Date: Wed, 8 May 2002 02:50:26 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Martin McCormick <martin@dc.cis.okstate.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Logging to console, Was: I am My Own Worst Enemy Regarding Denial of Service! Message-ID: <20020508025026.C41899@mail.webmonster.de> In-Reply-To: <200205071408.g47E8Vl29936@dc.cis.okstate.edu>; from martin@dc.cis.okstate.edu on Tue, May 07, 2002 at 09:08:31AM -0500 References: <200205071408.g47E8Vl29936@dc.cis.okstate.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--nmemrqcdn5VTmUEE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Martin McCormick(martin@dc.cis.okstate.edu)@2002.05.07 09:08:31 +0000: > I set up our syslog.conf on a FreeBSD system to notify > all of us when the network equipment we monitor sends a critical > syslog message. This works perfectly and we get the messages on > all logged-in TTY's. >=20 > The system breaks down if one of our pieces of gear goes > in to a failure mode in which it sends a continuous or more or > less continuous stream of messages to everybody with such > frequency that the window or screen is quickly filled. >=20 > Is there any way to define a login in such a way as to > escape the bombardment? you define a login name as target. a user with a different login name won't get these messages. the standard /etc/syslog.conf is set up to show "*.err" to user "root" but not to other folks logged in. selecting some kind of threshold, max. messages per time unit, is not possible, tells me the source of my RELENG_4 box. > The idea is to define one terminal with no messages > in order to be able to work without interruption on the system in > question. add "*.* /dev/ttyvb" to the beginning of /etc/syslog.conf kill -HUP syslogd terminal 12 will have the syslog you could also turn off ttyv0's getty in /etc/ttys: ttyv0 "/usr/libexec/getty Pc" cons25 off and add let syslogd log onto this one. dont forget to "kill -1 1" after modifying /etc/ttys another idea is having less in follow mode run as a getty on some terminal: ttyvb "/usr/bin/less +F /var/log/messages" cons25 on and log to the messages file. this one's a pretty handy one, since you can press ^C, scroll back and forth the whole file, and follow the log again with "F" one might argue about if choosing ttyv0 for logs is a sensible choice. my favourites are 11/12 (ttyv[ab]), because they're unused by default. regards, /k --=20 > Nuclear war can ruin your whole compile. --Karl Lehenbauer WebMonster Community Project -- Next Generation Networks GmbH -- All on BSD http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C 5F 0B E0 6B 4D CD 8C 44 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 1= 0x --nmemrqcdn5VTmUEE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iD8DBQE82HZSs5Nr9N7JSKYRAhDkAJ9TdmIoOjmqqlooc0GB36yqBdhneACbBiSl r6rUn3aqyEOCyH7v+viEu6Q= =D7H0 -----END PGP SIGNATURE----- --nmemrqcdn5VTmUEE-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020508025026.C41899>