FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 12-24-2011, 11:50 AM
Timothy Murphy
 
Default Understanding logwatch

I skip through logwatch on a couple of machines each day,
to see if any disasters have occurred.
But I don't really understand many of the entries,
or rather their significance.

Eg today:
--------------------- iptables firewall Begin ------------------------

Dropped 6 packets on interface eth0
From 87.230.101.22 - 1 packet to tcp(25)
From 124.229.7.16 - 3 packets to tcp(25)
From 190.2.0.221 - 2 packets to tcp(25)

---------------------- iptables firewall End -------------------------

So should I ignore these strange people?

And
--------------------- samba Begin ------------------------

**Unmatched Entries**
nmbd/nmbd_incomingrequests.crocess_name_refresh_reque st(173)
Error - should be sent to WINS server : 564 Time(s)

---------------------- samba End -------------------------

What is an "unmatched entry?

I guess I'm looking for a beginners' guide on
"Logwatch entries and what to do about them"?


--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 12-24-2011, 01:42 PM
Tim
 
Default Understanding logwatch

On Sat, 2011-12-24 at 12:50 +0000, Timothy Murphy wrote:
> --------------------- iptables firewall Begin ------------------------
>
> Dropped 6 packets on interface eth0
> From 87.230.101.22 - 1 packet to tcp(25)
> From 124.229.7.16 - 3 packets to tcp(25)
> From 190.2.0.221 - 2 packets to tcp(25)
>
> ---------------------- iptables firewall End -------------------------
>
> So should I ignore these strange people?

Well, your computer ignored them...

Do you run a mail server that can accept outside connections? If not,
it doesn't matter. If so, check you have it configured properly, so you
can't be used to send spam through.


> And
> --------------------- samba Begin ------------------------
>
> **Unmatched Entries**
> nmbd/nmbd_incomingrequests.crocess_name_refresh_reque st(173)
> Error - should be sent to WINS server : 564 Time(s)
>
> ---------------------- samba End -------------------------
>
> What is an "unmatched entry?

An educated guess suggests that the log doesn't match any previously set
conditions, so it's not being logged for a specific reason.

The error tells you that something is trying to ask it to identify a
network name, but a WINS server should have been queried, instead.

I'd wonder if somewhere, something's erroneously configured on another
computer, saying you're the WINS server. Or, you've erroneously
announced to the LAN that you are it, when you're not. It's a heck of a
long time since I messed with Samba, so check your configs and manuals.


--
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 12-24-2011, 02:50 PM
JB
 
Default Understanding logwatch

Tim <ignored_mailbox <at> yahoo.com.au> writes:

> ...
> > **Unmatched Entries**
> > nmbd/nmbd_incomingrequests.crocess_name_refresh_reque st(173)
> > Error - should be sent to WINS server : 564 Time(s)
> ...
> The error tells you that something is trying to ask it to identify a
> network name, but a WINS server should have been queried, instead.
> ...

Explanation here as well.
http://www.justlinux.com/forum/archive/index.php/t-43676.html

JB




--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 12-26-2011, 12:10 PM
Timothy Murphy
 
Default Understanding logwatch

Tim wrote:

>> --------------------- iptables firewall Begin ------------------------
>>
>> Dropped 6 packets on interface eth0
>> From 87.230.101.22 - 1 packet to tcp(25)
>> From 124.229.7.16 - 3 packets to tcp(25)
>> From 190.2.0.221 - 2 packets to tcp(25)
>>
>> ---------------------- iptables firewall End -------------------------
>>
>> So should I ignore these strange people?
>
> Well, your computer ignored them...
>
> Do you run a mail server that can accept outside connections? If not,
> it doesn't matter. If so, check you have it configured properly, so you
> can't be used to send spam through.

Thanks for your response.
I don't run a mail server, so I guess I can sleep soundly.

>> --------------------- samba Begin ------------------------
>>
>> **Unmatched Entries**
>> nmbd/nmbd_incomingrequests.crocess_name_refresh_reque st(173)
>> Error - should be sent to WINS server : 564 Time(s)
>>
>> ---------------------- samba End -------------------------
>>
>> What is an "unmatched entry?
>
> An educated guess suggests that the log doesn't match any previously set
> conditions, so it's not being logged for a specific reason.
>
> The error tells you that something is trying to ask it to identify a
> network name, but a WINS server should have been queried, instead.
>
> I'd wonder if somewhere, something's erroneously configured on another
> computer, saying you're the WINS server. Or, you've erroneously
> announced to the LAN that you are it, when you're not. It's a heck of a
> long time since I messed with Samba, so check your configs and manuals.

Thanks again.
I'm not actually using samba at the moment,
but I did some time ago.
I guess I left something mis-configured.
I'll turn of samba until I need it ...

--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 11:55 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org