Search Results

Search found 764 results on 31 pages for 'syslog'.

Page 6/31 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >

• Most common account names used in ssh brute force attacks

  - by Charles Stewart

  Does anyone maintain lists of the most frequently guessed account names that are used by attackers brute-forcing ssh? For your amusement, from my main server's logs over the last month (43 313 failed ssh attempts), with root not getting as far as sshd: cas@txtproof:~$ grep -e sshd /var/log/auth* | awk ' { print $8 }' | sort | uniq -c | sort | tail -n 13 32 administrator 32 stephen 34 administration 34 sales 34 user 35 matt 35 postgres 38 mysql 42 oracle 44 guest 86 test 90 admin 16513 checking

  Read the article

• Log centralization, display, transport and aggregation at scale v2

  - by Eric DANNIELOU

  This is a duplicate question of Log transport and aggregation at scale and http://stackoverflow.com/questions/1737693/whats-the-best-practice-for-centralised-logging, but the answers might differ now : The softwares described in 2009 may have changed since (for example Octopussy evolved from version 0.9 to 1.0.5). Rsyslog has become the default on most linux distro. Requirements have changed (security, software configuration management, ...). I'd like to ask the following questions : How do you centralize, display and archive system logs? How would you like to do it now if you had to? Most linux distro use rsyslog nowadays, which can provide reliable log transport. But some older unices, network devices and maybe windows box still use old udp rfc-style transport. How did you manage to get reliable transport? Storing logs for a few months can represent a huge amount of disk space. How do you store them? rdbms? Compressed and encrypted text files?

  Read the article

• Windows SteadyState - system's security log is full

  - by Matt

  Quick version: New computer, attached to Windows domain, with SteadyState w/ Disk Protection turned on, cannot log on as domain user because Windows states 'system security log is full' Troubleshooting performed: disabled all 'restrictions' listed in SteadyState, cleared system security log, changed security log settings to overwrite entries when it becomes full, restarted computer to commit changes, verified changes were commited - still cannot log on as domain user, changed Documents and Settings folder to another partition, still cannot log on as domain user Let me know if you need a more detailed description of any steps performed. I appreciate any help you can give me.

  Read the article

• rsyslog - regex trouble

  - by benmccann

  I'm trying to setup the logentries service. If a log entry has a token in it then I would like to send it to api.logentries.com:10000. The token is a guid in the format aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee. Right now I'm doing: # If there's a logentries token then send it directly to logentries :msg, regex, ".*[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}.*" & @@api.logentries.com:10000 I checked the rsyslog debug logs and my regex is not matching, but I can't figure out why or how to fix it: 5245.961161378:7fb79b514700: Filter: check for property 'msg' (value ' fb1c507f-2ede-4d7f-a140-2bd8d56e133 - application - [play-akka.actor.default-dispatcher-1] - Found user: 4fb11ea5e4b00a1aeebe2800') regex '.*[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}.*': FALSE

  Read the article

• Snort/Barnyard2-1.10 LOG_SYSLOG_FULL Output Logging

  - by Ron

  With log_syslog_full opertion mode set to complete you get the below output. Can some explain to me what the bold parts are? I have been searching and cannot find any documention explaining the new file output format. Thanks | [SNORTIDS[LOG]: [IDS1] ] || 2012-11-28 20:31:31.747+-06 1 [1:2803567:3] ETPRO POLICY Suspicious User-Agent (LuaSocket) || trojan-activity || 6 69.2.42.86 64.129.104.173 5 0 0 146 38060 0 0 3635 0 || 41848 80 4082109343 3023118530 8 0 24 32768 39439 0 || 160 00000C07AC050023EBABC57A08004500009294AC0000FF060E3345022A56408168ADA3780050F3500B9FB43120C2801880009A0F00000101080A3198E2CD00000000686F73743A20757064617465732E69726F6E706F72742E636F6D0D0A757365722D6167656E743A204C7561536F636B657420322E300D0A74653A20747261696C6572730D0A636F6E6E656374696F6E3A20636C6F73652C2054450D0A0D0A ||

  Read the article

• How to add message that will be read with dmesg?

  - by calandoa

  I am trying to write some custom messages in my dmesg output. I tried: logger "Hello" but this does not work. It exits without error, but no "Hello" appears int the output of: dmesg I am using a Fedora 9, and it seems that there is no syslogd/klogd daemon running. However, all my kernel messages are succesfully written in the dmesg buffer. Any idea?

  Read the article

• Forward Windows Events Logs to Rsyslog

  - by SamCulley

  Thanks for taking time to read this post. Basically I would like to forward Windows Events Logs from all my desktop clients to a linux box with rsyslog on. Rsyslog provide a Windows agent to do just that but its 40 euros per license and when you have x amount of machines that cost adds up. I was wondering if there is a FOSS alternative available I have tried searching the Google but haven't managed to find anything. Hopefully someone might already faced this same problem and are using an alternative that they could recommend. Again thanks for reading, Kind Regards Sam

  Read the article

• Postfix logs missing information on delivery status (postfix/smtp message)

  - by hegemon

  I noticed a problem with postfix logs, that information on some of emails delivery status is missing. The issue affects about 1% of emails. "Healthy" log: <server># grep 8EB992EFBB44 postfix_log/mail04.log Jun 5 03:09:29 mail04 postfix/smtpd[8537]: 8EB992EFBB44: client=xxx.xxx.xxx[xxx.xxx.xxx.xxx] Jun 5 03:09:29 mail04 postfix/cleanup[34349]: 8EB992EFBB44: message-id=<[email protected]> Jun 5 03:12:02 mail04 postfix/qmgr[76377]: 8EB992EFBB44: from=<[email protected]>, size=48845, nrcpt=1 (queue active) Jun 5 03:15:12 mail04 postfix/smtp[35058]: 8EB992EFBB44: to=<[email protected]>, relay=mx.baz.com[xxx.xxx.xxx.xxx]:25, conn_use=70, delay=343, delays=153/190/0/0.24, dsn=2.0.0, status=sent (250 ok) Jun 5 03:15:12 mail04 postfix/qmgr[76377]: 8EB992EFBB44: removed "Broken" log: <server># grep F3C362EF37CA postfix_log/mail04.log Jun 5 04:03:27 mail04 postfix/smtpd[39666]: F3C362EF37CA: client=xxx.xxx.xxx[xxx.xxx.xxx.xxx] Jun 5 04:03:27 mail04 postfix/cleanup[41287]: F3C362EF37CA: message-id=<[email protected]> Jun 5 04:03:28 mail04 postfix/qmgr[76377]: F3C362EF37CA: from=<[email protected]>, size=48892, nrcpt=1 (queue active) ** here should be a log line from postfix/smtp but there is none ** Jun 5 04:03:29 mail04 postfix/qmgr[76377]: F3C362EF37CA: removed Background information: system: FreeBSD xxx.xxx.xxx 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC 2011 [email protected]:/usr/obj/usr/src/sys/GENERIC amd64 Postfix is installed inside jail. Logs are on the same machine, log dir is mounted thru nullfs. The site has spikes of heavy load, causing disks (local) to run at 100%. Update The log is rotated daily, current size is ~ 500MB. I made a test by queuing 99000 messages to same destination (in order to rule out dns/network/mx issues). 5715 messages don't have any DSN record. Failed messages queue time is spread evenly over time, i don't see any time-bound issues. Some undelivered emails: envelopeid | processed_time --------------+---------------------------- 8D7652EF3BAE | 2012-06-06 13:19:11.072715 DD53A2EF3C5C | 2012-06-06 13:33:24.374783 8C52F2EF4E3F | 2012-06-06 13:39:15.810616 BBC572EF525C | 2012-06-06 13:44:22.762812 E95822EF54D1 | 2012-06-06 13:52:01.134533 839DD2EF4FBB | 2012-06-06 14:13:48.511236 017EE2EF6234 | 2012-06-06 15:04:48.618963 Those are a few picks, such records of undelivered email occur almost every second. <server># egrep '(8D7652EF3BAE|BBC572EF525C|017EE2EF6234)' mail04.log Jun 6 13:19:10 mail04 postfix/smtpd[20350]: 8D7652EF3BAE: client=xxx.xxx.xxx[xxx.xxx.xxx.xxx] Jun 6 13:19:10 mail04 postfix/cleanup[21024]: 8D7652EF3BAE: message-id=<[email protected]> Jun 6 13:19:10 mail04 postfix/qmgr[7939]: 8D7652EF3BAE: from=<[email protected]>, size=63718, nrcpt=1 (queue active) Jun 6 13:19:11 mail04 postfix/qmgr[7939]: 8D7652EF3BAE: removed Jun 6 13:44:22 mail04 postfix/smtpd[20346]: BBC572EF525C: client=xxx.xxx.xxx[xxx.xxx.xxx.xxx] Jun 6 13:44:22 mail04 postfix/cleanup[24811]: BBC572EF525C: message-id=<[email protected]> Jun 6 13:44:22 mail04 postfix/qmgr[7939]: BBC572EF525C: from=<[email protected]>, size=63758, nrcpt=1 (queue active) Jun 6 15:04:49 mail04 postfix/smtpd[20344]: 017EE2EF6234: client=xxx.xxx.xxx[xxx.xxx.xxx.xxx] Jun 6 15:04:49 mail04 postfix/cleanup[35585]: 017EE2EF6234: message-id=<[email protected]> Jun 6 15:04:49 mail04 postfix/qmgr[7939]: 017EE2EF6234: from=<[email protected]>, size=63706, nrcpt=1 (queue active) <server># <server># find /var/spool/postfix/active/ -type f -print | wc -l 1 <server># IMPORTANT: As you can see above some of emails doesn't event have the removed line.

  Read the article

• Reduce munin logging level

  - by petrus

  Munin is quite verbose, and logs a bunch of things into munin-graph.log, munin-html.log, munin-limits.log and munin-update.log at each run of munin-cron. I already reduced munin-node logging level by setting log_level 0 in munin-node.conf, and that works well. munin-node.log only gets updated when an error message is generated. However I also tried to add the same option in munin.conf, but it makes munin crash. How one can reduce the amount of logs written by munin?

  Read the article

• How do I permanently delete /var/log/lastlog?

  - by GregB

  My /var/log/lastlog file is huge. I know it's really only a few kilobytes, but tar isn't smart enough to know that, so when I image a virtual machine, my restore fails because it thinks I'm trying to load more data than I have capacity on my disk. I want to delete /var/log/lastlog and stop any and all logging to the file. I'm aware of the security implications. This logging needs to stop to preserve my backup strategy. I've made a change to /etc/pam.d/login which I was told would disable logging to /var/log/lastlog, but it does not appear to work as /var/log/lastlog keeps growing. # Prints the last login info upon succesful login # (Replaces the `LASTLOG_ENAB' option from login.defs) #session optional pam_lastlog.so Any ideas? EDIT For anyone interested, I use Centrify Express to authenticate my users via LDAP. Centrify Express is "free", but one of the drawbacks is that I can't manage user UIDs via LDAP, so they are given a dynamic UID when they login to a server. Centrify picks some crazy high UID values (so they don't conflict with local users on the server, presumably). /var/log/lastlog is indexed by UID, and grows to accommodate the largest UID on the system. This means that when a Centrify user logs in, they get a UID in the upper-end of the UID range, which causes lastlog to allocate an obscene amount of space, according to the file system. ~$ ll /var/log/lastlog -rw-rw-r-- 1 root root 291487675780 Apr 10 16:37 /var/log/lastlog ~$ du -h /var/log/lastlog 20K /var/log/lastlog More Into --- Sparse Files

  Read the article

• Outbound Traffic Logging on ASA 5520 possible?

  - by j2k4j

  Taking a look at the ASDM (6.4) for my ASA 5520, I get a nice summary of the traffic status, with items like "interface traffic usage", and "connections per second". This works well, but only shows the data for the last 5-6 minutes or so. Recently, I've been asked whether it's possible to pull up this same type of traffic data for a particular time in the past. (Such as: Find the traffic usage for a 3 minute period from date xx:xx:xx @ time xx:xx:xx) I've noticed that my ASA 5520 is logging the warning, errors, etc that it is processing. But traffic data is not logged (yet) according to my search through the ASA. Is logging the traffic data amounts (as wondered above) actually a possibility? Is there any way to find out the past data for traffic and such values? Thanks!

  Read the article

• Print out the amount of times 2 words appear in the syslog. But also have it tell me how many times for each hour

  - by wolfspinone

  So I'm trying to create a bash script that looks for two words in my syslog file. Then I want the script to print out how many times those two words have appeared. Also I want it to print it out for every hour of the day. So like if the word dog appeared 4 times during the first hour of today, it says Hour one, dog 4. Finally at the end of the script I want it to print out how many times those words appeared all day. The sudo code I have thus far is if 2 > hour find permit find block print both finish if 1 < hour < 2 find permit find block print both finish if 2 < hour < 3 find permit find block print both finish command is grep -o "\WORD\" Syslog.txt * | sort | uniq -c

  Read the article

• How can I get Syslogging to work on the JVM?

