On Tue, Mar 20, 2007 at 07:08:29PM -0500, Shawn Fertch wrote:
> On 3/20/07, Steve Linabery <slinabery at worldcycling.com> wrote:
> > Hi,
> >
> > I have a machine running CentOS 4.4. Pretty much a stock server install; I've done my usual checklist of things to turn off (isdn, portmap, nfs stuff, etc).
> >
> > Almost all the log files (including old rotated logs) in /var/log are empty or nearly empty.
> >
> > syslogd is running; 'logger teststring' produces an entry in /var/log/messages
> >
> > Upon system restart, there are a few lines in /var/log/messages, but nothing like what I'd expect. Remote logins are not being logged.
> >
> > My gut reaction to something like this is always "oh s***, it's been compromised", but I was wondering if anyone had any other possible explanations...
> 
> Hopefully you've been keeping your system updated so as to minimize
> risks.  As to additional logging, you'll need to modify your
> /etc/syslog.conf for what you want to log as well as the level of
> verbosity.  I haven't looked into a CentOS syslog.conf file, but I
> believe they turn down verbosity so as to keep logfiles from filling
> up.
> 
> I believe it's authlog you want to enable to log remote users, but
> don't recall offhand.
> -- 
> -Shawn
> 
> -Nemo me impune lacessit.  Ne Obliviscaris..
> 
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list

Thanks everyone for your helpful suggestions.

There's nothing wrong with the system after all.

A previous CentOS install provided lots of syslog detail by default; not sure what was different about that install, but that machine and the machine with no log data have vastly different /etc/syslog.conf files.

Cheers,
-- 
Steve Linabery
B94B C3C7 8A27 FF09 3C9D  E992 5A20 2492 D5F5 EE51


This electronic message transmission contains information from the sender's organization that may be proprietary, confidential and/or privileged. The information is intended only for the use of the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying or distribution or use of the contents of this information is prohibited. If you have received this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:"