Deluge of LEARNs in syslog
Posted: Tue Jun 17, 2003 9:05 pmI'm running gentoo w/metalog (stable) + kernel 2.4.21 and trying to learn on proftpd creates about 100 MB / minute of syslog output, all similar to:
Jun 17 17:58:35 [kernel] grsec: LEARN:771:152738:0:0::21
It's not clear to me whether grsec expects the system logger to eliminate duplicates, to prevent the syslog file from growing out of control. Metalog doesn't appear to be doing this, at least with the default gentoo configuration.
Since the documentation seems to indicate that learning mode could take hours or days to finalize, I'm looking for some way to keep the learn process from flooding the log files.
Thanks,
James
Jun 17 17:58:35 [kernel] grsec: LEARN:771:152738:0:0::21
It's not clear to me whether grsec expects the system logger to eliminate duplicates, to prevent the syslog file from growing out of control. Metalog doesn't appear to be doing this, at least with the default gentoo configuration.
Since the documentation seems to indicate that learning mode could take hours or days to finalize, I'm looking for some way to keep the learn process from flooding the log files.
Thanks,
James