5
57chevy
Guest
Using 7.5 reloaded and slowly going batty...
Original or early on the logwatch logs sent to root would show something like:
################### LogWatch 5.1 (02/03/04) ####################
Processing Initiated: Fri Jun 3 04:02:05 2005
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host: server.xxxx.com
################################################################
--------------------- httpd Begin ------------------------
A total of 7 sites probed the server
81.242.205.98
61.52.221.60
218.22.184.6
81.240.132.4
200.61.171.121
222.32.120.157
201.23.132.234
A total of 2 unidentified 'other' records logged
SEARCH
/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x
<snip>
---------
Then for no apparent reason the "httpd Begin" section of the logs stopped being sent.
Following a discussion on the output level of Logwatch here in the forums, we tweaked ours using the logwatch conf. to a output level of 10, the "probed the server" info didn't return as we had hoped, but logs still had useable info which did now include chron info as being processed.
Within a week or two the logwatch logs lost yet another section of the logs from the output being sent by the logwatch -example below even with the output level at "10".
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (59-120-105-100.hinet-ip.hinet.net): 24 Time(s)
Invalid Users:
Unknown Account: 2659 Time(s)
Unknown Entries:
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=159-121-60-69.serverpronto.com : 2659 Time(s)
<snip>
----------
Lastly as of a few day ago, the logs have now lost this section of the output as well:
----------
Illegal users from these:
Academics/none from ::ffff:203.215.77.48: 1 Time(s)
Academics/password from ::ffff:203.215.77.48: 1 Time(s)
adam/none from ::ffff:203.215.77.48: 1 Time(s)
adam/password from ::ffff:203.215.77.48: 1 Time(s)
<snip>
----------
Contacting the network guys who configured the server for us when each log output had changed, resulted in no answer other than "have you tried the Plesk support forums?"
So in desperation we are looking for answers here! Can anyone offer suggestions on how to get these log entries/items back? Or maybe more importantly how or why they are being removed from the logwatch output???
Any and all help most appreciated!
57chevy
Original or early on the logwatch logs sent to root would show something like:
################### LogWatch 5.1 (02/03/04) ####################
Processing Initiated: Fri Jun 3 04:02:05 2005
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host: server.xxxx.com
################################################################
--------------------- httpd Begin ------------------------
A total of 7 sites probed the server
81.242.205.98
61.52.221.60
218.22.184.6
81.240.132.4
200.61.171.121
222.32.120.157
201.23.132.234
A total of 2 unidentified 'other' records logged
SEARCH
/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x
<snip>
---------
Then for no apparent reason the "httpd Begin" section of the logs stopped being sent.
Following a discussion on the output level of Logwatch here in the forums, we tweaked ours using the logwatch conf. to a output level of 10, the "probed the server" info didn't return as we had hoped, but logs still had useable info which did now include chron info as being processed.
Within a week or two the logwatch logs lost yet another section of the logs from the output being sent by the logwatch -example below even with the output level at "10".
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (59-120-105-100.hinet-ip.hinet.net): 24 Time(s)
Invalid Users:
Unknown Account: 2659 Time(s)
Unknown Entries:
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=159-121-60-69.serverpronto.com : 2659 Time(s)
<snip>
----------
Lastly as of a few day ago, the logs have now lost this section of the output as well:
----------
Illegal users from these:
Academics/none from ::ffff:203.215.77.48: 1 Time(s)
Academics/password from ::ffff:203.215.77.48: 1 Time(s)
adam/none from ::ffff:203.215.77.48: 1 Time(s)
adam/password from ::ffff:203.215.77.48: 1 Time(s)
<snip>
----------
Contacting the network guys who configured the server for us when each log output had changed, resulted in no answer other than "have you tried the Plesk support forums?"
So in desperation we are looking for answers here! Can anyone offer suggestions on how to get these log entries/items back? Or maybe more importantly how or why they are being removed from the logwatch output???
Any and all help most appreciated!
57chevy