1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice

Logwatch info slowly disappearing...

Discussion in 'Plesk for Linux - 8.x and Older' started by 57chevy, Aug 2, 2005.

  1. 57chevy

    57chevy Guest

    0
     
    Using 7.5 reloaded and slowly going batty...

    Original or early on the logwatch logs sent to root would show something like:

    ################### LogWatch 5.1 (02/03/04) ####################
    Processing Initiated: Fri Jun 3 04:02:05 2005
    Date Range Processed: yesterday
    Detail Level of Output: 0
    Logfiles for Host: server.xxxx.com
    ################################################################

    --------------------- httpd Begin ------------------------

    A total of 7 sites probed the server
    81.242.205.98
    61.52.221.60
    218.22.184.6
    81.240.132.4
    200.61.171.121
    222.32.120.157
    201.23.132.234

    A total of 2 unidentified 'other' records logged
    SEARCH
    /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x
    <snip>
    ---------

    Then for no apparent reason the "httpd Begin" section of the logs stopped being sent.

    Following a discussion on the output level of Logwatch here in the forums, we tweaked ours using the logwatch conf. to a output level of 10, the "probed the server" info didn't return as we had hoped, but logs still had useable info which did now include chron info as being processed.

    Within a week or two the logwatch logs lost yet another section of the logs from the output being sent by the logwatch -example below even with the output level at "10".

    --------------------- pam_unix Begin ------------------------

    sshd:
    Authentication Failures:
    root (59-120-105-100.hinet-ip.hinet.net): 24 Time(s)
    Invalid Users:
    Unknown Account: 2659 Time(s)
    Unknown Entries:
    authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=159-121-60-69.serverpronto.com : 2659 Time(s)
    <snip>
    ----------

    Lastly as of a few day ago, the logs have now lost this section of the output as well:
    ----------
    Illegal users from these:
    Academics/none from ::ffff:203.215.77.48: 1 Time(s)
    Academics/password from ::ffff:203.215.77.48: 1 Time(s)
    adam/none from ::ffff:203.215.77.48: 1 Time(s)
    adam/password from ::ffff:203.215.77.48: 1 Time(s)
    <snip>
    ----------
    Contacting the network guys who configured the server for us when each log output had changed, resulted in no answer other than "have you tried the Plesk support forums?"

    So in desperation we are looking for answers here! Can anyone offer suggestions on how to get these log entries/items back? Or maybe more importantly how or why they are being removed from the logwatch output???

    Any and all help most appreciated!
    57chevy
     
  2. hardweb

    hardweb Guest

    0
     
    First question, does your logging facility work?
     
  3. 57chevy

    57chevy Guest

    0
     
    Thanks for responding!

    Yes, near as we can tell all logging options are functional. Accessing the raw logs outside or inside the plesk control panel appear to be as they always have.

    Is there another method to determine what all is actually being logged?

    Thanks again for your assistance.
    57chevy
     
Loading...