设为首页收藏本站

LinuxSir.cn,穿越时空的Linuxsir!

 找回密码
 注册
搜索
热搜: shell linux mysql
LinuxSir.cn,穿越时空的Linuxsir!»论坛 运维技术 —— LinuxSir.cn 服务器架设、应用、维护 了解linux服务器的安全状况,应该从那些日志文件入手? ...
返回列表 发新帖
查看: 1120|回复: 4

了解linux服务器的安全状况,应该从那些日志文件入手?有没有比较直观的工具?

[复制链接]
turbo123
发表于 2002-11-8 10:40:11 | 显示全部楼层 |阅读模式
怎样知道是否有人企图攻击服务器?
怎样指导是否有人攻击成功?
从那些文件可以看出来?
有什么比较直观的工具来分析吗?谢谢!
回复

使用道具 举报

turbo123
 楼主| 发表于 2002-11-8 10:44:31 | 显示全部楼层
这里有我的2个日志文件,都是在夜里无人时产生的纪录,因为服务器还在测试阶段,没有做过宣传,应该不会有人知道,请大家看看这些访问纪录都是在座什么?
最好可以简单的介绍一下如何来读日志文件,以后我就可以自己分析了!谢谢!

maillog文件!!
Nov  8 02:00:04 me qmail: 1036692004.950572 new msg 30243724
Nov  8 02:00:04 me qmail: 1036692004.950898 info msg 30243724: bytes 469 from <anonymous@me.com> qp 813 uid 0
Nov  8 02:00:04 me qmail: 1036692004.954953 starting delivery 8: msg 30243724 to local me.com-root@me.com
Nov  8 02:00:04 me qmail: 1036692004.955116 status: local 1/10 remote 0/20
Nov  8 02:00:04 me qmail: 1036692004.976175 delivery 8: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 02:00:04 me qmail: 1036692004.976342 status: local 0/10 remote 0/20
Nov  8 02:00:04 me qmail: 1036692004.984370 bounce msg 30243724 qp 816
Nov  8 02:00:04 me qmail: 1036692004.984539 end msg 30243724
Nov  8 02:00:04 me qmail: 1036692004.986874 new msg 30243725
Nov  8 02:00:04 me qmail: 1036692004.987136 info msg 30243725: bytes 1034 from <> qp 816 uid 508
Nov  8 02:00:04 me qmail: 1036692004.991587 starting delivery 9: msg 30243725 to local me.com-anonymous@me.com
Nov  8 02:00:04 me qmail: 1036692004.992044 status: local 1/10 remote 0/20
Nov  8 02:00:05 me qmail: 1036692005.009292 delivery 9: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 02:00:05 me qmail: 1036692005.011103 status: local 0/10 remote 0/20
Nov  8 02:00:05 me qmail: 1036692005.018622 bounce msg 30243725 qp 819
Nov  8 02:00:05 me qmail: 1036692005.019585 end msg 30243725
Nov  8 02:00:05 me qmail: 1036692005.021696 new msg 30243724
Nov  8 02:00:05 me qmail: 1036692005.022497 info msg 30243724: bytes 1509 from <#@[]> qp 819 uid 508
Nov  8 02:00:05 me qmail: 1036692005.027116 starting delivery 10: msg 30243724 to local me.com-postmaster@me.com
Nov  8 02:00:05 me qmail: 1036692005.027592 status: local 1/10 remote 0/20
Nov  8 02:00:05 me qmail: 1036692005.046408 delivery 10: success: did_0+0+1/
Nov  8 02:00:05 me qmail: 1036692005.047727 status: local 0/10 remote 0/20
Nov  8 02:00:05 me qmail: 1036692005.048480 end msg 30243724
Nov  8 02:01:01 me qmail: 1036692061.531863 new msg 30243724
Nov  8 02:01:01 me qmail: 1036692061.532044 info msg 30243724: bytes 3262 from <root@me.com> qp 849 uid 0
Nov  8 02:01:01 me qmail: 1036692061.537680 starting delivery 11: msg 30243724 to local me.com-root@me.com
Nov  8 02:01:01 me qmail: 1036692061.537841 status: local 1/10 remote 0/20
Nov  8 02:01:01 me qmail: 1036692061.580807 delivery 11: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 02:01:01 me qmail: 1036692061.580973 status: local 0/10 remote 0/20
Nov  8 02:01:01 me qmail: 1036692061.589431 bounce msg 30243724 qp 856
Nov  8 02:01:01 me qmail: 1036692061.589601 end msg 30243724
Nov  8 02:01:01 me qmail: 1036692061.591948 new msg 30243725
Nov  8 02:01:01 me qmail: 1036692061.592209 info msg 30243725: bytes 3817 from <> qp 856 uid 508
Nov  8 02:01:01 me qmail: 1036692061.596674 starting delivery 12: msg 30243725 to local me.com-root@me.com
Nov  8 02:01:01 me qmail: 1036692061.596828 status: local 1/10 remote 0/20
