[CLUE-Tech] maillog not receiving messages
Jason S. Friedman
jason at powerpull.net
Mon Dec 15 20:35:16 MST 2003
Jason> /var/log/maillog is suddenly not being updated. The mail
Jason> server (postfix) is running and sending and receiving properly.
Jason> Other log files in /var/log are being updated fine, too.
Jason> $ grep "mail" /etc/syslog.conf | grep -v "^#"
Jason> *.info;mail.none;news.none;authpriv.none;cron.none
Jason> /var/log/messages mail.* /var/log/maillog
I have seen compromised machines where the intruder made log files
immutable...
lsattr /var/log/maillog
to see if it's immutable.
It would be odd for them to just do that with the maillog tho.
Is the maillog exceptionally large? Perhaps it's over 2GB and
something wasn't compiled with over 2GB limits for files?
Just some suggestions...
Jason> Thanks for the tip. I bounched the syslog service and it started
up again.
More information about the clue-tech
mailing list