way to duplicate logs?
randall ehren
randall at ucsb.edu
Fri Dec 10 16:49:43 PST 2004
> I am bit confused here. I have just had some issues with my box and I
> am looking for some opinions. I just had been denied access to my
> box...supposedly from a memory shortage in reference to my NIC....more
> specifically, mbuf clusters exhausted. Now I am looking in my
> /var/log/messages for when this started and I notice a discrepancy in my
> logs. Now from where I am looking, I see time in the logs go backwards.
> You can see it as soon as the box is rebooted. Is there an explanation
> for this?
it could be that your BIOS time is conflicting with freebsd's - during
your install did you select "YES" for "Does your BIOS keep track of
time?" or whatever the question is...
> The date on the box should not have changed during that reboot, as it
> was in sync with ntp and still is.
are you sure ntp is running?
to check: root at box[~]% \ps -waux | grep ntp
> Also, is there a way to make more than one copy of these logs?....I am
> not sure how this is set up and but I would like to possibly have
> another set of logs in place so if someone is editing them, I can catch
> it. I know there is a chance that I may be overreacting., but just in
> case I want to know.
you can setup another machine to receive logs:
http://isber.ucsb.edu/~randall/instructions/loghost/
or just % man 5 syslog.conf
-randall
--
randall s. ehren :// 805.893.5632
systems administrator :// isber.ucsb.edu
institute for social, behavioral, and economic research
More information about the freebsd-security
mailing list