LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-10-2009, 09:45 AM   #1
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Rep: Reputation: 30
logwatch recommended search?


I have the following stuff come up in my logwatch. Is there anything else that's recommended to look for?
My server is running apache, mysql, squid, and ssh.

Code:
 ################### Logwatch 7.3 (03/24/06) #################### 
        Processing Initiated: Mon Aug 10 13:06:59 2009
        Date Range Processed: yesterday
                              ( 2009-Aug-09 )
                              Period is day.
      Detail Level of Output: 0
              Type of Output: unformatted
           Logfiles for Host: localhost.localdomain
  ################################################################## 
 
 --------------------- httpd Begin ------------------------ 

 Requests with error response codes
    400 Bad Request
       /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s)
    403 Forbidden
       /: 1 Time(s)
       /sarg: 8 Time(s)

 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (host86-xxx-xxx-xx.rangexx-xx.xxxxxxxxxx.com): 1 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- postfix Begin ------------------------ 

 
 
 Unrecognized warning:
     unable to look up public/pickup: No such file or directory : 3 Time(s)
 
 ---------------------- postfix End ------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    86.xxx.xxx.xx (host86-xxx-xxx-xx.rangexx-xxx.xxxxxxxxxx.com): 1 time
 
 Users logging in through sshd:
    root:
       86.xxx.xxx.xx (host86-xxx-xxx-xx.rangexx-xxx.xxxxxxxxxx.com):: 15 times
       213.xxx.xxx.xxx: 1 time
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Sudo (secure-log) Begin ------------------------ 

 ==============================================================================
 root => root
 ------------------------------------------------------------------------------
 /usr/sbin/dmidecode --type17
 /usr/sbin/dmidecode --type17
 
 ---------------------- Sudo (secure-log) End ------------------------- 

 
 --------------------- XNTPD Begin ------------------------ 

 
 **Unmatched Entries**
   sendto(213.xxx.xxx.x) (fd=21): Invalid argument: 84 time(s)
 
 ---------------------- XNTPD End ------------------------- 

 
 --------------------- yum Begin ------------------------ 

 
 Packages Installed:
    apt-0.5.15lorg3.94a-5.el5.rf.i386
    sarg-2.2.3.1-1.el5.rf.i386
 
 Packages Erased:
    sarg
 
 ---------------------- yum End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem            Size  Used Avail Use% Mounted on
 /dev/sda5             4.8G  1.4G  3.2G  30% /
 /dev/sda3             4.8G  318M  4.2G   7% /var
 /dev/sda2              63G  180M   59G   1% /home
 /dev/sda1              76M   17M   56M  24% /boot
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################
 
Old 08-11-2009, 03:58 AM   #2
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by qwertyjjj View Post
I have the following stuff come up in my logwatch. Is there anything else that's recommended to look for?
My server is running apache, mysql, squid, and ssh.

Code:
 ################### Logwatch 7.3 (03/24/06) #################### 
        Processing Initiated: Mon Aug 10 13:06:59 2009
        Date Range Processed: yesterday
                              ( 2009-Aug-09 )
                              Period is day.
      Detail Level of Output: 0
              Type of Output: unformatted
           Logfiles for Host: localhost.localdomain
  ################################################################## 
 
 --------------------- httpd Begin ------------------------ 

 Requests with error response codes
    400 Bad Request
       /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s)
    403 Forbidden
       /: 1 Time(s)
       /sarg: 8 Time(s)

 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (host86-xxx-xxx-xx.rangexx-xx.xxxxxxxxxx.com): 1 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- postfix Begin ------------------------ 

 
 
 Unrecognized warning:
     unable to look up public/pickup: No such file or directory : 3 Time(s)
 
 ---------------------- postfix End ------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    86.xxx.xxx.xx (host86-xxx-xxx-xx.rangexx-xxx.xxxxxxxxxx.com): 1 time
 
 Users logging in through sshd:
    root:
       86.xxx.xxx.xx (host86-xxx-xxx-xx.rangexx-xxx.xxxxxxxxxx.com):: 15 times
       213.xxx.xxx.xxx: 1 time
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Sudo (secure-log) Begin ------------------------ 

 ==============================================================================
 root => root
 ------------------------------------------------------------------------------
 /usr/sbin/dmidecode --type17
 /usr/sbin/dmidecode --type17
 
 ---------------------- Sudo (secure-log) End ------------------------- 

 
 --------------------- XNTPD Begin ------------------------ 

 
 **Unmatched Entries**
   sendto(213.xxx.xxx.x) (fd=21): Invalid argument: 84 time(s)
 
 ---------------------- XNTPD End ------------------------- 

 
 --------------------- yum Begin ------------------------ 

 
 Packages Installed:
    apt-0.5.15lorg3.94a-5.el5.rf.i386
    sarg-2.2.3.1-1.el5.rf.i386
 
 Packages Erased:
    sarg
 
 ---------------------- yum End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem            Size  Used Avail Use% Mounted on
 /dev/sda5             4.8G  1.4G  3.2G  30% /
 /dev/sda3             4.8G  318M  4.2G   7% /var
 /dev/sda2              63G  180M   59G   1% /home
 /dev/sda1              76M   17M   56M  24% /boot
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

completely your choice what you check for.
i dont know of anyone that actually uses this logwatch file stuff
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Does logwatch run automatically? How can I reset logwatch? abefroman Linux - Software 4 06-17-2009 02:17 AM
Search tools (Affinity, Tracker Search Tool, etc.) not working - don't find any files Adamantus Linux - Newbie 1 03-29-2009 11:21 PM
Can you make search ...search a string in a link....a url...a web address aus9 LQ Suggestions & Feedback 4 04-16-2008 09:37 AM
search for recommended linux programing books linwenyuan Linux - Newbie 2 10-03-2006 10:28 PM
search for recommended linux programming books! linwenyuan Linux - Software 1 10-03-2006 08:24 PM


All times are GMT -5. The time now is 05:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration