My firewall is an elderly Compaq Prolinea 4/33s, with the original 340MB hard drive. Therefore I don't have a lot of extra disk space, although a base Debian install leaves me with enough room to play with. Over time this little machine has been going strong - until a few weeks ago, when all of a sudden I was running out of disk space. Running du showed me that /var/log was massive, specifically wtmp. Running last only showed logins that I knew about, and lastb didn't show any results at all (in fact /var/log/lastb consistently stayed at 0 bytes). I scanned through kern.log, messages, and syslog to no avail - no attack signatures that I could see, although I was convinced that someone/something was attacking my firewall. I even set up a cronjob to mail me the file size of wtmp - every half hour I got a report, showing the file growing constantly. I started a new wtmp, and within 24 hours it was at 1.2MB! At this point I was getting worried, and started an inspection of every other machine on my LAN, looking for signs of intrusion. But nothing ever showed up. Finally, I was about ready to start from scratch on the firewall with a completely new installation to ensure that nothing was amiss. Taking a final look at /var/log I noticed what I had been missing the entire time (Insert slap on forehead here): auth.log. The whole file was filled up with these entries: May 12 07:03:01 FW getty[4167]: tty1: input overrun May 12 07:04:18 FW getty[4168]: tty1: input overrun May 12 07:05:34 FW getty[4169]: tty1: input overrun Sure enough, climbing up to the top of the gorilla rack that the firewall lives on, the power cord from a test monitor was pushing down on the keyboard. Sigh... Cheers, James ------------------------------------ This is the Juneau-LUG mailing list. To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the word unsubscribe in the subject header.