TAXXX Member
Posts : 19 Join date : 2011-03-09
| Subject: Logwatch 404 Wed May 11, 2011 10:43 pm | |
| I have a ton of logwatch errors, that show they are 404ed, yet the files exist! I really have doubts about this feature, so I was wondering if it was possible to completly remove the 404 logging and keep the rest. It would even be ok to remove the httpd Begin logging since thats where the 404 messages are locating from. Here is a copy of my logwatch. If anyone sees anything suspicious or can help me, please let me know. - Code:
-
> > ################### Logwatch 7.3 (03/24/06) #################### > Processing Initiated: Sun May 8 04:03:04 2011 > Date Range Processed: yesterday > ( 2011-May-07 ) > Period is day. > Detail Level of Output: 0 > Type of Output: unformatted > Logfiles for Host: 68-168-104-37.phx.codero.com > ################################################################## > > --------------------- Selinux Audit Begin ------------------------ > Number of audit daemon stops: 1 > > ---------------------- Selinux Audit End ------------------------- > > --------------------- Automount Begin ------------------------ > > **Unmatched Entries** > lookup_read_master: lookup(nisplus): couldn't locate nis+ table auto.master: 1 Time(s) > > ---------------------- Automount End ------------------------- > > --------------------- httpd Begin ------------------------ > > Requests with error response codes > 400 Bad Request > /: 2 Time(s) > /forums/clientscript/vbulletin_css/style00 ... ss?d=1304559947: 3 Time(s) > /forums/clientscript/yui/yuiloader-dom-eve ... -event.js?v=413: 1 Time(s) > /forums/customavatars/avatar12638_3.gif: 1 Time(s) > /forums/customavatars/avatar16846_3.gif: 1 Time(s) > /forums/customavatars/avatar5441_4.gif: 1 Time(s) > /forums/dbtech/thanks/clientscript/thanks.js?v=1000: 1 Time(s) > /forums/images/Styles/Blackend/buttons/reputation-40b.png: 1 Time(s) > /forums/images/Styles/Blackend/misc/rss_40b.png: 1 Time(s) > /forums/images/Styles/Blackend/misc/subscribed_40b.png: 1 Time(s) > /forums/images/Styles/Blackend/site_icons/homepage.png: 1 Time(s) > /forums/wanted-items/9835-busa-adjustable-cam-sprockets.html: 1 Time(s) > /garage-sale/53065-1990-gsxr-1100-2500-00-may-trade.html: 2 Time(s) > /images/smile.gif: 1 Time(s) > /phpMyAdmin/scripts/setup.php: 1 Time(s) > /printout.php?articleid=14: 1 Time(s) > /robots.txt: 4 Time(s) > /tech_supension: 1 Time(s) > /top-stories/freedom-watch-incorporates-the-new-media: 1 Time(s) > /w00tw00t.at.blackhats.romanian.anti-sec:): 1 Time(s) > > ---------------------- httpd End ------------------------- > > --------------------- Named Begin ------------------------ > > **Unmatched Entries** > found 4 CPUs, using 4 worker threads: 1 Time(s) > max open files (1024) is smaller than max sockets (4096): 1 Time(s) > the working directory is not writable: 4 Time(s) > using default UDP/IPv4 port range: [1024, 65535]: 4 Time(s) > using default UDP/IPv6 port range: [1024, 65535]: 4 Time(s) > using up to 4096 sockets: 1 Time(s) > zone psychobike.com/IN: zone serial unchanged: 3 Time(s) > > ---------------------- Named End ------------------------- > > --------------------- pam_unix Begin ------------------------ > runuser-l: > Unknown Entries: > session closed for user postgres: 2 Time(s) > session opened for user postgres by (uid=0): 2 Time(s) > > su: > Sessions Opened: > (uid=0) -> psych011: 1 Time(s) > > > ---------------------- pam_unix End ------------------------- > > --------------------- proftpd-messages Begin ------------------------ > > **Unmatched Entries** > 127.0.0.1 (117.68.66.107[117.68.66.107]) - Login timeout exceeded, disconnected > 127.0.0.1 (117.68.66.107[117.68.66.107]) - Session timed out, disconnected > 127.0.0.1 (117.68.66.107[117.68.66.107]) - Login timeout exceeded, disconnected > 127.0.0.1 (117.68.66.107[117.68.66.107]) - Session timed out, disconnected > > ---------------------- proftpd-messages End ------------------------- > > --------------------- Smartd Begin ------------------------ > > **Unmatched Entries** > Problem creating device name scan list > Device /dev/sda: using '-d sat' for ATA disk behind SAT layer. > > ---------------------- Smartd End ------------------------- > > --------------------- SSHD Begin ------------------------ > > SSHD Killed: 1 Time(s) > > SSHD Started: 1 Time(s) > > Failed logins from: > 59.46.88.4: 524 times > 113.108.197.67: 18 times > 201.148.157.185 (host157185.metrored.net.mx): 1 time > 218.241.236.109: 45 times > 221.2.163.252: 5 times > > Illegal users from: > 59.46.88.4: 1 time > 113.108.197.67: 131 times > 218.241.236.109: 682 times > > Locked account login attempts: > mysql : 2 Time(s) > postgres : 3 Time(s) > rpc : 1 Time(s) > rpcuser : 1 Time(s) > sshd : 1 Time(s) > > Users logging in through sshd: > root: > 68.169.185.24 (host-68-169-185-24.EPSOLT2.epbfi.com): 2 times > 98.226.123.82 (c-98-226-123-82.hsd1.in.comcast.net): 1 time > > > Received disconnect: > 11: Bye Bye : 1661 Time(s) > > Could not get shadow information for: > NOUSER : 814 Time(s) > > SFTP subsystem requests: 4 Time(s) > > **Unmatched Entries** > reverse mapping checking getaddrinfo for host157185.metrored.net.mx failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s) > > ---------------------- SSHD End ------------------------- > > --------------------- Disk Space Begin ------------------------ > Filesystem Size Used Avail Use% Mounted on > /dev/sda3 913G 268G 600G 31% / > /dev/sda2 84M 24M 56M 30% /boot > > > ---------------------- Disk Space End ------------------------- > > ###################### Logwatch End #########################
|
|
Stronger Member
Posts : 17 Join date : 2011-03-09
| Subject: Re: Logwatch 404 Wed May 11, 2011 10:43 pm | |
| Those are 400, not 404. And you shouldn't ignore them. Check the Logwatch config to see if you can, but I doubt it. |
|