Something su-ing fron root to root a lot

From: Tarasyuk Nik (NTarasyuk@snowyhydro.com.au)
Date: Tue Apr 30 2002 - 03:33:03 EDT

• Next message: MMP Wolfgang Rupp: "AS 200 hardware problem"
• Previous message: vklima: "A powful tool"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Managers

/var on one our servers got filled up.

The culprit was sialog, which was full of "Successful authentication for su from root to root" messages.
We cleaned the log, it started to grow again fast.

We've done reboot, it did NOT help.

CPU's idle time is zero, top shows that no specific process takes CPU time, but
CPU system time is high.

iowait is exremely high, network utilization is low, disk utilization is high.

So, some process does hundreds of su's per second, and it's logged by sialogd.

How to find out which one?

We are running 4.0f kit 4 on ES40.

Thanks in advance.

Nik Tarasyuk
Software Engineer
Snowy Hydro
Australia

• Next message: MMP Wolfgang Rupp: "AS 200 hardware problem"
• Previous message: vklima: "A powful tool"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:39 EDT