Logs for the Fire - PowerPoint PPT Presentation
1 / 7
Title:
Logs for the Fire
Description:
... 177.115 80 GET /iisstart.asp - 200 Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) ... GET /iisstart.asp - 200 Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) ... – PowerPoint PPT presentation
Number of Views:61
Avg rating:3.0/5.0
Title: Logs for the Fire
1
Logs for the Fire
2
wtmp
- Sh pts/11 dial-b-02-59.res Thu Dec
4 2359 still logged in - Lu pts/11 cary-e-181.resne Thu Dec
4 2358 - 2358 (0000) - Ka pts/91 dial-a-02-86.res Thu Dec
4 2357 - 2358 (0000) - Wo pts/98 evrtwa1-ar9-4-65 Thu Dec
4 2357 - 2358 (0000) - Uc pts/95 ee273pc2.ecn.pur Thu Dec
4 2356 still logged in - Lh pts/91 12-222-103-35.cl Thu Dec
4 2356 - 2356 (0000) - Ja pts/11 dsl-158-040.resn Thu Dec
4 2356 - 2357 (0001) - Qf pts/91 pvil-b-193.resne Thu Dec
4 2355 - 2355 (0000) - Ba pts/95 12-222-109-241.c Thu Dec
4 2353 - 2354 (0000) - Ma pts/84 mthw116pc33.ics. Thu Dec
4 2353 - 2357 (0003) - Wu pts/98 pvil-d-071.resne Thu Dec
4 2353 - 2354 (0001) - Mi pts/95 pvil-b-196.resne Thu Dec
4 2353 - 2353 (0000) - Lu pts/95 cary-e-181.resne Thu Dec
4 2352 - 2352 (0000) - Sp pts/94 nat33.riverwalk- Thu Dec
4 2352 still logged in - Uc pts/91 ee273pc2.ecn.pur Thu Dec
4 2352 - 2354 (0002) - Sk pts/84 mentor.ics.purdu Thu Dec
4 2352 - 2353 (0001) - Jg pts/94 nat33.riverwalk- Thu Dec
4 2350 - 2350 (0000) - Pr pts/84 andrew-nat4.wint Thu Dec
4 2350 - 2350 (0000) - Ha pts/91 pool-141-154-183 Thu Dec
4 2350 - 2351 (0001)
3
syslog
- Feb 16 120046 herald.cc.purdue.edu
sm-mta20679 i1GH0kqS020679 ldap mr_at_purdue.edu
gt herald.cc.purdue.edu - Feb 16 120046 herald.cc.purdue.edu
tmail20717 message delivery failed to
/export/home/224/ha/INBOX - Feb 16 120046 herald.cc.purdue.edu
tmail20717 error in delivery - Feb 16 120046 herald.cc.purdue.edu
imapd20665 Authenticated userjb
hostwm-cpu6.itcs.purdue.edu 128.210.11.238 - Feb 16 120046 herald.cc.purdue.edu
imapd20555 Logout usersi hostwm-cpu2.itcs.pur
due.edu 128.210.11.234 - Feb 16 120046 herald.cc.purdue.edu
imapd20698 Authenticated userga
hostpal211-048.itap.purdue.edu 128.210.211.48 - Feb 16 120046 herald.cc.purdue.edu
sm-mta20729 i1GH0kqS020729 ldap si_at_purdue.edu
gt si_at_purdue.edu - Feb 16 120046 herald.cc.purdue.edu
sm-mta20729 i1GH0kqS020729 ldap si_at_purdue.edu
gt herald.cc.purdue.edu - Feb 16 120046 herald.cc.purdue.edu
sm-mta20679 i1GH0kqS020679 --- 250 2.1.5
ltmr_at_purdue.edugt... Recipient ok - Feb 16 120046 herald.cc.purdue.edu
sm-mta20679 i1GH0kqS020679 lt-- DATA - Feb 16 120046 herald.cc.purdue.edu
sm-mta20679 i1GH0kqS020679 --- 354 Enter
mail, end with "." on a line by itself - Feb 16 120046 herald.cc.purdue.edu
imapd20362 Logout usermd hostwm-cpu2.itcs.pur
due.edu 128.210.11.234 - Feb 16 120046 herald.cc.purdue.edu
sm-mta20703 i1GH0jqS020703 --- 250 2.0.0
i1GH0jqS020703 Message accepted for delivery - Feb 16 120046 herald.cc.purdue.edu
sm-mta21491 i1F3wNsd021491 makeconnection
(mail.marketmailer.net. 82.114.40.5) failed
Connection refused by mail.marketmailer.net. - Feb 16 120046 herald.cc.purdue.edu
