Thursday, October 27, 2005

Logwatch - Lets you keep an eye on your server security logs.

If you have a web server with Linux operating system, you have logwatch installed but unless you know what you are doing, you have probably never cared enough to learn about logwatch. I will guide you about logwatch in this post.



Logwatch notifies you with log summaries



--------------------- pam_unix Begin ------------------------

su:
Authentication Failures:
admin(500) -> root: 1 Time(s)

passwd:
Unknown Entries:
password changed for root: 2 Time(s)
password changed for admin: 1 Time(s)

sshd:
Unknown Entries:
1 more authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=isp.isp.ip.isp.isp : 1 Time(s)
2 more authentication failures; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=isp.isp user=
root: 1 Time(s)
1 more authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=isp.isp.ip.isp.isp user=root:
2 Time(s)
Invalid Users:
Unknown Account: 2 Time(s)
Authentication Failures:
root (isp.isp.ip.isp.isp ): 6 Time(s)
unknown (isp.isp.ip.isp.isp ): 1 Time(s)
root (isp.isp ): 1 Time(s)

login:
Sessions Opened:
admin: 1 Time(s)
root: 3 Time(s)
Authentication Failures:
root ( ): 2 Time(s)
admin ( ): 1 Time(s)


---------------------- pam_unix End -------------------------


--------------------- SSHD Begin ------------------------


SSHD Killed: 8 Time(s)

SSHD Started: 7 Time(s)

Failed logins from these:
root/password from isp.isp: 1 Time(s)
root/password from isp.isp: 8 Time(s)
whoot/password from isp.isp: 2 Time(s)

Users logging in through sshd:
root logged in from isp.isp (isp.isp) using password: 2 Time(s)
root logged in from isp.isp.ip.isp.isp (isp.isp) using password: 6 Time(s)

**Unmatched Entries**
Illegal user whoot from isp.isp
Illegal user whoot from isp.isp
RSA1 key generation succeeded
RSA key generation succeeded
DSA key generation succeeded

---------------------- SSHD End -------------------------



------------------ Disk Space --------------------

Filesystem Size Used Avail Use% Mounted on
.....


###################### LogWatch End #########################

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home