The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Log Watch

Discussion in 'General Discussion' started by WebNET, Sep 9, 2003.

  1. WebNET

    WebNET Active Member

    Joined:
    Jul 21, 2003
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA Brooklyn NYC
    Hi all,

    Just wanna know, do you people get LOG WATCH sent to you? Also, in there, are there probes and connections trying to hit up your box like crazy?
    This stuff is making me go bananaz. So many hits, but TG they get dropped.

    135 (THE MOST HITS)
    139
    445
    1434
    17300
    27374...
    there are so many ports I just can't write them here..

    Thanks,
    David K.

    cPanel.net Support Ticket Number:
     
  2. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    log watch is kind of annoying. it would make more sense to firewall all of the ports you don't use and turn log watch off.

    cPanel.net Support Ticket Number:
     
  3. cortices

    cortices Well-Known Member

    Joined:
    Mar 10, 2003
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Dallas, TX
    I would definately NOT suggest turning logwatch off as it tends to provide valuable information you may not otherwise notice.

    You can configure logwatch to turn off notices for certain files and/or services. You can also change the level of details it collects.

    Just browse through /etc/log.d/.

    At any rate, logwatch is just reporting to you what's already in your logs. Logwatch is not what's putting it there. Likely it is either PortSentry or an installed software firewall that is doing it.

    cPanel.net Support Ticket Number:
     
  4. projectandrew

    projectandrew Well-Known Member

    Joined:
    Aug 27, 2003
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Also make sure you are running the latest version from logwatch.org....

    cPanel.net Support Ticket Number:
     
    #4 projectandrew, Sep 10, 2003
    Last edited: May 20, 2004
  5. WebNET

    WebNET Active Member

    Joined:
    Jul 21, 2003
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA Brooklyn NYC
    yeah, I have APF installed, and damn it's doing a GREAT job of DROPPIN those damn evil doers.

    Might try portsentry also. Yes, i'm gonna update LogWatch. Just updated the kernel last night and also the BIND this morning.

    Do any of you guys use AutoRPM? Do you recommend?

    Thanks,
    David K.

    cPanel.net Support Ticket Number:
     
    #5 WebNET, Sep 10, 2003
    Last edited: Sep 10, 2003
Loading...

Share This Page