way to duplicate logs?

randall ehren randall at ucsb.edu
Fri Dec 10 16:49:43 PST 2004


> I am bit confused here.  I have just had some issues with my box and I 
> am looking for some opinions.  I just had been denied access to my 
> box...supposedly from a memory shortage in reference to my NIC....more 
> specifically, mbuf clusters exhausted.  Now I am looking in my 
> /var/log/messages for when this started and I notice a discrepancy in my 
> logs.  Now from where I am looking, I see time in the logs go backwards. 
>  You can see it as soon as the box is rebooted.  Is there an explanation 
> for this?

it could be that your BIOS time is conflicting with freebsd's - during 
your install did you select "YES" for "Does your BIOS keep track of 
time?" or whatever the question is...

> The date on the box should not have changed during that reboot, as it 
> was in sync with ntp and still is.

are you sure ntp is running?
  to check: root at box[~]% \ps -waux | grep ntp

> Also, is there a way to make more than one copy of these logs?....I am 
> not sure how this is set up and but I would like to possibly have 
> another set of logs in place so if someone is editing them, I can catch 
> it.  I know there is a chance that I may be overreacting., but just in 
> case I want to know.

you can setup another machine to receive logs:
  http://isber.ucsb.edu/~randall/instructions/loghost/

or just % man 5 syslog.conf

  -randall

-- 
       randall s. ehren       :// 805.893.5632
        systems administrator :// isber.ucsb.edu
         institute for social, behavioral, and economic research


More information about the freebsd-security mailing list