From OSSEC Wiki

Jump to: navigation, search

smeserver is a linux distro based on centos that is designed to be a easy to use all in one small business server and gateway. [1] is the official site. The community site with the support forums, bug trackers etc. and manuals is at [2].

Many of the logs used by smeserver appear to use multilog from dbj [3]. Below are some samples of the various logs generated by the default gateway server: 

[root@gluon log]# tail dhcpd/current
@4000000046387cf7233fac8c DHCPREQUEST for 192.168.100.5 from 00:08:02:1e:ab:b5 via eth0
@4000000046387cf7233fcbcc DHCPACK on 192.168.100.5 to 00:08:02:1e:ab:b5 via eth0
@4000000046387fda22ab86c4 DHCPINFORM from 192.168.100.243 via eth0
@4000000046387fda22aba604 DHCPACK to 192.168.100.243
@400000004638802c185ae6c4 DHCPREQUEST for 192.168.100.243 from 00:0e:7f:62:b3:58 (hadron) via eth0
@400000004638802c185b0604 DHCPACK on 192.168.100.243 to 00:0e:7f:62:b3:58 (hadron) via eth0
@40000000463881c634c0c0cc DHCPREQUEST for 192.168.100.20 from 00:01:e6:31:a0:e5 via eth0
@40000000463881c634c0e00c DHCPACK on 192.168.100.20 to 00:01:e6:31:a0:e5 via eth0
@400000004638850704f5ad1c DHCPINFORM from 192.168.100.243 via eth0
@400000004638850704f5cc5c DHCPACK to 192.168.100.243

[root@gluon log]# tail -50 imaps/current
@400000004638894032379164 tcpsvd: info: end 22682 exit 0
@40000000463889403237a4ec tcpsvd: info: status 2/400
@400000004638894c386ee834 sslio[22667]: info: bytes in: 1262
@400000004638894c386f0b5c sslio[22667]: info: bytes ou: 76382
@400000004638894c386f1ee4 tcpsvd: info: end 22667 exit 0
@400000004638894c386f3654 tcpsvd: info: status 1/400
@400000004638899a0ce064f4 tcpsvd: info: status 2/400
@400000004638899a0ce08434 tcpsvd: info: pid 22692 from 216.12.89.52
@400000004638899a0ce097bc tcpsvd: info: concurrency 22692 216.12.89.52 2/6
@400000004638899a0ce0ab44 tcpsvd: info: start 22692 0:216.12.13.52 ::216.12.89.52:52853 ./peers/0
@400000004638899a0ce0c2b4 imapfront-auth[22692]: * OK imapfront ready.
@400000004638899a20372b64 imapfront-auth[22692]: * CAPABILITY IMAP4rev1 AUTH=LOGIN SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN LISTEXT LIST-SUBSCRIBED
@400000004638899a20375274 imapfront-auth[22692]: 3aod OK CAPABILITY completed
@40000000463889c5152e0134 sslio[22687]: info: bytes in: 7641
@40000000463889c5152e245c sslio[22687]: info: bytes ou: 134507
@40000000463889c5152e37e4 tcpsvd: info: end 22687 exit 0
@40000000463889c5152e4b6c tcpsvd: info: status 1/400
@4000000046388a402a244ea4 tcpsvd: info: status 2/400
@4000000046388a402a246de4 tcpsvd: info: pid 22735 from 216.12.89.52
@4000000046388a402a24816c tcpsvd: info: concurrency 22735 216.12.89.52 2/6
@4000000046388a402a2494f4 tcpsvd: info: start 22735 0:216.12.13.52 ::216.12.89.52:55851 ./peers/0
@4000000046388a402a24ac64 imapfront-auth[22735]: * OK imapfront ready.
