[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] RaQ3 Mysterious dying continued

Subject: [cobalt-users] RaQ3 Mysterious dying continued
From: Chae <chae@xxxxxxxxxxxx>
Date: Mon Sep 30 19:11:02 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Hi Yah,

Okay we're back to the raq3 mysteriously dying - well not dying not runningany services.

Since the last time I reported this I've kicked the Ram up to 512 in casethis was causing the problem, but now it's obviously not the issue :(

This is a long email but I need someone to see the logs to see what I'mseeing...

As usual none of the logs show anything obvious, fcheck hasn't shown anychanges to the system files and chkrootkit shows a clean bill of health.


The sequence of events were (before I went to bed) as follows:

Raqbackup has just finished it's thing at around 10.30pm and sent an emailthrough saying it had finished, out of habit I logged into the backup FTPserver to make sure all was there and noticed that some of the backup upfiles hadn't been ftp'd across. Checked the raqbackup logs and all backupswere created, the server just didn't ftp everything across. So deleted theset from the backup server and ran it again, waited about for about an hourchecked the email and again it showed that not all the files had been ftp'dacross. Again deleted the backup set then ran raqbackup again - then wentto bed. Got a phone call about 6 hours later telling me the server was down...

Sure enough the same old problem, couldn't access the server via shell,httpd or ftp and email had stopped - did a reboot via our remote auto-bootand away it went.

Then the usual emails started filtering thorough...

The logs prior to the server going down didn't show anything unusual or outof the ordinary. To me it looks like the services died a death and swatchcan't get them going again. Of course sendmail wasn't running so I don'tget any notification from the server telling me services aren't running.But saying that even when the servers booted up again and the email comesthrough there's no email from the GUI saying services were down or notrunning :(

This one's driving me nuts - and seems to just happen after a period of 3-4weeks, the servers patched up to the max except for the SSL fix - hopingCobalt will have that public soon, have a couple of MySQL databases runningbut it's not a heavily loaded machine.


Anyone any idea as to what my be happening or why it's doing this?

Anyone got a solutions as to why the services are die off but don't want torestart?Anyone know how I can ensure that if they do go down again I can find outor have a script restart them again?

Anyway of checking swatch?

The logs were still being generated while the server wasn't running any ofthe services and they show the following:


1am log:-

Security Violations
=-=-=-=-=-=-=-=-=-=

Oct 1 00:23:43 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=50515 F=0x0000 T=2 (#86)

