900.tcpwrap and stale log messages
Jonathan Belson
jon at witchspace.com
Fri Jul 23 10:48:22 UTC 2010
Hiya
Early this morning I read through the daily status e-mails from a server I
administer. I was unpleasantly surprised to see a refused ssh connection from
an external IP address, which shouldn't be possible since the machine is only
accessible via a VPN :-O
It wasn't until after I'd spoken to the network admin I realised what the
problem was - /var/log/messages contained log messages that spanned back into
2009 (the machine is only used for SVN access so isn't very busy), and
900.tcpwrap had taken entries from both July 22 2010 (yesterday) and July 22nd
2009, when the machine was on a different network... :-( How. Embarrassing.
It isn't really 900.tcpwrap's fault as the log messages only record the month,
date and time, but is there any reason why the year isn't recorded in the log
too? I realise this issue isn't likely to come up often, but it should be
fairly easy to prevent.
Cheers,
--Jon
More information about the freebsd-stable
mailing list