locating log showing hacking?
 

Recently, I had a knucklehead try to hack my server. The LogWatch report showed he/she tried to get in. I did a whois on the ip, and notified the ISP. They want to see my log file. I have checked access_log, error_log, messages, and secure, and can't find it. Does LogWatch look for these types of hacks in a different log? I am running Fedore Core2.

thanks in advance!
Ralph
--------------------------------------
--------------------- httpd Begin ------------------------

1.32 MB transfered in 247 responses (1xx 0, 2xx 180, 3xx 33, 4xx 34, 5xx 0)
101 Images (525024 bytes),
0 Documents (0 bytes),
0 Archives (0 bytes),
0 Sound files (0 bytes),
0 Movies files (0 bytes),
16 Windows executable files (4881 bytes),
108 Content pages (650504 bytes),
3 Redirects (648 bytes),
0 Proxy Configuration Files (0 bytes),
0 Program source files (0 bytes),
0 CD Images (0 bytes),
19 Other (200615 bytes)

Attempts to use 3 known hacks were logged 32 time(s)
cmd.exe by
66.47.226.71 14 time(s)
\/c\+dir by
66.47.226.71 16 time(s)
root.exe by
66.47.226.71 2 time(s)

A total of 1 sites probed the server
66.47.226.71

In fedora, you can find log messages in /var/log/messages , /var/log/secure and http-specific messages in /var/log/httpd/access_log

For what it's worth, those 32 known exploits are windows exploits. cmd.exe and root.exe are the windows command shell (actually root.exe is usually a copy of cmd.exe that is created by infection with code red windows worm). Probe/exploit attempts like the one you saw are very often automated scans by windows systems infected with the Nimda worm (another windows-only worm).