LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Sudden problem with Syslog - missing entries to logs
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-23-2011, 01:40 AM   #1
baldur2630
Member
 
Registered: Jan 2007
Location: Belgium
Distribution: CentOS & Ubuntu
Posts: 173

Rep: Reputation: 22
Sudden problem with Syslog - missing entries to logs

CentOS 5.6 Server patched to latest, multiple name-based apache virtual hosts. SELinux OFF

Everything was working fine until the other day. I've been making quite a lot of changes so it may well be something I've done, but I can't find out what!

Last night I got the following in my logwatch : -

Requests with error response codes
404 Not Found
/admin/phpmyadmin/scripts/setup.php: 1 Time(s)
/admin/pma/scripts/setup.php: 1 Time(s)
/admin/scripts/setup.php: 1 Time(s)
/db/scripts/setup.php: 1 Time(s)
/dbadmin/scripts/setup.php: 1 Time(s)
/favicon.ico: 8 Time(s)
/myadmin/scripts/setup.php: 1 Time(s)
/mysql/scripts/setup.php: 1 Time(s)
/mysqladmin/scripts/setup.php: 1 Time(s)
/phpMyAdmin/scripts/setup.php: 1 Time(s)
/phpadmin/scripts/setup.php: 1 Time(s)
/phpmyadmin/scripts/setup.php: 1 Time(s)
/pma/scripts/setup.php: 1 Time(s)
/scripts/setup.php: 1 Time(s)
/sqlweb/scripts/setup.php: 1 Time(s)
/web/phpMyAdmin/scripts/setup.php: 1 Time(s)
/web/phpmyadmin/scripts/setup.php: 1 Time(s)
/web/scripts/setup.php: 1 Time(s)
/webadmin/scripts/setup.php: 1 Time(s)
/webdb/scripts/setup.php: 1 Time(s)
/websql/scripts/setup.php: 1 Time(s)

The problem is that NONE of my logs, secure, httpd, messages, NONE of them, show any trace of these hacking attempts. They used to show up in secure and apache error logs, but no longer.

Can anyone tell me what I've done wrong or what I should be checking?
Last edited by baldur2630; 05-23-2011 at 01:42 AM.
 
Old 05-23-2011, 08:06 PM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Did the logs perhaps get rolled over by logrotate? Check in the <log-file>.1 entries and the .gz archives. In case you haven't already, as root, you may be able to simply grep (use grep -i to ignore case) for the terms of interest. You might also want to see when the logs were last modified and how many of them were modified at or around the same time. While it is fairly unlikely that you are dealing with something nefarious, missing entries from logs is one of those things that should cause you to take notice of and investigate.
 
Old 05-23-2011, 09:51 PM   #3
vkvs
LQ Newbie
 
Registered: May 2011
Posts: 23

Rep: Reputation: 2
I have experienced that myself, so now all my logs are sent to my little syslog server at home Nobody can touch it here :P
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
drakconf.real and harddrake2 report bad entries in syslog Toadman Mandriva 2 05-10-2009 07:46 AM
Syslog entries from PIX appearing is messages log... ddenton Linux - Server 4 04-08-2008 11:28 AM
help for annoying syslog-ng entries fedora4002 Linux - General 1 07-29-2006 10:53 AM
Entries in access logs tebucky Linux - Security 7 12-19-2005 12:28 PM
linux -> Solaris syslog entries cestor Linux - General 0 06-13-2002 03:40 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:31 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration