Re: SOLVED: Erk! Something is really wrong here!

To: miquels@cistron.nl (Miquel van Smoorenburg), debian-devel@lists.debian.org
Subject: Re: SOLVED: Erk! Something is *really* wrong here!
From: Karl Ferguson <karl@tower.net.au>
Date: Tue, 04 Mar 1997 10:36:50 +0800
Message-id: <[🔎] 3.0.1.32.19970304103650.006c6670@tower.net.au>
In-reply-to: <[🔎] 5feuce$p7d$1@holodeck.cistron.nl>
References: <Pine.LNX.3.95q.970226224245.1588A-100000@olorin.gate.net> <[🔎] 3.0.1.32.19970303182911.006c1b68@tower.net.au>

Hi yet again.

Well, here's some more information.

at 10:15 I got a junk entry (actually got 2) in the wtmp and
cross-referenced most logs and found something...

******                ****`**3         Tue Mar  4 10:05 - 10:14  (00:09)
******                ****\**3         Tue Mar  4 10:05 - 10:05  (00:00)

Mar  4 10:05:16 orion pppd[16100]: Hangup (SIGHUP)
	and
Mar  4 10:14:54 orion pppd[16089]: LCP terminated at peer's request
Mar  4 10:14:55 orion pppd[16089]: Modem hangup
Mar  4 10:14:55 orion pppd[16089]: Connection terminated.
Mar  4 10:14:55 orion pppd[16089]: Exit.

What's so strange about this you say?  Well, I've grepped "16100" with over
2 weeks worth of log files and the only thing I found was a POP checking
mail process from about a week ago.  I can however trace back 16089 to the
following log:

Mar  4 10:04:53 orion pppd[16089]: pppd 2.2.0 started by agibson, uid 1040
Mar  4 10:04:53 orion pppd[16089]: Using interface ppp0
Mar  4 10:04:53 orion pppd[16089]: Connect: ppp0 <--> /dev/ttyS3
Mar  4 10:04:53 orion pppd[16089]: local  IP address 203.22.233.3
Mar  4 10:04:53 orion pppd[16089]: remote IP address 203.15.138.203
Mar  4 10:04:56 orion pppd[16089]: CCP terminated at peer's request
Mar  4 10:04:56 orion pppd[16089]: Compression disabled by peer.

Which is, you guessed it - 9 minutes long (as the corrupted record says).
HOWEVER, if I do a 'last agibson' it shows this:

agibson  ttyS3                         Tue Mar  4 10:04 - 10:23  (00:18)

So it's showing that he logged out at 10:23 which is rubbish because his
process (16089) died (as I tracked above) at 10:14.

However, upon other corrupted wtmp enteries I cannot find anything like
this entry, and some I can't even find anything relivant at all.

It's nearly a PPP problem, but then again, it's not - it sounds liked a
general /bin/login problem....  WHAT COULD THIS BE?

Yours baffled,

--
  ___________________________________________________________________

   Karl Ferguson,
   Tower Networking Pty Ltd                     karl@tower.net.au
   t/a STAR Online Services                      karl@debian.org
   Tel: +61-9-455-3446  Fax: +61-9-455-2776   http://www.star.net.au
  ___________________________________________________________________

Reply to:

References:
- Re: SOLVED: Erk! Something is *really* wrong here!
  - From: Karl Ferguson <karl@tower.net.au>
- Re: SOLVED: Erk! Something is *really* wrong here!
  - From: miquels@cistron.nl (Miquel van Smoorenburg)

Prev by Date: Re: Upgrade procedure for tetex
Next by Date: Re: Upgrade procedure for tetex
Previous by thread: Re: SOLVED: Erk! Something is *really* wrong here!
Next by thread: libc5_5.4.20-1 and _ctype
Index(es):
- Date
- Thread

Re: SOLVED: Erk! Something is *really* wrong here!

Re: SOLVED: Erk! Something is really wrong here!