subject:"\/var\/log"

Re: Permission changing for /var/log/httpd

2016-06-03 Thread Jonathan Billings

On Fri, Jun 03, 2016 at 08:02:21PM +, Yong Huang wrote:
> If logrotate (as Mark suggested) did not do it, you can use
> SystemTap to do this sort of things. There are sample scripts on the
> Internet that monitor file permission change. 
> Maybe these
>help:https://www.sourceware.org/systemtap/SystemTap_Beginners_Guide/inodewatch2sect.html
>  
> https://lwn.net/Articles/271796/

You can also do this with auditd and auditctl, which is a bit simpler
to set up.

https://www.redhat.com/archives/linux-audit/2013-September/msg00057.html

This is an example.

-- 
Jonathan Billings 
College of Engineering - CAEN - Unix and Linux Support

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-requ...@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Re: Permission changing for /var/log/httpd

2016-06-03 Thread Yong Huang

If logrotate (as Mark suggested) did not do it, you can use SystemTap to do 
this sort of things. There are sample scripts on the Internet that monitor file 
permission change.
Maybe these 
help:https://www.sourceware.org/systemtap/SystemTap_Beginners_Guide/inodewatch2sect.html
https://lwn.net/Articles/271796/

Yong
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-requ...@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Re: Permission changing for /var/log/httpd

2016-06-03 Thread Tom Ekberg

That was a good guess, but the logrotate setting for httpd says:

  create 640 root adm

The other 3 create lines in /etc/logrotate.d/ are for other log files.

Tom Ekberg

From: m.r...@5-cent.us
To: "General Red Hat Linux discussion list" <redhat-list@redhat.com>
Subject: Re: Permission changing for /var/log/httpd
Message-ID:
<306c4036d45edc3036a876df868edf9b.squir...@host290.hostmonster.com>
Content-Type: text/plain;charset=utf-8

Tom Ekberg wrote:
I have a non-root cron job that needs to look at files in /var/log/httpd
and transfer them (scp) to another host. That user is a member of group
adm and I changed the ownership of /var/log/httpd to root:adm and set
permissions to 750. This works file as the cron job can read the files.
The problem is that once a month some process changes the ownership of
this directory to root:root and permissions to 700. I looked at the audit
logs and can see this happen but I have no idea what process is doing
this. I looked at /etc/cron.monthly and there is only one entry that
doesn't appear to cause that. Do you happen to know what process changes
the ownership and permission of /var/log/httpd?

Mark Added:
Possibly the log rotation.

  mark

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-requ...@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Re: Permission changing for /var/log/httpd

2016-06-02 Thread m . roth

Tom Ekberg wrote:
> I have a non-root cron job that needs to look at files in /var/log/httpd
> and transfer them (scp) to another host. That user is a member of group
> adm and I changed the ownership of /var/log/httpd to root:adm and set
> permissions to 750. This works file as the cron job can read the files.
> The problem is that once a month some process changes the ownership of
> this directory to root:root and permissions to 700. I looked at the audit
> logs and can see this happen but I have no idea what process is doing
> this. I looked at /etc/cron.monthly and there is only one entry that
> doesn't appear to cause that. Do you happen to know what process changes
> the ownership and permission of /var/log/httpd?
>
Possibly the log rotation.

  mark

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-requ...@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Permission changing for /var/log/httpd

2016-06-02 Thread Tom Ekberg

I have a non-root cron job that needs to look at files in /var/log/httpd and 
transfer them (scp) to another host. That user is a member of group adm and I 
changed the ownership of /var/log/httpd to root:adm and set permissions to 750. 
This works file as the cron job can read the files. The problem is that once a 
month some process changes the ownership of this directory to root:root and 
permissions to 700. I looked at the audit logs and can see this happen but I 
have no idea what process is doing this. I looked at /etc/cron.monthly and 
there is only one entry that doesn't appear to cause that. Do you happen to 
know what process changes the ownership and permission of /var/log/httpd?

Tom Ekberg
Senior Computer Specialist, Lab Medicine
University of Washington Medical Center
1959 NE Pacific St, MS 357110
Seattle WA 98195
work: (206) 598-8544
email: tekb...@uw.edu


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-requ...@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

/var/log/secure messages?

2003-09-25 Thread Robert C. Paulsen Jr.

I see the following in /var/log/secure. Can anyone tell me what this
means?  They are not always paired up like this. I often see the second
message without the first.

Sep 22 15:27:59 avalon sshd[4643]: scanned from 69.44.57.202 with 
SSH-1.0-SSH_Version_Mapper.  Don't panic.
Sep 22 15:27:59 avalon sshd[4642]: Did not receive identification string from 
69.44.57.202

-- 
Robert C. Paulsen, Jr.
[EMAIL PROTECTED]


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/secure messages?

2003-09-25 Thread Goncalo


 I see the following in /var/log/secure. Can anyone tell me what this
 means?  They are not always paired up like this. I often see the second
 message without the first.

 Sep 22 15:27:59 avalon sshd[4643]: scanned from 69.44.57.202 with
 SSH-1.0-SSH_Version_Mapper.  Don't panic. Sep 22 15:27:59 avalon
 sshd[4642]: Did not receive identification string from 69.44.57.202


Hello.

Google for with SSH-1.0-SSH_Version_Mapper.  Don't panic. (with quotes)
and check the first 3 results.

Regards
Goncalo


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

/var/log/message error question

2003-09-01 Thread cajun

Hi all,

Was wondering if anyone has ever seen something like this in there 
message log file:

*Aug 31 05:28:56 localhost pppoe[7106]: Inactivity timeout... something 
wicked happened on session 40919*

I am running RH9 with all of the latest updates.  I have a DSL 
connection setup and have 2 windozes PC hooked up using the Linux Box as 
a gateway for them to reach the net.  Is this something that is 
happening from my ISP?  Thanks for any info that would help explain this.

Lee Perez

--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/message error question

2003-09-01 Thread Mark Neidorff

I'm assuming that you are running rp-pppoe for your pppoe connection. I 
recently switched to britsys.net ('cause they give me a static ip for 
very little more than I was paying for dynamic) so I don't use pppoe 
anymore, but that error means that the connection was dropped for 
inactivity (something wicked). 

Mark 

On Mon, 1 Sep 2003, cajun wrote:

 Hi all,
 
 Was wondering if anyone has ever seen something like this in there 
 message log file:
 
 *Aug 31 05:28:56 localhost pppoe[7106]: Inactivity timeout... something 
 wicked happened on session 40919*
 
 I am running RH9 with all of the latest updates.  I have a DSL 
 connection setup and have 2 windozes PC hooked up using the Linux Box as 
 a gateway for them to reach the net.  Is this something that is 
 happening from my ISP?  Thanks for any info that would help explain this.
 
 Lee Perez
 
 
 



-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Jason Dixon

On Sun, 2003-08-24 at 18:56, Rodolfo J. Paiz wrote:
 At 8/23/2003 10:13 +0200, you wrote:
 The problem with your WAV files is not that they contain sparse
 blocks. If they did, they would not sound good, because you would hear
 every blank block. And since they are listed as 20 times the original
 size, you would hear a lot of silence, and each of them would play
 for several hours. ;) But as you've mentioned, two arbitrary 1GB
 songs still sound good.
 
 Just out of curiousity, what do you get when you gzip such a huge
 file, transfer it to another machine and gunzip it?
 
 Sorry to take so long to respond.
 
 Didn't have another Linux machine at hand, so I gzipped it (took all of six 
 seconds) and transferred the compressed file (down from 1.18GB to an 
 expected 53MB) to another drive. Gunzipping the file resulted again in a 
 1.18GB file.
 
 Color me baffled.

Sorry, I'm joining this thread way after the fact.  The only thing I'll
mention is that I *have* seen certain applications zero out a very large
filesize in preparation for filling up that space with a series of
chunks.  Bit-torrent is the *perfect* example of that.  Say you start to
download a 500M ISO image.  It breaks it into chunks so it can perform
parallel downloads from multiple clients.  Even though the total
download at any one time may only be a fraction of that size, the file
is reserved at its maximum size.  I don't know how it does it, but it
does.  :)

Does this sound like a possibility?

-- 
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Michael Schwendt

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, 24 Aug 2003 16:56:52 -0600, Rodolfo J. Paiz wrote:

  The problem with your WAV files is not that they contain sparse
  blocks. If they did, they would not sound good, because you would hear
  every blank block. And since they are listed as 20 times the original
  size, you would hear a lot of silence, and each of them would play
  for several hours. ;) But as you've mentioned, two arbitrary 1GB
  songs still sound good.
 
  Just out of curiousity, what do you get when you gzip such a huge
  file, transfer it to another machine and gunzip it?
 
 Sorry to take so long to respond.
 
 Didn't have another Linux machine at hand, so I gzipped it (took all of six 
 seconds) and transferred the compressed file (down from 1.18GB to an 
 expected 53MB) to another drive. Gunzipping the file resulted again in a 
 1.18GB file.
 
 Color me baffled.

Okay. What else can you report about the integrity of the WAV files?
When you load them into a somewhat capable audio player, is the
displayed playtime correct? In that case, the internal file size in
the WAV header would be correct. What do you see at the end of the
files when you display them in a hex-editor (e.g. khexedit)? Could it
be that they have ~1 GiB of zeroes at the end?

- -- 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/SUvB0iMVcrivHFQRAhlSAJ9FIS00i9KH3cvVz9vh8epIVZJs2ACfWwOL
xNCSPF7sT38/eLKzrQRhHbc=
=xfuZ
-END PGP SIGNATURE-


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Rodolfo J. Paiz

At 8/24/2003 19:07 -0400, you wrote:
Sorry, I'm joining this thread way after the fact.  The only thing I'll
mention is that I *have* seen certain applications zero out a very large
filesize in preparation for filling up that space with a series of
chunks.  Bit-torrent is the *perfect* example of that.  Say you start to
download a 500M ISO image.  It breaks it into chunks so it can perform
parallel downloads from multiple clients.  Even though the total
download at any one time may only be a fraction of that size, the file
is reserved at its maximum size.  I don't know how it does it, but it
does.  :)
Does this sound like a possibility?
Not at all... these are standard WAV files, originally ripped from the 
(original, purchased) music CD. They average 45-50MB, but when I moved them 
to a second hard drive some of them started getting reported by ls -l as 
being roughly 20 times larger (900MB to 1.2GB). Oddly, ls -sh reports 
their sizes correctly, as does du -h.

Trying to figure out what caused this wrong listing and fix it, since 
copying the file does take the whole 1.2GB. Also, I share this folder with 
Windows which reports total usage as 1.6TB instead of the actual 63GB (25x).

--
Rodolfo J. Paiz
[EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Rodolfo J. Paiz

At 8/25/2003 01:35 +0200, you wrote:
Okay. What else can you report about the integrity of the WAV files?
When you load them into a somewhat capable audio player, is the
displayed playtime correct? In that case, the internal file size in
the WAV header would be correct. What do you see at the end of the
files when you display them in a hex-editor (e.g. khexedit)? Could it
be that they have ~1 GiB of zeroes at the end?
They are shared via Samba, and I've created playlists with MusicMatch 
Jukebox showing all files. Every file seems to have a reasonable file size, 
and playing one or two songs gives no errors plus the playtime is 
accurately reported.

I could not open the file with khexedit, since it complained about 
insufficient memory (I have only 256MB of RAM in this machine). But the 
theory of it actually having spaces or zeroes at the end does not seem 
logical: what on God's green Earth would tack on 1GB of zeroes at the end, 
and if so, why does ls -sh report the file size correctly? If this space 
was indeed being used, then 63GB would have _actually_ expanded to 1.6TB, 
instead of just _apparently_ having done so.

And then it wouldn't fit on the 120GB disk, whereas df -m shows the 
expected 45GB free and I just moved 10GB to that drive as a test with no 
problems. AFAICS, that 1TB discrepancy between listings does seem to be a 
phantom... but from what, how, why, and how to fix it?

I have no idea how to even start looking for this one, but while you guys 
attempt to help me, is there perhaps some docs I should be reading at the 
same time?

Thanks,

--
Rodolfo J. Paiz
[EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread jurvis lasalle

On Sunday, Aug 24, 2003, at 20:31 America/New_York, Rodolfo J. Paiz 
wrote:

At 8/24/2003 19:07 -0400, you wrote:
Sorry, I'm joining this thread way after the fact.  The only thing 
I'll
mention is that I *have* seen certain applications zero out a very 
large
filesize in preparation for filling up that space with a series of
chunks.  Bit-torrent is the *perfect* example of that.  Say you start 
to
download a 500M ISO image.  It breaks it into chunks so it can perform
parallel downloads from multiple clients.  Even though the total
download at any one time may only be a fraction of that size, the file
is reserved at its maximum size.  I don't know how it does it, but it
does.  :)

Does this sound like a possibility?
Not at all... these are standard WAV files, originally ripped from the 
(original, purchased) music CD. They average 45-50MB, but when I moved 
them to a second hard drive some of them started getting reported by 
ls -l as being roughly 20 times larger (900MB to 1.2GB). Oddly, ls 
-sh reports their sizes correctly, as does du -h.

Trying to figure out what caused this wrong listing and fix it, since 
copying the file does take the whole 1.2GB. Also, I share this folder 
with Windows which reports total usage as 1.6TB instead of the actual 
63GB (25x).

--
Rodolfo J. Paiz
[EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
Here's a stab in the dark- do you have the SIZE or BLOCKSIZE 
environment variable set (esp. when the wav files were originally 
magnified)?

--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

RE: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Otto Haliburton

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:redhat-list-
 [EMAIL PROTECTED] On Behalf Of Rodolfo J. Paiz
 Sent: Sunday, August 24, 2003 7:32 PM
 To: [EMAIL PROTECTED]
 Subject: Re: /var/log/lastlog -- why is it 19 megabytes?

 At 8/24/2003 19:07 -0400, you wrote:
 Sorry, I'm joining this thread way after the fact.  The only thing
 I'll
 mention is that I *have* seen certain applications zero out a very
 large
 filesize in preparation for filling up that space with a series of
 chunks.  Bit-torrent is the *perfect* example of that.  Say you start
 to
 download a 500M ISO image.  It breaks it into chunks so it can
 perform
 parallel downloads from multiple clients.  Even though the total
 download at any one time may only be a fraction of that size, the
 file
 is reserved at its maximum size.  I don't know how it does it, but it
 does.  :)

 Does this sound like a possibility?

 Not at all... these are standard WAV files, originally ripped from the
 (original, purchased) music CD. They average 45-50MB, but when I moved
 them
 to a second hard drive some of them started getting reported by ls -
 l as
 being roughly 20 times larger (900MB to 1.2GB). Oddly, ls -sh
 reports
 their sizes correctly, as does du -h.

 Trying to figure out what caused this wrong listing and fix it, since
 copying the file does take the whole 1.2GB. Also, I share this folder
 with
 Windows which reports total usage as 1.6TB instead of the actual 63GB
 (25x).

 --
 Rodolfo J. Paiz
 [EMAIL PROTECTED]

 --
 redhat-list mailing list
 unsubscribe mailto:[EMAIL PROTECTED]
 https://www.redhat.com/mailman/listinfo/redhat-list

This maybe absolutely correct reporting.  You said that windows and
linux are sharing the disk that these files are stored.  Well windows
reports the total byte count for the files and linux reports the number
of 512 byte blocks in a file (or something to that effect), but you are
storing the files on a vfat partition and linux maybe(I don't know for
sure) reporting the total byte count of the file.  In which case linux
is reporting the actual byte count, but windows is reporting the
allocated byte count hence the discrepancies between the files in a
linux partition and the listing o=n the vfat partition and the
differences between the linux and windows listing.  I think this is what
is happening.  I've seen this on Unix system sharing with windows but
I've never seen it with linux before.  A way of resolving maybe to copy
the files back from the shared disk to a linux partition and then get a
listing.

-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Rodolfo J. Paiz

At 8/24/2003 20:56 -0400, you wrote:

Here's a stab in the dark- do you have the SIZE or BLOCKSIZE environment 
variable set (esp. when the wav files were originally magnified)?
Stab away, any effort welcome. I have never set those variables manually, 
and doing a set | grep -i size right now from both my user account and 
root does not show either as being set. Whether they were or were not set 
at some point in the past is hard to say (the machine had RH8.0 until about 
three weeks ago and was reinstalled with RH9), but I would assume this is 
an unlikely thing.

All I can think of as unusual that happened in recent history is:

1. Reinstalled from 8.0 to 9. Reinstall does not affect the /music 
partition since it is on its own disk.

2. Moved all the music (rsync -av IIRC) from /data/music 
(/dev/hdg1, a 120GB disk) to /music (/dev/hdh1, another 120GB disk).

I can not see how either of those could have caused this, but they are the 
only ideas I have.

--
Rodolfo J. Paiz
[EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

RE: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Rodolfo J. Paiz

At 8/24/2003 19:55 -0500, you wrote:
This maybe absolutely correct reporting.  You said that windows and
linux are sharing the disk that these files are stored.
Ah, but the files are on an ext3 partition, on the Linux server, and only 
shared via Samba to the Windows boxen. So, while reasonable, we can prove 
that this theory is not correct. Besides, at some point in the past, 
Windows and Linux both showed the correct values... so it _did_ work, and 
then something changed.

I've seen this on Unix system sharing with windows but I've never
seen it with linux before.  A way of resolving maybe to copy the files
back from the shared disk to a linux partition and then get a listing.
I apologize if I gave the impression that the disks were on the Windows 
box; they are already (and always have been) on the Linux box, in Linux 
partitions.

--
Rodolfo J. Paiz
[EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

RE: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Otto Haliburton

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:redhat-list-
 [EMAIL PROTECTED] On Behalf Of Rodolfo J. Paiz
 Sent: Sunday, August 24, 2003 8:07 PM
 To: [EMAIL PROTECTED]
 Subject: RE: /var/log/lastlog -- why is it 19 megabytes?

 At 8/24/2003 19:55 -0500, you wrote:
 This maybe absolutely correct reporting.  You said that windows and
 linux are sharing the disk that these files are stored.

 Ah, but the files are on an ext3 partition, on the Linux server, and
 only
 shared via Samba to the Windows boxen. So, while reasonable, we can
 prove
 that this theory is not correct. Besides, at some point in the past,
 Windows and Linux both showed the correct values... so it _did_ work,
 and
 then something changed.

 I've seen this on Unix system sharing with windows but I've never
 seen it with linux before.  A way of resolving maybe to copy the
 files
 back from the shared disk to a linux partition and then get a
 listing.

 I apologize if I gave the impression that the disks were on the
 Windows
 box; they are already (and always have been) on the Linux box, in
 Linux
 partitions.

 --
 Rodolfo J. Paiz
 [EMAIL PROTECTED]

 --
 redhat-list mailing list
 unsubscribe mailto:[EMAIL PROTECTED]
 https://www.redhat.com/mailman/listinfo/redhat-list

Okay, I see.  There is probably some other explanation then.

-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

RE: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Otto Haliburton

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:redhat-list-
 [EMAIL PROTECTED] On Behalf Of jurvis lasalle
 Sent: Sunday, August 24, 2003 7:57 PM
 To: [EMAIL PROTECTED]
 Subject: Re: /var/log/lastlog -- why is it 19 megabytes?

 On Sunday, Aug 24, 2003, at 20:31 America/New_York, Rodolfo J. Paiz
 wrote:

  At 8/24/2003 19:07 -0400, you wrote:
  Sorry, I'm joining this thread way after the fact.  The only thing
  I'll
  mention is that I *have* seen certain applications zero out a very
  large
  filesize in preparation for filling up that space with a series of
  chunks.  Bit-torrent is the *perfect* example of that.  Say you
 start
  to
  download a 500M ISO image.  It breaks it into chunks so it can
 perform
  parallel downloads from multiple clients.  Even though the total
  download at any one time may only be a fraction of that size, the
 file
  is reserved at its maximum size.  I don't know how it does it, but
 it
  does.  :)

  Does this sound like a possibility?

  Not at all... these are standard WAV files, originally ripped from
 the
  (original, purchased) music CD. They average 45-50MB, but when I
 moved
  them to a second hard drive some of them started getting reported by
  ls -l as being roughly 20 times larger (900MB to 1.2GB). Oddly,
 ls
  -sh reports their sizes correctly, as does du -h.

  Trying to figure out what caused this wrong listing and fix it,
 since
  copying the file does take the whole 1.2GB. Also, I share this
 folder
  with Windows which reports total usage as 1.6TB instead of the
 actual
  63GB (25x).

  --
  Rodolfo J. Paiz
  [EMAIL PROTECTED]

  --
  redhat-list mailing list
  unsubscribe mailto:redhat-list-
 [EMAIL PROTECTED]
  https://www.redhat.com/mailman/listinfo/redhat-list

 Here's a stab in the dark- do you have the SIZE or BLOCKSIZE
 environment variable set (esp. when the wav files were originally
 magnified)?

 --
 redhat-list mailing list
 unsubscribe mailto:[EMAIL PROTECTED]
 https://www.redhat.com/mailman/listinfo/redhat-list

let me further explain with a example.

Suppose you have a file that is 1024 bytes on linux and you do a ls  it
will list as 2 block (2 512 byte blocks).  You copy this file to a vfat
partition to be shared with windows and the allocation units is 5 512
blocks. Now when you do the listing linux list it as 1024 bytes and
windows will list it 2560 bytes.   Maybe this is what is happening and
when you force linux to list using linux units it will list it correctly
as 2 blocks. IMHO this what I think.

-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

RE: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Rodolfo J. Paiz

At 8/24/2003 20:08 -0500, you wrote:
let me further explain with a example.

Suppose you have a file that is 1024 bytes on linux and you do a ls  it
will list as 2 block (2 512 byte blocks).
OK... but here the error would be at most a few KB, not an additional 1,130MB.

  You copy this file to a vfat
partition to be shared with windows and the allocation units is 5 512
blocks. Now when you do the listing linux list it as 1024 bytes and
windows will list it 2560 bytes.
I understand your concept; but these files have only been copied once, from 
disk /dev/hdg on the Linux server (using ext3) to disk /dev/hdh ON THE SAME 
SERVER, also using ext3. No copying to Windows has occurred... all I've 
done is to allow Windows machines to read them via Samba.

--
Rodolfo J. Paiz
[EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

RE: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Otto Haliburton

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:redhat-list-
 [EMAIL PROTECTED] On Behalf Of Rodolfo J. Paiz
 Sent: Sunday, August 24, 2003 8:45 PM
 To: [EMAIL PROTECTED]
 Subject: RE: /var/log/lastlog -- why is it 19 megabytes?

 At 8/24/2003 20:08 -0500, you wrote:
 let me further explain with a example.

 Suppose you have a file that is 1024 bytes on linux and you do a ls
 it
 will list as 2 block (2 512 byte blocks).

 OK... but here the error would be at most a few KB, not an additional
 1,130MB.

You copy this file to a vfat
 partition to be shared with windows and the allocation units is 5 512
 blocks. Now when you do the listing linux list it as 1024 bytes and
 windows will list it 2560 bytes.

 I understand your concept; but these files have only been copied once,
 from
 disk /dev/hdg on the Linux server (using ext3) to disk /dev/hdh ON THE
 SAME
 SERVER, also using ext3. No copying to Windows has occurred... all
 I've
 done is to allow Windows machines to read them via Samba.

 --
 Rodolfo J. Paiz
 [EMAIL PROTECTED]

 --
 redhat-list mailing list
 unsubscribe mailto:[EMAIL PROTECTED]
 https://www.redhat.com/mailman/listinfo/redhat-list

Sorry, This list delivers some responses out of sequence.  I think I
conceded the fact that there is some other explanation.  I'm thinking.

-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Herculano de Lima Einloft Neto

Rodolfo J. Paiz wrote:

 I have no idea how to even start looking for this one 

 Well, you could try unsparsing a file.. it's a blind shot, it makes no
sense, but it's worth a try (on the smallest huge file).

cp --sparse=always big.wav test.wav

-- 
Herculano de Lima Einloft Neto [EMAIL PROTECTED]


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Herculano de Lima Einloft Neto

I wrote:

  Well, you could try unsparsing a file.. it's a blind shot, it makes no
 sense, but it's worth a try (on the smallest huge file).
 
 cp --sparse=always big.wav test.wav

   Please disconsider this - it's confuse. I didn't read all your posts well. Your 
files would be
sparsed already if sparsing had anything to do with it. But it could have (smth to do 
with it). 
-- 
Herculano de Lima Einloft Neto [EMAIL PROTECTED]


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Herculano de Lima Einloft Neto

Rodolfo J. Paiz
 Trying to figure out what caused this wrong listing and fix it, since
 copying the file does take the whole 1.2GB

   Just got it, this is what I meant: if the files are sparse, cp
--sparse=always wouldn't take the whole 1.2 GB.
-- 
Herculano de Lima Einloft Neto [EMAIL PROTECTED]


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread David Kramer

On Sunday 24 August 2003 07:07 pm, Jason Dixon wrote:
 Sorry, I'm joining this thread way after the fact.  The only thing I'll
 mention is that I *have* seen certain applications zero out a very large
 filesize in preparation for filling up that space with a series of
 chunks.  Bit-torrent is the *perfect* example of that.  Say you start to
 download a 500M ISO image.  It breaks it into chunks so it can perform
 parallel downloads from multiple clients.  Even though the total
 download at any one time may only be a fraction of that size, the file
 is reserved at its maximum size.  I don't know how it does it, but it
 does.  :)

Dunno if that's his problem, but it's quite common.  They are called sparse 
files.  The application fopen()s the file, does an fseek() or fsetpos() to 
how big the file should be.  This is done a lot for buffers that need to work 
fast, like DBMS space, ring buffers, etc.  Note that inodes are only 
allocated as the space is used, so this is not as wasteful as you would 
think.

