[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20020521: ADDE logging question



>From: Gilbert Sebenste <address@hidden>
>Organization: NIU
>Keywords: 200205211521.g4LFLpa28817 McIDAS Linux ADDE

Gilbert,

>In my /var/log/secure file, I am getting tons of mcserv messages every few 
>minutes from someone who is using my server.

Two questions:

o what machine are we talking about (e.g., weather2)
o what amount of logging do you consider "tons"

>While I don't mind if they use it,

Hopefully, it is the case that you don't mind people accessing the ADDE
server.  Some time ago I asked you if you would allow weather2 to be
added to the list of cooperating community servers that are accessible
by ADDE, and you said that you were game.  Given this, I included
weather2 in the list of cooperating servers that goes out with my
McIDAS distribution.

>I don't want the messages to go into that log (or anywhere else).

Apparently, 'xinetd' is logging to /var/log/secure.

The ADDE transactions themselves are being logged into
~ldm/logs/SERVER.LOG.  I set this up so that there would be a record of
who was accessing your machine, and how much was accessed.  The
SERVER.LOG file should be setup to be rotated once per week (on
Saturday night) from a crontab entry for the user 'ldm':

#
# McIDAS ADDE Remote Server Logging
#
1 0 * * 6 bin/newlog logs/SERVER.LOG 3; chmod 666 logs/SERVER.LOG

This entry says to keep 3 of the SERVER.LOG files (SERVER.LOG, SERVER.LOG.1,
etc.).  Given this cron entry, it seems strange that there is only
one SERVER.LOG file on your system:

weather2-niu ldm-13> ls -alt SERVER.LOG
-rw-rw-rw-    1 ldm      users        8960 May 20 16:39 SERVER.LOG

The size of this log file shows that there is hardly any ADDE access to
weather2.  You can review the ADDE transactions from the 'mcidas' account
on weather2:

<login as 'mcidas'>
cd workdata
addeinfo.k
ADDEINFO: Start
ADDE Cumulative Totals: 2002138.193455 - 2002140.213906
IP                Bytes Sent  Client Name
-----------------+-----------+--------------------------------
63.211.243.16       4.51E+04  dialup-63.211.243.16.Dial1.Denver1.Level3.net
65.58.62.46         3.99E+04  dialup-65.58.62.46.Dial1.Denver1.Level3.net
128.117.140.56      1.27E+04  zero.unidata.ucar.edu
-----------------+-----------+--------------------------------
All                 9.76E+04      36
ADDEINFO: Done

This listing shows that the log file _was_ rotated on Saturday night
(the start time for logging was 2002138.193455 (CCYYJJJ.HHMMSS)).
All of the users of weather2 appear to be me: the Level3.net addresses
are dialup from my home machine, and the access from zero is me at
work.  All-in-all, the access to weather2 is very small (36 transactions
resulting in access of just 97 KB of data).

Is there a different machine at NIU that is getting heavy ADDE use?

>What do I do to stop this from happening?

You could change the xinetd logging for the ADDE server transactions.
You would do this by editing (as 'root') the files /etc/xinetd.d/mcserv
and /etc/xinetd.d/mccompress.

On weather2, the default logging is set in /etc/xinetd.conf:

#
# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/

defaults
{
        instances               = 60
        log_type                = SYSLOG authpriv
        log_on_success          = HOST PID
        log_on_failure          = HOST
        cps                     = 25 30
}

includedir /etc/xinetd.d


You can change the defaults for individual processes in the xinetd.d
configuration files.  While I have never tried this, it looks like
you could add log_type entries that specify /dev/null as a file.  What
I have in mind is something like:

current /etc/xinetd.d/mccompress file on weather2:

# Converted by inetdconvert
service mccompress
{
        socket_type             = stream
        protocol                = tcp
        wait                    = no
        port                    = 503
        user                    = mcadde
        server                  = /home/mcidas/bin/mcservsh
        server_args             = -H /home/mcidas 
        disable                 = no
}


change this to:

# Converted by inetdconvert
service mccompress
{
        socket_type             = stream
        protocol                = tcp
        wait                    = no
        port                    = 503
        user                    = mcadde
        server                  = /home/mcidas/bin/mcservsh
        server_args             = -H /home/mcidas 
        disable                 = no
        log_type                = FILE /dev/null
}

You would do this in both /etc/xinetd.d/mcserv and /etc/xinetd.d/mccompress.

Leaving the logging by ADDE (~ldm/logs/SERVER.LOG) will allow you to 
check on who is access your machine, and what they are accessing.  I
advise you to leave this in place.

Tom