LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue65/tag/18.html

422 lines
16 KiB
HTML
Raw Permalink Blame History

<!--startcut ======================================================= -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<META NAME="generator" CONTENT="lgazmail v1.3E.t">
<TITLE>The Answer Gang 65: Reading the logs</TITLE>
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
LINK="#3366FF" VLINK="#A000A0">
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<P> <hr>
<CENTER>
<!-- *** BEGIN navbar *** -->
<!-- *** END navbar *** -->
</CENTER>
</p>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<center>
<H1><A NAME="answer">
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
border="0" align="middle">
<font color="#B03060">The Answer Gang</font>
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
border="0" align="middle">
</A></H1>
<BR>
<H4>By Jim Dennis, Ben Okopnik, Dan Wilder, Breen, Chris, and the Gang,
the Editors of Linux Gazette...
and You!
<br>Send questions (or interesting answers) to
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a>
</H4>
<p><em><font color="#990000">There is no guarantee that your questions
here will <b>ever</b> be answered. You can be published anonymously
- just let us know!
</font></em></p>
</center>
<p><hr><p>
<!-- endcut ======================================================= -->
<!-- begin 18 -->
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
height="50" width="60" alt="(?) " border="0"
>Reading the logs</H3>
<p><strong>From Andrew
</strong></p>
<p align="right"><strong>Answered By Heather Stern
<br></strong></p>
<!-- sig -->
<!-- ::
Reading the logs
~~~~~~~~~~~~~~~~
:: -->
<P><STRONG>
Hello Mr Answer Guy,
</STRONG></P>
<P><STRONG>
While i'm here i'm going to get my 2
cents worth &amp;, so throw a few questions at you ( hehe that's funny since
you offer your knowledge for nicks). I'll get in now before you decide
to go commercial
<IMG SRC="../../gx/dennis/smily.gif" ALT="8^)"
height="24" width="20" align="middle">..
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Heather]
Some of us are consultants, for those who enjoy directly working with a
linux guru, or to get guaranteed an answer of some sort - TAG gets a lot
more mail than anybody can really answer, and complicated or non linux
things often get ignored.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Running Redhat 6.1
1./ 1st thing is as soon as i decide to start logging Kernel logs
to <TT>/var/log/kernel</TT> via syslog.conf i get the following
</STRONG></P>
<pre><strong>Mar 28 14:20:12 echelon kernel: klogd 1.3-3, log source = /proc/kmsg started.
Mar 28 14:20:12 echelon kernel: Inspecting /boot/System.map-2.2.12-20
Mar 28 14:20:12 echelon kernel: Loaded 6865 symbols from /boot/System.map-2.2.12-20.
Mar 28 14:20:12 echelon kernel: Symbols match kernel version 2.2.12.
Mar 28 14:20:12 echelon kernel: Loaded 168 symbols from 12 modules.
</strong></pre>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Heather]
That part's normal...
</BLOCKQUOTE>
<Pre><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Mar 28 14:20:12 echelon kernel: VFS: Disk change detected on device ide1(22,64)
Mar 28 14:20:44 echelon last message repeated 17 times
Mar 28 14:21:46 echelon last message repeated 31 times
Mar 28 14:22:47 echelon last message repeated 30 times
Mar 28 14:23:49 echelon last message repeated 31 times
Mar 28 14:24:51 echelon last message repeated 31 times
Mar 28 14:25:52 echelon last message repeated 30 times
</pre></strong>
<P><STRONG>
(What does this mean???)
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Heather]
Uh, that it's gone crazy thinking there's a disk change when there's not.
Ide1 is your second IDE chain, so maybe your CDrom, or an ls-120 bay.
</BLOCKQUOTE>
<BLOCKQUOTE>
Removable media bays have either optical or mechanical sensors to detect
that new media has arrived ... enough dust particles can screw up either
one.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
I have included my syslog.conf . Do you have any idea how i can stop this
ocurring?? I thought it had something to do with having multiple things
pointing to the same place
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Heather]
Well, if you have two devices on your second IDE chain, check that they
aren't both set to master, or both set to slave, in their jumpers. It's
only a guess but if the BIOS let them get this far in such state, the
kernel could be confused who was talking, and have assumed it was a disk
change.
</BLOCKQUOTE>
<BLOCKQUOTE>
But I'd do a shutdown and try a clean air cannister anyway, it doesn't
hurt. Don't forget to cover your mouth, there are usually a lot more
dust bunnies than I expect when I do this.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
2./ Should I be concerned with this . I get it continually in my logs
</STRONG></P>
<Pre><STRONG>
Mar 28 12:01:02 echelon sendmail[25388]: f2S212W25388: forward /home/Users/andrew/.forward.eziekiel: World writable directory
Mar 28 12:01:02 echelon sendmail[25388]: f2S212W25388: forward /home/Users/andrew/.forward: World writable directory
</STRONG></Pre>
<P><STRONG>
I mean obviously if i am to receive mail this would need to be writable
from ,as it says the world. I am right in thinking that aren't I ??
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Heather]
No, what this is saying is, since your home directory <TT>/home/Users/andrew</TT>
turns out to be world writable, anybody else who ever logged into your
system could change your .forward. That's a security problem, some utter
stranger could get your mail, and the kind folks at sendmail got tired
of people claiming that such lossages (whether pranks or malicious) were
some sort of bug in sendmail. So, it checks.
</BLOCKQUOTE>
<BLOCKQUOTE>
You should either fix your home from being world writable (after all,
your other stuff is vulnerable too) or, you can set the DONT_BLAME_SENDMAIL
feature in sendmail, and it will stop checking for silly things like these.
And your own fault if it breaks wickedly because of weird permissions.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
There are so many questions I have when it comes to Linux.
</STRONG></P>
<P><STRONG>
3./ When I shut down X I might see these errors. They don't mean that
</STRONG></P>
<P><STRONG>
much but I would love to know how to fix then . These are found
in .xsession-errors
</STRONG></P>
<pre><strong>
xscreensaver-command: no screensaver is running on display :0.0
Xlib: connection to ":0.0" refused by server
Xlib: Client is not authorized to connect to Server
xscreensaver: Can't open display: :0
xscreensaver: initial effective uid/gid was root/root (0/0)
xscreensaver: running as nobody/nobody (99/99)
rm: cannot remove `/root/.gnome//gmc-aoiM8A': No such file or directory
subshell.c: couldn't get terminal settings: Inappropriate ioctl for device
</strong></pre>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Heather]
When you <EM>shut down</EM> X numerous things will lose their server connections.
If the xscreensaver stuff is happening during startup of X you probably
have to fix your .Xauthority or something.
</BLOCKQUOTE>
<BLOCKQUOTE>
rm not being able to remove absent files, that's not a bug, it's just being
noisy.
</BLOCKQUOTE>
<BLOCKQUOTE>
Usually apps that use ioctls recover from ioctl glitches, since ioctls
are so "close to the bare metal" they behave differently on a lot of systems.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
4./ When I start a ppp session via <tt>ifup ppp0</tt> I get the following
</STRONG></P>
<P><STRONG>
command not found but then I kicks in anyhow &amp; dials up without problem.
<br>Wish I could fix that strange one
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Heather]
Your chatscript probably tells it to run an apps which is not installed
on your system. The ppp documentation is hug, but most of the control
files are plain text under <TT>/etc/ppp</TT> or <TT>/etc/chatscripts</TT>
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
5./ I think snort is a great program but it still throws some false alarms
I constantly see info I don't need to like the following
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Heather]
Well, I don't use snort so I can't explain its stuff.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Then the like of this error
</STRONG></P>
<Pre><STRONG>
Mar 27 01:15:20 echelon pam_console[11450]: can't find device or X11 socket to examine for 1.
</strong></pre>
<P><STRONG>
Can you suggest a book that gets away from the obvious within Linux &amp;
helps with questions that aren't as common like the last one for example..
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Heather]
X however, uses a
special breed of networking internal to your box, called "UNIX domain
sockets". So that's the kind of socket it's talking about looking for.
What sort of examination it wanted to do I still can't say.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Thankyou
</STRONG></P>
<P><STRONG>
Andrew
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Heather]
Hope that helped. There are lots of Linux books, but I'm used to
recommending towards a less technical crowd. Some linux-y things you
were asking about above are not very linux specific, so good UNIX books
can help too.
</BLOCKQUOTE>
<BLOCKQUOTE>
Jim Dennis wrote a nice book "Linux System Administration" from New Riders,
but it's more an explanation of planning and things to do in being a
daily sysadmin, not "how to read syslogs". Mr. Sobell's "Hands On Linux"
is good for getting people to swimming level in the Linux icy seas, but
again, it's more about doing things, and less about logs reading.
</BLOCKQUOTE>
<BLOCKQUOTE>
Not that I'm trying to discourgae you! If more sysadmins cared a bit
what the messages their logs contain really mean, I think many systems
would be healthier. I just don't know a book that's the kind of reference
you're thinking of.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Hello Heather,
</STRONG></P>
<P><STRONG>
Wow you were right on the money with these kernel
errors. I have just added a removable harddrive to this computer so i'll
look into the jumper setting..Thanx
</STRONG></P>
<P><STRONG>
The one i'm not to sure about though is the sendmail part. My permisions for
lets say my account/user directory is as follows
</STRONG></P>
<pre><strong>drwxr-xr-x 28 andrew users 4096 Mar 29 12:52 andrew
</strong></pre>
<P><STRONG>
What permissions would you suggest here &amp; for my other users ???
