From owner-freebsd-questions  Fri Jul 31 14:17:21 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA01650
          for freebsd-questions-outgoing; Fri, 31 Jul 1998 14:17:21 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA01621
          for <freebsd-questions@FreeBSD.ORG>; Fri, 31 Jul 1998 14:17:09 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by resnet.uoregon.edu (8.8.5/8.8.8) with SMTP id OAA05127;
          Fri, 31 Jul 1998 14:16:58 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Date: Fri, 31 Jul 1998 14:16:57 -0700 (PDT)
From: Doug White <dwhite@resnet.uoregon.edu>
To: Brian Neal <brian@free1.cetinc.com>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Logfile question
In-Reply-To: <199807302222.WAA14541@free1.cetinc.com>
Message-ID: <Pine.BSF.4.00.9807311416190.14321-100000@resnet.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Thu, 30 Jul 1998, Brian Neal wrote:

> I have a question regarding logfile rotation and removal.  Specifically, my
> messages and ftpd files have disappeared.  This is 2.2.6-STABLE.  I was
> wondering if they would be deleted to free up space?  There was an incident
> on this machine a few days ago, someone got ahold of a username and password
> and got into the system via ftp.  This individual did not, however, have
> permissions necessary to delete any of these files, however, since I have no
> logs, I can't tell what did happen.  If this individual used some kind of
> password dictionary to get in (obviously generating a very large amount of
> unsuccessfull login attempts), could the messages log have been deleted to
> conserve space?

They could have been rolled (they'd be in /var/log/messages.?.gz) and for
some reason newsyslog couldn't touch /var/log/messages then restart
syslogd to get things flowing again.


Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message