The same thing happens with RAM.  You can malloc() much more ram than you have 
(even virtual RAM), but it doesn't actually allocate memory until you write 
to it.  This can have unfortunate effects if you actually use more memory 
than you have, but it's generally not a problem for a correctly-speced 
system.  But your program can run out of memory at write time instead of 
malloc time for this reason.  RAM allocation is even more complicated, 
because the OS takes unused memory and uses it for buffers and cache, and 
gives them back as needed.  So you have RAM that is free, RAM that is 
allocated, and RAM that is borrowed to be returned as needed.

-- 
   David Kramer [EMAIL PROTECTED]   http://thekramers.net
DK KD  
DKK D  The avalanche has already begun.
DK KD  It is too late for the pebbles to vote.
   - Kosh, babylon 5


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Rodolfo J. Paiz

At 8/24/2003 23:17 -0300, you wrote:
Rodolfo J. Paiz wrote:

 I have no idea how to even start looking for this one

 Well, you could try unsparsing a file.. it's a blind shot, it makes no
sense, but it's worth a try (on the smallest huge file).
cp --sparse=always big.wav test.wav
That's actually how I ended up on this thread... no one was paying me any 
attention on my other attempts to get help on this issue, and sparse files 
sounded like a possible explanation so I went through the thread and made 
attempts to sparse or unsparse with both cp and rsync.

No dice... I still get 1.2GB worth of file, yet the darn thing plays 
properly in a media player and displays correctly in certain incantations 
of ls.

Is there someone out there with some coding expertise, who can maybe 
explain why ls -l and ls -sh give different results? Like this:

ls -l:
-rwxr--r--1 rpaizrpaiz1177207676 Aug  3 18:09 Kansas ~ Best of 
Kansas ~ 04 ~ Dust in the Wind ~ 890B500A.wav
ls -sh:
 35M Kansas ~ Best of Kansas ~ 04 ~ Dust in the Wind ~ 890B500A.wav

Worse yet, the file that I gzipped and then gunzipped is now really and 
truly taking up 1.2GB:

ls -l:
-rwxr--r--1 rpaizrpaiz1181163340 Aug  3 18:09 Kansas ~ Best of 
Kansas ~ 01 ~ Carry on Wayward Son ~ 890B500A.wav
ls -sh:
1.2G Kansas ~ Best of Kansas ~ 01 ~ Carry on Wayward Son ~ 890B500A.wav

Any listing of it now shows 1.2GB, and total space used in the directory 
du -ms as well as disk free space df -m reflect the increase. It still 
plays fine in my media player, though!

Arrrgh!!!

--
Rodolfo J. Paiz
[EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Rodolfo J. Paiz

At 8/24/2003 22:04 -0400, you wrote:
On Sunday 24 August 2003 07:07 pm, Jason Dixon wrote:
 Sorry, I'm joining this thread way after the fact.  The only thing I'll
 mention is that I *have* seen certain applications zero out a very large
 filesize in preparation for filling up that space with a series of
 chunks.  Bit-torrent is the *perfect* example of that.
Dunno if that's his problem, but it's quite common.  They are called sparse
files.
This is something I only just heard about for the first time two days ago, 
but it's definitely not my problem (insofar as testing with cp and rsync 
and their sparse parameters can tell me).

--
Rodolfo J. Paiz
[EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Brian Ashe

Rodolfo,

On Sunday August 24, 2003 11:28, Rodolfo J. Paiz wrote:
 Is there someone out there with some coding expertise, who can maybe
 explain why ls -l and ls -sh give different results? Like this:

Not that I read the code but it isn't too hard to derive the answer from the 
info page of ls.

`-s'
`--size'
 Print the disk allocation of each file to the left of the file
 name.  This is the amount of disk space used by the file, which is
 usually a bit more than the file's size, but it can be less if the
 file has holes.

 Normally the disk allocation is printed in units of 1024 bytes,
 but this can be overridden (*note Block size::).

`-l'
`--format=long'
`--format=verbose'
 In addition to the name of each file, print the file type,
 permissions, number of hard links, owner name, group name, size in
 bytes, and timestamp (*note Formatting file timestamps::), normally
 the modification time.

So in this case it appears you have some VERY holey files. Since the -s is 
telling you the space used and the -l is calculating the bytes used by 
(number of blocks allocated - 1) * 512 + remainder.

Perhaps try running stat on a file and see if this is accurate.

I'll give some examples to try and illustrate this.

Here is an example file of ~40MB. You will see the blocks in the first version 
and the human interpretation of those blocks. By default, ls uses 1K blocks 
for it's output of the -s flag.

[EMAIL PROTECTED] test]$ ls -ls testfile
39376 -rw-r--r--1 brianbrian40274705 Jan 20  2003 testfile
[EMAIL PROTECTED] test]$ ls -lsh testfile
 39M -rw-r--r--1 brianbrian 38M Jan 20  2003 testfile

Note how what the man page told us holds true here as the two numbers don't 
match. This is because of using (blocks * blocksize) and each having 
different numbers to use. Now let's see what the system _really_ thinks about 
this file.

[EMAIL PROTECTED] test]$ stat testfile
  File: `testfile'
  Size: 40274705Blocks: 78752  IO Block: 4096   Regular File
Device: 305h/773d   Inode: 109 Links: 1
Access: (0644/-rw-r--r--)  Uid: (  500/   brian)   Gid: (  500/   brian)
Access: 2003-08-25 02:24:01.0 -0400
Modify: 2003-01-20 10:34:12.0 -0500
Change: 2003-01-20 10:34:12.0 -0500

Now we see we actually have a 4K blocksize. But the number of blocks is still 
in the default 512b size.

So let's tell ls what the blocksize actually is and see what it tells us.

[EMAIL PROTECTED] test]$ ls --block-size=4K -ls testfile
9844 -rw-r--r--1 brianbrian40274705 Jan 20  2003 testfile

Notice the number of blocks changes but the file size doesn't. So now we can 
see that the blocksize is playing a large part in how even the same command 
can interpret what it is seeing.

However this doesn't explain what's going on, just what you see.

Everything from here on is either pure speculation or WAG. ;)

 ls -l:
 -rwxr--r--1 rpaizrpaiz1177207676 Aug  3 18:09 Kansas ~ Best of
 Kansas ~ 04 ~ Dust in the Wind ~ 890B500A.wav
 ls -sh:
   35M Kansas ~ Best of Kansas ~ 04 ~ Dust in the Wind ~ 890B500A.wav


The difference here looks like a 32 times in difference (35 * 1024 * 1024 * 32 
= 1174405120 (which is pretty close to the 1177207676 you see above 
considering rounding)). Which the only thing I can guess at is perhaps one of 
the two drives has a 32K blocksize and the other has a 1K blocksize. Further 
it would seem that somehow the rsync command you used (or something else) 
transfered blocks instead of bytes and really screwed up the layout of the 
filesystem. I believe you mentioned that you had seen a 98% fragmented system 
and this would seem congruent with some very holey files. Hence the vast 
difference in reported sizes.

You really need to take a look inside these files to see what's going on. That 
way you can see if there are real file issues or some sort of filesystem 
confusion. You had mentioned earlier that you can't read a file in a hex 
editor due to memory constraints. You should try something like 
head -c 64k filename | od -c
to get a feel for what's in the file (look for zeroes). 

The only thing I can think to recommend that would make sense is to grab a 
defrag tool and see if it can fix it. Or if you can copy a file back to the 
old drive using the same method and then use a different one to get it back 
on the desired drive if that seems to restore sanity to the files.

Anyway, it's late here and there could be some inaccuracies, but perhaps you 
can either get it fixed or provide some new info. I left out using debugfs 
for now, since it can get very confusing if you're not used to it.

-- 
Brian Ashe CTO
Dee-Web Software Services, LLC.  [EMAIL PROTECTED]
http://www.dee-web.com/


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Michael Schwendt

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, 24 Aug 2003 18:54:04 -0600, Rodolfo J. Paiz wrote:

 I could not open the file with khexedit, since it complained about 
 insufficient memory (I have only 256MB of RAM in this machine). But the 
 theory of it actually having spaces or zeroes at the end does not seem 
 logical: what on God's green Earth would tack on 1GB of zeroes at the end, 

rsync

 and if so, why does ls -sh report the file size correctly?

ls -sh is like du -h and reports disk usage in blocks.

 If this space 
 was indeed being used, then 63GB would have _actually_ expanded to 1.6TB, 
 instead of just _apparently_ having done so.

But that is impossible because your disk is not that big. So, it could
still be sparse blocks (or similar symptoms) at the _end_ of a file.
You don't hear that, when the music player relies on the WAV length as
found in the WAV file header. You would only hear the effect of sparse
blocks in the beginning of the file, where empty blocks would be mixed
into the WAV stream.

 And then it wouldn't fit on the 120GB disk, whereas df -m shows the 
 expected 45GB free and I just moved 10GB to that drive as a test with no 
 problems. AFAICS, that 1TB discrepancy between listings does seem to be a 
 phantom... but from what, how, why, and how to fix it?
 
 I have no idea how to even start looking for this one, but while you guys 
 attempt to help me, is there perhaps some docs I should be reading at the 
 same time?

A WAV editor which saves only the WAV content size as specified in the
WAV header would be able to repair the files.

- -- 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/Sfgp0iMVcrivHFQRAksCAJ9VCkyWdI4zecILbnVDktx42V/GqwCggC/2
wHpqXMrvH21tFQo3ThNKtc4=
=47DG
-END PGP SIGNATURE-


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-25 Thread Michael Schwendt

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, 24 Aug 2003 21:28:18 -0600, Rodolfo J. Paiz wrote:

   Well, you could try unsparsing a file.. it's a blind shot, it makes no
 sense, but it's worth a try (on the smallest huge file).
 
 cp --sparse=always big.wav test.wav
 
 That's actually how I ended up on this thread... no one was paying me any 
 attention on my other attempts to get help on this issue, and sparse files 
 sounded like a possible explanation so I went through the thread and made 
 attempts to sparse or unsparse with both cp and rsync.
 
 No dice... I still get 1.2GB worth of file, yet the darn thing plays 
 properly in a media player and displays correctly in certain incantations 
 of ls.

Because it makes no sense. The proposed unsparsing the file would
expand the empty blocks and create a file that occupies as much space on
disk as normal ls -l shows. What you would need in case of sparse
files with lots of omitted blocks at the end, is a way to _cut off_
the files at the end.

- -- 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/Sfm50iMVcrivHFQRArVuAJ975eaxSC4lqNcFNRnXhxed1G6BKACfSZuI
6L37F90XwMpuDmHg3VYztE8=
=LdKr
-END PGP SIGNATURE-


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-24 Thread Rodolfo J. Paiz

At 8/23/2003 10:13 +0200, you wrote:
The problem with your WAV files is not that they contain sparse
blocks. If they did, they would not sound good, because you would hear
every blank block. And since they are listed as 20 times the original
size, you would hear a lot of silence, and each of them would play
for several hours. ;) But as you've mentioned, two arbitrary 1GB
songs still sound good.
Just out of curiousity, what do you get when you gzip such a huge
file, transfer it to another machine and gunzip it?
Sorry to take so long to respond.

Didn't have another Linux machine at hand, so I gzipped it (took all of six 
seconds) and transferred the compressed file (down from 1.18GB to an 
expected 53MB) to another drive. Gunzipping the file resulted again in a 
1.18GB file.

Color me baffled.

--
Rodolfo J. Paiz
[EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-23 Thread Rodolfo J. Paiz

At 8/22/2003 21:39 -0300, you wrote:
Robert C. Paulsen Jr. wrote:
 Perhaps you saved the file from within vi. That might unsparse the
 file.
Will sparsing or unsparsing the file (whichever is the one that fixes 
the problem) eliminate those blank spaces? I have 40M files that (after 
being copied to a second hard drive) show up correctly with ls -sh but 
then show up as 950MB files in ls -l.

If I do cp --sparse=always or rsync -av --sparse, will the file be 
returned to its normal real size? Will it still have all those blanks in 
it? And is there a way for me to check whether or not this is indeed my 
problem? Please see my other thread earlier today labeled File sizes 
reported incorrectly (and huge!) for more detail.

Thanks,

--
Rodolfo J. Paiz
[EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-23 Thread Michael Schwendt

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, 23 Aug 2003 00:03:43 -0600, Rodolfo J. Paiz wrote:

 Will sparsing or unsparsing the file (whichever is the one that fixes 
 the problem) eliminate those blank spaces? I have 40M files that (after 
 being copied to a second hard drive) show up correctly with ls -sh but 
 then show up as 950MB files in ls -l.
 
