[TriLUG] Stupid Questions, maybe

Brian Henning brian at strutmasters.com
Tue Nov 2 08:37:25 EST 2004


Hey Guys,
  At risk of sounding infantile..  I've got some questions about messages 
I'm seeing in my logwatch.

1) First of all, whenever I make much use of phpmyadmin from my workstation 
(which runs XP), logwatch gets stuffed with bunches of messages under the 
heading of "A total of XX sites probed the server."  The line after the 
heading lists the culprit IP, which is my workstation, and then the list of 
requests, all of which are phpmyadmin requests.  Why are these showing up as 
probes?  Here's an excerpt:

A total of 1 sites probed the server
  192.168.1.33

!!!! 41 possible successful probes
 /phpmyadmin/sql.php?lang=en-iso-8859-1&server=1&db=[chomp]&table=[chomp]&goto=tbl_properties_structure.php&back=tbl_properties_structure.php&sql_query=SELECT+%2A+FROM+%60[chomp]%60&pos=0HTTP Response 200 /phpmyadmin/images/arrow_ltr.gif HTTP Response 304(The [chomp]s are just to hide things like table names from the publichere)..  At any rate, this is just a browser (IE) accessing a web page, justlike normal..  None of my other pages seem to generate these messages; onlyphpmyadmin.  So far, googling this only retrieves a previous post to thislist by me about this, which was never followed up.2)  Dovecot seems to enjoy littering the logs withdovecot-auth: pam_succeed_if: requirement "uid < 100" not met by user"[chomp]"This doesn't sound like a problem, just a normal part of the authenticationprocess (or is it?).  Thing is, none of my dovecot users are going to haveuids < 500, and I know this, so I really don't know why I need to see thesezillion messages (one for each user, !
 every 5 minutes each time their MUAscheck the mail...).  For this one, I only care to suppress this particularmessage.  Is there a verbosity level for dovecot, or maybe a filter I canput in place for Logwatch?Thanks a lot guys!Cheers,~Brian----------------Brian A. HenningStrutmasters.com866.597.2397----------------




More information about the TriLUG mailing list