Date: Fri, 16 Feb 2001 12:33:20 +0100 From: "Mason Harding" <mharding@marketnews.com> To: "Mark Hartley" <freebsd@drapple.com>, <freebsd-security@FreeBSD.ORG> Subject: RE: Syslogd stops working Message-ID: <BGENLPKDCIBENFNNNAIDCEJLCAAA.mharding@marketnews.com> In-Reply-To: <20010214154342.A48740@router.drapple.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I have this problem as well, but have never looked into it too much. I have a FreeBSD 4.2 stable syslog server, logging from about 5 machines. About once a week syslogd stops working. The daemon continues to run, and a killall -HUP doesn't fix it. Only when I kill and restart it does it work again...for another week or two. I think this is defiantly a security issue. If someone can knock out the remote syslog server before they hack a box and clean out the local logs, then they are home free. Mason -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Mark Hartley Sent: Thursday, February 15, 2001 12:44 AM To: freebsd-security@FreeBSD.ORG Subject: Syslogd stops working I have several different FreeBSD servers which I've upgraded recently through cvsup and rebuilding world due to the bind, ipfw, and ssh holes. However, I have one machine which I cvsupped and rebuilt on Jan 29th which has stopped logging to syslog. I've checked my syslog.conf file and everything seems fine. I had just been noticing a lack of people "banging" on my firewall. I got to looking, and syslog has not been functioning since that point. This is a very serious issue for me as I've potentially missed several important syslog notices. I checked, and syslogd is in fact running. Any ideas why this is happening and what I can do to remedy it? Mark. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BGENLPKDCIBENFNNNAIDCEJLCAAA.mharding>