HPE Community
Operating System - HP-UX
1833875 Members
1773 Online
110063 Solutions
New Discussion

Error Logs from inetd in syslog file

 
SOLVED
Go to solution
Jorge Mel
Occasional Advisor

‎08-02-2006 03:21 AM

‎08-02-2006 03:21 AM

Error Logs from inetd in syslog file

Aug 2 08:16:38 hpmtest inetd[29355]: ftp/tcp: Connection from unknown (172.23.200.77) at Wed Aug 2 08:16:38 2006
Aug 2 08:16:38 hpmtest inetd[29356]: telnet/tcp: Connection from unknown (172.23.200.77) at Wed Aug 2 08:16:38 2006
Aug 2 08:16:38 hpmtest telnetd[29356]: getpid: peer died: Error 0
Aug 2 08:17:36 hpmtest inetd[29377]: registrar/tcp: Connection from hpmtest (172.23.200.97) at Wed Aug 2 08:17:36 2006


I am not sure how to stop these errors. I am currently running inetd -l so I can record errors in syslog. One of the IP address is from the server itself (172.23.200.97).

thank you,


0 Kudos
13 REPLIES 13
Mel Burslan
Honored Contributor

‎08-02-2006 03:27 AM

‎08-02-2006 03:27 AM

Re: Error Logs from inetd in syslog file

if you do not want to see these inetd messages, all you need to do is to restart inetd without -l (logging) option as follows

/usr/sbin/inetd -k
/usr/sbin/inetd

________________________________
UNIX because I majored in cryptology...
0 Kudos
Jorge Mel
Occasional Advisor

‎08-02-2006 03:37 AM

‎08-02-2006 03:37 AM

Re: Error Logs from inetd in syslog file

Do I need to be concern of the errors. I have never seen these errors on my other Unix servers? Is it a configuration issue?
Errors without logging:
Aug 2 08:31:31 hpmtest telnetd[29787]: getpid: peer died: Error 0
Aug 2 08:33:14 hpmtest telnetd[29822]: getpid: peer died: Error 0
Aug 2 08:35:33 hpmtest telnetd[29880]: getpid: peer died: Error 0

0 Kudos
Mel Burslan
Honored Contributor

‎08-02-2006 03:48 AM

‎08-02-2006 03:48 AM

Re: Error Logs from inetd in syslog file

these errors can be attributed to people telneting in and not doing the login in a timely nammer and their session timing out or plain they decide they will not login this time and kill their telnet session. Nothing worth worrying about.

the unknown in the string means, no username has been specified but from the IP address you can figure out who or where they are coming from.

Again if these IP addresses are from your internal network or authorized location IP addresses, it is okay. Nothing to worry about. If not, start and investigation with your security people as they may escalate to something more than just probing.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Jorge Mel
Occasional Advisor

‎08-02-2006 04:04 AM

‎08-02-2006 04:04 AM

Re: Error Logs from inetd in syslog file

I stop and started the inetd and I am still recording messages in the syslog. One of the IP address is from the server itself:
hpmtest inetd[2075]: registrar/tcp: Connection from hpmtest (172.23.200.97) at Wed Aug 2 09:03:37 2006
0 Kudos
inventsekar_1
Respected Contributor

‎08-02-2006 04:06 AM

‎08-02-2006 04:06 AM

Re: Error Logs from inetd in syslog file

Take care with "Connection from unknown " msg's.

To disable inetd logging:
in /etc/rc.config.d/netdaemons

export INETD_ARGS="" ----> logging disabled.
export INETD_ARGS="-1" ---> logging enabled.

and Better keep the inetd logging enabled. that will give you information like this.
Be Tomorrow, Today.
0 Kudos
Patrick Wallek
Honored Contributor

‎08-02-2006 04:06 AM

‎08-02-2006 04:06 AM

Re: Error Logs from inetd in syslog file

The message:

Aug 2 08:17:36 hpmtest inetd[29377]: registrar/tcp: Connection from hpmtest (172.23.200.97) at Wed Aug 2 08:17:36 2006

is generated by the EMS software and is perfectly normal. You don't need to worry about it.
0 Kudos
Steven E. Protter
Exalted Contributor

‎08-02-2006 04:09 AM

‎08-02-2006 04:09 AM

Re: Error Logs from inetd in syslog file

Shalom,

I think you should leave those messages enabled.

If you have SOX or similar audit requirements you should keep this information and try to figure out why "from unknown" is showing up in your logs.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
inventsekar_1
Respected Contributor

‎08-02-2006 04:16 AM

‎08-02-2006 04:16 AM

Re: Error Logs from inetd in syslog file

/* I stop and started the inetd and I am still recording messages in the syslog. */
------------------------------------------

restarting the inetd is not the solution. in my previous reply u can find how to do that.

after editing the config file. u can simply run:
#inetd -c --> to re-read the config file.
this will avoid the inetd restarting.
Be Tomorrow, Today.
0 Kudos
Jorge Mel
Occasional Advisor

‎08-02-2006 04:20 AM

‎08-02-2006 04:20 AM

Re: Error Logs from inetd in syslog file

That is where I am puzzle, the 'unknown IP is the IP assigned to the host getting the errors.
I prefer not to disable inetd logging.
0 Kudos
Jorge Mel
Occasional Advisor

‎08-02-2006 04:30 AM

‎08-02-2006 04:30 AM

Re: Error Logs from inetd in syslog file

I wanted to add that these errors are recorded every couple of minutes in the syslog file.
0 Kudos
inventsekar_1
Respected Contributor

‎08-02-2006 04:35 AM

‎08-02-2006 04:35 AM

Re: Error Logs from inetd in syslog file

/* the 'unknown IP is the IP assigned to the host getting the errors. */

hpmtest ip is 172.23.200.97
unknown system's ip is 172.23.200.77 isnt?

Be Tomorrow, Today.
0 Kudos
Mel Burslan
Honored Contributor

‎08-02-2006 04:47 AM

‎08-02-2006 04:47 AM

Solution

Re: Error Logs from inetd in syslog file

I bet if you lookup the name for IP address 172.23.200.77, it will not return anything. That is why you see it is unknown. even if you assign this address to another interface on the same server, unless it can resolve its name by a reverse lookup, it will show as "unknown" in the syslog.

the protocol, ftp/telnet or what have you, shhows you what type of connection got originated from this ip address.

hope this helps a bit.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Jorge Mel
Occasional Advisor

‎08-02-2006 05:14 AM

‎08-02-2006 05:14 AM

Re: Error Logs from inetd in syslog file

I found the 'unknown' IP. It was coming from a monitoring server. I removed my host from the monitoring server and it cleaned up the syslog file.

Thank you all.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.