Try piping it to grep -v 127
At 01:24 PM 3/15/2001 +0000, you wrote:
>Marc Gear wrote:
> > My logs give this a lot throughout the syslog of my raq3
> > <start>
> > Mar 14 14:15:00 pear in.proftpd[13261]: connect from 127.0.0.1
> > Mar 14 14:15:13 pear in.qpopper[13285]: connect from 127.0.0.1
> > Mar 14 14:30:00 pear in.proftpd[13897]: connect from 127.0.0.1
> > Mar 14 14:30:13 pear in.qpopper[13919]: connect from 127.0.0.1
> > <snip>
> > it goes on for a long time... Is it something to do with the system monitor
> > on the control panel checking these services are okay? I know i am not
> > running any cron jobs that would give this sort of error.
> > as it is i know have localhost in my /etc/hosts.deny incase this is a
> > security issue, but i wondered what might be causing my machine to keep
> > trying its pop and ftp connections...
>Its part of the system monitoring. If you place don't have
>localhost/127.0.0.1 in host.allow/deny, the control panel will show the
>service as yellow instead of green.
>
>Its a pain in the arse, as most of our logs are full of 127.0.0.1,
>amking it hard to check for real use/abuse etc.
>
>Hope this helps,
>
>--Gareth
>_______________________________________________
>cobalt-security mailing list
>[EMAIL PROTECTED]
>http://list.cobalt.com/mailman/listinfo/cobalt-security
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
