Results 1 to 2 of 2
  1. #1
    Join Date
    Feb 2004
    Posts
    1,269

    LogWatch results

    Hello

    LogWatch show some messages like:


    (on Kernel)
    Dropped 452 packets on interface eth0
    From 61.152.198.56 - 5 packets
    To 69.56.xxx.xxx - 5 packets
    Service: 42560 (tcp/42560) (** IN_TCP DROP **,eth0,none) - 5 packets
    and many others

    there's also others like:

    Logged 240 packets on interface eth0
    From 12.96.160.116 - 224 packets
    To 69.56.xxx.xxx - 224 packets
    Service: ssh (tcp/22) (** SSH **,eth0,none) - 224 packets
    (on Named)
    **Unmatched Entries**
    client 203.75.105.1 error sending response: host unreachable: 2 Time(s)
    and for Connections:

    Cp-Wrap[25127]: CP-Wrapper v1.2 resuming normal operations
    Cp-Wrap[25127]: Pushing "32008 COUNTDBS" to '/usr/local/cpanel/bin/mysqladmin' for UID: 32008
    Cp-Wrap[25127]: CP-Wrapper terminated without error
    Cp-Wrap[25130]: CP-Wrapper v1.2 resuming normal operations
    Cp-Wrap[25130]: Pushing "32008 GETDISK" to '/usr/local/cpanel/bin/mysqladmin' for UID: 32008
    Cp-Wrap[25130]: CP-Wrapper terminated without error
    Cp-Wrap[25138]: CP-Wrapper v1.2 resuming normal operations
    Cp-Wrap[25138]: Pushing "32008 LIST 0 0" to '/usr/local/cpanel/bin/ftpadmin' for UID: 32008
    are those messages "normal" (like i can ignore them)?
    if they are, isn't there a way to make logwatch don't show them?
    if they aren't, any ideas to fix them?

    ok... i think need a logwatch tutorial, but just found in italian on their site and the FAQ is offline... the man page doesn't teach about that



    thanks

  2. #2
    If 12.96.160.116 belongs to you or one of those with access to SSH, it looks fine.

    It is just a log of what packets are being dropped by your firewall. You are probably using APF and those are being logged to /var/log/messages. So when logwatch analyse it, those show up.
    ••• Like us on Facebook to qualify for discounts! •••
    ••• http://www.sprintserve.net •••
    ••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
    ••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •