strange syslogd

[demz]

Hi,

I was wondering...
I have an strange second pid:

apache 5227 0.0 0.0 13792 996 ? Sl 11:48 0:00 ./syslogd -fusr

Any one have an idea what it could be?

Or does someone have an memdump tool or an tool to trace the pid to the binary for further investigation?

Thanks!

 

[nobaloney]

Try to locate all instances of syslogd.

It appears that someone is running a file called syslogd from the web.

If it's the real syslog daemon, the -f means alternative config file, so if this is a real syslog daemon running you should also have a configuration file called usr.

Perhaps you've been hacked?

Jeff