[KLUG Members] Re:Introduction and Logfiles mess, Such as?

[Bob Kanaley]

As a rookie sysadmin, I don't have the confidence to tune application or
syslog settings to try to slow some of the garbadge down.

One example would be logfile noise generated from my new email setup. I
installed an LRP firewall with two NIC's so I could create a split DNS with
a DMZ for my chrooted Postrix and central logserver.

I have my 30 windows email clients on the LAN access my Postfix mailserver
running in the DMZ via secure POP3. To pull this off, I had to configure
Stunnel and Postfix on the mail server and reconfigure each of the windows
clients to use secure pop3.

Now, each time a windows client logs in to the mailserver I get:

an xinetd START: pop3 from 127.0.0.1 entry, in my secure logfile,
an ipop3d pop3 service init from 127.0.0.1 entry in my maillog and
two stunnel SSL_accept error messages in syslog
    one for no shared cipher and one for unknown protocol

That comes out to hundreds of useless entries a day in my logs.

I don't know if the error messages are from stupid windows clients, improper
settings for Postfix, Xinetd and Stunnel or improper syslog settings that
are recording useless messages!!!

Since the mailserver is functioning and a lot more secure than when I
started, I just have to put up with the garbadge while I struggle to fix
more important things like windows clients crashing when certain Samba
shares are accessed on the central file server.

> >Fortunately the essential things are mostly working. My single biggest
> >annoyance is wading through lots of trivial messages in my log files. The
>
> Such as?  syslog is quite configurable as is the verbosity level of most
> applications.
>
> logview is a nice GNOME application for wading through logs.
>
> It is also pretty simple to centralize all/most of the logs on one server.

I built a remote central log server while I was putting the new security
infrastructure in. I had to use recycled parts and the only hard drive I had
at the time was 350 MB. By the time I got RedHat 7.0 on there, there wasn't
a lot of space left for logging. Data from four servers filled that puppy up
real quick.

I recently got my hands on a *WESTERN DIGITAL* 20 GB disk, but with what I
am reading about western digital I am not sure I want to use it. If I do put
it in, I have to figure out where to mount it and reconfigure the syslog
deamon to log data there.

I really don't have a linux box to call my own and I strip X off of most of
the production servers. But I did fire up X on my internal DNS/VNC (over
SSH) RedHat 7.0 server. The System Log Viewer looks pretty slick. Thanks for
the tip.

Bob Kanaley
IS Manager
Agdia, Inc.