From owner-freebsd-security Wed Feb 14 15:55:50 2001 Delivered-To: freebsd-security@freebsd.org Received: from router.drapple.com (c1024475-b.salem1.or.home.com [24.10.78.207]) by hub.freebsd.org (Postfix) with ESMTP id 0EA3637B491 for ; Wed, 14 Feb 2001 15:55:45 -0800 (PST) Received: (from mark@localhost) by router.drapple.com (8.9.3/8.9.3) id PAA48810 for freebsd-security@freebsd.org; Wed, 14 Feb 2001 15:58:04 -0800 (PST) (envelope-from mark) Date: Wed, 14 Feb 2001 15:58:04 -0800 From: Mark Hartley To: freebsd-security@freebsd.org Subject: Re: Syslogd stops working Message-ID: <20010214155804.B48740@router.drapple.com> References: <20010214154342.A48740@router.drapple.com> <20010214184428.U91352@numachi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20010214184428.U91352@numachi.com>; from reichert@numachi.com on Wed, Feb 14, 2001 at 06:44:28PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Feb 14, 2001 at 06:44:28PM -0500, Brian Reichert wrote: > On Wed, Feb 14, 2001 at 03:43:43PM -0800, Mark Hartley wrote: > > I have several different FreeBSD servers which I've upgraded recently > > through cvsup and rebuilding world due to the bind, ipfw, and ssh holes. > > > > However, I have one machine which I cvsupped and rebuilt on Jan 29th > > which has stopped logging to syslog. I've checked my syslog.conf file > > and everything seems fine. I had just been noticing a lack of people > > "banging" on my firewall. I got to looking, and syslog has not been > > functioning since that point. This is a very serious issue for me > > as I've potentially missed several important syslog notices. I checked, > > and syslogd is in fact running. > > > > Any ideas why this is happening and what I can do to remedy it? > > I've had issues with syslog logging to a serial console. It that you are > doing? > No, I'm logging to a couple of files. Here is the relevant snippet from my /etc/syslog.conf file !ftpd *.* /var/log/ftpd.log !sshd *.* /var/log/sshd.log !su *.* /var/log/su.log !ipfw *.* /var/log/ipfw.log I have it log all of those events to those log files, which do exist and which have not had their permissions modified since I created them (root:wheel) with mode 640. By the way, I am tracking 4.2-STABLE. I've checked the -STABLE mailing list archives and I saw some work being done with syslog, but nothing like what I'm experiencing was mentioned. Mark. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message