>From: Chris Williams >This is just a sample. This happened every 15 min. 127.0.0.1 is my loopback address. I found an entry in my crontab file that called >SWATCH every 15 min. I basically put a # in front of it, restarted crond and everything stopped.
>Can anyone shed any light on this? Other than my log files are now quiet I have noticed no difference since I remarked out the command Well, I guess Swatch is the program that warns you when a service crashes, sending an e-mail to the adres mentioned in the administrator interface. So I think it's a good idea to let that one run. I put this in my logcheck.ignore to stop those lines from being mentioned: ..:00:0.*proftpd.* \(localhost\[127.0.0.1\]\) - FTP session opened ..:00:0.*proftpd.* \(localhost\[127.0.0.1\]\) - FTP session closed ..:15:0.*proftpd.* \(localhost\[127.0.0.1\]\) - FTP session opened ..:15:0.*proftpd.* \(localhost\[127.0.0.1\]\) - FTP session closed ..:30:0.*proftpd.* \(localhost\[127.0.0.1\]\) - FTP session opened ..:30:0.*proftpd.* \(localhost\[127.0.0.1\]\) - FTP session closed ..:45:0.*proftpd.* \(localhost\[127.0.0.1\]\) - FTP session opened ..:45:0.*proftpd.* \(localhost\[127.0.0.1\]\) - FTP session closed sendmail.*NOQUEUE\: localhost \[127\.0\.0\.1\] did not issue MAIL\/EXPN\/VRFY\/ETRN during connection to MTA in.qpopper.* connect from [^[:space:]]+$ etc.etc. My problem is to find a set of such rules that makes sure I don't get a mail every x minutes, but I do get it when there's really something going on. Jelmer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
