[NTLUG:Discuss] Messages Eating Up the Screen

[sysmail@glade.net]

If you don't need remote syslogging on the boxes in question, block UDP
port 514.  Personally, I use a script to generate ipchains rules based on
my present IP address, and I DENY everything I don't specifically want.
Right now if I 'wc' my ipchains list, there are 220 lines in it.  I guess
I'm obsessive.

A very simplistic approach for blocking syslog:

ipchains -A input -p UDP -s 0.0.0.0/0 -d your-ip syslog -j DENY

That will block any request from anywhere (except localhost) from getting
to your syslog port.

You will have to have ipchains support, which requires packet filtering
and packet forwarding to be enabled in your kernel.

Kernel 2.4 has more elegant rulesets for packets - but I'm not running 2.4
yet.

Regards,

Carl

-- 

Carl Haddick
sysmail at glade.net
GladeNet Communications

On Fri, 16 Mar 2001, Carter B. Bennett wrote:

> We have RH 5.1 boxes at each of our 53 stores as a POS Backbone. Most of
> the boxes are working great, they were all installed the same way ( with
> the same set of instructions ) but, I have three locations writing this
> message across the screen every 3 to 5 seconds:
>
> Message from syslogd at dunlaps at Fri Mar 16 8:46:57 2001 . . . .
> dunlaps last message repeated 2 times
>
> I have talented into a good location and a problem location at the same
> time and compared the syslog.conf files and they are the same. What else
> should I look for.  Even while I was logged in the message kept coming
> across my screen, this makes working with the box almost unusable.
>
> Thanks for the help in advance.
>
> --
>
> Carter B. Bennett
> Manager of Data Processing
> The Dunlap Company
> 200 Baily Ave.
> Fort Worth, TX 76107
>
> Voice (817) 347-0258
> Fax   (817) 877-1302
>
> e-mail cbbennett at dunlaps.com
>
>
>