Mike,
Thank you for the quick response regarding this. The processes that you
noticed appear to be spawned every second or so. The processes that are
actually logging these errors appear to be the actual terminals.
/sbin/agetty 38400 tty1 linux
/sbin/agetty 38400 tty2 linux
/sbin/agetty 38400 tty3 linux
/sbin/agetty 38400 tty4 linux
/sbin/agetty 38400 tty5 linux
/sbin/agetty 38400 tty6 linux
They are running rampant...
>From: Mike Branda <realraccoon@tampabay.rr.com>
>Reply-To: slug@nks.net
>To: slug@nks.net
>Subject: Re: [SLUG] wtmp Filling with connections
>Date: Sat, 07 May 2005 01:09:31 -0400
>
>On Fri, 2005-05-06 at 19:45 +0000, Chad Sine wrote:
> > Hello my fellow sluggers,
> >
> > I found the / partition had filled on one of my routers.
> >
> > Filesystem Size Used Avail Use% Mounted on
> > /dev/hda2 2.7G 2.7G 0K 100% /
> > none 31M 0 31M 0% /dev/shm
> >
> > The /var/log/wtmp file had grown to 1.6G. I deleted it, and touched a
>new
> > wtmp. The new one has grown to 1M in just under an hour. My log fills
>with
> > these entries from c{1-6}.
> >
> > Utmp dump of wtmp
> > [6] [01012] [c5 ] [LOGIN ] [tty5 ] [ ]
>[0.0.0.0
> > ] [Tue Apr 05 12:32:06 2005 EDT]
> > [8] [01002] [c6 ] [ ] [tty6 ] [2.4.22-gentoo-r7 ]
>[0.0.0.0
> > ] [Tue Apr 05 12:32:06 2005 EDT]
> > [5] [01014] [c6 ] [ ] [ ] [2.4.22-gentoo-r7 ]
>[0.0.0.0
> > ] [Tue Apr 05 12:32:06 2005 EDT]
> > [6] [01014] [c6 ] [LOGIN ] [tty6 ] [ ]
>[0.0.0.0
> > ] [Tue Apr 05 12:32:06 2005 EDT]
> > [8] [01004] [c1 ] [ ] [tty1 ] [2.4.22-gentoo-r7 ]
>[0.0.0.0
> > ] [Tue Apr 05 12:32:15 2005 EDT]
> > [8] [01006] [c2 ] [ ] [tty2 ] [2.4.22-gentoo-r7 ]
>[0.0.0.0
> > ] [Tue Apr 05 12:32:15 2005 EDT]
> > [8] [01008] [c3 ] [ ] [tty3 ] [2.4.22-gentoo-r7 ]
>[0.0.0.0
> > ] [Tue Apr 05 12:32:16 2005 EDT]
> > [8] [01010] [c4 ] [ ] [tty4 ] [2.4.22-gentoo-r7 ]
>[0.0.0.0
> > ] [Tue Apr 05 12:32:16 2005 EDT]
> > [8] [01012] [c5 ] [ ] [tty5 ] [2.4.22-gentoo-r7 ]
>[0.0.0.0
> > ] [Tue Apr 05 12:32:16 2005 EDT]
> > [8] [01014] [c6 ] [ ] [tty6 ] [2.4.22-gentoo-r7 ]
>[0.0.0.0
> > ] [Tue Apr 05 12:32:16 2005 EDT]
> >
> > Any Ideas?
> >
> > Chad Sine
> >
> >
>
>man wtmp shows a lot..... the second column of your dump shows the
>process ID.....have you done a ps to see what 1012 and 1014 (probably
>different by now) are??
>
>
>Mike Branda Jr.
>
>-----------------------------------------------------------------------
>This list is provided as an unmoderated internet service by Networked
>Knowledge Systems (NKS). Views and opinions expressed in messages
>posted are those of the author and do not necessarily reflect the
>official policy or position of NKS or any of its employees.
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:41:29 EDT