</STRONG></P>
<P><STRONG>
Thanks agian
</STRONG></P>
<P><STRONG>
Andrew
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Heather]
Your home directory looks okay, maybe you should see if any directories
further up the chain are world writable.
</BLOCKQUOTE>
<BLOCKQUOTE>
The really security conscious person might have one group per user, and
reserve use of the group named "users" that contains normal accounts, for
things for all the people to use, so that they can avoid world writable
directories at all. Unfortunately directories and files can only belong
to one group at a time. And it's a little odd to make your home world
<EM>readable</EM> too, but not uncommon, and in a private system, not so much
of a big deal.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Hello Heather,
</STRONG></P>
<p><strong>
Just a quick message to again say thankyou very much for your prompt
email reply. Un fortunately my friends &amp; collegues are more windows based so
i cant call on to many people for help when Linux hiccups..
</STRONG></P>
<p><strong>
Being able to ask people like you these strange types of questions help sooo
much
</STRONG></P>
<p><strong>
Cheers
<br>Andrew
</STRONG></P>
<!-- end 18 -->
<!--startcut ======================================================= -->
<P> <hr> </p>
<!-- *** BEGIN copyright *** -->
<H5 align="center">This page edited and maintained by the Editors
of <I>Linux Gazette</I>
<a href="http://www.linuxgazette.com/copying.html"
>Copyright &copy;</a> 2001
<BR>Published in issue 65 of <I>Linux Gazette</I> April 2001</H5>
<H6 ALIGN="center">HTML script maintained by
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
Starshine Technical Services,
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
</H6>
<!-- *** END copyright *** -->
<P> <hr>
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
<p align="center">
<table width="100%" border="0"><tr>
<td align="right" valign="center"
><IMG ALT="" SRC="../../gx/navbar/left.jpg"
WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0"
><A HREF="..//"
><IMG SRC="../../gx/navbar/toc.jpg" align="middle"
ALT="[ Table Of Contents ]" border="0"></A
><A HREF="../lg_answer65.html"
><IMG SRC="../../gx/dennis/answertoc.jpg" align="middle"
ALT="[ Answer Guy Current Index ]" border="0"></A></td>
<td align="center" valign="center"><A HREF="../lg_answer65.html#greeting"><img align="middle"
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A> &nbsp;
<A HREF="1.html">1</A> &nbsp;
<A HREF="2.html">2</A> &nbsp;
<A HREF="3.html">3</A> &nbsp;
<A HREF="4.html">4</A> &nbsp;
<A HREF="5.html">5</A> &nbsp;
<A HREF="6.html">6</A> &nbsp;
<A HREF="7.html">7</A> &nbsp;
<A HREF="8.html">8</A> &nbsp;
<A HREF="9.html">9</A> &nbsp;
<A HREF="10.html">10</A> &nbsp;
<A HREF="11.html">11</A> &nbsp;
<A HREF="12.html">12</A> &nbsp;
<A HREF="13.html">13</A> &nbsp;
<A HREF="14.html">14</A> &nbsp;
<A HREF="15.html">15</A> &nbsp;
<A HREF="16.html">16</A> &nbsp;
<A HREF="17.html">17</A> &nbsp;
<A HREF="18.html">18</A> &nbsp;
<A HREF="19.html">19</A> &nbsp;
<A HREF="20.html">20</A> &nbsp;
<A HREF="21.html">21</A> &nbsp;
<A HREF="22.html">22</A> &nbsp;
<A HREF="23.html">23</A> &nbsp;
<A HREF="24.html">24</A> &nbsp;
<A HREF="25.html">25</A> &nbsp;
<A HREF="26.html">26</A> &nbsp;
<A HREF="27.html">27</A> &nbsp;
<A HREF="28.html">28</A> &nbsp;
<A HREF="29.html">29</A></td>
<td align="left" valign="center"><A HREF="../../tag/kb.html"
><IMG SRC="../../gx/dennis/answerpast.jpg" align="middle"
ALT="[ Index of Past Answers ]" border="0"></A
><IMG ALT="" SRC="../../gx/navbar/right.jpg" align="middle"
WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
</p>
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<P> <hr>
<CENTER>
<!-- *** BEGIN navbar *** -->
<!-- *** END navbar *** -->
</CENTER>
</p>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
</BODY></HTML>
<!--endcut ========================================================= -->
Reference in New Issue View Git Blame Copy Permalink