net
> -- Internetworking Consultant
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> On Behalf Of Manuel Aróstegui Ramirez
> Sent: Tuesday, 3 June 2003 9:39 PM
> To: [EMAIL PROTECTED]
> Subject: Re: /var/log/messages question.
mirez
Sent: Tuesday, 3 June 2003 9:39 PM
To: [EMAIL PROTECTED]
Subject: Re: /var/log/messages question.
in my opinion, all /var/log :-)
--- Lucas Mattson <[EMAIL PROTECTED]> escribió:
> Which log files would an intruder delete if he
> breaks int
in my opinion, all /var/log :-)
--- Lucas Mattson <[EMAIL PROTECTED]> escribió:
> Which log files would an intruder delete if he
> breaks into my linux server?
>
>
_
> Här börjar internet!
> Skaffa gratis e-mail och gratis internet på
>
Which log files would an intruder delete if he breaks into my linux server?
_
Här börjar internet!
Skaffa gratis e-mail och gratis internet på http://www.spray.se
Hitta rätt på internet med Lycos - http://lycos.spray.se
I will be out of the office Friday, November 15th. If this is an emergency please
contact the IT help desk.
Thank you,
Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140
--
redhat-list mailing list
unsubscribe mailto:redhat-l
I will be out of the office Friday, November 15th. If this is an emergency please
contact the IT help desk.
Thank you,
Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140
--
redhat-list mailing list
unsubscribe mailto:redhat-l
I will be out of the office Friday, November 15th. If this is an emergency please
contact the IT help desk.
Thank you,
Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140
--
redhat-list mailing list
unsubscribe mailto:redhat-l
I will be out of the office Friday, November 15th. If this is an emergency please
contact the IT help desk.
Thank you,
Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140
--
redhat-list mailing list
unsubscribe mailto:redhat-l
I will be out of the office Friday, November 15th. If this is an emergency please
contact the IT help desk.
Thank you,
Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140
--
redhat-list mailing list
unsubscribe mailto:redhat-l
I will be out of the office Friday, November 15th. If this is an emergency please
contact the IT help desk.
Thank you,
Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140
--
redhat-list mailing list
unsubscribe mailto:redhat-l
I will be out of the office Friday, November 15th. If this is an emergency please
contact the IT help desk.
Thank you,
Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140
--
redhat-list mailing list
unsubscribe mailto:redhat-l
I will be out of the office Friday, November 15th. If this is an emergency please
contact the IT help desk.
Thank you,
Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140
--
redhat-list mailing list
unsubscribe mailto:redhat-l
I will be out of the office Friday, November 15th. If this is an emergency please
contact the IT help desk.
Thank you,
Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140
--
redhat-list mailing list
unsubscribe mailto:redhat-l
On Thu, Nov 14, 2002 at 09:23:13PM -0500, Sam Steingold wrote:
> my /var/log/messages is huge because it logs each and every packet:
>
> Nov 14 21:20:36 kernel: Packet log: input ACCEPT eth0 PROTO=6 ...
You have -l in your iptables/ipchains rules. Typically found in
/etc/
I will be out of the office Friday, November 15th. If this is an emergency please
contact the IT help desk.
Thank you,
Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140
--
redhat-list mailing list
unsubscribe mailto:redhat-l
I will be out of the office Friday, November 15th. If this is an emergency please
contact the IT help desk.
Thank you,
Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140
--
redhat-list mailing list
unsubscribe mailto:redhat-l
On 14 Nov 2002, Sam Steingold wrote:
> my /var/log/messages is huge because it logs each and every packet:
>
> Nov 14 21:20:36 kernel: Packet log: input ACCEPT eth0 PROTO=6 ...
>
> how do I turn this off?
The Drastic Way is "/etc/init.d/iptables stop" or "ipc
I will be out of the office Friday, November 15th. If this is an emergency please
contact the IT help desk.
Thank you,
Jacob Petrie
Web Systems/Information Technology
Kitsap Community Federal Credit Union
[EMAIL PROTECTED]
360.662.2140
--
redhat-list mailing list
unsubscribe mailto:redhat-l
my /var/log/messages is huge because it logs each and every packet:
Nov 14 21:20:36 kernel: Packet log: input ACCEPT eth0 PROTO=6 ...
how do I turn this off?
