Hey all, I apologize for my noobish with Linux, but I was wondering if there is a site that I can find that will teach me how to read Logwatchs I have been searching for one and cannot seem to find one with some basic explanations of what each thing is telling me.
Thank you in advance for your help!

What do yo want to know ?
The configuration of logwatch, or the output from the logfiles ?

the output, I am just learning all this and kinda lucked into a job where the guy just had a couple days to train me, so now its all on my own study to try and figure everything out

Just look at the output, and if you don't understand, ask

sshd:
Authentication Failures:
root (58.180.42.111): 36 Time(s)
unknown (58.180.42.111): 8 Time(s)
Invalid Users:
Unknown Account: 8 Time(s)

su:
Sessions Opened:
(uid=0) -> postgres: 288 Time(s)
(uid=0) -> beedigit: 26 Time(s)
(uid=0) -> harrdun: 16 Time(s)
(uid=0) -> axnt: 8 Time(s)
(uid=0) -> loganutahapartments: 8 Time(s)
(uid=0) -> reesefarms: 8 Time(s)
(uid=0) -> rivermillcabinets: 8 Time(s)
(uid=0) -> tadspad: 8 Time(s)


---------------------- pam_unix End -------------------------


--------------------- postfix Begin ------------------------



25652 bytes transferred
5 messages sent
5 messages removed from queue

Connections lost:
Connection lost while CONNECT : 2 Time(s)
Connection lost while EHLO : 1 Time(s)


**Unmatched Entries**

NOQUEUE: reject: RCPT from radarstair.com[207.29.228.248]: 554 5.7.1 <renaegle@cv-w.com>: Relay access denied; from=<Casey@radarstair.com> to=<renaegle@cv-w.com> proto=SMTP helo=<radarstair.com>
NOQUEUE: reject: RCPT from unknown[74.50.100.10]: 550 5.1.1 <rrfarms4@reesefarms.com>: Recipient address rejected: User unknown in virtual alias table; from=<access.warrantyv@towerhob.com> to=<rrfarms4@reesefarms.com> proto=SMTP helo=<mx1.towerhob.com>

---------------------- postfix End -------------------------


--------------------- SSHD Begin ------------------------


Failed logins from:
58.180.42.111: 36 times

Illegal users from:
58.180.42.111: 8 times

Users logging in through sshd:
root:
x.x.x.x: 1 time


Received disconnect:
11: Bye Bye : 44 Time(s)

**Unmatched Entries**
pam_succeed_if(sshd:auth): error retrieving information about user oracle : 8 time(s)

---------------------- SSHD End -------------------------


-----------------------------------------------------------------------------------
Okay there is most of what i don't understand, I understand someone is pinging the address, and from what i understand illegal doesn't mean they got in, so what exactly does that one mean? sorry I know its long but any help would be appreciated, thank you for your time by the way

Sorry there is also this stuff

--------------------- pam_unix Begin ------------------------

gnome-screensaver:
Unknown Entries:
auth could not identify password for [smitnich]: 1 Time(s)

proftpd:
Unknown Entries:
authentication failure; logname= uid=0 euid=0 tty=/dev/ftpd24432 ruser=adm rhost=::ffff:82.114.78.98 user=adm: 3 Time(s)
authentication failure; logname= uid=0 euid=0 tty=/dev/ftpd24557 ruser=bin rhost=::ffff:82.114.78.98 user=bin: 3 Time(s)

smtp:
Unknown Entries:
authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= : 4 Time(s)
check pass; user unknown: 4 Time(s)

--------------------------------------
--------------------- sasl auth daemon Begin ------------------------



**Unmatched Entries**

pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_succeed_if(smtp:auth): error retrieving information about user test
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_succeed_if(smtp:auth): error retrieving information about user admin
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_succeed_if(smtp:auth): error retrieving information about user info
pam_unix(smtp:auth): check pass; user unknown
pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
pam_succeed_if(smtp:auth): error retrieving information about user sales

---------------------- sasl auth daemon End -------------------------



Again ty

Someone tries to login via ssh, but the username and/or password is incorrect
This happens often if you have ssh running.
You can use fail2ban or iptables to block the IP after X tries

Here someone is trying to use your SMTP to sent spam
But it is denied, which is good.

I hope this was you logging in.
I would suggest to disable root logins via SSH, log in as user, and then su to become root.

Ah! that makes sense, thank you so much for the quick responses too, I will try that fail2ban and see if I cant manage to make it work right lol.
and ya that was me, that is how I was taught how to login, but I will do it the other way now, as Id rather be more safe and not screw anything up over here

These are all attempts to login via SSH or FTP on your server.

It is important to have good passwords, and to change them on a regular base.
I would suggest to install fail2ban to block these IP's after 3 failed logins.

If you run services to the outside, you will continue having these attempts, but you can limit them.
Make sure you have a good firewall, and make sure the services are configured properly.

Are all these services needed?

I don't know which distribution you are using, but perhaps you can look at some sites to secure your server.

A good start would be
http://www.linuxsecurity.com/

you should disable root login via ssh
http://www.howtogeek.com/howto/linux...ogin-on-linux/