-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 2 Oct 2003 10:24:12 -0400, Reuben D. Budiardja wrote:
> I see these everyday in the logwatch mail to root, on a Redhat 9 box. Anyone
> else sees this? Is this something I need to worry about? kernel bug?
Nah, logwatch bug. /etc
Hi,
I see these everyday in the logwatch mail to root, on a Redhat 9 box. Anyone
else sees this? Is this something I need to worry about? kernel bug?
Thanks.
RDB
- Kernel Begin
Use of uninitialized value in left bitshift (<<) at
/etc
Nabin Limbu wrote:
> Hi everybody,
>
> My logwatch reports me the following message everyday. What does this
> mean? Is my mail server trying to relay mail to rapti.mos.com.np or is
> rapti.mos.com.np trying to relay mails via my mailserver.
> Also how can I stop these junk m
Hi everybody,
My logwatch reports me the following message everyday. What does this
mean? Is my mail server trying to relay mail to rapti.mos.com.np or is
rapti.mos.com.np trying to relay mails via my mailserver. Also how can I
stop these junk mails.
ruleset=check_mail, arg1=<[EMAIL PROTEC
Hey all,
I have these errors showing up in my logwatch report (regarding postfix):
SYSERR(root): opendaemonsocket: daemon MTA: cannot bind: Address
already in use: 22 Time(s)
daemon MTA: problem creating SMTP socket: 22 Time(s)
DSN: Return receipt: 2 Time(s)
SYSERR(root
Gerry Doris wrote:
It looks like you're trying to run more than one sendmail daemon. I've
seen similar errors when people run sendmail as a standalone daemon and
also try and call sendmail indirectly from an application like
MailScanner. I suggest you check all your mail related programs and
ve
> Hey all,
>
> I have these errors showing up in my logwatch report (regarding postfix):
>
>
> SYSERR(root): opendaemonsocket: daemon MTA: cannot bind: Address
> already in use: 22 Time(s)
> daemon MTA: problem creating SMTP socket: 22 Time(s)
> DS
: Wednesday, July 30, 2003 9:24 AM
To: [EMAIL PROTECTED]
Subject: Logwatch detail levels
I was wondering if it possible to change what detail level a service
shows up under. I realize this seems vague but you'll know what I'm
talking about if you know the answer. Thanks.
Barry Johnson
MAIL PROTECTED] Behalf Of Barry Johnson
> > Sent: Wednesday, July 30, 2003 9:24 AM
> > To: [EMAIL PROTECTED]
> > Subject: Logwatch detail levels
> >
> >
> > I was wondering if it possible to change what detail level a service
> > shows up under. I realize t
Hello Barry,
> I was hoping to
> use the standard logwatch to cut down on the number of logs I have to
> read through every morning.
This can be done by setting the loglevel that should be logged to
files. So you can set up specific logfiles for your purpose and write
the info yo
I realize that is a solution but not the cleanest one. I was hoping to
use the standard logwatch to cut down on the number of logs I have to
read through every morning. I have also tried just using cron to run
logwatch with the options I want but for some reason it won't print any
info for
27;s correct. The command line (which can include detail level) will
override the config file. Cron individual services with the detail level
that you want.
Check man logwatch for syntax details. I do this myself since I want
higher detail on the RT314 service.
--
redhat-list mailing list
unsub
Richard Humphrey wrote:
Check the logwatch.conf file. It explains in there how to change the
detail of logging
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Barry Johnson
Sent: Wednesday, July 30, 2003 9:24 AM
To: [EMAIL PROTECTED]
Subject: Logwatch detail
Check the logwatch.conf file. It explains in there how to change the
detail of logging
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Barry Johnson
Sent: Wednesday, July 30, 2003 9:24 AM
To: [EMAIL PROTECTED]
Subject: Logwatch detail levels
I was
I was wondering if it possible to change what detail level a service
shows up under. I realize this seems vague but you'll know what I'm
talking about if you know the answer. Thanks.
Barry Johnson
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman
hi
just check my log watch email that i get every nite or so and i
foudn this in it ?
The ftp login part
127.0.0.1: 173 Time(s)
How do i stop the local server from loggin it like that?
and
OQUEUE: [EMAIL PROTECTED] [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN
during connection to MTA
HI all
I just loooked at my logwatch email for last nite and found this
OQUEUE: [EMAIL PROTECTED] [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN
during connection to MTA
NOQUEUE: [EMAIL PROTECTED] [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN
during connection to MTA
NOQUEUE: [EMAIL PROTECTED
Title: Is there a more detailed Logwatch?
Hi,
I have using Logwatch to gather user login information
(RH 7.3 and 8.0).
I do not like that it does not give me a time stamp
of when a user logged in, or when a user initiated a process.
Is there a more detailed Logwatch?
Thanks,
Robert
atest bleeding edge. Latest betas
> are usually based on rawhide (or a good portion of it).
>
> ftp://ftp.redhat.com/pub/redhat/linux/rawhide
>
For some reason I had it in my head that rawhide was 73... Oops!
Anyway, went to the above site and got:
logwatch-4.3.1-2.noarch.rpm
the
Patrick Nelson wrote:
> Matthew Saltzman wrote:
>> On Mon, 24 Mar 2003, Patrick Nelson wrote:
>>
>>> RH80
>>>
>>> Can not figure out why logwatch isn't producing any reports.
>>
>> It's a bug. Get the Rawhide version.
>>
Patrick Nelson wrote:
Matthew Saltzman wrote:
It's a bug. Get the Rawhide version.
Oh really... shoot how much time I just wasted... darn...
So rawhide is 7.3?
Rawhide is rawhide - lastest and greatest bleeding edge. Latest betas
are usually based on rawhide (or a good portion of it).
ftp://ftp
Matthew Saltzman wrote:
> On Mon, 24 Mar 2003, Patrick Nelson wrote:
>
>> RH80
>>
>> Can not figure out why logwatch isn't producing any reports.
>
> It's a bug. Get the Rawhide version.
>
Oh really... shoot how much time I just wasted... dar
On Mon, 24 Mar 2003, Patrick Nelson wrote:
> RH80
>
> Can not figure out why logwatch isn't producing any reports.
It's a bug. Get the Rawhide version.
--
Matthew Saltzman
Clemson University Math Sciences
[EMAIL PROTECTED]
http://www.math.clemson.edu/~mjs
RH80
Can not figure out why logwatch isn't producing any reports.
There is a link in /etc/daily pointing to /etc/lod.d/logwatch which points
to /etc/log.d/scripts/logwatch.pl
I can run the script like
cd /etc/log.d
./logwatch --print
and I get no output. So I drill down d
I watch report from logwatch in redhat8.0 don't report sshd,
is there any issue about this?
--
ichtus
--
Lewi Supranata .K
ICQ: 50643061
IPLUG Team
About Me : http://lewi.f4boys.com
Homepage : http://mercury7.petra.ac.id/~ichtus
GnuPG Public Key : http://mercury7.petra.ac.id/~i
> Try running # logwatch --print
>
> This will let you see the standard error from the default logwatch run
> by cron.daily. It's possible the script is bailing out for some reason,
> but you can't see the error output in the mail output.
>
> If you don't
On Thu, Feb 13, 2003 at 01:38:33PM +0100 or thereabouts, wilma wrote:
>
> If I try:
> logwatch --service sendmail --detail high --range all --print
> I get no output
> logwatch --service sshd --detail high --range all --print
> I get no output
> logwatch --service secure --de
>What happens if you run logwatch from the command line? e.g.
>
>$ logwatch --service secure --detail high --range all --print
>
>Maybe you'll get some more information that will help you diagnose the
>problem.
>
>--
>Andrew Pasquale
>gpg id: 31AA061C
If
On Wed, Feb 12, 2003 at 09:23:21AM +0100 or thereabouts, wilma wrote:
> Hi,
> I have a RedHat 8 installation in where logwatch seems to have some problems (at
>least I think).
> In /etc/log.d/conf/logwatch.conf I have specified that all Services should be
>reported on:
> Servic
Hi,
I have a RedHat 8 installation in where logwatch seems to have some problems (at least
I think).
In /etc/log.d/conf/logwatch.conf I have specified that all Services should be reported
on:
Service = All
Still logwatch only produce output for ftp and for samba?
I tried putting:
Service
[ Sorry for this getting posted twice, but it got out without
a subject line the first time around ]
Some time ago I had LOGWATCH working just fine (this is RH7.3).
Then I updated some things (perl, tk/tcl, ...) and I havent
heard from logwatch since.
Tonight I played with it a bit, putting
The 4.2.1-1 logwatch works! Thanks to all who replied.
Cheers,
Mike
--
Mike Pelley "Non illegitimati carborundum"
Owner & "Misc. Rambler" of Pelleys.com
[EMAIL PROTECTED] - www.pelleys.com
-Original Message-
From: [
On Tue, Dec 17, 2002 at 07:50:20AM -0800, Rick Johnson wrote:
> Try grabbing the latest Logwatch from logwatch.org
>
> ftp://ftp.kaybee.org/pub/redhat/RPMS/noarch/logwatch-4.2.1-1.noarch.rpm
>
> It may do what you're looking for, but it hasn't been put through the
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Pelley wrote:
| Folks - I've just set up a Red Hat 8 box and I can't seem to get
| logwatch to report the info I'm looking for. The configuration is the
| same as a 7.0 box that I have running, however, I only get the foll
Folks - I've just set up a Red Hat 8 box and I can't seem to get
logwatch to report the info I'm looking for. The configuration is the
same as a 7.0 box that I have running, however, I only get the following
section:
Connections (se
Try /usr/sbin/logwatch --debug HIGH > debug.out
and then read debug.out.
See if you can find the problem?
My logwatch (on 7.2) says:
[root@mis-unix sbin]# rpm -q --requires logwatch
perl
textutils
sh-utils
grep
mailx
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(CompressedFileNames) <
Up till a few weeks ago, LOGWATCH produced page+ of output
every day (most of it was complaints from sendmail about SPAM,
but it also listed my connections from 'outside' via SSH).
And then it stopped.
My assumption is/was that this is because I had updated perl/
tk/tcl, and (most like
Itself" - Me, 1990
> ---
> Visit Our MIDI & Digital Audio Website at http://hale.dyndns.org
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> On Behalf Of Bret Hughes
> Sent: Saturday, November 23, 2002 8:14 AM
> To: [EMAIL PROTECTED]
Bret Hughes wrote:
> On Sat, 2002-11-23 at 05:21, [EMAIL PROTECTED] wrote:
> > Hello,
> >
> > How to midify the config ( LogWatch,Cron etc ) of RedHat 7.2 ?
> > Because the root account always receive mails ( report of LogWatch and
> > Cron ) each day...
> &
1990
---
Visit Our MIDI & Digital Audio Website at http://hale.dyndns.org
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On Behalf Of Bret Hughes
Sent: Saturday, November 23, 2002 8:14 AM
To: [EMAIL PROTECTED]
Subject: Re: Config of LogWatch and Cron
On Sat,
On Sat, 2002-11-23 at 05:21, [EMAIL PROTECTED] wrote:
> Hello,
>
> How to midify the config ( LogWatch,Cron etc ) of RedHat 7.2 ?
> Because the root account always receive mails ( report of LogWatch and
> Cron ) each day...
> I want to reset the default time to delay...
>
Hello,
How to midify the config ( LogWatch,Cron etc ) of RedHat 7.2 ?
