[Logwatch] Question regarding Service Listing in Logwatch Report

Gregory Woodbury ggw@wolves.homeip.net
Mon, 28 Apr 2003 02:13:38 -0400 (EDT)


"It was written once upon a time (by Kirk Bauer):"
> On 27 Apr 2003, Bruce P. Morin wrote:
> 
> > We have FTP service open on our server but not anonymous. The I.P.
> > Number is not from an authorized source. Is this just a connection
> > attempt or does this actually tell me that this I.P. Number established
> > a connection.
> > 
> > Service ftp:
> >       80.116.199.159: 1 Time(s)
> 
> I'm pretty sure it means a TCP connection was established.  Of course,
> it does *not* mean that the user was able to login or accomplish
> anything.

At detail level 5, there should also be a filure message from the logs.
I use the failure messages to confirm that the restrictions are working.

--Greg


 --------------------- Connections (secure-log) Begin ------------------------ 


Connections:
   Service ftp:
      212.100.183.69: 1 Time(s)

**Unmatched Entries**
xinetd[17160]: FAIL: ftp libwrap from=212.100.183.69

 ---------------------- Connections (secure-log) End -------------------------