################### Logwatch 7.3.6 (05/19/07) #################### Processing Initiated: Tue Nov 17 03:26:09 2015 Date Range Processed: yesterday ( 2015-Nov-16 ) Period is day. Detail Level of Output: 0 Type of Output: unformatted Logfiles for Host: linode01.ovirt.org ################################################################## --------------------- Dovecot Begin ------------------------
Dovecot disconnects: Logged out: 2 Time(s) no auth attempts: 4 Time(s) ---------------------- Dovecot End ------------------------- --------------------- httpd Begin ------------------------ A total of 1 sites probed the server 162.144.119.155 Requests with error response codes 400 Bad Request /admin.php: 1 Time(s) /admin/: 1 Time(s) /admin/login.php: 1 Time(s) /administrator/index.php: 1 Time(s) /bitrix/admin/index.php?lang=en: 1 Time(s) /index.php: 1 Time(s) /user/: 1 Time(s) /wp-login.php: 1 Time(s) 404 Not Found /: 577 Time(s) /**pipermail/users/2012-March/**001158.htm ... rch/001158.html: 1 Time(s) //wp-admin/admin-ajax.php: 1 Time(s) //wp-admin/admin-ajax.php?action=revolutio ... ./wp-config.php: 1 Time(s) //wp-admin/admin-ajax.php?action=revslider ... ./wp-config.php: 1 Time(s) //wp-admin/includes/themes.php?x1: 1 Time(s) //wp-admin/options-link.php?x1: 1 Time(s) //xmlrpc.php: 5 Time(s) /:: 1 Time(s) /____mailman/listinfo/users: 1 Time(s) /__mailman/listinfo/users: 1 Time(s) /admin.php: 5 Time(s) /admin/: 5 Time(s) /admin/login.php: 5 Time(s) /administrator/index.php: 5 Time(s) /apple-touch-icon-precomposed.png: 2 Time(s) /apple-touch-icon.png: 2 Time(s) /bitrix/admin/index.php?lang=en: 5 Time(s) /blog/: 1 Time(s) /blog/robots.txt: 1 Time(s) /blog/wp-admin/: 6 Time(s) /category/news/feed: 1 Time(s) /category/news/feed/: 18 Time(s) /favicon.ico: 808 Time(s) /news-and-events/workshop/: 1 Time(s) /old/wp-admin/: 7 Time(s) /pipermail/2011-September/date.html: 1 Time(s) /pipermail/2011-September/subject.html: 1 Time(s) /pipermail/2012-August/date.html: 1 Time(s) /pipermail/2014-May/subject.html: 1 Time(s) /pipermail/2015-June/thread.html: 1 Time(s) /pipermail/devel/2012-january/000483.html: 1 Time(s) /pipermail/engine-patches/2012-April/012280.html: 1 Time(s) /pipermail/engine-patches/2012-April/015493.html: 1 Time(s) /pipermail/engine-patches/2012-April/015602.html: 1 Time(s) /pipermail/engine-patches/2012-August/031082.html: 1 Time(s) /pipermail/engine-patches/2012-August/031317.html: 1 Time(s) /pipermail/engine-patches/2012-December/044910.html: 1 Time(s) /pipermail/engine-patches/2012-December/045695.html: 1 Time(s) /pipermail/engine-patches/2012-January/003324.html: 1 Time(s) /pipermail/engine-patches/2012-July/027145.html: 1 Time(s) /pipermail/engine-patches/2012-July/028900.html: 1 Time(s) /pipermail/engine-patches/2012-June/021568.html: 1 Time(s) /pipermail/engine-patches/2012-June/022786.html: 1 Time(s) /pipermail/engine-patches/2012-November/041821.html: 1 Time(s) /pipermail/engine-patches/2012-November/042583.html: 1 Time(s) /pipermail/engine-patches/2012-October/036843.html: 1 Time(s) /pipermail/engine-patches/2012-October/038133.html: 1 Time(s) /pipermail/engine-patches/2012-September/036066.html: 1 Time(s) /pipermail/engine-patches/2013-December/131013.html: 1 Time(s) /pipermail/engine-patches/2013-December/131353.html: 1 Time(s) /pipermail/engine-patches/2013-December/135195.html: 1 Time(s) /pipermail/engine-patches/2013-February/055161.html: 1 Time(s) /pipermail/engine-patches/2013-January/052823.html: 1 Time(s) /pipermail/engine-patches/2013-July/086729.html: 1 Time(s) /pipermail/engine-patches/2013-June/077690.html: 1 Time(s) /pipermail/engine-patches/2013-June/078877.html: 1 Time(s) /pipermail/engine-patches/2013-October/114289.html: 1 Time(s) /pipermail/engine-patches/2013-September/107191.html: 1 Time(s) /pipermail/engine-patches/2014-January/139237.html: 1 Time(s) /pipermail/infra/2012-August/wp-admin/admi ... ./wp-config.php: 2 Time(s) /pipermail/infra/2012-August/wp-admin/admin-ajax.php: 4 Time(s) /pipermail/infra/2013-December/004705.html/trackback/: 1 Time(s) /pipermail/infra/2013-December/tiki-register.php: 2 Time(s) /pipermail/infra/2013-February//xmlrpc.php: 1 Time(s) /pipermail/infra/2013-February/002129.html ... Zenw/xmlrpc.php: 4 Time(s) /pipermail/infra/2013-February/002129.html ... enw//xmlrpc.php: 7 Time(s) /pipermail/infra/2013-February/xmlrpc.php: 2 Time(s) /pipermail/infra/2013-January/001880.html/trackback/: 1 Time(s) /pipermail/infra/2013-July/tiki-register.php: 4 Time(s) /pipermail/infra/2013-June/tiki-register.php: 1 Time(s) /pipermail/infra/2013-March/002443.html/trackback/: 1 Time(s) /pipermail/infra/2013-March/tiki-register.php: 2 Time(s) /pipermail/infra/2013-March/xmlrpc.php: 1 Time(s) /pipermail/infra/2013-May//xmlrpc.php: 1 Time(s) /pipermail/infra/2013-May/003136.html& ... JcfQ/xmlrpc.php: 14 Time(s) /pipermail/infra/2013-May/003136.html& ... cfQ//xmlrpc.php: 3 Time(s) /pipermail/infra/2013-May/tiki-register.php: 9 Time(s) /pipermail/infra/2013-May/xmlrpc.php: 2 Time(s) /pipermail/infra/2013-November/tiki-register.php: 2 Time(s) /pipermail/infra/2013-September/003939.html/trackback/: 1 Time(s) /pipermail/infra/2014-December//xmlrpc.php: 2 Time(s) /pipermail/infra/2014-December/008683.html ... stg//xmlrpc.php: 6 Time(s) /pipermail/infra/2014-December/008683.html ... ustg/xmlrpc.php: 1 Time(s) /pipermail/infra/2014-December/xmlrpc.php: 1 Time(s) /pipermail/infra/2014-May/006294.html/trackback/: 1 Time(s) /pipermail/infra/2014-September/tiki-register.php: 1 Time(s) /pipermail/infra/2015-April/009473.html&am ... ./wp-config.php: 1 Time(s) /pipermail/infra/2015-April/wp-admin/admin ... ./wp-config.php: 11 Time(s) /pipermail/infra/2015-April/wp-admin/admin-ajax.php: 10 Time(s) /pipermail/infra/2015-February/wp-admin/ad ... ./wp-config.php: 3 Time(s) /pipermail/infra/2015-February/wp-admin/admin-ajax.php: 2 Time(s) /pipermail/infra/2015-July//wp-admin/admin ... ./wp-config.php: 2 Time(s) /pipermail/infra/2015-July//wp-admin/admin-ajax.php: 1 Time(s) /pipermail/infra/2015-July//wp-admin/includes/themes.php?x1: 1 Time(s) /pipermail/infra/2015-July//wp-admin/options-link.php?x1: 1 Time(s) /pipermail/infra/2015-July/wp-admin/admin- ... ./wp-config.php: 1 Time(s) /pipermail/infra/2015-July/wp-admin/admin-ajax.php: 3 Time(s) /pipermail/infra/2015-June//xmlrpc.php: 1 Time(s) /pipermail/infra/2015-June/010089.html& ... R0g//xmlrpc.php: 1 Time(s) /pipermail/infra/2015-March/wp-admin/admin ... ./wp-config.php: 1 Time(s) /pipermail/infra/2015-March/wp-admin/admin-ajax.php: 2 Time(s) /pipermail/infra/2015-May/009651.html/trackback/: 2 Time(s) /pipermail/infra/2015-May/009724.html& ... ./wp-config.php: 1 Time(s) /pipermail/infra/2015-May/wp-admin/admin-a ... ./wp-config.php: 3 Time(s) /pipermail/infra/2015-february/009179.html: 1 Time(s) /pipermail/kimchi-devel/2014-february/002081.html: 3 Time(s) /pipermail/users/2013-april/013638.html: 1 Time(s) /pipermail/users/2013-august/015578.html: 1 Time(s) /pipermail/users/2013-july/015099.html: 1 Time(s) /pipermail/users/2013-june/014937.html: 1 Time(s) /pipermail/users/2014-April/023401.html/trackback/: 1 Time(s) /repos/ci-tools/EL/6/repodata/repomd.xml: 51 Time(s) /robots.txt: 106 Time(s) /test/wp-admin/: 8 Time(s) /user/: 5 Time(s) /wordpress/: 1 Time(s) /wordpress/wp-admin/: 8 Time(s) /wp-admin/: 8 Time(s) /wp-admin/admin-ajax.php: 18 Time(s) /wp-admin/admin-ajax.php?action=revolution ... ./wp-config.php: 3 Time(s) /wp-admin/admin-ajax.php?action=revslider_ ... ./wp-config.php: 19 Time(s) /wp-content/uploads/style.php: 1 Time(s) /wp-login.php: 6 Time(s) /wp/: 1 Time(s) /wp/wp-admin/: 5 Time(s) /xmlrpc.php: 7 Time(s) /xmlrpc.php?rsd: 1 Time(s) 501 Not Implemented null: 50 Time(s) ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ dovecot: Authentication Failures: jira rhost=92.128.53.104 : 1 Time(s) Unknown Entries: check pass; user unknown: 1 Time(s) sudo: Authentication Failures: dcaro(516) -> dcaro: 1 Time(s) sudo-i: Unknown Entries: authentication failure; logname=dcaro uid=516 euid=0 tty=/dev/pts/3 ruser=dcaro rhost= user=dcaro: 1 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Postfix Begin ------------------------ 95 *Fatal: General fatal 340 *Warning: Database file needs update 95 *Warning: Startup error 536 *Warning: Pre-queue content-filter connection overload 95 Process exited 75 Miscellaneous warnings 29.663M Bytes accepted 31,103,724 273.520M Bytes delivered 286,806,426 ======== ================================================ 1875 Accepted 84.31% 349 Rejected 15.69% -------- ------------------------------------------------ 2224 Total 100.00% ======== ================================================ 2 Reject relay denied 0.57% 21 Reject HELO/EHLO 6.02% 326 Reject unknown user 93.41% -------- ------------------------------------------------ 349 Total Rejects 100.00% ======== ================================================ 1338 4xx Reject recipient address 96.68% 46 4xx Reject sender address 3.32% -------- ------------------------------------------------ 1384 Total 4xx Rejects 100.00% ======== ================================================ 2595 Connections made 263 Connections lost 2595 Disconnections 1840 Removed from queue 873 Delivered 26101 Sent via SMTP 6 Forwarded 328 Deferred 1925 Deferrals 2 Bounce (local) 390 Bounce (remote) 60 DSNs undeliverable 378 Connection failure (outbound) 5 Timeout (inbound) 7 Excessive errors in SMTP commands dialog 278 Hostname verification errors 32 Hostname validation error 6 Restarts due to lookup table change 127 Enabled PIX workaround **Unmatched Entries** 1 Nov 16 04:57:08 linode01 postfix/smtp[12824]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 09:30:23 linode01 postfix/smtp[20453]: C4881C71B: Cannot start TLS: handshake failure 1 Nov 16 05:43:53 linode01 postfix/smtp[14152]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 09:20:27 linode01 postfix/smtp[20189]: 2A63EC5A9: Cannot start TLS: handshake failure 1 Nov 16 05:43:53 linode01 postfix/smtp[14152]: EEB02C515: Cannot start TLS: handshake failure 1 Nov 16 03:08:55 linode01 postfix/smtp[9194]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 11:07:59 linode01 postfix/smtp[23710]: B5983C448: Cannot start TLS: handshake failure 1 Nov 16 09:20:37 linode01 postfix/smtp[19718]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 09:11:02 linode01 postfix/smtp[19359]: D292CC726: Cannot start TLS: handshake failure 1 Nov 16 09:20:37 linode01 postfix/smtp[19718]: B00C0C73E: Cannot start TLS: handshake failure 1 Nov 16 06:11:14 linode01 postfix/smtp[15047]: AC371C5A9: Cannot start TLS: handshake failure 1 Nov 16 09:06:00 linode01 postfix/smtp[19384]: CCB72C71B: Cannot start TLS: handshake failure 1 Nov 16 03:48:05 linode01 postfix/smtp[11073]: 7E6B7C793: Cannot start TLS: handshake failure 1 Nov 16 03:36:57 linode01 postfix/smtp[10535]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 09:35:38 linode01 postfix/smtp[20651]: 5A259C5A9: Cannot start TLS: handshake failure 1 Nov 16 11:07:59 linode01 postfix/smtp[23710]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 04:57:08 linode01 postfix/smtp[12824]: BF0B4C515: Cannot start TLS: handshake failure 1 Nov 16 09:04:25 linode01 postfix/smtp[19318]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 04:23:01 linode01 