422 lines
16 KiB
HTML
422 lines
16 KiB
HTML
<!--startcut ======================================================= -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<html>
|
|
<head>
|
|
<META NAME="generator" CONTENT="lgazmail v1.3E.t">
|
|
<TITLE>The Answer Gang 65: Reading the logs</TITLE>
|
|
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
|
|
LINK="#3366FF" VLINK="#A000A0">
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<P> <hr>
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</p>
|
|
<P> <hr> <P>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<center>
|
|
<H1><A NAME="answer">
|
|
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
|
|
border="0" align="middle">
|
|
<font color="#B03060">The Answer Gang</font>
|
|
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
|
|
border="0" align="middle">
|
|
</A></H1>
|
|
<BR>
|
|
<H4>By Jim Dennis, Ben Okopnik, Dan Wilder, Breen, Chris, and the Gang,
|
|
the Editors of Linux Gazette...
|
|
and You!
|
|
<br>Send questions (or interesting answers) to
|
|
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a>
|
|
</H4>
|
|
<p><em><font color="#990000">There is no guarantee that your questions
|
|
here will <b>ever</b> be answered. You can be published anonymously
|
|
- just let us know!
|
|
</font></em></p>
|
|
</center>
|
|
|
|
<p><hr><p>
|
|
<!-- endcut ======================================================= -->
|
|
<!-- begin 18 -->
|
|
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
|
|
height="50" width="60" alt="(?) " border="0"
|
|
>Reading the logs</H3>
|
|
|
|
|
|
<p><strong>From Andrew
|
|
</strong></p>
|
|
<p align="right"><strong>Answered By Heather Stern
|
|
<br></strong></p>
|
|
|
|
<!-- sig -->
|
|
|
|
<!-- ::
|
|
Reading the logs
|
|
~~~~~~~~~~~~~~~~
|
|
:: -->
|
|
<P><STRONG>
|
|
Hello Mr Answer Guy,
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
While i'm here i'm going to get my 2
|
|
cents worth &, so throw a few questions at you ( hehe that's funny since
|
|
you offer your knowledge for nicks). I'll get in now before you decide
|
|
to go commercial
|
|
<IMG SRC="../../gx/dennis/smily.gif" ALT="8^)"
|
|
height="24" width="20" align="middle">..
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Heather]
|
|
Some of us are consultants, for those who enjoy directly working with a
|
|
linux guru, or to get guaranteed an answer of some sort - TAG gets a lot
|
|
more mail than anybody can really answer, and complicated or non linux
|
|
things often get ignored.
|
|
</BLOCKQUOTE>
|
|
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
Running Redhat 6.1
|
|
1./ 1st thing is as soon as i decide to start logging Kernel logs
|
|
to <TT>/var/log/kernel</TT> via syslog.conf i get the following
|
|
</STRONG></P>
|
|
|
|
<pre><strong>Mar 28 14:20:12 echelon kernel: klogd 1.3-3, log source = /proc/kmsg started.
|
|
Mar 28 14:20:12 echelon kernel: Inspecting /boot/System.map-2.2.12-20
|
|
Mar 28 14:20:12 echelon kernel: Loaded 6865 symbols from /boot/System.map-2.2.12-20.
|
|
Mar 28 14:20:12 echelon kernel: Symbols match kernel version 2.2.12.
|
|
Mar 28 14:20:12 echelon kernel: Loaded 168 symbols from 12 modules.
|
|
</strong></pre>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Heather]
|
|
That part's normal...
|
|
</BLOCKQUOTE>
|
|
|
|
<Pre><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
Mar 28 14:20:12 echelon kernel: VFS: Disk change detected on device ide1(22,64)
|
|
Mar 28 14:20:44 echelon last message repeated 17 times
|
|
Mar 28 14:21:46 echelon last message repeated 31 times
|
|
Mar 28 14:22:47 echelon last message repeated 30 times
|
|
Mar 28 14:23:49 echelon last message repeated 31 times
|
|
Mar 28 14:24:51 echelon last message repeated 31 times
|
|
Mar 28 14:25:52 echelon last message repeated 30 times
|
|
</pre></strong>
|
|
<P><STRONG>
|
|
(What does this mean???)
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Heather]
|
|
Uh, that it's gone crazy thinking there's a disk change when there's not.
|
|
Ide1 is your second IDE chain, so maybe your CDrom, or an ls-120 bay.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Removable media bays have either optical or mechanical sensors to detect
|
|
that new media has arrived ... enough dust particles can screw up either
|
|
one.
|
|
</BLOCKQUOTE>
|
|
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
I have included my syslog.conf . Do you have any idea how i can stop this
|
|
ocurring?? I thought it had something to do with having multiple things
|
|
pointing to the same place
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Heather]
|
|
Well, if you have two devices on your second IDE chain, check that they
|
|
aren't both set to master, or both set to slave, in their jumpers. It's
|
|
only a guess but if the BIOS let them get this far in such state, the
|
|
kernel could be confused who was talking, and have assumed it was a disk
|
|
change.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
But I'd do a shutdown and try a clean air cannister anyway, it doesn't
|
|
hurt. Don't forget to cover your mouth, there are usually a lot more
|
|
dust bunnies than I expect when I do this.
|
|
</BLOCKQUOTE>
|
|
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
2./ Should I be concerned with this . I get it continually in my logs
|
|
</STRONG></P>
|
|
<Pre><STRONG>
|
|
Mar 28 12:01:02 echelon sendmail[25388]: f2S212W25388: forward /home/Users/andrew/.forward.eziekiel: World writable directory
|
|
Mar 28 12:01:02 echelon sendmail[25388]: f2S212W25388: forward /home/Users/andrew/.forward: World writable directory
|
|
</STRONG></Pre>
|
|
<P><STRONG>
|
|
I mean obviously if i am to receive mail this would need to be writable
|
|
from ,as it says the world. I am right in thinking that aren't I ??
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Heather]
|
|
No, what this is saying is, since your home directory <TT>/home/Users/andrew</TT>
|
|
turns out to be world writable, anybody else who ever logged into your
|
|
system could change your .forward. That's a security problem, some utter
|
|
stranger could get your mail, and the kind folks at sendmail got tired
|
|
of people claiming that such lossages (whether pranks or malicious) were
|
|
some sort of bug in sendmail. So, it checks.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
You should either fix your home from being world writable (after all,
|
|
your other stuff is vulnerable too) or, you can set the DONT_BLAME_SENDMAIL
|
|
feature in sendmail, and it will stop checking for silly things like these.
|
|
And your own fault if it breaks wickedly because of weird permissions.
|
|
</BLOCKQUOTE>
|
|
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
There are so many questions I have when it comes to Linux.
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
3./ When I shut down X I might see these errors. They don't mean that
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
much but I would love to know how to fix then . These are found
|
|
in .xsession-errors
|
|
</STRONG></P>
|
|
<pre><strong>
|
|
xscreensaver-command: no screensaver is running on display :0.0
|
|
Xlib: connection to ":0.0" refused by server
|
|
Xlib: Client is not authorized to connect to Server
|
|
xscreensaver: Can't open display: :0
|
|
xscreensaver: initial effective uid/gid was root/root (0/0)
|
|
xscreensaver: running as nobody/nobody (99/99)
|
|
rm: cannot remove `/root/.gnome//gmc-aoiM8A': No such file or directory
|
|
subshell.c: couldn't get terminal settings: Inappropriate ioctl for device
|
|
</strong></pre>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Heather]
|
|
When you <EM>shut down</EM> X numerous things will lose their server connections.
|
|
If the xscreensaver stuff is happening during startup of X you probably
|
|
have to fix your .Xauthority or something.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
rm not being able to remove absent files, that's not a bug, it's just being
|
|
noisy.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Usually apps that use ioctls recover from ioctl glitches, since ioctls
|
|
are so "close to the bare metal" they behave differently on a lot of systems.
|
|
</BLOCKQUOTE>
|
|
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
4./ When I start a ppp session via <tt>ifup ppp0</tt> I get the following
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
command not found but then I kicks in anyhow & dials up without problem.
|
|
<br>Wish I could fix that strange one
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Heather]
|
|
Your chatscript probably tells it to run an apps which is not installed
|
|
on your system. The ppp documentation is hug, but most of the control
|
|
files are plain text under <TT>/etc/ppp</TT> or <TT>/etc/chatscripts</TT>
|
|
</BLOCKQUOTE>
|
|
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
5./ I think snort is a great program but it still throws some false alarms
|
|
I constantly see info I don't need to like the following
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Heather]
|
|
Well, I don't use snort so I can't explain its stuff.
|
|
</BLOCKQUOTE>
|
|
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
Then the like of this error
|
|
</STRONG></P>
|
|
<Pre><STRONG>
|
|
Mar 27 01:15:20 echelon pam_console[11450]: can't find device or X11 socket to examine for 1.
|
|
</strong></pre>
|
|
<P><STRONG>
|
|
Can you suggest a book that gets away from the obvious within Linux &
|
|
helps with questions that aren't as common like the last one for example..
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Heather]
|
|
X however, uses a
|
|
special breed of networking internal to your box, called "UNIX domain
|
|
sockets". So that's the kind of socket it's talking about looking for.
|
|
What sort of examination it wanted to do I still can't say.
|
|
</BLOCKQUOTE>
|
|
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
Thankyou
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Andrew
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Heather]
|
|
Hope that helped. There are lots of Linux books, but I'm used to
|
|
recommending towards a less technical crowd. Some linux-y things you
|
|
were asking about above are not very linux specific, so good UNIX books
|
|
can help too.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Jim Dennis wrote a nice book "Linux System Administration" from New Riders,
|
|
but it's more an explanation of planning and things to do in being a
|
|
daily sysadmin, not "how to read syslogs". Mr. Sobell's "Hands On Linux"
|
|
is good for getting people to swimming level in the Linux icy seas, but
|
|
again, it's more about doing things, and less about logs reading.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Not that I'm trying to discourgae you! If more sysadmins cared a bit
|
|
what the messages their logs contain really mean, I think many systems
|
|
would be healthier. I just don't know a book that's the kind of reference
|
|
you're thinking of.
|
|
</BLOCKQUOTE>
|
|
|
|
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
Hello Heather,
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Wow you were right on the money with these kernel
|
|
errors. I have just added a removable harddrive to this computer so i'll
|
|
look into the jumper setting..Thanx
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
The one i'm not to sure about though is the sendmail part. My permisions for
|
|
lets say my account/user directory is as follows
|
|
</STRONG></P>
|
|
|
|
<pre><strong>drwxr-xr-x 28 andrew users 4096 Mar 29 12:52 andrew
|
|
</strong></pre>
|
|
<P><STRONG>
|
|
What permissions would you suggest here & for my other users ???
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Thanks agian
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Andrew
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Heather]
|
|
Your home directory looks okay, maybe you should see if any directories
|
|
further up the chain are world writable.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
The really security conscious person might have one group per user, and
|
|
reserve use of the group named "users" that contains normal accounts, for
|
|
things for all the people to use, so that they can avoid world writable
|
|
directories at all. Unfortunately directories and files can only belong
|
|
to one group at a time. And it's a little odd to make your home world
|
|
<EM>readable</EM> too, but not uncommon, and in a private system, not so much
|
|
of a big deal.
|
|
</BLOCKQUOTE>
|
|
|
|
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
Hello Heather,
|
|
</STRONG></P>
|
|
<p><strong>
|
|
Just a quick message to again say thankyou very much for your prompt
|
|
email reply. Un fortunately my friends & collegues are more windows based so
|
|
i cant call on to many people for help when Linux hiccups..
|
|
</STRONG></P>
|
|
<p><strong>
|
|
Being able to ask people like you these strange types of questions help sooo
|
|
much
|
|
</STRONG></P>
|
|
<p><strong>
|
|
Cheers
|
|
<br>Andrew
|
|
</STRONG></P>
|
|
|
|
<!-- end 18 -->
|
|
<!--startcut ======================================================= -->
|
|
<P> <hr> </p>
|
|
<!-- *** BEGIN copyright *** -->
|
|
<H5 align="center">This page edited and maintained by the Editors
|
|
of <I>Linux Gazette</I>
|
|
<a href="http://www.linuxgazette.com/copying.html"
|
|
>Copyright ©</a> 2001
|
|
<BR>Published in issue 65 of <I>Linux Gazette</I> April 2001</H5>
|
|
<H6 ALIGN="center">HTML script maintained by
|
|
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
|
|
Starshine Technical Services,
|
|
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
|
|
</H6>
|
|
<!-- *** END copyright *** -->
|
|
<P> <hr>
|
|
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<p align="center">
|
|
<table width="100%" border="0"><tr>
|
|
<td align="right" valign="center"
|
|
><IMG ALT="" SRC="../../gx/navbar/left.jpg"
|
|
WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0"
|
|
><A HREF="..//"
|
|
><IMG SRC="../../gx/navbar/toc.jpg" align="middle"
|
|
ALT="[ Table Of Contents ]" border="0"></A
|
|
><A HREF="../lg_answer65.html"
|
|
><IMG SRC="../../gx/dennis/answertoc.jpg" align="middle"
|
|
ALT="[ Answer Guy Current Index ]" border="0"></A></td>
|
|
<td align="center" valign="center"><A HREF="../lg_answer65.html#greeting"><img align="middle"
|
|
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A>
|
|
<A HREF="1.html">1</A>
|
|
<A HREF="2.html">2</A>
|
|
<A HREF="3.html">3</A>
|
|
<A HREF="4.html">4</A>
|
|
<A HREF="5.html">5</A>
|
|
<A HREF="6.html">6</A>
|
|
<A HREF="7.html">7</A>
|
|
<A HREF="8.html">8</A>
|
|
<A HREF="9.html">9</A>
|
|
<A HREF="10.html">10</A>
|
|
<A HREF="11.html">11</A>
|
|
<A HREF="12.html">12</A>
|
|
<A HREF="13.html">13</A>
|
|
<A HREF="14.html">14</A>
|
|
<A HREF="15.html">15</A>
|
|
<A HREF="16.html">16</A>
|
|
<A HREF="17.html">17</A>
|
|
<A HREF="18.html">18</A>
|
|
<A HREF="19.html">19</A>
|
|
<A HREF="20.html">20</A>
|
|
<A HREF="21.html">21</A>
|
|
<A HREF="22.html">22</A>
|
|
<A HREF="23.html">23</A>
|
|
<A HREF="24.html">24</A>
|
|
<A HREF="25.html">25</A>
|
|
<A HREF="26.html">26</A>
|
|
<A HREF="27.html">27</A>
|
|
<A HREF="28.html">28</A>
|
|
<A HREF="29.html">29</A></td>
|
|
<td align="left" valign="center"><A HREF="../../tag/kb.html"
|
|
><IMG SRC="../../gx/dennis/answerpast.jpg" align="middle"
|
|
ALT="[ Index of Past Answers ]" border="0"></A
|
|
><IMG ALT="" SRC="../../gx/navbar/right.jpg" align="middle"
|
|
WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
|
|
</p>
|
|
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<P> <hr>
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</p>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
</BODY></HTML>
|
|
<!--endcut ========================================================= -->
|