> On 1/1/06, John Summerfied <debian@xxxxxxxxxxxxxxxxxxxxxx> wrote: >> Dotan Cohen wrote: >>> I haven't read root's email in about a month. Now that I get around to >>> it, I am suprised to see things that I have never seen before, such >>> as: >>> --------------------- pam_unix Begin ------------------------ >>> kde-np: >>> Unknown Entries: >>> session opened for user dotancohen by (uid=0): 1 Time(s) >>> ---------------------- pam_unix End ------------------------- >>> >>> --------------------- Smartd Begin ------------------------ >>> **Unmatched Entries** >>> smartd received signal 15: Terminated >>> smartd is exiting (exit status 0) >>> ---------------------- Smartd End ------------------------- >>> >>> --------------------- Selinux Audit Begin ------------------------ >>> Number of audit daemon starts: 1 >>> Number of audit daemon stops: 2 >>> *** Logs which could mean a bug *** >>> major=252 name_count=0: freeing multiple contexts (1) >>> major=113 name_count=0: freeing multiple contexts (2) >>> ---------------------- Selinux Audit End ------------------------- >>> >>> --------------------- SSHD Begin ------------------------ >>> SSHD Killed: 1 Time(s) >>> SSHD Started: 1 Time(s) >> Normal restart stuff here and in some other places. >> > > Do you mean that this is logged when the computer restarts? Because I > have never restarted SSH. Yes, logged when computer restarts. >>> ---------------------- SSHD End ------------------------- >>> >>> --------------------- httpd Begin ------------------------ >>> Requests with error response codes >>> 404 Not Found >>> /cvs/index2.php?_REQUEST[option]=com_conte ... cho%20YYY;echo|: 1 >>> Time(s) >>> /cvs/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 >>> Time(s) >>> /favicon.ico: 32 Time(s) >>> /javascript/HM_Arrays.js: 1 Time(s) >>> /javascript/HM_ScriptDOM.js: 1 Time(s) >>> /mambo/index2.php?_REQUEST[option]=com_con ... cho%20YYY;echo|: 1 >>> Time(s) >>> /php/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 >>> Time(s) >>> ---------------------- httpd End ------------------------- >>> >>> --------------------- pam_unix Begin ------------------------ >>> kde: >>> Unknown Entries: >>> session closed for user dotancohen: 3 Time(s) >>> session opened for user dotancohen by (uid=0): 3 Time(s) >> This looks like you logging in and out three times. >> > > Should that concern me if I don' think that I had EVER logged out and > then back in? This is a one-man box. If you've ever restarted the computer, then you've logged out. Let me suggest some further research for you: Find on your computer, and learn, everything about logging and LogWatch. This command: $ ls /usr/share/doc/logwatch* will show you what onboard documentation there is for logwatch. Read those files. $ man logwatch will also be helpful, but probably only the part where it shows you which files are used for configuration. /etc/syslog.conf is the file that controls what the computer logs and where. I would study that file. $ man syslog.conf is a pretty good place to start reading, also. Useful ways to see exactly what is going on: If I want to find out what is causing this: session closed for user dotancohen then I would make note of the time, then log out, log back in, and, as root: # tail /var/log/messages You should see something similar to this: Jan 2 05:01:01 shemp crond(pam_unix)[7970]: session closed for user root Jan 2 06:01:01 shemp crond(pam_unix)[8219]: session opened for user root by (uid=0) Of course, I got this from my system, so your output will be different, but the point is that you can compare the time you logged out to the time of the log entry, and see what a simple logout or restart will generate in the logfiles. Sorry to be so verbose, and also sorry to suggest reading so many boring man pages, but I think I've given you a good nudge in the right direction. :)