Nov  8 02:01:01 me qmail: 1036692061.614206 delivery 12: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 02:01:01 me qmail: 1036692061.615976 status: local 0/10 remote 0/20
Nov  8 02:01:01 me qmail: 1036692061.623970 bounce msg 30243725 qp 859
Nov  8 02:01:01 me qmail: 1036692061.624930 end msg 30243725
Nov  8 02:01:01 me qmail: 1036692061.626989 new msg 30243724
Nov  8 02:01:01 me qmail: 1036692061.627789 info msg 30243724: bytes 4287 from <#@[]> qp 859 uid 508
Nov  8 02:01:01 me qmail: 1036692061.632452 starting delivery 13: msg 30243724 to local me.com-postmaster@me.com
Nov  8 02:01:01 me qmail: 1036692061.632926 status: local 1/10 remote 0/20
Nov  8 02:01:01 me qmail: 1036692061.651491 delivery 13: success: did_0+0+1/
Nov  8 02:01:01 me qmail: 1036692061.652816 status: local 0/10 remote 0/20
Nov  8 02:01:01 me qmail: 1036692061.653569 end msg 30243724
Nov  8 03:01:00 me qmail: 1036695660.678250 new msg 30243724
Nov  8 03:01:00 me qmail: 1036695660.678434 info msg 30243724: bytes 1619 from <root@me.com> qp 890 uid 0
Nov  8 03:01:00 me qmail: 1036695660.683724 starting delivery 14: msg 30243724 to local me.com-root@me.com
Nov  8 03:01:00 me qmail: 1036695660.683885 status: local 1/10 remote 0/20
Nov  8 03:01:00 me qmail: 1036695660.717181 delivery 14: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 03:01:00 me qmail: 1036695660.717344 status: local 0/10 remote 0/20
Nov  8 03:01:00 me qmail: 1036695660.726057 bounce msg 30243724 qp 898
Nov  8 03:01:00 me qmail: 1036695660.726225 end msg 30243724
Nov  8 03:01:00 me qmail: 1036695660.728464 new msg 30243725
Nov  8 03:01:00 me qmail: 1036695660.728728 info msg 30243725: bytes 2174 from <> qp 898 uid 508
Nov  8 03:01:00 me qmail: 1036695660.733516 starting delivery 15: msg 30243725 to local me.com-root@me.com
Nov  8 03:01:00 me qmail: 1036695660.733962 status: local 1/10 remote 0/20
Nov  8 03:01:00 me qmail: 1036695660.760165 delivery 15: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 03:01:00 me qmail: 1036695660.760331 status: local 0/10 remote 0/20
Nov  8 03:01:00 me qmail: 1036695660.768700 bounce msg 30243725 qp 901
Nov  8 03:01:00 me qmail: 1036695660.768870 end msg 30243725
Nov  8 03:01:00 me qmail: 1036695660.770933 new msg 30243724
Nov  8 03:01:00 me qmail: 1036695660.771107 info msg 30243724: bytes 2644 from <#@[]> qp 901 uid 508
Nov  8 03:01:00 me qmail: 1036695660.775879 starting delivery 16: msg 30243724 to local me.com-postmaster@me.com
Nov  8 03:01:00 me qmail: 1036695660.776036 status: local 1/10 remote 0/20
Nov  8 03:01:00 me qmail: 1036695660.794880 delivery 16: success: did_0+0+1/
Nov  8 03:01:00 me qmail: 1036695660.796278 status: local 0/10 remote 0/20
Nov  8 03:01:00 me qmail: 1036695660.796625 end msg 30243724
Nov  8 03:06:23 me splogger: 1036695983.980238 tcpserver: status: 1/100
Nov  8 03:06:23 me splogger: 1036695983.980930 tcpserver: pid 904 from 211.95.148.168
Nov  8 03:06:23 me splogger: 1036695983.981797 tcpserver: ok 904 me.com:218.2.158.159:25 :211.95.148.168::1599
Nov  8 03:06:29 me qmail: 1036695989.062586 new msg 30243724
Nov  8 03:06:29 me qmail: 1036695989.062870 info msg 30243724: bytes 743 from <suan_1234@163.com> qp 905 uid 503
Nov  8 03:06:29 me qmail: 1036695989.066713 starting delivery 17: msg 30243724 to local me.com-info@me.com
Nov  8 03:06:29 me qmail: 1036695989.066872 status: local 1/10 remote 0/20