 If I do cp --sparse=always or rsync -av --sparse, will the file be 
 returned to its normal real size? Will it still have all those blanks in 
 it? And is there a way for me to check whether or not this is indeed my 
 problem? Please see my other thread earlier today labeled File sizes 
 reported incorrectly (and huge!) for more detail.

The problem with your WAV files is not that they contain sparse
blocks. If they did, they would not sound good, because you would hear
every blank block. And since they are listed as 20 times the original
size, you would hear a lot of silence, and each of them would play
for several hours. ;) But as you've mentioned, two arbitrary 1GB
songs still sound good.

Just out of curiousity, what do you get when you gzip such a huge
file, transfer it to another machine and gunzip it?

- -- 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/RyIf0iMVcrivHFQRApkVAJoCDqWiqXFy0KFFmciSFtlln9jcRACeKVi6
5pVfV6eMFNXDZ1c4upE2yRI=
=CT2E
-END PGP SIGNATURE-


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-22 Thread Herculano de Lima Einloft Neto

Ronald W. Heiby wrote:
 If, when you copy a sparse file, you do not take precautions to have
 the copy also be sparse, the copy gets filled in and has a bunch of
 bytes of 0x00 actually allocated on disk. Looks like that happened
 here.
 
 Ron.
  
   Well, I'm quite sure I never copied it anywhere.. one time I vi'd it and it took 
forever for
vi to load it, with a lot of disk scratching.. bet that was it.. Can you tell me how 
to fix this?

Thanks
-- 
Herculano de Lima Einloft Neto [EMAIL PROTECTED]


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-22 Thread Robert C. Paulsen Jr.

On Fri, Aug 22, 2003 at 08:37:57PM -0300, Herculano de Lima Einloft Neto wrote:
 Ronald W. Heiby wrote:
  If, when you copy a sparse file, you do not take precautions to have
  the copy also be sparse, the copy gets filled in and has a bunch of
  bytes of 0x00 actually allocated on disk. Looks like that happened
  here.
  
  Ron.
   
Well, I'm quite sure I never copied it anywhere.. one time I vi'd it and it took 
 forever for
 vi to load it, with a lot of disk scratching.. bet that was it.. Can you tell me how 
 to fix this?
 

Perhaps you saved the file from within vi. That might unsparse the
file.

Read up on the --sparse option of cp (man cp). It looks like the
following will work: (warning! I have not tried this!)

cd /var/log
mv lastlog lastlog-orig
cp --sparse=always lastlog-orig lastlog
du -h lastlog
rm lastlog-orig

-- 
Robert C. Paulsen, Jr.
[EMAIL PROTECTED]


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-22 Thread Herculano de Lima Einloft Neto

Robert C. Paulsen Jr. wrote:
 Perhaps you saved the file from within vi. That might unsparse the
 file.

   Yes.. but perhaps I didn't. :)

 Read up on the --sparse option of cp (man cp). It looks like the
 following will work: (warning! I have not tried this!)
 
   cd /var/log
   mv lastlog lastlog-orig
   cp --sparse=always lastlog-orig lastlog
   du -h lastlog
   rm lastlog-orig

 That worked perfectly.. wait a minute..
 weren't you the guy asking for help in the first place? :)

Thanks a lot,
-- 
Herculano de Lima Einloft Neto [EMAIL PROTECTED]


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-22 Thread Robert C. Paulsen Jr.

On Fri, Aug 22, 2003 at 09:39:40PM -0300, Herculano de Lima Einloft Neto wrote:
 Robert C. Paulsen Jr. wrote:
  Perhaps you saved the file from within vi. That might unsparse the
  file.
 
Yes.. but perhaps I didn't. :)
 
  Read up on the --sparse option of cp (man cp). It looks like the
  following will work: (warning! I have not tried this!)
  
  cd /var/log
  mv lastlog lastlog-orig
  cp --sparse=always lastlog-orig lastlog
  du -h lastlog
  rm lastlog-orig
 
  That worked perfectly.. wait a minute..
  weren't you the guy asking for help in the first place? :)

Yup. But my lastlog file was already sparse. I just didn't associate the
concept (sparse files, which I knew about) with this real-life example
since I hadn't run into it before and the concept was buried deep in my
subconscious. I learned from my experience!

-- 
Robert C. Paulsen, Jr.
[EMAIL PROTECTED]


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

/var/log/lastlog -- why is it 19 megabytes?

2003-08-21 Thread Robert C. Paulsen Jr.

Can anyone explain why my /var/log/lastlog is 19 megabytes? Here is the
output from the lastlog command:

Username Port From Latest
root tty2  Wed Aug 20 16:27:44 -0500 2003
bin**Never logged in**
daemon **Never logged in**
adm**Never logged in**
lp **Never logged in**
sync   **Never logged in**
shutdown   **Never logged in**
halt   **Never logged in**
mail   **Never logged in**
news   **Never logged in**
uucp   **Never logged in**
operator   **Never logged in**
games  **Never logged in**
gopher **Never logged in**
ftp**Never logged in**
nobody **Never logged in**
rpm**Never logged in**
vcsa   **Never logged in**
nscd   **Never logged in**
sshd   **Never logged in**
rpc**Never logged in**
rpcuser**Never logged in**
nfsnobody  **Never logged in**
mailnull   **Never logged in**
smmsp  **Never logged in**
pcap   **Never logged in**
apache **Never logged in**
squid  **Never logged in**
webalizer  **Never logged in**
xfs**Never logged in**
named  **Never logged in**
ntp**Never logged in**
gdm**Never logged in**
mysql  **Never logged in**
postgres   **Never logged in**
desktop**Never logged in**
robert   :0Wed Aug 20 19:39:17 -0500 2003
nut**Never logged in**

Also lastlog is not rotated by logrotate. Is there a reason for that? I
found a changelog for logrotate with the comment:

* Thu Feb 24 2000 Erik Troan [EMAIL PROTECTED]
- don't rotate lastlog

But this doesn't say why. Couldn't find any relevant comments in the source
code either.

-- 
Robert C. Paulsen, Jr.
[EMAIL PROTECTED]


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-21 Thread Michael Schwendt

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 21 Aug 2003 08:57:18 -0500, Robert C. Paulsen Jr. wrote:

 Can anyone explain why my /var/log/lastlog is 19 megabytes?

It isn't. It just contains sparse blocks. See:

  du -h /var/log/lastlog

- -- 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/ROBt0iMVcrivHFQRAo16AJ0ZfWeuiVO2bI6j6juol2zFNWuvuQCdEOdO
9nOQkbGrnZuyGDHIfSahgMY=
=B8YX
-END PGP SIGNATURE-


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-21 Thread Mark Neidorff

Since I don't know, I'll askwhat are sparse blocks and why does 
`ls -l` show 19Mb and du show 56k?

Mark  

On Thu, 21 Aug 2003, Michael Schwendt wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On Thu, 21 Aug 2003 08:57:18 -0500, Robert C. Paulsen Jr. wrote:
 
  Can anyone explain why my /var/log/lastlog is 19 megabytes?
 
 It isn't. It just contains sparse blocks. See:
 
   du -h /var/log/lastlog
 


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-21 Thread Michael Schwendt

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 21 Aug 2003 19:02:02 + (UTC), Mark Neidorff wrote:

 Since I don't know, I'll askwhat are sparse blocks and

Think of sparse blocks (aka sparse files) as files with holes. Empty
[not yet used] parts of a file are not written to disk in the normal
way where they would occupy the same space on disk as if loaded fully
into memory.  Upon reading parts of the file from disk, skipped blocks
(the holes) would be recognized and substituted with zeroes.  As a
result, it is possible to create huge empty data structures and only
the sparse areas, which are filled with values, would occupy space on
disk.

 why does `ls -l` show 19Mb and du show 56k?

du examines the true number of file-system blocks used on disk,
whereas ls prints the size of a file it would have when read into
memory completely.

- -- 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/RWv20iMVcrivHFQRAii9AJ9VPCK5PzMWv416H+ljfmW3RFpQpgCdGHsc
erHJcC4A/Robsj+mhfveHUE=
=i4Yj
-END PGP SIGNATURE-


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-21 Thread Herculano de Lima Einloft Neto

   OK.. I've seen this subject on lots of threads so I'll ask.. can you explain this? 

[EMAIL PROTECTED] logs]$ du -h /var/log/lastlog
19M /var/log/lastlog


Thanks in advance
-- 
Herculano de Lima Einloft Neto [EMAIL PROTECTED]


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/lastlog -- why is it 19 megabytes?

2003-08-21 Thread Ronald W. Heiby

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thursday, August 21, 2003, 9:39:30 PM, Herculano wrote:
OK.. I've seen this subject on lots of threads so I'll ask.. can you
 explain this?   

 [EMAIL PROTECTED] logs]$ du -h /var/log/lastlog
 19M /var/log/lastlog

If, when you copy a sparse file, you do not take precautions to have
the copy also be sparse, the copy gets filled in and has a bunch of
bytes of 0x00 actually allocated on disk. Looks like that happened
here.

Ron.

-BEGIN PGP SIGNATURE-
Version: PGP Personal Privacy 6.5.8
Comment: Until recently, the last PGP with full source disclosure.

iQA/AwUBP0WVwm8pw+2/9pUJEQITxgCg80hoFBkJYCaKbJrxTl0tmKmdas8AoLM0
lYeS+pqsYIc6b4Z+uPC0xZYA
=ptso
-END PGP SIGNATURE-


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

RE: /var/log/messages question.

2003-06-04 Thread Manuel Aróstegui Ramirez

it error could cost me large holidays... ;-)
regards, Kristof

 --- Kristof Kowalski [EMAIL PROTECTED]
escribió:  Yeah that not to mention your
.bash_history so you
 can't track what he
 did on the command line.
 
 Kristof Kowalski | Staesis Network | www.staesis.net
   -- Internetworking Consultant
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]
 On Behalf Of Manuel Aróstegui Ramirez
 Sent: Tuesday, 3 June 2003 9:39 PM
 To: [EMAIL PROTECTED]
 Subject: Re: /var/log/messages question.
 
 
 in my opinion, all /var/log :-)
 
  --- Lucas Mattson [EMAIL PROTECTED]
 escribió:
  Which log files would an intruder delete if he
  breaks into my linux server?
  
 

_
  Här börjar internet!
  Skaffa gratis e-mail och gratis internet på
 http://www.spray.se
  
  Hitta rätt på internet med Lycos -
  http://lycos.spray.se
  
   
 
 =
 --
 
 Manuel Aróstegui Linux user 200896
 
 ___
 Yahoo! Messenger - Nueva versión GRATIS
 Super Webcam, voz, caritas animadas, y más...
 http://messenger.yahoo.es
 
 
 -- 
 redhat-list mailing list
 unsubscribe

mailto:[EMAIL PROTECTED]
 https://www.redhat.com/mailman/listinfo/redhat-list
 
 
 
 -- 
 redhat-list mailing list
 unsubscribe

mailto:[EMAIL PROTECTED]
 https://www.redhat.com/mailman/listinfo/redhat-list 

=
--

Manuel Aróstegui Linux user 200896

___
Yahoo! Messenger - Nueva versión GRATIS
Super Webcam, voz, caritas animadas, y más...
http://messenger.yahoo.es


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

/var/log/messages question.

2003-06-03 Thread Lucas Mattson

Which log files would an intruder delete if he breaks into my linux server?

_
Här börjar internet!
Skaffa gratis e-mail och gratis internet på http://www.spray.se

Hitta rätt på internet med Lycos -  http://lycos.spray.se

Re: /var/log/messages question.

2003-06-03 Thread Manuel Aróstegui Ramirez

in my opinion, all /var/log :-)

 --- Lucas Mattson [EMAIL PROTECTED] escribió:
 Which log files would an intruder delete if he
 breaks into my linux server?
 

_
 Här börjar internet!
 Skaffa gratis e-mail och gratis internet på
 http://www.spray.se
 
 Hitta rätt på internet med Lycos - 
 http://lycos.spray.se
 
  

=
--

Manuel Aróstegui Linux user 200896

___
Yahoo! Messenger - Nueva versión GRATIS
Super Webcam, voz, caritas animadas, y más...
http://messenger.yahoo.es


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

RE: /var/log/messages question.

2003-06-03 Thread Kristof Kowalski

Yeah that not to mention your .bash_history so you can't track what he
did on the command line.

Kristof Kowalski | Staesis Network | www.staesis.net
  -- Internetworking Consultant


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Manuel Aróstegui Ramirez
Sent: Tuesday, 3 June 2003 9:39 PM
To: [EMAIL PROTECTED]
Subject: Re: /var/log/messages question.


in my opinion, all /var/log :-)

 --- Lucas Mattson [EMAIL PROTECTED] escribió:
 Which log files would an intruder delete if he
 breaks into my linux server?
 

_
 Här börjar internet!
 Skaffa gratis e-mail och gratis internet på http://www.spray.se
 
 Hitta rätt på internet med Lycos -
 http://lycos.spray.se
 
  

=
--

Manuel Aróstegui Linux user 200896

___
Yahoo! Messenger - Nueva versión GRATIS
Super Webcam, voz, caritas animadas, y más... http://messenger.yahoo.es


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list



-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Error Msg in /var/log/message

2003-03-20 Thread Gene Yoo

can someone tell me what this is...

Mar 20 16:58:10 linux_server kernel: eth0: Too much work in 
interrupt, status e401.

--
gyoo [at] attbi [dot] com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.0 (GNU/Linux)
iQCUAwUBPhxERRxoVYCzmrKXAQJK5gP3Y7CTsFyKpEz2p5W4GWI9+qSm+kWfdJ0R
xNlma0Ma9rAL/OBJcZMo5IXyXas+3Edogbv4Al6dIf8lot1WS0Iaxxl/cg2f7gf+
otf7LfNpZDE/6OzR7A1qN6baPMLSjGzywwQWMfSVuWWb6kGQxMsA13Kn68G7Ozxs
5CODZqUPyg==
=AolA
-END PGP SIGNATURE-


--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Error Msg in /var/log/message

2003-03-20 Thread nate

Gene Yoo said:
 can someone tell me what this is...

 Mar 20 16:58:10 linux_server kernel: eth0: Too much work in
 interrupt, status e401.

this came up recently, here is an answer:
http://www.beowulf.org/pipermail/beowulf/2002-December/005433.html

that is from the author of most of the linux network drivers. Basically
it looks to be a hardware problem, and the driver is reporting it to
you, it doesn't seem to be a serious problem, luckily the driver can
detect the problem and hopefully work around it.

I've run many linux systems over the years and have never seen that
message.

nate





-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Error Msg in /var/log/message

2003-03-20 Thread Gene Yoo

nate wrote:
Gene Yoo said:

can someone tell me what this is...

Mar 20 16:58:10 linux_server kernel: eth0: Too much work in
interrupt, status e401.


this came up recently, here is an answer:
http://www.beowulf.org/pipermail/beowulf/2002-December/005433.html
that is from the author of most of the linux network drivers. Basically
it looks to be a hardware problem, and the driver is reporting it to
you, it doesn't seem to be a serious problem, luckily the driver can
detect the problem and hopefully work around it.
I've run many linux systems over the years and have never seen that
message.
nate


so i guess i'm going to have to replace the NIC...
--
gyoo [at] attbi [dot] com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.0 (GNU/Linux)
iQCUAwUBPhxERRxoVYCzmrKXAQJK5gP3Y7CTsFyKpEz2p5W4GWI9+qSm+kWfdJ0R
xNlma0Ma9rAL/OBJcZMo5IXyXas+3Edogbv4Al6dIf8lot1WS0Iaxxl/cg2f7gf+
otf7LfNpZDE/6OzR7A1qN6baPMLSjGzywwQWMfSVuWWb6kGQxMsA13Kn68G7Ozxs
5CODZqUPyg==
=AolA
-END PGP SIGNATURE-


--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Error Msg in /var/log/message

2003-03-20 Thread nate

Gene Yoo said:

 so i guess i'm going to have to replace the NIC...

if it's a good NIC it may not be a problem with the NIC. It may be in
a PCI slot which shares an IRQ with another device that is not friendly,
it may be a bios setting(PCI timing or something), it may be the
motherboard(since you don't mention what board).

or, it could be the NIC itself..

tracing down a hardware problem is usually a real pain to do.

my best reccomendation is to check your motherboard manual, for what
PCI slots share what IRQs(typically the first and last PCI slots share
irqs with other things, while the middle ones don't). And check the
bios settings, be sure you have somewhat conservative settings(defaults
are usually fine), and check the IRQs themselves (cat /proc/interrupts
or run 'procinfo').

nate





-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Error Msg in /var/log/message

2003-03-20 Thread Peter Skensved


Gene Yoo said:

 so i guess i'm going to have to replace the NIC...

  Not necessarily - I've seen this error when a Cisco
switch failed to negotiate properly with 3Com Tornado
cards. There is some info in the driver documentation
in the kernel-source ( for 3Com cards at least )
 peter





Peter Skensved  Email : [EMAIL PROTECTED]
Dept. of Physics,
Queen's University,
Kingston, Ontario,
Canada







-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/messages logs every packet! (Out of Office)

2002-11-15 Thread Jacob Petrie

I will be out of the office Friday, November 15th.  If this is an emergency please 
contact the IT help desk.

Thank you,

Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/messages logs every packet! (Out of Office)

2002-11-15 Thread Jacob Petrie

I will be out of the office Friday, November 15th.  If this is an emergency please 
contact the IT help desk.

Thank you,

Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/messages logs every packet! (Out of Office)

2002-11-15 Thread Jacob Petrie

I will be out of the office Friday, November 15th.  If this is an emergency please 
contact the IT help desk.

Thank you,

Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/messages logs every packet! (Out of Office)

2002-11-15 Thread Jacob Petrie

I will be out of the office Friday, November 15th.  If this is an emergency please 
contact the IT help desk.

Thank you,

Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/messages logs every packet! (Out of Office)

2002-11-15 Thread Jacob Petrie

I will be out of the office Friday, November 15th.  If this is an emergency please 
contact the IT help desk.

Thank you,

Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/messages logs every packet! (Out of Office)

2002-11-15 Thread Jacob Petrie

I will be out of the office Friday, November 15th.  If this is an emergency please 
contact the IT help desk.

Thank you,

Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

/var/log/messages logs every packet!

2002-11-14 Thread Sam Steingold

my /var/log/messages is huge because it logs each and every packet:

Nov 14 21:20:36  kernel: Packet log: input ACCEPT eth0 PROTO=6 ...

how do I turn this off?

-- 
Sam Steingold (http://www.podval.org/~sds) running RedHat8 GNU/Linux
http://www.camera.org http://www.iris.org.il http://www.memri.org/
http://www.mideasttruth.com/ http://www.palestine-central.com/links.html
main(a){a=main(a){a=%c%s%c;printf(a,34,a,34);};printf(a,34,a,34);}




-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/messages logs every packet! (Out of Office)

2002-11-14 Thread Jacob Petrie

I will be out of the office Friday, November 15th.  If this is an emergency please 
contact the IT help desk.

Thank you,

Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/messages logs every packet!

2002-11-14 Thread Yoink!

On 14 Nov 2002, Sam Steingold wrote:
 my /var/log/messages is huge because it logs each and every packet:

 Nov 14 21:20:36  kernel: Packet log: input ACCEPT eth0 PROTO=6 ...

 how do I turn this off?

The Drastic Way is /etc/init.d/iptables stop or ipchains stop

did you happen to configure a firewall yourself?

But the best solution is to figure out where your firewall is configured,
and comment any references in the script to logging:

 # iptables -A INPUT -i $INTERNET -f -j LOG --log-prefix LOG: 

look in your /var/log/boot.log for references to ipchains, iptables, or
firewalls.

-- 
\ \/ / _   |~\  _ In God We Trust. All Others Pay Cash.
/ \|\  /|+- | |   The world is a comedy to those that think,
/ /\ \\_/| \/ ||__)|_|a tragedy to those who feel. - Horace Walpole



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/messages logs every packet! (Out of Office)

2002-11-14 Thread Jacob Petrie

I will be out of the office Friday, November 15th.  If this is an emergency please 
contact the IT help desk.

Thank you,

Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/messages logs every packet! (Out of Office)

2002-11-14 Thread Jacob Petrie

I will be out of the office Friday, November 15th.  If this is an emergency please 
contact the IT help desk.

Thank you,

Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/messages logs every packet!

2002-11-14 Thread Duncan Hill

On Thu, Nov 14, 2002 at 09:23:13PM -0500, Sam Steingold wrote:
 my /var/log/messages is huge because it logs each and every packet:
 
 Nov 14 21:20:36  kernel: Packet log: input ACCEPT eth0 PROTO=6 ...

You have -l in your iptables/ipchains rules.  Typically found in 
/etc/sysconfig/iptables or /etc/sysconfig/ipchains.

Use iptables -nL  or  ipchains -nL to determine which is loaded (or use lsmod)



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/messages logs every packet! (Out of Office)

2002-11-14 Thread Jacob Petrie

I will be out of the office Friday, November 15th.  If this is an emergency please 
contact the IT help desk.

Thank you,

Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/messages logs every packet! (Out of Office)

2002-11-14 Thread Jacob Petrie

I will be out of the office Friday, November 15th.  If this is an emergency please 
contact the IT help desk.

Thank you,

Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/messages logs every packet! (Out of Office)

2002-11-14 Thread Jacob Petrie

I will be out of the office Friday, November 15th.  If this is an emergency please 
contact the IT help desk.

Thank you,

Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Message in /var/log/messages

2002-11-13 Thread Emmanuel Seyman

On Tue, Nov 12, 2002 at 08:37:52PM -0600, Yoink! wrote:
 
 File a bug report with Bugzilla on redhat's site. You hit some king of
 kernel error, likely in their ext3 code.

I've replaced the RAM in that machine and the problems
(and error messages) went away.

Emmanuel



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Message in /var/log/messages

2002-11-12 Thread Yoink!

On Mon, 11 Nov 2002, Emmanuel Seyman wrote:

 Can anybody tell me what this means:

 Nov 11 21:44:51 zoe kernel: EXT3-fs error (device sd(8,2)): ext3_add_entry: bad 
entry in directory #49111: directory entry across blocks - offset=29332, inode=50572, 
rec_len=8212, name_len=10
 Nov 11 21:44:52 zoe kernel: Unable to handle kernel NULL pointer dereference at 
virtual address 
 Nov 11 21:44:52 zoe kernel:  printing eip:
 Nov 11 21:44:52 zoe kernel: c0129320
 Nov 11 21:44:52 zoe kernel: *pde = 
 Nov 11 21:44:52 zoe kernel: Oops: 0002
 Nov 11 21:44:52 zoe kernel: 3c59x usb-uhci usbcore ext3 jbd sym53c8xx sd_mod scsi_mod
 Nov 11 21:44:52 zoe kernel: CPU:0
 Nov 11 21:44:52 zoe kernel: EIP:0010:[c0129320]Not tainted
 Nov 11 21:44:52 zoe kernel: EFLAGS: 00010246

File a bug report with Bugzilla on redhat's site. You hit some king of
kernel error, likely in their ext3 code.

-- 
\ \/ / _   |~\  _ In God We Trust. All Others Pay Cash.
/ \|\  /|+- | |   The world is a comedy to those that think,
/ /\ \\_/| \/ ||__)|_|a tragedy to those who feel. - Horace Walpole



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Message in /var/log/messages

2002-11-11 Thread Emmanuel Seyman


Can anybody tell me what this means:

Nov 11 21:44:51 zoe kernel: EXT3-fs error (device sd(8,2)): ext3_add_entry: bad entry 
in directory #49111: directory entry across blocks - offset=29332, inode=50572, 
rec_len=8212, name_len=10
Nov 11 21:44:52 zoe kernel: Unable to handle kernel NULL pointer dereference at 
virtual address 
Nov 11 21:44:52 zoe kernel:  printing eip:
Nov 11 21:44:52 zoe kernel: c0129320
Nov 11 21:44:52 zoe kernel: *pde = 
Nov 11 21:44:52 zoe kernel: Oops: 0002
Nov 11 21:44:52 zoe kernel: 3c59x usb-uhci usbcore ext3 jbd sym53c8xx sd_mod scsi_mod
Nov 11 21:44:52 zoe kernel: CPU:0
Nov 11 21:44:52 zoe kernel: EIP:0010:[c0129320]Not tainted
Nov 11 21:44:52 zoe kernel: EFLAGS: 00010246
Nov 11 21:44:52 zoe kernel:
Nov 11 21:44:53 zoe kernel: EIP is at truncate_list_pages [kernel] 0xb0 (2.4.18-17.7.x)
Nov 11 21:44:53 zoe kernel: eax:    ebx: c89dcd3c   ecx:    edx: 
c89dcd3c
Nov 11 21:44:53 zoe kernel: esi:    edi:    ebp: c89d4d3c   esp: 
cb429eb0
Nov 11 21:44:53 zoe kernel: ds: 0018   es: 0018   ss: 0018
Nov 11 21:44:53 zoe kernel: Process pickup (pid: 24618, stackpage=cb429000)
Nov 11 21:44:53 zoe kernel: Stack:   cb429f04  cfd77860 
c89d4c80 cb429f10 c89d4c80
Nov 11 21:44:53 zoe kernel:cfd77860 cfd77860 d885ae54 cfd77860 d885ae65 
d69e58c0  00f0
Nov 11 21:44:53 zoe kernel:0001 cb429f04  c89d4d34 c01294a9 
 c89d4c80 c1f9bc00
Nov 11 21:44:53 zoe kernel: Call Trace: [d885ae54] ext3_mark_iloc_dirty [ext3] 0x24 
(0xcb429ed8))
Nov 11 21:44:53 zoe kernel: [d885ae65] ext3_mark_iloc_dirty [ext3] 0x35 (0xcb429ee0))
Nov 11 21:44:53 zoe kernel: [c01294a9] truncate_inode_pages [kernel] 0x49 
(0xcb429f00))
Nov 11 21:44:53 zoe kernel: [d8864860] ext3_sops [ext3] 0x0 (0xcb429f10))
Nov 11 21:44:53 zoe kernel: [c014cce9] iput [kernel] 0xa9 (0xcb429f18))
Nov 11 21:44:53 zoe kernel: [d885ce8a] ext3_unlink [ext3] 0x1aa (0xcb429f30))
Nov 11 21:44:53 zoe kernel: [c014b1fc] d_delete [kernel] 0x4c (0xcb429f44))
Nov 11 21:44:53 zoe kernel: [c0144793] vfs_unlink [kernel] 0x153 (0xcb429f64))
Nov 11 21:44:53 zoe kernel: [c0144858] sys_unlink [kernel] 0x88 (0xcb429f88))
Nov 11 21:44:53 zoe kernel: [c0139583] sys_close [kernel] 0x43 (0xcb429fb0))
Nov 11 21:44:53 zoe kernel: [c0108943] system_call [kernel] 0x33 (0xcb429fc0))
Nov 11 21:44:53 zoe kernel:
Nov 11 21:44:53 zoe kernel:
Nov 11 21:44:53 zoe kernel: Code: 89 28 eb 0d 8b 03 89 68 04 89 45 00 89 5d 04 89 2b 
c7 44 24

Emmanuel



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Unknown arg --log-prefix /var/log/firewall

2002-10-25 Thread root

Anything after --log-prefix must be in quotes if you want to use
special characters that can be interpreted or spaces.
It places this text after the hostname in /var/log/messages
(You should also put a space before the final  to separate it from the
next data value).

If you want a different file location other than /var/log/messages, you
need to alter /etc/syslog.conf as described earlier, using --log-level 6
(for info level)or whatever.

Regards,
Peter

On Thu, 2002-10-24 at 11:14, Michael Schwendt wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On Mon, 21 Oct 2002 17:58:40 -0700, Jack Bowling wrote:
 
  On Mon, Oct 21, 2002 at 11:05:52AM +0200, linux power wrote:
   Unknown arg --log-prefix   /var/log/firewall
   Thats what I get in iptables -L
   when I use  -j LOG --log-prefix /var/log/firewall
   and want to log outgoing unwanted signals.
   Any idea how to turn logging on.
  
  I'm sure somebody posted this yesterday but you still don't seem to
  get it. The error message is telling you the truth: /var/log/firewall
  is*not* a valid argument to --log-prefix.
 
 It is a valid argument. /var/log/firewall is simply used as the
 text string prefix in log messages. But order does matter:
 
 # iptables -I INPUT -j LOG --log-prefix /var/log/firewall 
 #
 
 iptables sees the LOG and knows it must used the LOG extension
 module. The example above is equal. Hence I thought the error must
 be somewhere else.
 
 # iptables -I INPUT --log-prefix /var/log/firewall -j LOG
 iptables v1.2.5: Unknown arg --log-prefix'
 Try iptables -h' or 'iptables --help' for more information.
 #
 
  the --log-prefix switch is
  there so you can add some text to the packet header to help you
  identify various packets. It is not there to redirect output to a
  separate log file.
  
 
 - -- 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.0.6 (GNU/Linux)
 
 iD8DBQE9t7nt0iMVcrivHFQRAsIVAJ42FkUwTrtNt/B32LsrPOZUcyuZaACdHeSe
 uMat4NVKovPvwW35dkbzktA=
 =prfO
 -END PGP SIGNATURE-
 
 
 
 -- 
 redhat-list mailing list
 unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
 https://listman.redhat.com/mailman/listinfo/redhat-list





-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Unknown arg --log-prefix /var/log/firewall

2002-10-25 Thread Michael Schwendt

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 25 Oct 2002 12:43:52 +0200, root wrote:

 Anything after --log-prefix must be in quotes if you want to use
 special characters that can be interpreted or spaces.

But in this thread it's --log-prefix /var/log/messages which doesn't
need any quotes.

 It places this text after the hostname in /var/log/messages
 (You should also put a space before the final  to separate it from
 the next data value).
 
 If you want a different file location other than /var/log/messages,
 you need to alter /etc/syslog.conf as described earlier, using
 --log-level 6(for info level)or whatever.

Or look at the ULOG extension and the userspace logging daemon.

- -- 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)

iD8DBQE9uSms0iMVcrivHFQRAlIrAJ9yOUM70i84geG2b8VcjoG3rRyeVwCeJH9v
kYiUr+XPckb+TYYk8WiYaAc=
=WON9
-END PGP SIGNATURE-



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Unknown arg --log-prefix /var/log/firewall

2002-10-25 Thread root

I've just tried that and I agree.
I can't get it to break without the quotation marks...
Thanx.

Peter

On Fri, 2002-10-25 at 13:23, Michael Schwendt wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On 25 Oct 2002 12:43:52 +0200, root wrote:
 
  Anything after --log-prefix must be in quotes if you want to use
  special characters that can be interpreted or spaces.
 
 But in this thread it's --log-prefix /var/log/messages which doesn't
 need any quotes.
 
  It places this text after the hostname in /var/log/messages
  (You should also put a space before the final  to separate it from
  the next data value).
  
  If you want a different file location other than /var/log/messages,
  you need to alter /etc/syslog.conf as described earlier, using
  --log-level 6(for info level)or whatever.
 
 Or look at the ULOG extension and the userspace logging daemon.
 
 - -- 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.0.6 (GNU/Linux)
 
 iD8DBQE9uSms0iMVcrivHFQRAlIrAJ9yOUM70i84geG2b8VcjoG3rRyeVwCeJH9v
 kYiUr+XPckb+TYYk8WiYaAc=
 =WON9
 -END PGP SIGNATURE-
 
 
 
 -- 
 redhat-list mailing list
 unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
 https://listman.redhat.com/mailman/listinfo/redhat-list





-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Unknown arg --log-prefix /var/log/firewallSOLVED

2002-10-25 Thread linux power

Thanks all folks.
Now its solved by reinstalling iptables and reboot. 



--- Michael Schwendt [EMAIL PROTECTED] skrev: 
-BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On 25 Oct 2002 12:43:52 +0200, root wrote:
 
  Anything after --log-prefix must be in quotes if
 you want to use
  special characters that can be interpreted or
 spaces.
 
 But in this thread it's --log-prefix
 /var/log/messages which doesn't
 need any quotes.
 
  It places this text after the hostname in
 /var/log/messages
  (You should also put a space before the final  to
 separate it from
  the next data value).
  
  If you want a different file location other than
 /var/log/messages,
  you need to alter /etc/syslog.conf as described
 earlier, using
  --log-level 6(for info level)or whatever.
 
 Or look at the ULOG extension and the userspace
 logging daemon.
 
 - -- 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.0.6 (GNU/Linux)
 

iD8DBQE9uSms0iMVcrivHFQRAlIrAJ9yOUM70i84geG2b8VcjoG3rRyeVwCeJH9v
 kYiUr+XPckb+TYYk8WiYaAc=
 =WON9
 -END PGP SIGNATURE-
 
 
 
 -- 
 redhat-list mailing list
 unsubscribe

mailto:redhat-list-request;redhat.com?subject=unsubscribe
 https://listman.redhat.com/mailman/listinfo/redhat-list

=
http://home.no.net/~knutove/knut_ove_hauge_kuren.htm

__
Se den nye Yahoo! Mail på http://no.yahoo.com/
Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Unknown arg --log-prefix /var/log/firewall

2002-10-24 Thread Michael Schwendt

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, 21 Oct 2002 17:58:40 -0700, Jack Bowling wrote:

 On Mon, Oct 21, 2002 at 11:05:52AM +0200, linux power wrote:
  Unknown arg --log-prefix   /var/log/firewall
  Thats what I get in iptables -L
  when I use  -j LOG --log-prefix /var/log/firewall
  and want to log outgoing unwanted signals.
  Any idea how to turn logging on.
 
 I'm sure somebody posted this yesterday but you still don't seem to
 get it. The error message is telling you the truth: /var/log/firewall
 is*not* a valid argument to --log-prefix.

It is a valid argument. /var/log/firewall is simply used as the
text string prefix in log messages. But order does matter:

# iptables -I INPUT -j LOG --log-prefix /var/log/firewall 
#

iptables sees the LOG and knows it must used the LOG extension
module. The example above is equal. Hence I thought the error must
be somewhere else.

# iptables -I INPUT --log-prefix /var/log/firewall -j LOG
iptables v1.2.5: Unknown arg --log-prefix'
Try iptables -h' or 'iptables --help' for more information.
#

 the --log-prefix switch is
 there so you can add some text to the packet header to help you
 identify various packets. It is not there to redirect output to a
 separate log file.
 

- -- 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)

iD8DBQE9t7nt0iMVcrivHFQRAsIVAJ42FkUwTrtNt/B32LsrPOZUcyuZaACdHeSe
uMat4NVKovPvwW35dkbzktA=
=prfO
-END PGP SIGNATURE-



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Unknown arg --log-prefix /var/log/firewall

2002-10-24 Thread linux power

Ok. That explain a little. But the -j LOG statement doesent work for any of the options available. I get Unknown Argument for both --log-prefix and --limit
Jack Bowling [EMAIL PROTECTED] wrote:
On Mon, Oct 21, 2002 at 11:05:52AM +0200, linux power wrote: Unknown arg --log-prefix /var/log/firewall Thats what I get in iptables -L when I use  -j LOG --log-prefix /var/log/firewall and want to log outgoing unwanted signals. Any idea how to turn logging on.I'm sure somebody posted this yesterday but you still don't seem to getit. The error message is telling you the truth: /var/log/firewall is*not* a valid argument to --log-prefix. the --log-prefix switch is thereso you can add some text to the packet header to help you identifyvarious packets. It is not there to redirect output to a separate logfile.-- Jack Bowlingmailto: [EMAIL PROTECTED]-- redhat-list mailing listunsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribehttps://listman.redhat.com/mailman/listi!
nfo/redhat-listhttp://home.no.net/~knutove/knut_ove_hauge_kuren.htmYahoo! Mail har fått nytt utseende 
Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok

Re: Unknown arg --log-prefix /var/log/firewall

2002-10-23 Thread Jack Bowling

On Mon, Oct 21, 2002 at 11:05:52AM +0200, linux power wrote:
 Unknown arg --log-prefix   /var/log/firewall
 Thats what I get in iptables -L
 when I use  -j LOG --log-prefix /var/log/firewall
 and want to log outgoing unwanted signals.
 Any idea how to turn logging on.

I'm sure somebody posted this yesterday but you still don't seem to get
it. The error message is telling you the truth: /var/log/firewall is
*not* a valid argument to --log-prefix. the --log-prefix switch is there
so you can add some text to the packet header to help you identify
various packets. It is not there to redirect output to a separate log
file.

-- 
Jack Bowling
mailto: [EMAIL PROTECTED]



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

RE: Unknown arg --log-prefix /var/log/firewall

2002-10-22 Thread linux power

Actually I never had anything in /var/log/firewall.
The printout of your rpm command is.
[roo[root@localhost bin]# rpm -V iptables
kernel-'uname -r'
S.5T   /lib/iptables/libipt_LOG.so
package kernel-uname -r is not installed.

 --- Gordon Messmer [EMAIL PROTECTED] skrev:  On
Mon, 2002-10-21 at 22:28, linux power wrote:
  
  iptables -N firewall
  iptables -A firewall -m limit --limit 15/minute -j
 LOG
  --log-prefix /var/log/firewall
 
 That will fail on older iptables versions, where the
 maximum length of
 the log-prefix is 14 characters.  The log-prefix
 isn't a file or
 directory where messages are logged, it's a message
 that appears at the
 beginning of every entry that's logged *in syslog*
 because of that rule.
 
 Those exact commands worked on a RHL 8.0 machine on
 which I tested.
 
 What versions of iptables and kernel do you have
 installed?  Does rpm
 report any size or md5 differences when you do:
 rpm -V iptables kernel-`uname -r`
 
  iptables -A firewall -j DROP
  And the dir /var/log/firewall excist.
  It has worked before this way.
 
 If you had messages in /var/log/firewall, then you'd
 set up syslog to do
 so.  The kernel's packet filters (whether ipchains
 or iptables) always
 logs through syslog, never directly to files.
 
 
 
 
 -- 
 redhat-list mailing list
 unsubscribe

mailto:redhat-list-request;redhat.com?subject=unsubscribe
 https://listman.redhat.com/mailman/listinfo/redhat-list

=
http://home.no.net/~knutove/knut_ove_hauge_kuren.htm

__
Se den nye Yahoo! Mail på http://no.yahoo.com/
Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

RE: Unknown arg --log-prefix /var/log/firewall

2002-10-22 Thread Bret Hughes

On Tue, 2002-10-22 at 01:58, linux power wrote:
 Actually I never had anything in /var/log/firewall.
 The printout of your rpm command is.
 [roo[rootlocalhost bin]# rpm -V iptables
 kernel-'uname -r'
 S.5T   /lib/iptables/libipt_LOG.so
 package kernel-uname -r is not installed.
 

the kernel-`uname -r` entry should be with backticks (same key as the ~
on most keyboards)  it is a command the asks what is the kernel revision
[bhughesbru1 bhughes]$ uname -r
2.4.9-31
[bhughesbru1 bhughes]$ rpm -V kernel-`uname -r`
.M..   /dev/shm
[bhughesbru1 bhughes]$ rpm -V iptables
[bhughesbru1 bhughes]$ 

try the command with the backticks and post the results.

Now I am VERY concerned that your iptables shows that a library file has
been changed.  Especially one that has LOG in the name.

It will be interesting to see what Gordon thinks.  He knows FAR more
about this stuff than I.

HTH

Bret
 



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

RE: Unknown arg --log-prefix /var/log/firewall

2002-10-22 Thread linux power

Ok. Here it is.
[knut@localhost knut]$ rpm -V kernel-`uname -r`
.M..   /dev/shm
[knut@localhost knut]$ rpm -V iptables
S.5T   /lib/iptables/libipt_LOG.so
[knut@localhost knut]$ 






 --- Bret Hughes [EMAIL PROTECTED] skrev:  On
Tue, 2002-10-22 at 01:58, linux power wrote:
  Actually I never had anything in
 /var/log/firewall.
  The printout of your rpm command is.
  [roo[root@localhost bin]# rpm -V iptables
  kernel-'uname -r'
  S.5T   /lib/iptables/libipt_LOG.so
  package kernel-uname -r is not installed.
  
 
 the kernel-`uname -r` entry should be with backticks
 (same key as the ~
 on most keyboards)  it is a command the asks what is
 the kernel revision
 [bhughes@bru1 bhughes]$ uname -r
 2.4.9-31
 [bhughes@bru1 bhughes]$ rpm -V kernel-`uname -r`
 .M..   /dev/shm
 [bhughes@bru1 bhughes]$ rpm -V iptables
 [bhughes@bru1 bhughes]$ 
 
 try the command with the backticks and post the
 results.
 
 Now I am VERY concerned that your iptables shows
 that a library file has
 been changed.  Especially one that has LOG in the
 name.
 
 It will be interesting to see what Gordon thinks. 
 He knows FAR more
 about this stuff than I.
 
 HTH
 
 Bret
  
 
 
 
 -- 
 redhat-list mailing list
 unsubscribe

mailto:redhat-list-request;redhat.com?subject=unsubscribe
 https://listman.redhat.com/mailman/listinfo/redhat-list

=
http://home.no.net/~knutove/knut_ove_hauge_kuren.htm

__
Se den nye Yahoo! Mail på http://no.yahoo.com/
Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Unknown arg --log-prefix /var/log/firewall

2002-10-21 Thread linux power

Yes I started iptables again.


 --- Thomas Ribbrock [EMAIL PROTECTED] skrev:  On
Mon, Oct 21, 2002 at 03:44:35PM +0200, linux
 power wrote:
  No I get invalid --log-level
  There is something wrong with the -j LOG
 statement.I
  dont accept any options.
  It became like this after I think I got hacked.
 
 Did you reinstall?
 
 Cheerio,
 
 Thomas
 
 P.S.: Please delete unnecessary quotes from your
 mails - makes for a lot
   easier reading. Thanks!
 -- 
  http://www.netmeister.org/news/learn2quote.html
...'cause
 only lusers quote signatures!
  Thomas Ribbrock | http://www.ribbrock.org |
 ICQ#: 15839919
You have to live on the edge of reality - to
 make your dreams come true!
 
 
 
 -- 
 redhat-list mailing list
 unsubscribe

mailto:redhat-list-request;redhat.com?subject=unsubscribe
 https://listman.redhat.com/mailman/listinfo/redhat-list

=
http://home.no.net/~knutove/knut_ove_hauge_kuren.htm

__
Se den nye Yahoo! Mail på http://no.yahoo.com/
Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Unknown arg --log-prefix /var/log/firewall

2002-10-21 Thread linux power

Ok thats a lot of work. I'll see what I do if I think
I got visited again.




 --- Bret Hughes [EMAIL PROTECTED] skrev:  On
Mon, 2002-10-21 at 13:06, linux power wrote:
  Yes I started iptables again.
  
  
 
 I think what he was asking is did you reinstall
 redhat on your box?  The
 only safe way to recover from a hacked box is to
 start from bare metal
 and reinstall.  A lot of the issues you are
 experiencing could come from
 a hackers attempt to create back doors and avoid
 detection by replacing
 programs that could detect him or keep him out.
 
 Bret 
 
 
 
 -- 
 redhat-list mailing list
 unsubscribe

mailto:redhat-list-request;redhat.com?subject=unsubscribe
 https://listman.redhat.com/mailman/listinfo/redhat-list

=
http://home.no.net/~knutove/knut_ove_hauge_kuren.htm

__
Se den nye Yahoo! Mail på http://no.yahoo.com/
Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Unknown arg --log-prefix /var/log/firewall

2002-10-21 Thread Ernest E Vogelsinger

At 23:22 21.10.2002, linux power said:
[snip]
Ok thats a lot of work. I'll see what I do if I think
I got visited again.
[snip] 

hmm - well, if you think you already _got_ visited you should rather think
what you do _now_, I mean when to reinstall your box from scratch - it
shouldn't be _that_ pain, it's no Win2K, after all. *g*


   O Ernest E. Vogelsinger
   (\)ICQ#   13394035
^ 



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Unknown arg --log-prefix /var/log/firewall

2002-10-21 Thread Bret Hughes

On Mon, 2002-10-21 at 13:06, linux power wrote:
 Yes I started iptables again.
 
 

I think what he was asking is did you reinstall redhat on your box?  The
only safe way to recover from a hacked box is to start from bare metal
and reinstall.  A lot of the issues you are experiencing could come from
a hackers attempt to create back doors and avoid detection by replacing
programs that could detect him or keep him out.

Bret 



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Unknown arg --log-prefix /var/log/firewall

2002-10-21 Thread linux power

Unknown arg --log-prefix   /var/log/firewall
Thats what I get in iptables -L
when I use  -j LOG --log-prefix /var/log/firewall
and want to log outgoing unwanted signals.
Any idea how to turn logging on.

=
http://home.no.net/~knutove/knut_ove_hauge_kuren.htm

__
Se den nye Yahoo! Mail på http://no.yahoo.com/
Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

RE: Unknown arg --log-prefix /var/log/firewall

2002-10-21 Thread Vaughan Roberts

This is what I use to get kernel logging turned on in iptables:
iptables -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level notice 
--log-prefix Netfilter in: 

Use syslog.conf to determine where the output of the log will go, e.g.
kern.notice;kern.!warning   /var/log/firewall
# This will log priority notice only into /var/log/firewall, warning and above will 
not get sent there
# look to other rules to determine where they go.
# Also look to dmesg -n 4 to limit err priority and above only being sent to 
/dev/console

This is a bit kludgey as you will get other notice level logs going into 
/var/log/firewall, anybody else got a better idea??

Best regards,
Vaughan

On Monday, October 21, 2002 7:06 PM, linux power [SMTP:[EMAIL PROTECTED]] wrote:
 Unknown arg --log-prefix   /var/log/firewall
 Thats what I get in iptables -L
 when I use  -j LOG --log-prefix /var/log/firewall
 and want to log outgoing unwanted signals.
 Any idea how to turn logging on.
 
 =
 http://home.no.net/~knutove/knut_ove_hauge_kuren.htm
 
 __
 Se den nye Yahoo! Mail pa http://no.yahoo.com/
 Nytt design, enklere a bruke, alltid tilgang til Adressebok, Kalender og Notisbok
 
 
 
 -- 
 redhat-list mailing list
 unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
 https://listman.redhat.com/mailman/listinfo/redhat-list



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

RE: Unknown arg --log-prefix /var/log/firewall

2002-10-21 Thread Gordon Messmer

Again:  you weren't hacked, you're just using the option wrong.

Post the command you're trying to use this time and the error message it
prints, and we can help you figure out exactly what's wrong.


On Mon, 2002-10-21 at 06:44, linux power wrote:
 No I get invalid --log-level
 There is something wrong with the -j LOG statement.I
 dont accept any options.
 It became like this after I think I got hacked.
 
 
 
  --- Vaughan Roberts [EMAIL PROTECTED] skrev: 
 This is what I use to get kernel logging turned on
  in iptables:
  iptables -A INPUT -m limit --limit 3/minute
  --limit-burst 3 -j LOG --log-level notice
  --log-prefix Netfilter in: 
  




-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

RE: Unknown arg --log-prefix /var/log/firewall

2002-10-21 Thread linux power


iptables -N firewall
iptables -A firewall -m limit --limit 15/minute -j LOG
--log-prefix /var/log/firewall
iptables -A firewall -j DROP
And the dir /var/log/firewall excist.
It has worked before this way.


 --- Gordon Messmer [EMAIL PROTECTED] skrev: 
Again:  you weren't hacked, you're just using the
 option wrong.
 
 Post the command you're trying to use this time and
 the error message it
 prints, and we can help you figure out exactly
 what's wrong.
 
 
 On Mon, 2002-10-21 at 06:44, linux power wrote:
  No I get invalid --log-level
  There is something wrong with the -j LOG
 statement.I
  dont accept any options.
  It became like this after I think I got hacked.
  
  
  
   --- Vaughan Roberts [EMAIL PROTECTED] skrev:
 
  This is what I use to get kernel logging turned on
   in iptables:
   iptables -A INPUT -m limit --limit 3/minute
   --limit-burst 3 -j LOG --log-level notice
   --log-prefix Netfilter in: 
   
 
 
 
 
 -- 
 redhat-list mailing list
 unsubscribe

mailto:redhat-list-request;redhat.com?subject=unsubscribe
 https://listman.redhat.com/mailman/listinfo/redhat-list

=
http://home.no.net/~knutove/knut_ove_hauge_kuren.htm

__
Se den nye Yahoo! Mail på http://no.yahoo.com/
Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

RE: Unknown arg --log-prefix /var/log/firewall

2002-10-21 Thread Gordon Messmer

On Mon, 2002-10-21 at 22:28, linux power wrote:
 
 iptables -N firewall
 iptables -A firewall -m limit --limit 15/minute -j LOG
 --log-prefix /var/log/firewall

That will fail on older iptables versions, where the maximum length of
the log-prefix is 14 characters.  The log-prefix isn't a file or
directory where messages are logged, it's a message that appears at the
beginning of every entry that's logged *in syslog* because of that rule.

Those exact commands worked on a RHL 8.0 machine on which I tested.

What versions of iptables and kernel do you have installed?  Does rpm
report any size or md5 differences when you do:
rpm -V iptables kernel-`uname -r`

 iptables -A firewall -j DROP
 And the dir /var/log/firewall excist.
 It has worked before this way.

If you had messages in /var/log/firewall, then you'd set up syslog to do
so.  The kernel's packet filters (whether ipchains or iptables) always
logs through syslog, never directly to files.




-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Strange /var/log/messages LOG Hack attempt?

2002-07-13 Thread Edward Marczak


On 7/12/02 12:49 PM, Nicolae [EMAIL PROTECTED] wrote:

 
 I have this in my message log and I haven't had this happen before.  Any
 input on this..
 
 Jul 11 11:48:15 myhost rpc.statd[807]: gethostbyname error for
 ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^
 [÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n\220\220\220\2
 20\220\220\220\220\220\220\
 220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
 220\220\220\220\220\220\220
 \220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
 \220\220\220\220\220\220\22
 0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22
 0\220\220\220\220\220\220\2
 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2
 20\220\220\220\220\220\220\
 220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
 220\220\220\220\220\220\22
 
 I know on httpd logs what these are:
 200.184.174.XXX - - [10/Jul/2002:16:24:37 -0700] GET
 /default.ida?NNN
 
 NN
 
 NNN%u9
 090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
 090%u9090%u8
 190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u%u00=a  HTTP/1.0 400 322
 - -
 
 That makes me feel so good; that I am not running windows.
 
