From owner-freebsd-security Tue May 7 17:50:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.webmonster.de (datasink.webmonster.de [194.162.162.209]) by hub.freebsd.org (Postfix) with SMTP id 263AA37B400 for ; Tue, 7 May 2002 17:50:06 -0700 (PDT) Received: (qmail 42854 invoked by uid 1000); 8 May 2002 00:50:26 -0000 Date: Wed, 8 May 2002 02:50:26 +0200 From: "Karsten W. Rohrbach" To: Martin McCormick Cc: freebsd-security@FreeBSD.ORG Subject: Logging to console, Was: I am My Own Worst Enemy Regarding Denial of Service! Message-ID: <20020508025026.C41899@mail.webmonster.de> Mail-Followup-To: "Karsten W. Rohrbach" , Martin McCormick , freebsd-security@FreeBSD.ORG References: <200205071408.g47E8Vl29936@dc.cis.okstate.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="nmemrqcdn5VTmUEE" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200205071408.g47E8Vl29936@dc.cis.okstate.edu>; from martin@dc.cis.okstate.edu on Tue, May 07, 2002 at 09:08:31AM -0500 X-Arbitrary-Number-Of-The-Day: 42 X-URL: http://www.webmonster.de/ X-Disclaimer: My opinions do not necessarily represent those of my employer X-Work-URL: http://www.ngenn.net/ X-Work-Address: nGENn GmbH, Schloss Kransberg, D-61250 Usingen-Kransberg, Germany X-Work-Phone: +49-6081-682-304 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --nmemrqcdn5VTmUEE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Martin McCormick(martin@dc.cis.okstate.edu)@2002.05.07 09:08:31 +0000: > I set up our syslog.conf on a FreeBSD system to notify > all of us when the network equipment we monitor sends a critical > syslog message. This works perfectly and we get the messages on > all logged-in TTY's. >=20 > The system breaks down if one of our pieces of gear goes > in to a failure mode in which it sends a continuous or more or > less continuous stream of messages to everybody with such > frequency that the window or screen is quickly filled. >=20 > Is there any way to define a login in such a way as to > escape the bombardment? you define a login name as target. a user with a different login name won't get these messages. the standard /etc/syslog.conf is set up to show "*.err" to user "root" but not to other folks logged in. selecting some kind of threshold, max. messages per time unit, is not possible, tells me the source of my RELENG_4 box. > The idea is to define one terminal with no messages > in order to be able to work without interruption on the system in > question. add "*.* /dev/ttyvb" to the beginning of /etc/syslog.conf kill -HUP syslogd terminal 12 will have the syslog you could also turn off ttyv0's getty in /etc/ttys: ttyv0 "/usr/libexec/getty Pc" cons25 off and add let syslogd log onto this one. dont forget to "kill -1 1" after modifying /etc/ttys another idea is having less in follow mode run as a getty on some terminal: ttyvb "/usr/bin/less +F /var/log/messages" cons25 on and log to the messages file. this one's a pretty handy one, since you can press ^C, scroll back and forth the whole file, and follow the log again with "F" one might argue about if choosing ttyv0 for logs is a sensible choice. my favourites are 11/12 (ttyv[ab]), because they're unused by default. regards, /k --=20 > Nuclear war can ruin your whole compile. --Karl Lehenbauer WebMonster Community Project -- Next Generation Networks GmbH -- All on BSD http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C 5F 0B E0 6B 4D CD 8C 44 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 1= 0x --nmemrqcdn5VTmUEE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iD8DBQE82HZSs5Nr9N7JSKYRAhDkAJ9TdmIoOjmqqlooc0GB36yqBdhneACbBiSl r6rUn3aqyEOCyH7v+viEu6Q= =D7H0 -----END PGP SIGNATURE----- --nmemrqcdn5VTmUEE-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message