John J LeMay Jr wrote:
>
> Anyone have any idea what would have killed my logging? /var/log/messages,
> /var/log/kern.log, and a few others are 0 bytes since 24 December. I know
> something was hosed around that time, but I've rebooted and been running fine
> since (or so it seems). However, I don't know where to start looking for
> something that would be preventing logs.
If you've lost ALL logging, it is possible you've been hacked. It happened to
me when I was evaluating Caldera OpenLinux 2.3...
That said, there is a problem with syslogd on LM7.2 that I am chasing on one of
my systems: syslogd does not accept logging from remote systems. I remember
finding and fixing this once; but have since forgotten the fix...
In my case, when triggering a logable event on my firewall, I get:
# tcpdump -vvs 1500 '(udp and port 514) or icmp'
tcpdump: listening on eth0
16:11:33.722662 fw.57655 > pfortin.syslog: udp 88 (ttl 255, id 37708)
16:11:33.722845 pfortin > fw: icmp: pfortin udp port syslog unreachable [tos
0xc0] (ttl 255, id 43813)
netstat -l shows that udp/514 is indeed not listening.
Anyone remember how to fix
this..?
Pierre
> John LeMay Jr.
> Senior Enterprise Consultant
> NJMC, LLC.
