From owner-freebsd-security Fri Feb 16 2:56:24 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.marketnews.com (mail.economeister.com [205.183.200.2]) by hub.freebsd.org (Postfix) with ESMTP id 4F8AC37B65D for ; Fri, 16 Feb 2001 02:56:21 -0800 (PST) Received: from mharding ([213.219.53.82]) by mail.marketnews.com (8.11.0/8.9.3) with SMTP id f1GAtmd45168; Fri, 16 Feb 2001 05:55:49 -0500 (EST) From: "Mason Harding" To: "Mark Hartley" , Subject: RE: Syslogd stops working Date: Fri, 16 Feb 2001 12:33:20 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20010214154342.A48740@router.drapple.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have this problem as well, but have never looked into it too much. I have a FreeBSD 4.2 stable syslog server, logging from about 5 machines. About once a week syslogd stops working. The daemon continues to run, and a killall -HUP doesn't fix it. Only when I kill and restart it does it work again...for another week or two. I think this is defiantly a security issue. If someone can knock out the remote syslog server before they hack a box and clean out the local logs, then they are home free. Mason -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Mark Hartley Sent: Thursday, February 15, 2001 12:44 AM To: freebsd-security@FreeBSD.ORG Subject: Syslogd stops working I have several different FreeBSD servers which I've upgraded recently through cvsup and rebuilding world due to the bind, ipfw, and ssh holes. However, I have one machine which I cvsupped and rebuilt on Jan 29th which has stopped logging to syslog. I've checked my syslog.conf file and everything seems fine. I had just been noticing a lack of people "banging" on my firewall. I got to looking, and syslog has not been functioning since that point. This is a very serious issue for me as I've potentially missed several important syslog notices. I checked, and syslogd is in fact running. Any ideas why this is happening and what I can do to remedy it? Mark. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message