Nov  8 03:06:29 me qmail: 1036695989.119665 delivery 17: success: did_0+0+1/
Nov  8 03:06:29 me qmail: 1036695989.119832 status: local 0/10 remote 0/20
Nov  8 03:06:29 me qmail: 1036695989.119876 end msg 30243724
Nov  8 03:06:30 me splogger: 1036695990.294550 tcpserver: end 904 status 0
Nov  8 03:06:30 me splogger: 1036695990.294704 tcpserver: status: 0/100
Nov  8 04:01:04 me qmail: 1036699264.820117 new msg 30243724
Nov  8 04:01:04 me qmail: 1036699264.820298 info msg 30243724: bytes 2013 from <root@me.com> qp 935 uid 0
Nov  8 04:01:04 me qmail: 1036699264.825566 starting delivery 18: msg 30243724 to local me.com-root@me.com
Nov  8 04:01:04 me qmail: 1036699264.825729 status: local 1/10 remote 0/20
Nov  8 04:01:04 me qmail: 1036699264.868712 delivery 18: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 04:01:04 me qmail: 1036699264.868878 status: local 0/10 remote 0/20
Nov  8 04:01:04 me qmail: 1036699264.877247 bounce msg 30243724 qp 942
Nov  8 04:01:04 me qmail: 1036699264.877418 end msg 30243724
Nov  8 04:01:04 me qmail: 1036699264.879348 new msg 30243725
Nov  8 04:01:04 me qmail: 1036699264.879521 info msg 30243725: bytes 2568 from <> qp 942 uid 508
Nov  8 04:01:04 me qmail: 1036699264.884246 starting delivery 19: msg 30243725 to local me.com-root@me.com
Nov  8 04:01:04 me qmail: 1036699264.884392 status: local 1/10 remote 0/20
Nov  8 04:01:04 me qmail: 1036699264.902231 delivery 19: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 04:01:04 me qmail: 1036699264.904002 status: local 0/10 remote 0/20
Nov  8 04:01:04 me qmail: 1036699264.911598 bounce msg 30243725 qp 945
Nov  8 04:01:04 me qmail: 1036699264.912557 end msg 30243725
Nov  8 04:01:04 me qmail: 1036699264.914622 new msg 30243724
Nov  8 04:01:04 me qmail: 1036699264.915421 info msg 30243724: bytes 3038 from <#@[]> qp 945 uid 508
Nov  8 04:01:04 me qmail: 1036699264.920059 starting delivery 20: msg 30243724 to local me.com-postmaster@me.com
Nov  8 04:01:04 me qmail: 1036699264.920533 status: local 1/10 remote 0/20
Nov  8 04:01:04 me qmail: 1036699264.939228 delivery 20: success: did_0+0+1/
Nov  8 04:01:04 me qmail: 1036699264.940553 status: local 0/10 remote 0/20
Nov  8 04:01:04 me qmail: 1036699264.941206 end msg 30243724
Nov  8 04:05:08 me qmail: 1036699508.453231 new msg 30243724
Nov  8 04:05:08 me qmail: 1036699508.453413 info msg 30243724: bytes 544 from <anonymous@me.com> qp 9718 uid 0
Nov  8 04:05:08 me qmail: 1036699508.470108 starting delivery 21: msg 30243724 to local me.com-root@me.com
Nov  8 04:05:08 me qmail: 1036699508.470267 status: local 1/10 remote 0/20
Nov  8 04:05:08 me qmail: 1036699508.631306 delivery 21: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 04:05:08 me qmail: 1036699508.675030 status: local 0/10 remote 0/20
Nov  8 04:05:08 me qmail: 1036699508.683304 bounce msg 30243724 qp 9721
Nov  8 04:05:08 me qmail: 1036699508.683472 end msg 30243724
Nov  8 04:05:08 me qmail: 1036699508.708826 new msg 30243725
Nov  8 04:05:08 me qmail: 1036699508.709571 info msg 30243725: bytes 1110 from <> qp 9721 uid 508
Nov  8 04:05:08 me qmail: 1036699508.714953 starting delivery 22: msg 30243725 to local me.com-anonymous@me.com
Nov  8 04:05:08 me qmail: 1036699508.715427 status: local 1/10 remote 0/20
Nov  8 04:05:08 me qmail: 1036699508.734080 delivery 22: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 04:05:08 me qmail: 1036699508.734245 status: local 0/10 remote 0/20
