Woops. I changed my logging level when this started, and is happening with the
log rotate (happens daily on one machine, and weekly on the others, which is
why it looked like it was spreading).
Thanks anyway.
Jacob
On Mon, 09 Apr 2001, you wrote:
> I've got some funny entries in some of my logs:
>
> <Date> <Time> <Host> syslogd 1.3-3: restart (remote reception).
>
> With several identical messages all occuring within a second of each other.
>
> The <Host> portion of this message is my remote logging server. I've also got
> entries for syslogd being restarted on several other systems, without the
> "remote reception". Sometimes these entries occur simultaneously with the
> entries on the logging server, othertimes not. Sometimes there are several
> within a second, and othertimes, within several seconds. This started on the
> logging host around the first of April, and has spread to other systems since.
> All entries are happening around the same time every morning, but there are no
> entries in the crontabs which offer me any clues.
>
> syslogd version 1.3-3 on all systems.
>
> I'm up to date on the Errata for all these systems.
>
> There is nothing else in the logs other than normal activity for 10 lines of
> context (forward and backward). utmpdump of utmp and wtmp shows nothing other
> than my last entries. tripwire shows nothing weird. snort logs show some
> activity, but nothing out of the ordinary.
>
> What's causing this? The "remote reception" bit has me worried. The fact that
> syslogd is being restarted without my causing it to do so, and without evidence
> of other problems, has me almost panicked. It starting on one system and then
> showing up on other, NON-identical, systems is also of serious concern.
>
> Do I need to start assuming that I've been compromised, or is there something
> else which could explain it? I've seen where the "restart (remote reception)."
> can occur with kernel memory allocation problems, but I don't see any messages
> to indicate a memory allocation problem. And I haven't been able to find a
> report of this message being caused by anything else.
>
> --
> Jacob Killian
> PGTC System Administrator
>
> <mailto: [EMAIL PROTECTED]>
> <http://www.pgtc.net>
>
> 501-846-7245
>
> "Long may we walk" --my mom
--
Jacob Killian
PGTC System Administrator
<mailto: [EMAIL PROTECTED]>
<http://www.pgtc.net>
501-846-7245
"Long may we walk" --my mom
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
