After getting a -huge- telephone bill from Telstra
(in Australia, where we -still- pay for local calls),
we thought to analyze the e-smith's logs to con-
firm that we had, in fact, made so many calls (or
otherwise)... since the line is exclusively e-smith's.
Unfortunately, we found the log files (apparently)
unusable for the purpose... e.g. date-time stamps
-not- in order, as one reads down any one log...
E.g. dates might appear (in small batches) in this
order, using our most recent 'messages' log as an
example (summary below, reply for copy of the
whole messages[.unx] log file):
Mar 26's (syslogd ... restart...)
Mar 26's (kernel logs DENY's - lots... maybe an intrustion...?)
Mar 27's (OK)
Mar 27 01:01 about an hour since prev entry (kernel log DENY ppp0)
Mar 4's a batch from 23:54 syslogd restart... apparently after a
re-boot!
Mar 4's a batch from 23:53 ('rc: starting syslog' & 'rc.sysinit' at
interface)
Mar 5's (OK... until... last in batch is time-stamped 00:01)
Mar 4 13:31 (just 1 - 'named shutting down')
Mar 5 00:01 (just 1 - 'e-smith running event handler)
Mar 4 13:31's (several, starting with some fr. named, now starting
again)
Mar 5 00:01's (pppd noticing a disconnect...)
etc.
(a slightly sanitised ver of this 'messages' available on request...)
Mar 27's (ntpdate [1624] step time server...)
While dates of messages[.n] files are also (-this- time) OK:
messages Mar 27
messages.1 Mar 26
messages.2 Mar 4
messages.3 Mar 3
they have - in previous times - been a bit rearranged.
And, this time... mc (midnight commander) shows
each file -after- the (latest) 'messages' file
as one big 'textblock' (i.e. -not- as a srtream
of nice log lines, as 'messages' seems to comprise)
Ideas? Suggestions? Has anybody else experienced
anything like this? How was it resolved?
BTW, SlashDot.org has an article about an auto-
mated log-analysis service at SecurityFocus.com
if it's within each (or free), and works for these
logs, we might give it a try... ;-)
