fam and logwatch

Greg Ennis PoMec at PoMec.Net
Fri Mar 26 14:35:06 UTC 2004


Everyone,

I have a new FC1 installation which was working fine until 3 days ago when the
logwatch files started getting to be as big as 75 megs.  (Too big for outlook2000,
but not too big for Linux to manage).

The entries that  I have been getting come from the message log file and the secure
log file.  The secure log file is being filled at a rate of up to 17 of the same
entries per second at times.

Secure:
Mar 26 07:46:39 Pt xinetd[26320]: FAIL: sgi_fam libwrap from=<no address>
Mar 26 07:46:39 Pt xinetd[1098]: START: sgi_fam pid=26321 from=<no address>
Mar 26 07:46:44 Pt xinetd[26321]: FAIL: sgi_fam libwrap from=<no address>
Mar 26 07:46:45 Pt xinetd[1098]: START: sgi_fam pid=26322 from=<no address>
Mar 26 07:46:49 Pt xinetd[26322]: FAIL: sgi_fam libwrap from=<no address>
Mar 26 07:46:49 Pt xinetd[1098]: START: sgi_fam pid=26323 from=<no address>
Mar 26 07:46:52 Pt xinetd[26323]: FAIL: sgi_fam libwrap from=<no address>
Mar 26 07:46:52 Pt xinetd[1098]: START: sgi_fam pid=26324 from=<no address>
Mar 26 07:46:55 Pt xinetd[26324]: FAIL: sgi_fam libwrap from=<no address>

Message:
Mar 26 07:43:57 Pt xinetd[25673]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
Mar 26 07:43:59 Pt xinetd[25674]: warning: can't get client address: Transport
endpoint is not connected
Mar 26 07:44:01 Pt xinetd[25674]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
Mar 26 07:44:05 Pt xinetd[25675]: warning: can't get client address: Transport
endpoint is not connected
Mar 26 07:44:06 Pt xinetd[25675]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
Mar 26 07:44:10 Pt xinetd[25676]: warning: can't get client address: Transport
endpoint is not connected
Mar 26 07:44:11 Pt xinetd[25676]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
Mar 26 07:44:13 Pt xinetd[25677]: warning: can't get client address: Transport
endpoint is not connected
Mar 26 07:44:14 Pt xinetd[25677]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>

The man pages for fam indicate that it is used to determine if a file has been
changed, and looks like FC1 is only calling it through xinetd.

My /etc/fam.conf file has the following entries which have not been changed from the
installation defaults.

insecure_compatibility = false
untrusted_user = nobody
local_only = false
xtab_verification = true

My /etc/xinet.d/sig_fam file has the following:

# default: on
# description: FAM is a file monitoring daemon. It can \
# be used to get reports when files change.
service sgi_fam
{
        type         = RPC UNLISTED
        socket_type  = stream
        user         = root
        group        = nobody
        server       = /usr/bin/fam
        wait         = yes
        protocol     = tcp
        rpc_version  = 2
        rpc_number   = 391002
        bind         = 127.0.0.1
}


The only other message that is pecuilar in the logwatch report is:

Can't locate these modules:
   char-major-10-134: 1 Time(s)
   char-major-180: 2 Time(s)
   char-major-188: 2 Time(s)

I have been using yum for updates and my system has been updated properly.

Sure would appreciate some pointers on solving this problem.

Thank you,

Greg Ennis






More information about the fedora-list mailing list