Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

logwatch fails #29

Closed
amacheema opened this Issue Mar 5, 2019 · 6 comments

Comments

Projects
None yet
2 participants
@amacheema
Copy link

amacheema commented Mar 5, 2019

  1. logwatch fails to run as --mailfrom is not a valid flag for logwatch command on debian 9
  2. logwatch fails to deliver mail due to message being too long, here is the fix:
    https://blog.dhampir.no/content/exim4-line-length-in-debian-stretch-mail-delivery-failed-returning-message-to-sender

@imthenachoman imthenachoman self-assigned this Mar 5, 2019

@imthenachoman

This comment has been minimized.

Copy link
Owner

imthenachoman commented Mar 6, 2019

Thanks.

  1. I removed --mailfrom since its not a valid command line option.
  2. Wow. That is a strange thing to implement. Thanks!

imthenachoman added a commit that referenced this issue Mar 6, 2019

@imthenachoman

This comment has been minimized.

Copy link
Owner

imthenachoman commented Mar 6, 2019

Out of curiosity, what version of logwatch do you have? Do you know what section had really long lines? I haven't had an issue so far...

@amacheema

This comment has been minimized.

Copy link
Author

amacheema commented Mar 6, 2019

Logwatch 7.4.3 (released 12/07/16)
The ufw/iptables logs produce really long lines.
Here is an example:
From 141.98.89.67 - 738 packets to tcp(1003,1024,1025,1030,1035,1047,1048,1065,1077,1079,1082,1083,1093,1094,1099,1 117,1124,1128,1140,1145,1169,1172,1175,1176,1180,1189,1191,1201,1217,1224,1232,1 243,1252,1269,1276,1279,1290,1293,1295,1305,1315,1316,1317,1321,1325,1331,1332,1 334,1336,1343,1373,1383,1394,1395,1397,1421,1424,1425,1431,1438,1442,1447,1449,1 465,1470,1473,1477,1481,1499,1501,1518,1522,1525,1528,1529,1540,1543,1565,1566,1 580,1581,1592,1594,1605,1623,1633,1644,1657,1658,1659,1670,1673,1674,1687,1696,1 698,1711,1726,1737,1748,1789,1829,1841,1870,1882,1918,1922,1923,1933,1963,1974,1 986,1988,1997,2015,2034,2038,2078,2130,2134,2145,2148,2171,2178,2179,2193,2223,2 230,2242,2264,2282,2283,2290,2323,2335,2339,2342,2345,2346,2374,2383,2387,2394,2 416,2420,2427,2435,2446,2457,2467,2468,2479,2487,2494,2502,2520,2531,2532,2534,2 539,2572,2583,2602,2624,2632,2638,2646,2654,2676,2684,2695,2717,2728,2765,2769,2 792,2794,2832,2847,2869,2873,2892,2899,2910,2925,3003,3093,3096,3148,3157,3159,3 208,3290,3296,3301,3307,3342,3345,3375,3384,3416,3424,3430,3441,3446,3452,3487,3 488,3495,3498,3499,3506,3528,3539,3550,3561,3569,3572,3581,3591,3592,3597,3600,3 611,3624,3651,3665,3685,3706,3707,3739,3744,3747,3755,3767,3775,3780,3789,3796,3 799,3800,3821,3829,3830,3841,3843,3848,3859,3865,3871,3882,3892,3898,3900,3901,3 912,3933,3945,3948,3952,3974,3985,4004,4013,4015,4016,4040,4043,4045,4046,4050,4 063,4078,4079,4083,4084,4090,4097,4098,4106,4109,4112,4120,4130,4149,4150,4161,4 172,4177,4183,4199,4202,4205,4213,4221,4224,4254,4257,4265,4276,4286,4294,4306,4 317,4322,4346,4347,4350,4352,4361,4369,4392,4399,4404,4407,4410,4414,4425,4427,4 442,4443,4444,4446,4450,4454,4457,4462,4468,4473,4506,4507,4509,4514,4519,4525,4 550,4555,4558,4561,4566,4572,4596,4600,4604,4610,4618,4630,4641,4654,4659,4670,4 692,4700,4717,4747,4751,4757,4774,4777,4799,4807,4809,4821,4834,4837,4851,4859,4 862,4867,4911,4924,4927,4941,4960,4966,4977,5007,5070,5121,5132,5152,5155,5173,5 174,5206,5207,5226,5247,5267,5271,5289,5297,5299,5300,5351,5363,5390,5393,5404,5 455,5456,5464,5486,5496,5507,5530,5538,5546,5568,5600,5601,5626,5630,5653,5665,5 673,5704,5708,5730,5743,5746,5756,5797,5829,5830,5854,5862,5864,5873,5875,5914,5 922,5927,5938,5966,5968,5998,6009,6015,6018,6027,6040,6061,6095,6098,6113,6124,6 130,6165,6196,6199,6204,6206,6212,6223,6264,6269,6275,6292,6310,6322,6328,6344,6 351,6358,6362,6393,6396,6403,6410,6414,6426,6432,6437,6473,6478,6497,6514,6519,6 529,6538,6548,6554,6570,6595,6601,6615,6619,6623,6628,6630,6638,6642,6645,6664,6 688,6690,6694,6705,6716,6735,6738,6768,6776,6779,6781,6792,6797,6831,6835,6850,6 872,6883,6891,6898,6931,6932,6935,6937,6943,6948,6954,6980,6984,6995,7028,7032,7 043,7080,7088,7099,7106,7108,7136,7147,7201,7203,7229,7233,7240,7247,7251,7255,7 264,7303,7333,7340,7344,7346,7351,7444,7504,7508,7549,7552,7556,7559,7569,7593,7 604,7606,7610,7611,7656,7660,7669,7692,7693,7738,7742,7744,7755,7774,7783,7794,7 816,7820,7831,7846,7849,7866,7868,7889,7898,7905,7918,7948,7950,7982,7987,7989,7 998,8000,8002,8023,8028,8063,8067,8069,8075,8095,8099,8108,8115,8132,8151,8162,8 167,8169,8180,8184,8199,8214,8229,8271,8277,8281,8301,8303,8307,8322,8333,8348,8 352,8353,8363,8370,8405,8411,8422,8437,8452,8456,8463,8489,8498,8508,8516,8571,8 602,8608,8612,8623,8634,8642,8655,8664,8666,8716,8729,8746,8753,8757,8759,8790,8 805,8861,8891,8893,8915,8920,8949,8954,8965,9006,9047,9049,9079,9120,9130,9131,9 140,9161,9182,9187,9203,9212,9223,9226,9233,9234,9239,9285,9306,9357,9358,9368,9 371,9378,9379,9380,9382,9410,9421,9431,9434,9469,9473,9475,9484,9514,9521,9523,9 524,9527,9534,9566,9576,9607,9659,9670,9680,9720,9724,9729,9731,9732,9733,9773,9 781,9783,9784,9813,9824,9825,9855,9877,9878,9882,9907,9918,9919,9926,9928,9959,9 964,9969,9981)

@imthenachoman

This comment has been minimized.

Copy link
Owner

imthenachoman commented Mar 6, 2019

wow. i have never seen anything like that. crazy. do you know what app/process would yield something like that?

@amacheema

This comment has been minimized.

Copy link
Author

amacheema commented Mar 6, 2019

It seems like someone is scanning my server's ports to see if they are open. It is a dedicated debian box I run out of a datacenter. The IP is known bad IP and is on many blocklists.

@imthenachoman

This comment has been minimized.

Copy link
Owner

imthenachoman commented Mar 6, 2019

Wow. That's nuts. I work in one leg of cybersecurity and folks always ask why security matters. They don't believe me when I tell them how many bad-actors there are out there trying to find cracks in the wall. I fixed the issue with the latest update so I'll close this. I also added the long line fix to the exim4 section cause I kinda figured it should be set regardless. Let me know if I missed anything.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.