At risk of sounding infantile.. I've got some questions about messages I'm seeing in my logwatch.
1) First of all, whenever I make much use of phpmyadmin from my workstation (which runs XP), logwatch gets stuffed with bunches of messages under the heading of "A total of XX sites probed the server." The line after the heading lists the culprit IP, which is my workstation, and then the list of requests, all of which are phpmyadmin requests. Why are these showing up as probes? Here's an excerpt:
A total of 1 sites probed the server 192.168.1.33
!!!! 41 possible successful probes /phpmyadmin/sql.php?lang=en-iso-8859-1&server=1&db=[chomp]&table=[chomp]&goto=tbl_properties_structure.php&back=tbl_properties_structure.php&sql_query=SELECT+%2A+FROM+%60[chomp]%60&pos=0HTTP Response 200 /phpmyadmin/images/arrow_ltr.gif HTTP Response 304(The [chomp]s are just to hide things like table names from the publichere).. At any rate, this is just a browser (IE) accessing a web page, justlike normal.. None of my other pages seem to generate these messages; onlyphpmyadmin. So far, googling this only retrieves a previous post to thislist by me about this, which was never followed up.2) Dovecot seems to enjoy littering the logs withdovecot-auth: pam_succeed_if: requirement "uid < 100" not met by user"[chomp]"This doesn't sound like a problem, just a normal part of the authenticationprocess (or is it?). Thing is, none of my dovecot users are going to haveuids < 500, and I know this, so I really don't know why I need to see thesezillion messages (one for each user, ! every 5 minutes each time their MUAscheck the mail...). For this one, I only care to suppress this particularmessage. Is there a verbosity level for dovecot, or maybe a filter I canput in place for Logwatch?Thanks a lot guys!Cheers,~Brian----------------Brian A. HenningStrutmasters.com866.597.2397----------------
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
