[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Where can I find more about these log reports
- Subject: Re: [cobalt-users] Where can I find more about these log reports
- From: flash22@xxxxxxx
- Date: Wed Oct 31 04:33:54 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Wed, 31 Oct 2001, Render-Vue wrote:
> Have logcheck running and the following came up this morning...
>
> Oct 30 14:01:40 ns PAM_pwdb[4984]: check pass; user unknown
> Oct 30 14:01:53 ns PAM_pwdb[6065]: check pass; user unknown
> Oct 30 14:01:59 ns PAM_pwdb[6066]: check pass; user unknown
> Oct 30 14:02:07 ns PAM_pwdb[6090]: check pass; user unknown
> Oct 30 14:02:31 ns PAM_pwdb[5832]: check pass; user unknown
> Oct 30 14:03:20 ns PAM_pwdb[4658]: check pass; user unknown
> Oct 30 14:03:33 ns PAM_pwdb[4549]: check pass; user unknown
>
> The FTP activities are logged also but nothing else in all the logs shown
> any more details where can I find or how can I find out where this user is
> coming from? Could it be somone at the collocation?
Look in var/log/secure, or maillog, i have has several attacks against
qpopper followed by relay attempts lately, the spammers have noticed that
little bug i guess...
(grep for the time stamp, usually works well)
eg grep "Oct 30 14:0" /var/log/* |less
sadly, the log files are all in slightly different formats, also , check
web logs if you have auth pages those will generate login errors also,
sometimes a lot as the browsers retry. adm_error as well
gsh