Logwatch - Lets you keep an eye on your server security logs.
If you have a web server with Linux operating system, you have logwatch installed but unless you know what you are doing, you have probably never cared enough to learn about logwatch. I will guide you about logwatch in this post.
Logwatch notifies you with log summaries
--------------------- pam_unix Begin ------------------------
su:
Authentication Failures:
admin(500) -> root: 1 Time(s)
passwd:
Unknown Entries:
password changed for root: 2 Time(s)
password changed for admin: 1 Time(s)
sshd:
Unknown Entries:
1 more authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=isp.isp.ip.isp.isp : 1 Time(s)
2 more authentication failures; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=isp.isp user=
root: 1 Time(s)
1 more authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=isp.isp.ip.isp.isp user=root:
2 Time(s)
Invalid Users:
Unknown Account: 2 Time(s)
Authentication Failures:
root (isp.isp.ip.isp.isp ): 6 Time(s)
unknown (isp.isp.ip.isp.isp ): 1 Time(s)
root (isp.isp ): 1 Time(s)
login:
Sessions Opened:
admin: 1 Time(s)
root: 3 Time(s)
Authentication Failures:
root ( ): 2 Time(s)
admin ( ): 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- SSHD Begin ------------------------
SSHD Killed: 8 Time(s)
SSHD Started: 7 Time(s)
Failed logins from these:
root/password from isp.isp: 1 Time(s)
root/password from isp.isp: 8 Time(s)
whoot/password from isp.isp: 2 Time(s)
Users logging in through sshd:
root logged in from isp.isp (isp.isp) using password: 2 Time(s)
root logged in from isp.isp.ip.isp.isp (isp.isp) using password: 6 Time(s)
**Unmatched Entries**
Illegal user whoot from isp.isp
Illegal user whoot from isp.isp
RSA1 key generation succeeded
RSA key generation succeeded
DSA key generation succeeded
---------------------- SSHD End -------------------------
------------------ Disk Space --------------------
Filesystem Size Used Avail Use% Mounted on
.....
###################### LogWatch End #########################
by Frank @ 5:49 PM
0 comments
0 Comments:
Post a Comment
<< Home