RE: fam and logwatch

• Previous message: Tim: "kernel: Out of Memory"
• In reply to: Greg Ennis: "fam and logwatch"
• Next in thread: Mike Klinke: "Re: fam and logwatch"
• Reply: Mike Klinke: "Re: fam and logwatch"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: "For users of Fedora Core releases" <fedora-list@redhat.com>
Date: Tue, 30 Mar 2004 08:30:32 -0600

Hey,

I'm being flogged to death this log file... I would sure appreciate some help. My
'message' and 'secure' logs are way too LARGE! I apologize for sending this request
again!

Any ideas as a starting place for me?

Greg
-------------------------------------------------------------------------------------

---
Everyone,
I have a new FC1 installation which was working fine until 3 days ago when the
logwatch files started getting to be as big as 75 megs.  (Too big for outlook2000,
but not too big for Linux to manage).
The entries that  I have been getting come from the message log file and the secure
log file.  The secure log file is being filled at a rate of up to 17 of the same
entries per second at times.
Secure:
Mar 26 07:46:39 Pt xinetd[26320]: FAIL: sgi_fam libwrap from=<no address>
Mar 26 07:46:39 Pt xinetd[1098]: START: sgi_fam pid=26321 from=<no address>
Mar 26 07:46:44 Pt xinetd[26321]: FAIL: sgi_fam libwrap from=<no address>
Mar 26 07:46:45 Pt xinetd[1098]: START: sgi_fam pid=26322 from=<no address>
Mar 26 07:46:49 Pt xinetd[26322]: FAIL: sgi_fam libwrap from=<no address>
Mar 26 07:46:49 Pt xinetd[1098]: START: sgi_fam pid=26323 from=<no address>
Mar 26 07:46:52 Pt xinetd[26323]: FAIL: sgi_fam libwrap from=<no address>
Mar 26 07:46:52 Pt xinetd[1098]: START: sgi_fam pid=26324 from=<no address>
Mar 26 07:46:55 Pt xinetd[26324]: FAIL: sgi_fam libwrap from=<no address>
Message:
Mar 26 07:43:57 Pt xinetd[25673]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
Mar 26 07:43:59 Pt xinetd[25674]: warning: can't get client address: Transport
endpoint is not connected
Mar 26 07:44:01 Pt xinetd[25674]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
Mar 26 07:44:05 Pt xinetd[25675]: warning: can't get client address: Transport
endpoint is not connected
Mar 26 07:44:06 Pt xinetd[25675]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
Mar 26 07:44:10 Pt xinetd[25676]: warning: can't get client address: Transport
endpoint is not connected
Mar 26 07:44:11 Pt xinetd[25676]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
Mar 26 07:44:13 Pt xinetd[25677]: warning: can't get client address: Transport
endpoint is not connected
Mar 26 07:44:14 Pt xinetd[25677]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
The man pages for fam indicate that it is used to determine if a file has been
changed, and looks like FC1 is only calling it through xinetd.
My /etc/fam.conf file has the following entries which have not been changed from the
installation defaults.
insecure_compatibility = false
untrusted_user = nobody
local_only = false
xtab_verification = true
My /etc/xinet.d/sig_fam file has the following:
# default: on
# description: FAM is a file monitoring daemon. It can \
# be used to get reports when files change.
service sgi_fam
{
        type         = RPC UNLISTED
        socket_type  = stream
        user         = root
        group        = nobody
        server       = /usr/bin/fam
        wait         = yes
        protocol     = tcp
        rpc_version  = 2
        rpc_number   = 391002
        bind         = 127.0.0.1
}
The only other message that is pecuilar in the logwatch report is:
Can't locate these modules:
   char-major-10-134: 1 Time(s)
   char-major-180: 2 Time(s)
   char-major-188: 2 Time(s)
I have been using yum for updates and my system has been updated properly.
Sure would appreciate some pointers on solving this problem.
Thank you,
Greg Ennis
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

• Previous message: Tim: "kernel: Out of Memory"
• In reply to: Greg Ennis: "fam and logwatch"
• Next in thread: Mike Klinke: "Re: fam and logwatch"
• Reply: Mike Klinke: "Re: fam and logwatch"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: ... forbidden with client authentication scheme Anonymous ... the service that is acting as the client is not setup as such. ... Both the client and server use the same classes for WCF. ... A secure Host/Receiver is created as follows: ... // non-secure endpoint code not shown ... (microsoft.public.dotnet.framework.webservices) Re: ... forbidden with client authentication scheme Anonymous ... Both the client and server use the same classes for WCF. ... A secure Host/Receiver is created as follows: ... // non-secure endpoint code not shown ... the server posts to the client's endpoint. ... (microsoft.public.dotnet.framework.webservices) fam and logwatch ... I have a new FC1 installation which was working fine until 3 days ago when the ... logwatch files started getting to be as big as 75 megs. ... The entries that I have been getting come from the message log file and the secure ... endpoint is not connected ... (Fedora) Re: Checkpoint FW-1 R55 blocking on rule 995? ... register an account on the checkpoint site, and search the secure ... knowledgebase. ... There are several entries for rule 995. ... (comp.security.firewalls) Re: could someone be using my IP address. ... concerned that someone in my street is using my connection!! ... are any entries there that don't appear to be on your network, do a release on them and change your WEP/WPA keys immediately. ... I'm assuming that you are using WPA and have set a password other than the defaults, in which case there's a reasonable chance you're secure. ... (alt.internet.wireless)