Nov  8 04:05:08 me qmail: 1036699508.742569 bounce msg 30243725 qp 9724
Nov  8 04:05:08 me qmail: 1036699508.742738 end msg 30243725
Nov  8 04:05:08 me qmail: 1036699508.744808 new msg 30243724
Nov  8 04:05:08 me qmail: 1036699508.744981 info msg 30243724: bytes 1586 from <#@[]> qp 9724 uid 508
Nov  8 04:05:08 me qmail: 1036699508.749721 starting delivery 23: msg 30243724 to local me.com-postmaster@me.com
Nov  8 04:05:08 me qmail: 1036699508.749877 status: local 1/10 remote 0/20
Nov  8 04:05:08 me qmail: 1036699508.812758 delivery 23: success: did_0+0+1/
Nov  8 04:05:08 me qmail: 1036699508.812919 status: local 0/10 remote 0/20
Nov  8 04:05:08 me qmail: 1036699508.812962 end msg 30243724
Nov  8 05:01:04 me qmail: 1036702864.840007 new msg 30243724
Nov  8 05:01:04 me qmail: 1036702864.840188 info msg 30243724: bytes 2389 from <root@me.com> qp 9755 uid 0
Nov  8 05:01:04 me qmail: 1036702864.847975 starting delivery 24: msg 30243724 to local me.com-root@me.com
Nov  8 05:01:04 me qmail: 1036702864.848139 status: local 1/10 remote 0/20
Nov  8 05:01:04 me qmail: 1036702864.878955 delivery 24: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 05:01:04 me qmail: 1036702864.879119 status: local 0/10 remote 0/20
Nov  8 05:01:04 me qmail: 1036702864.917116 bounce msg 30243724 qp 9761
Nov  8 05:01:04 me qmail: 1036702864.917282 end msg 30243724
Nov  8 05:01:04 me qmail: 1036702864.920132 new msg 30243725
Nov  8 05:01:04 me qmail: 1036702864.920390 info msg 30243725: bytes 2945 from <> qp 9761 uid 508
Nov  8 05:01:04 me qmail: 1036702864.926738 starting delivery 25: msg 30243725 to local me.com-root@me.com
Nov  8 05:01:04 me qmail: 1036702864.927213 status: local 1/10 remote 0/20
Nov  8 05:01:04 me qmail: 1036702864.945744 delivery 25: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 05:01:04 me qmail: 1036702864.945907 status: local 0/10 remote 0/20
Nov  8 05:01:04 me qmail: 1036702864.954375 bounce msg 30243725 qp 9764
Nov  8 05:01:04 me qmail: 1036702864.954540 end msg 30243725
Nov  8 05:01:04 me qmail: 1036702864.956606 new msg 30243724
Nov  8 05:01:04 me qmail: 1036702864.956781 info msg 30243724: bytes 3416 from <#@[]> qp 9764 uid 508
Nov  8 05:01:04 me qmail: 1036702864.961513 starting delivery 26: msg 30243724 to local me.com-postmaster@me.com
Nov  8 05:01:04 me qmail: 1036702864.961968 status: local 1/10 remote 0/20
Nov  8 05:01:04 me qmail: 1036702864.980482 delivery 26: success: did_0+0+1/
Nov  8 05:01:04 me qmail: 1036702864.981847 status: local 0/10 remote 0/20
Nov  8 05:01:04 me qmail: 1036702864.982621 end msg 30243724
Nov  8 06:01:04 me qmail: 1036706464.974894 new msg 30243724
Nov  8 06:01:04 me qmail: 1036706464.975076 info msg 30243724: bytes 1372 from <root@me.com> qp 9794 uid 0
Nov  8 06:01:04 me qmail: 1036706464.980324 starting delivery 27: msg 30243724 to local me.com-root@me.com
Nov  8 06:01:04 me qmail: 1036706464.980483 status: local 1/10 remote 0/20
Nov  8 06:01:05 me qmail: 1036706465.023486 delivery 27: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 06:01:05 me qmail: 1036706465.023649 status: local 0/10 remote 0/20
Nov  8 06:01:05 me qmail: 1036706465.032220 bounce msg 30243724 qp 9801
Nov  8 06:01:05 me qmail: 1036706465.032386 end msg 30243724
Nov  8 06:01:05 me qmail: 1036706465.035219 new msg 30243725