Because the root account always receive mails ( report of LogWatch and
Cron ) each day...
I want to reset the default time to delay...
So, can you help me ?
Thanks !
Edward.
--
redhat-list mailing list
unsubscribe mailto
Hello,
The Redhat system is 7.2
Alway receive more the report emails from root about logwatch and
cron...
So, how can I change the time to receive the email about report of
logwatch and cron only each week or each month ?
Thank for your help !
Edward.
--
redhat-list mailing list
On Sun, 11 Aug 2002 08:43:02 -0400 (EDT)
Joe Giles wrote:
>
> I found the files... So, basically, I can just remove (move) the
> file out of the services directory and this will take care of it?
>
The preferred method is to list the Services that you want Logwatch to
monitor i
tary question, so please for give me :)
> >
> > How would you remove a cron job from listing in LOGWATCH?
> >
> > I run a cron job every minute and my daily logwatch report is RATHER
> > LARGE.
> >
> > I have entered > /dev/null after the job, but it
On Sat, 10 Aug 2002 16:58:03 -0400 (EDT)
Joe Giles wrote:
>
> List,
>
> This is probobly an elementary question, so please for give me :)
>
> How would you remove a cron job from listing in LOGWATCH?
>
> I run a cron job every minute and my daily logwatch report i
List,
This is probobly an elementary question, so please for give me :)
How would you remove a cron job from listing in LOGWATCH?
I run a cron job every minute and my daily logwatch report is RATHER LARGE.
I have entered > /dev/null after the job, but it still lists in the CRON log.
How
On Sat, 27 Jul 2002, Chet Nichols III wrote:
> Hey,
>
> In the sendmail portion of my LogWatch, I've gotten this a couple times
> lately..not sure what it means, and if I should be worried at all, and why
> it's happening. Here's the message:
>
> Authe
Hey,
In the sendmail portion of my LogWatch, I've gotten this a couple times
lately..not sure what it means, and if I should be worried at all, and why
it's happening. Here's the message:
Authentication warnings:
apache set sender to [EMAIL PROTECTED] using -f: 1 Times(s)
A
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wednesday 17 July 2002 01:36 pm, daniel wrote:
> but today i logged into the machine through ssh (only port 22 is open)
> and checked my mail to find that logwatch had built up a considerable
> list of emails... but here's the hitc
time.
but today i logged into the machine through ssh (only port 22 is open) and
checked my mail to find that logwatch had built up a considerable list of
emails... but here's the hitch: it sent me an email every day EXCEPT
monday and tuesday... is that normal? the emails i _did_ f
Hi all,
After upgrading from RH72 to RH73 I got this message. To the best of my
knowledge, everything seems to be working so can anyone tell me what the
following indicates, and how I can fix the problems.
-- Forwarded Message --
Subject: LogWatch for garyh.stainburncom
Banze, Andreas wrote:
>>Well, in fact I received the "Don't panic" message from logwatch this
>>morning. After checking Google I found that the message is a
>>signature
>>left by scanssh as noted in
>>http://www.der-keiler.de/Mailing-Lists/sec
nice). Even the
"normal" documentation sometimes lack the information you are looking for
(the -bs is something I didn't find at sendmail.org).
So the only way seems to be to consult the docs of the application that
causes these log entries (seems reasonable, logwatch merely colle
> Well, in fact I received the "Don't panic" message from logwatch this
> morning. After checking Google I found that the message is a
> signature
> left by scanssh as noted in
> http://www.der-keiler.de/Mailing-Lists/securityfocus/incidents
/2001-12/0244.ht
On Thu, Jul 11, 2002 at 09:24:57AM -0700, daniel wrote:
> i got this in my logwatch email to root the other day:
>
> g68B22hG013075: g68B24hG013077: DSN: User unknown
The cryptic number is the sendmail message ID. You can grep your
maillog for all occurrences of this string
ck?
>
>thanks for the info people.
