Thanks Jesse! Rafael.
----- Original Message ----- From: "Jesse Kline" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 02, 2002 3:15 PM Subject: Re: (clug-talk) /var/log/samba with 1.1.1.1.1.1.1.1..... [suspicious or ill log implementation by the Sys Admin.] > Sorry dude, I didn't ignore your post, but personally I have no idea what the > problem could be. I would go throught the smb.conf file and see if you can turn > off this excessive logging. I would also verify your samba install, and maybe > try upgrading samba. Hopefully no one has tampered with your copy of samba. I > would also try searching Google and Google Groups to see if you can find any > posting on this sort of problem. You may also find more help at the Samaba web > site or on the Samba mailing list. > > Hope that help a bit, > > Jesse > > Quoting "J. Rafael S�nchez" <[EMAIL PROTECTED]>: > > > ========================= > > So no takers on this topic he guys? > > > > Any comments? No one has seen a situation similar to this before? > > > > Or perhaps I didn't explain it properly. Anyway, I was just wondering ;-) > > ========================= > > > > > > > > ----- Original Message ----- > > From: "J. Rafael S�nchez" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, October 01, 2002 10:56 AM > > Subject: (clug-talk) /var/log/samba with 1.1.1.1.1.1.1.1..... [suspicious > > or > > ill log implementation by the Sys Admin.] > > > > > > > Hi all, > > > Please allow me to share with you my findings today - and would like to > > hear > > > your comments as well. > > > > > > Some of my main processing servers/boxes run RH 6.2 on them. Windows > > users > > > interface with them via Xwin32. In the last two days, I've been noticing > > > that all of us have been loosing all the Xwin connections, mostly > > overnight. > > > When we come to work in the morning, we just find xwin open but with all > > the > > > connections gone. > > > > > > I launched on the quest this morning to find the problem. Looked > > everywhere, > > > till finally I did an "ls" on /var/log/samba. It was taking way, I mean > > way > > > too long to come back with an answer that I had to <ctrl-c> it. I tried a > > > "du -sm /var/log/samba" and exactly the same thing. > > > > > > I looked at my /etc/smc.conf and found that I'm logging every machine to > > > "/var/log/samba/log.%m", so I starting narrowing down my search. Well > > what > > I > > > found blew me away! Every single machine had a number of entries, I mean > > I > > > big number of entries like: > > > log.machinename.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1. and on, and on, and > > > one. You see what I mean. > > > > > > Some of them seemed to have run out of 1's after about 22 of them and > > > started with 2's and on, and on. > > > > > > After making a copy of the /var/log/samba/ folder somewhere else, I was > > able > > > to delete most of them except the following two: > > > > > > p--sr-x-wT 1 8810 20310 0 Oct 25 1971 > > > > > log.triton.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.2.1.1.1.1.1.1.1 > > > .1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1 > > > > > > br-sr-xrwt 1 19311 52092 139, 237 Feb 8 2010 > > > > > log.triton.1.1.1.2.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1 > > > .1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1 > > > > > > Notice the uid and the gid, also notice the date. This machine (the > > server > > > and the client) didn't even exist then. Of the last one with the year > > 2010. > > > > > > Of course I have not proven that this will fix my problem with my > > > windows/Linux middleware, but I have a good feeling. If not, I guess I'll > > > just have to keep an eye on this issue. > > > > > > Would anyone have any comments on this? I'd appreciate any feedback. > > > > > > > > > +=+=+=+=+=+=+=+=+=+=+=+=+ > > > j.rafael.s�nchez > > > Systems Administrator > > > +=+=+=+=+=+=+=+=+=+=+=+=+ > > > Itres Research Limited > > > www.itres.com > > > Phone: 403.250.9944 > > > Fax: 403.250.9916 > > > +=+=+=+=+=+=+=+=+=+=+=+=+ > > > > > > >
