Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Feb 2001 15:58:04 -0800
From:      Mark Hartley <freebsd@drapple.com>
To:        freebsd-security@freebsd.org
Subject:   Re: Syslogd stops working
Message-ID:  <20010214155804.B48740@router.drapple.com>
In-Reply-To: <20010214184428.U91352@numachi.com>; from reichert@numachi.com on Wed, Feb 14, 2001 at 06:44:28PM -0500
References:  <20010214154342.A48740@router.drapple.com> <20010214184428.U91352@numachi.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 14, 2001 at 06:44:28PM -0500, Brian Reichert wrote:
> On Wed, Feb 14, 2001 at 03:43:43PM -0800, Mark Hartley wrote:
> > I have several different FreeBSD servers which I've upgraded recently
> > through cvsup and rebuilding world due to the bind, ipfw, and ssh holes.
> > 
> > However, I have one machine which I cvsupped and rebuilt on Jan 29th
> > which has stopped logging to syslog.  I've checked my syslog.conf file
> > and everything seems fine.  I had just been noticing a lack of people
> > "banging" on my firewall.  I got to looking, and syslog has not been
> > functioning since that point.  This is a very serious issue for me
> > as I've potentially missed several important syslog notices.  I checked,
> > and syslogd is in fact running.
> > 
> > Any ideas why this is happening and what I can do to remedy it?
> 
> I've had issues with syslog logging to a serial console.  It that you are
> doing?
> 

No, I'm logging to a couple of files.  Here is the relevant snippet from my
/etc/syslog.conf file

!ftpd
*.*                                             /var/log/ftpd.log
!sshd
*.*                                             /var/log/sshd.log
!su
*.*                                             /var/log/su.log
!ipfw
*.*                                             /var/log/ipfw.log

I have it log all of those events to those log files, which do exist and
which have not had their permissions modified since I created them 
(root:wheel) with mode 640.

By the way, I am tracking 4.2-STABLE.  I've checked the -STABLE mailing
list archives and I saw some work being done with syslog, but nothing
like what I'm experiencing was mentioned.


Mark.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010214155804.B48740>