Logcheck

To: debian-user@lists.debian.org (Debian List)
Subject: Logcheck
From: Christopher Clark <chris@maltwhiskey.demon.co.uk>
Date: Fri, 27 Oct 2000 13:57:58 +0000
Message-id: <200010271357.NAA00559@hurricane.warplane>

In addition to a firewall (pmfirewall) and portsentry I now have
logckeck running. Unfortunately I get a lot of mail saying I am under attack 
when I am sure I am not.  I can't figure out what it is objecting to and so 
put it in the ignore file.  Her are a few snippets:

Oct 27 06:12:45 defiant -- MARK --
Oct 27 06:32:45 defiant -- MARK --
Oct 27 06:52:45 defiant -- MARK --
Oct 27 06:02:03 defiant sendmail[31020]: GAA31020: from=root, size=2439, 
class=0, pri=32439, nrcpts=1, msgid=<200010270602.GAA31020@defiant.warplane>, 
relay=root@localhost
Oct 27 06:02:03 defiant sendmail[31023]: GAA31020: to=chris, ctladdr=root 
(0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Sent

and

Oct 27 07:12:45 defiant -- MARK --
Oct 27 07:32:45 defiant -- MARK --
Oct 27 07:35:21 defiant pppd[31142]: pppd 2.3.11 started by root, uid 0
Oct 27 07:35:22 defiant chat[31144]: abort on (BUSY)
Oct 27 07:35:22 defiant chat[31144]: abort on (NO CARRIER)
Oct 27 07:35:22 defiant chat[31144]: abort on (VOICE)
Oct 27 07:35:22 defiant chat[31144]: abort on (NO DIALTONE)

and

Oct 27 08:12:45 defiant -- MARK --
Oct 27 08:32:45 defiant -- MARK --
Oct 27 08:52:45 defiant -- MARK --
Oct 27 08:02:05 defiant sendmail[31463]: IAA31463: from=root, size=32672, 
class=0, pri=62672, nrcpts=1, msgid=<200010270802.IAA31463@defiant.warplane>, 
relay=root@localhost
Oct 27 08:02:05 defiant sendmail[31466]: IAA31463: to=chris, ctladdr=root 
(0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Sent
Oct 27 08:08:55 defiant in.rlogind[31468]: connect from 192.168.200.30
Oct 27 08:19:03 defiant named[160]: Cleaned cache of 32 RRsets
Oct 27 08:19:03 defiant named[160]: USAGE 972634743 971683999 CPU=2.44u/1.09s 
CHILDCPU=0u/0s
Oct 27 08:19:03 defiant named[160]: NSTATS 972634743 971683999 A=2895 SOA=106 
PTR=279 MX=860 SRV=3 AXFR=2 ANY=717
Oct 27 08:19:03 defiant named[160]: XSTATS 972634743 971683999 RR=624 RNXD=13 
RFwdR=380 RDupR=3 RFail=0 RFErr=0 RErr=0 RAXFR=2 RLame=0 ROpts=0 SSysQ=339 
SAns=4379 SFwdQ=498 SDupQ=8784 SErr=229 RQ=4862 RIQ=0 RFwdQ=0 RDupQ=0 RTCP=4 
SFwdR=380 SFail=0 SFErr=0 SNaAns=1896 SNXD=49

Any pointers would be appreciated.
regards Chris

Reply to:

Follow-Ups:
- Re: Logcheck
  - From: Dave Sherohman <esper@sherohman.org>

Prev by Date: How to install php4-mysql prepared with apt-get?
Next by Date: Re: How to install php4-mysql prepared with apt-get?
Previous by thread: Re: How to install php4-mysql prepared with apt-get?
Next by thread: Re: Logcheck
Index(es):
- Date
- Thread