way to duplicate logs?
From: Bob Ababurko (ababurko_at_adelphia.net)
Date: 12/11/04
- Previous message: Bob Ababurko: "need some advice on connections logs"
- Next in thread: randall ehren: "Re: way to duplicate logs?"
- Reply: randall ehren: "Re: way to duplicate logs?"
- Reply: Nielsen: "Re: way to duplicate logs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 10 Dec 2004 19:22:46 -0500 To: freebsd-security@freebsd.org
Hello-
I am bit confused here. I have just had some issues with my box and I
am looking for some opinions. I just had been denied access to my
box...supposedly from a memory shortage in reference to my NIC....more
specifically, mbuf clusters exhausted. Now I am looking in my
/var/log/messages for when this started and I notice a discrepancy in my
logs. Now from where I am looking, I see time in the logs go backwards.
You can see it as soon as the box is rebooted. Is there an
explanation for this?
bash-2.05b# tail -200 /var/log/messages
Dec 7 19:01:03 additional su: bob to root on /dev/ttyp0
Dec 8 10:19:35 additional su: bob to root on /dev/ttyp1
Dec 8 18:09:24 additional su: BAD SU bob to root on /dev/ttyp0
Dec 8 18:09:29 additional su: bob to root on /dev/ttyp0
Dec 10 17:36:45 additional /kernel: All mbuf clusters exhausted, please
see tuning(7).
Dec 10 17:37:16 additional last message repeated 31 times
Dec 10 17:39:17 additional last message repeated 121 times
Dec 10 17:49:18 additional last message repeated 575 times
Dec 10 17:59:19 additional last message repeated 545 times
Dec 10 14:08:10 additional /kernel: Copyright (c) 1992-2003 The FreeBSD
Project.
Dec 10 14:08:10 additional /kernel: Copyright (c) 1979, 1980, 1983,
1986, 1988, 1989, 1991, 1992, 1993, 1994
Dec 10 14:08:10 additional /kernel: The Regents of the University of
California. All rights reserved.
Dec 10 14:08:10 additional /kernel: FreeBSD 4.9-RELEASE #0: Tue Nov 30
01:20:25 AST 2004
The date on the box should not have changed during that reboot, as it
was in sync with ntp and still is.
Also, is there a way to make more than one copy of these logs?....I am
not sure how this is set up and but I would like to possibly have
another set of logs in place so if someone is editing them, I can catch
it. I know there is a chance that I may be overreacting., but just in
case I want to know.
Thanks,
Bob
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Bob Ababurko: "need some advice on connections logs"
- Next in thread: randall ehren: "Re: way to duplicate logs?"
- Reply: randall ehren: "Re: way to duplicate logs?"
- Reply: Nielsen: "Re: way to duplicate logs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