  - by Synesso

  I want to do syslogging from Java. There is a log4j appender, but it doesn't seem to work (for me anyway ... though Google results show many others with this issue still unresolved). I'm trying to debug the appender, so I've written the following script based upon RFC3164 It runs, but no logging appears in the syslog. // scala import java.io._ import java.net._ val ds = new DatagramSocket() val fullMsg = "<11>May 26 14:47:22 Hello World" val packet = new DatagramPacket(fullMsg.getBytes("UTF-8"), fullMsg.length, InetAddress.getLocalHost, 514) ds send packet ds.close I also tried using /bin/nc, but it doesn't work either. echo "<14>May 26 15:23:83 Hello world" > nc -u localhost 514 The Ubuntu command /usr/bin/logger does work, however. logger -p user.info hello world # logs: May 26 15:25:10 dsupport2 jem: hello world What could I be doing wrong?

  Read the article

• How do you read a segfault kernel log message.

  - by Sullenx

  This can be a very simple question, I'm am attempting to debug an application which generates the following segfault error in the kern.log /var/log/kern.log.0:Jan 8 13:25:56 myhost kernel: myapp[15514]: segfault at 794ef0 ip 080513b sp 794ef0 error 6 in myapp[8048000+24000] Here are my questions: 1) Is there any documentation as to what are the diff error numbers on segfault, in this instance it is error 6, but i've seen error 4, 5 2) What is the meaning of the information at bf794ef0 ip 0805130b sp bf794ef0 and myapp[8048000+24000]? So far i was able to compile with symbols, and when i do a "x 0x8048000+24000" it returns a symbol, is that the correct way of doing it? My assumptions thus far are the following: sp = stack pointer? ip = instruction pointer at = ???? myapp[8048000+24000] = address of symbol?

  Read the article

• How to log messages to a log file in a specific path from a bash script

  - by Erik

  How do you log messages to a log file in a specific path from a bash script? A naive implementation would be commands like: echo My message >>/my/custom/path/to/my_script.log But this probably has many disadvantages (no log rotation for example). I could use the 'logger' command, but it does not support logs in custom paths as far as I know and is not easy to configure if you have lots of bash scripts that could use a custom log file. In a scripting language like Ruby all this is quite easy: https://github.com/rudionrails/yell/wiki/101-the-datefile-adapter I could also make my own logger command based on this ruby library and call it from my bash scripts, but I guess there is already a well known solution that provides similar behavior for shell scripts?

  Read the article

• Ubuntu 12.04 - syslog showing "SGI XFS with ACLs, security attributes, realtime, large block/inode numbers, no debug enabled"

  - by Tom G

  I have been seeing these random logs in syslog on our production system. There is no XFS setup. Fstab only shows local partitions, only EXT3 . There is nothing in crontabs either. The only file system related package I have installed is 'nfs-kernel-server' Kernel version is 3.2.0-31-generic . kernel: [601730.795990] SGI XFS with ACLs, security attributes, realtime, large block/inode numbers, no debug enabled kernel: [601730.798710] SGI XFS Quota Management subsystem kernel: [601730.828493] JFS: nTxBlock = 8192, nTxLock = 65536 kernel: [601730.897024] NTFS driver 2.1.30 [Flags: R/O MODULE]. kernel: [601730.964412] QNX4 filesystem 0.2.3 registered. kernel: [601731.035679] Btrfs loaded os-prober: debug: running /usr/lib/os-probes/mounted/10freedos on mounted /dev/vda1 10freedos: debug: /dev/vda1 is not a FAT partition: exiting os-prober: debug: running /usr/lib/os-probes/mounted/10qnx on mounted /dev/vda1 10qnx: debug: /dev/vda1 is not a QNX4 partition: exiting os-prober: debug: running /usr/lib/os-probes/mounted/20macosx on mounted /dev/vda1 macosx-prober: debug: /dev/vda1 is not an HFS+ partition: exiting os-prober: debug: running /usr/lib/os-probes/mounted/20microsoft on mounted /dev/vda1 20microsoft: debug: /dev/vda1 is not a MS partition: exiting os-prober: debug: running /usr/lib/os-probes/mounted/30utility on mounted /dev/vda1 30utility: debug: /dev/vda1 is not a FAT partition: exiting os-prober: debug: running /usr/lib/os-probes/mounted/40lsb on mounted /dev/vda1 debug: running /usr/lib/os-probes/mounted/70hurd on mounted /dev/vda1 debug: running /usr/lib/os-probes/mounted/80minix on mounted /dev/vda1 debug: running /usr/lib/os-probes/mounted/83haiku on mounted /dev/vda1 83haiku: debug: /dev/vda1 is not a BeFS partition: exiting os-prober: debug: running /usr/lib/os-probes/mounted/90bsd-distro on mounted /dev/vda1 83haikuos-prober: debug: running /usr/lib/os-probes/mounted/90linux-distro on mounted /dev/vda1 os-prober: debug: running /usr/lib/os-probes/mounted/90solaris on mounted /dev/vda1 os-prober: debug: /dev/vda2: is active swap Why would this randomly show up? This also spawns multiple "jfsCommit" processes.

