Logwatch question.

ameran · 01-30-2016, 11:02 PM

Hi guys,
I have a VPS and run few websites on it. I always receive log information from my server, but mostly I don't understand them. This is one of them and I really appreciate it if you could let me know what this mean, if it is something serious, and what I should do. Thank you.

Code:

################### Logwatch 7.3.6 (05/19/07) ####################
        Processing Initiated: Sun Jan 31 03:31:06 2016
        Date Range Processed: yesterday
                              ( 2016-Jan-30 )
                              Period is day.
      Detail Level of Output: 0
              Type of Output: unformatted
           Logfiles for Host: server.domain.com
  ##################################################################

 --------------------- Dovecot Begin ------------------------

 Dovecot disconnects:
    Inactivity: 5 Time(s)
    Logged out in=11, out=434,: 286 Time(s)
    Logged out in=1363, out=121959,: 1 Time(s)
    Logged out in=3429, out=1768,: 1 Time(s)
    Logged out in=36625, out=1735,: 1 Time(s)
    Logged out in=401, out=3457,: 1 Time(s)
    Logged out in=401, out=3490,: 4 Time(s)
    Logged out in=401, out=3507,: 1 Time(s)
    Logged out in=401, out=3556,: 2 Time(s)
    Logged out in=401, out=3573,: 1 Time(s)
    Logged out in=401, out=3616,: 9 Time(s)
    Logged out in=54488, out=1801,: 1 Time(s)
    Logged out in=71932, out=4301,: 1 Time(s)
    Logged out in=88680, out=9104,: 1 Time(s)
    auth failed, 1 attempts in 2 secs: 1 Time(s)
    no auth attempts in 0 secs: 5 Time(s)
    no auth attempts in 1 secs: 1 Time(s)

 **Unmatched Entries**
    dovecot: auth: Error: Cpanel::MailAuth: Brute force checking was skipped because cphulkd failed to process “info@domain.com” from “IP '216.23.8.2'” for the “pop3” service.: 1 Time(s)

