way to duplicate logs?

Bob Ababurko ababurko at adelphia.net
Fri Dec 10 16:22:55 PST 2004


I am bit confused here.  I have just had some issues with my box and I 
am looking for some opinions.  I just had been denied access to my 
box...supposedly from a memory shortage in reference to my NIC....more 
specifically, mbuf clusters exhausted.  Now I am looking in my 
/var/log/messages for when this started and I notice a discrepancy in my 
logs.  Now from where I am looking, I see time in the logs go backwards. 
  You can see it as soon as the box is rebooted.  Is there an 
explanation for this?

bash-2.05b# tail -200 /var/log/messages
Dec  7 19:01:03 additional su: bob to root on /dev/ttyp0
Dec  8 10:19:35 additional su: bob to root on /dev/ttyp1
Dec  8 18:09:24 additional su: BAD SU bob to root on /dev/ttyp0
Dec  8 18:09:29 additional su: bob to root on /dev/ttyp0
Dec 10 17:36:45 additional /kernel: All mbuf clusters exhausted, please 
see tuning(7).
Dec 10 17:37:16 additional last message repeated 31 times
Dec 10 17:39:17 additional last message repeated 121 times
Dec 10 17:49:18 additional last message repeated 575 times
Dec 10 17:59:19 additional last message repeated 545 times
Dec 10 14:08:10 additional /kernel: Copyright (c) 1992-2003 The FreeBSD 
Dec 10 14:08:10 additional /kernel: Copyright (c) 1979, 1980, 1983, 
1986, 1988, 1989, 1991, 1992, 1993, 1994
Dec 10 14:08:10 additional /kernel: The Regents of the University of 
California. All rights reserved.
Dec 10 14:08:10 additional /kernel: FreeBSD 4.9-RELEASE #0: Tue Nov 30 
01:20:25 AST 2004

The date on the box should not have changed during that reboot, as it 
was in sync with ntp and still is.

Also, is there a way to make more than one copy of these logs?....I am 
not sure how this is set up and but I would like to possibly have 
another set of logs in place so if someone is editing them, I can catch 
it.  I know there is a chance that I may be overreacting., but just in 
case I want to know.


More information about the freebsd-security mailing list