Help needed for missing log entries

From: Dave Sobel (dave@evolvetech.com)
Date: Fri Mar 08 2002 - 06:19:53 CET

Previous message: Martin Schulze: "Re: Problem with syslogd Version 1.4.1"
Next in thread: Christian von Roques: "Re: Help needed for missing log entries"
Reply: Christian von Roques: "Re: Help needed for missing log entries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dear syslogd list & developers:

I'm having a complicated problem, and I am totally stumped, and need
some assistance.

I'm running a base Slackware 8 Linux system, which I extensively
upgraded, to gcc 3.0.3, kernel 2.4.17, and many other latest and
greatest shiny utilities. This includes the pine4.44 package, and I'm
using both the imapd and ipop3d daemons that come with that package.

I've implemented POP-B4-SMTP using the log2db utility, so I have a
process that is nicely watching the /var/log/messages file (where imapd
and ipopd dump their information) and storing that off in a database for
sendmail to use for it's relay control. And all was well in the
world...

... until I started receiving messages from users complaining that their
emails were being denied. Tracing through the messages file, I discover
that yes, they were denied -- because there was no record of them
performing a login via either ipop3d or imapd in the log span prior to
them sending mail.

Thinking this strange, I spent some time on the phone with these fine
folks, and determined that yes, they ARE checking their mail -- and not
only is it working, but a quick run of 'top' verifies that there is a
daemon running with their userID, and running 'netstat' -n does show
that they are connected appropriately. The user does successfully
authenticate, retrieve their mail, and logout. However, nothing shows
up in the messages file.

I've checked that syslogd.conf is configured correctly. I have even
places a *.* line in there to /dev/tty7 to watch the logs in real time,
and it does work correctly. In fact, what's stranger is that these
"problem" users will not always have this problem -- sometimes, they
will show up in the logs, and other times, they won't. It's not
consistent. Some users never have this problem, and always show up in
the logs.

I've recompiled ipop3d, imapd, and syslogd, all to no avail. The
daemons are doing their job, just not always logging it.

So what is happening to the entries in the log? Why are there not
entries showing up in the messages file?

Any insight, direction, etc that you can offer would be greatly
appreciated. I'm out of ideas.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Dave Sobel
dave@evolvetech.com
Evolve Technologies
Web Hosting and Consulting
www.evolvetech.com

Yesterday it worked.
Today it is not working.
Windows is like that.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

text/x-vcard attachment: David_P_Sobel__dave_evolvetech.com_.vcf

Previous message: Martin Schulze: "Re: Problem with syslogd Version 1.4.1"
Next in thread: Christian von Roques: "Re: Help needed for missing log entries"
Reply: Christian von Roques: "Re: Help needed for missing log entries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Mar 08 2002 - 06:20:08 CET