Aha, there was a long burried issue on our apache server in a customlog setup which had never been an issues until xymon was turned on. There was no redirect, /bin/tee was opening everything listed after it including "|" and "/bin/logger" and appending to them the apache logs... it must be a monday... :)
Matt
And now a bit of polka music by "Ralph Mitchell"
If something was appending to the /usr/bin/logger binary, you might want to check your various scripts for code that does:
....... > /usr/bin/loggerinstead of:
..... | /usr/bin/loggerRalph Mitchell On Oct 8, 2012 12:50 PM, "Matt Goebel" <goebel at emunix.emich.edu> wrote:
Yes... /bin/logger is a binary...
I seem to have figured out the issue, fping was being run as root by xymon, so I did the following :
so I removed the sticky bit from user and group on /usr/local/sbin/fping
then I did the following and restarted xymon
add in : /etc/security/exec_attr Network Management:solaris:cmd:::/usr/local/sbin/fping:privs=net_icmpaccess
add in : /etc/user_attr xymon::::defaultpriv=basic,net_icmpaccess
Matt
-- Matthew Goebel : goebel at emunix.emich.edu : Unix Jockey @ EMU : Hail Eris Neo-Student, Net Lurker, Donut consumer, and procrastinating medher... "Always with the negative waves, Moriarty" - Oddball "Comfort the troubled, and trouble the comfortable." - Dietrich Bonhoeffer
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
--bcaec54fb0c030d40f04cb8f19b6 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
<p dir=3D"ltr">If something was appending to the /usr/bin/logger binary, yo= u might want to check your various scripts for code that does:</p> <p dir=3D"ltr">=A0=A0=A0=A0 ....... > /usr/bin/logger</p> <p dir=3D"ltr">instead of:</p> <p dir=3D"ltr">=A0=A0=A0=A0 ..... | /usr/bin/logger</p> <p dir=3D"ltr">Ralph Mitchell</p> <div class=3D"gmail_quote">On Oct 8, 2012 12:50 PM, "Matt Goebel"= <<a href=3D"mailto:goebel at emunix.emich.edu">goebel at emunix.emich.edu</a>= > wrote:<br type=3D"attribution"><blockquote class=3D"gmail_quote" style= =3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <br> Yes... /bin/logger is a binary...<br> <br> I seem to have figured out the issue, fping was being run as root by xymon,= <br> so I did the following :<br> <br> so I removed the sticky bit from user and group on /usr/local/sbin/fping<br=
<br> then I did the following and restarted xymon<br> <br> add in : /etc/security/exec_attr<br> Network Management:solaris:cmd:::/usr/local/sbin/fping:privs=3Dnet_icmpacce= ss<br> <br> add in : /etc/user_attr<br> xymon::::defaultpriv=3Dbasic,net_icmpaccess<br> <br> Matt<br> <br> --<br> Matthew Goebel : <a href=3D"mailto:goebel at emunix.emich.edu">goebel at emunix.e= mich.edu</a> : Unix Jockey @ EMU : Hail Eris<br> Neo-Student, Net Lurker, Donut consumer, and procrastinating medher...<br> =A0"Always with the negative waves, Moriarty" - Oddball<br> =A0"Comfort the troubled, and trouble the comfortable." - Dietric= h Bonhoeffer<br> _______________________________________________<br> Xymon mailing list<br> <a href=3D"mailto:Xymon at xymon.com">Xymon at xymon.com</a><br> <a href=3D"http://lists.xymon.com/mailman/listinfo/xymon" target=3D"_blank"=
http://lists.xymon.com/mailman/listinfo/xymon</a><br> </blockquote></div>
--bcaec54fb0c030d40f04cb8f19b6--
-- Matthew Goebel : goebel at emunix.emich.edu : Unix Jockey @ EMU : Hail Eris Neo-Student, Net Lurker, Donut consumer, and procrastinating medher... "Always with the negative waves, Moriarty" - Oddball "Comfort the troubled, and trouble the comfortable." - Dietrich Bonhoeffer