>
>
>
>
Hi all,
Well, in fact I received the "Don't panic" message from logwatch this
morning. After checking Google I found that the message is a signature
left by scanssh as noted in
http://www.der-keiler.de/Mailing-Lists/securi
| > most notably the 'unmatched entries' in things like sendmail,
| > proftpd and sshd are bothering me.
|
| Then logwatch is probably not what you want, disable it if you like
i didn't mean 'bothering me' in the sense that i wish they would go away.
i'
> i got this in my logwatch email to root the other day:
> g68JKQpm001168: Authentication-Warning: mydomain.com: myuser
> owned process
> doing -bs
> what's a -bs?
a sendmail commandline parameter used by programs like pine to send mail. If
the sender is not a trusted
i got this in my logwatch email to root the other day:
- sendmail Begin
13537 bytes transferred
10 messages sent
**Unmatched Entries**
g68B22hG013075: g68B24hG013077: DSN: User unknown
g68B24hG013077: g68B24hH013077: return to sender: User unknown
example the domain
> neo.RR.com is delegated to 65.24.0.169 but that server is not
> authoritative for that zone.
> There is nothing you can do about it unless you know the admins of
> those domains.
>
> Ben
>
>> Hey there,
>>
>> I've got 7.2 with named ru
example the domain
> neo.RR.com is delegated to 65.24.0.169 but that server is not
> authoritative for that zone.
> There is nothing you can do about it unless you know the admins of
> those domains.
>
> Ben
>
>> Hey there,
>>
>> I've got 7.2 with named ru
of
those domains.
Ben
>Hey there,
>
>I've got 7.2 with named running. In the LogWatch I get a couple times a day
>(or once a day), I've been noticing lately some weird activity under the
>'named' section of the log..here's what I keep seeing:
>
>**
Hey there,
I've got 7.2 with named running. In the LogWatch I get a couple times a day
(or once a day), I've been noticing lately some weird activity under the
'named' section of the log..here's what I keep seeing:
**Unmatched Entries**
lame server resolving '9
On Mon, Apr 01, 2002 at 04:03:03PM -0800, Patrick Nelson wrote:
>
> OK just did this... know of a quick way to test?
Checking /var/log/messages to see if the line that logwatch reports
shows up again should do it.
Emmanuel
___
Redhat-list m
Emmanuel Seyman wrote:
-
what would you suggest I change?
Add this line to /etc/hosts.allow:
fam: 127.0.0.1
-
OK just did this... know of a quick way to test?
___
Redhat-list mailing list
[EMAIL PROTECTED]
htt
On Mon, Apr 01, 2002 at 03:21:10PM -0800, Patrick Nelson wrote:
>
> what would you suggest I change?
Add this line to /etc/hosts.allow:
fam: 127.0.0.1
Emmanuel
___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listin
Emmanuel Seyman wrote:
-
> Mar 28 16:05:28 nea sshd[795]: received signal 15; terminating.
> Mar 28 16:12:25 nea sshd[780]: Server listening on 0.0.0.0 port 22.
Ssh is running on your machine.
> Mar 28 16:13:54 nea xinetd[1296]: FAIL: sgi_fam libwrap from=0.0.0.0
sgi_fam can
On Sun, Mar 31, 2002 at 10:28:39PM -0800, Patrick Nelson wrote:
>
> Mar 28 16:05:28 nea sshd[795]: received signal 15; terminating.
> Mar 28 16:12:25 nea sshd[780]: Server listening on 0.0.0.0 port 22.
Ssh is running on your machine.
> Mar 28 16:13:54 nea xinetd[1296]: FAIL: sgi_fam libwrap fro
RH72 with all latest updates and Ximian gnome.
I get these daily logwatch emails and in them there is a strange entry that
I'm not sure the meaning of. I searched for documentation on it but fail to
see if this is anything to be concerned about.
