fam and logwatch
Greg Ennis
PoMec at PoMec.Net
Tue Mar 30 14:30:32 UTC 2004
Hey,
I'm being flogged to death this log file... I would sure appreciate some help. My
'message' and 'secure' logs are way too LARGE! I apologize for sending this request
again!
Any ideas as a starting place for me?
Greg
-------------------------------------------------------------------------------------
---
Everyone,
I have a new FC1 installation which was working fine until 3 days ago when the
logwatch files started getting to be as big as 75 megs. (Too big for outlook2000,
but not too big for Linux to manage).
The entries that I have been getting come from the message log file and the secure
log file. The secure log file is being filled at a rate of up to 17 of the same
entries per second at times.
Secure:
Mar 26 07:46:39 Pt xinetd[26320]: FAIL: sgi_fam libwrap from=<no address>
Mar 26 07:46:39 Pt xinetd[1098]: START: sgi_fam pid=26321 from=<no address>
Mar 26 07:46:44 Pt xinetd[26321]: FAIL: sgi_fam libwrap from=<no address>
Mar 26 07:46:45 Pt xinetd[1098]: START: sgi_fam pid=26322 from=<no address>
Mar 26 07:46:49 Pt xinetd[26322]: FAIL: sgi_fam libwrap from=<no address>
Mar 26 07:46:49 Pt xinetd[1098]: START: sgi_fam pid=26323 from=<no address>
Mar 26 07:46:52 Pt xinetd[26323]: FAIL: sgi_fam libwrap from=<no address>
Mar 26 07:46:52 Pt xinetd[1098]: START: sgi_fam pid=26324 from=<no address>
Mar 26 07:46:55 Pt xinetd[26324]: FAIL: sgi_fam libwrap from=<no address>
Message:
Mar 26 07:43:57 Pt xinetd[25673]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
Mar 26 07:43:59 Pt xinetd[25674]: warning: can't get client address: Transport
endpoint is not connected
Mar 26 07:44:01 Pt xinetd[25674]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
Mar 26 07:44:05 Pt xinetd[25675]: warning: can't get client address: Transport
endpoint is not connected
Mar 26 07:44:06 Pt xinetd[25675]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
Mar 26 07:44:10 Pt xinetd[25676]: warning: can't get client address: Transport
endpoint is not connected
Mar 26 07:44:11 Pt xinetd[25676]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
Mar 26 07:44:13 Pt xinetd[25677]: warning: can't get client address: Transport
endpoint is not connected
Mar 26 07:44:14 Pt xinetd[25677]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
The man pages for fam indicate that it is used to determine if a file has been
changed, and looks like FC1 is only calling it through xinetd.
My /etc/fam.conf file has the following entries which have not been changed from the
installation defaults.
insecure_compatibility = false
untrusted_user = nobody
local_only = false
xtab_verification = true
My /etc/xinet.d/sig_fam file has the following:
# default: on
# description: FAM is a file monitoring daemon. It can \
# be used to get reports when files change.
service sgi_fam
{
type = RPC UNLISTED
socket_type = stream
user = root
group = nobody
server = /usr/bin/fam
wait = yes
protocol = tcp
rpc_version = 2
rpc_number = 391002
bind = 127.0.0.1
}
The only other message that is pecuilar in the logwatch report is:
Can't locate these modules:
char-major-10-134: 1 Time(s)
char-major-180: 2 Time(s)
char-major-188: 2 Time(s)
I have been using yum for updates and my system has been updated properly.
Sure would appreciate some pointers on solving this problem.
Thank you,
Greg Ennis
--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
More information about the fedora-list
mailing list