LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Closed Thread
  Search this Thread
Old 01-31-2016, 12:09 AM   #1
ameran
LQ Newbie
 
Registered: Jan 2016
Posts: 3

Rep: Reputation: Disabled
Hello LQ and I hope you can help me to understand this log.


Hi,
I am a newbie and practically know nothing about linux. I am here because I have a VPS and I always get logs, which I really don't understand. I hope that you guys would help me out.

I just received this and I have no idea what it means. I really appreciate it if you could help me out.

################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Sun Jan 31 03:31:06 2016
Date Range Processed: yesterday
( 2016-Jan-30 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: server.mydomain.com
##################################################################

--------------------- Dovecot Begin ------------------------

Dovecot disconnects:
Inactivity: 5 Time(s)
Logged out in=11, out=434,: 286 Time(s)
Logged out in=1363, out=121959,: 1 Time(s)
Logged out in=3429, out=1768,: 1 Time(s)
Logged out in=36625, out=1735,: 1 Time(s)
Logged out in=401, out=3457,: 1 Time(s)
Logged out in=401, out=3490,: 4 Time(s)
Logged out in=401, out=3507,: 1 Time(s)
Logged out in=401, out=3556,: 2 Time(s)
Logged out in=401, out=3573,: 1 Time(s)
Logged out in=401, out=3616,: 9 Time(s)
Logged out in=54488, out=1801,: 1 Time(s)
Logged out in=71932, out=4301,: 1 Time(s)
Logged out in=88680, out=9104,: 1 Time(s)
auth failed, 1 attempts in 2 secs: 1 Time(s)
no auth attempts in 0 secs: 5 Time(s)
no auth attempts in 1 secs: 1 Time(s)

**Unmatched Entries**
dovecot: auth: Error: Cpanel::MailAuth: Brute force checking was skipped because cphulkd failed to process “info@mydomain.com” from “IP '216.23.8.2'” for the “pop3” service.: 1 Time(s)

---------------------- Dovecot End -------------------------


--------------------- iptables firewall Begin ------------------------


Listed by source hosts:
Logged 729 packets on interface eth0
From 1.55.16.250 - 3 packets to udp(53413)
From 1.172.210.215 - 3 packets to udp(53413)
From 5.39.222.253 - 1 packet to tcp(3306)
From 5.79.69.72 - 2 packets to udp(5060)
From 5.189.167.114 - 2 packets to udp(5060)
From 14.34.243.156 - 3 packets to tcp(23)
From 14.49.164.243 - 3 packets to tcp(23)
From 14.50.114.109 - 3 packets to udp(53413)
From 14.177.153.76 - 3 packets to udp(53413)
From 14.198.114.249 - 3 packets to tcp(23)
From 23.31.139.127 - 4 packets to tcp(23)
From 23.239.64.15 - 1 packet to udp(19)
From 23.239.65.210 - 2 packets to udp(5060)
From 24.1.244.41 - 3 packets to tcp(23)
From 27.34.84.42 - 3 packets to tcp(23)
From 31.145.83.5 - 3 packets to udp(53413)
From 37.34.82.6 - 2 packets to udp(53413)
From 41.59.32.212 - 4 packets to tcp(23)
From 41.214.166.194 - 3 packets to tcp(23)
From 42.200.37.18 - 2 packets to tcp(1433)
From 45.34.1.201 - 4 packets to tcp(3306)
From 45.79.143.81 - 2 packets to tcp(5432,5985)
From 45.121.210.90 - 2 packets to udp(123)
From 46.37.72.102 - 2 packets to tcp(23)
From 46.55.152.56 - 3 packets to udp(53413)
From 46.62.245.178 - 3 packets to tcp(23)
From 46.148.22.26 - 2 packets to tcp(22)
From 46.228.207.18 - 2 packets to tcp(5900)
From 47.21.4.134 - 2 packets to udp(53413)
From 51.255.25.159 - 2 packets to udp(5060)
From 58.140.208.17 - 3 packets to tcp(23)
From 58.140.210.84 - 3 packets to tcp(23)
From 58.140.210.254 - 3 packets to tcp(23)
From 58.140.211.85 - 3 packets to tcp(23)
From 58.140.211.193 - 3 packets to tcp(23)
From 58.140.211.214 - 3 packets to tcp(23)
From 58.176.97.205 - 3 packets to tcp(23)
From 58.239.164.234 - 3 packets to udp(53413)
From 59.22.81.128 - 3 packets to tcp(23)
From 59.148.126.76 - 3 packets to udp(53413)
From 60.249.197.221 - 3 packets to udp(53413)
From 61.238.87.49 - 3 packets to tcp(23)
From 61.244.86.56 - 2 packets to udp(53413)
From 62.98.117.24 - 3 packets to tcp(23)
From 63.141.238.58 - 6 packets to udp(5060)
From 64.251.30.100 - 2 packets to tcp(7778)
From 65.34.34.95 - 3 packets to tcp(23)
From 66.240.192.138 - 5 packets to udp(2222,5353) tcp(3749,13579,21025)
From 66.240.219.146 - 2 packets to tcp(7657,8060)
From 66.240.236.119 - 4 packets to tcp(2181,8333,8443,9200)
From 67.23.71.125 - 3 packets to tcp(23)
From 69.90.140.226 - 2 packets to tcp(7778)
From 71.6.135.131 - 2 packets to udp(2123) tcp(27015)
From 71.6.165.200 - 3 packets to tcp(3790,7547,9051)
From 71.6.167.142 - 3 packets to tcp(2222,8889,55554)
From 71.41.82.139 - 2 packets to tcp(3389)
From 74.82.47.9 - 1 packet to udp(19)
From 74.82.47.23 - 1 packet to tcp(6379)
From 74.82.47.33 - 1 packet to udp(17)
From 74.82.47.34 - 1 packet to tcp(9200)
From 74.82.47.40 - 1 packet to tcp(11211)
From 74.82.47.57 - 1 packet to udp(19)
From 74.82.47.61 - 1 packet to udp(17)
From 74.94.157.212 - 3 packets to tcp(23)
From 78.181.151.75 - 3 packets to tcp(23)
From 78.188.23.62 - 3 packets to udp(53413)
From 78.188.166.46 - 3 packets to udp(53413)
From 80.82.70.24 - 14 packets to tcp(3128,3129,8000,8088,8090,8123,9064,21320)
From 80.82.70.198 - 4 packets to tcp(4840,49320)
From 80.82.78.8 - 2 packets to tcp(3389)
From 80.82.79.104 - 4 packets to tcp(1080,8080)
From 80.229.207.62 - 6 packets to tcp(23)
From 81.214.66.103 - 3 packets to udp(53413)
From 82.221.105.7 - 1 packet to tcp(1177)
From 84.88.32.67 - 1 packet to tcp(8443)
From 85.25.196.60 - 2 packets to udp(5060)
From 85.90.245.5 - 2 packets to tcp(5632,9944)
From 85.96.197.49 - 3 packets to udp(53413)
From 85.97.108.16 - 4 packets to tcp(23)
From 85.105.22.74 - 3 packets to udp(53413)
From 88.247.11.254 - 4 packets to tcp(23)
From 88.247.46.85 - 3 packets to udp(53413)
From 88.247.144.24 - 3 packets to udp(53413)
From 88.248.173.35 - 3 packets to udp(53413)
From 88.250.184.152 - 3 packets to udp(53413)
From 89.32.137.120 - 3 packets to tcp(23)
From 91.121.39.149 - 1 packet to udp(11458)
From 92.27.201.38 - 2 packets to udp(53413)
From 93.171.205.11 - 5 packets to tcp(1000,1081,7777,8080,10000)
From 93.174.93.17 - 2 packets to tcp(3389)
From 93.174.93.130 - 2 packets to tcp(3389)
From 93.174.93.181 - 2 packets to tcp(5900)
From 93.174.93.225 - 2 packets to tcp(5900)
From 95.9.167.25 - 3 packets to udp(53413)
From 95.170.18.229 - 1 packet to udp(53413)
From 96.7.49.67 - 1 packet to udp(40740)
From 96.46.10.230 - 2 packets to tcp(3306)
From 98.81.72.249 - 3 packets to tcp(23)
From 101.109.151.177 - 3 packets to tcp(23)
From 101.162.37.184 - 2 packets to tcp(23)
From 103.224.167.155 - 4 packets to tcp(23)
From 104.217.216.134 - 2 packets to tcp(3306)
From 105.105.49.148 - 3 packets to udp(53413)
From 106.141.76.88 - 3 packets to tcp(23)
From 107.3.185.6 - 3 packets to tcp(23)
From 108.59.4.195 - 2 packets to udp(5060)
From 110.47.196.53 - 3 packets to tcp(23)
From 110.54.7.76 - 3 packets to udp(53413)
From 111.243.32.149 - 3 packets to tcp(23)
From 113.170.57.162 - 4 packets to tcp(23)
From 113.173.191.23 - 3 packets to tcp(23)
From 113.190.125.103 - 4 packets to tcp(23)
From 114.33.197.251 - 3 packets to udp(53413)
From 114.33.250.82 - 3 packets to tcp(23)
From 114.204.197.228 - 3 packets to udp(53413)
From 115.165.198.132 - 3 packets to udp(53413)
From 118.38.99.55 - 3 packets to tcp(23)
From 118.39.73.224 - 3 packets to tcp(23)
From 118.105.104.15 - 1 packet to udp(33850)
From 118.173.138.45 - 3 packets to tcp(23)
From 119.42.114.243 - 3 packets to udp(53413)
From 119.236.240.12 - 3 packets to udp(53413)
From 121.135.19.23 - 3 packets to tcp(23)
From 121.146.165.96 - 2 packets to udp(53413)
From 122.50.43.163 - 7 packets to udp(33850)
From 124.120.172.174 - 3 packets to tcp(23)
From 125.24.56.56 - 1 packet to tcp(23)
From 139.162.142.121 - 1 packet to tcp(9944)
From 141.212.122.86 - 1 packet to tcp(20000)
From 141.212.122.93 - 1 packet to tcp(20000)
From 141.212.122.119 - 1 packet to tcp(502)
From 141.212.122.120 - 1 packet to tcp(502)
From 141.212.122.133 - 1 packet to udp(47808)
From 141.212.122.134 - 1 packet to udp(47808)
From 141.212.122.140 - 1 packet to udp(47808)
From 141.212.122.141 - 1 packet to udp(47808)
From 149.202.61.97 - 2 packets to udp(5060)
From 151.0.20.43 - 5 packets to tcp(23)
From 151.236.221.126 - 1 packet to tcp(5632)
From 152.204.9.123 - 3 packets to tcp(23)
From 152.204.24.213 - 3 packets to tcp(23)
From 155.94.64.106 - 2 packets to udp(5060)
From 155.94.224.214 - 2 packets to tcp(3306)
From 158.69.123.26 - 1 packet to udp(5072)
From 162.248.100.195 - 1 packet to udp(123)
From 168.62.238.153 - 2 packets to tcp(6661,6667)
From 171.96.196.254 - 3 packets to tcp(23)
From 173.208.176.26 - 2 packets to udp(5060)
From 174.143.241.87 - 2 packets to tcp(23)
From 175.203.140.112 - 3 packets to tcp(23)
From 176.219.179.72 - 3 packets to udp(53413)
From 177.36.248.37 - 4 packets to tcp(23)
From 179.43.141.234 - 2 packets to udp(19)
From 179.43.144.21 - 2 packets to udp(161)
From 179.215.172.185 - 3 packets to tcp(4899)
From 179.216.83.84 - 3 packets to tcp(23)
From 180.94.129.12 - 4 packets to udp(53413)
From 180.128.252.1 - 2 packets to tcp(22)
From 181.28.70.105 - 3 packets to udp(53413)
From 181.194.71.84 - 3 packets to tcp(23)
From 181.194.72.124 - 3 packets to tcp(23)
From 181.194.111.214 - 3 packets to tcp(23)
From 181.196.76.202 - 3 packets to udp(53413)
From 184.26.161.65 - 1 packet to udp(39579)
From 184.105.139.67 - 2 packets to udp(161)
From 184.105.139.72 - 1 packet to udp(123)
From 184.105.139.73 - 1 packet to udp(1900)
From 184.105.139.76 - 1 packet to udp(123)
From 184.105.139.87 - 1 packet to tcp(11211)
From 184.105.139.95 - 2 packets to tcp(9200,27017)
From 184.105.139.101 - 1 packet to udp(1900)
From 184.105.247.196 - 1 packet to udp(53413)
From 184.105.247.215 - 1 packet to udp(5351)
From 184.105.247.223 - 1 packet to udp(5351)
From 184.105.247.232 - 1 packet to udp(53413)
From 184.105.247.242 - 1 packet to udp(623)
From 184.105.247.244 - 1 packet to tcp(6379)
From 184.105.247.250 - 1 packet to udp(623)
From 185.25.204.84 - 2 packets to udp(5093)
From 185.35.62.137 - 1 packet to udp(123)
From 185.35.62.186 - 1 packet to udp(123)
From 185.56.82.22 - 2 packets to tcp(5631)
From 185.130.5.201 - 11 packets to udp(53413)
From 185.130.5.224 - 20 packets to udp(53413)
From 186.78.34.179 - 3 packets to udp(53413)
From 186.115.22.131 - 3 packets to tcp(23)
From 186.182.100.224 - 3 packets to tcp(23)
From 186.202.182.102 - 4 packets to tcp(8080)
From 187.35.156.114 - 1 packet to tcp(23)
From 188.72.99.99 - 2 packets to tcp(23)
From 188.138.102.149 - 2 packets to udp(5060)
From 188.138.118.21 - 2 packets to udp(5060)
From 189.29.1.88 - 4 packets to tcp(23)
From 190.43.40.183 - 3 packets to udp(53413)
From 190.156.228.246 - 2 packets to udp(53413)
From 190.197.117.254 - 2 packets to tcp(23)
From 190.221.243.232 - 3 packets to tcp(23)
From 190.221.255.133 - 3 packets to tcp(23)
From 190.253.70.146 - 2 packets to udp(53413)
From 191.83.245.52 - 3 packets to udp(53413)
From 192.154.177.254 - 3 packets to tcp(23)
From 193.105.134.220 - 8 packets to tcp(3128,8123,8888,21320)
From 193.201.225.91 - 3 packets to tcp(22)
From 193.201.225.93 - 6 packets to tcp(22)
From 195.154.214.162 - 2 packets to tcp(8443)
From 197.45.65.58 - 3 packets to tcp(23)
From 197.149.26.144 - 3 packets to tcp(23)
From 198.20.69.74 - 1 packet to tcp(8443)
From 198.20.70.114 - 4 packets to udp(80,6881) tcp(5001,9051)
From 198.20.99.130 - 2 packets to udp(5008) tcp(8080)
From 199.115.117.88 - 4 packets to tcp(5038,5060)
From 199.217.118.83 - 4 packets to udp(5060)
From 200.91.130.57 - 3 packets to tcp(23)
From 200.206.220.174 - 3 packets to tcp(23)
From 200.229.208.250 - 4 packets to tcp(10000)
From 201.191.93.176 - 3 packets to tcp(23)
From 201.191.165.152 - 3 packets to tcp(23)
From 201.192.6.25 - 3 packets to tcp(23)
From 201.192.220.238 - 3 packets to tcp(23)
From 201.196.211.50 - 3 packets to tcp(23)
From 201.197.52.30 - 2 packets to tcp(23)
From 201.197.121.186 - 3 packets to tcp(23)
From 201.199.186.194 - 3 packets to tcp(23)
From 201.203.57.84 - 3 packets to tcp(23)
From 201.203.141.245 - 3 packets to tcp(23)
From 201.206.144.59 - 3 packets to tcp(23)
From 201.207.230.250 - 2 packets to tcp(23)
From 201.237.194.2 - 3 packets to tcp(23)
From 203.152.125.187 - 3 packets to tcp(23)
From 203.236.50.12 - 2 packets to tcp(3306)
From 206.125.76.108 - 3 packets to tcp(23)
From 207.46.138.2 - 1 packet to tcp(9200)
From 208.25.111.69 - 42 packets to tcp(22)
From 208.67.1.11 - 2 packets to udp(1900)
From 208.67.1.39 - 2 packets to tcp(22)
From 208.73.206.244 - 4 packets to udp(5060)
From 208.109.178.226 - 2 packets to tcp(22)
From 209.126.101.29 - 2 packets to udp(5060)
From 209.239.112.201 - 2 packets to udp(5060)
From 209.239.123.101 - 2 packets to udp(6060)
From 210.7.17.114 - 3 packets to tcp(23)
From 210.66.64.166 - 4 packets to tcp(23)
From 210.105.135.25 - 3 packets to tcp(23)
From 210.201.219.22 - 2 packets to tcp(23)
From 211.204.196.226 - 2 packets to udp(53413)
From 212.83.187.236 - 2 packets to udp(5060)
From 212.83.188.161 - 4 packets to udp(5060)
From 216.218.206.105 - 1 packet to udp(1434)
From 216.218.206.113 - 1 packet to udp(1434)
From 216.218.206.122 - 1 packet to tcp(27017)
From 217.23.10.231 - 2 packets to udp(5060)
From 217.23.14.193 - 1 packet to udp(123)
From 219.248.17.6 - 2 packets to udp(53413)
From 220.79.120.164 - 3 packets to tcp(23)
From 220.85.189.22 - 3 packets to tcp(23)
From 220.94.70.40 - 1 packet to tcp(23)
From 220.133.172.99 - 3 packets to udp(53413)
From 221.145.254.178 - 2 packets to udp(53413)
From 221.147.143.218 - 3 packets to tcp(23)

---------------------- iptables firewall End -------------------------


--------------------- MailScanner Begin ------------------------


MailScanner Status:
52 messages Scanned by MailScanner
393.4 Total KB
2 Content Problems found by MailScanner
52 Messages delivered by MailScanner

52 Messages logged to MailWatch database

Content Report: (Total Seen = 2)
web bug tags: 2 Time(s)

**Unmatched Entries**
Deleted 1 messages from processing-database: 50 Time(s)
Found 0 messages in the Processing Attempts Database: 15 Time(s)
Connected to Processing Attempts Database: 15 Time(s)
Reading configuration file /usr/mailscanner/etc/conf.d/README: 15 Time(s)
Reading configuration file /usr/mailscanner/etc/MailScanner.conf: 15 Time(s)
Deleted 2 messages from processing-database: 1 Time(s)

---------------------- MailScanner End -------------------------



###################### Logwatch End #########################

Thanks,
ameran
 
Old 01-31-2016, 01:14 PM   #2
baldur_1
Member
 
Registered: Sep 2010
Posts: 125

Rep: Reputation: 11
so the top part appears to be logins/logouts from dovecot. easy enough, the second part, is packets received to the firewall and where from outside your network. so this could be usual activity or it could be nefarious attempts. the bottom part is activity of your main scanner.

i am not sure what part you are having trouble with but it is fairly basic output files from a linux server.
 
Old 01-31-2016, 01:24 PM   #3
ameran
LQ Newbie
 
Registered: Jan 2016
Posts: 3

Original Poster
Rep: Reputation: Disabled
baldur_1,
Thank you for your response. I am new in VPS and all logs data. The reason I was really curious was, that my server was attacked by hackers, which resulted spam emails being sent from my server. I did some research and installed ConfigServer Security & Firewall on my VPS. Now, I am getting logs after logs about what is happening on my server, which I do not understand most of the time, what they mean. I also become a little paranoid reading all the logs, because My server was hacked previously.

Anyway, I really appreciate all your explanation about those logs. I am sure, I will have more questions.

Glad to be part of a forum where people like you would help people with low linux knowledge like myself.

Thanks,
ameran
 
Old 01-31-2016, 02:05 PM   #4
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread is being closed because it is a duplicate.


http://www.linuxquestions.org/questi...on-4175568852/
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix trying to understand log markotitel Linux - Server 6 06-21-2013 08:26 AM
[SOLVED] I got some messages at /var/log I really do not understand robeich Linux - Security 9 08-18-2010 06:25 AM
Log files how to? Help me understand logs nicedreams Linux - Software 3 12-16-2005 09:04 PM
to understand log file diego-bellini Linux - Security 3 10-22-2004 01:51 PM
How to understand vsftpd.log file?? venkateshp Linux - Software 0 07-23-2004 01:53 AM


All times are GMT -5. The time now is 10:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration