Login or Register to Ask a Question and Join Our Community


Cybersecurity

HELP!!! syslogd is down...

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity HELP!!! syslogd is down...
# 1  
Old 12-05-2002
HELP!!! syslogd is down...
Hi all
My system logger has been down for the past 3 days... I am not able to get it to start from the terminal... /etc/init.d/syslogd start
I am unable to find a log as to why it is failing!!

Please advice where to look!!! I am totally lost here!

Thanks in advance...

KS
# 2  
Old 12-05-2002
What version of unix? Does /etc/syslog.conf exist? Maybe the command: "syslogd -d" will give you a clue.
# 3  
Old 12-05-2002
Please post which OS and version.

Have you checked disk space?
Have you checked that permissions on the following files have not changed? (configuration file {could be /etc/syslog.conf}, /etc/init.d/syslogd, the directory it should be dumping to and the file {look in the configuration file to insure it's dumping where you thought it should})

You can add the -d option to debug when starting it (may have to do this either in the startup script or start the daemon manually ).

(Perderabo hit this at the same time)
# 4  
Old 12-05-2002
Smilie)
I got hit by a rootkit. The hacker must have shut down the daemon. Is there a way to clean out the system from the SK rootkit? Please let me know! I know a re-install is suggested but this is the second time this is happenning and I want to find a way to tackle this with the minimum downtime!!
I am running redhat linux 7.0.
Please advice...

thanks

KS
# 5  
Old 12-05-2002
If it's the second time, then you must know that you have not done enough to keep the hacker out. Attempting to check all your files and hope you get them all so you don't have to do this a third time I believe to be a waste of your time.

See what others have to say - IMHO - rebuild.

Wright State U - Internet Security
# 6  
Old 12-05-2002
Definitely rebuild. There were a few gnarly rootkits floating around - you'll never get clean.

Reinstall, then go to Redhat and install every one of those darn updates for 7.0. It takes some time, but that's how it's got to be if you want to be a decent 'net citizen. Think how many other users have been rooted from your box (acting as a launch-pad).

Also, out of interest, search google for info to find out which one got you. Then you can go back and see how they got in.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Syslogd configuration

Where do I configure where syslogd writes to log files? I've got open files in an archive directory called errlog.131017 and audlog.131017 and, having run an fuser, it appears that syslogd is writing to these files. (3 Replies)
Discussion started by: psychocandy
3 Replies

2. Solaris

Syslogd

Hi , Iam using Solaris8 and as I checked I found syslogd process not running can please somebody suggest me the way to start it. (2 Replies)
Discussion started by: Laxxi
2 Replies

3. AIX

Configure AIX syslogd

Hi Guys, I am configuring syslogd for Message broker. I know that we have to add a line user.* /var/log/wmb.log to the /etc/syslog.conf file. I want to know what userid does the user in user.* take? Thanks (1 Reply)
Discussion started by: vandi
1 Replies

4. Linux

Message from syslogd

I'm recieving from time to time such messages: Message from syslogd@localhost at Sat Jul 8 18:29:58 2006 ... localhost kernel: Disabling IRQ #17 What could cause such messages? How can I at least disable these messages which are posted on all terminals? Note: $ uname -a Linux... (19 Replies)
Discussion started by: Hitori
19 Replies

5. Solaris

Restarting syslogd on Unix

Hi All, I can seem to find the syslog daemon in the /etc/init.d/ dir. i have made change to the syslog.conf i need to restart the daemon. am using solaris 10. i have no problem on version 9 Anyone with a template i can use for log review for auditing purposes. (1 Reply)
Discussion started by: lottiem
1 Replies

6. AIX

syslogd - unable to log ?

Hi, I wanted to log some authentication information, so I added following line to /etc/syslog.conf: auth.info /home/vilius/dir1/eeerrr.log After that I refreshed syslogd subsystem: refresh -s syslogd To check my logging I made few unsuccessfull attempts to login as root using ssh and... (1 Reply)
Discussion started by: vilius
1 Replies

7. Solaris

Ignore events with syslogd

Hi friends, is it possible to ignore special messages with syslogd? we have some errors that are firmware issues an no real faults. we serach for a way to ignore ONLY these messages... OS is solaris 10... any ideas? tia, DN2 (1 Reply)
Discussion started by: DukeNuke2
1 Replies

8. UNIX for Advanced & Expert Users

Syslogd

I have a remote syslog server which is recieving messages from many hosts. I would like it to log them in seperate files denoted by hostname . For example all messages for host1 in a directory of the same name. Is there an easy way to do this using syslogd? I have a feeling syslog-ng provides this... (3 Replies)
Discussion started by: silvaman
3 Replies

9. UNIX for Advanced & Expert Users

multiple instances of syslogd - is it possible?

I would like to start up multiple instances of syslog daemon. I am having a little difficulty. Is this at all possible? I have separate syslog.conf1.... syslog.conf5 files. I have linked the daemon to separate files syslogd1 ... syslogd5 I have arranged the rcd.2 start/stop scripts for... (9 Replies)
Discussion started by: Gary Dunn
9 Replies

10. UNIX for Dummies Questions & Answers

syslogd

Working out of AIX 4.3. All logs that were written via application suddenly stopped. executing a tail -f <logfile> was not producing any results. Tried to refresh the syslogd (daemon). When executing "refresh -s syslogd" system would display <<0513-036 The request could not be passed to... (2 Replies)
Discussion started by: buRst
2 Replies
Login or Register to Ask a Question