Everyday logwatch sends me the following information from IPTables and it seems odd, can anyone tell me are these entries odd, they all seem to be to two ports 28960 and 28964
[Code]....
I would like to open some port from IN to OUT pop3,smtp.whenever i tried to add some rules to existing iptables it gives me an error.Applying iptables firewall rules: iptables-restore: line 21 failed
View 7 Replies View RelatedI am receving emails from logwatch but when I setup my own mail script using mutt, the script succeeds but no email is received.Any ideas what the difference is between the two mail methods?
View 14 Replies View RelatedIn this part of logwatch:
Code:
--------------------- httpd Begin ------------------------
0.12 MB transferred in 11 responses (1xx 0, 2xx 8, 3xx 0, 4xx 3, 5xx 0)
[code]....
I was advised by a fellow forum owner to install logwatch as a security precaution. Our forum runs on a dedicated server. CentOS 5.5. I ran "yum install logwatch" and got the following:
Code:
Examining logwatch-7.3.6-1.noarch.rpm: logwatch-7.3.6-1.noarch
Marking logwatch-7.3.6-1.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package logwatch.noarch 0:7.3.6-1 set to be updated
--> Finished Dependency Resolution
[Code]...
I'm having some issues on a server running redhat for specific application and lately it has been for some reason kicking out some services. I just checked the Logwatch mail on the root user and here is one of the main error:
[code]...
We have following setup,
1. Webserver (Centos 5.5)
2. Mail server (Centos 5.5)
We have configured autossh successfully to create/manage the ssh tunnel into mail server in order to dump all emails to localhost port.
To auto start autossh in boot time we have included following into /etc/rc.d/rc.local,
Quote:
So whenever our web application wants to send out emails it dump all emails to localhost:33465 port, easy piecy, all are working great
Now we have a requirement that logwatch reports should get delivered via the same ssh tunnel rather than installing postfix and configuring as a relay.
In logwatch is there a way to achieve that?
I'm using ArchLinux and I have an IP tables rule that I know works (from my other server), and it's in /etc/iptables/iptables.rules, it's the only rule set in that directory. I run, /etc/rc.d/iptables save, then /etc/rc.d/iptables/restart, but when I do "iptables --list", I get ACCEPTs on INPUT,FORWARD & OUTPUT.
# Generated by iptables-save v1.4.8 on Sat Jan 8 18:42:50 2011
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
[Code]....
I want to write the shell script which
1)Finds all the databases in mysql
2)create the folder who ever is the creater of that database or owner of that database. I think the databse starts with username_ so i think i have to split the database name to get folders name . How to do that? backs up the databases belonging to that user.
Which distros are known to work with the new GPT partition tables as used with disks over 2TB?
View 5 Replies View RelatedHow to configure IP tables in opensuse?My situation is,1. My network is connected in this way...ISP -> Hub -> Firewall Router -> Switches -> DNS ->LANI need to insert a linux system with iptables configured. I am expecting it that it should be between DNS and LAN. For that I am in search of "How to configure IP tables on opensuse10.3
View 2 Replies View Relatedtranslationables,i.e,camp_generic_transcamp_generic_trans_defcamp_generic_trans_epcthese tables exist in cntr1/cntr1@camABC1I have to copy these tables from here to staging environment.I need to first check if any of the tables exist in staging.If yes,then delete and create new.There are 4 staging env from 5 to 8.I have to pass the staging environment as parameter to ask the user which environment does he want the tables to be copied
View 1 Replies View RelatedI have 3 translation tables,i.e,camp_generic_trans
camp_generic_trans_def
camp_generic_trans_epc
these tables exist in cntr1/cntr1@camABC1
I have to copy these tables from here to staging environment.
I need to first check if any of the tables exist in staging.If yes,then delete and create new. There are 4 staging env from 5 to 8.
I have to pass the staging environment as parameter to ask the user which environment does he want the tables to be copied.
I want to write a script that will extract information from a db table and store that information to a csv file. Basically, I have imported data into a table, I want to save this data to a csv file for later processing. How do I connect to the db and extraxt information from the table?
View 3 Replies View RelatedI'm writting an app for desktop and embedded linux and I need to get information about the multiserial port, and I need to know which port is been used (by a printer, por example).The multiserial I'm using is an Altera Corporation Device 0004, and I just need to tell how many ports are there and how many is been used.
View 3 Replies View RelatedHow can I tell if my USB ports are 2.0 ports?
View 1 Replies View Relatedhow to configure Logwatch? where can I find its config file? I never configure it but I received email everyday from Logwatch@mydomain.com..