Nov  8 06:01:05 me qmail: 1036706465.035476 info msg 30243725: bytes 1928 from <> qp 9801 uid 508
Nov  8 06:01:05 me qmail: 1036706465.039996 starting delivery 28: msg 30243725 to local me.com-root@me.com
Nov  8 06:01:05 me qmail: 1036706465.040148 status: local 1/10 remote 0/20
Nov  8 06:01:05 me qmail: 1036706465.057457 delivery 28: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 06:01:05 me qmail: 1036706465.059227 status: local 0/10 remote 0/20
Nov  8 06:01:05 me qmail: 1036706465.066878 bounce msg 30243725 qp 9804
Nov  8 06:01:05 me qmail: 1036706465.067832 end msg 30243725
Nov  8 06:01:05 me qmail: 1036706465.069942 new msg 30243724
Nov  8 06:01:05 me qmail: 1036706465.070775 info msg 30243724: bytes 2399 from <#@[]> qp 9804 uid 508
Nov  8 06:01:05 me qmail: 1036706465.075433 starting delivery 29: msg 30243724 to local me.com-postmaster@me.com
Nov  8 06:01:05 me qmail: 1036706465.075902 status: local 1/10 remote 0/20
Nov  8 06:01:05 me qmail: 1036706465.094365 delivery 29: success: did_0+0+1/
Nov  8 06:01:05 me qmail: 1036706465.095698 status: local 0/10 remote 0/20
Nov  8 06:01:05 me qmail: 1036706465.096472 end msg 30243724
Nov  8 07:01:05 me qmail: 1036710065.092395 new msg 30243724
Nov  8 07:01:05 me qmail: 1036710065.092577 info msg 30243724: bytes 1372 from <root@me.com> qp 9834 uid 0
Nov  8 07:01:05 me qmail: 1036710065.097832 starting delivery 30: msg 30243724 to local me.com-root@me.com
Nov  8 07:01:05 me qmail: 1036710065.097991 status: local 1/10 remote 0/20
Nov  8 07:01:05 me qmail: 1036710065.131155 delivery 30: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 07:01:05 me qmail: 1036710065.131317 status: local 0/10 remote 0/20
Nov  8 07:01:05 me qmail: 1036710065.140284 bounce msg 30243724 qp 9841
Nov  8 07:01:05 me qmail: 1036710065.140453 end msg 30243724
Nov  8 07:01:05 me qmail: 1036710065.142830 new msg 30243725
Nov  8 07:01:05 me qmail: 1036710065.143641 info msg 30243725: bytes 1928 from <> qp 9841 uid 508
Nov  8 07:01:05 me qmail: 1036710065.148839 starting delivery 31: msg 30243725 to local me.com-root@me.com
Nov  8 07:01:05 me qmail: 1036710065.149315 status: local 1/10 remote 0/20
Nov  8 07:01:05 me qmail: 1036710065.174839 delivery 31: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 07:01:05 me qmail: 1036710065.175000 status: local 0/10 remote 0/20
Nov  8 07:01:05 me qmail: 1036710065.183358 bounce msg 30243725 qp 9844
Nov  8 07:01:05 me qmail: 1036710065.183522 end msg 30243725
Nov  8 07:01:05 me qmail: 1036710065.185674 new msg 30243724
Nov  8 07:01:05 me qmail: 1036710065.185851 info msg 30243724: bytes 2399 from <#@[]> qp 9844 uid 508
Nov  8 07:01:05 me qmail: 1036710065.190596 starting delivery 32: msg 30243724 to local me.com-postmaster@me.com
Nov  8 07:01:05 me qmail: 1036710065.190799 status: local 1/10 remote 0/20
Nov  8 07:01:05 me qmail: 1036710065.209306 delivery 32: success: did_0+0+1/
Nov  8 07:01:05 me qmail: 1036710065.210635 status: local 0/10 remote 0/20
Nov  8 07:01:05 me qmail: 1036710065.211658 end msg 30243724
Nov  8 08:01:01 me qmail: 1036713661.265338 new msg 30243724
Nov  8 08:01:01 me qmail: 1036713661.265520 info msg 30243724: bytes 1609 from <root@me.com> qp 9876 uid 0
Nov  8 08:01:01 me qmail: 1036713661.271043 starting delivery 33: msg 30243724 to local me.com-root@me.com
Nov  8 08:01:01 me qmail: 1036713661.271202 status: local 1/10 remote 0/20
Nov  8 08:01:01 me qmail: 1036713661.365628 delivery 33: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 08:01:01 me qmail: 1036713661.365792 status: local 0/10 remote 0/20
Nov  8 08:01:01 me qmail: 1036713661.374467 bounce msg 30243724 qp 9883
Nov  8 08:01:01 me qmail: 1036713661.374636 end msg 30243724
Nov  8 08:01:01 me qmail: 1036713661.377459 new msg 30243725
Nov  8 08:01:01 me qmail: 1036713661.377714 info msg 30243725: bytes 2165 from <> qp 9883 uid 508
Nov  8 08:01:01 me qmail: 1036713661.382338 starting delivery 34: msg 30243725 to local me.com-root@me.com
Nov  8 08:01:01 me qmail: 1036713661.382777 status: local 1/10 remote 0/20
Nov  8 08:01:01 me qmail: 1036713661.400050 delivery 34: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 08:01:01 me qmail: 1036713661.401840 status: local 0/10 remote 0/20
Nov  8 08:01:01 me qmail: 1036713661.409680 bounce msg 30243725 qp 9886
Nov  8 08:01:01 me qmail: 1036713661.410637 end msg 30243725
Nov  8 08:01:01 me qmail: 1036713661.412813 new msg 30243724
Nov  8 08:01:01 me qmail: 1036713661.413607 info msg 30243724: bytes 2636 from <#@[]> qp 9886 uid 508
Nov  8 08:01:01 me qmail: 1036713661.420767 starting delivery 35: msg 30243724 to local me.com-postmaster@me.com
Nov  8 08:01:01 me qmail: 1036713661.421247 status: local 1/10 remote 0/20
Nov  8 08:01:01 me qmail: 1036713661.439906 delivery 35: success: did_0+0+1/
Nov  8 08:01:01 me qmail: 1036713661.441262 status: local 0/10 remote 0/20
Nov  8 08:01:01 me qmail: 1036713661.442041 end msg 30243724
Nov  8 09:01:04 me qmail: 1036717264.631135 new msg 30243724
Nov  8 09:01:04 me qmail: 1036717264.631317 info msg 30243724: bytes 1917 from <root@me.com> qp 9919 uid 0
Nov  8 09:01:04 me qmail: 1036717264.635602 starting delivery 36: msg 30243724 to local me.com-root@me.com
Nov  8 09:01:04 me qmail: 1036717264.635760 status: local 1/10 remote 0/20
Nov  8 09:01:04 me qmail: 1036717264.679057 delivery 36: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 09:01:04 me qmail: 1036717264.679218 status: local 0/10 remote 0/20
Nov  8 09:01:04 me qmail: 1036717264.687796 bounce msg 30243724 qp 9925
Nov  8 09:01:04 me qmail: 1036717264.687960 end msg 30243724
Nov  8 09:01:04 me qmail: 1036717264.690842 new msg 30243725
Nov  8 09:01:04 me qmail: 1036717264.691098 info msg 30243725: bytes 2473 from <> qp 9925 uid 508
Nov  8 09:01:04 me qmail: 1036717264.695595 starting delivery 37: msg 30243725 to local me.com-root@me.com
Nov  8 09:01:04 me qmail: 1036717264.695747 status: local 1/10 remote 0/20
Nov  8 09:01:04 me qmail: 1036717264.713117 delivery 37: failure: Sorry,_no_mailbox_here_by_that_name._vpopmail_(#5.1.1)/
Nov  8 09:01:04 me qmail: 1036717264.714885 status: local 0/10 remote 0/20
Nov  8 09:01:04 me qmail: 1036717264.722527 bounce msg 30243725 qp 9928
Nov  8 09:01:04 me qmail: 1036717264.723485 end msg 30243725
Nov  8 09:01:04 me qmail: 1036717264.725599 new msg 30243724
Nov  8 09:01:04 me qmail: 1036717264.726388 info msg 30243724: bytes 2944 from <#@[]> qp 9928 uid 508
Nov  8 09:01:04 me qmail: 1036717264.731114 starting delivery 38: msg 30243724 to local me.com-postmaster@me.com
Nov  8 09:01:04 me qmail: 1036717264.731949 status: local 1/10 remote 0/20
Nov  8 09:01:04 me qmail: 1036717264.750566 delivery 38: success: did_0+0+1/
Nov  8 09:01:04 me qmail: 1036717264.752634 status: local 0/10 remote 0/20
Nov  8 09:01:04 me qmail: 1036717264.752720 end msg 30243724
回复 支持 反对

使用道具 举报

turbo123
 楼主| 发表于 2002-11-8 10:46:34 | 显示全部楼层
messages文件!

Nov  8 02:00:00 me CROND[811]: (root) CMD (/sbin/evlogmgr -c 'age > "30d"')
Nov  8 02:01:00 me CROND[823]: (root) CMD (run-parts /etc/cron.hourly)
Nov  8 02:41:29 me proftpd[862]: me.com (a213-22-142-21.netcabo.pt[213.22.142.21]) - FTP session opened.
Nov  8 02:41:29 me proftpd[862]: me.com (a213-22-142-21.netcabo.pt[213.22.142.21]) - FTP session closed.
Nov  8 02:43:43 me proftpd[863]: me.com (a213-22-142-21.netcabo.pt[213.22.142.21]) - FTP session opened.
Nov  8 02:43:54 me proftpd[863]: me.com (a213-22-142-21.netcabo.pt[213.22.142.21]) - FTP session closed.
Nov  8 03:01:00 me CROND[865]: (root) CMD (run-parts /etc/cron.hourly)
Nov  8 04:01:00 me CROND[909]: (root) CMD (run-parts /etc/cron.hourly)
Nov  8 04:01:59 me CROND[949]: (root) CMD (run-parts /etc/cron.daily)
Nov  8 05:01:00 me CROND[9728]: (root) CMD (run-parts /etc/cron.hourly)
Nov  8 06:01:00 me CROND[9768]: (root) CMD (run-parts /etc/cron.hourly)
Nov  8 07:01:00 me CROND[9808]: (root) CMD (run-parts /etc/cron.hourly)
Nov  8 07:54:55 me proftpd[9847]: me.com (r-na057-8-389.tin.it[62.211.49.133]) - FTP session opened.
Nov  8 07:54:55 me proftpd[9847]: me.com (r-na057-8-389.tin.it[62.211.49.133]) - FTP session closed.
Nov  8 07:56:12 me proftpd[9848]: me.com (62.211.49.133[62.211.49.133]) - FTP session opened.
Nov  8 07:56:12 me proftpd[9848]: me.com (62.211.49.133[62.211.49.133]) - FTP session closed.
Nov  8 08:01:00 me CROND[9850]: (root) CMD (run-parts /etc/cron.hourly)
Nov  8 08:38:23 me proftpd[9889]: me.com (211.140.148.51[211.140.148.51]) - FTP session opened.
Nov  8 08:38:23 me proftpd[9889]: me.com (211.140.148.51[211.140.148.51]) - FTP session closed.
Nov  8 08:38:24 me proftpd[9890]: me.com (211.140.148.51[211.140.148.51]) - FTP session opened.
Nov  8 08:38:27 me proftpd[9890]: me.com (211.140.148.51[211.140.148.51]) - no such user 'anonymous'
Nov  8 08:38:28 me proftpd[9890]: me.com (211.140.148.51[211.140.148.51]) - FTP session closed.
Nov  8 09:01:00 me CROND[9892]: (root) CMD (run-parts /etc/cron.hourly)
Nov  8 10:01:00 me CROND[9942]: (root) CMD (run-parts /etc/cron.hourly)
回复 支持 反对

使用道具 举报

发表于 2002-12-3 21:38:58 | 显示全部楼层
请高手指教。。有没有这样的工具。
分析系统记录,我们应该怎么看???
回复 支持 反对

使用道具 举报

lanyao
发表于 2006-8-16 21:08:48 | 显示全部楼层
过滤日志
syslog_ng
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

快速回复 返回顶部 返回列表