI 6L37F90XwMpuDmHg3VYztE8= =LdKr -END PGP SIGNATURE- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
At 8/23/2003 10:13 +0200, you wrote: The problem with your WAV files is not that they contain sparse blocks. If they did, they would not sound good, because you would hear every blank block. And since they are listed as 20 times the original size, you would hear a lot of silence, and each of them would play for several hours. ;) But as you've mentioned, two arbitrary 1GB songs still sound good. Just out of curiousity, what do you get when you gzip such a huge file, transfer it to another machine and gunzip it? Sorry to take so long to respond. Didn't have another Linux machine at hand, so I gzipped it (took all of six seconds) and transferred the compressed file (down from 1.18GB to an expected 53MB) to another drive. Gunzipping the file resulted again in a 1.18GB file. Color me baffled. -- Rodolfo J. Paiz [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
At 8/22/2003 21:39 -0300, you wrote: Robert C. Paulsen Jr. wrote: Perhaps you saved the file from within vi. That might unsparse the file. Will sparsing or unsparsing the file (whichever is the one that fixes the problem) eliminate those blank spaces? I have 40M files that (after being copied to a second hard drive) show up correctly with ls -sh but then show up as 950MB files in ls -l. If I do cp --sparse=always or rsync -av --sparse, will the file be returned to its normal real size? Will it still have all those blanks in it? And is there a way for me to check whether or not this is indeed my problem? Please see my other thread earlier today labeled File sizes reported incorrectly (and huge!) for more detail. Thanks, -- Rodolfo J. Paiz [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 23 Aug 2003 00:03:43 -0600, Rodolfo J. Paiz wrote: Will sparsing or unsparsing the file (whichever is the one that fixes the problem) eliminate those blank spaces? I have 40M files that (after being copied to a second hard drive) show up correctly with ls -sh but then show up as 950MB files in ls -l. If I do cp --sparse=always or rsync -av --sparse, will the file be returned to its normal real size? Will it still have all those blanks in it? And is there a way for me to check whether or not this is indeed my problem? Please see my other thread earlier today labeled File sizes reported incorrectly (and huge!) for more detail. The problem with your WAV files is not that they contain sparse blocks. If they did, they would not sound good, because you would hear every blank block. And since they are listed as 20 times the original size, you would hear a lot of silence, and each of them would play for several hours. ;) But as you've mentioned, two arbitrary 1GB songs still sound good. Just out of curiousity, what do you get when you gzip such a huge file, transfer it to another machine and gunzip it? - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/RyIf0iMVcrivHFQRApkVAJoCDqWiqXFy0KFFmciSFtlln9jcRACeKVi6 5pVfV6eMFNXDZ1c4upE2yRI= =CT2E -END PGP SIGNATURE- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
Ronald W. Heiby wrote: If, when you copy a sparse file, you do not take precautions to have the copy also be sparse, the copy gets filled in and has a bunch of bytes of 0x00 actually allocated on disk. Looks like that happened here. Ron. Well, I'm quite sure I never copied it anywhere.. one time I vi'd it and it took forever for vi to load it, with a lot of disk scratching.. bet that was it.. Can you tell me how to fix this? Thanks -- Herculano de Lima Einloft Neto [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
On Fri, Aug 22, 2003 at 08:37:57PM -0300, Herculano de Lima Einloft Neto wrote: Ronald W. Heiby wrote: If, when you copy a sparse file, you do not take precautions to have the copy also be sparse, the copy gets filled in and has a bunch of bytes of 0x00 actually allocated on disk. Looks like that happened here. Ron. Well, I'm quite sure I never copied it anywhere.. one time I vi'd it and it took forever for vi to load it, with a lot of disk scratching.. bet that was it.. Can you tell me how to fix this? Perhaps you saved the file from within vi. That might unsparse the file. Read up on the --sparse option of cp (man cp). It looks like the following will work: (warning! I have not tried this!) cd /var/log mv lastlog lastlog-orig cp --sparse=always lastlog-orig lastlog du -h lastlog rm lastlog-orig -- Robert C. Paulsen, Jr. [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
Robert C. Paulsen Jr. wrote: Perhaps you saved the file from within vi. That might unsparse the file. Yes.. but perhaps I didn't. :) Read up on the --sparse option of cp (man cp). It looks like the following will work: (warning! I have not tried this!) cd /var/log mv lastlog lastlog-orig cp --sparse=always lastlog-orig lastlog du -h lastlog rm lastlog-orig That worked perfectly.. wait a minute.. weren't you the guy asking for help in the first place? :) Thanks a lot, -- Herculano de Lima Einloft Neto [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
On Fri, Aug 22, 2003 at 09:39:40PM -0300, Herculano de Lima Einloft Neto wrote: Robert C. Paulsen Jr. wrote: Perhaps you saved the file from within vi. That might unsparse the file. Yes.. but perhaps I didn't. :) Read up on the --sparse option of cp (man cp). It looks like the following will work: (warning! I have not tried this!) cd /var/log mv lastlog lastlog-orig cp --sparse=always lastlog-orig lastlog du -h lastlog rm lastlog-orig That worked perfectly.. wait a minute.. weren't you the guy asking for help in the first place? :) Yup. But my lastlog file was already sparse. I just didn't associate the concept (sparse files, which I knew about) with this real-life example since I hadn't run into it before and the concept was buried deep in my subconscious. I learned from my experience! -- Robert C. Paulsen, Jr. [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
/var/log/lastlog -- why is it 19 megabytes?
Can anyone explain why my /var/log/lastlog is 19 megabytes? Here is the output from the lastlog command: Username Port From Latest root tty2 Wed Aug 20 16:27:44 -0500 2003 bin**Never logged in** daemon **Never logged in** adm**Never logged in** lp **Never logged in** sync **Never logged in** shutdown **Never logged in** halt **Never logged in** mail **Never logged in** news **Never logged in** uucp **Never logged in** operator **Never logged in** games **Never logged in** gopher **Never logged in** ftp**Never logged in** nobody **Never logged in** rpm**Never logged in** vcsa **Never logged in** nscd **Never logged in** sshd **Never logged in** rpc**Never logged in** rpcuser**Never logged in** nfsnobody **Never logged in** mailnull **Never logged in** smmsp **Never logged in** pcap **Never logged in** apache **Never logged in** squid **Never logged in** webalizer **Never logged in** xfs**Never logged in** named **Never logged in** ntp**Never logged in** gdm**Never logged in** mysql **Never logged in** postgres **Never logged in** desktop**Never logged in** robert :0Wed Aug 20 19:39:17 -0500 2003 nut**Never logged in** Also lastlog is not rotated by logrotate. Is there a reason for that? I found a changelog for logrotate with the comment: * Thu Feb 24 2000 Erik Troan [EMAIL PROTECTED] - don't rotate lastlog But this doesn't say why. Couldn't find any relevant comments in the source code either. -- Robert C. Paulsen, Jr. [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 21 Aug 2003 08:57:18 -0500, Robert C. Paulsen Jr. wrote: Can anyone explain why my /var/log/lastlog is 19 megabytes? It isn't. It just contains sparse blocks. See: du -h /var/log/lastlog - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/ROBt0iMVcrivHFQRAo16AJ0ZfWeuiVO2bI6j6juol2zFNWuvuQCdEOdO 9nOQkbGrnZuyGDHIfSahgMY= =B8YX -END PGP SIGNATURE- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
Since I don't know, I'll askwhat are sparse blocks and why does `ls -l` show 19Mb and du show 56k? Mark On Thu, 21 Aug 2003, Michael Schwendt wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 21 Aug 2003 08:57:18 -0500, Robert C. Paulsen Jr. wrote: Can anyone explain why my /var/log/lastlog is 19 megabytes? It isn't. It just contains sparse blocks. See: du -h /var/log/lastlog -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 21 Aug 2003 19:02:02 + (UTC), Mark Neidorff wrote: Since I don't know, I'll askwhat are sparse blocks and Think of sparse blocks (aka sparse files) as files with holes. Empty [not yet used] parts of a file are not written to disk in the normal way where they would occupy the same space on disk as if loaded fully into memory. Upon reading parts of the file from disk, skipped blocks (the holes) would be recognized and substituted with zeroes. As a result, it is possible to create huge empty data structures and only the sparse areas, which are filled with values, would occupy space on disk. why does `ls -l` show 19Mb and du show 56k? du examines the true number of file-system blocks used on disk, whereas ls prints the size of a file it would have when read into memory completely. - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/RWv20iMVcrivHFQRAii9AJ9VPCK5PzMWv416H+ljfmW3RFpQpgCdGHsc erHJcC4A/Robsj+mhfveHUE= =i4Yj -END PGP SIGNATURE- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
OK.. I've seen this subject on lots of threads so I'll ask.. can you explain this? [EMAIL PROTECTED] logs]$ du -h /var/log/lastlog 19M /var/log/lastlog Thanks in advance -- Herculano de Lima Einloft Neto [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/lastlog -- why is it 19 megabytes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thursday, August 21, 2003, 9:39:30 PM, Herculano wrote: OK.. I've seen this subject on lots of threads so I'll ask.. can you explain this? [EMAIL PROTECTED] logs]$ du -h /var/log/lastlog 19M /var/log/lastlog If, when you copy a sparse file, you do not take precautions to have the copy also be sparse, the copy gets filled in and has a bunch of bytes of 0x00 actually allocated on disk. Looks like that happened here. Ron. -BEGIN PGP SIGNATURE- Version: PGP Personal Privacy 6.5.8 Comment: Until recently, the last PGP with full source disclosure. iQA/AwUBP0WVwm8pw+2/9pUJEQITxgCg80hoFBkJYCaKbJrxTl0tmKmdas8AoLM0 lYeS+pqsYIc6b4Z+uPC0xZYA =ptso -END PGP SIGNATURE- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: /var/log/messages question.
it error could cost me large holidays... ;-) regards, Kristof --- Kristof Kowalski [EMAIL PROTECTED] escribió: Yeah that not to mention your .bash_history so you can't track what he did on the command line. Kristof Kowalski | Staesis Network | www.staesis.net -- Internetworking Consultant -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Manuel Aróstegui Ramirez Sent: Tuesday, 3 June 2003 9:39 PM To: [EMAIL PROTECTED] Subject: Re: /var/log/messages question. in my opinion, all /var/log :-) --- Lucas Mattson [EMAIL PROTECTED] escribió: Which log files would an intruder delete if he breaks into my linux server? _ Här börjar internet! Skaffa gratis e-mail och gratis internet på http://www.spray.se Hitta rätt på internet med Lycos - http://lycos.spray.se = -- Manuel Aróstegui Linux user 200896 ___ Yahoo! Messenger - Nueva versión GRATIS Super Webcam, voz, caritas animadas, y más... http://messenger.yahoo.es -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list = -- Manuel Aróstegui Linux user 200896 ___ Yahoo! Messenger - Nueva versión GRATIS Super Webcam, voz, caritas animadas, y más... http://messenger.yahoo.es -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
/var/log/messages question.
Which log files would an intruder delete if he breaks into my linux server? _ Här börjar internet! Skaffa gratis e-mail och gratis internet på http://www.spray.se Hitta rätt på internet med Lycos - http://lycos.spray.se
Re: /var/log/messages question.
in my opinion, all /var/log :-) --- Lucas Mattson [EMAIL PROTECTED] escribió: Which log files would an intruder delete if he breaks into my linux server? _ Här börjar internet! Skaffa gratis e-mail och gratis internet på http://www.spray.se Hitta rätt på internet med Lycos - http://lycos.spray.se = -- Manuel Aróstegui Linux user 200896 ___ Yahoo! Messenger - Nueva versión GRATIS Super Webcam, voz, caritas animadas, y más... http://messenger.yahoo.es -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
RE: /var/log/messages question.
Yeah that not to mention your .bash_history so you can't track what he did on the command line. Kristof Kowalski | Staesis Network | www.staesis.net -- Internetworking Consultant -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Manuel Aróstegui Ramirez Sent: Tuesday, 3 June 2003 9:39 PM To: [EMAIL PROTECTED] Subject: Re: /var/log/messages question. in my opinion, all /var/log :-) --- Lucas Mattson [EMAIL PROTECTED] escribió: Which log files would an intruder delete if he breaks into my linux server? _ Här börjar internet! Skaffa gratis e-mail och gratis internet på http://www.spray.se Hitta rätt på internet med Lycos - http://lycos.spray.se = -- Manuel Aróstegui Linux user 200896 ___ Yahoo! Messenger - Nueva versión GRATIS Super Webcam, voz, caritas animadas, y más... http://messenger.yahoo.es -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Error Msg in /var/log/message
can someone tell me what this is... Mar 20 16:58:10 linux_server kernel: eth0: Too much work in interrupt, status e401. -- gyoo [at] attbi [dot] com -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iQCUAwUBPhxERRxoVYCzmrKXAQJK5gP3Y7CTsFyKpEz2p5W4GWI9+qSm+kWfdJ0R xNlma0Ma9rAL/OBJcZMo5IXyXas+3Edogbv4Al6dIf8lot1WS0Iaxxl/cg2f7gf+ otf7LfNpZDE/6OzR7A1qN6baPMLSjGzywwQWMfSVuWWb6kGQxMsA13Kn68G7Ozxs 5CODZqUPyg== =AolA -END PGP SIGNATURE- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Error Msg in /var/log/message
