|
|
||
slocate and Some Peculiar Log Messages — Day 52© Copyright Darrell Anderson. The Slackware default installation provides some tweaks to help maintain a box, such as providing some basic cron scripts. One of those scripts performs a logrotate. As you can expect, with all of my rebooting and experimenting, my log files tend to grow quickly. However, the Slackware scripts are set to run in the middle of the night. The presumption is that people leave their boxes running all the time. I manually shut down each day. Hmm. After some mild investigating, I learned how to change the time schedule. I now have the scripts run in the late afternoon. Of course, because I dual boot, there is no guarantee the scripts will run. So occasionally I run the script manually to rotate the logs. I need to devise a better way to handle this issue. Another provided script helps maintain the slocate database. Same scheduling problems, but for mow manually typing updatedb is no big deal. However, what gets cataloged into the database is a problem. Sometimes I have mounted my Windows partitions, sometime not. Slocate doesn’t care. Also, I have a user account directory in my /home partition from my Mandrake 9.2 installation. I did not want to catalog all of that either. More surfing revealed that my answer lied in configuring the /etc/updatedb.conf. I added various paths to the PRUNEPATHS option. Now, regardless of when I update the slocate database, I need not worry about populating the database with information I do not need. Speaking of logs, I noticed a peculiar entry in /var/log/syslog. The entry only showed: -- MARK -–Strange. However, some surfing revealed that this entry is merely a way to inform administrators that the system logger is still running although nothing has happened that required logging. Sort of like an occasional ping. Mystery solved. Some other log messages had me befuddled for an evening too. I was playing with dnsmasq. I was inspecting my logs trying to learn more how dnsmasq operated. I noticed some additional log entries that were related to my dial-up session. Well, I was online, so surf to find some answers! Several of the entries I noticed were INPUT packet died entries. I knew these were being generated by my firewall script, but I am a noob at IPTables. However, I quickly discovered that the “problem” was merely a line in the script telling IPTables to record certain unrequested traffic but only up to 3 such attempts per minute. All I needed to do was comment out those lines. I long ago in Windows stopped paying attention to such “intrusion” attempts and I was not about to restart that habit. The firewall was working and that is all I care about. Sure, if I was running a mission critical server I might be more interested. I’m not, so I’m not interested. Another peculiar entry was: modprobe: modprobe: Can’t locate module ppp0The message is clear about the problem, but the solution? I added an alias entry in /etc/modules.conf: alias ppp0 ppp_genericThe next oddball log entry was: pppd[509]: Cannot determine ethernet address for proxy ARPThat too was easy to repair after some surfing. In /etc/ppp/options I commented out the line: proxyarpThis line has something to do with the Address Resolution Protocol. Don’t ask me because I have no idea, but commenting out the line eliminated the syslog message and I noticed no ill effects. The remaining peculiar message was: dnsmasq[207]: ignoring nameserver 127.0.0.1 - local interfaceI resolved that problem by editing /etc/dnsmasq.conf: interface=ppp0I learned another wonderful trick through this investigative process--learning how to monitor logs in real-time. All that is necessary is to open an xterm session (Konsole), login as root, then type: tail -f /var/log/syslogThis command will display the last 10 entries of the log. Slick! Finis. |
||