Re: {bb} Red on empty /var/adm/messages file

To: bb@bb4.com
Subject: Re: {bb} Red on empty /var/adm/messages file
From: Philip Dixon <pdixon@email.unc.edu>
Date: Thu, 03 Feb 2000 09:22:50 -0500
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
References: <811A0914451BD211817F006008A8682D02CB3486@satlmsgusr08.delta-air.com>
Reply-To: bb@bb4.com
Sender: owner-bb@bb4.com

Actually, a "red" alert for an empty message file is quite important to me.
Should your server get hacked and the perp. gains root access, he's most
certainly going to wipe some if not all of the logs to cover his tracks.  I
personally find it easiest to add a job to cron running 1 minute behind the log
rotation script at 3:01AM on Sunday morning to write a line to the message
file.  That means no edits to remember after upgrades.

Phil

"Martin, Timothy" wrote:

> If you don't want to hack Solaris (and have to remember this change whenever
> you upgrade, install a new Solaris box, etc.), another option is to edit
> bb-local.sh and change the following line under the MSGFILE section:
>
> change
>     if [ ! -r "$file" -o ! -s "$file" ]
> to
>     if [ ! -r "$file" ]
>
> I'm not sure why BB considers an empty message file a problem, but it
> definitely shouldn't be a 'red' alert.
>
> -----Original Message-----
> From: Alan Factor [mailto:afactor@afactor.com]
> Sent: Wednesday, February 02, 2000 4:46 PM
> To: bb@bb4.com
> Subject: Re: {bb} Red on empty /var/adm/messages file
>
> love it-
> Alan
>
> At 01:37 PM 2/1/00 +0100, you wrote:
> >Hello,
> >
> >At 4:21 Uhr -0800 01.02.2000, Alan Factor wrote:
> >>I get red signals every morning as the logs are rotated and
> >>the >/var/adm/messages file contains zero lines.
> >>Is there some best or suggested way to fix this or should I not fix
> >>it (i.e., >remove the warning when /var/adm/messages contains
> >>nothing)?
> >
> >I change /usr/lib/newsyslog (on Solaris) and add a line at bottom:
> >
> >echo "Reset of Logfile" >>/var/adm/messages
> >
> >Thats enough.
> >
> >Frank
> >
> >--
> >ECCE TERRAM GmbH                        Frank Simon
> >Heinrichstrasse 18d                     Tel. 0441 / 500 12-0
> >26131 Oldenburg                         Fax. 0441 / 500 12-29
> >"Es gibt zwei Taetigkeiten auf dieser Welt, die man dringend
> >  abschaffen sollte: Buegeln und alte Tapete von den Waenden pulen" (hh)
> >--
> >=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=
> >To unsubscribe from this list, or to subscribe to the bb-digest list
> >send e-mail to mailto:majordomo@bb4.com <mailto:majordomo@bb4.com>  with
> unsubscribe bb -and/or-
> >subscribe bb-digest in the BODY of the message.
> >
>
>   _____
>
> Alan Factor
> AFactor LLC
> (O)  888-707-4900
> (C)  888-707-4988
> (P)  800-408-2487
> (Epage)  pager@afactor.com <mailto:pager@afactor.com>
> (Email)   afactor@afactor.com <mailto:afactor@afactor.com>
> www.afactor.com <http://www.afactor.com/>
>
>   _____
>
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=
> To unsubscribe from this list, or to subscribe to the bb-digest list
> send e-mail to mailto:majordomo@bb4.com with unsubscribe bb -and/or-
> subscribe bb-digest in the BODY of the message.

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=
To unsubscribe from this list, or to subscribe to the bb-digest list
send e-mail to mailto:majordomo@bb4.com with unsubscribe bb -and/or-
subscribe bb-digest in the BODY of the message.

References:
- RE: {bb} Red on empty /var/adm/messages file
  - From: "Martin, Timothy" <Timothy.Martin@delta-air.com>

Prev by Date: Re[2]: {bb} Questions on coding in version 13A
Next by Date: Re: {bb} Further Info on BBNT vs Oracle
Prev by thread: RE: {bb} Red on empty /var/adm/messages file
Next by thread: {bb} numeric paging with C-Kermit 7
Index(es):
- Date
- Thread

Home | Main Index | Thread Index