Ankush Grover wrote:
hey friends,
Here is my log file which is generated by Logwatch .
crond: Unknown Entries: session closed for user root: 313 Time(s) session opened for user root by (uid=0): 313 Time(s)
Relaying denied: From unknown[211.48.102.152] to support@xxxxxxxxxxxxx : 1 Time(s) From unknown[222.101.92.32] to smtphunter44@xxxxxxxx : 1 Time(s)
I am little concerned with these 2 means are these the normal entries or there is some problem.As it can be seen that cron daemon opened for root 313 times isn't it too much.
Please tell me about this.
Thanks & Regards
Ankush Grover
Hello Ankush,
Check /var/log/cron to see what cron job is running. Jobs like sa (systat) generally run every 10 minutes as root. So these might be usual.
For the sendmail logs, nothing much to worry as a relaying attempt was denied. If this is a public facing server running sendmail, these entries might be pretty common atleast in India.
But if you are really worried, cheking the actual logs might give more insights to the problem
-Saurabh