HPE Community
Operating System - HP-UX
1752600 Members
4887 Online
108788 Solutions
New Discussion юеВ

syslog is filling too fast with socks info

 
SOLVED
Go to solution
Redhat
Trusted Contributor

тАО07-12-2008 08:13 AM

тАО07-12-2008 08:13 AM

syslog is filling too fast with socks info

Hi,

Need your valuable info to stop the attached message appearing in syslog causing syslog to grow too fast.

The server is a socks server having HPUX 11.00

currently I have stoped the message flashing by changing syslog.conf file to log error and above from info and above

But info loging is very important it being a socks server.

Your valuable suggention will be appreciated with points.
0 Kudos
Reply
9 REPLIES 9
Redhat
Trusted Contributor

тАО07-12-2008 08:19 AM

тАО07-12-2008 08:19 AM

Re: syslog is filling too fast with socks info

seems the zip is not opening..I am putting part of syslog messages..
==Jul 12 23:50:25 ABCD Socks5[7696]: Flow Recv: Reading from server socket
Jul 12 23:50:27 ABCD above message repeats 3 times
Jul 12 23:50:27 ABCD Socks5[7692]: Flow Recv: Reading from server socket
Jul 12 23:50:25 ABCD Socks5[7696]: Flow Recv: Read 13 bytes from server socket
Jul 12 23:50:27 ABCD above message repeats 3 times
Jul 12 23:50:27 ABCD Socks5[7692]: Flow Recv: Read 52 bytes from server socket
Jul 12 23:50:25 ABCD Socks5[7696]: Flow Send: Writing 13 bytes to client socket
Jul 12 23:50:27 ABCD above message repeats 3 times
Jul 12 23:50:27 ABCD Socks5[7692]: Flow Send: Writing 52 bytes to client socket
Jul 12 23:50:25 ABCD Socks5[7696]: Flow Send: Wrote 13 bytes to client
Jul 12 23:50:27 ABCD above message repeats 3 times
Jul 12 23:50:27 ABCD Socks5[7692]: Flow Send: Wrote 52 bytes to client
Jul 12 23:50:27 ABCD Socks5[7692]: Flow Recv: Read 68 bytes from server socket
Jul 12 23:50:27 ABCD Socks5[7692]: Flow Send: Writing 68 bytes to client socket
Jul 12 23:50:27 ABCD Socks5[7692]: Flow Send: Wrote 68 bytes to client
Jul 12 23:50:27 ABCD Socks5[7692]: Flow Recv: Read 104 bytes from server socket
Jul 12 23:50:27 ABCD Socks5[7692]: Flow Send: Writing 104 bytes to client socket
Jul 12 23:50:27 ABCD Socks5[7692]: Flow Send: Wrote 104 bytes to client
Jul 12 23:50:27 ABCD Socks5[7692]: Flow Recv: Read 84 bytes from server socket
Jul 12 23:50:27 ABCD Socks5[7692]: Flow Send: Writing 84 bytes to client socket
Jul 12 23:50:27 ABCD Socks5[7692]: Flow Send: Wrote 84 bytes to client
Jul 12 23:50:27 ABCD Socks5[7692]: Flow Recv: Reading from server socket
==
0 Kudos
Reply
Jeeshan
Honored Contributor

тАО07-12-2008 08:44 AM

тАО07-12-2008 08:44 AM

Re: syslog is filling too fast with socks info

Hi

This is because of socks 5 firewall. check the socks settings
a warrior never quits
Reply
Dennis Handly
Acclaimed Contributor

тАО07-12-2008 06:01 PM

тАО07-12-2008 06:01 PM

Re: syslog is filling too fast with socks info

>But info logging is very important it being a socks server.

As Ahsan said, you need to check to see if you can adjust the logging levels. These messages about "Flow" counts are useless. If there are no obvious packaged logging levels, you may have to experiment to see which ones are useful and which take up too much room.
Reply
Bill Hassell
Honored Contributor

тАО07-12-2008 07:49 PM

тАО07-12-2008 07:49 PM

Solution

Re: syslog is filling too fast with socks info

You need to read the documentation. There should be a configuration file that includes options for logging. It appears that Socks5 has been set to a debugging level which produces a huge amount of data, mostly useless for security. Just in case your syslog.conf file has been mis-configured, check that only mail has been set to the debug level.

And if perhaps the Socks5 code has no configuration options for logging, there may be a unique facility name you can filter in syslog.conf. If the documentation fails to state this, restart syslogd with the -v option: syslogd -v

This will add a priority and facility code to every message in syslog (which is always a good idea -- it's only 3 extra bytes). Then decode the 2 characters in the man page: man 3c syslog. Look for "facility and level" If perhaps Socks5 uses local6, you can change local6 to a separate file and adjust the priority level to reduce the noise in the log.


Bill Hassell, sysadmin
Reply
Redhat
Trusted Contributor

тАО07-12-2008 08:46 PM

тАО07-12-2008 08:46 PM

Re: syslog is filling too fast with socks info

Thanks guys . After I disbale socks debugging option which was running through inetd, the logging disapprear.

anybody is having good socks5 troubleshooting and manual will also be given points.
0 Kudos
Reply
Jeeshan
Honored Contributor

тАО07-12-2008 09:11 PM

тАО07-12-2008 09:11 PM

Re: syslog is filling too fast with socks info

you can check here

http://www.docs.hp.com/en/internet.html#Internet%20Express
a warrior never quits
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО07-13-2008 04:51 AM

тАО07-13-2008 04:51 AM

Re: syslog is filling too fast with socks info

Is this a commercial package that you purchased or did you download it from HP or the software porting centre? For the commercial version, contact the vendor for documentation. For the downloaded versions, there will be man pages and doc files that wewre part of the installation package. Search through the package for the directory location of the README and documenatation.


Bill Hassell, sysadmin
0 Kudos
Reply
vijay alur
Advisor

тАО07-16-2008 12:56 PM

тАО07-16-2008 12:56 PM

Re: syslog is filling too fast with socks info

Hey Guys,

what is dis socks server????


is it da name of application running on da server. or is it some server name????
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО07-16-2008 10:28 PM

тАО07-16-2008 10:28 PM

Re: syslog is filling too fast with socks info

>vijay: what is this socks server????

I assume it means socks as in:
http://compnetworking.about.com/od/networkprotocols/g/bldef_socks.htm
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.