fam and logwatch
Greg Ennis
PoMec at PoMec.Net
Fri Mar 26 14:35:06 UTC 2004
Everyone,
I have a new FC1 installation which was working fine until 3 days ago when the
logwatch files started getting to be as big as 75 megs. (Too big for outlook2000,
but not too big for Linux to manage).
The entries that I have been getting come from the message log file and the secure
log file. The secure log file is being filled at a rate of up to 17 of the same
entries per second at times.
Secure:
Mar 26 07:46:39 Pt xinetd[26320]: FAIL: sgi_fam libwrap from=<no address>
Mar 26 07:46:39 Pt xinetd[1098]: START: sgi_fam pid=26321 from=<no address>
Mar 26 07:46:44 Pt xinetd[26321]: FAIL: sgi_fam libwrap from=<no address>
Mar 26 07:46:45 Pt xinetd[1098]: START: sgi_fam pid=26322 from=<no address>
Mar 26 07:46:49 Pt xinetd[26322]: FAIL: sgi_fam libwrap from=<no address>
Mar 26 07:46:49 Pt xinetd[1098]: START: sgi_fam pid=26323 from=<no address>
Mar 26 07:46:52 Pt xinetd[26323]: FAIL: sgi_fam libwrap from=<no address>
Mar 26 07:46:52 Pt xinetd[1098]: START: sgi_fam pid=26324 from=<no address>
Mar 26 07:46:55 Pt xinetd[26324]: FAIL: sgi_fam libwrap from=<no address>
Message:
Mar 26 07:43:57 Pt xinetd[25673]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
Mar 26 07:43:59 Pt xinetd[25674]: warning: can't get client address: Transport
endpoint is not connected
Mar 26 07:44:01 Pt xinetd[25674]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
Mar 26 07:44:05 Pt xinetd[25675]: warning: can't get client address: Transport
endpoint is not connected
Mar 26 07:44:06 Pt xinetd[25675]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
Mar 26 07:44:10 Pt xinetd[25676]: warning: can't get client address: Transport
endpoint is not connected
Mar 26 07:44:11 Pt xinetd[25676]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
Mar 26 07:44:13 Pt xinetd[25677]: warning: can't get client address: Transport
endpoint is not connected
Mar 26 07:44:14 Pt xinetd[25677]: libwrap refused connection to sgi_fam (libwrap=fam)
from <no address>
The man pages for fam indicate that it is used to determine if a file has been
changed, and looks like FC1 is only calling it through xinetd.
My /etc/fam.conf file has the following entries which have not been changed from the
installation defaults.
insecure_compatibility = false
untrusted_user = nobody
local_only = false
xtab_verification = true
My /etc/xinet.d/sig_fam file has the following:
# default: on
# description: FAM is a file monitoring daemon. It can \
# be used to get reports when files change.
service sgi_fam
{
type = RPC UNLISTED
socket_type = stream
user = root
group = nobody
server = /usr/bin/fam
wait = yes
protocol = tcp
rpc_version = 2
rpc_number = 391002
bind = 127.0.0.1
}
The only other message that is pecuilar in the logwatch report is:
Can't locate these modules:
char-major-10-134: 1 Time(s)
char-major-180: 2 Time(s)
char-major-188: 2 Time(s)
I have been using yum for updates and my system has been updated properly.
Sure would appreciate some pointers on solving this problem.
Thank you,
Greg Ennis
More information about the fedora-list
mailing list