Menu
▾
▴
[webmin-l] Understanding daily "LogWatch"?
|
From: <pr...@pr...> - 2005-09-18 23:23:12
|
From: Prodos (Melbourne, Australia)
Good morning.
I receive a daily email from my WEBMIN server
called "LogWatch for prodos"
It starts off like this ....
- - -
################### LogWatch 4.3.2 (02/18/03) ####################
Processing Initiated: Mon Sep 19 04:02:04 2005
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host: prodos
################################################################
- - -
... and then lists all sorts of things, such as this ....
- - -
sshd:
Invalid Users:
Unknown Account: 2614 Time(s)
Authentication Failures:
mail (200-102-192-82.cslce7005.t.brasiltelecom.net.br ): 5 Time(s)
unknown (220.229.161.171 ): 2211 Time(s)
root (200-102-192-82.cslce7005.t.brasiltelecom.net.br ): 85 Time(s)
sshd (200-102-192-82.cslce7005.t.brasiltelecom.net.br ): 5 Time(s)
nobody (200-102-192-82.cslce7005.t.brasiltelecom.net.br ): 5
Time(s)
nobody (220.229.161.171 ): 3 Time(s)
sshd (220.229.161.171 ): 9 Time(s)
[etc.]
- - - -
And this ....
- - - -
--------------------- SSHD Begin ------------------------
Failed logins from these:
Aaliyah/password from 200.102.192.82: 5 Time(s)
Aaron/password from 200.102.192.82: 5 Time(s)
Aba/password from 200.102.192.82: 5 Time(s)
Abel/password from 200.102.192.82: 5 Time(s)
Chicago/password from 220.229.161.171: 6 Time(s)
Christ/password from 220.229.161.171: 3 Time(s)
Dakota/password from 220.229.161.171: 6 Time(s)
Jewel/password from 200.102.192.82: 5 Time(s)
Jordan/password from 220.229.161.171: 6 Time(s)
[etc.]
- - -
And this ...
- - -
**Unmatched Entries**
Illegal user zena from 220.229.161.171
Illegal user zena from 220.229.161.171
Illegal user purple from 220.229.161.171
Illegal user purple from 220.229.161.171
[etc.]
- - -
Some of the lists are VERY long!
Is there a reference guide somewhere that can help
me interpret what the different categories and listed
items mean and what action is advisable in each case?
Thanks for any help on this.
Best Wishes,
PRODOS
http://prodos.thinkertothinker.com
|
