Jason Bradley Nance wrote:
No, logging box -- everything as far as syslog and messages is default. SELINUX not enabled. Perms are correct on the file(s). Can't seem to find anything that would be causing writes to fail, but don't know for sure if anything has written yet either. I'll give a hup to named and see what happens.
Have you check the signature on the binaries to make sure someone hasn't replaced your syslog with a cracked one?
BTW, if you are running the chroot'd named most of it's stuff get's written to /var/named/chroot/log/*, not syslog.
AFIK, the machine has not been compromised. It's pretty well sealed off with the exception of myself and 2 other very trusted users. Not exposed even on port 80. Named is really only caching, and I do know from past kills, it does write to /var/log/messages. I'm very tempted to boot again and see if something shows up somewhere else, but one of my main jobs just started up and I hate to kill it off due to time constraints.