  Read the article

• Rsyslog problem after ubuntu upgrade 10.4 to 12.4

  - by Oxymoron

  I was using Ubuntu 10.4 until last week for storing the log informations of a external device with rsyslog. After upgrading to ubuntu 12.4 the logging of TCP doesn't works anymore. (There are just no pakets visible - not even with tcpdump - aold ubuntu machine still sees the pakets.) UDP works with the identical configuration on the ubuntu machine and a "use UDP" on the external device. Are there any changes in rsyslog, that could explain this? My rsyslog.conf file looks like this (with more comments): $ModLoad imuxsock # provides support for local system logging $ModLoad imklog # provides kernel logging support (previously done by rklogd) #$ModLoad immark # provides --MARK-- message capability $KLogPath /proc/kmsg # provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514 ########################### #### GLOBAL DIRECTIVES #### ########################### $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # Set the default permissions for all log files. # $FileOwner syslog $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 $PrivDropToUser syslog $PrivDropToGroup syslog if $fromhost-ip startswith '192.168.0.10' then /var/log/caliDevice.log & ~ # local/regular rules, like '.' /var/log/syslog.log $IncludeConfig /etc/rsyslog.d/*.conf

  Read the article

• Fast extraction of a time range from syslog logfile?

  - by mike

  I've got a logfile in the standard syslog format. It looks like this, except with hundreds of lines per second: Jan 11 07:48:46 blahblahblah... Jan 11 07:49:00 blahblahblah... Jan 11 07:50:13 blahblahblah... Jan 11 07:51:22 blahblahblah... Jan 11 07:58:04 blahblahblah... It doesn't roll at exactly midnight, but it'll never have more than two days in it. I often have to extract a timeslice from this file. I'd like to write a general-purpose script for this, that I can call like: $ timegrep 22:30-02:00 /logs/something.log ...and have it pull out the lines from 22:30, onward across the midnight boundary, until 2am the next day. There are a few caveats: I don't want to have to bother typing the date(s) on the command line, just the times. The program should be smart enough to figure them out. The log date format doesn't include the year, so it should guess based on the current year, but nonetheless do the right thing around New Year's Day. I want it to be fast -- it should use the fact that the lines are in order to seek around in the file and use a binary search. Before I spend a bunch of time writing this, does it already exist?

  Read the article

• Rotate haproxy logs

  - by Jagbir

  I tried few things but still not able to rotate haproxy logs efficiently. I need to rotate logs when log files crosses 500 MB size. Considering haproxy is serving large no. of static tcp connections, I can not restart haproxy process though a reload is doable. Daily haproxy log file size normally crosses 3 GB on my machine. Here's sample from one of newer machine where log file size is growing beyond limit set: ubuntu@server:/mnt/log/haproxy$ ls -lsh total 4.3G 85M -rw-r----- 1 syslog adm 85M Jun 2 07:13 haproxy.log 2.9G -rw-r----- 1 syslog adm 2.9G Jun 2 06:37 haproxy.log.1 460M -rw-r----- 1 syslog adm 460M Jun 1 06:32 haproxy.log.2.gz 469M -rw-r----- 1 syslog adm 469M May 31 06:42 haproxy.log.3.gz 384M -rw-r----- 1 syslog adm 384M May 30 06:49 haproxy.log.4.gz ubuntu@server:/mnt/log/haproxy$ cat /etc/logrotate.d/haproxy /mnt/log/haproxy/haproxy.log { missingok copytruncate notifempty rotate 50 size 500M compress delaycompress }

  Read the article

• Unable to mount hard disk

  - by user101522

  I am unable to mount hard disk and got this message: Unable to mount 158 GB Filesystem Error mounting: mount: wrong fs type, bad option, bad superblock on /dev/sda1, missing codepage or helper program, or other error In some cases useful info is found in syslog - try dmesg | tail or so From the terminal, I tried syslog - try: No command 'syslog' found, did you mean: Command 'dsyslog' from package 'dsyslog' (universe) Command 'syslogd' from package 'sysklogd' (universe) Command 'syslogd' from package 'inetutils-syslogd' (universe) Command 'syslogd' from package 'busybox-syslogd' (universe) syslog: command not found Also tried dmesg | tail: [ 971.390588] sd 0:0:0:0: [sda] CDB: Read(10): 28 00 12 62 30 80 00 00 40 00 [ 971.390600] end_request: I/O error, dev sda, sector 308424832 [ 971.390605] Read-error on swap-device (8:0:308424840) [ 971.390608] Read-error on swap-device (8:0:308424848) [ 971.390617] Read-error on swap-device (8:0:308424856) [ 971.390620] Read-error on swap-device (8:0:308424864) [ 971.390623] Read-error on swap-device (8:0:308424872) [ 971.390626] Read-error on swap-device (8:0:308424880) [ 971.390629] Read-error on swap-device (8:0:308424888) [ 971.390632] Read-error on swap-device (8:0:308424896) It was fine before I tried to re-install 12.04 from the live CD (which failed due to the disk problem).

  Read the article

• Apache (Solaris 10): 2 symlinks to the same file, one works the other doesn't

  - by justcatchingrye

  I'm seeing a strange issue with Apache I have a system that pulls a configuration file from a web server. I want to use a symlink with the name 'ocds-dpsarch01a.rules'. This doesn't work. However, if I change one character in that name and link it to the same file, it works - See below I can't think of any reason why one symlink would work when another doesn't? I would have thought either the Apache configuration is right and all symlinks work, or it isn't and no syslinks work(?) Any thoughts welcome ls -l /REMOVED/apache2/htdocs/rules/syslog/*cds-dpsarch01a.rules lrwxrwxrwx 1 root root 62 May 13 13:55 ocds-dpsarch01a.rules - /REMOVED/apache2/htdocs/templates/syslog/DCM_SST_DPST_01.rules lrwxrwxrwx 1 root root 62 May 13 13:52 xcds-dpsarch01a.rules - /REMOVED/apache2/htdocs/templates/syslog/DCM_SST_DPST_01.rules 1) Application starting and successfully reading configuration from the web server 13/05/2010 13:56:37: Information: Connecting ... 13/05/2010 13:56:37: Debug: Reading REMOVED:// REMOVED /rules/syslog/xcds-dpsarch01a.rules 13/05/2010 13:56:37: Debug: HTTP response: HTTP/1.1 200 OK Date: Thu, 13 May 2010 13:56:34 GMT Server: Apache Last-Modified: Fri, 09 Apr 2010 12:28:26 GMT ETag: "5073-a744-ee92ae80" Accept-Ranges: bytes Content-Length: 42820 Cache-Control: max-age=5 Expires: Thu, 13 May 2010 13:56:39 GMT NL7C-Filtered: Content-Type: text/plain Connection: close 13/05/2010 13:56:37: Debug: Plain text rules file detected. 2) Application starting and failing to read configuration from the web server 13/05/2010 13:56:55: Information: Connecting ... 13/05/2010 13:56:55: Debug: Reading REMOVED :// REMOVED /rules/syslog/ocds-dpsarch01a.rules 13/05/2010 13:56:55: Debug: HTTP response: HTTP/1.1 403 Forbidden Date: Wed, 12 May 2010 15:25:11 GMT Server: Apache Vary: accept-language,accept-charset Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=iso-8859-1 Content-Language: en Expires: Wed, 12 May 2010 15:25:11 GMT 13/05/2010 13:56:55: Error: HTTP: HTTP/1.1 403 Forbidden Date: Wed, 12 May 2010 15:25:11 GMT Server: Apache Vary: accept-language,accept-charset Accept-Ranges: bytes Connection: close Content-Type: text/html; charset=iso-8859-1 Content-Language: en Expires: Wed, 12 May 2010 15:25:11 GMT 13/05/2010 13:56:55: Error: HTTP GET failed 13/05/2010 13:56:55: Error: Failed to open Rules file: REMOVED :// REMOVED /rules/syslog/ocds-dpsarch01a.rules

  Read the article

• Log transport and aggregation at scale

  - by markdrayton

  How're you analysing log files from UNIX/Linux machines? We run several hundred servers which all generate their own log files, either directly or through syslog. I'm looking for a decent solution to aggregate these and pick out important events. This problem breaks down into 3 components: 1) Message transport The classic way is to use syslog to log messages to a remote host. This works fine for applications that log into syslog but less useful for apps that write to a local file. Solutions for this might include having the application log into a FIFO connected to a program to send the message using syslog, or by writing something that will grep the local files and send the output to the central syslog host. However, if we go to the trouble of writing tools to get messages into syslog would we be better replacing the whole lot with something like Facebook's Scribe which offers more flexibility and reliability than syslog? 2) Message aggregation Log entries seem to fall into one of two types: per-host and per-service. Per-host messages are those which occur on one machine; think disk failures or suspicious logins. Per-service messages occur on most or all of the hosts running a service. For instance, we want to know when Apache finds an SSI error but we don't want the same error from 100 machines. In all cases we only want to see one of each type of message: we don't want 10 messages saying the same disk has failed, and we don't want a message each time a broken SSI is hit. One approach to solving this is to aggregate multiple messages of the same type into one on each host, send the messages to a central server and then aggregate messages of the same kind into one overall event. SER can do this but it's awkward to use. Even after a couple of days of fiddling I had only rudimentary aggregations working and had to constantly look up the logic SER uses to correlate events. It's powerful but tricky stuff: I need something which my colleagues can pick up and use in the shortest possible time. SER rules don't meet that requirement. 3) Generating alerts How do we tell our admins when something interesting happens? Mail the group inbox? Inject into Nagios? So, how're you solving this problem? I don't expect an answer on a plate; I can work out the details myself but some high-level discussion on what is surely a common problem would be great. At the moment we're using a mishmash of cron jobs, syslog and who knows what else to find events. This isn't extensible, maintainable or flexible and as such we miss a lot of stuff we shouldn't. Updated: we're already using Nagios for monitoring which is great for detected down hosts/testing services/etc but less useful for scraping log files. I know there are log plugins for Nagios but I'm interested in something more scalable and hierarchical than per-host alerts.

  Read the article

• C++ dynamic array causes segmentation fault at assigment

  - by opc0de

  I am doing a application witch uses sockets so I am holding in an array the sockets handles.I have the following code: while(0 == 0){ int * tx = (int*)(malloc((nr_con + 2) * sizeof(int))); if (conexiuni != NULL) { syslog(LOG_NOTICE,"Ajung la eliberare %d",nr_con); memcpy(&tx[0],&conexiuni[0],(sizeof(int) * (nr_con))); syslog(LOG_NOTICE,"Ajung la eliberare %d",nr_con); free(conexiuni); } conexiuni = tx; syslog(LOG_NOTICE,"Ajung la mama %d",nr_con); //The line bellow causes a segfault at second connection if ((conexiuni[nr_con] = accept(hsock,(sockaddr*)(&sadr),&addr_size)) != -1) { nr_con++; syslog(LOG_NOTICE,"Primesc de la %s",inet_ntoa(sadr.sin_addr)); syslog(LOG_NOTICE,"kkt %d",conexiuni[nr_con - 1]); int * sz = (int*)malloc(sizeof(int)); *sz = conexiuni[nr_con - 1]; syslog(LOG_NOTICE,"after %d",*sz); pthread_create(&tidi,0,&ConexiuniHandler, sz); } } When I connect the second time when I assign the array the program crashes. What am I doing wrong? I tried the same code on Windows and it works well but on Linux it crashes.

