Re: [logs] Log Samples Requested

From: Jeff Falgout (JFalgout@private)
Date: Fri Mar 12 2004 - 11:41:14 PST

  • Next message: Jeff Falgout: "Re: [logs] Log Samples Requested" 

    >>> "Marcus J. Ranum" <mjr@private> 3/12/2004 8:43:00 AM >>>
Rainer Gerhards wrote:
>Having said this, on to my request: I would appreciate if the list
>members (you!) could send me a few lines of their actual syslog data.

Rainer - we've been trying to establish a log codex on loganalysis.org
for some time. Getting log data is like pulling teeth. :) Please,
people
if you have logs you are willing to share, send them to
loganalysis.org
as well.

>>>>>>>>>>>>>>>>>>>>>


Here's a few:
The Linux entries are from /var/log/messages
the HP-UX are from /var/adm/syslog/syslog.log

Welcome to SuSE SLES 8 (powered by UnitedLinux 1.0) (i586)

Linux server2 2.4.21-169-smp #1 SMP Fri Jan 2 19:10:04 UTC 2004 i686
unknown

Mar 12 12:00:08 server2 rcd[308]: Loaded 12 packages in
'ximian-red-carpet|351' (0.01878 seconds)
Mar 12 12:00:08 server2 rcd[308]: id=304 COMPLETE 'Downloading
https://server2/data/red-carpet.rdf' time=0s (failed)
Mar 12 12:00:08 server2 rcd[308]: Unable to downloaded licenses info:
Unable to authenticate - Authorization Required
(https://server2/data/red-carpet.rdf)
Mar 12 12:10:00 server2 /USR/SBIN/CRON[6808]: (root) CMD (
/usr/lib/sa/sa1 )
Mar 12 12:20:00 server2 /USR/SBIN/CRON[6837]: (root) CMD (
/usr/lib/sa/sa1 )

****

Red Hat Linux release 8.0 (Psyche)

Linux server3 2.4.20-18.8smp #1 SMP Thu May 29 07:20:32 EDT 2003 i686
i686 i386 GNU/Linux

Mar 12 12:27:00 server3 named[32172]: lame server resolving
'jakarta5.wasantara.net.id' (in 'wasantara.net.id'?): 202.159.65.171#53
Mar 12 12:27:03 server3 named[32173]: lame server resolving
'jakarta5.wasantara.net.id' (in 'wasantara.net.id'?): 202.159.65.171#53

****

Red Hat Enterprise Linux ES release 3 (Taroon Update 1)

Linux server4 2.4.21-9.EL #1 Thu Jan 8 17:24:12 EST 2004 i686 i686 i386
GNU/Linux

Mar 12 12:01:02 server4 snort:     alert_multiple_requests: ACTIVE
Mar 12 12:01:02 server4 snort: telnet_decode arguments:
Mar 12 12:01:02 server4 snortd: snort startup succeeded
Mar 12 12:01:02 server4 snort:     Ports to decode telnet on: 21 23 25
119
Mar 12 12:01:03 server4 snort: Snort initialization completed
successfully

****

HP-UX server5 B.10.20 E 9000/800 1465611321 8-user license

Mar 10 03:19:48 server5 syslog: su : + tty?? root-informix
Mar 11 03:19:54 server5 syslog: su : + tty?? root-informix
Mar 12 03:19:51 server5 syslog: su : + tty?? root-informix
Mar 12 09:27:20 server5 syslog: su : - ttyp1 user-informix
Mar 12 09:27:35 server5 syslog: su : + ttyp1 user-informix

****

HP-UX server6 B.11.00 U 9000/800 662359333 unlimited-user license

Mar 12 08:24:51 server6 sshd[24742]: Accepted password for netscape
from 111.222.333.444 port 1420 ssh2
Mar 12 08:25:15 server6 tftpd[24241]: Timeout (no requests in 10
minutes)
Mar 12 08:49:53 server6 ftpd[27281]: FTP LOGIN FROM 111.222.333.444
[111.222.333.444], netscape
Mar 12 09:05:22 server6 ftpd[27281]: exiting on signal 14
Mar 12 12:32:24 server6 sshd[11187]: Accepted password for jfalgout
from 111.222.333.444 port 34138 ssh2

****

HP-UX server7 B.11.11 U 9000/800 1606319326 unlimited-user license

Mar 12 11:44:20 server7 ftpd[25306]: command: QUIT^M
Mar 12 11:44:20 server7 ftpd[25306]: <--- 221
Mar 12 11:44:20 server7 ftpd[25306]: Goodbye.
Mar 12 11:44:35 server7 tftpd[24955]: Timeout (no requests in 10
minutes)
Mar 12 12:17:03 server7 sshd[26501]: pam_authenticate: error
Authentication failed
Mar 12 12:17:03 server7 sshd[26501]: Accepted publickey for user from
111.222.333.444 port 32774 ssh2
Mar 12 12:34:23 server7 sshd[27393]: pam_authenticate: error
Authentication failed


Have Fun

Jeff
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

    This archive was generated by hypermail 2b30 : Fri Mar 12 2004 - 12:14:35 PST