At 10:45 PM 4/26/01 -0700, Scott C. Best wrote:
...
> Makes me wonder though. At the start of the scan,
>/var/log/syslog, messages and kern.log were 15k, 13k, and
>13k respectively. After the scan...all *three* of them were
>over 980k before I ran out of disk space.
> Sure, a brute-force DOS attack but...what am I doing
>wrong where each packet log gets recorded in 3 places?
I forget which version of LRP you use, but probably what you're doing
"wrong" is accepting the default settings in /etc/syslog.conf . They provide
for multiple logging of mesages that match more than one of the match
criteria in the file. For example (looking at LRP 2.9.8), all kern.*
messages go to kern.log, and some of them will also match the settings for
syslog and messages. This is all very handy for systems with real mass
storage, but the redundencies are probably unsuited to quasi-embedded setups
like LRP, where storage is very limited.
I wonder if we might do better to use a simple syslog.conf that just logs
everything to messages -OR- syslog?
[rest deleted]
--
------------------------------------"Never tell me the odds!"---
Ray Olszewski -- Han Solo
Palo Alto, CA [EMAIL PROTECTED]
----------------------------------------------------------------
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
