<div dir="ltr">Raj, <div><br></div><div>Do you have lsof installed, you got a lot of great answer for the guys, but if you aren't sure what writing a file, you have your good friend lsof to the recuse. This is good to know incase you have find a process or a service you do not know. </div><div><br></div><div>Since you where wonder what wrote file log, the first thing to do see what process might be writing the file. </div><div><br></div><div>lsof | grep <span class="Apple-style-span" style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"> /var/log/faillog </span></div><div><span class="Apple-style-span" style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span class="Apple-style-span" style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px">I am going to use the example with my firewall called tengu </span></div><div><span class="Apple-style-span" style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span class="Apple-style-span" style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px">lsof grep | grep tengu </span></div><div><span class="Apple-style-span" style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span class="Apple-style-span" style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"><div>mysqld 2966 23380 mysql 71u REG 8,6 151472 2364586 /var/lib/mysql/tengu/ips.MYD</div><div>mysqld 2966 23380 mysql 72u REG 8,6 1024 2364588 /var/lib/mysql/tengu/whitelist.MYI</div><div>mysqld 2966 23380 mysql 73u REG 8,6 0 2364589 /var/lib/mysql/tengu/whitelist.MYD</div><div>sh 11792 root 10r REG 8,6 20964 7480015 /usr/local/bin/tengu</div><div>sh 11802 root 10r REG 8,6 20964 7480015 /usr/local/bin/tengu</div><div>sh 21553 root 10r REG 8,6 20964 7480015 /usr/local/bin/tengu</div><div>sh 21564 root 10r REG 8,6 20964 7480015 /usr/local/bin/tengu</div><div><br></div><div>A break down of lsof </div><div><br></div><div>1st column is the process running</div><div>2nd column is the pid</div><div>3rd column is the user </div><div>4th is FD</div><div>5th is Type</div><div>6th is Device where the server is running</div><div>7th is size/off </div><div>8th Node </div><div>9th name of the files it is suing,</div><div><br></div><div>So I found an active pid, and I use lsof to show me what files and process are in </div><div><br></div><div><div>lsof -p 12197</div><div>COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME</div><div>sh 12197 root cwd DIR 8,6 4096 7471772 /usr/local/bin</div><div>sh 12197 root rtd DIR 8,6 4096 2 /</div><div>sh 12197 root txt REG 8,6 106920 9699332 /bin/dash</div><div>sh 12197 root mem REG 8,6 1599536 6685394 /lib/x86_64-linux-gnu/<a href="http://libc-2.13.so">libc-2.13.so</a></div><div>sh 12197 root mem REG 8,6 136936 6685389 /lib/x86_64-linux-gnu/<a href="http://ld-2.13.so">ld-2.13.so</a></div><div>sh 12197 root 0u CHR 4,2 0t0 1043 /dev/tty2</div><div>sh 12197 root 1u CHR 4,2 0t0 1043 /dev/tty2</div><div>sh 12197 root 2u CHR 4,2 0t0 1043 /dev/tty2</div><div>sh 12197 root 10r REG 8,6 20964 7480015 /usr/local/bin/tengu</div></div><div><br></div><div><br></div><div>Again, lsof is great to see what might be writing and where the program that is wring the log is. I know it a bit munch but if Google letting you down, and you want to make sure it not some script kiddies script running on a server, lsof is your sherlock to find what doing what. </div></span></div><div><span class="Apple-style-span" style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span class="Apple-style-span" style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"><br></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 22, 2014 at 11:22 AM, Paul Cartwright <span dir="ltr"><<a href="mailto:pbcartwright@gmail.com" target="_blank">pbcartwright@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">An HTML attachment was scrubbed...<br>
</span>URL: <<a href="http://mail.ale.org/pipermail/ale/attachments/20140922/c08d072e/attachment.html" target="_blank">http://mail.ale.org/pipermail/ale/attachments/20140922/c08d072e/attachment.html</a>><br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Terror PUP a.k.a<br>Chuck "PUP" Payne<br> <br>(678) 636-9678<br>-----------------------------------------<br>Discover it! Enjoy it! Share it! openSUSE Linux.<br>-----------------------------------------<br>openSUSE -- Terrorpup<br>openSUSE Ambassador/openSUSE Member<br>skype,twiiter,identica,friendfeed -- terrorpup<br>freenode(irc) --terrorpup/lupinstein<br>Register Linux Userid: 155363<br> <br>Have you tried SUSE Studio? Need to create a Live CD, an app you want to package and distribute , or create your own linux distro. Give SUSE Studio a try.<br><br></div>
</div>