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=

Sep 30 12:01:52 ns fcheck: "WARNING: [ns.xxxxxx.com] /usr/tmp [Times: Sep30 11:01 2002 - Sep 30 12:01 2002]"Sep 30 12:01:53 ns fcheck: "WARNING: [ns.xxxxxx.com] /root/.spamassassin[Times: Sep 30 11:01 2002 - Sep 30 11:32 2002]"Sep 30 12:01:53 ns fcheck: "WARNING: [ns.xxxxxx.com]/root/.spamassassin/auto-whitelist [Times: Sep 30 11:01 2002 - Sep 30 11:322002]"Sep 30 12:02:00 ns fcheck: "INFO: Rebuild of the fcheck database/usr/local/etc/fcheck/fcheck.dbf begun for ns.xxxxxx.com using config file/usr/local/etc/fcheck/fcheck.cfg"Sep 30 12:02:01 ns fcheck: "WARNING: [ns.xxxxxx.com] /etc/adjtime [Times:Sep 30 10:03 2002 - Sep 30 11:03 2002]"Sep 30 12:02:01 ns fcheck: "WARNING: [ns.xxxxxx.com] /etc/aliases [Inodes:43075 - 43073, Sizes: 4442 - 4446, Times: Sep 26 22:10 2002 - Sep 30 11:132002]"Sep 30 12:02:01 ns fcheck: "WARNING: [ns.xxxxxx.com] /etc/aliases.db[Times: Sep 26 22:11 2002 - Sep 30 11:13 2002]"Sep 30 12:02:01 ns fcheck: "WARNING: [ns.xxxxxx.com] /etc/locks [Times: Sep30 11:02 2002 - Sep 30 12:01 2002]"Sep 30 12:02:02 ns fcheck: "WARNING: [ns.xxxxxx.com] /etc/mail/popip.db[Times: Sep 30 11:03 2002 - Sep 30 11:50 2002]"Sep 30 12:02:02 ns fcheck: "WARNING: [ns.xxxxxx.com] /etc/virtusertable[Times: Sep 30 05:09 2002 - Sep 30 11:13 2002]"Sep 30 12:02:02 ns fcheck: "WARNING: [ns.xxxxxx.com] /etc/virtusertable.db[Times: Sep 30 05:09 2002 - Sep 30 11:13 2002]"Sep 30 12:02:03 ns fcheck: "WARNING: [ns.xxxxxx.com] /tmp/FProtBusy.lock[Times: Sep 30 11:01 2002 - Sep 30 11:32 2002]"Sep 30 12:02:03 ns fcheck: "WARNING: [ns.xxxxxx.com]/tmp/sess_7a686518270cf2382eed2b3b2a54a3b6 [Times: Sep 30 10:03 2002 - Sep30 11:17 2002]"Sep 30 12:02:03 ns fcheck: "ADDITION: [ns.xxxxxx.com]/tmp/sess_2653d0bf8fb26791cb2b97bc9eb2c98e [30764 -rw------- 1 15 036 Sep 30 11:20 2002 ]"Sep 30 12:02:03 ns fcheck: "ADDITION: [ns.xxxxxx.com]/tmp/sess_3ce9991d44695d62bb2fb33c9ca7240f [30768 -rw------- 1 15 036 Sep 30 11:27 2002 ]"Sep 30 12:02:03 ns fcheck: "ADDITION: [ns.xxxxxx.com]/tmp/sess_e4feddad79dde50b5546c4a4f67b7d04 [30765 -rw------- 1 15 084 Sep 30 11:25 2002 ]"

Oct  1 00:05:48 ns named[860]: Cleaned cache of 542 RRsets

Oct 1 00:05:48 ns named[860]: USAGE 1033387548 1031954756CPU=1087.8u/848.64s CHILDCPU=0u/0sOct 1 00:05:48 ns named[860]: NSTATS 1033387548 1031954756 A=126178 NS=29CNAME=2006 SOA=118 PTR=960767 MX=18825 TXT=31 AAAA=14610 NXT=1 A6=13995ANY=64692Oct 1 00:05:48 ns named[860]: XSTATS 1033387548 1031954756 RR=1218228RNXD=467141 RFwdR=427372 RDupR=5454 RFail=37373 RFErr=102438 RErr=8238RAXFR=0 RLame=85996 ROpts=0 SSysQ=415092 SAns=1260348 SFwdQ=549965SDupQ=672498 SErr=49 RQ=1201252 RIQ=0 RFwdQ=549965 RDupQ=2253 RTCP=9765SFwdR=427372 SFail=667 SFErr=0 SNaAns=373583 SNXD=410526 RUQ=0 RURQ=0RUXFR=0 RUUpd=0Oct 1 00:23:43 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=50515 F=0x0000 T=2 (#86)Oct 1 00:02:06 ns sendmail[28127]: AAA28127: from=root, size=101610,class=0, pri=131610, nrcpts=1, msgid=<200209301201.AAA28127@xxxxxxxxxxxxx>,relay=root@localhostOct 1 00:02:06 ns sendmail[28127]: AAA28127: to=xxxxxxxxxxxxxxxxxx,delay=00:01:01, mailer=esmtp, stat=queuedOct 1 00:15:09 ns sendmail[28867]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 00:30:03 ns sendmail[29449]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 00:35:55 ns sendmail[29655]: AAA29655: from=root, size=140714,class=0, pri=170714, nrcpts=1, msgid=<200209301234.AAA29655@xxxxxxxxxxxxx>,relay=root@localhostOct 1 00:35:55 ns sendmail[29655]: AAA29655: to=xxxxxxxxxxxxxxx,delay=00:01:01, mailer=esmtp, stat=queuedOct 1 00:45:04 ns sendmail[30044]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 01:00:03 ns sendmail[30624]: NOQUEUE: Null connection from localhost[127.0.0.1]


