server log watch

Hi, Could I have an expert opinion on what is the meaning of below log. Please interpret in plain english and advise on what should be done if this is something that 'screwing' my server.

Thanks.


################### LogWatch 5.2.2 (06/23/04) ####################
Processing Initiated: Fri Sep 19 04:02:03 2008
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host: xxxx.xxxxxxx.com
################################################################

--------------------- Clamav Begin ------------------------

Daemon check list:
Database modification detected. Forcing reload: 7 Time(s)

**Unmatched Entries**
Database correctly reloaded (427530 signatures)
Database correctly reloaded (428306 signatures)
Database correctly reloaded (428307 signatures)
Database correctly reloaded (428317 signatures)
Database correctly reloaded (428318 signatures)
Database correctly reloaded (428320 signatures)
Database correctly reloaded (428515 signatures)

---------------------- Clamav End -------------------------


--------------------- httpd Begin ------------------------


A total of 1 unidentified 'other' records logged
GET /watch-flush HTTP/1.0 with response code(s) 200 288 responses

---------------------- httpd End -------------------------


--------------------- Kernel Begin ------------------------


Dropped 633 packets on interface eth0
From 12.22.32.20 - 3 packets to tcp(2500)
From 12.147.113.11 - 1 packet to udp(49153)
From 41.246.115.164 - 1 packet to udp(49153)
From 58.56.44.194 - 1 packet to udp(49153)
From 59.40.185.125 - 1 packet to udp(49153)
From 59.163.196.15 - 1 packet to udp(49153)
From 60.172.219.6 - 11 packets to tcp(8800,8080,8800,8000,8080,8800,8080,8800,8080,8800)
From 60.172.222.17 - 28 packets to 27 tcp ports
From 61.147.115.37 - 1 packet to tcp(2967)
From 61.152.170.142 - 1 packet to udp(49153)
From 61.175.225.182 - 1 packet to udp(49153)
From 61.191.63.15 - 5 packets to tcp(2967,2967,2967,2967,2967)
From 61.191.63.25 - 5 packets to tcp(2967,2967,2967,2967,2967)
From 61.247.108.73 - 7 packets to tcp(5900,5900,5900,5900,5900)
From 62.43.189.164 - 1 packet to udp(3199)
From 62.160.169.5 - 1 packet to udp(49153)
From 63.251.161.4 - 7 packets to udp(33435)
From 63.251.178.8 - 4 packets to udp(33437)
From 63.251.178.12 - 4 packets to udp(33441)
From 63.251.178.24 - 4 packets to udp(33440)
From 64.39.2.109 - 17 packets to udp(33435,33436)
From 64.94.33.4 - 7 packets to udp(33435)
From 64.94.45.4 - 7 packets to udp(33436)
From 64.94.45.8 - 14 packets to udp(33437)
From 64.94.45.20 - 7 packets to udp(33439)
From 64.94.45.28 - 7 packets to udp(33440)
From 64.94.179.8 - 7 packets to udp(33437)
From 65.68.149.114 - 1 packet to udp(49153)
From 65.196.31.130 - 1 packet to udp(49153)
From 66.150.223.12 - 4 packets to udp(33442)
From 66.150.223.28 - 4 packets to udp(33440)
From 66.150.223.32 - 4 packets to udp(33438)
From 66.151.55.12 - 4 packets to udp(33441)
From 66.151.55.24 - 4 packets to udp(33440)
From 66.151.55.28 - 7 packets to udp(33439)
From 66.151.226.140 - 10 packets to udp(33438)
From 66.151.226.156 - 4 packets to udp(33437)
From 66.187.176.162 - 15 packets to udp(33435,33471,33473,33474)
From 67.78.10.165 - 1 packet to udp(49153)
From 67.106.205.71 - 5 packets to tcp(10000,10000,10000,10000,10000)
From 69.25.172.12 - 4 packets to udp(33439)
From 69.25.172.28 - 4 packets to udp(33437)
From 69.64.51.45 - 1 packet to tcp(3128)
From 70.42.24.4 - 7 packets to udp(33435)
From 70.42.25.4 - 4 packets to udp(33436)
From 70.42.25.24 - 4 packets to udp(33438)
From 70.42.25.84 - 7 packets to udp(33439)
From 70.42.25.88 - 7 packets to udp(33437)
From 72.248.211.50 - 2 packets to tcp(2967)
From 74.172.128.51 - 1 packet to tcp(3389)
From 75.52.217.250 - 5 packets to udp(5632,5632,5632,5632,5632)
From 83.13.191.186 - 3 packets to udp(21382,38810,48611)
From 84.124.83.2 - 1 packet to udp(49153)
From 85.62.10.242 - 1 packet to udp(49153)
From 87.62.49.180 - 3 packets to tcp(15)
From 87.120.54.252 - 3 packets to tcp(4899,4899,4899)
From 99.1.224.6 - 5 packets to tcp(4899,4899,4899,4899,4899)
From 118.123.5.109 - 5 packets to tcp(2967,2967,2967,2967,2967)
From 121.14.156.57 - 5 packets to tcp(2967,2967,2967,2967,2967)
From 121.32.129.130 - 1 packet to udp(49153)
From 121.241.139.18 - 35 packets to udp(500)
From 125.18.18.252 - 1 packet to udp(49153)
From 125.64.31.20 - 7 packets to tcp(8080,8080,8080,8080,8080)
From 125.129.220.241 - 5 packets to tcp(3128,3128,3128,3128,3128)
From 159.226.165.151 - 1 packet to udp(49153)
From 190.25.232.158 - 5 packets to tcp(8080,8080,8080,8080,8080)
From 196.34.133.51 - 5 packets to tcp(8080,8080,8080,8080,8080)
From 200.86.13.72 - 5 packets to tcp(4899,4899,4899,4899,4899)
From 202.106.53.195 - 1 packet to udp(49153)
From 203.86.7.130 - 2 packets to tcp(31577)
From 203.199.61.4 - 2 packets to tcp(22297)
From 205.178.191.103 - 13 packets to 12 udp ports
From 208.77.12.13 - 11 packets to udp(33437,33438)
From 208.169.60.155 - 87 packets to tcp(8125)
From 210.22.25.251 - 2 packets to tcp(53890)
From 210.192.100.15 - 5 packets to tcp(2967,2967,2967,2967,2967)
From 210.220.211.10 - 7 packets to tcp(5900,5900,5900,5900,5900)
From 211.103.246.107 - 5 packets to tcp(2967,2967,2967,2967,2967)
From 211.157.113.227 - 5 packets to tcp(53,53,53,53,53)
From 213.172.61.66 - 2 packets to tcp(55985)
From 216.52.94.4 - 11 packets to udp(33435)
From 216.52.190.4 - 7 packets to udp(33435)
From 216.52.192.4 - 7 packets to udp(33436)
From 216.52.192.12 - 4 packets to udp(33442)
From 216.52.192.20 - 11 packets to udp(33439)
From 216.52.192.28 - 4 packets to udp(33440)
From 216.52.254.4 - 7 packets to udp(33435)
From 217.139.54.136 - 5 packets to tcp(23,23,23,23,23)
From 218.56.41.134 - 5 packets to tcp(2967,2967,2967,2967,2967)
From 218.57.139.130 - 1 packet to udp(49153)
From 218.106.61.136 - 2 packets to tcp(23777)
From 220.112.41.194 - 3 packets to udp(49153)
From 221.11.6.227 - 15 packets to tcp(2967,2967,2967,2967,2967)
From 222.66.10.181 - 1 packet to udp(49153)
From 222.187.221.27 - 10 packets to tcp(7212,7212,8000,7212,7212,7212)
From 222.187.221.83 - 36 packets to tcp(8000,7212,8000,7212,8000,8000)
From 222.215.230.49 - 7 packets to tcp(8000,8000,8000,8000,8000)

Logged 589 packets on interface eth0
From 61.7.219.68 - 20 packets to tcp(22,22,22,22,22)
From 69.147.227.178 - 270 packets to tcp(22)
From 99.128.222.68 - 275 packets to tcp(22,22,22,22,22)
From 217.139.54.136 - 5 packets to tcp(23,23,23,23,23)
From 221.130.198.137 - 19 packets to tcp(22,22,22,22,22)

---------------------- Kernel End -------------------------


--------------------- pam_unix Begin ------------------------

sshd:
Authentication Failures:
root (adsl-99-128-222-68.dsl.rcsntx.sbcglobal.net): 275 Time(s)
root (221.130.198.137): 13 Time(s)
unknown (61.7.219.68): 9 Time(s)
root (61.7.219.68): 4 Time(s)
Invalid Users:
Unknown Account: 9 Time(s)


---------------------- pam_unix End -------------------------


--------------------- SSHD Begin ------------------------


Failed logins from these:
invalid/password from anonymous: 4 Time(s)
invalid/password from chuck: 2 Time(s)
invalid/password from darkman: 1 Time(s)
invalid/password from passwd: 2 Time(s)
root/password from ::ffff:221.130.198.137: 13 Time(s)
root/password from ::ffff:61.7.219.68: 4 Time(s)
root/password from ::ffff:99.128.222.68: 275 Time(s)

Illegal users from these:
Invalid/none from anonymous: 4 Time(s)
Invalid/none from chuck: 2 Time(s)
Invalid/none from darkman: 1 Time(s)
Invalid/none from passwd: 2 Time(s)
invalid/none from unknown: 9 Time(s)
invalid/password from anonymous: 4 Time(s)
invalid/password from chuck: 2 Time(s)
invalid/password from darkman: 1 Time(s)
invalid/password from passwd: 2 Time(s)


Received disconnect:
11: Bye Bye
::ffff:221.130.198.137 : 13 Time(s)
::ffff:61.7.219.68 : 5 Time(s)
::ffff:99.128.222.68 : 275 Time(s)

---------------------- SSHD End -------------------------


--------------------- vpopmail Begin ------------------------


No Such User Found:
blahblah@ - 270 Time(s)
info@magnus.it - 1 Time(s)

---------------------- vpopmail End -------------------------



------------------ Disk Space --------------------

/dev/mapper/VolGroup00-LogVol00
73G   23G   46G  34% /
/dev/sda1              99M   59M   36M  63% /boot


###################### LogWatch End #########################

bump

I dont see anything out of the ordinary here, your firewall is dropping bad packets coming from the net, you are bieng lightly attacked from ssh, but connections were refused... it all looks fine... the droped packets are an ongoing thing every firewall is doing this daily and by the mninute, all sshd connections failed with a bye bye and that is good.... posible spam attempt with user blah blah, but nothing critical unless im missing something

Forums  ›  Dolphin  ›  Dolphin 7.0