  Read the article

• Ubuntu reboot suddenly

  - by Gladiator

  Its the second day I have this issue, and Ubuntu still reboot suddenly. nothing significatif in syslog. salim@SalimPC:~$ tail -f /var/log/syslog<br> Nov 7 12:34:53 SalimPC dbus[873]: [system] Successfully activated service 'com.ubuntu.SystemService' SalimPC dbus[873]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper) SalimPC AptDaemon: INFO: Initializing daemon SalimPC AptDaemon.PackageKit: INFO: Initializing PackageKit compat layer SalimPC dbus[873]: [system] Successfully activated service 'org.freedesktop.PackageKit' SalimPC AptDaemon.PackageKit: INFO: Initializing PackageKit transaction SalimPC AptDaemon.Worker: INFO: Simulating trans:/org/debian/apt/transaction/6933b4b977d944fa8714898c01bfeae4<br> SalimPC AptDaemon.Worker: INFO: Processing transaction org/debian/apt/transaction/6933b4b977d944fa8714898c01bfeae4 SalimPC AptDaemon.PackageKit: INFO: Get updates() Nov 7 12:34:58 SalimPC AptDaemon.Worker: INFO: Finished transaction /org/debian/apt/transaction/6933b4b977d944fa8714898c01bfeae4 ---------------------------------Previous post------------------ Hi My ubuntu has rebooted suddenly (2 time till now in one hour). After login, a crash was indicated in /usr/sbin/ntop. below are the syslog and a screenshot of the crash. salim@SalimPC:~$ tail /var/log/syslog Nov 6 18:25:38 SalimPC ntop[1630]: **WARNING** packet truncated (9642->8232) Nov 6 18:25:38 SalimPC ntop[1630]: **WARNING** packet truncated (8274->8232) Nov 6 18:25:38 SalimPC ntop[1630]: **WARNING** packet truncated (11010->8232) Nov 6 18:25:38 SalimPC ntop[1630]: **WARNING** packet truncated (17850->8232) Nov 6 18:25:38 SalimPC ntop[1630]: **WARNING** packet truncated (8274->8232) Nov 6 18:25:39 ntop[1630]: last message repeated 2 times Nov 6 18:25:39 SalimPC ntop[1630]: **WARNING** packet truncated (16482->8232) Nov 6 18:25:40 SalimPC ntop[1630]: **WARNING** packet truncated (11010->8232) Nov 6 18:25:43 SalimPC ntop[3075]: THREADMGMT[t3063068672]: ntop RUNSTATE: PREINIT(1) Nov 6 18:25:43

  Read the article

• how to reinstall/repair ubuntu 12.04 after dual boot installation fails with windows 7

  - by Rini

  I have installed Ubuntu 12.04 on my preinstalled windows 7 Sony vaio s series laptop following instructions here: http://www.linuxbsdos.com/2012/05/17/how-to-dual-boot-ubuntu-12-04-and-windows-7/ Everything went well and I am able to boot in to windows after complete installation of Ubuntu. Now following instructions on web I tried to add Ubuntu to my BIOS using Easy BCD (but forget to add windows 7 entry). As a result, I loose windows 7 OS and can't boot in to either OS then I successfully repaired windows 7 using recovery CD. Now my problem is that I can't reinstall Ubuntu 12.04 using Live CD it halts every time before disk partition step giving error. "ubi-partman crashed". "ubi-partman failed with exit code 141. further information may be found in /var/log/syslog. Do you want to try running this step again before continuing? If you do not, your installation may fail entirely or may be broken." and, any choice to continue will result in the same error. I looked in to /var/log/syslog but not able to understand what is error. Then, I ran sudo fdisk -l to view my partitions and it shows me only one partition. Probably, all the partitions I created for Ubuntu 12.04 are lost while running windows 7 recovery CD. So, I don't know whether the Ubuntu is still there or probably corrupted. My boot-info URL is: http://paste.ubuntu.com/1202146/ Please tell me how to remove this error so that I can reinstall/repair Ubuntu 12.04 Thanks in advance. R Shukla My boot-info URL is: http://paste.ubuntu.com/1202146/ Please tell me how to remove this error so that I can reinstall/repair Ubuntu 12.04 Thanks for your help! I tried to boot from the CD but I every time it give me error before disk partitioning step. Also, I am unable to start Gparted. "ubi-partman crashed". "ubi-partman failed with exit code 141. further information may be found in /var/log/syslog. Do you want to try running this step again before continuing? If you do not, your installation may fail entirely or may be broken." and, any choice to continue will result in the same error. I looked in to /var/log/syslog but not able to understand what is error. Then, I ran sudo fdisk -l to view my partitions and it shows me only ne partition. Probaply, all the partitions I created for Ubuntu 12.04 are lost while running windows 7 recovery CD. Please tell me how to remove this error. Best Regards, R S

  Read the article

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >