Ubuntu Servers :: How IPAddress Can Hit Server Yet Not Appear In ANY Logs

Oct 31, 2010

Since Port 80 and 443 are the only ports I have open, how is it that an IPAddress can hit my server yet not appear in ANY logs ?

View 9 Replies


ADVERTISEMENT

Ubuntu Servers :: 10.04.2 Server - Intermittently Hangs With No Indication Of Cause In Logs?

Sep 1, 2011

The attached log file includes two crashes/reboots within the past day or so I have recently started trying to set up / manage a Linux (Ubuntu 10.04.2 LTS) server in our data center (all other servers are Windows boxes). The server periodically hangs and becomes unresponsive and I'm at a loss to find anything in any log that indicates a specific cause. Sometimes it's up for hours, sometimes days (14 days at longest). Plugging a monitor in to the machine after a hang shows nothing at all. In an effort to troubleshoot the problem we've tried disabling APIC, more out of "educated desperation" than anything else. Unfortunately we are limited in some of the troubleshooting we can do, as we have a single client website hosted on the box (the reason we set it up) so anything that involves significant downtime is a problem.

As this is our first attempt at setting up a linux box, we are using a "well equipped" desktop grade machine but not what I would call "server grade" hardware. This is a standalone box, not a VPS. We are using a hardware, not software, RAID array and have plenty of memory in the box.

Caveats / Background:

I am relatively new to Linux in general. I spend much more time writing code than managing servers. I'm comfortable with working on the box, but I'm not really a sysadmin guy. I'm comfortable with the command line but have more experience with OS X (BSD). I am unsure of all of the tools / information / Logs that may be available, though I try to be thorough in checking what I do know. I did not physically configure the hardware so I'm not sure of all of the specs but I can get any info I need to troubleshoot. I may be skipping very basic steps or missing obvious places to look for information without knowing it.

A little more detail:

Real memory: 8GB
Ubuntu 10.04.2 LTS
Hardware RAID 10
Managing sites with Webmin version 1.550

Server is in a remote data center. Hands on-troubleshooting is difficult. We have attempted two Linux setups at this point. The first was on a hardware config identical to this one, but with no actual pieces of hardware reused. That attempt was using CentOS and we were attempting to set up CPanel. We scrapped that install because of this same problem (periodic crashing / hanging). The second attempt (this one) is showing the same behavior. The only thing I can really see in common are the hardware configuration (though CentOS & Ubuntu may have more in common than I think).

The box will run fine for hours, days, or even weeks, and then just stop responding entirely. I check all of the logs I know to check (primarily messages, syslog and kern.log) but I don't see anything that seems like an error to me. I do see lines that I don't understand that may or may not be problems, such as:

Code:

rsyslogd: [origin software="rsyslogd" swVersion="4.2.0" x-pid="814" x-info="http://www.rsyslog.com"] rsyslogd was HUPed, type 'lightweight'.

Most of our syslog entries seem to be logs of webmin related cron jobs running. My gut tells me that there is possibly some component in our configuration Linux does not like or needs a driver update (maybe the raid card for example), but I'm unsure of how to do more to track down or determine what that might be. Guess and check is expensive. Another thought I've had is that one or more of the cron jobs that are running are tripping something up, but it doesn't appear to be reproducible on demand and, again, I'm at a loss on how to test that theory any further. The same cron job does not appear to be running each time the server goes down. This is a portion the log just prior to our last hang:

Code:

Aug 8 11:00:01 linhost01 CRON[10771]: (www-data) CMD ([ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null)

[code].....

View 9 Replies View Related

Server :: NameVirtualHost IPaddress:80 Is Getting Defined More Than Once

Feb 10, 2010

Ho do I modify the configuration /etc/httpd/conf.d/turbopanel.conf to remove the extra NameVirtualHost IPaddress:80? When I restart apache I'm getting the following error

[root@ip-208-109-184-220 ~]# apachectl restart
[Wed Feb 10 10:56:38 2010] [warn] NameVirtualHost 208.109.186.16:80 has no Virtu alHosts
[Wed Feb 10 10:56:38 2010] [warn] NameVirtualHost 208.109.186.16:80 has no Virtu alHosts
[Wed Feb 10 10:56:38 2010] [warn] NameVirtualHost 208.109.186.16:80 has no Virtu alHosts

[code]....

View 1 Replies View Related

Server :: Setting Fix IPAddress And Subnet?

Dec 2, 2009

I am new to Ubuntu 9.10. I have installed Ubuntu and it's working fine. I would like to set fix IPAddress and Subnet.

View 1 Replies View Related

Ubuntu Servers :: Run Scripts When Ssh User Logs In?

Nov 6, 2010

I'm a bit of a unix noobie trying to manage a small ubuntu server. I want to run a bash script automatically after an ssh user logs in. For example, after they log in and the default welcome message is displayed, I want to run a script that displays some server statistics since the last session. I made an alias to the script, and I could run it manually after I log in, but it's a bit of a hassle. Is there any way I could do this?

View 2 Replies View Related

Ubuntu Servers :: Remove Some Logs From Messages?

Jan 3, 2011

I have configured my Cisco ASa Firewall to send its logs to my ubuntu server in /var/log/cisco/ I see the logfiles populating in real time, but i can also see all the logs are also wtitten to /var/log/messages. How can i make sure i do not have a log redundancy? I dont want my firewall logs displayed in messages since there are now sent to /var/log/cisco.

View 1 Replies View Related

Ubuntu Servers :: Windows XP Logs On To Samba PDC Instead Of BDC

Feb 3, 2011

I'm running a set of virtual machines (most in ESXi, one in VirtualBox on my desktop) to try and replicate an existing physical network structure with a Samba domain operating across multiple subnets. The layout is:

(ESXi)
* Router - Ubuntu 8.04, running dnsmasq, bridging my 2 virtual subnets (10.10.4.1/24 & 10.10.5.1/24) and my physical network
* PDC - Ubuntu 8.04, configured as a Samba PDC with PAM configured to use LDAP, SMBLDAP etc. on 10.10.4.11
* LDAP - Ubuntu 8.04, running Zimbra 5 mail server, acting as the LDAP backend for Samba on 10.10.4.12
* BDC - Ubuntu 8.04, configured as a Samba BDC with PAM LDAP etc.
* Client1 - Windows XP, joined to domain on 10.10.5.100
(Virtualbox)
* Client2 - Windows XP, joined to domain on 10.10.5.99

Watching /var/log/daemon.log, /var/log/samba/*, smbstatus -bd0 shows that Client1 successfully logs on to the BDC (10.10.5.2) but Client2 logs on to the PDC (10.10.4.11) instead. Both clients have the same subnet, DNS, WINS settings etc. I've seen the issue happen in our physical setup too but very infrequently and usually when there's been a network interruption between the BDC(s) and the LDAP server.

View 1 Replies View Related

Ubuntu Servers :: Cron Is Filling Up Logs?

Sep 1, 2011

I am using my ubuntu server as my home router.Everything is working as expected with one exception.y DSL modem is a POS and every now and again it looses connection to the router. Sometimes it needs to be reset and sometimes it does not.Either way, when this happens my ubuntu server needs to reacquire an IP from my ISP. If it screws up when I'm at home it's no big deal, but if it happens when I'm not around my housemates have taken to hitting the reset switch on the server. I'm not a big fan of this so I wrote a script to ping my ISP's gateway. If it's unavailable it bounces the eth0 interface and tries to get an IP. I am running this script every couple of minutes in a cron job. Now I'm getting syslog entries like

Code:
Aug 9 20:31:01 portal CRON[9602]: (root) CMD (/opt/ChkAndFixNetwork.sh)
every few minutes. This is annoying and makes the logs useless for troubleshooting. I

[code]...

View 1 Replies View Related

Ubuntu Servers :: Not Able To Access Awstats Logs From Web

Sep 1, 2011

We had recently got some problem with our server(local server) and we recently upgraded from Ubuntu server 8.04 to 10.04 and we were not able to access awstats logs from web.So can any one say a method to get back the logs from the server?

View 1 Replies View Related

Ubuntu Servers :: Redirect Logs From Device Out Of /var/log/messages

May 4, 2010

I have configured my Cisco firewall to redirect all its logs to my Ubuntu 9.1 server (no UI.)

Now, my /var/log/messages is getting all the firewall logs + all other logs.

I'm wondering if there is a way to redirect the logs from my Cisco Firewall (coming from UDP port 514) to another file.

View 2 Replies View Related

Ubuntu Servers :: Send System Logs To Another User?

Dec 3, 2010

We have a backup program that works with HP's ultrium tapes that whenever it's failing it's sending an error to the root's system logs. Now if I run mutt as root I can see the system logs and it's very easy to pinpoint any backup error messages.
Is there any way to copy all these system messages to another user as well so that someone with no root access could run mutt as well and check for these logs daily?

View 4 Replies View Related

Ubuntu Servers :: Cups Connection Refused In Samba Logs

Feb 4, 2010

I was just checking some of the generated logs from Samba.

Code:

Quote:

I've looked over my smb.conf and it doesn't look like I even have any printer sharing enabled.

Quote:

How PC1 was refused a connection when it looks like I don't have any printers being shared throught Samba?

This is just on a home LAN.

View 1 Replies View Related

Ubuntu Servers :: Rsyslog & Log All Iptable Logs To Mysql Instead Just A Logfile

Apr 5, 2011

I try to log all my iptable logs to mysql instead just a logfile. The setup is as followed:

[Code].....

[red]Problem[/red] rsyslog logs everything correct, except it does not log to db, it logs to /var/log/messages. As I am brand new to the whole Linux experience, I don't get it. My /etc/rsyslog.conf is setup with $ModLoad onmysql.

View 1 Replies View Related

Ubuntu Servers :: Logwatch Emails Not Sent If Named Logs Are Included?

Jun 15, 2011

I've suddenly stopped getting emails from logwatch which runs on an Ubuntu server daily using cron.After a good day or so of troubleshooting, I was able to establish that it was the 'Service = named' line in my logwatch.conf file, which was stopping the emails from coming through. If I commented out this line, the logwatch emails come through with no issues, uncomment, and I don't get an email. I don't get any error from logwatch itself when I run it, even with '--debug high', leading me to think that my email configuration is setup ok, at least. Furthermore, I tried running logwatch with '--output file --format html' and logwatch produces a valid html file.

I then thought: "Could I have a entry in my Bind/named log files which could be rejected by my ISP's smtp server?". So, (to the best of my knowledge) I cleared out the log files in /var/log that contained messages from named. I then ran logwatch (including the named service in my logwatch.conf file) and I got an email through, with a pretty much empty named section, which is exactly what I anticipated. Great! - it's fixed.

So, the cron.daily ran early this morning, but still no email in my inbox when I got up. I then tried to run 'logwatch --Range today' and lo and behold, I got a logwatch report email, which included a named section, with log entries in there. So it seems that something that's been logged by named overnight to my logfiles (i.e. '--Range yesterday') has caused issues again with logwatch's ability to send reports through my ISP's smtp servers.

View 1 Replies View Related

Ubuntu Servers :: HTTP Response Into Apache Access Logs

Jul 6, 2011

I am new to web server support. I have a request from my management to modify the logging slightly. Effectively I need to redirect a custom string from our http response into the apache access logs. When a user navigates to our site they receive a "dye" number that is associated with them. This number follows them to whatever cluster they are directed too. The string is formatted as such, com-company-dye: d0a2#6dfce. I need that that header dye to appear in the access logs so we can use that dye number as a key for troubleshooting issues though out our various monitoring systems.

View 3 Replies View Related

Fedora Servers :: Syslog Listening On Port 514 For Both Firewall And IDS Logs?

Jan 17, 2010

Currently Im having a syslog server that consolidate firewall logs on port 514 udp. Im also having a IDS device that I wish to push its logs to this particular syslog server so that I can retrieve my IDS logs on this server as well.

Is it possible to do so?Having syslog listening on port 514 for both firewall and IDS logs? If it is possible will the logs be recorded in a single log file?Or will it be recorded in a separate log file ie. firewall.log, IDS.log etc?? I wish to have them in separate individual log files or else there will be hard time segregating the log entries in a single file. Can anyone advice on how to achieve this??

View 2 Replies View Related

Server :: Monitor Server Snmp Read From Logs Parsed Possible?

Jul 21, 2009

I would like to monitor a RedHat via snmp. I would like to make available data via snmp. The data that I would like to graph are only present in logs file. Is it possible to parse data from applicative logs and have them available for my cacti server via snmp? I already monitor CPU, mem, and others with cacti using the standard MIB.What would be the logical step I would need to achieve that?

View 1 Replies View Related

General :: Grep String From Logs Of Last 1 Hour On Files Of 2 Different Servers+calculate Count?

Sep 3, 2010

I am trying to grep a particular string from the files of 2 different servers without copying and calculate the total count of its occurence on both files. File structure is same on both servers and for reference as follows:

Code:

27-Aug-2010 10:04:30,601|919122874903|phtunes_app|1282243292627|NotifySmsReception|DMGenerateLogInterceptor - ExternalTransactionID:SDP-DM-26713018, TransactionStatus:Requested
27-Aug-2010

[code]....

View 6 Replies View Related

Server :: How To Analysis IBM DSA Logs

Oct 24, 2010

I Have RHEL4 running on IBM X3550 server, we request IBM support regarding issues with this server, they will request for IBM DSA logs. The logs are quite extensive and cover almost all server config & can identify hardware issues with drivers...etc. I want to know if there is a way to analysis those logs offline without sending them to IBM support?

View 3 Replies View Related

General :: Q2 Patching Logs Of Particular Server ?

Jun 10, 2011

How to get the Q2 patching logs of particular server (Linux 2.6.9-100.EL)

View 1 Replies View Related

Hardware :: How To Find Logs In Hp-ux Server

Jan 11, 2010

how to find logs in hp-ux server why it get unexpected shut..down is any hardware failure or or its been hard boot

View 3 Replies View Related

Server :: Define How Old Logs Should Rsyslog Keep

Aug 25, 2010

I was wondering how could I specify for how long the logs will be kept. Rsyslog doesn't have such an option (at least I didn't find it).Do I have to use logrotate for this, or is there some other option?

View 1 Replies View Related

Server :: How To Check Logs For Previous Day

Oct 5, 2010

how to check maillogs for previous days. wht is command to check log for yesturday in sendmail8.14 .fedora os i know /var/log/maillog.this gives o/p for today but wht abut yesturday.?

View 10 Replies View Related

Server :: Security Logs With Message ID?

Mar 9, 2011

Iam looking security specific event ID on Linux .hear are thousnds of event ID in Microsoft Windows/XP and VISTA etc. Similar way looking for Linux,unix ,Solaries,AIX etc event ID. I would to correlate and implement with Arcsight.

View 2 Replies View Related

Server :: Unable To See All The Logs Forwarded To Box?

Apr 19, 2011

We are forwarding logs (perl script executed logs) to one Red Hat Linux box. We have to get 97 logs for each time the script runs. But we see inconsistent number of logs coming to Linux box. Like one time we got 56, other time 3 , other time 43.. like this.. We are sure that 97 logs are being forwarded. Checked the Rsyslog.config filer any filters and couldn't see any filter dropping them. When we run the tcpdump, we can see 97 connections, but logs are not there in specified location.

View 1 Replies View Related

Server :: How To Setup Logs In Vsftpd

Oct 20, 2010

how to setup logs in Vsftpd? I have default configuration in CentOS but its not log`ing

View 1 Replies View Related

Ubuntu :: X11vnc Server Logs Out To Login Screen After 1 Minute?

Nov 3, 2010

I have x11vnc server set up on my desktop PC. I can boot the computer and connect at the login screen if I want to. I can login to my computer as usual. But after about 1 minute of logging in, the computer logs off as if pressing Ctrl+Alt+Backspace and returns me to the login screen. This cycle repeats when I login and I have to kill the x11vnc process or remove the command from /etc/gdm/Init/Default.Have tried so many things now but the end result is the same. I have Ubuntu 10.10 fully updated and x11vnc 9.10-1 from the default repos. I am using the following command in the /etc/gdm/Init/Default file:

Code:

/usr/bin/x11vnc -rfbauth ~/.vnc/passwd -rfbport 5901 -display :0 -forever -bg

I don't think it matters now whether I add KillInitClients=false into /etc/gdm/gdm.conf-custom or /etc/gdm/gdm.conf because of the x11vnc version I have. The manual says its not really needed. But I have tried this too with no better luck.The computer will still log me out after about a minute of logging in. It can be between 1 min to 1.5 mins.Running out of ideas and have tried the -noxfixes and -reopen commands.

Why does x11vnc crash out (or it may be gdm or x server?) after about a minute of logging in? If I am currently viewing my desktop through VNC viewer on another computer, it will still crash out after 1 min of log in, and lose the connection. I can reconnect through VNC again but I have to log back in to the remote computer and it will just log out after another minute.At last, in 2 days I have finally solved it. As simple as creating my own version. The x11vnc 9.10-1 version my default Ubuntu 10.10 repos is buggy. Here's my fix (I used this site):

1. Downloaded latest x11vnc dev build from above site (x11vnc-0.9.13-dev.tar.gz at time of posting)
2. Extract it
3. Open Terminal > sudo -s > enter admin password
4. cd LocationOfExtracted folder

[code]...

View 9 Replies View Related

Server :: Connecting To Sshd On Ubuntu 9.10. Logs Point To SELinux ?

Feb 14, 2011

I'm trying to ssh into my Ubuntu box, but the connection is getting denied.

When I look at /var/log/auth.log, I see the following:

Code:

I googled for this, and ran across the following: [url]

Here's the part that I think relates to the problem that I'm having:

Quote:

It's not clear from context which configuration file needs to be edited, and I'm not at all familiar with SELinux configuration.

View 3 Replies View Related

Networking :: Ping The Ipaddress (192.168.1.230,192.168.1.1,192.168.2.1,192.168.2.1 57)?

Dec 15, 2010

I have a router which have 4 ethernet ports(eth0,eth1,eth2,eth3,eth4 ) & One ADSL Line & One USB, I need to configure My router eth3 as a WAN & eth0 as a LAN ... using iperf , I am going to findout test a my Application(using iptables) whether my application is correct or wrong ...As of now I configured like server pc1(192.168.1.230)--->eth0(gw)(192.168.1.1)Router--eth3(gw)(192.168.2.1) -->pc2(192.168.2.157)...For eth3 as a WAN and eth0 as a LAN.... But I am not able to ping between two pc's..From router I can able to ping This ipaddress (192.168.1.230,192.168.1.1,192.168.2.1,192.168.2.1 57)

View 2 Replies View Related

General :: Collect All Logs Of Unix Server?

Dec 26, 2010

I am installing RHEL 5.5 to be a syslog server to collects logs from servers (HP-UX, Linux, Windows and Cisco Network Devices). and i can now collect logs from my windows PC on syslog linux server by using Datagram SyslogAgent software. can collect logs from HP-UX 11.23 server. and i configuring the Unix server as in the steps below:

1. Log in as root

2. Go to /etc/syslog.conf

3. Add a line: *.*<tab>@<Sentinel Server IP Address>

*.* @10.15.1.5

4. Save and Close

# netstat -na | grep 514

tcp 0 0 *.514 *.* LISTEN
udp 0 0 *.514 *.*

[code]....

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved