≡ Menu

log messages

I've noticed lots of failed login attempt for my Debian Linux VPS root server account. How do I stop automated bot based SSH attacks on my server?
[click to continue…]

How do I block and stop attacks on ssh server under CentOS Linux or Red Hat Enterprise Linux server 5.x?
[click to continue…]

Q. I’m using Red hat Enterprise Linux server. I’m getting following error in /var/log/message file:

Apr 16 16:38:02 server ntpd[22694]: sendto(10.0.77.54): Bad file descriptor
Apr 16 16:38:08 server ntpd[22694]: sendto(66.111.46.200): Bad file descriptor
Apr 16 16:38:25 server ntpd[22694]: sendto(83.133.111.7): Bad file descriptor
Apr 16 16:38:28 server ntpd[22694]: sendto(81.169.156.100): Bad file descriptor

How do I fix above errors?

A. If you are seeing Bad file descriptor errors in /var/log/messages, make sure that only one instance of ntpd is running.

Step #1: Stop ntpd

Type the following command to stop ntpd:
# /etc/init.d/ntpd stop

Step #2: kill ntpd

Type the following command to kill all instance of ntpd:
# killall ntpd

Step #3: Start ntpd

# /etc/init.d/ntpd start

Step #4: Watch log file /var/log/messages

Use tail command:
# tail -f /var/log/messages
Output:

Apr 16 16:44:35 server ntpd[17549]: Listening on interface lo, 127.0.0.1#123
Apr 16 16:44:35 server ntpd[17549]: Listening on interface eth0, 10.5.123.2#123
Apr 16 16:44:35 server ntpd[17549]: Listening on interface eth1, 71.26.1.25#123
Apr 16 16:44:35 server ntpd[17549]: kernel time sync status 0040
Apr 16 16:44:36 server ntpd[17549]: frequency initialized -58.648 PPM from /var/lib/ntp/drift
Apr 16 16:47:52 server ntpd[17549]: synchronized to LOCAL(0), stratum 10
Apr 16 16:47:52 server ntpd[17549]: kernel time sync disabled 0041
Apr 16 16:47:52 server ntpd[17549]: synchronized to 71.26.2.221, stratum 1
Apr 16 16:50:00 server ntpd[17549]: synchronized to 10.0.77.54, stratum 

Iptables is not sending LOG to syslog file

Q. I am running SSH/MySQL/Webserver and setup iptables based firewall. But my logs are send to console rather than the system log files. How do make sure that iptables LOG target messages are send to /var/log/messages file?

A. IPTABLES LOG module turns on kernel logging of matching packets. When this option is set for a rule, the Linux kernel will print some information on all matching packets (like most IP header fields) via the kernel log where it can be read with
dmesg or syslogd.

You can configure level of logging with an option called --log-level level. For example, drop and LOG all incoming port 22 TCP, message:
iptables -I OUTPUT -j LOG --log-level crit -p tcp --dport 22

Read man pages of iptables and syslog.conf for more info.

I am a new Linux user. I would like to know where are the log files located under Debian/Ubuntu or CentOS/RHEL/Fedora Linux server? How do I open or view log files on Linux operating systems?
[click to continue…]