Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Perl's LWP interferes with system logging UNIX
I was having an odd problem where nothing was being written to my system logs. /var -> log -> system.log was zero-length every day, and then every night it would be compressed (resulting in a 33-byte .gz file!) and a new zero-length system.log would be created, and nothing would be written to that all day either. I immediately suspected hackers -- one of the easiest ways that hackers cover their tracks is to mess with the system logs to hide what they've been doing.

So I asked on Usenet, and Heath Raftery explained to me what the problem was. I've been using Perl on this Mac, and I installed LWP a while ago, and I hadn't realized that it overwrote my 'head' executable just as described in this hint. It turns out that having 'head' replaced with the wrong file will foul up the nightly log rotation and prevent anything from being written to the system.log.

The easiest way to tell if you have the wrong head installed is to type file /usr/bin/head. If it says Mach-O executable ppc, then you have the correct 'head'. If it says perl commands text, then your 'head' was overwritten by LWP.

hmelton's 'head restoration' tip explains how to fix your 'head' by recompiling the correct one from the Darwin source code. If you have another Mac that you haven't installed LWP on, you can just copy 'head' from it, as long as you make sure the permissions and ownership are set correctly.

I fixed my 'head', and now my system log is being written to correctly after being rotated. There are probably lots of jokes one can come up with about this, but I'll leave that to the comments...

[Editor's note: Be nice, people! :-)]

    •    
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)
 
[4,040 views]  

Perl's LWP interferes with system logging | 3 comments | Create New Account
Click here to return to the 'Perl's LWP interferes with system logging' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Ha Ha
Authored by: matthewshull on Nov 12, '02 10:42:26AM

Another wonderful bit of UNIX humor has made its way to the Mac-world. FUNNY!



[ Reply to This | # ]
Another way to get head
Authored by: BraindeadMac on Nov 12, '02 11:22:24AM
You can also give yourself head by just copying it from your Mac OS X Installation disk 1, where it is hidden in /usr/bin/head, i.e.,

sudo cp /Volumes/Mac\ OS\ X\ Install\ Disc\ 1/usr/bin/head /usr/bin/head Whatever you do, just don't let anybody see you.

[ Reply to This | # ]

The reason...
Authored by: sharumpe on Nov 12, '02 11:34:00AM

...is that Mac OS X's unix case-preserving, but not case-sensitive. So, when LWP's installer installs '/usr/bin/HEAD' (you'll notice there is also GET and POST), it overwrites /usr/bin/head. Annoying, as there are good uses for both.

Mr. Sharumpe



[ Reply to This | # ]