Help with xferlog and messages log files

Help with xferlog and messages log files

Post by Donald Elli » Wed, 03 Feb 1999 04:00:00



I am having a problem with ftp'ing into a Linux server (RedHat 5.1)
from some DOS computers using FTP software's PCTCP for DOS.

For most of the day many ftp transfers happen with out any problems.
These are recorded correctly in  /var/log/messages,  /var/log/xferlog,
and a log file from a proprietary daemon. The proprietary daemon has
worked correctly under SCO unix and HP-UX for many years.

In the evening, 7 to 10 PM (of course, when I am not around), the Linux
server stops allowing ftp transfers.

Last night I started a program on a DOS computer that continuously
requested files to be down loaded from the server. This allows me to
know exactly when the problem occurred.

The last successful transfer was at 20:08.

/var/log/messages reports an unknown user timed out  at 20:26.  The
time-out is 900 seconds, which is 15 minutes. Then it reports two FTP
sessions closed that have no report of being opened. These happen at
20:50 and 20:55.

/var/log/xferlog reports unto the time the system stops responding to
ftp request from the DOS computers (20:08). It shows that next down load
allowed was at 7:25 the next morning. I had not done anything yet, so it
restarted on its own.

The proprietary log reports ftp transfers were attempted, but none were
successful after ftp stopped working. These attempts were at 20:46,
20:52, and 20:54.

There were no attempts between 20:54 and 7:25.

Are there any other logs I can look at, that might give me a clue ?

Is there somewhere that sets a maximum of ftpd daemons running at one
time ?

Any suggestions at all ?

Help PLEASE !!!

 
 
 

1. Help analyzing log file /var/log/messages on RH 5.1

Here is an excerpt from my /var/log/messages on RedHat 5.1.  This looks
suspicious to me, but I'm not sure what to do.  Should I just delete the
user news from /etc/passwd?  In general, what are all of these standard
users that are setup by default on a RH 5.1 system (e.g.  daemon, adm,
sync, games, etc..) - where can I find out more about this?  Thanks very
much,

-Moe

Oct 18 04:02:46 24 syslogd 1.3-3: restart.
Oct 18 04:02:46 24 syslogd 1.3-3: restart.
Oct 18 04:02:46 24 syslogd 1.3-3: restart.
Oct 18 04:02:48 24 PAM_pwdb[27810]: (su) session opened for user nobody
by (uid=
99)
Oct 18 04:04:50 24 PAM_pwdb[27810]: (su) session closed for user nobody
Oct 18 05:01:01 24 PAM_pwdb[28020]: (su) session opened for user news by
(uid=9)
Oct 18 05:01:05 24 PAM_pwdb[28020]: (su) session closed for user news
Oct 18 06:01:01 24 PAM_pwdb[28121]: (su) session opened for user news by
(uid=9)
Oct 18 06:01:03 24 PAM_pwdb[28121]: (su) session closed for user news
Oct 18 06:46:06 24 telnetd[28202]: ttloop:  peer died: Invalid or
incomplete mul
tibyte or wide character
Oct 18 06:47:45 24 telnetd[28204]: ttloop:  peer died: Invalid or
incomplete mul
tibyte or wide character
Oct 18 07:01:00 24 PAM_pwdb[28224]: (su) session opened for user news by
(uid=9)
Oct 18 07:01:03 24 PAM_pwdb[28224]: (su) session closed for user news
Oct 18 08:01:01 24 PAM_pwdb[28325]: (su) session opened for user news by
(uid=9)
Oct 18 08:01:04 24 PAM_pwdb[28325]: (su) session closed for user news
Oct 18 09:01:00 24 PAM_pwdb[28426]: (su) session opened for user news by
(uid=9)
Oct 18 09:01:02 24 PAM_pwdb[28426]: (su) session closed for user news
Oct 18 10:01:00 24 PAM_pwdb[28527]: (su) session opened for user news by
(uid=9)
Oct 18 10:01:02 24 PAM_pwdb[28527]: (su) session closed for user news
Oct 18 11:01:01 24 PAM_pwdb[28628]: (su) session opened for user news by
(uid=9)
Oct 18 11:01:03 24 PAM_pwdb[28628]: (su) session closed for user news
Oct 18 12:01:01 24 PAM_pwdb[28799]: (su) session opened for user news by
(uid=9)
Oct 18 12:01:05 24 PAM_pwdb[28799]: (su) session closed for user news

2. related oops in 2.4.17 and 2.4.19

3. FTP XFERLOG Log File

4. Help linux (redhat) and Megaimage monitor

5. message in my /var/log/messages file that I don't understand

6. funniest printer-problem

7. Weird message in log file messages

8. VIRUS ALERT!! For Windows users out there.

9. xferlog not logging?

10. How to rdirect ftpd logging to xferlog?

11. Help on a log of /var/log/messages

12. /var/log/xferlog

13. Help with log files on /var/log/*