========================= So no takers on this topic he guys? Any comments? No one has seen a situation similar to this before?
Or perhaps I didn't explain it properly. Anyway, I was just wondering ;-) ========================= ----- Original Message ----- From: "J. Rafael S�nchez" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, October 01, 2002 10:56 AM Subject: (clug-talk) /var/log/samba with 1.1.1.1.1.1.1.1..... [suspicious or ill log implementation by the Sys Admin.] > Hi all, > Please allow me to share with you my findings today - and would like to hear > your comments as well. > > Some of my main processing servers/boxes run RH 6.2 on them. Windows users > interface with them via Xwin32. In the last two days, I've been noticing > that all of us have been loosing all the Xwin connections, mostly overnight. > When we come to work in the morning, we just find xwin open but with all the > connections gone. > > I launched on the quest this morning to find the problem. Looked everywhere, > till finally I did an "ls" on /var/log/samba. It was taking way, I mean way > too long to come back with an answer that I had to <ctrl-c> it. I tried a > "du -sm /var/log/samba" and exactly the same thing. > > I looked at my /etc/smc.conf and found that I'm logging every machine to > "/var/log/samba/log.%m", so I starting narrowing down my search. Well what I > found blew me away! Every single machine had a number of entries, I mean I > big number of entries like: > log.machinename.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1. and on, and on, and > one. You see what I mean. > > Some of them seemed to have run out of 1's after about 22 of them and > started with 2's and on, and on. > > After making a copy of the /var/log/samba/ folder somewhere else, I was able > to delete most of them except the following two: > > p--sr-x-wT 1 8810 20310 0 Oct 25 1971 > log.triton.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.2.1.1.1.1.1.1.1 > .1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1 > > br-sr-xrwt 1 19311 52092 139, 237 Feb 8 2010 > log.triton.1.1.1.2.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1 > .1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1 > > Notice the uid and the gid, also notice the date. This machine (the server > and the client) didn't even exist then. Of the last one with the year 2010. > > Of course I have not proven that this will fix my problem with my > windows/Linux middleware, but I have a good feeling. If not, I guess I'll > just have to keep an eye on this issue. > > Would anyone have any comments on this? I'd appreciate any feedback. > > > +=+=+=+=+=+=+=+=+=+=+=+=+ > j.rafael.s�nchez > Systems Administrator > +=+=+=+=+=+=+=+=+=+=+=+=+ > Itres Research Limited > www.itres.com > Phone: 403.250.9944 > Fax: 403.250.9916 > +=+=+=+=+=+=+=+=+=+=+=+=+
