Deluge of LEARNs in syslog

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Deluge of LEARNs in syslog

Postby dancebee » Tue Jun 17, 2003 9:05 pm

I'm running gentoo w/metalog (stable) + kernel 2.4.21 and trying to learn on proftpd creates about 100 MB / minute of syslog output, all similar to:

Jun 17 17:58:35 [kernel] grsec: LEARN:771:152738:0:0::21

It's not clear to me whether grsec expects the system logger to eliminate duplicates, to prevent the syslog file from growing out of control. Metalog doesn't appear to be doing this, at least with the default gentoo configuration.

Since the documentation seems to indicate that learning mode could take hours or days to finalize, I'm looking for some way to keep the learn process from flooding the log files.

Thanks,

James
dancebee
 
Posts: 3
Joined: Tue Jun 17, 2003 8:10 pm

Return to grsecurity support

cron