On Sun, 2006-04-09 at 10:52 +0100, Anne Wilson wrote:
> On Saturday 08 April 2006 15:25, Anne Wilson wrote:
> > On Saturday 08 April 2006 14:14, Craig White wrote:
> > > On Sat, 2006-04-08 at 10:27 +0100, Anne Wilson wrote:
> > > > This box runs samba in order to serve up a public directory. I'm
> > > > seeing many lines in Logwatch that do not appear in the main server
> > > > Logwatch, and trying to understand what is causing them. I find this
> > > > puzzling, for instance:
> > > >
> > > > nmbd/nmbd_incomingrequests.c:process_name_query_request(454)
> > > > process_name_query_request: Name query from 192.168.0.80 on subnet
> > > > 192.168.0.70 for name LYDGATE.LAN<1d> : 91 Time(s)
> > > >
> > > > 192.168.0.70 is this box, and 192.168.0.80 was active for a
> > > > considerable time yesterday, but "on subnet 192.168.0.70" sounds odd?
> > > >
> > > > There are other lines that seem to suggest that it is trying to connect
> > > > to a windows active domain. There is a W2K box on the lan, for which I
> > > > have no access, so can't answer for its configuration, but again, I
> > > > don't see any such lines on the main server Logwatch.
> > > >
> > > > Both boxes have Logwatch set to level Low.
> > > >
> > > > I've tried googling, but although I've found dozens of entries with
> > > > similar phrases, none that I've read so far seem to fit my
> > > > circumstances. What I really need now is some suggestions for
> > > > troubleshooting this. I know I could just ignore them, but among all
> > > > that crud there could be hiding something that I need to see, but would
> > > > miss.
> > >
> > > ----
> > > yeah it does sound odd but perusing /var/log/samba/nmbd.log on a few
> > > servers - including those with multiple ip addresses shows that this is
> > > the terminology used in samba logging. I suppose to answer definitively,
> > > one would go through the source code.
> >
> > As a temporary measure I'll try to set exclude lines in Logwatch for the
> > most obvious groups of lines, in the hope that I can more easily see what
> > else is there.
> >
> I've hit a problem, seen in this report:
>
> Anacron job 'cron.daily'
> /etc/cron.daily/0logwatch:
>
> Quantifier follows nothing in regex; marked by <-- HERE in m/* <-- HERE
> winbindd*/ at /etc/cron.daily/0logwatch line 1113, <TESTFILE> line 2.
>
> Obviously this is not a file that I have altered in any way, so it has to be
> what it is reading that is the problem. The lines it refers to are
>
> IGNORE: for my $ignore_filter (@IGNORE) {
> chomp $ignore_filter;
> if ($ThisLine =~ m/$ignore_filter/) {
> $Ignored++;
> next LINE;
>
> I believe the line that it is objecting to was
> *winbindd*
>
> Presumably it doesn't like the '*' as a starting point. How, then, can I
> ignore all lines concerned with winbindd?
----
just guessing that you did some editing within the 'samba.conf' file in
the log.d services directory that maybe has caused this issue.
Craig