@4000000046388a410196ce94 imapfront-auth[22735]: * CAPABILITY IMAP4rev1 AUTH=LOGIN SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN LISTEXT LIST-SUBSCRIBED
@4000000046388a410196f1bc imapfront-auth[22735]: mh7m OK CAPABILITY completed
@4000000046388a8c372731ac sslio[22692]: info: bytes in: 4257
@4000000046388a8c372754d4 sslio[22692]: info: bytes ou: 39557
@4000000046388a8c372da21c tcpsvd: info: end 22692 exit 0
@4000000046388a8c372db98c tcpsvd: info: status 1/400
@4000000046388c9b12a6c9b4 tcpsvd: info: status 2/400
@4000000046388c9b12a6e8f4 tcpsvd: info: pid 22853 from 216.12.89.52
@4000000046388c9b12a6fc7c tcpsvd: info: concurrency 22853 216.12.89.52 2/6
@4000000046388c9b12a71004 tcpsvd: info: start 22853 0:216.12.13.52 ::216.12.89.52:1936 ./peers/0
@4000000046388c9b12a7238c imapfront-auth[22853]: * OK imapfront ready.
@4000000046388c9b2415bd54 imapfront-auth[22853]: * CAPABILITY IMAP4rev1 AUTH=LOGIN SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN LISTEXT LIST-SUBSCRIBED
@4000000046388c9b2415e07c imapfront-auth[22853]: 4ssg OK CAPABILITY completed
@4000000046388c9b3a83b2bc tcpsvd: info: status 3/400
@4000000046388c9b3a83d1fc tcpsvd: info: pid 22855 from 216.12.89.52
@4000000046388c9b3a83e584 tcpsvd: info: concurrency 22855 216.12.89.52 3/6
@4000000046388c9b3a83fcf4 tcpsvd: info: start 22855 0:216.12.13.52 ::216.12.89.52:1948 ./peers/0
@4000000046388c9b3a84107c imapfront-auth[22855]: * OK imapfront ready.
@4000000046388c9c0f663ce4 imapfront-auth[22855]: * CAPABILITY IMAP4rev1 AUTH=LOGIN SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN LISTEXT LIST-SUBSCRIBED
@4000000046388c9c0f66600c imapfront-auth[22855]: w2zr OK CAPABILITY completed
@4000000046388ccb1274fbb4 sslio[22855]: info: bytes in: 7871
@4000000046388ccb12751af4 sslio[22855]: info: bytes ou: 166299
@4000000046388ccb12752e7c tcpsvd: info: end 22855 exit 0
@4000000046388ccb12753e1c tcpsvd: info: status 2/400
@4000000046388ccb12a95ddc sslio[22853]: info: bytes in: 599
@4000000046388ccb12a9afe4 sslio[22853]: info: bytes ou: 3373
@4000000046388ccb12a9c36c tcpsvd: info: end 22853 exit 0
@4000000046388ccb12aa2514 tcpsvd: info: status 1/400

[root@gluon log]# tail -50 iptables/current
@4000000046388eaa2d0f3d7c May  2 09:14:08 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5373 PROTO=UDP SPT=2112 DPT=1434 LEN=9
@4000000046388eb22e4661d4 May  2 09:14:16 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5380 PROTO=UDP SPT=2113 DPT=1434 LEN=9
@4000000046388eba30377ba4 May  2 09:14:24 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5381 PROTO=UDP SPT=2114 DPT=1434 LEN=9
@4000000046388ebe1c2e0ed4 May  2 09:14:28 gluon denylog: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:10:63:71:93:3d:08:00  SRC=216.12.21.176 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=0 PROTO=0
@4000000046388ec2320fe524 May  2 09:14:32 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5382 PROTO=UDP SPT=2115 DPT=1434 LEN=9
@4000000046388ec30a57ed24 May  2 09:14:33 gluon denylog: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:13:46:40:a7:a3:08:00  SRC=216.12.15.233 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=186 PROTO=0
@4000000046388ec90e021cec May  2 09:14:39 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:65:32:07:06:08:00  SRC=216.12.17.5 DST=255.255.255.255 LEN=123 TOS=00 PREC=0x00 TTL=255 ID=23557 DF PROTO=UDP SPT=1024 DPT=514 LEN=103
@4000000046388eca2dd6fe34 May  2 09:14:40 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5383 PROTO=UDP SPT=2116 DPT=1434 LEN=9
@4000000046388ed119c55bd4 May  2 09:14:47 gluon denylog: IN=eth1 OUT= MAC=00:01:02:45:9e:f2:00:30:b6:c0:99:40:08:00  SRC=220.233.108.216 DST=216.12.13.52 LEN=42 TOS=00 PREC=0x00 TTL=115 ID=21310 PROTO=UDP SPT=10514 DPT=49162 LEN=22
@4000000046388ed11a4bae8c May  2 09:14:47 gluon denylog: IN=eth1 OUT= MAC=00:01:02:45:9e:f2:00:30:b6:c0:99:40:08:00  SRC=220.233.108.216 DST=216.12.13.52 LEN=46 TOS=00 PREC=0x00 TTL=115 ID=21312 PROTO=UDP SPT=10514 DPT=49162 LEN=26
@4000000046388ed22f2a5164 May  2 09:14:48 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5384 PROTO=UDP SPT=2117 DPT=1434 LEN=9
@4000000046388ed4302a8f0c May  2 09:14:50 gluon denylog: IN=eth1 OUT= MAC=00:01:02:45:9e:f2:00:30:b6:c0:99:40:08:00  SRC=220.233.108.216 DST=216.12.13.52 LEN=42 TOS=00 PREC=0x00 TTL=115 ID=21497 PROTO=UDP SPT=10514 DPT=49162 LEN=22
@4000000046388ed61c3828c4 May  2 09:14:52 gluon denylog: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:10:63:71:93:3d:08:00  SRC=216.12.21.176 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=0 PROTO=0
@4000000046388ed804dde72c May  2 09:14:54 gluon denylog: IN=eth1 OUT= MAC=00:01:02:45:9e:f2:00:30:b6:c0:99:40:08:00  SRC=220.233.108.216 DST=216.12.13.52 LEN=42 TOS=00 PREC=0x00 TTL=115 ID=21655 PROTO=UDP SPT=10514 DPT=49162 LEN=22
@4000000046388eda09ddeac4 May  2 09:14:56 gluon denylog: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:13:46:40:a7:a3:08:00  SRC=216.12.15.233 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=187 PROTO=0
@4000000046388eda34ff312c May  2 09:14:56 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5385 PROTO=UDP SPT=2118 DPT=1434 LEN=9
@4000000046388edb274ac104 May  2 09:14:57 gluon denylog: IN=eth1 OUT= MAC=00:01:02:45:9e:f2:00:30:b6:c0:99:40:08:00  SRC=220.233.108.216 DST=216.12.13.52 LEN=42 TOS=00 PREC=0x00 TTL=115 ID=21855 PROTO=UDP SPT=10514 DPT=49162 LEN=22
@4000000046388edb28a67c8c May  2 09:14:57 gluon denylog: IN=eth1 OUT= MAC=00:01:02:45:9e:f2:00:30:b6:c0:99:40:08:00  SRC=220.233.108.216 DST=216.12.13.52 LEN=46 TOS=00 PREC=0x00 TTL=115 ID=21858 PROTO=UDP SPT=10514 DPT=49162 LEN=26
@4000000046388ee22cee47fc May  2 09:15:04 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5392 PROTO=UDP SPT=2119 DPT=1434 LEN=9
@4000000046388ee525d061bc May  2 09:15:07 gluon denylog: IN=eth1 OUT= MAC=00:01:02:45:9e:f2:00:30:b6:c0:99:40:08:00  SRC=220.233.108.216 DST=216.12.13.52 LEN=46 TOS=00 PREC=0x00 TTL=115 ID=22307 PROTO=UDP SPT=10514 DPT=49162 LEN=26
@4000000046388eea2e3a01dc May  2 09:15:12 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5393 PROTO=UDP SPT=2120 DPT=1434 LEN=9
@4000000046388eee1c34544c May  2 09:15:16 gluon denylog: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:10:63:71:93:3d:08:00  SRC=216.12.21.176 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=0 PROTO=0
@4000000046388eef1dbf12fc May  2 09:15:17 gluon denylog: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:13:46:40:a7:a3:08:00  SRC=216.12.15.233 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=188 PROTO=0
@4000000046388ef2300fc3ac May  2 09:15:20 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5394 PROTO=UDP SPT=2121 DPT=1434 LEN=9
@4000000046388efa31db447c May  2 09:15:28 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5395 PROTO=UDP SPT=2122 DPT=1434 LEN=9
@4000000046388f022dcc0984 May  2 09:15:36 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5396 PROTO=UDP SPT=2123 DPT=1434 LEN=9
@4000000046388f061fb312fc May  2 09:15:40 gluon denylog: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:10:63:71:93:3d:08:00  SRC=216.12.21.176 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=0 PROTO=0
@4000000046388f0736e4641c May  2 09:15:41 gluon denylog: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:13:46:40:a7:a3:08:00  SRC=216.12.15.233 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=189 PROTO=0
@4000000046388f0b285566bc May  2 09:15:45 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5403 PROTO=UDP SPT=2124 DPT=1434 LEN=9
@4000000046388f123212bbb4 May  2 09:15:52 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5404 PROTO=UDP SPT=2125 DPT=1434 LEN=9
@4000000046388f1a2cfa9854 May  2 09:16:00 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5405 PROTO=UDP SPT=2126 DPT=1434 LEN=9
@4000000046388f1e1c463e3c May  2 09:16:04 gluon denylog: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:10:63:71:93:3d:08:00  SRC=216.12.21.176 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=0 PROTO=0
@4000000046388f1f26fb5114 May  2 09:16:05 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:65:32:07:06:08:00  SRC=216.12.17.5 DST=255.255.255.255 LEN=123 TOS=00 PREC=0x00 TTL=255 ID=23559 DF PROTO=UDP SPT=1024 DPT=514 LEN=103
@4000000046388f222ed9fafc May  2 09:16:08 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5406 PROTO=UDP SPT=2127 DPT=1434 LEN=9
@4000000046388f253225bafc May  2 09:16:11 gluon denylog: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:13:46:40:a7:a3:08:00  SRC=216.12.15.233 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=190 PROTO=0
@4000000046388f2a2ff9c2dc May  2 09:16:16 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5407 PROTO=UDP SPT=2128 DPT=1434 LEN=9
@4000000046388f3231dfe7fc May  2 09:16:24 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5408 PROTO=UDP SPT=2129 DPT=1434 LEN=9
@4000000046388f361c49b4f4 May  2 09:16:28 gluon denylog: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:10:63:71:93:3d:08:00  SRC=216.12.21.176 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=0 PROTO=0
@4000000046388f3a2eed159c May  2 09:16:32 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5415 PROTO=UDP SPT=2130 DPT=1434 LEN=9
@4000000046388f3c2b22e66c May  2 09:16:34 gluon denylog: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:13:46:40:a7:a3:08:00  SRC=216.12.15.233 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=191 PROTO=0
@4000000046388f422f0fc09c May  2 09:16:40 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5416 PROTO=UDP SPT=2131 DPT=1434 LEN=9
@4000000046388f4a30f702e4 May  2 09:16:48 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5417 PROTO=UDP SPT=2132 DPT=1434 LEN=9
@4000000046388f4e1c41c99c May  2 09:16:52 gluon denylog: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:10:63:71:93:3d:08:00  SRC=216.12.21.176 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=0 PROTO=0
@4000000046388f5025cc1044 May  2 09:16:54 gluon denylog: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:13:46:40:a7:a3:08:00  SRC=216.12.15.233 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=192 PROTO=0
@4000000046388f5312678664 May  2 09:16:57 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5418 PROTO=UDP SPT=2133 DPT=1434 LEN=9
@4000000046388f5a2e183d54 May  2 09:17:04 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5419 PROTO=UDP SPT=2134 DPT=1434 LEN=9
@4000000046388f622fe58efc May  2 09:17:12 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5420 PROTO=UDP SPT=2135 DPT=1434 LEN=9
@4000000046388f661c50b5ec May  2 09:17:16 gluon denylog: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:10:63:71:93:3d:08:00  SRC=216.12.21.176 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=0 PROTO=0
@4000000046388f6a32e935f4 May  2 09:17:20 gluon denylog: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:15:c5:55:aa:9f:08:00  SRC=216.12.18.89 DST=255.255.255.255 LEN=29 TOS=00 PREC=0x00 TTL=128 ID=5427 PROTO=UDP SPT=2136 DPT=1434 LEN=9
@4000000046388f6e27a84a54 May  2 09:17:24 gluon denylog: IN=eth1 OUT= MAC=01:00:5e:00:00:01:00:13:46:40:a7:a3:08:00  SRC=216.12.15.233 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=193 PROTO=0


<nowiki>[root@gluon log]# tail -25 sshd/current
@4000000046340a3d2fe3d1ac Postponed publickey for root from 192.168.100.2 port 33059 ssh2
@4000000046340a3d30efb7b4 Accepted publickey for root from 192.168.100.2 port 33059 ssh2
@4000000046340a3d30efd30c Accepted publickey for root from 192.168.100.2 port 33059 ssh2
@4000000046355bc00577b244 Postponed publickey for root from 192.168.100.2 port 33086 ssh2
@4000000046355bc006c7503c Accepted publickey for root from 192.168.100.2 port 33086 ssh2
@4000000046355bc006c76f7c Accepted publickey for root from 192.168.100.2 port 33086 ssh2
@400000004636ad3c31b14294 Postponed publickey for root from 192.168.100.2 port 33108 ssh2
@400000004636ad3c32ea10b4 Accepted publickey for root from 192.168.100.2 port 33108 ssh2
@400000004636ad3c32ea2ff4 Accepted publickey for root from 192.168.100.2 port 33108 ssh2
@400000004637febc310a969c Postponed publickey for root from 192.168.100.2 port 33133 ssh2
@400000004637febc32c444ec Accepted publickey for root from 192.168.100.2 port 33133 ssh2
@400000004637febc32c4642c Accepted publickey for root from 192.168.100.2 port 33133 ssh2
@4000000046388d8830382f54 Postponed publickey for jlewis from 216.12.89.52 port 6262 ssh2
@4000000046388d883436c0ac Accepted publickey for jlewis from 216.12.89.52 port 6262 ssh2
@4000000046388d883446510c Accepted publickey for jlewis from 216.12.89.52 port 6262 ssh2
@4000000046388fdf39cef14c Invalid user bruteforce from 216.12.89.52
@4000000046388fdf39cf1474 input_userauth_request: invalid user bruteforce
@4000000046388fdf39cf27fc Failed none for invalid user bruteforce from 216.12.89.52 port 17994 ssh2
@4000000046388fe40e847034 Failed password for invalid user bruteforce from 216.12.89.52 port 17994 ssh2
@4000000046388fe40e84935c Failed password for invalid user bruteforce from 216.12.89.52 port 17994 ssh2
@4000000046388fe81e395f94 Failed password for invalid user bruteforce from 216.12.89.52 port 17994 ssh2
@4000000046388fe81e3b7aa4 Failed password for invalid user bruteforce from 216.12.89.52 port 17994 ssh2
@4000000046388fec08a8ba6c Failed password for invalid user bruteforce from 216.12.89.52 port 17994 ssh2
@4000000046388fec08a8dd94 Failed password for invalid user bruteforce from 216.12.89.52 port 17994 ssh2
@4000000046388fec08a8f11c Disconnecting: Too many authentication failures for bruteforce
Retrieved from "http://ossec.net/wiki/Log_Samples_smeserver"
Views
Personal tools