I had a similar problem with the ssh check which was filling up logs as well. Since I was unwilling to change the logging level I wound up compromising the acutal ssh check from the BB server with a process check on the client to make sure sshd was running. Adding sshd to $BBHOME/etc/bb-proctab acomplished this. Since this is not really an option for services spawned by inetd based on demand(ftp & telnet) I wrote an external script for BB which basically checked to see whether ftp or telnet were listening on the client. I know this isn't a true connectivity check, but it's as close as I could get to it. I don't use ftp or telnet anymore so I scrapped the script long ago, but the command I was using to check is below. I might rewrite the script just to keep track of what services are listening on the clients.
(RedHat Linux 6.2)
/usr/sbin/lsof | grep 'TCP \*:ftp'
/usr/sbin/lsof | grep 'TCP \*:telnet'
- Eric
"Luke Sanderlin, MCSE" wrote:
I'm looking for a way to stop filling the logs on my UX boxes. On every machine that I poll I get messages in the logs, every five minutes that look like this:Sep 1 15:04:41 machinename ftpd[26987]: FTP session closed
Sep 1 15:04:41 machinename telnetd[27026]: ttloop: peer died: EOF
Sep 1 15:04:41 machinename inetd[26410]: pid 27026: exit status 1
What can I do to stop this? (short of disabling this logging feature) I did look in the archives for an answer to this problem (attached below) but have found no solutions. Luke S. Sanderlin, MCSESystems Engineer -- Charles Jones, LLC--CUT HERE--Re: {bb} BB filling logs
- To: bb@bb4.com
- Subject: Re: {bb} BB filling logs
- From: Tom McGivern <t.mcgivern@iname.com>
- Date: Wed, 15 Dec 1999 17:44:17 -0600
- Content-Type: multipart/alternative;boundary="------------B95C4E7DB5AC6B542102319E"
- References: <3820CCD9.9D49821C@onsatnet.com>
- Reply-To: bb@bb4.com
- Sender: owner-bb@bb4.com
did you ever receive a response to your question.... I'm having the same problem.. A search of the bb mail list only turned up questions, no responses...If you know how to fix this, I'd appreciate it..
TomKerry Cox wrote:
Is there any way to set Big Brother so that it doesn't leave the logs of every server full of messages. If I am looking for something else, it takes awhile to parse through all the logs looking for the other error message. I know I could set my syslogd.conf file so that it wouldn't record so much, but that would also limit my own troubleshooting.
Thanks.
See below for an exampleNov 3 16:12:29 mail ftpd[29432]: FTP session closed
Nov 3 16:12:30 mail telnetd[29449]: ttloop: peer died: Invalid or incomplete multibyte or wide character
Nov 3 16:23:58 mail ftpd[930]: FTP session closed
Nov 3 16:23:59 mail telnetd[947]: ttloop: peer died: Invalid or incomplete multibyte or wide character
Nov 3 16:34:45 mail ftpd[5541]: FTP session closed
Nov 3 16:34:46 mail telnetd[5558]: ttloop: peer died: Invalid or incomplete multibyte or wide character
-- .-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-. | Kerry J. Cox OnSat Network Communications | | kjcox@onsatnet.com Systems Manager | | (801) 526-6463 http://www.onsatnet.com | | ICQ# 37681165 http://quasi.onsatnet.com/linux/ | `-------------------------------------------------------