Re: way to duplicate logs?

From: randall ehren (randall_at_ucsb.edu)
Date: 12/11/04

  • Next message: Nielsen: "Re: way to duplicate logs?" 
    Date: Fri, 10 Dec 2004 16:49:40 -0800
To: Bob Ababurko <ababurko@adelphia.net>

    > I am bit confused here. I have just had some issues with my box and I
    > am looking for some opinions. I just had been denied access to my
    > box...supposedly from a memory shortage in reference to my NIC....more
    > specifically, mbuf clusters exhausted. Now I am looking in my
    > /var/log/messages for when this started and I notice a discrepancy in my
    > logs. Now from where I am looking, I see time in the logs go backwards.
    > You can see it as soon as the box is rebooted. Is there an explanation
    > for this?

    it could be that your BIOS time is conflicting with freebsd's - during
    your install did you select "YES" for "Does your BIOS keep track of
    time?" or whatever the question is...

    > The date on the box should not have changed during that reboot, as it
    > was in sync with ntp and still is.

    are you sure ntp is running?
      to check: root@box[~]% \ps -waux | grep ntp

    > Also, is there a way to make more than one copy of these logs?....I am
    > not sure how this is set up and but I would like to possibly have
    > another set of logs in place so if someone is editing them, I can catch
    > it. I know there is a chance that I may be overreacting., but just in
    > case I want to know.

    you can setup another machine to receive logs:
      http://isber.ucsb.edu/~randall/instructions/loghost/

    or just % man 5 syslog.conf

      -randall 

    -- 
       randall s. ehren       :// 805.893.5632
        systems administrator :// isber.ucsb.edu
         institute for social, behavioral, and economic research
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
  • Next message: Nielsen: "Re: way to duplicate logs?"

    Relevant Pages

    • Re: ntp woes (and more-general questions about startup and logging)
      ... the machine tries to "ntp" sync before the all of the IP ... stack is functional during boot and it fails to sync. ... I do remember seeing *something* in the logs from ntpd, ...
      (comp.sys.mac.system)
    • Re: open NTP port isa 2000
      ... i used the predefined NTP service as well ... It is the most secure and most flexible type of ISA ... Client you can run. ... If ISA is blocking it then it will show it in the logs. ...
      (microsoft.public.isa.configuration)
    • Re: Testing NTP on Win2003
      ... time-related warnings or errors in the logs, and Windows computers are ... syncing their time. ... How can I tell if the DC is listening and responding to NTP ...
      (microsoft.public.windows.server.networking)
    • Netgear FR114P Time Checks
      ... When looking at the logs I see ... the following entries every 2 hours: ... NTP is a time check. ... resolves to time.nist.gov which is the ...
      (comp.security.firewalls)
    • Re: Winter Forecast
      ... This posting expresses the personal view and opinions of the author. ... He he thanks Jon. ... logs and stacking them like crazy, whispers then started, " Will (you know the ...
      (uk.sci.weather)