Out of curiosity, what command are you using to restart klogd? I think I
have the same problem with one of my boxes.
Matt
> -----Original Message-----
> From: Tony Smith [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 24, 2000 9:43 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [expert] ipchains logging
>
>
> > Hi Greg,
> >
> > > Hey, I've just realised something...
> > >
> > > For a while after my firewall comes up, I get a few logged DENY
> > > packet, and
> > > an occasional portsentry attack alert, but after some
> time, the network
> > > seems to go very quite. I had checked my machine fromwork this
> > afternoon,
> > > and nothing was recorded since last nite.
> > >
> > > So, I decided to force a response and I telnetted into my
> machine. This
> > > triggerred the firewall and it logged the DENY packets.
> >
> > I tried this a while back, and my machine *didn't* log the
> DENY records.
> >
> > > Now, my situtation may actually be nothing like yours...
> but I wonder if
> > > your area of the network quites down a bit (ie: stops pounding
> > you if they
> > > no one can really see your machine)?
> > >
> > > Any thoughts? How did the new rpms works? Have you tried them?
> >
> > So far, so good. I want to give it a few more days before I
> > declare it resolved, but I'm still getting the messages since I
> > ungraded the sysklogd package. I'll let you know towards the end
> > of the week.
> >
>
> Well the bad news is that after about 4 days, even with the
> latest klogd and
> kernel 2.2.16-9mdksecure, DENY packet messages stop being
> logged. The good
> news is that I've isolated the problem to klogd since restarting that
> restarts the messages.
>
> Looks like I'll just restart it every night for now.
>
> Thanks for all the help.
>
> Tony
> ===============================
> Tony Smith
> Email: [EMAIL PROTECTED]
> ===============================
>
>
>
