Logs

Logs

[Eduardo Frias]

Does anybody know what these entries in my /var/log/messages mean?

Aug 7 00:15:18 axwax su: (to nobody) root on none
Aug 7 00:15:18 axwax PAM-unix2[4653]: session started for user nobody,
 service su
Aug 7 00:17:35 axwax PAM-unix2[4653]: session finished for user nobody,
service su


Thanks!

-- 

.-.
Eduardo Frias
The more you read, the less everyone else knows
-.-

RE: Logs

[Eduardo Frias]

Nop, I am not running any web server at all in that machine, could it be
any other process swithing to nobody? like sshd?

Thanks!

On Thu, 8 Aug 2002, Amgad E.. Fahmy wrote:


  [NON-Text Body part not included]


-- 

.-.
Eduardo Frias
The more you read, the less everyone else knows
-.-

RE: Logs

[Amgad E.. Fahmy]

[-- Attachment #1: smime.p7m --]
[-- Type: application/pkcs7-mime, Size: 4613 bytes --]

RE: Logs

[johnjulian1]

it means that a root process switched to user nobody to run a command.
updatedb (used by locate) does this.

Eduardo Frias <efrias@mail.un.org.mx> wrote:

>
>Does anybody know what these entries in my /var/log/messages mean?
>
>Aug 7 00:15:18 axwax su: (to nobody) root on none
>Aug 7 00:15:18 axwax PAM-unix2[4653]: session started for user nobody,
> service su
>Aug 7 00:17:35 axwax PAM-unix2[4653]: session finished for user nobody,
>service su
>
>
>Thanks!
>
>-- 
>
>.-.
>Eduardo Frias
>The more you read, the less everyone else knows
>-.-
>
>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>


__________________________________________________________________
Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/

logs

[Paulo Andre]

Would like to know some views on logging netfilter, is using ulogd
better than log...???

paulo

Re: logs

[Eric Leblond]

Le lun 20/01/2003 à 08:39, Paulo Andre a écrit :
> Would like to know some views on logging netfilter, is using ulogd
> better than log...???

ulogd depends on a daemon, and daemon can fails.
But, I never see this happen. So the main issue is not this one.

With ulogd you can log directly into a SQL database, and you've got at
least an interface (written in php) to analyse your logs :
	http://home.regit.org/ulogd-php.html
(end of self ad)

An other avantage of ulogd is the fact that you can use different output
in the same type (file and sql for example). Furhtermore you can say how
many packet should be log at at time and that can help to avoid I/O
overload.

--
Eric Leblond
mail : eleblond@init-sys.com

logs

[azeem ahmad]

hi alll
i want to check the logs of iptables to check who is passing throught my 
machine. so plz tell me where r its logs and how can i check them
regards
Azeem

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail

Re: logs

[Antony Stone]

On Friday 09 April 2004 11:07 pm, azeem ahmad wrote:

> hi alll
> i want to check the logs of iptables to check who is passing throught my
> machine. so plz tell me where r its logs and how can i check them

The LOG target takes an argument --log-level which is what determines how the 
log entries are handled by your syslog daemon, according to /etc/syslog.conf

The most likely places for you to find your log entries are:
1. On the console (if you didn't specify --log-level)
2. In /var/log/messages
3. In /var/log/syslog

As for checking the logs to see "who" is passing through your machine.... good 
luck :)

Regards,

Antony.

-- 
These clients are often infected by viruses or other malware and need to be 
fixed.  If not, the user at that client needs to be fixed...

 - Henrik Nordstrom, on Squid users' mailing list

                                                     Please reply to the list;
                                                           please don't CC me.

Re: logs

[Jeffrey Laramie]

On Friday 09 April 2004 18:07, azeem ahmad wrote:
> hi alll
> i want to check the logs of iptables to check who is passing throught my
> machine. so plz tell me where r its logs and how can i check them
> regards
> Azeem

Iptables uses syslog which writes to /var/log/messages file by default.

Jeff