[EMAIL PROTECTED] wrote:
>
> Patrick, I did both and both had the same effect. Even the nmap test makes
> my syslog, messages and kern.log logfiles almost 1MB in size which toasts
> weblet viewing of them. The email I get from vulnerabilities.org after the
> nmap scan is complete says it checks ~1500 ports. It appears that much
> scanning kills my weblet interface. It seems weird that a 16MB system can
> get screwy with only a few megs of logs.
I have 32 RAM with the ramdisk set to 16 so I'm a bit spoiled with disk
space. But I've noticed that if the logs are filled, to a certain level,
they will be difficult to see through weblet. If you use ssh to the LRP
machine and look at things the "manual" way there is no unusual
behavior. Maybe Charles can point out why that happens, I don't really
know why. Try using the ae editor or whichever you're using and look at
the logs on the LRP machine, itself. You shouldn't have any problems.
It's probably something that can be adjusted in weblet.lrp.
> After the scan is complete every local link on weblet takes the browser to a
> blank page. The only way I am able to get the weblet interface working
> again is to reboot. The firewall still routes traffic OK, which is the main
> thing.
> Here's the log section of my lrp.conf. I read it as saying if space
> available is <= 2% logfiles will be wiped, starting with the oldest and
> working to the newest until >2% space is available. When is this algorithm
> executed? Is it every time a log operation is performed or is it on some
> periodic basis?
>
> Ideally I'd like the firewall to keep weblet operational and dump logging
> info rather than allowing intruder attacks to kill weblet.
> lrp_SPACECHECK=NO # YES or NO
That's probably it, you have to enable it with YES...try it out.
Back it up and try a new port scan and see if it works.
> lrp_SC_MINKB=-1 # <= -1 to disable.
> lrp_SC_MINPER=2 # >= 101 to disable. Default 2%.
> lrp_SC_MAIL_LEVEL=2 # >= 6 to disable.
>
> lrp_SC_DEL_L1="/var/log/*[4-9].gz"
> lrp_SC_DEL_L2="/var/log/*[1-3].gz"
> lrp_SC_DEL_L3="/var/log/*.gz"
> lrp_SC_DEL_L4="/var/log/*.0"
> lrp_SC_DEL_L5="/var/log/wtmp"
--
Patrick Benson
Stockholm, Sweden
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
