way to duplicate logs?
ababurko at adelphia.net
Fri Dec 10 16:22:55 PST 2004
I am bit confused here. I have just had some issues with my box and I
am looking for some opinions. I just had been denied access to my
box...supposedly from a memory shortage in reference to my NIC....more
specifically, mbuf clusters exhausted. Now I am looking in my
/var/log/messages for when this started and I notice a discrepancy in my
logs. Now from where I am looking, I see time in the logs go backwards.
You can see it as soon as the box is rebooted. Is there an
explanation for this?
bash-2.05b# tail -200 /var/log/messages
Dec 7 19:01:03 additional su: bob to root on /dev/ttyp0
Dec 8 10:19:35 additional su: bob to root on /dev/ttyp1
Dec 8 18:09:24 additional su: BAD SU bob to root on /dev/ttyp0
Dec 8 18:09:29 additional su: bob to root on /dev/ttyp0
Dec 10 17:36:45 additional /kernel: All mbuf clusters exhausted, please
Dec 10 17:37:16 additional last message repeated 31 times
Dec 10 17:39:17 additional last message repeated 121 times
Dec 10 17:49:18 additional last message repeated 575 times
Dec 10 17:59:19 additional last message repeated 545 times
Dec 10 14:08:10 additional /kernel: Copyright (c) 1992-2003 The FreeBSD
Dec 10 14:08:10 additional /kernel: Copyright (c) 1979, 1980, 1983,
1986, 1988, 1989, 1991, 1992, 1993, 1994
Dec 10 14:08:10 additional /kernel: The Regents of the University of
California. All rights reserved.
Dec 10 14:08:10 additional /kernel: FreeBSD 4.9-RELEASE #0: Tue Nov 30
01:20:25 AST 2004
The date on the box should not have changed during that reboot, as it
was in sync with ntp and still is.
Also, is there a way to make more than one copy of these logs?....I am
not sure how this is set up and but I would like to possibly have
another set of logs in place so if someone is editing them, I can catch
it. I know there is a chance that I may be overreacting., but just in
case I want to know.
More information about the freebsd-security