LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-05-2004, 01:50 PM   #1
maxgg
LQ Newbie
 
Registered: Dec 2004
Posts: 5

Rep: Reputation: 0
What does logwatch report mean?


Hi! follks,

I got a logwatch report from my mail server..I dun understand all entries...tried to search online..but it seems that nth can explain what those entries are...I am completed new to linux ...i am running RH9 and sendmail 8.11 .... ..the following is my report ...

1. Do I have to worry about this?

2. Did my server got attacked?

3. What those Unknow user, relaying denied, MAIL/EXPN/VRFY/ETRN ad Unmatched Entries mean?

any help or any direction to go for detail ..will be greatly appreciated ..thx



################### LogWatch 4.3.1 (01/13/03) ####################
Processing Initiated: Wed Nov 11 04:02:01 2004
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host:
################################################################

--------------------- pam_unix Begin ------------------------

login:
Sessions Opened:
root: 3 Time(s)

---------------------- pam_unix End -------------------------

--------------------- Connections (secure-log) Begin
------------------------

Connections:
Service pop3:
192.74.1.143: 639 Time(s)

---------------------- Connections (secure-log) End
-------------------------

--------------------- sendmail Begin ------------------------

Unknown users:
Antonia_5czf@mycompany.com: 1 Times(s)
Antwantxvm@mycompany.com: 5 Times(s)
Aprilyhmibxx@mycompany.com: 1 Times(s)
Bob7tlfq@mycompany.com: 1 Times(s)
Bonnie_bb@mycompany.com: 1 Times(s)
Brady_0345t@mycompany.com: 10 Times(s)
Britney_571swh@mycompany.com: 1 Times(s)
Bryant979l@mycompany.com: 1 Times(s)
Candice_2o@mycompany.com: 1 Times(s)
Carlos_402rgn@mycompany.com: 1 Times(s)
Chi536ud@mycompany.com: 1 Times(s)
Claudinezpj@mycompany.com: 4 Times(s)
Cleo_ncex@mycompany.com: 1 Times(s)
Dana_rqsrhsf@mycompany.com: 2 Times(s)
Darnell837mmlg@mycompany.com: 1 Times(s)
Darnell_7s@mycompany.com: 1 Times(s)
Deanne_qn@mycompany.com: 3 Times(s)
Dianneklg@mycompany.com: 4 Times(s)
Donnanrkmixf@mycompany.com: 1 Times(s)
Drew_33fd@mycompany.com: 1 Times(s)
Dustin_intif@mycompany.com: 1 Times(s)
Earnest8872q@mycompany.com: 6 Times(s)
Elijah_3lp@mycompany.com: 2 Times(s)
Elijahuvdovdbx@mycompany.com: 1 Times(s)
Emily6pwf@mycompany.com: 1 Times(s)
Fern_norhcs@mycompany.com: 1 Times(s)
Flora_84bcr@mycompany.com: 1 Times(s)
Gretchen_000q@mycompany.com: 1 Times(s)
Hank_ehz@mycompany.com: 1 Times(s)
Hannahpqmoidl@mycompany.com: 1 Times(s)
Harlan_4k@mycompany.com: 5 Times(s)
Harry_03osvt@mycompany.com: 1 Times(s)
Henryryifq@mycompany.com: 1 Times(s)
Irmalrgelrgk@mycompany.com: 4 Times(s)
Isaacpeqqy@mycompany.com: 1 Times(s)
Iva_tqcr@mycompany.com: 1 Times(s)
Jacqueline_grze@mycompany.com: 3 Times(s)
Jacques_0307crga@mycompany.com: 2 Times(s)
Jonathan387trv@mycompany.com: 1 Times(s)
Julie4v@mycompany.com: 2 Times(s)
Juliusgdxouoq@mycompany.com: 5 Times(s)
Junior_fxm@mycompany.com: 1 Times(s)
Kareem_86yy@mycompany.com: 1 Times(s)
Kelvin8902hzy@mycompany.com: 1 Times(s)
Kristopheriurx@mycompany.com: 1 Times(s)
Lazarolmg@mycompany.com: 1 Times(s)
Letitia_yoxdk@mycompany.com: 1 Times(s)
Lillian_wzk@mycompany.com: 1 Times(s)
Lionel_myre@mycompany.com: 1 Times(s)
Lolita_vjvptn@mycompany.com: 8 Times(s)
Lula_1x@mycompany.com: 1 Times(s)
Lynda5450vcc@mycompany.com: 1 Times(s)
Marcos_25n@mycompany.com: 1 Times(s)
Margo_209lne@mycompany.com: 1 Times(s)
Marissa4890f@mycompany.com: 1 Times(s)
Mauro_3mjs@mycompany.com: 1 Times(s)
Mayevpgbn@mycompany.com: 9 Times(s)
Mildred_fvx@mycompany.com: 4 Times(s)
Milfordqwlne@mycompany.com: 2 Times(s)
Miriam26fr@mycompany.com: 1 Times(s)
Mitchel7883byh@mycompany.com: 9 Times(s)
Murrayitcpt@mycompany.com: 1 Times(s)
Nola_ihgyg@mycompany.com: 1 Times(s)
Octavio_eypayx@mycompany.com: 1 Times(s)
Patrick_9381j@mycompany.com: 1 Times(s)
Phyllis_sibqhs@mycompany.com: 1 Times(s)
Ralphucpkc@mycompany.com: 1 Times(s)
Ramiro43ou@mycompany.com: 1 Times(s)
Ramiro_907bgl@mycompany.com: 3 Times(s)
Randal_3598d@mycompany.com: 1 Times(s)
Rigoberto_xrive@mycompany.com: 1 Times(s)
Roberto_xjygus@mycompany.com: 1 Times(s)
Roy015rsrp@mycompany.com: 1 Times(s)
Rudolph_oeef@mycompany.com: 1 Times(s)
Russrvdbhss@mycompany.com: 1 Times(s)
Sandyyenq@mycompany.com: 2 Times(s)
Sherri_lxft@mycompany.com: 5 Times(s)
Stephanie8hovu@mycompany.com: 1 Times(s)
Tamera_4ain@mycompany.com: 1 Times(s)
Tammy_2vpx@mycompany.com: 1 Times(s)
Terra_0nyv@mycompany.com: 1 Times(s)
Terrance_sfcrx@mycompany.com: 1 Times(s)
Thanhdvrixo@mycompany.com: 1 Times(s)
Theresaohtdz@mycompany.com: 1 Times(s)
Tim_9742s@mycompany.com: 1 Times(s)
Tony_839a@mycompany.com: 2 Times(s)
Trent_zkd@mycompany.com: 2 Times(s)
Truman34wm@mycompany.com: 1 Times(s)
Ty_082n@mycompany.com: 1 Times(s)
Ursula5419gac@mycompany.com: 1 Times(s)
Vaughnlaqh@mycompany.com: 1 Times(s)
Whitney_oekpaq@mycompany.com: 1 Times(s)
Willard_cfoh@mycompany.com: 2 Times(s)
Yvetteykehq@mycompany.com: 1 Times(s)
carol_3845o@mycompany.com: 1 Times(s)
evangelina_ohprwr@mycompany.com: 3 Times(s)
gretchenaoaf@mycompany.com: 1 Times(s)
james_ktivv@mycompany.com: 1 Times(s)
jwang@mycompany.com: 3 Times(s)
lee_eulol@mycompany.com: 1 Times(s)
leland_gffit@mycompany.com: 1 Times(s)
leonard_ipjn@mycompany.com: 4 Times(s)
napoleon_ovwnk@mycompany.com: 1 Times(s)
nicholasryovw@mycompany.com: 1 Times(s)
russ850ccgi@mycompany.com: 1 Times(s)
shar@mycompany.com: 1 Times(s)
smtp-tm-01.x-mailer.co.uk-1100592103...@mycompany.com: 1
Times(s)
taha@mycompany.com: 4 Times(s)
vincent_vxkjv@mycompany.com: 1 Times(s)
walterggim@mycompany.com: 6 Times(s)
wanda_ixid@mycompany.com: 3 Times(s)
z8u1m5n0a4@mycompany.com: 1 Times(s)

Relaying denied:
From [203.227.25.122] to c1225@yahoo.co.kr: 1 Times(s)
From [61.75.13.188] to gyioin1@hanmail.net: 1 Times(s)

Unresolveable or non-existent domains:
ShirleyG@nettmail.com.sg (does not exist): 1 Times(s)
bss@fre.sg.co.nz (does not exist): 1 Times(s)

Unresolved sender domains:
sghuvzuvrj@incamail.com: 1 Times(s)

Forwarding errors:
/home/francis/.forward+: Permission denied: 8 Times(s)
/home/francis/.forward.noble+: Permission denied: 8 Times(s)
/home/francis.forward.noble: Permission denied: 8 Times(s)
/home/francis/.forward: Permission denied: 8 Times(s)

Did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA:
192.74.1.142 : 639 Time(s)
195.248.191.68 : 4 Time(s)
69.136.83.96 : 1 Time(s)
221.147.185.88 : 1 Time(s)
213.133.104.16 : 1 Time(s)
207.203.128.196 : 1 Time(s)
202.108.252.137 : 1 Time(s)
200.50.32.10 : 1 Time(s)
210.110.147.32 : 1 Time(s)
12.162.153.129 : 1 Time(s)

**Unmatched Entries**
alias database /etc/mail/aliases.db out of date: 14 Time(s)
<May Healy@mycompany.com>... User unknown: 2 Time(s)

---------------------- sendmail End -------------------------

###################### LogWatch End #########################
 
Old 12-05-2004, 02:21 PM   #2
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 234Reputation: 234Reputation: 234
Re: What does logwatch report mean?

1. Do I have to worry about this?

Nothing looks suspicious to me.


2. Did my server got attacked?

Doesn't appear like it.


3. What those Unknow user, relaying denied, MAIL/EXPN/VRFY/ETRN ad Unmatched Entries mean?

Relay denied means someone or some scan, spammer tried to use your mail server to send email. A relay denied means they were unsuccessful, which is a good thing, your server most likely isn't opening up its mail relay for anyone to be able to send mail from, etc.
 
Old 12-05-2004, 04:54 PM   #3
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,275

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
In general, though, you must keep your servers up to date with the Red Hat 9 and Fedora Legacy patches, otherwise you're putting yourself at risk. Also installing a file monitor like tripwire can help you detect intrusions. You should read some of the stickied threads in the security forum here at LQ for more information and resources dealing with security.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
wierd logwatch report for httpd GUIPenguin Linux - General 2 09-21-2005 11:55 PM
Logwatch winchester169 Linux - Security 1 10-21-2004 10:18 AM
***logwatch*** LinuxRam Linux - General 1 08-25-2004 05:09 AM
logwatch I keep getting this help please lildrummerboy Linux - Newbie 1 08-01-2004 02:57 PM
How can I report the Error Report? domeili Linux - Newbie 1 10-30-2003 06:42 AM


All times are GMT -5. The time now is 04:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration