10-02-2001
Yeah, those logs could be not only Nimda, but a "code Red" variant, or somebody scanning like heck trying to break into a server that code red already rooted. If they're from similar ( or the same ) IP address, it's most likely somebody in your subnet affected - I think Nimda only scans the 16 address above and below theirs (I may be confusing this with another worm, though).
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
i am trying to figure a way to email my access_log twice a month to myself right before the system zeros it.
using crontab is the way to go, but the command to get mail to do the job is my problem.
#-------------------------------------------
#0-59 0-23 1-31 1-12 0-6 (0=Sunday)
#min hour... (3 Replies)
Discussion started by: dayglow
3 Replies
2. Solaris
hi sirs
can u tell the difference between /var/log/syslogs and /var/adm/messages
in my working place i am having two servers.
in one servers messages file is empty and syslog file is going on increasing..
and in another servers message file is going on increasing but syslog file is... (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies
3. UNIX for Advanced & Expert Users
The /var/adm/messages in Solaris seem to log more system messages/errors compared to /var/log/messages in Linux.
I checked the log level in Linux and they seem OK.
Is there any other log file that contains the messages or is it just that Linux doesn't log great many things? (2 Replies)
Discussion started by: gomes1333
2 Replies
4. Emergency UNIX and Linux Support
Hello All, On my SuSE system, I have wtmp log this log file permission is 644 but every reboot the file permission rollback to 664. In the logrotate.conf and logrotate.d/wtmp files the wtmp logrotate set to 644. I would like to know, which "file" or "script" modify the wtmp log to rollback to... (7 Replies)
Discussion started by: kalaso
7 Replies
5. Solaris
Hi,
Is the contents in /var/log/syslog and /var/adm/messages are same??
Regards (3 Replies)
Discussion started by: vks47
3 Replies
6. Shell Programming and Scripting
How can view log messages between two time frame from /var/log/message or any type of log files.
when logfiles are very big and especially many messages with in few minutes, I would like to display log messages between 5 minute interval.
Could you pls give me the command? (1 Reply)
Discussion started by: johnveslin
1 Replies
7. HP-UX
AM in need of some plugin/script that can monitor HP-UX file "/var/opt/resmon/log/event.log" .
Have written a scrip in sh shell that is working fine for syslog.log and mail.log as having standard format, have interrogated that to Nagios and is working as I required .
But same script failed to... (3 Replies)
Discussion started by: Shirishlnx
3 Replies
8. Shell Programming and Scripting
Hello, my website under http get attack.
When i check the access_log i can see like this.
xx.xxx.xxx.xxx - - "GET //wp-admin/blabla/test.php?jASHSSAsgaGSAgsASGIGIG HTTP/1.1" 200 0 "-" "-"
xxx.xxx.x.xx - - "GET //wp-admin/blabla/test.php?jASHSSAsgaGSAgsASGIGIG HTTP/1.1" 200 0 "-" "-"
... (3 Replies)
Discussion started by: SAYGIN
3 Replies
9. Shell Programming and Scripting
Below is my script to log all the command input by any user to /var/log/messages. But I cant achieve the desired output that i want. PLease see below.
function log2syslog
{
declare COMMAND
COMMAND=$(fc -ln -0)
logger -p local1.notice -t bash -i -- "$USER:$COMMAND"
}
trap... (12 Replies)
Discussion started by: invinzin21
12 Replies
10. Shell Programming and Scripting
I have been searching and reading about syslog. I would like to know how to Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog.
tail -f /var/log/messages
dblogger: msg_to_dbrow: no logtype using missing
dblogger: msg_to_dbrow_str: val ==... (2 Replies)
Discussion started by: kenshinhimura
2 Replies
LEARN ABOUT DEBIAN
micro-httpd
micro-httpd(8) User Commands micro-httpd(8)
NAME
micro-httpd - really small HTTP server
SYNOPSIS
micro-httpd DIRECTORY
OPTIONS
None.
DESCRIPTION
micro-httpd is a very small HTTP server all in 150 lines of code. It runs from inetd, which means its performance is poor. But for low-
traffic sites, it is quite adequate. It implements all the basic features of an HTTP server, including:
* Security against ".." filename snooping.
* The common MIME types.
* Trailing-slash redirection.
* index.html
* Directory listings.
To install it, add a line like this to /etc/inetd.conf:
micro-http stream tcp nowait nobody
/usr/sbin/micro-httpd micro-httpd dir
Make sure the path to the executable is correct, and change "dir" to be the directory you want to serve. You could add line like this to
/etc/services:
micro-http port/tcp #Micro HTTP server
Change "port" to the port number you want to use: 80, 8000, whatever. Restart inetd by sending it a "HUP" signal.
On some systems, inetd has a maximum spawn rate - if you try to run inetd services faster than a certain number of times per minute, it
assumed there is either a bug of an attack going on and it shuts down for a few minutes. If you run into this problem - look for syslog
messages about too-rapid looping - you will need to find out how to increase the limit. Unfortunately this varies from OS to OS. On
FreeBSD, you add a "-R 10000" flag to inetd's initial command line. On some Linux systems, you can set the limit on a per-service basis in
inetd.conf, by changing "nowait" to "nowait.10000".
Note that you can use micro-httpd to serve HTTPS, if you like, by running it from stunnel. First fetch and install stunnel - FreeBSD users
can just go to /usr/ports/security/stunnel and do a "make cert ; make install". Then as root run:
stunnel -p /usr/local/certs/stunnel.pem -d 443 -l
/usr/sbin/micro-httpd -- micro-httpd dir
Make sure the paths to the certificate and executable are correct, and again don not forget to change "dir" to the directory you want to
serve.
ENVIRONMENT
None.
FILES
None.
SEE ALSO
inetd(8) micro-inetd(8) xinetd(8)
AUTHORS
Copyright (C) 1999 Jef Poskanzer <jef@mail.acme.com>. All rights reserved.
This manual page was updated by Jari Aalto <jari.aalto@cante.net>. Released under license GNU GPL v2 or (at your option) any later
version. For more information about license, visit <http://www.gnu.org/copyleft/gpl.html>.
micro-httpd 2012-04-03 micro-httpd(8)