I have the following stuff come up in my logwatch. Is there anything else that's recommended to look for?
My server is running apache, mysql, squid, and ssh.
Code:
################### Logwatch 7.3 (03/24/06) ####################
Processing Initiated: Mon Aug 10 13:06:59 2009
Date Range Processed: yesterday
( 2009-Aug-09 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: localhost.localdomain
##################################################################
--------------------- httpd Begin ------------------------
Requests with error response codes
400 Bad Request
/w00tw00t.at.ISC.SANS.DFind:): 2 Time(s)
403 Forbidden
/: 1 Time(s)
/sarg: 8 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (host86-xxx-xxx-xx.rangexx-xx.xxxxxxxxxx.com): 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- postfix Begin ------------------------
Unrecognized warning:
unable to look up public/pickup: No such file or directory : 3 Time(s)
---------------------- postfix End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from:
86.xxx.xxx.xx (host86-xxx-xxx-xx.rangexx-xxx.xxxxxxxxxx.com): 1 time
Users logging in through sshd:
root:
86.xxx.xxx.xx (host86-xxx-xxx-xx.rangexx-xxx.xxxxxxxxxx.com):: 15 times
213.xxx.xxx.xxx: 1 time
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
root => root
------------------------------------------------------------------------------
/usr/sbin/dmidecode --type17
/usr/sbin/dmidecode --type17
---------------------- Sudo (secure-log) End -------------------------
--------------------- XNTPD Begin ------------------------
**Unmatched Entries**
sendto(213.xxx.xxx.x) (fd=21): Invalid argument: 84 time(s)
---------------------- XNTPD End -------------------------
--------------------- yum Begin ------------------------
Packages Installed:
apt-0.5.15lorg3.94a-5.el5.rf.i386
sarg-2.2.3.1-1.el5.rf.i386
Packages Erased:
sarg
---------------------- yum End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/sda5 4.8G 1.4G 3.2G 30% /
/dev/sda3 4.8G 318M 4.2G 7% /var
/dev/sda2 63G 180M 59G 1% /home
/dev/sda1 76M 17M 56M 24% /boot
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
