The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

rootmail: Cannot open /var/log/sa/sa26: No such file or directory

Discussion in 'E-mail Discussions' started by NNNils, Aug 28, 2003.

  1. NNNils

    NNNils Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    580
    Likes Received:
    0
    Trophy Points:
    16
    What does this error mean, I get it about every 15 minutes:

    Cannot open /var/log/sa/sa26: No such file or directory


    Cannot open /var/log/sa/sa28: No such file or directory

    The number behind sa varies, but all files are there.

    cPanel.net Support Ticket Number:
     
  2. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    Perhaps spam assassin is attempting to write a log file? If so, make sure a directory exists with correct ownership/permissions to see what gets written there.

    cPanel.net Support Ticket Number:
     
  3. NNNils

    NNNils Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    580
    Likes Received:
    0
    Trophy Points:
    16
    The sa dir was gone, after recreation error dissappeared.

    cPanel.net Support Ticket Number:
     
  4. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Check to see if your other logs or directories are gone too. If so then you might want to check to see if you have been hacked.

    Its rare that a directory will blow away unless it was done by a disk check/cleanup like fsck. Often when a hacker gets into a system they will go and blow out /var/log to hide what they did.

    :eek:

    cPanel.net Support Ticket Number:
     
  5. NNNils

    NNNils Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    580
    Likes Received:
    0
    Trophy Points:
    16
    Compared to another server also are missing:

    cups
    httpd
    samba
    squid
    vbox

    cPanel.net Support Ticket Number:
     
  6. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    What about the normal log files themselves, like maillog, messages, etc ?.

    I run freebsd so I dont know if you would have the same naming conventions, but I would think there would be several dozen files in the main /var/log

    Also look in your /tmp for anything unusual. You should also check /root for anything updated in the past 24 hours
    and if you have console access run a "last" to see who was on recently.
     
  7. NNNils

    NNNils Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    580
    Likes Received:
    0
    Trophy Points:
    16
    Yes all the usual files like messages, maillog, security etc are there.

    cPanel.net Support Ticket Number:
     
  8. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    I would still be a bit concerned. See if any new users were added to the main passwd file in /etc, do a ps ax to see if anything weird is running.

    If you are running process accounting, run a :

    sa -a | more

    see if anything weird is listed. If you are not familiar with alot of the programs on your system they will all look weird, but chances are if a hacker ran alot of crap or left something running you might see it in "sa".

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page