[Simple-evcorr-users] reopening inputfile inconsistently fails
I've seen a log rotation where the input file did not get re-opened, and am working on troubleshooting that. For the SEC process that failed, sending a SIGUSR2 failed, but sending a SIGABRT worked. (both sent as the same user as the process owner) The input file for that process is an NFS mounted read-only backed file system, to which I have no real access for experimentation. I created a baby SEC config file for testing, and specified a local filesystem, and was unable to recreate the failure. I tried using "mv input_orig input_new; touch input_new", and "cp /dev/null >> input_orig". I used non-detached mode, as opposed to detached mode for the failing config, though I wouldn't expect that to make a difference. I'm currently thinking that it might have to do with the NFS mount options, perhaps specifically the locking methods, or maybe the soft vs. hard mount. The mtab entry (redhat 7.9) for this includes the following options: foo.ucsd.edu:/remotefilesystem /localfilemountdir nfs ro,relatime,vers=3,rsize=32768,wsize=32768,namlen=255,soft,nolock,proto=udp,timeo=11,retrans=3,sec=sys,mountaddr=AAA.BBB.CCC.DDD,mountvers=3,mountport=4002,mountproto=udp,local_lock=all,addr=AAA.BBB.CCC.DDD 0 0 The same SEC config running on a Solaris 11 box with the same NFS mounted filesystem, doesn't have this problem. The mnttab file there has these options: foo.ucsd.edu:/remotefilesystem /localfilenountdir nfs ro,nodevices,noquota,vers=3,proto=tcp,xattr,zone=ratbert2,sharezone=1,dev=9540001 1613782895 Ideas anyone? -- Brian Parent Information Technology Services Department ITS Computing Infrastructure Operations Group its-ci-ops-h...@ucsd.edu (team email address for Service Now) UC San Diego (858) 534-6090 ___ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
Re: [Simple-evcorr-users] 20th birthday of SEC
Yes, thanks Risto, and everyone for helping make/keep this super valuable and powerful software available. I've been using it at UCSD for nearly 20 years to detect brute force ssh scanning, and feed that info to the security folks to facilitate automated campus edge blocking. Re: > From: "Frazier, Jon" > Date: Tue, 23 Mar 2021 14:34:52 + > Subject: Re: [Simple-evcorr-users] 20th birthday of SEC > To: Risto Vaarandi , > "simple-evcorr-users@lists.sourceforge.net" > > > Thank you Risto as without you this tool would not be available. > I know it personally helped me in two different shops to more easily perform > certain job requirements. > Back in the early days there were more discussions on how to use it as well > as some benchmarking on number of events over time. > > Regards, > Jon Frazier > > > -Original Message- > From: Risto Vaarandi > Sent: Tuesday, March 23, 2021 9:28 AM > To: simple-evcorr-users@lists.sourceforge.net > Subject: [External] [Simple-evcorr-users] 20th birthday of SEC > > ___ > Caution: This email originated from outside of GM Financial and may contain > unsafe content. > ___ > > hi all, > > on March 23 2001, SEC version 1.0 was released into public domain. I would > like to take the opportunity to thank all SEC users for creative discussions > in this mailing list during the last two decades. I would also like to thank > all people who have suggested new features or supplied software and > documentation fixes. I am especially grateful to John P. Rouillard for many > design proposals and new ideas that are now part of the SEC code. Finally, my > thanks will also go to long term SEC package maintainers for their continuous > work during more than a decade -- Jaakko Niemi (Debian and Ubuntu), Stefan > Schulze Frielinghaus (RHEL, CentOS and Fedora), Malcolm Lewis (SLE and > openSUSE), Okan Demirmen (OpenBSD), and all other package maintainers for > platforms I might not be aware of. > > Thank you all! > > risto > > > ___ > Simple-evcorr-users mailing list > Simple-evcorr-users@lists.sourceforge.net > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users__;!!Mih3wA!SbQ4ewMYzRZDhxnV511cyWjrrcQuNzENaHvgw74cGabUQkyo8i0Bpo7LzMv7yRA$ > > > > > > Notice to all users The information contained in this email, including any > attachment(s) is confidential and intended solely for the addressee and may > contain privileged, confidential or restricted information. If you are not > the intended recipient or responsible to deliver to the intended recipient, > you are hereby notified that any dissemination, distribution or copying of > this communication is strictly prohibited. If you received this message in > error please notify the originator and then delete. Neither, the sender or > GMF's network will be liable for direct, indirect or consequential infection > by viruses associated with this email. > > > ___ > Simple-evcorr-users mailing list > Simple-evcorr-users@lists.sourceforge.net > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users__;!!Mih3wA!SbQ4ewMYzRZDhxnV511cyWjrrcQuNzENaHvgw74cGabUQkyo8i0Bpo7LzMv7yRA$ > -- Brian Parent Information Technology Services Department ITS Computing Infrastructure Operations Group its-ci-ops-h...@ucsd.edu (team email address for Service Now) UC San Diego (858) 534-6090 ___ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