postfix/smtp[11951]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 10:01:11 linode01 postfix/smtp[21580]: 91EB9C6C6: Cannot start TLS: handshake failure 1 Nov 16 02:02:21 linode01 postfix/smtp[7651]: 20111C8C9: Cannot start TLS: handshake failure 1 Nov 16 22:52:41 linode01 postfix/smtp[6888]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 11:49:34 linode01 postfix/smtp[24983]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 04:23:01 linode01 postfix/smtp[11951]: EE620C6C6: Cannot start TLS: handshake failure 1 Nov 16 09:14:38 linode01 postfix/smtp[19715]: 85DEBC5A9: Cannot start TLS: handshake failure 1 Nov 16 03:08:55 linode01 postfix/smtp[9194]: 2AFB2C8DA: Cannot start TLS: handshake failure 1 Nov 16 18:16:01 linode01 postfix/smtp[857]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 06:51:09 linode01 postfix/smtp[16162]: SSL_connect error to tacos.lugy.net[70.85.31.174]:25: -1 1 Nov 16 18:16:01 linode01 postfix/smtp[857]: 7B0FBC6C6: Cannot start TLS: handshake failure 1 Nov 16 09:30:10 linode01 postfix/smtp[20449]: SSL_connect error to tacos.lugy.net[70.85.31.174]:25: -1 1 Nov 16 12:30:22 linode01 postfix/smtp[25999]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 09:10:46 linode01 postfix/smtp[19589]: E5710C73E: Cannot start TLS: handshake failure 1 Nov 16 09:06:00 linode01 postfix/smtp[19384]: SSL_connect error to tacos.lugy.net[70.85.31.174]:25: -1 1 Nov 16 09:15:33 linode01 postfix/smtp[19719]: 7B6A8C73E: Cannot start TLS: handshake failure 1 Nov 16 12:30:22 linode01 postfix/smtp[25999]: D8D6CC5BC: Cannot start TLS: handshake failure 1 Nov 16 06:51:09 linode01 postfix/smtp[16162]: 86FAEC448: Cannot start TLS: handshake failure 1 Nov 16 05:11:26 linode01 postfix/smtp[13334]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 06:11:14 linode01 postfix/smtp[15047]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 09:20:27 linode01 postfix/smtp[20189]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 09:11:02 linode01 postfix/smtp[19359]: SSL_connect error to mx1.mail.139.com[221.176.66.188]:25: -1 1 Nov 16 05:59:07 linode01 postfix/smtp[14716]: 04ABEC284: Cannot start TLS: handshake failure 1 Nov 16 04:59:11 linode01 postfix/smtp[12974]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 01:43:24 linode01 postfix/smtp[6918]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 05:11:53 linode01 postfix/smtp[13335]: SSL_connect error to tacos.lugy.net[70.85.31.174]:25: -1 1 Nov 16 09:35:38 linode01 postfix/smtp[20651]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 11:49:34 linode01 postfix/smtp[24983]: 0ACF6C5BC: Cannot start TLS: handshake failure 1 Nov 16 05:59:07 linode01 postfix/smtp[14716]: SSL_connect error to tacos.lugy.net[70.85.31.174]:25: -1 1 Nov 16 12:30:32 linode01 postfix/smtp[25976]: 81B16C726: Cannot start TLS: handshake failure 1 Nov 16 12:30:32 linode01 postfix/smtp[25976]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 09:04:25 linode01 postfix/smtp[19318]: 7B349C5A9: Cannot start TLS: handshake failure 1 Nov 16 09:56:15 linode01 postfix/smtp[21297]: CEC5AC6C6: Cannot start TLS: handshake failure 1 Nov 16 01:43:24 linode01 postfix/smtp[6918]: 6DB5BC8C3: Cannot start TLS: handshake failure 1 Nov 16 05:11:26 linode01 postfix/smtp[13334]: 7793BC515: Cannot start TLS: handshake failure 1 Nov 16 22:52:41 linode01 postfix/smtp[6888]: E5B8DC71B: Cannot start TLS: handshake failure 1 Nov 16 09:10:46 linode01 postfix/smtp[19589]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 09:17:01 linode01 postfix/smtp[19792]: C86BFC5A9: Cannot start TLS: handshake failure 1 Nov 16 10:01:11 linode01 postfix/smtp[21580]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 02:02:21 linode01 postfix/smtp[7651]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 09:30:10 