Hello! I found in message.log following messages:" 2010-10-19T22:24:58.641707+02:00 localhost suhosin[1669]: ALERT - script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker '2001:470:1f0b:1ab 3:1ce3:a6fc:750f:fde1', file '/dane/domeny/xxxxx', line 96) 2010-10-20T09:23:28+02:00 localhost sshd[23129]: error: PAM: Authentication failure for marcin from 127-goc-33.acn.waw.pl 2010-10-20T09:23:30+02:00 localhost sshd[23129]: Accepted keyboard-interactive/pam for marcin from 94.75.108.127 port 49875 ssh2 2010-10-20T10:27:54.593338+02:00 localhost kernel: [167143.457207] deliver[667]: segfault at 48 ip 9af8c707 sp b220b910 error 6 in libdovecot-storage.so.0.0.0[9af2f000+a3000] 2010-10-20T15:37:25.404441+02:00 localhost rsyslogd-2177: imuxsock begins to drop messages from pid 12703 due to rate-limiting 2010-10-20T15:37:27.006681+02:00 localhost rsyslogd-2177: imuxsock lost 147 messages from pid 12703 due to rate-limiting 2010-10-20T15:37:28.850821+02:00 localhost rsyslogd-2177: imuxsock begins to drop messages from pid 12703 due to rate-limiting 2010-10-20T15:37:33.003283+02:00 localhost rsyslogd-2177: imuxsock lost 462 messages from pid 12703 due to rate-limiting "
It's fine rate-limit cut off many messages, but is it possible that imuxsock provide what message is dropped? From this log i don't know which application floods log (probably php-cgi) and what was the message. Could be message from rate-limit extended with info about: name of pid and message? E.g.: "2010-10-20T15:37:28.850821+02:00 localhost rsyslogd-2177: imuxsock begins to drop messages from pid 12703 due to rate-limiting, *last mesasge was*: localhost suhosin[1669]: ALERT - script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker '2001:470:1f0b:1ab 3:1ce3:a6fc:750f:fde1', file '/dane/domeny/xxxxx', line 96)" Regards! _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