Gene Yoo said: can someone tell me what this is... Mar 20 16:58:10 linux_server kernel: eth0: Too much work in interrupt, status e401. this came up recently, here is an answer: http://www.beowulf.org/pipermail/beowulf/2002-December/005433.html that is from the author of most of the linux network drivers. Basically it looks to be a hardware problem, and the driver is reporting it to you, it doesn't seem to be a serious problem, luckily the driver can detect the problem and hopefully work around it. I've run many linux systems over the years and have never seen that message. nate -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Error Msg in /var/log/message
nate wrote: Gene Yoo said: can someone tell me what this is... Mar 20 16:58:10 linux_server kernel: eth0: Too much work in interrupt, status e401. this came up recently, here is an answer: http://www.beowulf.org/pipermail/beowulf/2002-December/005433.html that is from the author of most of the linux network drivers. Basically it looks to be a hardware problem, and the driver is reporting it to you, it doesn't seem to be a serious problem, luckily the driver can detect the problem and hopefully work around it. I've run many linux systems over the years and have never seen that message. nate so i guess i'm going to have to replace the NIC... -- gyoo [at] attbi [dot] com -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iQCUAwUBPhxERRxoVYCzmrKXAQJK5gP3Y7CTsFyKpEz2p5W4GWI9+qSm+kWfdJ0R xNlma0Ma9rAL/OBJcZMo5IXyXas+3Edogbv4Al6dIf8lot1WS0Iaxxl/cg2f7gf+ otf7LfNpZDE/6OzR7A1qN6baPMLSjGzywwQWMfSVuWWb6kGQxMsA13Kn68G7Ozxs 5CODZqUPyg== =AolA -END PGP SIGNATURE- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Error Msg in /var/log/message
Gene Yoo said: so i guess i'm going to have to replace the NIC... if it's a good NIC it may not be a problem with the NIC. It may be in a PCI slot which shares an IRQ with another device that is not friendly, it may be a bios setting(PCI timing or something), it may be the motherboard(since you don't mention what board). or, it could be the NIC itself.. tracing down a hardware problem is usually a real pain to do. my best reccomendation is to check your motherboard manual, for what PCI slots share what IRQs(typically the first and last PCI slots share irqs with other things, while the middle ones don't). And check the bios settings, be sure you have somewhat conservative settings(defaults are usually fine), and check the IRQs themselves (cat /proc/interrupts or run 'procinfo'). nate -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Error Msg in /var/log/message
Gene Yoo said: so i guess i'm going to have to replace the NIC... Not necessarily - I've seen this error when a Cisco switch failed to negotiate properly with 3Com Tornado cards. There is some info in the driver documentation in the kernel-source ( for 3Com cards at least ) peter Peter Skensved Email : [EMAIL PROTECTED] Dept. of Physics, Queen's University, Kingston, Ontario, Canada -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/messages logs every packet! (Out of Office)
I will be out of the office Friday, November 15th. If this is an emergency please contact the IT help desk. Thank you, Jacob Petrie Web Systems/Information Technology Kitsap Community Federal Credit Union [EMAIL PROTECTED] 360.662.2140 -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/messages logs every packet! (Out of Office)
I will be out of the office Friday, November 15th. If this is an emergency please contact the IT help desk. Thank you, Jacob Petrie Web Systems/Information Technology Kitsap Community Federal Credit Union [EMAIL PROTECTED] 360.662.2140 -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/messages logs every packet! (Out of Office)
I will be out of the office Friday, November 15th. If this is an emergency please contact the IT help desk. Thank you, Jacob Petrie Web Systems/Information Technology Kitsap Community Federal Credit Union [EMAIL PROTECTED] 360.662.2140 -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/messages logs every packet! (Out of Office)
I will be out of the office Friday, November 15th. If this is an emergency please contact the IT help desk. Thank you, Jacob Petrie Web Systems/Information Technology Kitsap Community Federal Credit Union [EMAIL PROTECTED] 360.662.2140 -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/messages logs every packet! (Out of Office)
I will be out of the office Friday, November 15th. If this is an emergency please contact the IT help desk. Thank you, Jacob Petrie Web Systems/Information Technology Kitsap Community Federal Credit Union [EMAIL PROTECTED] 360.662.2140 -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/messages logs every packet! (Out of Office)
I will be out of the office Friday, November 15th. If this is an emergency please contact the IT help desk. Thank you, Jacob Petrie Web Systems/Information Technology Kitsap Community Federal Credit Union [EMAIL PROTECTED] 360.662.2140 -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
/var/log/messages logs every packet!
my /var/log/messages is huge because it logs each and every packet: Nov 14 21:20:36 kernel: Packet log: input ACCEPT eth0 PROTO=6 ... how do I turn this off? -- Sam Steingold (http://www.podval.org/~sds) running RedHat8 GNU/Linux http://www.camera.org http://www.iris.org.il http://www.memri.org/ http://www.mideasttruth.com/ http://www.palestine-central.com/links.html main(a){a=main(a){a=%c%s%c;printf(a,34,a,34);};printf(a,34,a,34);} -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/messages logs every packet! (Out of Office)
I will be out of the office Friday, November 15th. If this is an emergency please contact the IT help desk. Thank you, Jacob Petrie Web Systems/Information Technology Kitsap Community Federal Credit Union [EMAIL PROTECTED] 360.662.2140 -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/messages logs every packet!
On 14 Nov 2002, Sam Steingold wrote: my /var/log/messages is huge because it logs each and every packet: Nov 14 21:20:36 kernel: Packet log: input ACCEPT eth0 PROTO=6 ... how do I turn this off? The Drastic Way is /etc/init.d/iptables stop or ipchains stop did you happen to configure a firewall yourself? But the best solution is to figure out where your firewall is configured, and comment any references in the script to logging: # iptables -A INPUT -i $INTERNET -f -j LOG --log-prefix LOG: look in your /var/log/boot.log for references to ipchains, iptables, or firewalls. -- \ \/ / _ |~\ _ In God We Trust. All Others Pay Cash. / \|\ /|+- | | The world is a comedy to those that think, / /\ \\_/| \/ ||__)|_|a tragedy to those who feel. - Horace Walpole -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/messages logs every packet! (Out of Office)
I will be out of the office Friday, November 15th. If this is an emergency please contact the IT help desk. Thank you, Jacob Petrie Web Systems/Information Technology Kitsap Community Federal Credit Union [EMAIL PROTECTED] 360.662.2140 -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/messages logs every packet! (Out of Office)
I will be out of the office Friday, November 15th. If this is an emergency please contact the IT help desk. Thank you, Jacob Petrie Web Systems/Information Technology Kitsap Community Federal Credit Union [EMAIL PROTECTED] 360.662.2140 -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/messages logs every packet!
On Thu, Nov 14, 2002 at 09:23:13PM -0500, Sam Steingold wrote: my /var/log/messages is huge because it logs each and every packet: Nov 14 21:20:36 kernel: Packet log: input ACCEPT eth0 PROTO=6 ... You have -l in your iptables/ipchains rules. Typically found in /etc/sysconfig/iptables or /etc/sysconfig/ipchains. Use iptables -nL or ipchains -nL to determine which is loaded (or use lsmod) -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/messages logs every packet! (Out of Office)
I will be out of the office Friday, November 15th. If this is an emergency please contact the IT help desk. Thank you, Jacob Petrie Web Systems/Information Technology Kitsap Community Federal Credit Union [EMAIL PROTECTED] 360.662.2140 -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/messages logs every packet! (Out of Office)
I will be out of the office Friday, November 15th. If this is an emergency please contact the IT help desk. Thank you, Jacob Petrie Web Systems/Information Technology Kitsap Community Federal Credit Union [EMAIL PROTECTED] 360.662.2140 -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/messages logs every packet! (Out of Office)
I will be out of the office Friday, November 15th. If this is an emergency please contact the IT help desk. Thank you, Jacob Petrie Web Systems/Information Technology Kitsap Community Federal Credit Union [EMAIL PROTECTED] 360.662.2140 -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Message in /var/log/messages
On Tue, Nov 12, 2002 at 08:37:52PM -0600, Yoink! wrote: File a bug report with Bugzilla on redhat's site. You hit some king of kernel error, likely in their ext3 code. I've replaced the RAM in that machine and the problems (and error messages) went away. Emmanuel -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Message in /var/log/messages
On Mon, 11 Nov 2002, Emmanuel Seyman wrote: Can anybody tell me what this means: Nov 11 21:44:51 zoe kernel: EXT3-fs error (device sd(8,2)): ext3_add_entry: bad entry in directory #49111: directory entry across blocks - offset=29332, inode=50572, rec_len=8212, name_len=10 Nov 11 21:44:52 zoe kernel: Unable to handle kernel NULL pointer dereference at virtual address Nov 11 21:44:52 zoe kernel: printing eip: Nov 11 21:44:52 zoe kernel: c0129320 Nov 11 21:44:52 zoe kernel: *pde = Nov 11 21:44:52 zoe kernel: Oops: 0002 Nov 11 21:44:52 zoe kernel: 3c59x usb-uhci usbcore ext3 jbd sym53c8xx sd_mod scsi_mod Nov 11 21:44:52 zoe kernel: CPU:0 Nov 11 21:44:52 zoe kernel: EIP:0010:[c0129320]Not tainted Nov 11 21:44:52 zoe kernel: EFLAGS: 00010246 File a bug report with Bugzilla on redhat's site. You hit some king of kernel error, likely in their ext3 code. -- \ \/ / _ |~\ _ In God We Trust. All Others Pay Cash. / \|\ /|+- | | The world is a comedy to those that think, / /\ \\_/| \/ ||__)|_|a tragedy to those who feel. - Horace Walpole -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Message in /var/log/messages
Can anybody tell me what this means: Nov 11 21:44:51 zoe kernel: EXT3-fs error (device sd(8,2)): ext3_add_entry: bad entry in directory #49111: directory entry across blocks - offset=29332, inode=50572, rec_len=8212, name_len=10 Nov 11 21:44:52 zoe kernel: Unable to handle kernel NULL pointer dereference at virtual address Nov 11 21:44:52 zoe kernel: printing eip: Nov 11 21:44:52 zoe kernel: c0129320 Nov 11 21:44:52 zoe kernel: *pde = Nov 11 21:44:52 zoe kernel: Oops: 0002 Nov 11 21:44:52 zoe kernel: 3c59x usb-uhci usbcore ext3 jbd sym53c8xx sd_mod scsi_mod Nov 11 21:44:52 zoe kernel: CPU:0 Nov 11 21:44:52 zoe kernel: EIP:0010:[c0129320]Not tainted Nov 11 21:44:52 zoe kernel: EFLAGS: 00010246 Nov 11 21:44:52 zoe kernel: Nov 11 21:44:53 zoe kernel: EIP is at truncate_list_pages [kernel] 0xb0 (2.4.18-17.7.x) Nov 11 21:44:53 zoe kernel: eax: ebx: c89dcd3c ecx: edx: c89dcd3c Nov 11 21:44:53 zoe kernel: esi: edi: ebp: c89d4d3c esp: cb429eb0 Nov 11 21:44:53 zoe kernel: ds: 0018 es: 0018 ss: 0018 Nov 11 21:44:53 zoe kernel: Process pickup (pid: 24618, stackpage=cb429000) Nov 11 21:44:53 zoe kernel: Stack: cb429f04 cfd77860 c89d4c80 cb429f10 c89d4c80 Nov 11 21:44:53 zoe kernel:cfd77860 cfd77860 d885ae54 cfd77860 d885ae65 d69e58c0 00f0 Nov 11 21:44:53 zoe kernel:0001 cb429f04 c89d4d34 c01294a9 c89d4c80 c1f9bc00 Nov 11 21:44:53 zoe kernel: Call Trace: [d885ae54] ext3_mark_iloc_dirty [ext3] 0x24 (0xcb429ed8)) Nov 11 21:44:53 zoe kernel: [d885ae65] ext3_mark_iloc_dirty [ext3] 0x35 (0xcb429ee0)) Nov 11 21:44:53 zoe kernel: [c01294a9] truncate_inode_pages [kernel] 0x49 (0xcb429f00)) Nov 11 21:44:53 zoe kernel: [d8864860] ext3_sops [ext3] 0x0 (0xcb429f10)) Nov 11 21:44:53 zoe kernel: [c014cce9] iput [kernel] 0xa9 (0xcb429f18)) Nov 11 21:44:53 zoe kernel: [d885ce8a] ext3_unlink [ext3] 0x1aa (0xcb429f30)) Nov 11 21:44:53 zoe kernel: [c014b1fc] d_delete [kernel] 0x4c (0xcb429f44)) Nov 11 21:44:53 zoe kernel: [c0144793] vfs_unlink [kernel] 0x153 (0xcb429f64)) Nov 11 21:44:53 zoe kernel: [c0144858] sys_unlink [kernel] 0x88 (0xcb429f88)) Nov 11 21:44:53 zoe kernel: [c0139583] sys_close [kernel] 0x43 (0xcb429fb0)) Nov 11 21:44:53 zoe kernel: [c0108943] system_call [kernel] 0x33 (0xcb429fc0)) Nov 11 21:44:53 zoe kernel: Nov 11 21:44:53 zoe kernel: Nov 11 21:44:53 zoe kernel: Code: 89 28 eb 0d 8b 03 89 68 04 89 45 00 89 5d 04 89 2b c7 44 24 Emmanuel -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Unknown arg --log-prefix /var/log/firewall
Anything after --log-prefix must be in quotes if you want to use special characters that can be interpreted or spaces. It places this text after the hostname in /var/log/messages (You should also put a space before the final to separate it from the next data value). If you want a different file location other than /var/log/messages, you need to alter /etc/syslog.conf as described earlier, using --log-level 6 (for info level)or whatever. Regards, Peter On Thu, 2002-10-24 at 11:14, Michael Schwendt wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 21 Oct 2002 17:58:40 -0700, Jack Bowling wrote: On Mon, Oct 21, 2002 at 11:05:52AM +0200, linux power wrote: Unknown arg --log-prefix /var/log/firewall Thats what I get in iptables -L when I use -j LOG --log-prefix /var/log/firewall and want to log outgoing unwanted signals. Any idea how to turn logging on. I'm sure somebody posted this yesterday but you still don't seem to get it. The error message is telling you the truth: /var/log/firewall is*not* a valid argument to --log-prefix. It is a valid argument. /var/log/firewall is simply used as the text string prefix in log messages. But order does matter: # iptables -I INPUT -j LOG --log-prefix /var/log/firewall # iptables sees the LOG and knows it must used the LOG extension module. The example above is equal. Hence I thought the error must be somewhere else. # iptables -I INPUT --log-prefix /var/log/firewall -j LOG iptables v1.2.5: Unknown arg --log-prefix' Try iptables -h' or 'iptables --help' for more information. # the --log-prefix switch is there so you can add some text to the packet header to help you identify various packets. It is not there to redirect output to a separate log file. - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE9t7nt0iMVcrivHFQRAsIVAJ42FkUwTrtNt/B32LsrPOZUcyuZaACdHeSe uMat4NVKovPvwW35dkbzktA= =prfO -END PGP SIGNATURE- -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Unknown arg --log-prefix /var/log/firewall
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25 Oct 2002 12:43:52 +0200, root wrote: Anything after --log-prefix must be in quotes if you want to use special characters that can be interpreted or spaces. But in this thread it's --log-prefix /var/log/messages which doesn't need any quotes. It places this text after the hostname in /var/log/messages (You should also put a space before the final to separate it from the next data value). If you want a different file location other than /var/log/messages, you need to alter /etc/syslog.conf as described earlier, using --log-level 6(for info level)or whatever. Or look at the ULOG extension and the userspace logging daemon. - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE9uSms0iMVcrivHFQRAlIrAJ9yOUM70i84geG2b8VcjoG3rRyeVwCeJH9v kYiUr+XPckb+TYYk8WiYaAc= =WON9 -END PGP SIGNATURE- -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Unknown arg --log-prefix /var/log/firewall
I've just tried that and I agree. I can't get it to break without the quotation marks... Thanx. Peter On Fri, 2002-10-25 at 13:23, Michael Schwendt wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25 Oct 2002 12:43:52 +0200, root wrote: Anything after --log-prefix must be in quotes if you want to use special characters that can be interpreted or spaces. But in this thread it's --log-prefix /var/log/messages which doesn't need any quotes. It places this text after the hostname in /var/log/messages (You should also put a space before the final to separate it from the next data value). If you want a different file location other than /var/log/messages, you need to alter /etc/syslog.conf as described earlier, using --log-level 6(for info level)or whatever. Or look at the ULOG extension and the userspace logging daemon. - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE9uSms0iMVcrivHFQRAlIrAJ9yOUM70i84geG2b8VcjoG3rRyeVwCeJH9v kYiUr+XPckb+TYYk8WiYaAc= =WON9 -END PGP SIGNATURE- -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Unknown arg --log-prefix /var/log/firewallSOLVED
Thanks all folks. Now its solved by reinstalling iptables and reboot. --- Michael Schwendt [EMAIL PROTECTED] skrev: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 25 Oct 2002 12:43:52 +0200, root wrote: Anything after --log-prefix must be in quotes if you want to use special characters that can be interpreted or spaces. But in this thread it's --log-prefix /var/log/messages which doesn't need any quotes. It places this text after the hostname in /var/log/messages (You should also put a space before the final to separate it from the next data value). If you want a different file location other than /var/log/messages, you need to alter /etc/syslog.conf as described earlier, using --log-level 6(for info level)or whatever. Or look at the ULOG extension and the userspace logging daemon. - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE9uSms0iMVcrivHFQRAlIrAJ9yOUM70i84geG2b8VcjoG3rRyeVwCeJH9v kYiUr+XPckb+TYYk8WiYaAc= =WON9 -END PGP SIGNATURE- -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list = http://home.no.net/~knutove/knut_ove_hauge_kuren.htm __ Se den nye Yahoo! Mail på http://no.yahoo.com/ Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Unknown arg --log-prefix /var/log/firewall
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 21 Oct 2002 17:58:40 -0700, Jack Bowling wrote: On Mon, Oct 21, 2002 at 11:05:52AM +0200, linux power wrote: Unknown arg --log-prefix /var/log/firewall Thats what I get in iptables -L when I use -j LOG --log-prefix /var/log/firewall and want to log outgoing unwanted signals. Any idea how to turn logging on. I'm sure somebody posted this yesterday but you still don't seem to get it. The error message is telling you the truth: /var/log/firewall is*not* a valid argument to --log-prefix. It is a valid argument. /var/log/firewall is simply used as the text string prefix in log messages. But order does matter: # iptables -I INPUT -j LOG --log-prefix /var/log/firewall # iptables sees the LOG and knows it must used the LOG extension module. The example above is equal. Hence I thought the error must be somewhere else. # iptables -I INPUT --log-prefix /var/log/firewall -j LOG iptables v1.2.5: Unknown arg --log-prefix' Try iptables -h' or 'iptables --help' for more information. # the --log-prefix switch is there so you can add some text to the packet header to help you identify various packets. It is not there to redirect output to a separate log file. - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE9t7nt0iMVcrivHFQRAsIVAJ42FkUwTrtNt/B32LsrPOZUcyuZaACdHeSe uMat4NVKovPvwW35dkbzktA= =prfO -END PGP SIGNATURE- -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Unknown arg --log-prefix /var/log/firewall
Ok. That explain a little. But the -j LOG statement doesent work for any of the options available. I get Unknown Argument for both --log-prefix and --limit Jack Bowling [EMAIL PROTECTED] wrote: On Mon, Oct 21, 2002 at 11:05:52AM +0200, linux power wrote: Unknown arg --log-prefix /var/log/firewall Thats what I get in iptables -L when I use -j LOG --log-prefix /var/log/firewall and want to log outgoing unwanted signals. Any idea how to turn logging on.I'm sure somebody posted this yesterday but you still don't seem to getit. The error message is telling you the truth: /var/log/firewall is*not* a valid argument to --log-prefix. the --log-prefix switch is thereso you can add some text to the packet header to help you identifyvarious packets. It is not there to redirect output to a separate logfile.-- Jack Bowlingmailto: [EMAIL PROTECTED]-- redhat-list mailing listunsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribehttps://listman.redhat.com/mailman/listi! nfo/redhat-listhttp://home.no.net/~knutove/knut_ove_hauge_kuren.htmYahoo! Mail har fått nytt utseende Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok
Re: Unknown arg --log-prefix /var/log/firewall
On Mon, Oct 21, 2002 at 11:05:52AM +0200, linux power wrote: Unknown arg --log-prefix /var/log/firewall Thats what I get in iptables -L when I use -j LOG --log-prefix /var/log/firewall and want to log outgoing unwanted signals. Any idea how to turn logging on. I'm sure somebody posted this yesterday but you still don't seem to get it. The error message is telling you the truth: /var/log/firewall is *not* a valid argument to --log-prefix. the --log-prefix switch is there so you can add some text to the packet header to help you identify various packets. It is not there to redirect output to a separate log file. -- Jack Bowling mailto: [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Unknown arg --log-prefix /var/log/firewall
Actually I never had anything in /var/log/firewall. The printout of your rpm command is. [roo[root@localhost bin]# rpm -V iptables kernel-'uname -r' S.5T /lib/iptables/libipt_LOG.so package kernel-uname -r is not installed. --- Gordon Messmer [EMAIL PROTECTED] skrev: On Mon, 2002-10-21 at 22:28, linux power wrote: iptables -N firewall iptables -A firewall -m limit --limit 15/minute -j LOG --log-prefix /var/log/firewall That will fail on older iptables versions, where the maximum length of the log-prefix is 14 characters. The log-prefix isn't a file or directory where messages are logged, it's a message that appears at the beginning of every entry that's logged *in syslog* because of that rule. Those exact commands worked on a RHL 8.0 machine on which I tested. What versions of iptables and kernel do you have installed? Does rpm report any size or md5 differences when you do: rpm -V iptables kernel-`uname -r` iptables -A firewall -j DROP And the dir /var/log/firewall excist. It has worked before this way. If you had messages in /var/log/firewall, then you'd set up syslog to do so. The kernel's packet filters (whether ipchains or iptables) always logs through syslog, never directly to files. -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list = http://home.no.net/~knutove/knut_ove_hauge_kuren.htm __ Se den nye Yahoo! Mail på http://no.yahoo.com/ Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Unknown arg --log-prefix /var/log/firewall
On Tue, 2002-10-22 at 01:58, linux power wrote: Actually I never had anything in /var/log/firewall. The printout of your rpm command is. [roo[rootlocalhost bin]# rpm -V iptables kernel-'uname -r' S.5T /lib/iptables/libipt_LOG.so package kernel-uname -r is not installed. the kernel-`uname -r` entry should be with backticks (same key as the ~ on most keyboards) it is a command the asks what is the kernel revision [bhughesbru1 bhughes]$ uname -r 2.4.9-31 [bhughesbru1 bhughes]$ rpm -V kernel-`uname -r` .M.. /dev/shm [bhughesbru1 bhughes]$ rpm -V iptables [bhughesbru1 bhughes]$ try the command with the backticks and post the results. Now I am VERY concerned that your iptables shows that a library file has been changed. Especially one that has LOG in the name. It will be interesting to see what Gordon thinks. He knows FAR more about this stuff than I. HTH Bret -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Unknown arg --log-prefix /var/log/firewall
Ok. Here it is. [knut@localhost knut]$ rpm -V kernel-`uname -r` .M.. /dev/shm [knut@localhost knut]$ rpm -V iptables S.5T /lib/iptables/libipt_LOG.so [knut@localhost knut]$ --- Bret Hughes [EMAIL PROTECTED] skrev: On Tue, 2002-10-22 at 01:58, linux power wrote: Actually I never had anything in /var/log/firewall. The printout of your rpm command is. [roo[root@localhost bin]# rpm -V iptables kernel-'uname -r' S.5T /lib/iptables/libipt_LOG.so package kernel-uname -r is not installed. the kernel-`uname -r` entry should be with backticks (same key as the ~ on most keyboards) it is a command the asks what is the kernel revision [bhughes@bru1 bhughes]$ uname -r 2.4.9-31 [bhughes@bru1 bhughes]$ rpm -V kernel-`uname -r` .M.. /dev/shm [bhughes@bru1 bhughes]$ rpm -V iptables [bhughes@bru1 bhughes]$ try the command with the backticks and post the results. Now I am VERY concerned that your iptables shows that a library file has been changed. Especially one that has LOG in the name. It will be interesting to see what Gordon thinks. He knows FAR more about this stuff than I. HTH Bret -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list = http://home.no.net/~knutove/knut_ove_hauge_kuren.htm __ Se den nye Yahoo! Mail på http://no.yahoo.com/ Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Unknown arg --log-prefix /var/log/firewall
Yes I started iptables again. --- Thomas Ribbrock [EMAIL PROTECTED] skrev: On Mon, Oct 21, 2002 at 03:44:35PM +0200, linux power wrote: No I get invalid --log-level There is something wrong with the -j LOG statement.I dont accept any options. It became like this after I think I got hacked. Did you reinstall? Cheerio, Thomas P.S.: Please delete unnecessary quotes from your mails - makes for a lot easier reading. Thanks! -- http://www.netmeister.org/news/learn2quote.html ...'cause only lusers quote signatures! Thomas Ribbrock | http://www.ribbrock.org | ICQ#: 15839919 You have to live on the edge of reality - to make your dreams come true! -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list = http://home.no.net/~knutove/knut_ove_hauge_kuren.htm __ Se den nye Yahoo! Mail på http://no.yahoo.com/ Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Unknown arg --log-prefix /var/log/firewall
Ok thats a lot of work. I'll see what I do if I think I got visited again. --- Bret Hughes [EMAIL PROTECTED] skrev: On Mon, 2002-10-21 at 13:06, linux power wrote: Yes I started iptables again. I think what he was asking is did you reinstall redhat on your box? The only safe way to recover from a hacked box is to start from bare metal and reinstall. A lot of the issues you are experiencing could come from a hackers attempt to create back doors and avoid detection by replacing programs that could detect him or keep him out. Bret -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list = http://home.no.net/~knutove/knut_ove_hauge_kuren.htm __ Se den nye Yahoo! Mail på http://no.yahoo.com/ Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Unknown arg --log-prefix /var/log/firewall
At 23:22 21.10.2002, linux power said: [snip] Ok thats a lot of work. I'll see what I do if I think I got visited again. [snip] hmm - well, if you think you already _got_ visited you should rather think what you do _now_, I mean when to reinstall your box from scratch - it shouldn't be _that_ pain, it's no Win2K, after all. *g* O Ernest E. Vogelsinger (\)ICQ# 13394035 ^ -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Unknown arg --log-prefix /var/log/firewall
On Mon, 2002-10-21 at 13:06, linux power wrote: Yes I started iptables again. I think what he was asking is did you reinstall redhat on your box? The only safe way to recover from a hacked box is to start from bare metal and reinstall. A lot of the issues you are experiencing could come from a hackers attempt to create back doors and avoid detection by replacing programs that could detect him or keep him out. Bret -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Unknown arg --log-prefix /var/log/firewall
Unknown arg --log-prefix /var/log/firewall Thats what I get in iptables -L when I use -j LOG --log-prefix /var/log/firewall and want to log outgoing unwanted signals. Any idea how to turn logging on. = http://home.no.net/~knutove/knut_ove_hauge_kuren.htm __ Se den nye Yahoo! Mail på http://no.yahoo.com/ Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Unknown arg --log-prefix /var/log/firewall
This is what I use to get kernel logging turned on in iptables: iptables -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level notice --log-prefix Netfilter in: Use syslog.conf to determine where the output of the log will go, e.g. kern.notice;kern.!warning /var/log/firewall # This will log priority notice only into /var/log/firewall, warning and above will not get sent there # look to other rules to determine where they go. # Also look to dmesg -n 4 to limit err priority and above only being sent to /dev/console This is a bit kludgey as you will get other notice level logs going into /var/log/firewall, anybody else got a better idea?? Best regards, Vaughan On Monday, October 21, 2002 7:06 PM, linux power [SMTP:[EMAIL PROTECTED]] wrote: Unknown arg --log-prefix /var/log/firewall Thats what I get in iptables -L when I use -j LOG --log-prefix /var/log/firewall and want to log outgoing unwanted signals. Any idea how to turn logging on. = http://home.no.net/~knutove/knut_ove_hauge_kuren.htm __ Se den nye Yahoo! Mail pa http://no.yahoo.com/ Nytt design, enklere a bruke, alltid tilgang til Adressebok, Kalender og Notisbok -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Unknown arg --log-prefix /var/log/firewall
