Logwatch puzzles
Anne Wilson
cannewilson at tiscali.co.uk
Sun Apr 9 09:52:42 UTC 2006
On Saturday 08 April 2006 15:25, Anne Wilson wrote:
> On Saturday 08 April 2006 14:14, Craig White wrote:
> > On Sat, 2006-04-08 at 10:27 +0100, Anne Wilson wrote:
> > > This box runs samba in order to serve up a public directory. I'm
> > > seeing many lines in Logwatch that do not appear in the main server
> > > Logwatch, and trying to understand what is causing them. I find this
> > > puzzling, for instance:
> > >
> > > nmbd/nmbd_incomingrequests.c:process_name_query_request(454)
> > > process_name_query_request: Name query from 192.168.0.80 on subnet
> > > 192.168.0.70 for name LYDGATE.LAN<1d> : 91 Time(s)
> > >
> > > 192.168.0.70 is this box, and 192.168.0.80 was active for a
> > > considerable time yesterday, but "on subnet 192.168.0.70" sounds odd?
> > >
> > > There are other lines that seem to suggest that it is trying to connect
> > > to a windows active domain. There is a W2K box on the lan, for which I
> > > have no access, so can't answer for its configuration, but again, I
> > > don't see any such lines on the main server Logwatch.
> > >
> > > Both boxes have Logwatch set to level Low.
> > >
> > > I've tried googling, but although I've found dozens of entries with
> > > similar phrases, none that I've read so far seem to fit my
> > > circumstances. What I really need now is some suggestions for
> > > troubleshooting this. I know I could just ignore them, but among all
> > > that crud there could be hiding something that I need to see, but would
> > > miss.
> >
> > ----
> > yeah it does sound odd but perusing /var/log/samba/nmbd.log on a few
> > servers - including those with multiple ip addresses shows that this is
> > the terminology used in samba logging. I suppose to answer definitively,
> > one would go through the source code.
>
> As a temporary measure I'll try to set exclude lines in Logwatch for the
> most obvious groups of lines, in the hope that I can more easily see what
> else is there.
>
I've hit a problem, seen in this report:
Anacron job 'cron.daily'
/etc/cron.daily/0logwatch:
Quantifier follows nothing in regex; marked by <-- HERE in m/* <-- HERE
winbindd*/ at /etc/cron.daily/0logwatch line 1113, <TESTFILE> line 2.
Obviously this is not a file that I have altered in any way, so it has to be
what it is reading that is the problem. The lines it refers to are
IGNORE: for my $ignore_filter (@IGNORE) {
chomp $ignore_filter;
if ($ThisLine =~ m/$ignore_filter/) {
$Ignored++;
next LINE;
I believe the line that it is objecting to was
*winbindd*
Presumably it doesn't like the '*' as a starting point. How, then, can I
ignore all lines concerned with winbindd?
Anne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20060409/31a707c7/attachment-0002.bin
More information about the users
mailing list