• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Logwatch info slowly disappearing...

5

57chevy

Guest
Using 7.5 reloaded and slowly going batty...

Original or early on the logwatch logs sent to root would show something like:

################### LogWatch 5.1 (02/03/04) ####################
Processing Initiated: Fri Jun 3 04:02:05 2005
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host: server.xxxx.com
################################################################

--------------------- httpd Begin ------------------------

A total of 7 sites probed the server
81.242.205.98
61.52.221.60
218.22.184.6
81.240.132.4
200.61.171.121
222.32.120.157
201.23.132.234

A total of 2 unidentified 'other' records logged
SEARCH
/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x
<snip>
---------

Then for no apparent reason the "httpd Begin" section of the logs stopped being sent.

Following a discussion on the output level of Logwatch here in the forums, we tweaked ours using the logwatch conf. to a output level of 10, the "probed the server" info didn't return as we had hoped, but logs still had useable info which did now include chron info as being processed.

Within a week or two the logwatch logs lost yet another section of the logs from the output being sent by the logwatch -example below even with the output level at "10".

--------------------- pam_unix Begin ------------------------

sshd:
Authentication Failures:
root (59-120-105-100.hinet-ip.hinet.net): 24 Time(s)
Invalid Users:
Unknown Account: 2659 Time(s)
Unknown Entries:
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=159-121-60-69.serverpronto.com : 2659 Time(s)
<snip>
----------

Lastly as of a few day ago, the logs have now lost this section of the output as well:
----------
Illegal users from these:
Academics/none from ::ffff:203.215.77.48: 1 Time(s)
Academics/password from ::ffff:203.215.77.48: 1 Time(s)
adam/none from ::ffff:203.215.77.48: 1 Time(s)
adam/password from ::ffff:203.215.77.48: 1 Time(s)
<snip>
----------
Contacting the network guys who configured the server for us when each log output had changed, resulted in no answer other than "have you tried the Plesk support forums?"

So in desperation we are looking for answers here! Can anyone offer suggestions on how to get these log entries/items back? Or maybe more importantly how or why they are being removed from the logwatch output???

Any and all help most appreciated!
57chevy
 
Thanks for responding!

Yes, near as we can tell all logging options are functional. Accessing the raw logs outside or inside the plesk control panel appear to be as they always have.

Is there another method to determine what all is actually being logged?

Thanks again for your assistance.
57chevy
 
Back
Top