[Pkg-aide-maintainers] Bug#442214: Still this on lenny...
Marco Gaiarin
gaio at sv.lnf.it
Thu Apr 8 07:44:26 UTC 2010
I'm hitting this bug on lenny, aide 0.13.1-10.
Clearly i've:
COMMAND=update
COPYNEWDB=ifnochange
But still sporadically i got:
---------------------------------------------------
Added files:
---------------------------------------------------
added: /var/log/exim4/mainlog.2.gz
added: /var/log/exim4/rejectlog.2.gz
added: /var/log/syslog.2.gz
added: /var/log/user.log.2.gz
---------------------------------------------------
Removed files:
---------------------------------------------------
removed: /var/log/ntop/access.log.4.gz
removed: /var/log/exim4/mainlog.10.gz
removed: /var/log/exim4/rejectlog.10.gz
removed: /var/log/user.log.4.gz
---------------------------------------------------
Changed files:
---------------------------------------------------
changed: /var/log/exim4/mainlog
changed: /var/log/exim4/rejectlog
changed: /var/log/exim4/mainlog.1
changed: /var/log/exim4/rejectlog.1
changed: /var/log/syslog
changed: /var/log/syslog.1
changed: /var/log/user.log.1
changed: /var/log/user.log
changed: /var/log/syslog.7.gz
But if i look at /var/log/exim4 now (after some hours...):
tank:~# ls -la /var/log/exim4/
totale 2784
drwxr-s--- 2 Debian-exim adm 4096 8 apr 06:34 .
drwxr-xr-x 13 root root 4096 8 apr 06:34 ..
-rw-r----- 1 Debian-exim adm 87293 8 apr 09:22 mainlog
-rw-r----- 1 Debian-exim adm 552522 8 apr 06:34 mainlog.1
-rw-r----- 1 Debian-exim adm 88305 30 mar 06:34 mainlog.10.gz
-rw-r----- 1 Debian-exim adm 101723 7 apr 06:33 mainlog.2.gz
-rw-r----- 1 Debian-exim adm 66851 6 apr 06:33 mainlog.3.gz
-rw-r----- 1 Debian-exim adm 79894 5 apr 06:33 mainlog.4.gz
-rw-r----- 1 Debian-exim adm 75787 4 apr 06:34 mainlog.5.gz
-rw-r----- 1 Debian-exim adm 85616 3 apr 06:34 mainlog.6.gz
-rw-r----- 1 Debian-exim adm 118557 2 apr 06:34 mainlog.7.gz
-rw-r----- 1 Debian-exim adm 104152 1 apr 06:34 mainlog.8.gz
-rw-r----- 1 Debian-exim adm 112329 31 mar 06:34 mainlog.9.gz
-rw-r----- 1 Debian-exim adm 0 5 feb 17:41 paniclog
-rw-r----- 1 Debian-exim adm 87683 8 apr 09:22 rejectlog
-rw-r----- 1 Debian-exim adm 458763 8 apr 06:27 rejectlog.1
-rw-r----- 1 Debian-exim adm 77745 30 mar 06:33 rejectlog.10.gz
-rw-r----- 1 Debian-exim adm 87661 7 apr 06:30 rejectlog.2.gz
-rw-r----- 1 Debian-exim adm 56135 6 apr 06:31 rejectlog.3.gz
-rw-r----- 1 Debian-exim adm 65614 5 apr 06:29 rejectlog.4.gz
-rw-r----- 1 Debian-exim adm 59657 4 apr 06:33 rejectlog.5.gz
-rw-r----- 1 Debian-exim adm 77438 3 apr 06:30 rejectlog.6.gz
-rw-r----- 1 Debian-exim adm 91157 2 apr 06:30 rejectlog.7.gz
-rw-r----- 1 Debian-exim adm 79454 1 apr 06:33 rejectlog.8.gz
-rw-r----- 1 Debian-exim adm 97203 31 mar 06:25 rejectlog.9.gz
/var/log/exim4/mainlog.10.gz are there, could be simply that last run
of aide (not this night, but last night) got scheduled between log
rotation?
Speaking clearly: seems to me that the trouble here arise when aide got
scheduled not before, not after but *between* a log rotation task.
This mangle the ANF and ARF rules, and next run bump this message.
I got these aide messages mostly on weekends (where weekly rotation
occur and probably load on machine is bigger), but also appears
randomly on workdays.
Note that i use aide on my firewalls, old (PII/PIII) box with not so
much horsepower, so probably on 'modern' and performant hardware this
could be very tricky to trigger.
/etc/cron.daily/aide seems too complicated for my scripting skills,
there's an easy way to make sure aide does not run between log
rotation?
Many thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/chi_siamo/5xmille.php
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the Pkg-aide-maintainers
mailing list