View 1 Replies View RelatedDoes logwatch run automatically, or do I need to make a cron entry for it? How can I reset logwatch? When I run logwatch from the command line twice, it sends the same email twice.
View 4 Replies View Relatedi was wondering if there is anybody out there who has logwatch running and configured to just grab dhcp leases only
View 3 Replies View RelatedI've installed Logwatch 7.3.6 via the rpm on my CentOS 5.4 server. The issue is I'm getting basically empty reports from logwatch. The only two sections which have any information are samba and diskspace.
The only default options in the config file I've modified are: Code: print = No output = html I'm suspecting the issue has to do with the fact that the as-logged host name doesn't match my current host name. However, I've tried manually changing this on a few entries so they match but they didn't show up in the report. According to the config file, the default for option HostLimit is "No" -- so Logwatch should not care what hostname it sees in a log file, right?
This problem is occurring on Red Hat EL 5 WS. However, I have two CentOS 5 systems, with similar configuration to RH EL 5, where this problem does not occur.
I am getting this error:
Can't exec "sendmail": No such file or directory at ./0logwatch line 1018, <TESTFILE> line 1.
Can't execute sendmail -t: No such file or directory
When I installed Cent before I got my logwatch messages sent to me. for somreason this new server I built I am not getting them. can mail off the server and there is no mail in the Q or in root. I also put in a .forward file in my root to mail to my external account and it works fine. I get mail from fail2ban and denyhosts but not the logwatch.Thoughts on what I could be missing? I check the link and the files are all there. I changed the config file to give me a High level of detail. Thats about it. If I use the command line for logwatch it sends mail fine. logwatch --detail high --logfile messages --mailto yourname@domain.com
View 6 Replies View RelatedI have a squid proxy server (which I am very new too) which all traffic from my office goes through. The proxy itself is working fine, but I can not get logwatch to email me a daily summary. logrotate seems to be throwing an error:
# logrotate /etc/logrotate.conf
error: squid:1 duplicate log entry for /var/log/squid/access.log
My /etc/logrotate.d/squid file is below... My access logs are in /logs/squid not in /var/log/squid.
[Code]...
How to get logwatch working with shorewall logs. I tried fwlogwatch but could not get that working.
View 1 Replies View RelatedI'm trying to get logwatch to email me. I think my logwatch.conf file is okay. I have postfix installed. The mailer as far as I can tell is set correctly ("usr/bin/mail"). When I run logwatch - I get "no mail for aubrey"
Heres my logwatch.conf file:
Code:
linux-qwkb:/home/aubrey # edit /usr/share/logwatch/default.conf/logwatch.conf
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
#
######################################################## .....
Gidday, for some reason some of my RHEL servers don't send out a daily logwatch email (most do, but two don't) - and sadly I have no idea how to troubleshoot this.
Can anybody give some help/hints as to where/how I may troubleshoot this. I should add that these servers can/do send emails (I have some cronjobs that fire off emails upon completion of their jobs, so I know its not a sendmail config issue).
Logwatch has been showing me there is kernal errors present on my server.Below is the full report from logwatch, please let me know if there is anything I should be aware of and fix.
View 1 Replies View RelatedDoes anyone know the trick to getting Logwatch to make its entries a little less chatty and leave out the "Detailed" section of the Postfix report? I can't seem to tone it down and the daily reports I get include every recipient, host, etc., which is too much info to make a summary report useful.The first portion I get looks like this:
****** Summary *************************************************
9 *Warning: Pre-queue content-filter connection overload
2 SASL authentication failed
432 Miscellaneous warnings[code]....
This would be fine for a quick review that I do first thing. However,the "Detailed" portion that follows is over 2,800 lines long!
I have a server, running Centos 5.5. It runs daily rkhunter and logwatch. From both I get a daily mail.
I have a desktop computer, running Fedora 13 (almost 14...). It runs also a daily rkhunter and logwatch. But I get ONE mail from logwatch, which contains the result of rkhunter.
On the server, I want also only mail from logwatch, containing the rkhunter results. But so far, no luck.
How can I get the rkhunter results in the logwatch mail on my Centos server?
I have set logwatch to report daily the logs, somehow since last week i get below message. A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit):
/cgi-bin/blocked.cgi?clientaddr=192.168.1.108&clientname=&clientident=&clientgroup=limitedaccess&targetclass= untrusted&url=http://adfarm.mediaplex.com/ad/fm/9608-84171-8772-2?
[code]...