Mar 28 16:05:28 nea sshd[795]: received s
Hello every body, I just have a quit "Q". I`m getting in every mail that
LogWatch send to the root user this message:
- sendmail Begin
2339 bytes transferred
2 messages sent
**Unmatched Entries**
My unqualified host name (Dedo) unknown
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 27 November 2001 06:12 pm, Peter Kiem wrote:
> Hi Bob,
>
> > Logwatch does not have all the features of Logcheck. Anyone
> > running Logcheck on 7.0 or later versions of Red Hat?
>
> Red Hat 7.1 machine:
>
>
> Hi Bob,
>
> > Logwatch does not have all the features of Logcheck. Anyone
> > running Logcheck on 7.0 or later versions of Red Hat?
>
> Red Hat 7.1 machine:
>
> # rpm -q logcheck
> logcheck-1.1.1-1
>
> --
Peter,
I went ahead and downloaded log
Hi Bob,
> Logwatch does not have all the features of Logcheck. Anyone
> running Logcheck on 7.0 or later versions of Red Hat?
Red Hat 7.1 machine:
# rpm -q logcheck
logcheck-1.1.1-1
--
Regards,
+---+-+
| Peter Kiem|
Hi Bob,
> I noticed that although Red Hat never officially
> supported logwatch it was available for download and through
> RHN for 6.2. Now with 7.0 and on it appears that only
> Logwatch is available through those channels. Any
> particular reason
Hello all,
I noticed that although Red Hat never officially
supported logwatch it was available for download and through
RHN for 6.2. Now with 7.0 and on it appears that only
Logwatch is available through those channels. Any
particular reason for the switch? I prefer Locheck over
MAIL/EXPN/VRFY/ETRN are not POP3 commands...they're SMTP commands. Your
MTA (Sendmail, Postfix, whichever) is generating that line.
The first error is telling you that there is an error on line 8. You
might want to just erase line 8 and re-enter it.
Another thing to note is that if you don't
he only directory this seems
to occur in... How do I fix it?
Also, I notice that logwatch is leaving a lot of fallout in my /tmp
directory...
If I erase all this stuff, will it "break" logwatch?
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
On Fri, 9 Jun 2000, Burke, Thomas G. wrote:
> I noticed this in my logwatch logs last night, & I'vr never seen this
> particular thing in them before. Could someone please explain? (I've
> checked cron.hourly, & there's nothing in there)...
>
> Thanks.
> I noticed this in my logwatch logs last night, & I'vr never seen this
> particular thing in them before. Could someone please explain? (I've
> checked cron.hourly, & there's nothing in there)...
>
> Thanks.
>
I noticed this in my logwatch logs last night, & I'vr never seen this
particular thing in them before. Could someone please explain? (I've
checked cron.hourly, & there's nothing in there)...
Thanks.
## LogWatch 1.6.6 Begin #
---
On Tue, 15 Feb 2000, Alan Mead wrote:
> logwatch filter for portsentry? Or should I switch to another
> logwatch (like psionic's)?
I've had excellent results with psionic's.
--
Todd A. Jacobs
Network Systems Engineer
--
To unsubscribe: mail [EMAIL PROTECTED] with
Psionics logcheck is an excellent program. It puts portsentry attacks at
top of the list with email title of ATTACK ALERT. Try it out.
Kirk
At 11:38 AM 2/15/00 -0600, you wrote:
>Apparently the logwatch that ships with Red Hat is no longer being
>supported or developed (or I've no
Apparently the logwatch that ships with Red Hat is no longer being
supported or developed (or I've not found the right list/web site). I'd
like to scan my logs for portsentry attack alerts. I'm doing this now with
a really simple script but it's a messy solution.
Recently I have been getting odd messages in one servers secure log. It is
being reported by Logwatch as follows:
Errors:
Service in.identd:
cannot execute /usr/sbin/in.identd: No such file or directory: 17
Time(s)
I thought that maybe I had missed something when I had updated the
85 matches
Mail list logo