 Although the question was / wondering why did I get the first odd
 looking log on my /var/log/messages

Looks like code red II.  You get that line in /var/log/messages because the
address was faked (or overloaded, etc.) and your machine tried to do DNS
resolution.
-- 
Ed Marczak
[EMAIL PROTECTED]



___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Strange /var/log/messages LOG Hack attempt?

2002-07-12 Thread Nicolae



I have this in my message log and I haven't had this happen before.  Any
input on this..

Jul 11 11:48:15 myhost rpc.statd[807]: gethostbyname error for
^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^
[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n\220\220\220\2
20\220\220\220\220\220\220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\220\220\220\220\220\220
\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
\220\220\220\220\220\220\22
0\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22
0\220\220\220\220\220\220\2
20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2
20\220\220\220\220\220\220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\220\220\220\220\220\22

I know on httpd logs what these are:
200.184.174.XXX - - [10/Jul/2002:16:24:37 -0700] GET
/default.ida?NNN

NN

NNN%u9
090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
090%u9090%u8
190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u%u00=a  HTTP/1.0 400 322
- -

That makes me feel so good; that I am not running windows.

Although the question was / wondering why did I get the first odd
looking log on my /var/log/messages



___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

/var/log

2002-05-19 Thread angelaoyu


Hi all

I am using RH 7.2

After using the syslog to receive the logs from other servers, the
files, message, maillog are not automatically generated to message.1,
message.2 when the files become bigger

How can I make it same as before.

Thank you



___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log

2002-05-19 Thread Emmanuel Seyman


On Sun, May 19, 2002 at 04:21:52PM -0400, [EMAIL PROTECTED] wrote:
 
 After using the syslog to receive the logs from other servers, the
 files, message, maillog are not automatically generated to message.1,
 message.2 when the files become bigger

Logfiles are rotated on a weekly basis, by default.
You can rotate them more often or on a per-size basis
but you'll need to change /etc/logrotate/syslog to do that.
The logrotate manpage explains it very well.

Emmanuel



___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log

2002-05-19 Thread Statux


the suffixing looks like a logrotate thing :)

On Sun, 19 May 2002 [EMAIL PROTECTED] wrote:

 Hi all

 I am using RH 7.2

 After using the syslog to receive the logs from other servers, the
 files, message, maillog are not automatically generated to message.1,
 message.2 when the files become bigger

 How can I make it same as before.

 Thank you



 ___
 Redhat-list mailing list
 [EMAIL PROTECTED]
 https://listman.redhat.com/mailman/listinfo/redhat-list


-- 




___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

/var/log/messages - was errors Re: how to read strace?

2002-04-23 Thread Bret Hughes


On Tue, 2002-04-23 at 00:59, Gordon Messmer wrote:
 On Mon, 2002-04-22 at 13:49, Bret Hughes wrote:
   I have some strange happenings on one of my machines this morning
   looking around I found that one repeatebale symtom is that cat coredumps
   everytime it runs.  I am no c coder so if anyone can give me a tip as to
   what might be screwing up I would appreciate it.
   
   Here is an strace 
   
   [root@ele3c display]# strace cat running
 ...
   open(/lib/i686/libc.so.6, O_RDONLY)   = 3
 ...
   old_mmap(0x4014f000, 14120, PROT_READ|PROT_WRITE,
   MAP_PRIVATE|MAP_FIXED|MAP_ANON
   YMOUS, -1, 0) = 0x4014f000
   close(3)= 0
   --- SIGSEGV (Segmentation fault) ---
   +++ killed by SIGSEGV +++
 
 OK, so cat segfaults immediately after loading the i686 glibc.  So, have
 you recently changed kernels?  If so, did you install an i686 arch
 kernel?  Or maybe you loaded glibc-...i686 on a non-i686 machine?  Or
 maybe it's the reason so many mysterious things happen... and the
 machine was hacked and modified.
 
OK I see that , thanks.  No upgrades. but this is running on a duron.  

A reboot fixed the cat problem but problems still exist.

From /var/log/messages yesterday:
Apr 22 08:57:04 ele3c kernel: memory.c:83: bad pmd 0040.
Apr 22 08:57:05 ele3c kernel: Kernel logging (proc) stopped.
Apr 22 08:57:05 ele3c kernel: Kernel log daemon terminating.

This is when I rebooted.
 


had problems (different) again tonight

Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga
Apr 23 00:02:56 ele3c kernel: Unused swap offset entry in swap_dup
0040
Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga
Apr 23 00:02:56 ele3c kernel: Unused swap offset entry in swap_dup
0040
Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga
Apr 23 00:02:57 ele3c kernel: VM: Bad swap entry 0040
Apr 23 03:59:25 ele3c kernel: attempt to access beyond end of device
Apr 23 03:59:25 ele3c kernel: 03:09: rw=0, want=4440444, limit=257008
Apr 23 03:59:25 ele3c kernel: attempt to access beyond end of device
Apr 23 03:59:25 ele3c kernel: 03:09: rw=0, want=4440444, limit=257008
Apr 23 04:57:29 ele3c kernel: Kernel logging (proc) stopped.
Apr 23 04:57:29 ele3c kernel: Kernel log daemon terminating.

This looks bad.  If I understand this correctly device 03:09 is
/dev/hda9.  That is my / partition.
 [root@ele3c log]# mount
/dev/hda9 on / type ext2 (rw)
none on /proc type proc (rw)
usbdevfs on /proc/bus/usb type usbdevfs (rw)
/dev/hda1 on /boot type ext2 (rw)
/dev/hda6 on /home type ext2 (rw,sync)
/dev/hda10 on /tmp type ext2 (rw)
/dev/hda5 on /usr type ext2 (rw)
/dev/hda7 on /var type ext2 (rw,sync)
none on /dev/pts type devpts (rw,gid=5,mode=620)
automount(pid521) on /misc type autofs
(rw,fd=5,pgrp=521,minproto=2,maxproto=3)

[root@ele3c log]# fdisk -l

Disk /dev/hda: 255 heads, 63 sectors, 2434 cylinders
Units = cylinders of 16065 * 512 bytes

   Device BootStart   EndBlocks   Id  System
/dev/hda1   * 1 5 40131   83  Linux
/dev/hda2 6  2434  19510942+   5  Extended
/dev/hda5 6   325   2570368+  83  Linux
/dev/hda6   326   645   2570368+  83  Linux
/dev/hda7   646   773   1028128+  83  Linux
/dev/hda8   774   838522081   82  Linux swap
/dev/hda9   839   870257008+  83  Linux
/dev/hda10  871   902257008+  83  Linux



Hmmm. I wonder if this has been going on for awhile?

[root@ele3c log]# grep 'memory.c' /var/log/messages*
/var/log/messages:Apr 22 08:57:04 ele3c kernel: memory.c:83: bad pmd
0040.
/var/log/messages.1:Apr 20 09:05:13 ele3c kernel: memory.c:83: bad pmd
0040.

[root@ele3c log]# grep 'attempt' /var/log/messages*
/var/log/messages:Apr 23 03:59:25 ele3c kernel: attempt to access beyond
end of device
/var/log/messages:Apr 23 03:59:25 ele3c kernel: attempt to access beyond
end of device

[root@ele3c log]# grep 'VM' /var/log/messages*
/var/log/messages:Apr 22 02:05:09 ele3c kernel: VM: Bad swap entry
0040
/var/log/messages:Apr 22 07:51:30 ele3c kernel: VM: Bad swap entry
0040
/var/log/messages:Apr 22 12:05:08 ele3c kernel: VM: Bad swap entry
0040
/var/log/messages:Apr 23 00:02:53 ele3c kernel: VM: Bad swap entry
0040
/var/log/messages:Apr 23 00:02:56 ele3c kernel: VM: killing process
netscape-naviga
/var/log/messages:Apr 23 00:02:56 ele3c kernel: VM: killing process
netscape-naviga
/var/log/messages:Apr 23 00:02:56 ele3c kernel: VM: killing process
netscape-naviga
/var/log/messages:Apr 23 00:02:57 ele3c kernel: VM: Bad swap entry
0040
/var/log/messages.1:Apr 19 08:05:15 ele3c kernel: VM: Bad swap entry
0040

Seems like there is something began to happen on Apr 19.  I wonder if
there was a power failure or something?

[root@ele3c log]# grep 'Apr 19' boot.log*
boot.log.1:Apr 19 04:02:52 ele3c ntpd: ntpd shutdown succeeded
boot.log.1:Apr 19 04:02:52 ele3c ntpd:  succeeded
boot.log.1:Apr 19 04:02

Re: /var/log/messages - was errors Re: how to read strace?

2002-04-23 Thread Michael Fratoni


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tuesday 23 April 2002 07:18 am, Bret Hughes wrote:

 A reboot fixed the cat problem but problems still exist.
[snip]
 had problems (different) again tonight

 Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga
 Apr 23 00:02:56 ele3c kernel: Unused swap offset entry in swap_dup
 0040
 Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga
 Apr 23 00:02:56 ele3c kernel: Unused swap offset entry in swap_dup
 0040
 Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga
 Apr 23 00:02:57 ele3c kernel: VM: Bad swap entry 0040
 Apr 23 03:59:25 ele3c kernel: attempt to access beyond end of device
 Apr 23 03:59:25 ele3c kernel: 03:09: rw=0, want=4440444, limit=257008
 Apr 23 03:59:25 ele3c kernel: attempt to access beyond end of device
 Apr 23 03:59:25 ele3c kernel: 03:09: rw=0, want=4440444, limit=257008
 Apr 23 04:57:29 ele3c kernel: Kernel logging (proc) stopped.
 Apr 23 04:57:29 ele3c kernel: Kernel log daemon terminating.
[snip]
 Any Ideas any one?  Is this a hardware issue of some sort?

Best guess? Yes.
I suspect a dying hard drive, or a bad memory module.

- -- 
- -Michael

pgp key:  http://www.tuxfan.homeip.net:8080/gpgkey.txt
Red Hat Linux 7.2 in 8M of RAM: http://www.rule-project.org/
- --
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjzFTDQACgkQn/07WoAb/StmXwCfYKHmadLQ+eD/rj/at3344Fbu
9CcAoLNbpPrMXz3YBkigBjJ8j5ms2l4K
=IvVO
-END PGP SIGNATURE-



___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: /var/log/messages - was errors Re: how to read strace?

2002-04-23 Thread Gordon Messmer


On Tue, 2002-04-23 at 04:57, Michael Fratoni wrote:
 
  Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga
  Apr 23 00:02:56 ele3c kernel: Unused swap offset entry in swap_dup
  0040
  Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga
  Apr 23 00:02:56 ele3c kernel: Unused swap offset entry in swap_dup
  0040
  Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga
  Apr 23 00:02:57 ele3c kernel: VM: Bad swap entry 0040
 [snip]
  Any Ideas any one?  Is this a hardware issue of some sort?
 
 Best guess? Yes.
 I suspect a dying hard drive, or a bad memory module.

Both of those seem reasonable.  You can do a basic check of the drive
with:
badblocks -v /dev/hda

If that comes up clean, you should probably run memtest86.  Downside to
this is that you'll have to reboot and be offline during the test.




signature.asc
Description: This is a digitally signed message part

message in /var/log/messages

2002-03-23 Thread Jochen Kaechelin


What does this mean:

jochen fam[1625]: fd 6 write error: Broken pipe

-- 
Jochen



___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Interpreting /var/log/messages

2002-03-21 Thread Ashwin Khandare


Thanks Ray

http://www.ccux.com/firewall-seen.shtml

This page gives a great deal of information.

- Original Message -
From: Ray Curtis [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 19, 2002 7:45 PM
Subject: Re: Interpreting /var/log/messages


  m == manzabar  [EMAIL PROTECTED] writes:

 m I'm looking for a website that will allow me to past in messages
from this
 m log file that contain information logged by iptables, so that it
turns
 m stuff like this:
 m Mar 18 19:56:27 c896765-a kernel: IN=eth0 OUT=
 m MAC=01:00:5e:00:00:01:00:20:40:6a:4d:1b:08:00 SRC=192.168.100.1
 m DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2

 m Into something that is a bit more readable.  I know there have been
links
 m posted previously, but I had no luck searching the archives and I
lost the
 m links in one of my last system upgrades.  Any help is greatly
appreciated!

 http://www.ccux.com/firewall-seen.shtml

 --
 Ray Curtis
 mailto:[EMAIL PROTECTED] http://www.ccux.com



 ___
 Redhat-list mailing list
 [EMAIL PROTECTED]
 https://listman.redhat.com/mailman/listinfo/redhat-list



___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Interpreting /var/log/messages

2002-03-19 Thread Manzabar




Sorry for the double-post, I was getting a message back that my e-mail had
bounced.

Mark McKibben [EMAIL PROTECTED]
http://www.avalon.net/~manzabar
ICQ#  8476502

Experience is that marvelous thing that enables you recognize a mistake
when you make it again.
 - Unknown



___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

1 2 >

1 - 100 of 179 matches

Mail list logo