 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Start auditing new client's machines. Quick look through log files....
On server01 /var/log/messages is 83 GiB!!!! That's in less than a month
- oldest message is dated 1 Oct 2008. This guy needs help ;-)
Anyone seen bigger log files?
John
--
"Eppur si muove" - Galileo Galilei
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Doctor John wrote:
> Anyone seen bigger log files?
I had a problem on a machine with a hardware fault, and about twice a
second it would log three or four lines to the log queue. Sucked up 500G
in about 2 weeks or some such. I don't know that counts, tho. :-)
--
Darren New / San Diego, CA, USA (PST)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 27-Oct-08 21:31, Doctor John wrote:
> Start auditing new client's machines. Quick look through log files....
> On server01 /var/log/messages is 83 GiB!!!!
I am sure you mean quick look *at* the log files or even at the
directory entry. I am not prepared to believe you read that all, not
even superficially.
> That's in less than a month
> - oldest message is dated 1 Oct 2008. This guy needs help ;-)
>
> Anyone seen bigger log files?
>
> John
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
andrel wrote:
> I am sure you mean quick look *at* the log files or even at the
> directory entry. I am not prepared to believe you read that all, not
> even superficially.
Considering even on a fast drive, it's a 20-minute transfer just to read
the file off the disk... :-)
--
Darren New / San Diego, CA, USA (PST)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 27-Oct-08 22:06, Darren New wrote:
> andrel wrote:
>> I am sure you mean quick look *at* the log files or even at the
>> directory entry. I am not prepared to believe you read that all, not
>> even superficially.
>
> Considering even on a fast drive, it's a 20-minute transfer just to read
> the file off the disk... :-)
>
Any estimate on how much to scroll it over your window.
Reminds me of the story of the it department in the late 70's or early
80's that used to print the core dump on paper. When they got a new
machine with a virtual memory of 4GB they were not allowed to do that
anymore. (not enough paper in this world, please insert a new world)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
andrel wrote:
> On 27-Oct-08 21:31, Doctor John wrote:
>> Start auditing new client's machines. Quick look through log files....
>> On server01 /var/log/messages is 83 GiB!!!!
>
> I am sure you mean quick look *at* the log files or even at the
> directory entry. I am not prepared to believe you read that all, not
> even superficially.
I stand corrected. Read what I mean not what I write ;-)
John
--
"Eppur si muove" - Galileo Galilei
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Doctor John wrote:
> Start auditing new client's machines. Quick look through log files....
> On server01 /var/log/messages is 83 GiB!!!! That's in less than a month
> - oldest message is dated 1 Oct 2008. This guy needs help ;-)
>
> Anyone seen bigger log files?
>
> John
FWIW the reason for the file's size was a bunch of dictionary attacks on
ssh. They failed but why was port 22 open to the internet in the first
place?
John
--
"Eppur si muove" - Galileo Galilei
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Doctor John wrote:
> FWIW the reason for the file's size was a bunch of dictionary attacks on
> ssh. They failed but why was port 22 open to the internet in the first
> place?
That's what it's for. :-) I mean, really, if you want to get in from
outside, you leave port 22 open, yes?
Now, if they didn't want anyone to ever get into it from outside the
LAN, sure. But you didn't say that. ;-)
I'm pretty sure I've seen code to temporarily close port 22 after a
sufficient number of ssh login failures. Sort of like locking out the
whole demon, and not just one account.
--
Darren New / San Diego, CA, USA (PST)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
