[TriLUG] Stupid Questions, maybe
Brian Henning
brian at strutmasters.com
Tue Nov 2 08:37:25 EST 2004
Hey Guys,
At risk of sounding infantile.. I've got some questions about messages
I'm seeing in my logwatch.
1) First of all, whenever I make much use of phpmyadmin from my workstation
(which runs XP), logwatch gets stuffed with bunches of messages under the
heading of "A total of XX sites probed the server." The line after the
heading lists the culprit IP, which is my workstation, and then the list of
requests, all of which are phpmyadmin requests. Why are these showing up as
probes? Here's an excerpt:
A total of 1 sites probed the server
192.168.1.33
!!!! 41 possible successful probes
/phpmyadmin/sql.php?lang=en-iso-8859-1&server=1&db=[chomp]&table=[chomp]&goto=tbl_properties_structure.php&back=tbl_properties_structure.php&sql_query=SELECT+%2A+FROM+%60[chomp]%60&pos=0HTTP Response 200 /phpmyadmin/images/arrow_ltr.gif HTTP Response 304(The [chomp]s are just to hide things like table names from the publichere).. At any rate, this is just a browser (IE) accessing a web page, justlike normal.. None of my other pages seem to generate these messages; onlyphpmyadmin. So far, googling this only retrieves a previous post to thislist by me about this, which was never followed up.2) Dovecot seems to enjoy littering the logs withdovecot-auth: pam_succeed_if: requirement "uid < 100" not met by user"[chomp]"This doesn't sound like a problem, just a normal part of the authenticationprocess (or is it?). Thing is, none of my dovecot users are going to haveuids < 500, and I know this, so I really don't know why I need to see thesezillion messages (one for each user, !
every 5 minutes each time their MUAscheck the mail...). For this one, I only care to suppress this particularmessage. Is there a verbosity level for dovecot, or maybe a filter I canput in place for Logwatch?Thanks a lot guys!Cheers,~Brian----------------Brian A. HenningStrutmasters.com866.597.2397----------------
More information about the TriLUG
mailing list