linode01 postfix/smtp[20449]: 3B1E2C73E: Cannot start TLS: handshake failure 1 Nov 16 09:14:38 linode01 postfix/smtp[19715]: SSL_connect error to tacos.lugy.net[70.85.31.174]:25: -1 1 Nov 16 09:30:23 linode01 postfix/smtp[20453]: SSL_connect error to tacos.lugy.net[70.85.31.174]:25: -1 1 Nov 16 04:59:11 linode01 postfix/smtp[12974]: 589BAC69D: Cannot start TLS: handshake failure 1 Nov 16 09:17:01 linode01 postfix/smtp[19792]: SSL_connect error to tacos.lugy.net[70.85.31.174]:25: -1 1 Nov 16 03:36:57 linode01 postfix/smtp[10535]: F088EC8DC: Cannot start TLS: handshake failure 1 Nov 16 09:15:33 linode01 postfix/smtp[19719]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 05:11:53 linode01 postfix/smtp[13335]: 4C80EC5BC: Cannot start TLS: handshake failure 1 Nov 16 03:48:05 linode01 postfix/smtp[11073]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 1 Nov 16 09:56:15 linode01 postfix/smtp[21297]: SSL_connect error to mail.albasoft.com[80.36.199.64]:25: -1 ---------------------- Postfix End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ New Users: dovecot (97) dovenull (492) New Groups: dovecot (97) dovenull (489) **Unmatched Entries** groupadd: group added to /etc/group: name=dovecot, GID=97: 1 Time(s) groupadd: group added to /etc/group: name=dovenull, GID=489: 1 Time(s) groupadd: group added to /etc/gshadow: name=dovecot: 1 Time(s) groupadd: group added to /etc/gshadow: name=dovenull: 1 Time(s) usermod: change user 'dcaro' password: 1 Time(s) ---------------------- Connections (secure-log) End ------------------------- --------------------- SSHD Begin ------------------------ Users logging in through sshd: dcaro: 80.30.34.17: 2 times misc: 92.128.53.104 (AMontsouris-653-1-238-104.w92-128.abo.wanadoo.fr): 6 times Received disconnect: 11: : 45 Time(s) 11: Bye Bye : 39 Time(s) 11: Normal Shutdown, Thank you for playing : 1 Time(s) 11: disconnected by user : 7 Time(s) 3: com.jcraft.jsch.JSchException: Auth fail : 38 Time(s) **Unmatched Entries** reverse mapping checking getaddrinfo for dynamic.vdc.vn [113.163.174.208] failed - POSSIBLE BREAK-IN ATTEMPT! : 27 time(s) Address 66.162.88.202 maps to mail.plunkett-gibson.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s) Address 123.176.36.2 maps to ras.beamtele.net, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s) reverse mapping checking getaddrinfo for c999942990-cloudpro-777889187.cloudatcost.com [104.233.81.149] failed - POSSIBLE BREAK-IN ATTEMPT! : 7 time(s) ---------------------- SSHD End ------------------------- --------------------- Sudo (secure-log) Begin ------------------------ ============================================================================== dcaro => root ------------- /bin/bash - 2 Times. /bin/cat - 1 Times. /usr/bin/puppet - 1 Times. ============================================================================== misc => root ------------ /bin/bash - 6 Times. ============================================================================== nrpe => root ------------ /sbin/service - 288 Times. **Unmatched Entries** pam_unix(sudo-i:auth): authentication failure; logname=dcaro uid=516 euid=0 tty=/dev/pts/3 ruser=dcaro rhost= user=dcaro: 1 Time(s) ---------------------- Sudo (secure-log) End ------------------------- --------------------- yum Begin ------------------------ Packages Installed: urlview-0.9-7.el6.i686 tokyocabinet-1.4.33-6.el6.i686 1:dovecot-2.0.9-19.el6_7.2.i686 5:mutt-1.5.20-7.20091214hg736b6a.el6.i686 ---------------------- yum End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/xvda 97G 70G 27G 73% / ---------------------- Disk Space End ------------------------- ###################### Logwatch End ######################### _______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra