Find the answer to your Linux question:
Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 11 to 20 of 22
Originally Posted by MikeTbob I'm not positive, but I think thats a directory. try this ls /var/log/audit.d If that doesn't work then try more /var/log/audit.d oh btw is a binary ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Just Joined! xMoDx's Avatar
    Join Date
    Feb 2007
    Location
    localhost
    Posts
    41

    Quote Originally Posted by MikeTbob
    I'm not positive, but I think thats a directory.
    try this
    ls /var/log/audit.d
    If that doesn't work then try
    more /var/log/audit.d

    oh btw is a binary file how would it be accessible? i mean readable?

  2. #12
    Just Joined!
    Join Date
    Feb 2007
    Location
    Adelaide, Australia
    Posts
    53
    Technically there is no way to read a binary file and if you cat the file there is the possibility of stuffing up your terminal, which you would type "reset" to fix...

    the easiest way to make sure that it is a binary file is to type the following: file </path/to/filename>.

    If this returns ELF 32-bit LSB executable or similar, its recommended not to cat, less, more, tail or head the file.

  3. #13
    Just Joined! xMoDx's Avatar
    Join Date
    Feb 2007
    Location
    localhost
    Posts
    41
    Quote Originally Posted by WizRd
    Technically there is no way to read a binary file and if you cat the file there is the possibility of stuffing up your terminal, which you would type "reset" to fix...

    the easiest way to make sure that it is a binary file is to type the following: file </path/to/filename>.

    If this returns ELF 32-bit LSB executable or similar, its recommended not to cat, less, more, tail or head the file.

    because there was a traffic spike in february 03 and i would like to know what cause it or why did it happen, anyone have these issue before and want to share?

    thanks in advance

  4. #14
    Just Joined!
    Join Date
    Feb 2007
    Location
    Adelaide, Australia
    Posts
    53
    If you are refering to a traffic spike as in your box sent and receive alot of data you will not be able to track down what caused it without some form of data accounting already in place.

    Just remember that to obtain this sort of information you will be looking for a packet level monitor that will consume large volumes of HDD space if your box is exceptionally active.

  5. #15
    Just Joined! xMoDx's Avatar
    Join Date
    Feb 2007
    Location
    localhost
    Posts
    41
    ok thanks, what if i would like to look for possible mail spams/flood? what would you advice the best thing to do?

  6. #16
    Just Joined!
    Join Date
    Feb 2007
    Location
    Adelaide, Australia
    Posts
    53
    mail logs would be stored in /var/log and would most likely be titled maillog
    if you have logrotated running, then you will need to look at maillog.1.gz or similar

    If the file has a .gz extension you will need to use the command "gunzip <filename>" and then you will be able to view the file as plain text...

    cat <filename> | grep 'Feb 02' | grep size

    This will display all the emails you have received and their size, if you want to figure out how to cut the size out of the line you will need to type "man awk"

  7. #17
    Just Joined! xMoDx's Avatar
    Join Date
    Feb 2007
    Location
    localhost
    Posts
    41
    root@#### [/var/log]# cat maillog | grep 'Feb 02' | grep size
    root@#### [/var/log]# cat maillog.1 | grep 'Feb 02' | grep size
    root@#### [/var/log]# cat maillog.1 | grep 'Feb 03' | grep size

    it doest give results im really in deep trouble =( do u have msn or ym address that i can contact u?

  8. #18
    Just Joined!
    Join Date
    Feb 2007
    Location
    Adelaide, Australia
    Posts
    53
    Unfortunately forums are about as instant as I get, sorry!

    Just drop the | grep size off the end of the command... and more to the point just make sure that there is data in the log files with the command "ls -al maillo*"

  9. #19
    Just Joined! xMoDx's Avatar
    Join Date
    Feb 2007
    Location
    localhost
    Posts
    41
    Quote Originally Posted by WizRd
    Unfortunately forums are about as instant as I get, sorry!

    Just drop the | grep size off the end of the command... and more to the point just make sure that there is data in the log files with the command "ls -al maillo*"

    -rw------- 1 root root 8215673 Feb 12 22:03 maillog
    -rw------- 1 root root 33416637 Feb 11 01:37 maillog.1
    -rw------- 1 root root 44424281 Feb 5 01:39 maillog.2
    -rw------- 1 root root 42876266 Jan 28 01:37 maillog.3
    -rw------- 1 root root 20581989 Jan 21 01:31 maillog.4

    thats what i get... im confused =(

  10. #20
    Just Joined!
    Join Date
    Feb 2007
    Location
    Adelaide, Australia
    Posts
    53
    Approximately 5000 emails and my log file in 10 Mb

    maillog.1 also if your anywhere near Australia's timezone, will only go as far back as 4th Feb, so you may need to go backto maillog.2

    Also if you cat maillog.2 | grep size and it returns no output this means you MTA isn't reporting sizes and you can only guess at how large the emails are...

    I take it you have a linux box that has generated a mountain of traffic and now your ISP or boss is angry???

Page 2 of 3 FirstFirst 1 2 3 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •