Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora User (http://www.linux-archive.org/fedora-user/)
-   -   Understanding logwatch (http://www.linux-archive.org/fedora-user/613568-understanding-logwatch.html)

Timothy Murphy 12-24-2011 11:50 AM

Understanding logwatch
 
I skip through logwatch on a couple of machines each day,
to see if any disasters have occurred.
But I don't really understand many of the entries,
or rather their significance.

Eg today:
--------------------- iptables firewall Begin ------------------------

Dropped 6 packets on interface eth0
From 87.230.101.22 - 1 packet to tcp(25)
From 124.229.7.16 - 3 packets to tcp(25)
From 190.2.0.221 - 2 packets to tcp(25)

---------------------- iptables firewall End -------------------------

So should I ignore these strange people?

And
--------------------- samba Begin ------------------------

**Unmatched Entries**
nmbd/nmbd_incomingrequests.c:process_name_refresh_reque st(173)
Error - should be sent to WINS server : 564 Time(s)

---------------------- samba End -------------------------

What is an "unmatched entry?

I guess I'm looking for a beginners' guide on
"Logwatch entries and what to do about them"?


--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Tim 12-24-2011 01:42 PM

Understanding logwatch
 
On Sat, 2011-12-24 at 12:50 +0000, Timothy Murphy wrote:
> --------------------- iptables firewall Begin ------------------------
>
> Dropped 6 packets on interface eth0
> From 87.230.101.22 - 1 packet to tcp(25)
> From 124.229.7.16 - 3 packets to tcp(25)
> From 190.2.0.221 - 2 packets to tcp(25)
>
> ---------------------- iptables firewall End -------------------------
>
> So should I ignore these strange people?

Well, your computer ignored them...

Do you run a mail server that can accept outside connections? If not,
it doesn't matter. If so, check you have it configured properly, so you
can't be used to send spam through.


> And
> --------------------- samba Begin ------------------------
>
> **Unmatched Entries**
> nmbd/nmbd_incomingrequests.c:process_name_refresh_reque st(173)
> Error - should be sent to WINS server : 564 Time(s)
>
> ---------------------- samba End -------------------------
>
> What is an "unmatched entry?

An educated guess suggests that the log doesn't match any previously set
conditions, so it's not being logged for a specific reason.

The error tells you that something is trying to ask it to identify a
network name, but a WINS server should have been queried, instead.

I'd wonder if somewhere, something's erroneously configured on another
computer, saying you're the WINS server. Or, you've erroneously
announced to the LAN that you are it, when you're not. It's a heck of a
long time since I messed with Samba, so check your configs and manuals.


--
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

JB 12-24-2011 02:50 PM

Understanding logwatch
 
Tim <ignored_mailbox <at> yahoo.com.au> writes:

> ...
> > **Unmatched Entries**
> > nmbd/nmbd_incomingrequests.c:process_name_refresh_reque st(173)
> > Error - should be sent to WINS server : 564 Time(s)
> ...
> The error tells you that something is trying to ask it to identify a
> network name, but a WINS server should have been queried, instead.
> ...

Explanation here as well.
http://www.justlinux.com/forum/archive/index.php/t-43676.html

JB




--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Timothy Murphy 12-26-2011 12:10 PM

Understanding logwatch
 
Tim wrote:

>> --------------------- iptables firewall Begin ------------------------
>>
>> Dropped 6 packets on interface eth0
>> From 87.230.101.22 - 1 packet to tcp(25)
>> From 124.229.7.16 - 3 packets to tcp(25)
>> From 190.2.0.221 - 2 packets to tcp(25)
>>
>> ---------------------- iptables firewall End -------------------------
>>
>> So should I ignore these strange people?
>
> Well, your computer ignored them...
>
> Do you run a mail server that can accept outside connections? If not,
> it doesn't matter. If so, check you have it configured properly, so you
> can't be used to send spam through.

Thanks for your response.
I don't run a mail server, so I guess I can sleep soundly.

>> --------------------- samba Begin ------------------------
>>
>> **Unmatched Entries**
>> nmbd/nmbd_incomingrequests.c:process_name_refresh_reque st(173)
>> Error - should be sent to WINS server : 564 Time(s)
>>
>> ---------------------- samba End -------------------------
>>
>> What is an "unmatched entry?
>
> An educated guess suggests that the log doesn't match any previously set
> conditions, so it's not being logged for a specific reason.
>
> The error tells you that something is trying to ask it to identify a
> network name, but a WINS server should have been queried, instead.
>
> I'd wonder if somewhere, something's erroneously configured on another
> computer, saying you're the WINS server. Or, you've erroneously
> announced to the LAN that you are it, when you're not. It's a heck of a
> long time since I messed with Samba, so check your configs and manuals.

Thanks again.
I'm not actually using samba at the moment,
but I did some time ago.
I guess I left something mis-configured.
I'll turn of samba until I need it ...

--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org


All times are GMT. The time now is 03:54 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.