1

OK - long story short: I have OpenBSD box that was setup as a network appliance (long time ago) I have returned to life. Several errors I am working on and could use any help I can get.

Errors on screen: when logged in, console output on screen 

1) syslogd: /var/log/auth log: No such file or directory
2) syslogd: /var/log/daemon: No such file or directory
3) lokbox ntpdate[XXXXX]: the NTP socket is in use, exiting

Note: this is an old "AIRlok" by Lok Technologies - now rebranded as RGnets 300 series box. It has OpenBSD 3.9 on it presently (didn't have issue before 3.9 apparently from looking over logs - 3.9 was installed on this box many many years ago). I look through the log directory and neither authlog nor daemon directories or files exist. I then created the directories (did not change permissions though - might be the problem - it looks like the rest though - root and wheel owners with same permissions as all the other directories in the logs directory) and the error changed to syslogd: /var/log/daemon: Is a directory syslogd: /var/log/authlog: Is a directory

I looked at syslog.config posted below:

#   $OpenBSD: syslog.conf,v 1.13 2003/06/26 18:24:25 jmc Exp $
#

*.err;kern.debug;auth.notice;authpriv.none;mail.crit    /dev/console
*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages
kern.debug;user.info;syslog.info            /var/log/messages
auth.info                       /var/log/authlog
authpriv.debug                      /var/log/secure
cron.info                       /var/cron/log
daemon.info                     /var/log/daemon
ftp.info                        /var/log/xferlog
lpr.debug                       /var/log/lpd-errs
mail.info                       /var/log/maillog
#uucp.info                      /var/log/uucp

*.err                           root
*.notice;auth.debug                 root
*.alert                         root
*.emerg                         *

# Uncomment to log to a central host named "loghost".   You need to run
# syslogd with the -u option on the remote host if you are using this.
# (This is also required to log info from things like routers and
# ISDN-equipment).  If you run -u, you are vulnerable to syslog bombing,
# and should consider blocking external syslog packets
#*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none    @loghost
#kern.debug,user.info,syslog.info               @loghost
#auth.info,authpriv.debug,daemon.info               @loghost

# Uncomment to log messages from sudo(8) and chat(8) to their own
# respective log files.  Matches are done based on the program name
# Program-specific logs:
#!sudo
#*.*                            /var/log/sudo
#!chat
#*.*                            /var/log/chat

Any ideas on the logs I am missing or the errors? I feel like it's something simple I am just missing a file or something... not sure how they got deleted in the first place but this is the need now...

As for 3 - ntpupdate ntp socket in use - the machine is set to check every 3 seconds for ntp offset through a "proprietary" web interface (walled garden) setup on this box which basically setups the cron and updates the user lists and apache settings and other config files on the machine for various other services running... - the machine is reporting incorrect time at boot (the date and time I fixed in bios config - did not check if the battery is still good - probably not - but the machine is keeping time just fine now aside from the ntpupdate error.

Only thing I have had to do was reboot to single user and run fsck on each partition to fix some mess - it seems to be working fine otherwise (functionally there are some issues with the perl scripts on the "proprietary" side of things that configures ipconfig but thats for another post).

GoZippy
  • 511
  • 3
  • 5

3 Answers3

0

OpenBSD 3.9 was released over 10 years ago and is no longer supported. I highly recommend running a recent version that has fewer security issues.

Bink
  • 183
  • 5
0

authlog and daemon are files, not directories. They probably got deleted by a hacker (semi-joke)

They should be root:wheel & permissions set to 640, then restart syslogd.

pete
  • 693
  • 1
  • 7
  • 15
0

have you tried by reinstalling the package, like i have faced same issue in ubuntu 12.04, in which suddenly default logs are unavailable and i solved by installing syslog again.