Am So, den 16.05.2004 schrieb Gilbert Sebenste um 17:07:
> Last week I downloaded the new httpd patch and up until this morning, it
> worked fine. I have 3 webervers all running the same setup. But this
> morning, at 4:03 AM local time, it stopped. A check of the httpd logs
> shows:
>
> [Sun May 16 04:03:33 2004] [notice] seg fault or similar nasty error
> detected in the parent process
That is shortly after the daily httpd restart each morning at about ~
04:02 AM.
Are there no more helpful log entries in /var/log/httpd/error_log.1 (.1
because on sunday morning it logrotates) or ssl_error_log[.1] or
ssl_request_log[.1]?
> OK, that's obviously not good. Well, what happened? Anything in any other
> logs that would indicate a problem? Well, syslog restarted at that time.
> Then, I get this automagically generated nastygram into my emailbox:
Check the other log files in /var/log/httpd/, especially the .1 files
which are the ones used just until the sunday logrotate.
> Subject: Cron <root@machine> run-parts /etc/cron.daily
>
> /etc/cron.daily/00webalizer:
>
> Error: Skipping oversized log record
Just a typical (normal)webalizer error message, if it finds in the
access_log entries which are caused by attackers who use overlong
pattern access to try out vulnerabilities. Often those are just methods
to attack vulnerable IIS hosts and not Apache(2). See the access_log.1
for that entries.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2188.nptl
Sirendipity 17:11:18 up 3 days, 14:56, load average: 0.12, 0.21, 0.15
[ ÎÎÏÎÎ Ï'ÎÏÏÎÎ - gnothi seauton ]
my life is a planetarium - and you are the stars
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
