I'm running out of disk space on /var and it seem /var/cache/logwatch has almost 4GB of space. Can I remove everything inside and uninstall logwatch? How do I remove logwatch from the system and any affect of the system functionality.
ive got a site which auto creates subdomains and installs a script automaticly and inserts details into a mysql db. i have had some issues recent so have loads (talking 100s) of folders that are empty which i need to remove, and to remove the details of said folder from db also. any ideas how i can do this, using plesk control panel so removing the subdomain via plesk cli may be the best way in that respect but the db is external to plesk so that would not be edited
A total of 1 unidentified 'other' records logged GET /w00tw00t.at.ISC.SANS.DFind HTTP/1.1 with response code(s) 6 400 responses
--------------------- Named Begin ------------------------
**Unmatched Entries** client 209.200.168.66 bad zone transfer request: './IN': non-authoritative zone (NOTAUTH): 1 Time(s) notify question section contains no SOA: 1 Time(s)
Does that mean someone was trying break into the server or something?
I've been tasked with developing a default Logwatch configuration for a few dozen servers that will email their findings to a ticketing system. I was hoping to find insight here from users who are using Logwatch similarly. If you have Logwatch emailing a ticket system, I'd love to hear about your custom configs...
Requests with error response codes 400 Bad Request /vb/Juice/images/editor/bold.gif: 1 Time(s) /w00tw00t.at.ISC.SANS.DFind: 1 Time(s) 404 Not Found /admin/phpmyadmin/main.php: 1 Time(s) [url] ---------------------- httpd End -------------------------
--------------------- Kernel Begin ------------------------
2 Time(s): PrefPort:A RlmtMode:Check Link State 2 Time(s): Virtual Wire compatibility mode. 2 Time(s): autonegotiation: yes 2 Time(s): duplex mode: full 2 Time(s): flowctrl: none 2 Time(s): ide0: BM-DMA at 0xfc00-0xfc07, BIOS settings: hda:pio, hdb:pio 2 Time(s): ide1: BM-DMA at 0xfc08-0xfc0f, BIOS settings: hdc:pio, hdd:pio 2 Time(s): irq moderation: disabled 2 Time(s): rx-checksum: disabled 2 Time(s): scatter-gather: disabled 2 Time(s): speed: 100 2 Time(s): tx-checksum: disabled 1 Time(s): pIII_sse : 4821.000 MB/sec 1 Time(s): pIII_sse : 4822.000 MB/sec 2 Time(s): IO window: e000-efff 2 Time(s): MEM window: fbf00000-fbffffff 2 Time(s): PREFETCH window: 20000000-200fffff 2 Time(s): Type: Direct-Access ANSI SCSI revision: 05 2 Time(s): Vendor: ATA Model: Hitachi HDS72168 Rev: P21O 2 Time(s): BIOS-e820: 0000000000000000 - 000000000009fc00 (usable) 2 Time(s): BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved) 2 Time(s): BIOS-e820: 00000000000e6000 - 0000000000100000 (reserved) 2 Time(s): BIOS-e820: 0000000000100000 - 000000001f7b0000 (usable) 2 Time(s): BIOS-e820: 000000001f7b0000 - 000000001f7c0000 (ACPI data) 2 Time(s): BIOS-e820: 000000001f7c0000 - 000000001f7f0000 (ACPI NVS) 2 Time(s): BIOS-e820: 000000001f7f0000 - 000000001f800000 (reserved) 2 Time(s): BIOS-e820: 00000000ffb80000 - 0000000100000000 (reserved) 2 Time(s): sda: sda1 sda2 sda3 2 Time(s): ..TIMER: vector=0x31 apic1=0 pin1=2 apic2=0 pin2=0 2 Time(s): 0MB HIGHMEM available. 2 Time(s): 3ware 9000 Storage Controller device driver for Linux v2.26.02.007. 2 Time(s): 3ware Storage Controller device driver for Linux v1.26.02.001. 2 Time(s): 503MB LOWMEM available. 2 Time(s): ATA: abnormal status 0x7F on port 0xD407 2 Time(s): Adding 522104k swap on /dev/sda3. Priority:-1 extents:1 across:522104k 2 Time(s): Allocating PCI resources starting at 20000000 (gap: 1f800000:e0380000) 2 Time(s): BIOS-provided physical RAM map: 2 Time(s): Brought up 1 CPUs 2 Time(s): Built 1 zonelists. Total pages: 128944 2 Time(s): CPU0: Intel P4/Xeon Extended MCE MSRs (24) available 2 Time(s): CPU0: Intel(R) Pentium(R) 4 CPU 3.00GHz stepping 09 2 Time(s): CPU: L2 cache: 1024K 2 Time(s): CPU: Physical Processor ID: 0 2 Time(s): CPU: Trace cache: 12K uops, L1 D cache: 16K 1 Time(s): Calibrating delay using timer specific routine.. 5989.49 BogoMIPS (lpj=11978986) 1 Time(s): Calibrating delay using timer specific routine.. 5989.50 BogoMIPS (lpj=11979013) 2 Time(s): Checking 'hlt' instruction... OK. 2 Time(s): Checking if this processor honours the WP bit even in supervisor mode... Ok. 2 Time(s): Compat vDSO mapped to ffffe000. 2 Time(s): Console: colour VGA+ 80x25 2 Time(s): Copyright (c) 1999-2005 LSI Logic Corporation 2 Time(s): Copyright (c) 1999-2006 Intel Corporation. 2 Time(s): DMI 2.3 present. 2 Time(s): Dentry cache hash table entries: 65536 (order: 6, 262144 bytes) 1 Time(s): Detected 2992.767 MHz processor. 1 Time(s): Detected 2992.772 MHz processor. 2 Time(s): Dquot-cache hash table entries: 1024 (order 0, 4096 bytes) 2 Time(s): ENABLING IO-APIC IRQs 2 Time(s): EXT3 FS on sda1, internal journal 2 Time(s): EXT3 FS on sda2, internal journal 2 Time(s): EXT3-fs: INFO: recovery required on readonly filesystem. 4 Time(s): EXT3-fs: mounted filesystem with ordered data mode. 2 Time(s): EXT3-fs: recovery complete. 1 Time(s): EXT3-fs: sda1: 4 orphan inodes deleted 1 Time(s): EXT3-fs: sda1: orphan cleanup on readonly fs 2 Time(s): EXT3-fs: write access will be enabled during recovery. 2 Time(s): Enabling APIC mode: Flat. Using 1 I/O APICs 2 Time(s): Enabling fast FPU save and restore... done. 2 Time(s): Enabling unmasked SIMD FPU exception support... done. 2 Time(s): ExtINT not setup in hardware but reported by MP table 2 Time(s): Freeing SMP alternatives: 20k freed 2 Time(s): Freeing unused kernel memory: 220k freed 2 Time(s): Fusion MPT SAS Host driver 3.04.01 2 Time(s): Fusion MPT SPI Host driver 3.04.01 2 Time(s): Fusion MPT base driver 3.04.01 2 Time(s): Fusion MPT misc device (ioctl) driver 3.04.01 2 Time(s): I/O APIC #2 Version 32 at 0xFEC00000. 2 Time(s): ICH5: IDE controller at PCI slot 0000:00:1f.1 2 Time(s): ICH5: chipset revision 2 2 Time(s): ICH5: not 100% native mode: will probe irqs later 2 Time(s): IP route cache hash table entries: 4096 (order: 2, 16384 bytes) 2 Time(s): IPv4 over IPv4 tunneling driver 2 Time(s): Initializing CPU#0 2 Time(s): Initializing Cryptographic API 2 Time(s): Inode-cache hash table entries: 32768 (order: 5, 131072 bytes) 2 Time(s): Intel MultiProcessor Specification v1.4 2 Time(s): Intel machine check architecture supported. 2 Time(s): Intel machine check reporting enabled on CPU#0. 2 Time(s): Intel(R) PRO/1000 Network Driver - version 7.1.9-k4-NAPI 2 Time(s): Kernel command line: auto BOOT_IMAGE=linux ro root=801 nousb 2 Time(s): Linux agpgart interface v0.101 (c) Dave Jones 2 Time(s): Linux version 2.6.18.1-xxxx-grs-ipv4-32 (root@kernel-32.ovh.net) (version gcc 3.3.5 (Debian 1:3.3.5-13)) #2 SMP Fri Nov 3 23:04:19 CET 2006 2 Time(s): Memory: 506412k/515776k available (2860k kernel code, 8896k reserved, 1080k data, 220k init, 0k highmem) 2 Time(s): Mount-cache hash table entries: 512 2 Time(s): NET: Registered protocol family 1 2 Time(s): NET: Registered protocol family 16 2 Time(s): NET: Registered protocol family 17 2 Time(s): NET: Registered protocol family 2 2 Time(s): Netfilter messages via NETLINK v0.30. 2 Time(s): OEM ID: ASUSTeK Product ID: APIC at: 0xFEE00000 2 Time(s): PCI quirk: region 0480-04bf claimed by ICH4 GPIO 2 Time(s): PCI quirk: region 0800-087f claimed by ICH4 ACPI/GPIO/TCO 2 Time(s): PCI->APIC IRQ transform: 0000:00:02.0[A] -> IRQ 16 2 Time(s): PCI->APIC IRQ transform: 0000:00:1f.1[A] -> IRQ 18 2 Time(s): PCI->APIC IRQ transform: 0000:00:1f.2[A] -> IRQ 18 2 Time(s): PCI->APIC IRQ transform: 0000:01:0d.0[A] -> IRQ 23 2 Time(s): PCI: Bridge: 0000:00:1e.0 2 Time(s): PCI: Enabling device 0000:00:1f.1 (0005 -> 0007) 2 Time(s): PCI: Ignore bogus resource 6 [0:0] of 0000:00:02.0 2 Time(s): PCI: Ignoring BAR0-3 of IDE controller 0000:00:1f.1 2 Time(s): PCI: PCI BIOS revision 2.10 entry at 0xf0031, last bus=1 2 Time(s): PCI: Probing PCI hardware 2 Time(s): PCI: Transparent bridge - 0000:00:1e.0 2 Time(s): PCI: Using IRQ router PIIX/ICH [8086/24d0] at 0000:00:1f.0 2 Time(s): PCI: Using configuration type 1 2 Time(s): PID hash table entries: 2048 (order: 11, 8192 bytes) 2 Time(s): Processor #0 15:4 APIC version 20 2 Time(s): Processors: 1 2 Time(s): Real Time Clock Driver v1.12ac 4 Time(s): SCSI device sda: 160836480 512-byte hdwr sectors (82348 MB) 4 Time(s): SCSI device sda: drive cache: write back 2 Time(s): SCSI subsystem initialized 2 Time(s): SGI XFS with large block numbers, no debug enabled 2 Time(s): SMP alternatives: switching to UP code 2 Time(s): Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing disabled 2 Time(s): Setting up standard PCI resources 2 Time(s): Software Watchdog Timer: 0.07 initialized. soft_noboot=0 soft_margin=60 sec (nowayout= 0) 2 Time(s): TCP bic registered 2 Time(s): TCP bind hash table entries: 8192 (order: 4, 65536 bytes) 2 Time(s): TCP established hash table entries: 16384 (order: 5, 131072 bytes) 2 Time(s): TCP reno registered 2 Time(s): TCP: Hash tables configured (established 16384 bind 8192) 2 Time(s): Time: tsc clocksource has been installed. 1 Time(s): Total of 1 processors activated (5989.49 BogoMIPS). 1 Time(s): Total of 1 processors activated (5989.50 BogoMIPS). 2 Time(s): Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2 2 Time(s): Using IPI Shortcut mode 2 Time(s): VFS: Disk quotas dquot_6.5.1 2 Time(s): VFS: Mounted root (ext3 filesystem) readonly. 2 Time(s): ata1: SATA max UDMA/133 cmd 0xD400 ctl 0xD002 bmdma 0xC000 irq 18 2 Time(s): ata2.00: ATA-7, max UDMA/133, 160836480 sectors: LBA48 NCQ (depth 0/32) 2 Time(s): ata2.00: ata2: dev 0 multi count 16 2 Time(s): ata2.00: configured for UDMA/133 2 Time(s): ata2: SATA max UDMA/133 cmd 0xC800 ctl 0xC402 bmdma 0xC008 irq 18 2 Time(s): ata_piix 0000:00:1f.2: MAP [ P0 -- P1 -- ] 2 Time(s): device-mapper: ioctl: 4.7.0-ioctl (2006-06-24) initialised: dm-devel@redhat.com 2 Time(s): drivers/rtc/hctosys.c: unable to open rtc device (rtc0) 2 Time(s): e100: Copyright(c) 1999-2005 Intel Corporation 2 Time(s): e100: Intel(R) PRO/100 Network Driver, 3.5.10-k2-NAPI 2 Time(s): eth0: Yukon Gigabit Ethernet 10/100/1000Base-T Adapter 2 Time(s): eth0: network connection up using port A 2 Time(s): floppy0: no floppy controllers found 2 Time(s): found SMP MP-table at 000ff780 2 Time(s): ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx 2 Time(s): io scheduler anticipatory registered (default) 2 Time(s): io scheduler cfq registered 2 Time(s): io scheduler deadline registered 2 Time(s): io scheduler noop registered 2 Time(s): ip_conntrack version 2.4 (4029 buckets, 32232 max) - 224 bytes per conntrack 2 Time(s): ip_tables: (C) 2000-2006 Netfilter Core Team 4 Time(s): kjournald starting. Commit interval 5 seconds 2 Time(s): klogd 1.4.1, log source = /proc/kmsg started. 2 Time(s): loop: loaded (max 8 devices) 4 Time(s): md: ... autorun DONE. 4 Time(s): md: Autodetecting RAID arrays. 4 Time(s): md: autorun ... 2 Time(s): md: bitmap version 4.39 2 Time(s): md: linear personality registered for level -1 2 Time(s): md: md driver 0.90.3 MAX_MD_DEVS=256, MD_SB_DISKS=27 2 Time(s): md: multipath personality registered for level -4 2 Time(s): md: raid0 personality registered for level 0 2 Time(s): md: raid1 personality registered for level 1 2 Time(s): md: raid4 personality registered for level 4 2 Time(s): md: raid5 personality registered for level 5 2 Time(s): md: raid6 personality registered for level 6 2 Time(s): megasas: 00.00.03.01 Sun May 14 22:49:52 PDT 2006 2 Time(s): mice: PS/2 mouse device common for all mice 2 Time(s): migration_cost=0 2 Time(s): monitor/mwait feature present. 2 Time(s): mptctl: /dev/mptctl @ (major,minor=10,220) 2 Time(s): mptctl: Registered with Fusion MPT base driver 2 Time(s): raid5: automatically using best checksumming function: pIII_sse 1 Time(s): raid5: using function: pIII_sse (4821.000 MB/sec) 1 Time(s): raid5: using function: pIII_sse (4822.000 MB/sec) 1 Time(s): raid6: int32x1 862 MB/s 1 Time(s): raid6: int32x1 863 MB/s 2 Time(s): raid6: int32x2 795 MB/s 2 Time(s): raid6: int32x4 708 MB/s 1 Time(s): raid6: int32x8 543 MB/s 1 Time(s): raid6: int32x8 544 MB/s 1 Time(s): raid6: mmxx1 1831 MB/s 1 Time(s): raid6: mmxx1 1840 MB/s 2 Time(s): raid6: mmxx2 2122 MB/s 2 Time(s): raid6: sse1x1 1057 MB/s 1 Time(s): raid6: sse1x2 1208 MB/s 1 Time(s): raid6: sse1x2 1210 MB/s 1 Time(s): raid6: sse2x1 2099 MB/s 1 Time(s): raid6: sse2x1 2101 MB/s 1 Time(s): raid6: sse2x2 2252 MB/s 1 Time(s): raid6: sse2x2 2254 MB/s 1 Time(s): raid6: using algorithm sse2x2 (2252 MB/s) 1 Time(s): raid6: using algorithm sse2x2 (2254 MB/s) 2 Time(s): scsi0 : ata_piix 2 Time(s): scsi1 : ata_piix 2 Time(s): sd 1:0:0:0: Attached scsi disk sda 4 Time(s): sda: Write Protect is off 2 Time(s): serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A 2 Time(s): serio: i8042 AUX port at 0x60,0x64 irq 12 2 Time(s): serio: i8042 KBD port at 0x60,0x64 irq 1 2 Time(s): tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com> 2 Time(s): tun: Universal TUN/TAP device driver, 1.6 2 Time(s): using mwait in idle threads.
---------------------- Kernel End -------------------------
I've been getting this log watch from my server emailed to me on a daily basis. It gives me a list of all the authentification failures via SSH and other protocols. Should I be actively concerned that there's specific IP addresses consistantly trying to access my SSH account? Likewise, for any type of failed login. Should I actively block their IP address from accessing the server at all?
I've also noticed in the Connections group, there's a lot of monitoringservice.net connections -- is this normal?
Just want to make sure I'm taking an active effort on preventing my server being brought down. I mean, I have 2000+ SSHd authentication failures... seems really high.
I logged into my email to check for my nightly logwatch report (at 12am). Nothing.
So I log into ssh and manually run it, get greeted with this:
You have old files in your logwatch tmpdir (/var/cache/logwatch): logwatch.zcTV3hC0 The directories listed above were most likely created by a logwatch run that failed to complete successfully. If so, you may delete these directories.
I last ran logwatch around 10:30pm, it worked fine.
I try to run logwatch again, same error.. except now there's another temp file showing beneath the first.
I go ahead and delete both of them, run logwatch again...it worked. I also got the other reports from when I tried running logwatch manually and was stopped with this error.
I've never had this happen before, so I'm curious as to what caused it? Logwatch is in cron.daily and has never missed a single report.
Just typical data corruption (as can happen with any computer file) or could something have interfered with its processing at 12?
My /var partition is getting full and most of the problem seems to be with the files in /var/cache/logwatch/ using up all the space. Can those be deleted?
I have been receivig a huge logwatch report, seems that logwatch is not parsing the /var/log/secure file, but sending the log entries instead of any resume of it. I got thousands of lines like
Cp-Wrap: Pushing "47 GETDISKUSED pvargas lights.com.co" to '/usr/local/cpanel/bin/eximadmin' for UID: 47 : 25 Time(s) Cp-Wrap: Pushing "47 GETDISKUSED r.perez konecrans.com" to '/usr/local/cpanel/bin/eximadmin' for UID: 47 : 69 Time(s) Cp-Wrap: Pushing "47 GETDISKUSED r.rodriguez konecrans.com" to '/usr/local/cpanel/bin/eximadmin' for UID: 47 : 114 Time(s)
I have upgraded to the most recent version of Logwatch with default configuration. Any ideas on what could be wrong?
Is this someone trying to gain access to the server and just trying different password or ways? The server is new with no websites hosted yet but already getting this.
Will Brute Force not take care of this?
Is this common? Any ideas?
**Unmatched Entries** sendto(72.64.118.118): Operation not permitted: 72 time(s) sendto(69.182.190.97): Operation not permitted: 73 time(s) sendto(66.93.44.19): Operation not permitted: 72 time(s)
Does anyone have a link to some Logwatch installation instructions. There nothing on the logwatch website and not manage to find anything on here or on google.
I jusy want to set it up and have it email me every day.
I used a little vServer with ubuntu (turnkey) and use logwatch to be informed by email about any errors. I'm confused about the following errors from Apache:
--------------------- httpd Begin ------------------------ Requests with error response codes 404 Not Found http://translate.google.com/gen204: 1 Time(s) http://www.teddybrinkofski.com/ip_json.php: 1 Time(s) 503 Service Unavailable http://www.google.com/: 1 Time(s) ---------------------- httpd End -------------------------
These errors are definetly not from my own code. I have checked that mod_proxy is disabled and i disabled also CONNECT like here described: [URL] ....
What does these errors mean and how can i disabled this?
The market is full of VPS providers with different combinations of features.. some offer huge amounts of ram, bandwidth, managed, unmanaged, etc.. The sheer number of choices is dizzying..
My question is, if you had to pick one feature of a VPS plan that was most important to you, what would it be?
I live in Turkey. I'm gonna buy a reseller package from Hostgator which is located in Texas. I will mostly make websites in English language for business(affiliate websites) but I decided to make 2 websites in Turkish language for a hobby of mine. Should I buy hosting from a company in Europe or can I still go with Hostgator? I really like Hostgator's package but how much disadvantage would there be in terms of speed? Would people be able to tell by speed whether the server is close or not? Is there a way to test it? All my friends' computers have a speed around 100kb download per second.
How important is PCI Compliance to you as a hosting provider? Are you compliant now?
Do you intend to be complaint? Also how many thing that just getting a scan from comodo or another scanner makes you compliant?
As far the rules for PCI-DSS state if you store CC's which all hosting companies do if they are using a billing system, i.e MB, WHMCS etc.. You have to be compliant to a fault for a 37 page document with lots and lots of requirements that most don't do and don't know how to do.
Is it worth it to not make the effort and get compliant or risk losing your merchant account and getting on the TMF list and fined $50k?
How important is this from a customer standpoint? Assuming ticket response times are under 1 hour, is Live support something that customers really want? I'm considering adding it as a support option, but want to weigh whether or not its worth it. <<Please setup signature in Member Control Panel>>
When I talked with my friends who are into computer stuff, they'd say that it is important that the provider that I am about to host my site with, has good ping response so that my site will load faster.
I don't know how some web hosting companies get away with saying they offer 24x7 support but don't. I have come across many companies that all clam the same thing but at the end when it comes down to it they are not there when you need them.
My question is if they have a live chat button on there site and I see there sales team offline, that is an immediate sign they are really not there 24x7. If a person is qualified to manage a server is he/she not qualified to sell a product?
how can a network be monitored if you don't have a staff 24x7?
I work for a company that does business mainly in California but we have people all over the country including Boston and NYC. I'm looking for dedicated servers and found good pricing/service in Chicago but worried about response times for my Cali folks. I'm hosting a non public web app that everyone needs to use so the load is low and response times are not super critical.
Will my users experience noticable latency?
Also people that manage the servers may be in Cali as well. Will they find it fustrating to remote into these windows servers and manage them or will it be acceptable or should I find something closer to california?
What really are the chances of a drive failure in any given year?
I worked in corporate IT departments for 15 years and had RAID on everything even though I rarely saw a drive failure. Out of hundreds of drives one might fail in any given year.
It does look like some folks here have experienced drive failures on dedicated boxes though, so my dilemma is this: If both cost the same am I better off to have a box with no RAID at a good host like theplanet, or have a box WITH raid with one of the value hosts?
"IMPORTANT: Do not ignore this email. The hostname (one.icv.ro) resolves to 76.163.193.147. It should resolve to 209.188.81.112. Please be sure to correct /etc/hosts as well as the 'A' entry in zone file for the domain.
Some are all of these problems can be caused by /etc/resolv.conf being setup incorrectly. Please check this file if you believe everything else is correct.
You may be able to automaticly correct this problem by using the ' Add an A entry for your hostname ' under ' Dns Functions ' in your Web Host Manager"
So everything is working fine .. I checked the DNS zone and every thing is ok.
but run this on the server : ==================== dig +noall +answer +additional icv.ro NS icv.ro. 84220 IN NS ns9.ixwebhosting.com. icv.ro. 84220 IN NS ns10.ixwebhosting.com. ==================== dig +noall +answer +additional icv.ro icv.ro. 82792 IN A 76.163.193.147
and they are wrong.
strange that the ping is fine.. and is corect ip:
ping icv.ro PING icv.ro (209.188.81.112) 56(84) bytes of data. 64 bytes from one.icv.ro (209.188.81.112): icmp_seq=1 ttl=64 time=0.060 ms ======================
So my server didn't updated the ns. They are the old ns .. and the new one are
Name Server: ns1.wiredtree.com Name Server: ns2.wiredtree.com