 ---------------------- Dovecot End -------------------------


 --------------------- iptables firewall Begin ------------------------


  Listed by source hosts:
 Logged 729 packets on interface eth0
   From 1.55.16.250 - 3 packets to udp(53413)
   From 1.172.210.215 - 3 packets to udp(53413)
   From 5.39.222.253 - 1 packet to tcp(3306)
   From 5.79.69.72 - 2 packets to udp(5060)
   From 5.189.167.114 - 2 packets to udp(5060)
   From 14.34.243.156 - 3 packets to tcp(23)
   From 14.49.164.243 - 3 packets to tcp(23)
   From 14.50.114.109 - 3 packets to udp(53413)
   From 14.177.153.76 - 3 packets to udp(53413)
   From 14.198.114.249 - 3 packets to tcp(23)
   From 23.31.139.127 - 4 packets to tcp(23)
   From 23.239.64.15 - 1 packet to udp(19)
   From 23.239.65.210 - 2 packets to udp(5060)
   From 24.1.244.41 - 3 packets to tcp(23)
   From 27.34.84.42 - 3 packets to tcp(23)
   From 31.145.83.5 - 3 packets to udp(53413)
   From 37.34.82.6 - 2 packets to udp(53413)
   From 41.59.32.212 - 4 packets to tcp(23)
   From 41.214.166.194 - 3 packets to tcp(23)
   From 42.200.37.18 - 2 packets to tcp(1433)
   From 45.34.1.201 - 4 packets to tcp(3306)
   From 45.79.143.81 - 2 packets to tcp(5432,5985)
   From 45.121.210.90 - 2 packets to udp(123)
   From 46.37.72.102 - 2 packets to tcp(23)
   From 46.55.152.56 - 3 packets to udp(53413)
   From 46.62.245.178 - 3 packets to tcp(23)
   From 46.148.22.26 - 2 packets to tcp(22)
   From 46.228.207.18 - 2 packets to tcp(5900)
   From 47.21.4.134 - 2 packets to udp(53413)
   From 51.255.25.159 - 2 packets to udp(5060)
   From 58.140.208.17 - 3 packets to tcp(23)
   From 58.140.210.84 - 3 packets to tcp(23)
   From 58.140.210.254 - 3 packets to tcp(23)
   From 58.140.211.85 - 3 packets to tcp(23)
   From 58.140.211.193 - 3 packets to tcp(23)
   From 58.140.211.214 - 3 packets to tcp(23)
   From 58.176.97.205 - 3 packets to tcp(23)
   From 58.239.164.234 - 3 packets to udp(53413)
   From 59.22.81.128 - 3 packets to tcp(23)
   From 59.148.126.76 - 3 packets to udp(53413)
   From 60.249.197.221 - 3 packets to udp(53413)
   From 61.238.87.49 - 3 packets to tcp(23)
   From 61.244.86.56 - 2 packets to udp(53413)
   From 62.98.117.24 - 3 packets to tcp(23)
   From 63.141.238.58 - 6 packets to udp(5060)
   From 64.251.30.100 - 2 packets to tcp(7778)
   From 65.34.34.95 - 3 packets to tcp(23)
   From 66.240.192.138 - 5 packets to udp(2222,5353) tcp(3749,13579,21025)
   From 66.240.219.146 - 2 packets to tcp(7657,8060)
   From 66.240.236.119 - 4 packets to tcp(2181,8333,8443,9200)
   From 67.23.71.125 - 3 packets to tcp(23)
   From 69.90.140.226 - 2 packets to tcp(7778)
   From 71.6.135.131 - 2 packets to udp(2123) tcp(27015)
   From 71.6.165.200 - 3 packets to tcp(3790,7547,9051)
   From 71.6.167.142 - 3 packets to tcp(2222,8889,55554)
   From 71.41.82.139 - 2 packets to tcp(3389)
   From 74.82.47.9 - 1 packet to udp(19)
   From 74.82.47.23 - 1 packet to tcp(6379)
   From 74.82.47.33 - 1 packet to udp(17)
   From 74.82.47.34 - 1 packet to tcp(9200)
   From 74.82.47.40 - 1 packet to tcp(11211)
   From 74.82.47.57 - 1 packet to udp(19)
   From 74.82.47.61 - 1 packet to udp(17)
   From 74.94.157.212 - 3 packets to tcp(23)
   From 78.181.151.75 - 3 packets to tcp(23)
   From 78.188.23.62 - 3 packets to udp(53413)
   From 78.188.166.46 - 3 packets to udp(53413)