--
Sam Steingold (http://www.podval.org/~sds) running RedHat8 GNU/Linux
<http://www.camera.org> <http://www.iris.org.
On Tue, Nov 12, 2002 at 08:37:52PM -0600, Yoink! wrote:
>
> File a bug report with Bugzilla on redhat's site. You hit some king of
> kernel error, likely in their ext3 code.
I've replaced the RAM in that machine and the problems
(and error messages) went away.
Emmanuel
--
redhat-list mailing
On Mon, 11 Nov 2002, Emmanuel Seyman wrote:
>
> Can anybody tell me what this means:
>
> Nov 11 21:44:51 zoe kernel: EXT3-fs error (device sd(8,2)): ext3_add_entry: bad
>entry in directory #49111: directory entry across blocks - offset=29332, inode=50572,
>rec_len=8212, name_len=10
> Nov 11 21:44
Can anybody tell me what this means:
Nov 11 21:44:51 zoe kernel: EXT3-fs error (device sd(8,2)): ext3_add_entry: bad entry
in directory #49111: directory entry across blocks - offset=29332, inode=50572,
rec_len=8212, name_len=10
Nov 11 21:44:52 zoe kernel: Unable to handle kernel NULL pointer d
%u00=a HTTP/1.0" 400 322
> "-" "-"
>
> That makes me feel so good; that I am not running windows.
>
> Although the question was / wondering why did I get the first odd
> looking log on my /var/log/messages
Looks like code red II. You get tha
6858%ucbd3%u7801%u9
090%u9090%u8
190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u%u00=a HTTP/1.0" 400 322
"-" "-"
That makes me feel so good; that I am not running windows.
Although the question was / wondering why did I get the first odd
On Tue, 2002-04-23 at 04:57, Michael Fratoni wrote:
> >
> > Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga
> > Apr 23 00:02:56 ele3c kernel: Unused swap offset entry in swap_dup
> > 0040
> > Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga
> > Apr 23 00:02:5
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 23 April 2002 07:18 am, Bret Hughes wrote:
> A reboot fixed the cat problem but problems still exist.
[snip]
> had problems (different) again tonight
>
> Apr 23 00:02:56 ele3c kernel: VM: killing process netscape-naviga
> Apr 23 00:02:56 e
ason so many mysterious things happen... and the
> machine was hacked and modified.
>
OK I see that , thanks. No upgrades. but this is running on a duron.
A reboot fixed the cat problem but problems still exist.
>From /var/log/messages yesterday:
Apr 22 08:57:04 ele3c kernel: mem
What does this mean:
jochen fam[1625]: fd 6 write error: Broken pipe
--
Jochen
___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
Thanks Ray
http://www.ccux.com/firewall-seen.shtml
This page gives a great deal of information.
- Original Message -
From: "Ray Curtis" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 19, 2002 7:45 PM
Subject: Re: Interpreting /var/log
> "m" == manzabar <[EMAIL PROTECTED]> writes:
m> I'm looking for a website that will allow me to past in messages from this
m> log file that contain information logged by iptables, so that it turns
m> stuff like this:
m> Mar 18 19:56:27 c896765-a kernel: IN=eth0 OUT=
m> M
Sorry for the double-post, I was getting a message back that my e-mail had
bounced.
Mark McKibben [EMAIL PROTECTED]
http://www.avalon.net/~manzabar
ICQ# 8476502
Experience is that marvelous thing that enables you recognize a mistake
when you make it again.
- Unknown
__
I'm looking for a website that will allow me to past in messages from this
log file that contain information logged by iptables, so that it turns
stuff like this:
Mar 18 19:56:27 c896765-a kernel: IN=eth0 OUT=
MAC=01:00:5e:00:00:01:00:20:40:6a:4d:1b:08:00 SRC=192.168.100.1
DST=224.0.0.1 LEN=28 TOS
I'm looking for a website that will allow me to past in messages from this
log file that contain information logged by iptables, so that it turns
stuff like this:
Mar 18 19:56:27 c896765-a kernel: IN=eth0 OUT=
MAC=01:00:5e:00:00:01:00:20:40:6a:4d:1b:08:00 SRC=192.168.100.1
DST=224.0.0.1 LEN=28 TOS
This was a connection that someone made to your box from IP address
xxx.xxx.xxx.xxx to your secure shell port. They couldn't login, therefore
you get the message "Did not receive identification string".
Paul Greene
On Thu, 14 Mar 2002, Steve Lee wrote:
> looks like i get this message from sshd
looks like i get this message from sshd in the syslog
how do i get rid of this ?
sshd[pid]: Did not receive identification string from xxx.xxx.xxx.xxx
___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat
12:50:34PM +, [EMAIL PROTECTED] wrote:
> Periodically my rhnsd logs /var/log/messages:
>
> /usr/sbin/rhn_check
> ERROR: unable to read system id.
>
> What is this and what do I do about it?
>
> Regards,
>
> eve.
>
> -->> FREE Perl CGI scripts ad
Periodically my rhnsd logs /var/log/messages:
/usr/sbin/rhn_check
ERROR: unable to read system id.
What is this and what do I do about it?
Regards,
eve.
-->> FREE Perl CGI scripts add WEB ACCESS to your
-->> POP E-Mail accounts! Download today!! http://www
I am getting some errors in my /var/log/messages file;
Nov 23 22:49:46 blackwatch kernel: neighbour table overflow
Should I be worried about this?
It seems to only happen after the machine has been running for a week or so..
What should I be looking for/at to fix or tend to this?
Thanks in
Sorry, pressed send before I was finished. :(
I am getting some errors in my /var/log/messages file;
Nov 23 22:49:46 blackwatch kernel: neighbour table overflow
- - - - -
Info about the machine:-
Kernel is: 2.2.5-15
Memory is;
[darryl@blackwatch:~]$ free -m
On Wed, 28 Mar 2001, Lee Smallbone wrote:
> Date: Wed, 28 Mar 2001 11:14:50 +0100
> From: Lee Smallbone <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Strange entry in /var/log/messages
>
> Hi,
>
> I say strange, but I'
Hi,
I say strange, but I've not come across it before. A quick check of web references
indicates
a local /bin/ping issue, but according to logs, no one has logged in during the time
the log
entries were made. Any help would be appreciated.
Mar 28 10:55:12 photon kernel: kmalloc: Size (14425
o make a long story short, here is what is happening in my
/var/log/messages every two seconds. About 1 hour of uptime, creates a
250kb file.
Feb 6 08:37:24 phobos kernel: ATAPI device hdc:
Feb 6 08:37:24 phobos kernel: Error: Not ready -- (Sense key=0x02)
Feb 6 08:37:24 phobos kernel: (res
Hi Jack,
> when i took a look at messages i
> discovered it had grown to over 11 gigs (don't ask me how) and i couldn't read
> then end of the file (obviously). someone had hit me 5 times per second for
> nearly 12 hours!
Are you saying 11GB?? Or do you mean 11MB? That sounds m
Look at the logrotate system. It can, and should, be set to rotate all
logs include the message file either on a set schedule or when the logs
exceed a certain size. If it is not happening then logrotate is not
running or is experiencing an error. If it is not running, make sure it
is set to
On Sat, 20 Jan 2001, Greg Wright wrote:
>
>
> FWIW it may be worth setting a quota, or making /var in its own
Setting a quota is what I recommend too. But isn't there a file
size cap on /var/log/messages* in any case? If not, there SHOULD
be. The system should do a li
*** REPLY SEPARATOR ***
On 19/01/01 at 9:32 jack wallen, jr wrote:
>my hard drive is failing (running Red Hat 7.0) and last night i discovered
>it making the insidious 'clicking sound' only when trying to log to
>/var/log/messages or /var/log/secure. wh
the company is sending me a new drive. the drive has a windows partition
that's okay...so i can still use it for diablo II. ;-)
On Fri, 19 Jan 2001 [EMAIL PROTECTED] wrote:
>
> Hi Jack ;^)
>
> Well I'd hope whoever wrote the IDE drivers wouldn't let it try to write
> beyond the physical media r
Hi Jack ;^)
Well I'd hope whoever wrote the IDE drivers wouldn't let it try to write
beyond the physical media regardless of the file size. That said, I've
got a laptop drive that exibits similar behavior, usually only when
swapping heavily. I suspect there are some bad blocks that are getting
my hard drive is failing (running Red Hat 7.0) and last night i discovered
it making the insidious 'clicking sound' only when trying to log to
/var/log/messages or /var/log/secure. when i took a look at messages i
discovered it had grown to over 11 gigs (don't ask me how) and
On Sun, 7 Jan 2001, Bernhard Rosenkraenzer wrote:
> Are you running any processes in a chroot environment? If so, the chroot
> environment probably doesn't have ld-linux.so.2...
If the above is true, could he add the chrooted path to
'/etc/ld.so.conf'?
-- Generated Signature --
There is no sin
On Sat, 6 Jan 2001, Jonathan Wilson wrote:
> I was looking over my log files and saw this odd entry:
>
> Jan 4 14:05:47 csc003 kernel: Unable to load interpreter /lib/ld-linux.so.2
>
> I checked and that .so does indeed exist. I only found the message
> once. The server that came from has been u
How are its resources like memory?
On Sat, 6 Jan 2001, Jonathan Wilson wrote:
> I was looking over my log files and saw this odd entry:
>
> Jan 4 14:05:47 csc003 kernel: Unable to load interpreter /lib/ld-linux.so.2
>
> I checked and that .so does indeed exist. I only found the message once. Th
I was looking over my log files and saw this odd entry:
Jan 4 14:05:47 csc003 kernel: Unable to load interpreter /lib/ld-linux.so.2
I checked and that .so does indeed exist. I only found the message once. The server
that came from has been up for about 65 days. Any idea what's up with that?
I have upgraded from Red Hat 6.2 to 7.0 now I have a reoccuring error in the
/var/log/messages file it says:
Oct 3 13:39:11 deathbyte xinetd[1023]: identd server reply missing ending
CR-LF
Oct 3 13:46:28 deathbyte xinetd[1067]: Bad line received from identity
server at 216.248.91.251: 61855
Before doing much of anything, you probably want to download a fresh
/bin/rpm and and use it to verify that the packages installed (e.g.,
syslogd) are really what they say they are.
hth,
kf
--
My recommendation: Don't shop at Explorer Micro, Columbus, Ohio.
On Tue, 19 Sep 2000, Kerry Mille
If possible, you may want to replace telnet with ssh.
hth,
kf
--
My recommendation: Don't shop at Explorer Micro, Columbus, Ohio.
On Tue, 26 Sep 2000, Frederic Herman wrote:
= I have seen this when getting poort scanned.
=
= F.
=
= Kerry Miller wrote:
= >
= > I'm gettting these 2 lines r
I see this when connecting to DALnet :) Except they warn of a proxy
sniffer thingie :P
Port sniffing.. sounds quite possible.
On Tue, 26 Sep 2000, Frederic Herman wrote:
> I have seen this when getting poort scanned.
>
> F.
>
> Kerry Miller wrote:
> >
> > I'm gettting these 2 lines repeating
I have seen this when getting poort scanned.
F.
Kerry Miller wrote:
>
> I'm gettting these 2 lines repeating over and over every minute in the
> messages file. Anybody know where it's coming from? This was the same
> machine I told you guys about last week that got hacked, so it may be
> some
I'm gettting these 2 lines repeating over and over every minute in the
messages file. Anybody know where it's coming from? This was the same
machine I told you guys about last week that got hacked, so it may be
something trying to run. I haven't seen anything else unusual in the log,
before
On Tue, 19 Sep 2000, Kerry Miller wrote:
> Ok, I've taken several of your suggestions about looking at this hacked
> server. Somehow, they've turned off the logging and there are no entries
> in anything under /var/log where you would normally check out the logs.
> How can I restart the logg
Restart logging ->
Check /etc/syslog.conf...
man syslog
> -Original Message-
> From: Kerry Miller [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, September 19, 2000 12:49 PM
> To: '[EMAIL PROTECTED]'
> Subject: No log entries in /var/log/messages or secure
Ok, I've taken several of your suggestions about looking at this hacked
server. Somehow, they've turned off the logging and there are no entries
in anything under /var/log where you would normally check out the logs.
How can I restart the logging? I saw syslog in the rc3.d directory but
hav
nt it out with a # sign, and then killall -HUP inetd
Cheers,
--Matt
On Sat, Jul 01, 2000 at 04:16:32PM -0400, John P. Verel wrote:
> I've begun to see meessages like the following in my /var/log/messages log:
>
> Jul 1 16:13:42 CV150607-A inetd[431]: auth/tcp: bind: Address already
On Sat, Jul 01, 2000 at 04:16:32PM -0400, John P. Verel wrote:
> I've begun to see meessages like the following in my /var/log/messages log:
>
> Jul 1 16:13:42 CV150607-A inetd[431]: auth/tcp: bind: Address already
> in use
>
> Does this mean someone is trying to log int
"John P. Verel" wrote:
> I've begun to see meessages like the following in my /var/log/messages log:
>
> Jul 1 16:13:42 CV150607-A inetd[431]: auth/tcp: bind: Address already
> in use
that means that identd was running as a daemon when inetd started, and
tried t
I've begun to see meessages like the following in my /var/log/messages log:
Jul 1 16:13:42 CV150607-A inetd[431]: auth/tcp: bind: Address already
in use
Does this mean someone is trying to log into my machine? There is no
record in /var/log/secure of a log in. The who command shows
> I keep getting these in /var/log/messages and can't
> figure out whats causing it (3 every hour, every day)
>
> Jan 7 11:15:58 mecha -- MARK --
> Jan 7 11:35:58 mecha -- MARK --
> Jan 7 11:55:58 mecha -- MARK --
> Jan 7 12:15:58 mecha -- MARK --
> Jan 7 12:35
> Date: Fri, 7 Jan 2000 11:19:38 -0800 (PST)
> From: "Adv. Systems Design" <[EMAIL PROTECTED]>
>
> I keep getting these in /var/log/messages and can't
> figure out whats causing it (3 every hour, every day)
>
> Jan 7 11:15:58 mecha -- MARK --
> Ja
On Fri, Jan 07, 2000 at 11:19:38AM -0800, Adv. Systems Design wrote:
> I keep getting these in /var/log/messages and can't
> figure out whats causing it (3 every hour, every day)
>
> Jan 7 11:15:58 mecha -- MARK --
> Jan 7 11:35:58 mecha -- MARK --
> Jan 7 11:55:58 me
too when we first noticed these :D
Frank Carreiro
www.xmission.com/~dmacleod
---------
I keep getting these in /var/log/messages and can't
figure out whats causing it (3 every hour, every day)
Jan 7 11:15:58 mecha -- MARK --
Jan 7 11:35:58 mecha -- MARK --
Jan 7 11:55:5
-Original Message-
From: Adv. Systems Design <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, January 07, 2000 4:08 PM
Subject: strange entries in /var/log/messages
>I keep getting these in /var/log/messages and can't
>figure out wh
I keep getting these in /var/log/messages and can't
figure out whats causing it (3 every hour, every day)
Jan 7 11:15:58 mecha -- MARK --
Jan 7 11:35:58 mecha -- MARK --
Jan 7 11:55:58 mecha -- MARK --
Jan 7 12:15:58 mecha -- MARK --
Jan 7 12:35:58 mecha -- MARK --
Jan 7 12:55:58
ed some help understanding two lines in /var/log/messages
> >that occur when I use my modem. A few lines from messages are:
> >
> >Nov 1 18:12:39 localhost modprobe: can't locate module char-major-108
> >Nov 1 18:12:39 localhost pppd[8780]: pppd 2.3.10 started by root,
Rick Ingersoll wrote:
> and occasionally something like this:
>
> Jun 25 00:00:45 linuxbox kernel: NFS server ournfsserver not responding,
> still trying.
> Jun 25 00:00:55 linuxbox kernel: NFS server ournfsserver OK.
Overloaded server. Don't worry.
Linux clients eat this better than Solaris cl
I recently upgraded from RH 4.2 to 5.1 and installed requisite updated
RPMs. I just had a gander at /var/log/messages and noticed some troubling
entries. Our LINUXBOX gets name service from a SunOS box (OURYPSERVER) and
NFS and mail service from a Solaris box (OURNFSSERVER). The log will be
G'day all
Just wondered if someone could tell me what might be causing this to
appear in my log:
May 12 02:19:42 niteowl tcplogd: port 139 connection attempt from
sunshine.userfriendly.net
May 12 02:19:43 niteowl PAM_pwdb[27572]: get passwd; pwdb: structure is
no longer valid
May 12 02:19:45 nit
I'm getting the following message in /var/log/messages on two computers on
the same subnet. It reads as follows:
Apr 15 12:10:56 klondike kernel: ICMP: failed checksum from xxx.xxx.xxx.xxx
Obviously the hostname and time/date are different each time
but the source is always the same.
77 matches
Mail list logo