Reply With QuoteThis is why some people like to put whatever directory the logs are going to live in on a separate partition/filesystem.
Well, most of us are watching for normal attempts to break in, logging what ever we can.
Some happy asshole around me was bent not on breaking in, but just breaking period. SO, he setup some script to attempt ftp/http connections, with as much text as possible. The effect? My logging setup was extremely verbose, and the log partition filled up VERY fast. Fast enough that my rotation cron didn't come quick enough for it to jump up to 100%. once your logs reach 100%, some strange stuff happens... adn really, I have no clue what the person did once the logs filled up.
Moral of the story, keep an eye on the log sizes....
This is why some people like to put whatever directory the logs are going to live in on a separate partition/filesystem.
It was on a seperate partition. But when apps can't append to their logs, some arn't happy...
but yes, this is yet another reason to seperate out the logs. A few unhappy apps is far better than a / at 100%
The world is full of morons.....
That's exactly the log size attack. There are some tools just to offend your box so that you will filled up with logs and then the box simply crash.
Mostly the defense is put on separate box, log watch to monior the partition size and then just SSH in and delete everything you see in the log with .gz and .0 to make room.
Most will not do this kind of attack since it also drains the attacker(s)'s resources as well.
Yep, having a loghost is pretty cool.
We have one loghost at work, and where the logs go on THAT box is just an nfs mount to a netapp. TONS of space, but I can tail -f one file and get system logs from all 1000+ nodes... pretty cool if you ask me (;
wonder how hard it would be to build a script to check your log partition's free space every now and again?
--Vendetta
Extremely easy... cd /log/partition ; df -h . > mail root@localhostwonder how hard it would be to build a script to check your log partition's free space every now and again?
--Vendetta
drop that into a cron job, and away you go.
Posting Permissions
Bookmarks