   From 80.82.70.24 - 14 packets to tcp(3128,3129,8000,8088,8090,8123,9064,21320)
   From 80.82.70.198 - 4 packets to tcp(4840,49320)
   From 80.82.78.8 - 2 packets to tcp(3389)
   From 80.82.79.104 - 4 packets to tcp(1080,8080)
   From 80.229.207.62 - 6 packets to tcp(23)
   From 81.214.66.103 - 3 packets to udp(53413)
   From 82.221.105.7 - 1 packet to tcp(1177)
   From 84.88.32.67 - 1 packet to tcp(8443)
   From 85.25.196.60 - 2 packets to udp(5060)
   From 85.90.245.5 - 2 packets to tcp(5632,9944)
   From 85.96.197.49 - 3 packets to udp(53413)
   From 85.97.108.16 - 4 packets to tcp(23)
   From 85.105.22.74 - 3 packets to udp(53413)
   From 88.247.11.254 - 4 packets to tcp(23)
   From 88.247.46.85 - 3 packets to udp(53413)
   From 88.247.144.24 - 3 packets to udp(53413)
   From 88.248.173.35 - 3 packets to udp(53413)
   From 88.250.184.152 - 3 packets to udp(53413)
   From 89.32.137.120 - 3 packets to tcp(23)
   From 91.121.39.149 - 1 packet to udp(11458)
   From 92.27.201.38 - 2 packets to udp(53413)
   From 93.171.205.11 - 5 packets to tcp(1000,1081,7777,8080,10000)
   From 93.174.93.17 - 2 packets to tcp(3389)
   From 93.174.93.130 - 2 packets to tcp(3389)
   From 93.174.93.181 - 2 packets to tcp(5900)
   From 93.174.93.225 - 2 packets to tcp(5900)
   From 95.9.167.25 - 3 packets to udp(53413)
   From 95.170.18.229 - 1 packet to udp(53413)
   From 96.7.49.67 - 1 packet to udp(40740)
   From 96.46.10.230 - 2 packets to tcp(3306)
   From 98.81.72.249 - 3 packets to tcp(23)
   From 101.109.151.177 - 3 packets to tcp(23)
   From 101.162.37.184 - 2 packets to tcp(23)
   From 103.224.167.155 - 4 packets to tcp(23)
   From 104.217.216.134 - 2 packets to tcp(3306)
   From 105.105.49.148 - 3 packets to udp(53413)
   From 106.141.76.88 - 3 packets to tcp(23)
   From 107.3.185.6 - 3 packets to tcp(23)
   From 108.59.4.195 - 2 packets to udp(5060)
   From 110.47.196.53 - 3 packets to tcp(23)
   From 110.54.7.76 - 3 packets to udp(53413)
   From 111.243.32.149 - 3 packets to tcp(23)
   From 113.170.57.162 - 4 packets to tcp(23)
   From 113.173.191.23 - 3 packets to tcp(23)
   From 113.190.125.103 - 4 packets to tcp(23)
   From 114.33.197.251 - 3 packets to udp(53413)
   From 114.33.250.82 - 3 packets to tcp(23)
   From 114.204.197.228 - 3 packets to udp(53413)
   From 115.165.198.132 - 3 packets to udp(53413)
   From 118.38.99.55 - 3 packets to tcp(23)
   From 118.39.73.224 - 3 packets to tcp(23)
   From 118.105.104.15 - 1 packet to udp(33850)
   From 118.173.138.45 - 3 packets to tcp(23)
   From 119.42.114.243 - 3 packets to udp(53413)
   From 119.236.240.12 - 3 packets to udp(53413)
   From 121.135.19.23 - 3 packets to tcp(23)
   From 121.146.165.96 - 2 packets to udp(53413)
   From 122.50.43.163 - 7 packets to udp(33850)
   From 124.120.172.174 - 3 packets to tcp(23)
   From 125.24.56.56 - 1 packet to tcp(23)
   From 139.162.142.121 - 1 packet to tcp(9944)
   From 141.212.122.86 - 1 packet to tcp(20000)
   From 141.212.122.93 - 1 packet to tcp(20000)
   From 141.212.122.119 - 1 packet to tcp(502)
   From 141.212.122.120 - 1 packet to tcp(502)
   From 141.212.122.133 - 1 packet to udp(47808)
   From 141.212.122.134 - 1 packet to udp(47808)
   From 141.212.122.140 - 1 packet to udp(47808)
   From 141.212.122.141 - 1 packet to udp(47808)
   From 149.202.61.97 - 2 packets to udp(5060)
   From 151.0.20.43 - 5 packets to tcp(23)
   From 151.236.221.126 - 1 packet to tcp(5632)
   From 152.204.9.123 - 3 packets to tcp(23)
   From 152.204.24.213 - 3 packets to tcp(23)
   From 155.94.64.106 - 2 packets to udp(5060)
   From 155.94.224.214 - 2 packets to tcp(3306)
   From 158.69.123.26 - 1 packet to udp(5072)
   From 162.248.100.195 - 1 packet to udp(123)
   From 168.62.238.153 - 2 packets to tcp(6661,6667)
   From 171.96.196.254 - 3 packets to tcp(23)
   From 173.208.176.26 - 2 packets to udp(5060)
   From 174.143.241.87 - 2 packets to tcp(23)
   From 175.203.140.112 - 3 packets to tcp(23)
   From 176.219.179.72 - 3 packets to udp(53413)
   From 177.36.248.37 - 4 packets to tcp(23)
   From 179.43.141.234 - 2 packets to udp(19)
   From 179.43.144.21 - 2 packets to udp(161)
   From 179.215.172.185 - 3 packets to tcp(4899)
   From 179.216.83.84 - 3 packets to tcp(23)
   From 180.94.129.12 - 4 packets to udp(53413)
   From 180.128.252.1 - 2 packets to tcp(22)
   From 181.28.70.105 - 3 packets to udp(53413)
   From 181.194.71.84 - 3 packets to tcp(23)
   From 181.194.72.124 - 3 packets to tcp(23)
   From 181.194.111.214 - 3 packets to tcp(23)
   From 181.196.76.202 - 3 packets to udp(53413)
   From 184.26.161.65 - 1 packet to udp(39579)
   From 184.105.139.67 - 2 packets to udp(161)
   From 184.105.139.72 - 1 packet to udp(123)
   From 184.105.139.73 - 1 packet to udp(1900)
   From 184.105.139.76 - 1 packet to udp(123)
   From 184.105.139.87 - 1 packet to tcp(11211)
   From 184.105.139.95 - 2 packets to tcp(9200,27017)
   From 184.105.139.101 - 1 packet to udp(1900)
   From 184.105.247.196 - 1 packet to udp(53413)
   From 184.105.247.215 - 1 packet to udp(5351)
   From 184.105.247.223 - 1 packet to udp(5351)
   From 184.105.247.232 - 1 packet to udp(53413)
   From 184.105.247.242 - 1 packet to udp(623)
   From 184.105.247.244 - 1 packet to tcp(6379)
   From 184.105.247.250 - 1 packet to udp(623)
   From 185.25.204.84 - 2 packets to udp(5093)
   From 185.35.62.137 - 1 packet to udp(123)
   From 185.35.62.186 - 1 packet to udp(123)
   From 185.56.82.22 - 2 packets to tcp(5631)
   From 185.130.5.201 - 11 packets to udp(53413)
   From 185.130.5.224 - 20 packets to udp(53413)
   From 186.78.34.179 - 3 packets to udp(53413)
   From 186.115.22.131 - 3 packets to tcp(23)
   From 186.182.100.224 - 3 packets to tcp(23)
   From 186.202.182.102 - 4 packets to tcp(8080)
   From 187.35.156.114 - 1 packet to tcp(23)
   From 188.72.99.99 - 2 packets to tcp(23)
   From 188.138.102.149 - 2 packets to udp(5060)
   From 188.138.118.21 - 2 packets to udp(5060)
   From 189.29.1.88 - 4 packets to tcp(23)
   From 190.43.40.183 - 3 packets to udp(53413)
   From 190.156.228.246 - 2 packets to udp(53413)
   From 190.197.117.254 - 2 packets to tcp(23)
   From 190.221.243.232 - 3 packets to tcp(23)
   From 190.221.255.133 - 3 packets to tcp(23)
   From 190.253.70.146 - 2 packets to udp(53413)
   From 191.83.245.52 - 3 packets to udp(53413)
   From 192.154.177.254 - 3 packets to tcp(23)
   From 193.105.134.220 - 8 packets to tcp(3128,8123,8888,21320)
   From 193.201.225.91 - 3 packets to tcp(22)
   From 193.201.225.93 - 6 packets to tcp(22)
   From 195.154.214.162 - 2 packets to tcp(8443)
   From 197.45.65.58 - 3 packets to tcp(23)
   From 197.149.26.144 - 3 packets to tcp(23)
   From 198.20.69.74 - 1 packet to tcp(8443)
   From 198.20.70.114 - 4 packets to udp(80,6881) tcp(5001,9051)
