Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 31 Jul 1998 22:06:25 GMT
From:      Brian Neal <brian@free1.cetinc.com>
To:        brian@free1.cetinc.com, dwhite@resnet.uoregon.edu
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Logfile question
Message-ID:  <199807312206.WAA16594@free1.cetinc.com>
In-Reply-To: <Pine.BSF.4.00.9807311416190.14321-100000@resnet.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
> From dwhite@resnet.uoregon.edu Fri Jul 31 17:19:52 1998
> Date: Fri, 31 Jul 1998 14:16:57 -0700 (PDT)
> From: Doug White <dwhite@resnet.uoregon.edu>
> To: Brian Neal <brian@free1.cetinc.com>
> cc: freebsd-questions@FreeBSD.ORG
> Subject: Re: Logfile question
>
>
> On Thu, 30 Jul 1998, Brian Neal wrote:
>
> > I have a question regarding logfile rotation and removal.  Specifically, my
> > messages and ftpd files have disappeared.  This is 2.2.6-STABLE.  I was
> > wondering if they would be deleted to free up space?  There was an incident
> > on this machine a few days ago, someone got ahold of a username and password
> > and got into the system via ftp.  This individual did not, however, have
> > permissions necessary to delete any of these files, however, since I have no
> > logs, I can't tell what did happen.  If this individual used some kind of
> > password dictionary to get in (obviously generating a very large amount of
> > unsuccessfull login attempts), could the messages log have been deleted to
> > conserve space?
>
> They could have been rolled (they'd be in /var/log/messages.?.gz) and for
> some reason newsyslog couldn't touch /var/log/messages then restart
> syslogd to get things flowing again.
>
>
> Doug White                              | University of Oregon  
> Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
> http://gladstone.uoregon.edu/~dwhite    | Computer Science Major
>
>

I've restarted syslogd, but all the gzipped files were gone too...

-brian

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807312206.WAA16594>