Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: brad on June 12, 2001, 03:43:28 AM

Title: security log file
Post by: brad on June 12, 2001, 03:43:28 AM

Hi all,
I have been up all night 'watching' someone continuously 'knocking' at my e-smith (4.1.2) server ....
the entries in the /var/log/security file read :
Jun 12 07:33:11 e-smith xinetd[895]: START: auth pid=9001 from=130.102.5.50

and the corresponding entry in the /var/log/messages file looks reads:
Jun 12 08:36:20 e-smith identd[9099]: Successful lookup: 1955 , 25 : qmailr.qmail

can anyone let me know what this person is doing, or tell me where i can find out some information on 'deciphering' the log files.

below is an excerpt from the /var/log/security file...the ip addressess 192.168.1.xx are local network clients.

thanks in advance,

Brad



Jun 12 07:10:05 e-smith xinetd[895]: START: auth pid=8945 from=130.102.5.50
Jun 12 07:10:07 e-smith xinetd[895]: START: auth pid=8946 from=130.102.5.50
Jun 12 07:10:07 e-smith xinetd[895]: START: auth pid=8947 from=130.102.5.50
Jun 12 07:10:07 e-smith xinetd[895]: START: auth pid=8948 from=130.102.5.50
Jun 12 07:10:07 e-smith xinetd[895]: START: auth pid=8949 from=130.102.5.50
Jun 12 07:10:08 e-smith xinetd[895]: START: auth pid=8950 from=130.102.5.50
Jun 12 07:10:10 e-smith xinetd[895]: START: auth pid=8951 from=130.102.5.50
Jun 12 07:10:11 e-smith xinetd[895]: START: auth pid=8952 from=130.102.5.50
Jun 12 07:10:12 e-smith xinetd[895]: START: auth pid=8953 from=130.102.5.50
Jun 12 07:10:12 e-smith xinetd[895]: START: auth pid=8954 from=130.102.5.50
Jun 12 07:10:12 e-smith xinetd[895]: START: auth pid=8955 from=130.102.5.50
Jun 12 07:10:14 e-smith xinetd[895]: START: auth pid=8956 from=130.102.5.50
Jun 12 07:10:53 e-smith xinetd[895]: START: pop-3 pid=8957 from=192.168.1.20
Jun 12 07:12:54 e-smith xinetd[895]: START: pop-3 pid=8960 from=192.168.1.20
Jun 12 07:14:54 e-smith xinetd[895]: START: pop-3 pid=8965 from=192.168.1.20
Jun 12 07:16:54 e-smith xinetd[895]: START: pop-3 pid=8969 from=192.168.1.20
Jun 12 07:18:55 e-smith xinetd[895]: START: pop-3 pid=8971 from=192.168.1.20
Jun 12 07:20:55 e-smith xinetd[895]: START: pop-3 pid=8978 from=192.168.1.20
Jun 12 07:21:59 e-smith xinetd[895]: START: auth pid=8981 from=130.102.5.50
Jun 12 07:22:55 e-smith xinetd[895]: START: pop-3 pid=8982 from=192.168.1.20
Jun 12 07:24:56 e-smith xinetd[895]: START: pop-3 pid=8985 from=192.168.1.20
Jun 12 07:26:56 e-smith xinetd[895]: START: pop-3 pid=8988 from=192.168.1.20
Jun 12 07:28:56 e-smith xinetd[895]: START: pop-3 pid=8990 from=192.168.1.20
Jun 12 07:30:56 e-smith xinetd[895]: START: pop-3 pid=8994 from=192.168.1.20
Jun 12 07:32:57 e-smith xinetd[895]: START: pop-3 pid=8999 from=192.168.1.20
Jun 12 07:33:11 e-smith xinetd[895]: START: auth pid=9001 from=130.102.5.50
Jun 12 07:34:57 e-smith xinetd[895]: START: pop-3 pid=9004 from=192.168.1.20
Jun 12 08:06:18 e-smith xinetd[895]: START: pop-3 pid=9033 from=192.168.1.20
Jun 12 08:06:29 e-smith xinetd[895]: START: pop-3 pid=9035 from=192.168.1.20
Jun 12 08:06:30 e-smith xinetd[895]: START: pop-3 pid=9037 from=192.168.1.20
Jun 12 08:08:31 e-smith xinetd[895]: START: pop-3 pid=9040 from=192.168.1.20
Jun 12 08:10:31 e-smith xinetd[895]: START: pop-3 pid=9044 from=192.168.1.20
Jun 12 08:12:32 e-smith xinetd[895]: START: pop-3 pid=9046 from=192.168.1.20
Jun 12 08:14:32 e-smith xinetd[895]: START: pop-3 pid=9050 from=192.168.1.20
Jun 12 08:16:32 e-smith xinetd[895]: START: pop-3 pid=9053 from=192.168.1.20
Jun 12 08:18:33 e-smith xinetd[895]: START: pop-3 pid=9055 from=192.168.1.20
Jun 12 08:20:33 e-smith xinetd[895]: START: pop-3 pid=9060 from=192.168.1.20
Jun 12 08:22:33 e-smith xinetd[895]: START: pop-3 pid=9065 from=192.168.1.20
Jun 12 08:24:34 e-smith xinetd[895]: START: pop-3 pid=9081 from=192.168.1.20
Jun 12 08:26:34 e-smith xinetd[895]: START: pop-3 pid=9084 from=192.168.1.20
Jun 12 08:28:35 e-smith xinetd[895]: START: pop-3 pid=9088 from=192.168.1.20
Jun 12 08:30:35 e-smith xinetd[895]: START: pop-3 pid=9092 from=192.168.1.20
Jun 12 08:32:35 e-smith xinetd[895]: START: pop-3 pid=9094 from=192.168.1.20
Jun 12 08:34:36 e-smith xinetd[895]: START: pop-3 pid=9096 from=192.168.1.20
Jun 12 08:36:20 e-smith xinetd[895]: START: auth pid=9099 from=130.102.5.50
Jun 12 08:36:36 e-smith xinetd[895]: START: pop-3 pid=9100 from=192.168.1.20
Jun 12 08:38:36 e-smith xinetd[895]: START: pop-3 pid=9105 from=192.168.1.20
Jun 12 08:40:36 e-smith xinetd[895]: START: pop-3 pid=9111 from=192.168.1.20