   From 198.20.99.130 - 2 packets to udp(5008) tcp(8080)
   From 199.115.117.88 - 4 packets to tcp(5038,5060)
   From 199.217.118.83 - 4 packets to udp(5060)
   From 200.91.130.57 - 3 packets to tcp(23)
   From 200.206.220.174 - 3 packets to tcp(23)
   From 200.229.208.250 - 4 packets to tcp(10000)
   From 201.191.93.176 - 3 packets to tcp(23)
   From 201.191.165.152 - 3 packets to tcp(23)
   From 201.192.6.25 - 3 packets to tcp(23)
   From 201.192.220.238 - 3 packets to tcp(23)
   From 201.196.211.50 - 3 packets to tcp(23)
   From 201.197.52.30 - 2 packets to tcp(23)
   From 201.197.121.186 - 3 packets to tcp(23)
   From 201.199.186.194 - 3 packets to tcp(23)
   From 201.203.57.84 - 3 packets to tcp(23)
   From 201.203.141.245 - 3 packets to tcp(23)
   From 201.206.144.59 - 3 packets to tcp(23)
   From 201.207.230.250 - 2 packets to tcp(23)
   From 201.237.194.2 - 3 packets to tcp(23)
   From 203.152.125.187 - 3 packets to tcp(23)
   From 203.236.50.12 - 2 packets to tcp(3306)
   From 206.125.76.108 - 3 packets to tcp(23)
   From 207.46.138.2 - 1 packet to tcp(9200)
   From 208.25.111.69 - 42 packets to tcp(22)
   From 208.67.1.11 - 2 packets to udp(1900)
   From 208.67.1.39 - 2 packets to tcp(22)
   From 208.73.206.244 - 4 packets to udp(5060)
   From 208.109.178.226 - 2 packets to tcp(22)
   From 209.126.101.29 - 2 packets to udp(5060)
   From 209.239.112.201 - 2 packets to udp(5060)
   From 209.239.123.101 - 2 packets to udp(6060)
   From 210.7.17.114 - 3 packets to tcp(23)
   From 210.66.64.166 - 4 packets to tcp(23)
   From 210.105.135.25 - 3 packets to tcp(23)
   From 210.201.219.22 - 2 packets to tcp(23)
   From 211.204.196.226 - 2 packets to udp(53413)
   From 212.83.187.236 - 2 packets to udp(5060)
   From 212.83.188.161 - 4 packets to udp(5060)
   From 216.218.206.105 - 1 packet to udp(1434)
   From 216.218.206.113 - 1 packet to udp(1434)
   From 216.218.206.122 - 1 packet to tcp(27017)
   From 217.23.10.231 - 2 packets to udp(5060)
   From 217.23.14.193 - 1 packet to udp(123)
   From 219.248.17.6 - 2 packets to udp(53413)
   From 220.79.120.164 - 3 packets to tcp(23)
   From 220.85.189.22 - 3 packets to tcp(23)
   From 220.94.70.40 - 1 packet to tcp(23)
   From 220.133.172.99 - 3 packets to udp(53413)
   From 221.145.254.178 - 2 packets to udp(53413)
   From 221.147.143.218 - 3 packets to tcp(23)

 ---------------------- iptables firewall End -------------------------


 --------------------- MailScanner Begin ------------------------


 MailScanner Status:
        52 messages Scanned by MailScanner
        393.4 Total KB
        2 Content Problems found by MailScanner
        52 Messages delivered by MailScanner

        52 Messages logged to MailWatch database

 Content Report: (Total Seen = 2)
     web bug tags: 2 Time(s)

 **Unmatched Entries**
    Deleted 1 messages from processing-database: 50 Time(s)
    Found 0 messages in the Processing Attempts Database: 15 Time(s)
    Connected to Processing Attempts Database: 15 Time(s)
    Reading configuration file /usr/mailscanner/etc/conf.d/README: 15 Time(s)
    Reading configuration file /usr/mailscanner/etc/MailScanner.conf: 15 Time(s)
    Deleted 2 messages from processing-database: 1 Time(s)

 ---------------------- MailScanner End -------------------------


 ###################### Logwatch End #########################

unSpawn · 01-31-2016, 05:14 PM