On 3/20/07, Steve Linabery <slinabery at worldcycling.com> wrote: > Hi, > > I have a machine running CentOS 4.4. Pretty much a stock server install; I've done my usual checklist of things to turn off (isdn, portmap, nfs stuff, etc). > > Almost all the log files (including old rotated logs) in /var/log are empty or nearly empty. > > syslogd is running; 'logger teststring' produces an entry in /var/log/messages > > Upon system restart, there are a few lines in /var/log/messages, but nothing like what I'd expect. Remote logins are not being logged. > > My gut reaction to something like this is always "oh s***, it's been compromised", but I was wondering if anyone had any other possible explanations... Hopefully you've been keeping your system updated so as to minimize risks. As to additional logging, you'll need to modify your /etc/syslog.conf for what you want to log as well as the level of verbosity. I haven't looked into a CentOS syslog.conf file, but I believe they turn down verbosity so as to keep logfiles from filling up. I believe it's authlog you want to enable to log remote users, but don't recall offhand. -- -Shawn -Nemo me impune lacessit. Ne Obliviscaris..