Again: you weren't hacked, you're just using the option wrong. Post the command you're trying to use this time and the error message it prints, and we can help you figure out exactly what's wrong. On Mon, 2002-10-21 at 06:44, linux power wrote: No I get invalid --log-level There is something wrong with the -j LOG statement.I dont accept any options. It became like this after I think I got hacked. --- Vaughan Roberts [EMAIL PROTECTED] skrev: This is what I use to get kernel logging turned on in iptables: iptables -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level notice --log-prefix Netfilter in: -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Unknown arg --log-prefix /var/log/firewall
iptables -N firewall iptables -A firewall -m limit --limit 15/minute -j LOG --log-prefix /var/log/firewall iptables -A firewall -j DROP And the dir /var/log/firewall excist. It has worked before this way. --- Gordon Messmer [EMAIL PROTECTED] skrev: Again: you weren't hacked, you're just using the option wrong. Post the command you're trying to use this time and the error message it prints, and we can help you figure out exactly what's wrong. On Mon, 2002-10-21 at 06:44, linux power wrote: No I get invalid --log-level There is something wrong with the -j LOG statement.I dont accept any options. It became like this after I think I got hacked. --- Vaughan Roberts [EMAIL PROTECTED] skrev: This is what I use to get kernel logging turned on in iptables: iptables -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level notice --log-prefix Netfilter in: -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list = http://home.no.net/~knutove/knut_ove_hauge_kuren.htm __ Se den nye Yahoo! Mail på http://no.yahoo.com/ Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Unknown arg --log-prefix /var/log/firewall
On Mon, 2002-10-21 at 22:28, linux power wrote: iptables -N firewall iptables -A firewall -m limit --limit 15/minute -j LOG --log-prefix /var/log/firewall That will fail on older iptables versions, where the maximum length of the log-prefix is 14 characters. The log-prefix isn't a file or directory where messages are logged, it's a message that appears at the beginning of every entry that's logged *in syslog* because of that rule. Those exact commands worked on a RHL 8.0 machine on which I tested. What versions of iptables and kernel do you have installed? Does rpm report any size or md5 differences when you do: rpm -V iptables kernel-`uname -r` iptables -A firewall -j DROP And the dir /var/log/firewall excist. It has worked before this way. If you had messages in /var/log/firewall, then you'd set up syslog to do so. The kernel's packet filters (whether ipchains or iptables) always logs through syslog, never directly to files. -- redhat-list mailing list unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Strange /var/log/messages LOG Hack attempt?
On 7/12/02 12:49 PM, Nicolae [EMAIL PROTECTED] wrote: I have this in my message log and I haven't had this happen before. Any input on this.. Jul 11 11:48:15 myhost rpc.statd[807]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^ [÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n\220\220\220\2 20\220\220\220\220\220\220\ 220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\ 220\220\220\220\220\220\220 \220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220 \220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\220\220\220\220\220\220\ 220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\ 220\220\220\220\220\220\22 I know on httpd logs what these are: 200.184.174.XXX - - [10/Jul/2002:16:24:37 -0700] GET /default.ida?NNN NN NNN%u9 090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9 090%u9090%u8 190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u%u00=a HTTP/1.0 400 322 - - That makes me feel so good; that I am not running windows. Although the question was / wondering why did I get the first odd looking log on my /var/log/messages Looks like code red II. You get that line in /var/log/messages because the address was faked (or overloaded, etc.) and your machine tried to do DNS resolution. -- Ed Marczak [EMAIL PROTECTED] ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Strange /var/log/messages LOG Hack attempt?
I have this in my message log and I haven't had this happen before. Any input on this.. Jul 11 11:48:15 myhost rpc.statd[807]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^ [÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n\220\220\220\2 20\220\220\220\220\220\220\ 220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\ 220\220\220\220\220\220\220 \220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220 \220\220\220\220\220\220\22 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 0\220\220\220\220\220\220\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\220\220\220\220\220\220\ 220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\ 220\220\220\220\220\220\22 I know on httpd logs what these are: 200.184.174.XXX - - [10/Jul/2002:16:24:37 -0700] GET /default.ida?NNN NN NNN%u9 090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9 090%u9090%u8 190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u%u00=a HTTP/1.0 400 322 - - That makes me feel so good; that I am not running windows. Although the question was / wondering why did I get the first odd looking log on my /var/log/messages ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
/var/log
Hi all I am using RH 7.2 After using the syslog to receive the logs from other servers, the files, message, maillog are not automatically generated to message.1, message.2 when the files become bigger How can I make it same as before. Thank you ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log
On Sun, May 19, 2002 at 04:21:52PM -0400, [EMAIL PROTECTED] wrote: After using the syslog to receive the logs from other servers, the files, message, maillog are not automatically generated to message.1, message.2 when the files become bigger Logfiles are rotated on a weekly basis, by default. You can rotate them more often or on a per-size basis but you'll need to change /etc/logrotate/syslog to do that. The logrotate manpage explains it very well. Emmanuel ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log
the suffixing looks like a logrotate thing :) On Sun, 19 May 2002 [EMAIL PROTECTED] wrote: Hi all I am using RH 7.2 After using the syslog to receive the logs from other servers, the files, message, maillog are not automatically generated to message.1, message.2 when the files become bigger How can I make it same as before. Thank you ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list -- ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
/var/log/messages - was errors Re: how to read strace?
On Tue, 2002-04-23 at 00:59, Gordon Messmer wrote: On Mon, 2002-04-22 at 13:49, Bret Hughes wrote: I have some strange happenings on one of my machines this morning looking around I found that one repeatebale symtom is that cat coredumps everytime it runs. I am no c coder so if anyone can give me a tip as to what might be screwing up I would appreciate it. Here is an strace [root@ele3c display]# strace cat running ... open(/lib/i686/libc.so.6, O_RDONLY) = 3 ... old_mmap(0x4014f000, 14120, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANON YMOUS, -1, 0) = 0x4014f000 close(3)= 0 --- SIGSEGV (Segmentation fault) --- +++ killed by SIGSEGV +++ OK, so cat segfaults immediately after loading the i686 glibc. So, have you recently changed kernels? If so, did you install an i686 arch kernel? Or maybe you loaded glibc-...i686 on a non-i686 machine? Or maybe it's the reason so many mysterious things happen... and the machine was hacked and modified. OK I see that , thanks. No upgrades. but this is running on a duron. A reboot fixed the cat problem but problems still exist. From /var/log/messages yesterday: Apr 22 08:57:04 ele3c kernel: memory.c:83: bad pmd 0040. Apr 22 08:57:05 ele3c kernel: Kernel logging (proc) stopped. Apr 22 08:57:05 ele3c kernel: Kernel log daemon terminating. This is when I rebooted. had problems (different) again tonight Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga Apr 23 00:02:56 ele3c kernel: Unused swap offset entry in swap_dup 0040 Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga Apr 23 00:02:56 ele3c kernel: Unused swap offset entry in swap_dup 0040 Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga Apr 23 00:02:57 ele3c kernel: VM: Bad swap entry 0040 Apr 23 03:59:25 ele3c kernel: attempt to access beyond end of device Apr 23 03:59:25 ele3c kernel: 03:09: rw=0, want=4440444, limit=257008 Apr 23 03:59:25 ele3c kernel: attempt to access beyond end of device Apr 23 03:59:25 ele3c kernel: 03:09: rw=0, want=4440444, limit=257008 Apr 23 04:57:29 ele3c kernel: Kernel logging (proc) stopped. Apr 23 04:57:29 ele3c kernel: Kernel log daemon terminating. This looks bad. If I understand this correctly device 03:09 is /dev/hda9. That is my / partition. [root@ele3c log]# mount /dev/hda9 on / type ext2 (rw) none on /proc type proc (rw) usbdevfs on /proc/bus/usb type usbdevfs (rw) /dev/hda1 on /boot type ext2 (rw) /dev/hda6 on /home type ext2 (rw,sync) /dev/hda10 on /tmp type ext2 (rw) /dev/hda5 on /usr type ext2 (rw) /dev/hda7 on /var type ext2 (rw,sync) none on /dev/pts type devpts (rw,gid=5,mode=620) automount(pid521) on /misc type autofs (rw,fd=5,pgrp=521,minproto=2,maxproto=3) [root@ele3c log]# fdisk -l Disk /dev/hda: 255 heads, 63 sectors, 2434 cylinders Units = cylinders of 16065 * 512 bytes Device BootStart EndBlocks Id System /dev/hda1 * 1 5 40131 83 Linux /dev/hda2 6 2434 19510942+ 5 Extended /dev/hda5 6 325 2570368+ 83 Linux /dev/hda6 326 645 2570368+ 83 Linux /dev/hda7 646 773 1028128+ 83 Linux /dev/hda8 774 838522081 82 Linux swap /dev/hda9 839 870257008+ 83 Linux /dev/hda10 871 902257008+ 83 Linux Hmmm. I wonder if this has been going on for awhile? [root@ele3c log]# grep 'memory.c' /var/log/messages* /var/log/messages:Apr 22 08:57:04 ele3c kernel: memory.c:83: bad pmd 0040. /var/log/messages.1:Apr 20 09:05:13 ele3c kernel: memory.c:83: bad pmd 0040. [root@ele3c log]# grep 'attempt' /var/log/messages* /var/log/messages:Apr 23 03:59:25 ele3c kernel: attempt to access beyond end of device /var/log/messages:Apr 23 03:59:25 ele3c kernel: attempt to access beyond end of device [root@ele3c log]# grep 'VM' /var/log/messages* /var/log/messages:Apr 22 02:05:09 ele3c kernel: VM: Bad swap entry 0040 /var/log/messages:Apr 22 07:51:30 ele3c kernel: VM: Bad swap entry 0040 /var/log/messages:Apr 22 12:05:08 ele3c kernel: VM: Bad swap entry 0040 /var/log/messages:Apr 23 00:02:53 ele3c kernel: VM: Bad swap entry 0040 /var/log/messages:Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga /var/log/messages:Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga /var/log/messages:Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga /var/log/messages:Apr 23 00:02:57 ele3c kernel: VM: Bad swap entry 0040 /var/log/messages.1:Apr 19 08:05:15 ele3c kernel: VM: Bad swap entry 0040 Seems like there is something began to happen on Apr 19. I wonder if there was a power failure or something? [root@ele3c log]# grep 'Apr 19' boot.log* boot.log.1:Apr 19 04:02:52 ele3c ntpd: ntpd shutdown succeeded boot.log.1:Apr 19 04:02:52 ele3c ntpd: succeeded boot.log.1:Apr 19 04:02
Re: /var/log/messages - was errors Re: how to read strace?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 23 April 2002 07:18 am, Bret Hughes wrote: A reboot fixed the cat problem but problems still exist. [snip] had problems (different) again tonight Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga Apr 23 00:02:56 ele3c kernel: Unused swap offset entry in swap_dup 0040 Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga Apr 23 00:02:56 ele3c kernel: Unused swap offset entry in swap_dup 0040 Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga Apr 23 00:02:57 ele3c kernel: VM: Bad swap entry 0040 Apr 23 03:59:25 ele3c kernel: attempt to access beyond end of device Apr 23 03:59:25 ele3c kernel: 03:09: rw=0, want=4440444, limit=257008 Apr 23 03:59:25 ele3c kernel: attempt to access beyond end of device Apr 23 03:59:25 ele3c kernel: 03:09: rw=0, want=4440444, limit=257008 Apr 23 04:57:29 ele3c kernel: Kernel logging (proc) stopped. Apr 23 04:57:29 ele3c kernel: Kernel log daemon terminating. [snip] Any Ideas any one? Is this a hardware issue of some sort? Best guess? Yes. I suspect a dying hard drive, or a bad memory module. - -- - -Michael pgp key: http://www.tuxfan.homeip.net:8080/gpgkey.txt Red Hat Linux 7.2 in 8M of RAM: http://www.rule-project.org/ - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjzFTDQACgkQn/07WoAb/StmXwCfYKHmadLQ+eD/rj/at3344Fbu 9CcAoLNbpPrMXz3YBkigBjJ8j5ms2l4K =IvVO -END PGP SIGNATURE- ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: /var/log/messages - was errors Re: how to read strace?
On Tue, 2002-04-23 at 04:57, Michael Fratoni wrote: Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga Apr 23 00:02:56 ele3c kernel: Unused swap offset entry in swap_dup 0040 Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga Apr 23 00:02:56 ele3c kernel: Unused swap offset entry in swap_dup 0040 Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga Apr 23 00:02:57 ele3c kernel: VM: Bad swap entry 0040 [snip] Any Ideas any one? Is this a hardware issue of some sort? Best guess? Yes. I suspect a dying hard drive, or a bad memory module. Both of those seem reasonable. You can do a basic check of the drive with: badblocks -v /dev/hda If that comes up clean, you should probably run memtest86. Downside to this is that you'll have to reboot and be offline during the test. signature.asc Description: This is a digitally signed message part
message in /var/log/messages
What does this mean: jochen fam[1625]: fd 6 write error: Broken pipe -- Jochen ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Interpreting /var/log/messages
Thanks Ray http://www.ccux.com/firewall-seen.shtml This page gives a great deal of information. - Original Message - From: Ray Curtis [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 19, 2002 7:45 PM Subject: Re: Interpreting /var/log/messages m == manzabar [EMAIL PROTECTED] writes: m I'm looking for a website that will allow me to past in messages from this m log file that contain information logged by iptables, so that it turns m stuff like this: m Mar 18 19:56:27 c896765-a kernel: IN=eth0 OUT= m MAC=01:00:5e:00:00:01:00:20:40:6a:4d:1b:08:00 SRC=192.168.100.1 m DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 m Into something that is a bit more readable. I know there have been links m posted previously, but I had no luck searching the archives and I lost the m links in one of my last system upgrades. Any help is greatly appreciated! http://www.ccux.com/firewall-seen.shtml -- Ray Curtis mailto:[EMAIL PROTECTED] http://www.ccux.com ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Interpreting /var/log/messages
Sorry for the double-post, I was getting a message back that my e-mail had bounced. Mark McKibben [EMAIL PROTECTED] http://www.avalon.net/~manzabar ICQ# 8476502 Experience is that marvelous thing that enables you recognize a mistake when you make it again. - Unknown ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list