2am Log:-

Security Violations
=-=-=-=-=-=-=-=-=-=

Oct 1 01:03:42 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=50991 F=0x0000 T=2 (#86)Oct 1 01:43:42 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=4558 F=0x0000 T=2 (#86)

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=

Sep 30 13:01:31 ns fcheck: "WARNING: [xxxxxx.com] /usr/tmp [Times: Sep 3012:01 2002 - Sep 30 13:01 2002]"Sep 30 13:01:36 ns fcheck: "WARNING: [xxxxxx.com] /etc/adjtime [Times: Sep30 11:03 2002 - Sep 30 12:04 2002]"Sep 30 13:01:36 ns fcheck: "WARNING: [xxxxxx.com] /etc/locks [Times: Sep 3012:02 2002 - Sep 30 13:01 2002]"Sep 30 13:02:01 ns fcheck: "INFO: Rebuild of the fcheck database/usr/local/etc/fcheck/fcheck.dbf begun for xxxxxx.com using config file/usr/local/etc/fcheck/fcheck.cfg"Oct 1 01:03:42 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=50991 F=0x0000 T=2 (#86)

Oct  1 01:05:48 ns named[860]: Cleaned cache of 606 RRsets

Oct 1 01:05:48 ns named[860]: USAGE 1033391148 1031954756CPU=1087.85u/848.66s CHILDCPU=0u/0sOct 1 01:05:48 ns named[860]: NSTATS 1033391148 1031954756 A=126235 NS=29CNAME=2006 SOA=118 PTR=960795 MX=18825 TXT=31 AAAA=14610 NXT=1 A6=13995ANY=64698Oct 1 01:05:48 ns named[860]: XSTATS 1033391148 1031954756 RR=1218228RNXD=467141 RFwdR=427372 RDupR=5454 RFail=37373 RFErr=102438 RErr=8238RAXFR=0 RLame=85996 ROpts=0 SSysQ=415116 SAns=1260381 SFwdQ=549979SDupQ=672688 SErr=49 RQ=1201343 RIQ=0 RFwdQ=549979 RDupQ=2295 RTCP=9767SFwdR=427372 SFail=667 SFErr=0 SNaAns=373591 SNXD=410527 RUQ=0 RURQ=0RUXFR=0 RUUpd=0Oct 1 01:43:42 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=4558 F=0x0000 T=2 (#86)Oct 1 01:02:04 ns sendmail[30699]: BAA30699: from=root, size=4580,class=0, pri=34580, nrcpts=1, msgid=<200209301301.BAA30699@xxxxxxxxxx>,relay=root@localhostOct 1 01:02:04 ns sendmail[30699]: BAA30699: to=xxxxxxxxxxxxxxxxxx,delay=00:01:01, mailer=esmtp, stat=queuedOct 1 01:15:04 ns sendmail[31260]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 01:30:03 ns sendmail[31840]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 01:45:04 ns sendmail[32422]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 02:00:03 ns sendmail[534]: NOQUEUE: Null connection from localhost[127.0.0.1]


3am Log:-

Security Violations
=-=-=-=-=-=-=-=-=-=

Oct 1 02:23:42 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=42559 F=0x0000 T=2 (#86)

