Ray Olszewski wrote:
> At 10:45 PM 4/26/01 -0700, Scott C. Best wrote:
> ...
>
>> Makes me wonder though. At the start of the scan,
>> /var/log/syslog, messages and kern.log were 15k, 13k, and
>> 13k respectively. After the scan...all *three* of them were
>> over 980k before I ran out of disk space.
>> Sure, a brute-force DOS attack but...what am I doing
>> wrong where each packet log gets recorded in 3 places?
>
>
> I forget which version of LRP you use, but probably what you're doing
> "wrong" is accepting the default settings in /etc/syslog.conf . They provide
> for multiple logging of mesages that match more than one of the match
> criteria in the file. For example (looking at LRP 2.9.8), all kern.*
> messages go to kern.log, and some of them will also match the settings for
> syslog and messages. This is all very handy for systems with real mass
> storage, but the redundencies are probably unsuited to quasi-embedded setups
> like LRP, where storage is very limited.
>
> I wonder if we might do better to use a simple syslog.conf that just logs
> everything to messages -OR- syslog?
In that case syslogd could perhaps be replaced with the busybox syslogd.
Ewald Wasscher
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
