Date: Fri, 10 Dec 2004 16:49:40 -0800 From: randall ehren <randall@ucsb.edu> To: Bob Ababurko <ababurko@adelphia.net> Cc: freebsd-security@freebsd.org Subject: Re: way to duplicate logs? Message-ID: <41BA4424.7040201@ucsb.edu> In-Reply-To: <41BA3DD6.5040702@adelphia.net> References: <41BA3DD6.5040702@adelphia.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> I am bit confused here. I have just had some issues with my box and I > am looking for some opinions. I just had been denied access to my > box...supposedly from a memory shortage in reference to my NIC....more > specifically, mbuf clusters exhausted. Now I am looking in my > /var/log/messages for when this started and I notice a discrepancy in my > logs. Now from where I am looking, I see time in the logs go backwards. > You can see it as soon as the box is rebooted. Is there an explanation > for this? it could be that your BIOS time is conflicting with freebsd's - during your install did you select "YES" for "Does your BIOS keep track of time?" or whatever the question is... > The date on the box should not have changed during that reboot, as it > was in sync with ntp and still is. are you sure ntp is running? to check: root@box[~]% \ps -waux | grep ntp > Also, is there a way to make more than one copy of these logs?....I am > not sure how this is set up and but I would like to possibly have > another set of logs in place so if someone is editing them, I can catch > it. I know there is a chance that I may be overreacting., but just in > case I want to know. you can setup another machine to receive logs: http://isber.ucsb.edu/~randall/instructions/loghost/ or just % man 5 syslog.conf -randall -- randall s. ehren :// 805.893.5632 systems administrator :// isber.ucsb.edu institute for social, behavioral, and economic research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41BA4424.7040201>