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=

Sep 30 14:01:31 ns fcheck: "WARNING: [xxxxxx.com] /usr/tmp [Times: Sep 3013:01 2002 - Sep 30 14:01 2002]"Sep 30 14:01:35 ns fcheck: "WARNING: [xxxxxx.com] /etc/adjtime [Times: Sep30 12:04 2002 - Sep 30 13:04 2002]"Sep 30 14:01:35 ns fcheck: "WARNING: [xxxxxx.com] /etc/locks [Times: Sep 3013:02 2002 - Sep 30 14:01 2002]"Sep 30 14:02:01 ns fcheck: "INFO: Rebuild of the fcheck database/usr/local/etc/fcheck/fcheck.dbf begun for xxxxxx.com using config file/usr/local/etc/fcheck/fcheck.cfg"

Oct  1 02:05:48 ns named[860]: Cleaned cache of 200 RRsets

Oct 1 02:05:48 ns named[860]: USAGE 1033394748 1031954756CPU=1087.89u/848.68s CHILDCPU=0u/0sOct 1 02:05:48 ns named[860]: NSTATS 1033394748 1031954756 A=126284 NS=29CNAME=2006 SOA=118 PTR=960809 MX=18825 TXT=31 AAAA=14610 NXT=1 A6=13995ANY=64703Oct 1 02:05:48 ns named[860]: XSTATS 1033394748 1031954756 RR=1218228RNXD=467141 RFwdR=427372 RDupR=5454 RFail=37373 RFErr=102438 RErr=8238RAXFR=0 RLame=85996 ROpts=0 SSysQ=415136 SAns=1260400 SFwdQ=549991SDupQ=672848 SErr=49 RQ=1201411 RIQ=0 RFwdQ=549991 RDupQ=2331 RTCP=9768SFwdR=427372 SFail=667 SFErr=0 SNaAns=373597 SNXD=410528 RUQ=0 RURQ=0RUXFR=0 RUUpd=0Oct 1 02:23:42 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=42559 F=0x0000 T=2 (#86)Oct 1 02:02:05 ns sendmail[609]: CAA00609: from=root, size=2644, class=0,pri=32644, nrcpts=1, msgid=<200209301401.CAA00609@xxxxxxxxxx>,relay=root@localhostOct 1 02:02:05 ns sendmail[609]: CAA00609: to=xxxxxxxxxxxxxxx,delay=00:01:01, mailer=esmtp, stat=queuedOct 1 02:15:04 ns sendmail[1184]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 02:30:03 ns sendmail[1769]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 02:45:04 ns sendmail[2351]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 02:45:24 ns mailscanner[23047]: MailScanner E-Mail Virus Scannerversion 3.21 starting.

Oct  1 02:45:24 ns mailscanner[23047]: Configuring mailscanner for sendmail...
Oct  1 02:45:25 ns mailscanner[23047]: Using locktype = flock

Oct 1 02:45:26 ns mailscanner[2374]: Enabling SpamAssassin auto-whitelistfunctionality...Oct 1 03:00:03 ns sendmail[2935]: NOQUEUE: Null connection from localhost[127.0.0.1]


4am Log:-

Security Violations
=-=-=-=-=-=-=-=-=-=

Oct 1 03:03:42 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=61788 F=0x0000 T=2 (#86)Oct 1 03:43:41 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=29207 F=0x0000 T=2 (#86)

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=

Sep 30 15:01:31 ns fcheck: "WARNING: [xxxxxx.com] /usr/tmp [Times: Sep 3014:01 2002 - Sep 30 15:01 2002]"Sep 30 15:01:32 ns fcheck: "WARNING: [xxxxxx.com] /root/.spamassassin[Times: Sep 30 11:32 2002 - Sep 30 14:45 2002]"Sep 30 15:01:32 ns fcheck: "WARNING: [xxxxxx.com]/root/.spamassassin/auto-whitelist [Times: Sep 30 11:32 2002 - Sep 30 14:452002]"Sep 30 15:01:35 ns fcheck: "WARNING: [xxxxxx.com] /etc/adjtime [Times: Sep30 13:04 2002 - Sep 30 14:04 2002]"Sep 30 15:01:35 ns fcheck: "WARNING: [xxxxxx.com] /etc/locks [Times: Sep 3014:02 2002 - Sep 30 15:01 2002]"Sep 30 15:02:00 ns fcheck: "INFO: Rebuild of the fcheck database/usr/local/etc/fcheck/fcheck.dbf begun for xxxxxx.com using config file/usr/local/etc/fcheck/fcheck.cfg"Oct 1 03:03:42 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=61788 F=0x0000 T=2 (#86)

Oct  1 03:05:48 ns named[860]: Cleaned cache of 150 RRsets

Oct 1 03:05:48 ns named[860]: USAGE 1033398348 1031954756CPU=1087.95u/848.69s CHILDCPU=0u/0sOct 1 03:05:48 ns named[860]: NSTATS 1033398348 1031954756 A=126333 NS=29CNAME=2006 SOA=118 PTR=960823 MX=18825 TXT=31 AAAA=14610 NXT=1 A6=13995ANY=64708Oct 1 03:05:48 ns named[860]: XSTATS 1033398348 1031954756 RR=1218228RNXD=467141 RFwdR=427372 RDupR=5454 RFail=37373 RFErr=102438 RErr=8238RAXFR=0 RLame=85996 ROpts=0 SSysQ=415156 SAns=1260419 SFwdQ=550003SDupQ=673008 SErr=49 RQ=1201479 RIQ=0 RFwdQ=550003 RDupQ=2367 RTCP=9769SFwdR=427372 SFail=667 SFErr=0 SNaAns=373603 SNXD=410529 RUQ=0 RURQ=0RUXFR=0 RUUpd=0Oct 1 03:43:41 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=29207 F=0x0000 T=2 (#86)Oct 1 03:02:05 ns sendmail[3010]: DAA03010: from=root, size=2706, class=0,pri=32706, nrcpts=1, msgid=<200209301501.DAA03010@xxxxxxxxxx>,relay=root@localhostOct 1 03:02:05 ns sendmail[3010]: DAA03010: to=xxxxxxxxxxxxxxxx,delay=00:01:01, mailer=esmtp, stat=queuedOct 1 03:15:04 ns sendmail[3574]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 03:30:04 ns sendmail[4155]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 03:45:04 ns sendmail[4737]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 04:00:03 ns sendmail[5317]: NOQUEUE: Null connection from localhost[127.0.0.1]


During this and the next log F-Prot had updated it's files...
Finished updating F-Prot Virus definitions on: Tue Oct 1 04:04:41 NZST 2002
===========================================================================
Retreived a replacement macrdef2.zip file
bytes
Archive: macrdef2.zip
inflating: MACRO.DEF
--------------------------------------
Retreived a replacement fp-def.zip file
bytes
Archive: fp-def.zip
inflating: SIGN.ASC
inflating: SIGN.DEF
inflating: SIGN2.ASC
inflating: SIGN2.DEF
--------------------------------------

5am Log:-

Security Violations
=-=-=-=-=-=-=-=-=-=

Oct 1 04:23:41 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=53311 F=0x0000 T=2 (#86)

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=

Sep 30 16:01:30 ns fcheck: "WARNING: [xxxxxx.com] /usr/tmp [Times: Sep 3015:01 2002 - Sep 30 16:01 2002]"Sep 30 16:01:34 ns fcheck: "WARNING: [xxxxxx.com] /etc/adjtime [Times: Sep30 14:04 2002 - Sep 30 15:04 2002]"Sep 30 16:01:35 ns fcheck: "WARNING: [xxxxxx.com] /etc/locks [Times: Sep 3015:02 2002 - Sep 30 16:01 2002]"Sep 30 16:02:00 ns fcheck: "INFO: Rebuild of the fcheck database/usr/local/etc/fcheck/fcheck.dbf begun for xxxxxx.com using config file/usr/local/etc/fcheck/fcheck.cfg"

Oct  1 04:05:48 ns named[860]: Cleaned cache of 356 RRsets

Oct 1 04:05:48 ns named[860]: USAGE 1033401948 1031954756CPU=1088u/848.75s CHILDCPU=0u/0sOct 1 04:05:48 ns named[860]: NSTATS 1033401948 1031954756 A=126416 NS=29CNAME=2006 SOA=118 PTR=960940 MX=18825 TXT=31 AAAA=14610 NXT=1 A6=13995ANY=64715Oct 1 04:05:48 ns named[860]: XSTATS 1033401948 1031954756 RR=1218228RNXD=467141 RFwdR=427372 RDupR=5454 RFail=37373 RFErr=102438 RErr=8238RAXFR=0 RLame=85996 ROpts=0 SSysQ=415293 SAns=1260468 SFwdQ=550119SDupQ=673984 SErr=49 RQ=1201686 RIQ=0 RFwdQ=550119 RDupQ=2406 RTCP=9772SFwdR=427372 SFail=667 SFErr=0 SNaAns=373613 SNXD=410532 RUQ=0 RURQ=0RUXFR=0 RUUpd=0Oct 1 04:23:41 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=53311 F=0x0000 T=2 (#86)Oct 1 04:02:05 ns sendmail[5392]: EAA05392: from=root, size=2945, class=0,pri=32945, nrcpts=1, msgid=<200209301601.EAA05392@xxxxxxxxxx>,relay=root@localhostOct 1 04:02:05 ns sendmail[5392]: EAA05392: to=xxxxxxxxxxxxxx,delay=00:01:01, mailer=esmtp, stat=queuedOct 1 04:06:01 ns sendmail[5569]: EAA05569: from=root, size=645, class=0,pri=30645, nrcpts=1, msgid=<200209301604.EAA05569@xxxxxxxxxx>,relay=root@localhostOct 1 04:06:01 ns sendmail[5569]: EAA05569: to=xxxxxxxxxxxx,delay=00:01:20, mailer=esmtp, stat=queuedOct 1 04:11:03 ns sendmail[5791]: EAA05791: to=xxxxxxxxxxxx,delay=00:00:00, mailer=esmtp, stat=queuedOct 1 04:11:03 ns sendmail[5791]: EAB05791: to=xxxxxxxxxxxxxx,delay=00:00:00, mailer=esmtp, stat=queuedOct 1 04:13:49 ns sendmail[6247]: EAA06247: from=nobody, size=265,class=0, pri=30265, nrcpts=1, msgid=<200209301613.EAA06247@xxxxxxxxxx>,relay=nobody@localhostOct 1 04:13:49 ns sendmail[6247]: EAA06247: to=/dev/null, delay=00:00:13,xdelay=00:00:00, mailer=*file*, stat=SentOct 1 04:15:04 ns sendmail[6361]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 04:30:03 ns sendmail[6942]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 04:41:03 ns sendmail[7308]: EAA07308: to=xxxxxxxxxxxxxxxx,delay=00:00:00, mailer=esmtp, stat=queuedOct 1 04:41:03 ns sendmail[7308]: EAB07308: to=xxxxxxxxxxxxxxxx,delay=00:00:00, mailer=esmtp, stat=queuedOct 1 04:45:03 ns sendmail[7545]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 05:00:03 ns sendmail[8125]: NOQUEUE: Null connection from localhost[127.0.0.1]


6am Log:-

Security Violations
=-=-=-=-=-=-=-=-=-=

Oct 1 05:03:41 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=14549 F=0x0000 T=2 (#86)Oct 1 05:43:41 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=34097 F=0x0000 T=2 (#86)

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=

Sep 30 17:01:32 ns fcheck: "WARNING: [xxxxxx.com] /usr/tmp [Times: Sep 3016:02 2002 - Sep 30 17:01 2002]"Sep 30 17:01:36 ns fcheck: "WARNING: [xxxxxx.com] /etc/adjtime [Times: Sep30 15:04 2002 - Sep 30 16:05 2002]"Sep 30 17:01:36 ns fcheck: "WARNING: [xxxxxx.com] /etc/locks [Times: Sep 3016:02 2002 - Sep 30 17:01 2002]"Sep 30 17:01:37 ns fcheck: "DELETION: [xxxxxx.com]/tmp/fprot-wget-status.5441 [30766 -rw-r--r-- 1 0 0 139 Sep 30 16:022002]"Sep 30 17:02:00 ns fcheck: "INFO: Rebuild of the fcheck database/usr/local/etc/fcheck/fcheck.dbf begun for xxxxxx.com using config file/usr/local/etc/fcheck/fcheck.cfg"Oct 1 05:03:41 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=14549 F=0x0000 T=2 (#86)

Oct  1 05:05:48 ns named[860]: Cleaned cache of 3316 RRsets

Oct 1 05:05:48 ns named[860]: USAGE 1033405548 1031954756CPU=1115.84u/873.93s CHILDCPU=0u/0sOct 1 05:05:48 ns named[860]: NSTATS 1033405548 1031954756 A=126465 NS=29CNAME=2006 SOA=118 PTR=966368 MX=18825 TXT=31 AAAA=14610 NXT=1 A6=13995ANY=64720Oct 1 05:05:48 ns named[860]: XSTATS 1033405548 1031954756 RR=1218228RNXD=467141 RFwdR=427372 RDupR=5454 RFail=37373 RFErr=102438 RErr=8238RAXFR=0 RLame=85996 ROpts=0 SSysQ=424806 SAns=1260500 SFwdQ=555560SDupQ=883159 SErr=49 RQ=1207168 RIQ=0 RFwdQ=555560 RDupQ=2413 RTCP=9774SFwdR=427372 SFail=667 SFErr=0 SNaAns=373620 SNXD=410533 RUQ=0 RURQ=0RUXFR=0 RUUpd=0Oct 1 05:43:41 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=34097 F=0x0000 T=2 (#86)Oct 1 05:02:23 ns sendmail[8200]: FAA08200: from=root, size=3422, class=0,pri=33422, nrcpts=1, msgid=<200209301701.FAA08200@xxxxxxxxxx>,relay=root@localhostOct 1 05:02:23 ns sendmail[8200]: FAA08200: to=xxxxxxxxxxxxx,delay=00:01:20, mailer=esmtp, stat=queuedOct 1 05:11:03 ns sendmail[8546]: FAA08546: to=xxxxxxxxxxxxx,delay=00:00:00, mailer=esmtp, stat=queuedOct 1 05:11:03 ns sendmail[8546]: FAB08546: to=xxxxxxxxxxxxx,delay=00:00:00, mailer=esmtp, stat=queuedOct 1 05:15:04 ns sendmail[8762]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 05:30:03 ns sendmail[9360]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 05:45:04 ns sendmail[9960]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 06:00:04 ns sendmail[10576]: NOQUEUE: Null connection from localhost[127.0.0.1]


7am Log:-

Security Violations
=-=-=-=-=-=-=-=-=-=

Oct 1 06:05:01 ns named[860]: send_msg: sendto([xxx.xxx.xxx.xxx].4450):Operation not permittedOct 1 06:23:41 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=59362 F=0x0000 T=2 (#86)

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=

Sep 30 18:01:33 ns fcheck: "WARNING: [xxxxxx.com] /usr/tmp [Times: Sep 3017:01 2002 - Sep 30 18:01 2002]"Sep 30 18:01:38 ns fcheck: "WARNING: [xxxxxx.com] /etc/adjtime [Times: Sep30 16:05 2002 - Sep 30 17:05 2002]"Sep 30 18:01:38 ns fcheck: "WARNING: [xxxxxx.com] /etc/locks [Times: Sep 3017:02 2002 - Sep 30 18:01 2002]"Sep 30 18:02:00 ns fcheck: "INFO: Rebuild of the fcheck database/usr/local/etc/fcheck/fcheck.dbf begun for xxxxxx.com using config file/usr/local/etc/fcheck/fcheck.cfg"Oct 1 06:05:01 ns named[860]: send_msg: sendto([208.155.64.121].4450):Operation not permitted

Oct  1 06:05:48 ns named[860]: Cleaned cache of 1105 RRsets

Oct 1 06:05:48 ns named[860]: USAGE 1033409148 1031954756CPU=1136.76u/893.9s CHILDCPU=0u/0sOct 1 06:05:48 ns named[860]: NSTATS 1033409148 1031954756 A=126514 NS=29CNAME=2006 SOA=118 PTR=971468 MX=18825 TXT=31 AAAA=14610 NXT=1 A6=13995ANY=64725Oct 1 06:05:48 ns named[860]: XSTATS 1033409148 1031954756 RR=1218228RNXD=467141 RFwdR=427372 RDupR=5454 RFail=37373 RFErr=102438 RErr=8238RAXFR=0 RLame=85996 ROpts=0 SSysQ=431993 SAns=1260520 SFwdQ=560687SDupQ=1060088 SErr=51 RQ=1212322 RIQ=0 RFwdQ=560687 RDupQ=2419 RTCP=9775SFwdR=427372 SFail=667 SFErr=0 SNaAns=373626 SNXD=410535 RUQ=0 RURQ=0RUXFR=0 RUUpd=0Oct 1 06:23:41 ns kernel: Packet log: input DENY eth0 PROTO=17208.155.78.3:42 224.0.1.24:42 L=47 S=0x00 I=59362 F=0x0000 T=2 (#86)Oct 1 06:02:24 ns sendmail[10651]: GAA10651: from=root, size=3027,class=0, pri=33027, nrcpts=1, msgid=<200209301801.GAA10651@xxxxxxxxxx>,relay=root@localhostOct 1 06:02:24 ns sendmail[10651]: GAA10651: to=xxxxxxxxxxxxxxx,delay=00:01:21, mailer=esmtp, stat=queuedOct 1 06:11:03 ns sendmail[11162]: GAA11162: to=xxxxxxxxxxxxxxx,delay=00:00:00, mailer=esmtp, stat=queuedOct 1 06:11:03 ns sendmail[11162]: GAB11162: to=xxxxxxxxxxxxxxx,delay=00:00:00, mailer=esmtp, stat=queuedOct 1 06:15:04 ns sendmail[11396]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 06:30:03 ns sendmail[11994]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 06:45:03 ns sendmail[12594]: NOQUEUE: Null connection from localhost[127.0.0.1]Oct 1 06:45:36 ns mailscanner[2374]: MailScanner E-Mail Virus Scannerversion 3.21 starting.

Oct  1 06:45:36 ns mailscanner[2374]: Configuring mailscanner for sendmail...
Oct  1 06:45:36 ns mailscanner[2374]: Using locktype = flock

Oct 1 06:45:37 ns mailscanner[12617]: Enabling SpamAssassin auto-whitelistfunctionality...Oct 1 07:00:04 ns sendmail[13232]: NOQUEUE: Null connection from localhost[127.0.0.1]


Regards

Chae

Follow-Ups:
- Re: [cobalt-users] RaQ3 Mysterious dying continued
  - From: cbtrussell

Prev by Date: Re: [cobalt-users] pmfirewall multiple IP's
Next by Date: RE: [cobalt-users] dns cname for domain name?
Previous by thread: Re: [cobalt-users] pmfirewall multiple IP's
Next by thread: Re: [cobalt-users] RaQ3 Mysterious dying continued

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index