sm-mta21491 i1F3wNsd021491 toltnewsletter_at_mark
etmailer.netgt, delay000000, xdelay000000,
maileresmtp, pri30000, relaymail.marketmailer.n
et. 82.114.40.5, dsn4.0.0, statDeferred
Connection refused by mail.marketmailer.net. - Feb 16 120046 herald.cc.purdue.edu
sm-mta9088 i1F3fRqS021389 toltha_at_purdue.edugt,
delay1131919, xdelay000001, mailerlocal,
pri1831390, dsn4.0.0, statDeferred local
mailer (/opt/imap/sbin/tmail) exited with
EX_TEMPFAIL - Feb 16 120046 herald.cc.purdue.edu
imapd20667 Logout usermp
4
messages
- Feb 16 120046 herald.cc.purdue.edu inetd3459
pop-320747 from 12.222.154.27 1457 - Feb 16 120046 herald.cc.purdue.edu inetd3459
imap-test20756 from 128.210.11.235 52860 - Feb 16 120046 herald.cc.purdue.edu inetd3459
imaps20758 from 12.162.44.254 2412 - Feb 16 120046 herald.cc.purdue.edu inetd3459
imap20759 from 128.210.101.111 4741 - Feb 16 120046 herald.cc.purdue.edu inetd3459
pop-320760 from 128.211.233.115 4115 - Feb 16 120046 herald.cc.purdue.edu inetd3459
imap-test20761 from 128.210.11.237 49715 - Feb 16 120046 herald.cc.purdue.edu inetd3459
pop-320762 from 128.210.208.198 1173 - Feb 16 120046 herald.cc.purdue.edu inetd3459
imap-test20763 from 128.210.11.237 49724 - Feb 16 120046 herald.cc.purdue.edu inetd3459
pop-320767 from 216.126.178.188 1754 - Feb 16 120046 herald.cc.purdue.edu inetd3459
imap-test20769 from 128.210.11.238 37891 - Feb 16 120046 herald.cc.purdue.edu inetd3459
pop-320779 from 128.210.143.72 3886 - Feb 16 120047 herald.cc.purdue.edu inetd3459
imap-test20796 from 128.210.11.235 52861 - Feb 16 120047 herald.cc.purdue.edu inetd3459
imaps20798 from 128.210.210.110 1935 - Feb 16 120047 herald.cc.purdue.edu inetd3459
pop3s20815 from 12.222.129.198 52265 - Feb 16 120047 herald.cc.purdue.edu inetd3459
imap20816 from 128.211.220.169 2767 - Feb 16 120047 herald.cc.purdue.edu inetd3459
pop-320817 from 65.23.89.21 33669 - Feb 16 120047 herald.cc.purdue.edu inetd3459
imap-test20827 from 128.210.11.239 49264 - Feb 16 120047 herald.cc.purdue.edu inetd3459
imaps20830 from 4.42.98.150 2563 - Feb 16 120047 herald.cc.purdue.edu inetd3459
pop3s20833 from 4.64.156.127 60831
5
Exchange sendmail
- 128.210.5.249 - usstp10.itcs.purdue.edu
01/Apr/2004000105 -0500 "EHLO
-?usstp10.itcs.purdue.edu SMTP" 250 319 - 128.210.5.249 - usstp10.itcs.purdue.edu
01/Apr/2004000105 -0500 "MAIL
-?Fromltroot_at_slksys.west-lafayette.in.usgt SMTP"
250 57 - 128.210.5.249 - usstp10.itcs.purdue.edu
01/Apr/2004000105 -0500 "RCPT
-?Toltask_at_sevenofnine.itsp.purdue.edugt SMTP" 250
44 - 128.210.5.249 - usstp10.itcs.purdue.edu
01/Apr/2004000106 -0500 "DATA
-?lt20040401000055.26f47598.in_at_testpc.slksys.west-
lafayette.in.usgt SMTP" 250 147 - 128.210.5.249 - usstp10.itcs.purdue.edu
01/Apr/2004000106 -0500 "QUIT
-?usstp10.itcs.purdue.edu SMTP" 240 65 - 206.51.26.232 - OutboundConnectionResponse
01/Apr/2004000108 -0500 "-
-?220BlackBerry.NETESMTPSendmail8.12.10/8.12.1
0Thu,1Apr2004000108-0500(EST) SMTP" 0
87 - 206.51.26.232 - OutboundConnectionCommand
01/Apr/2004000108 -0500 "EHLO
-?sevenofnine.borg SMTP" 0 4 - 206.51.26.232 - OutboundConnectionResponse
01/Apr/2004000108 -0500 "-
-?250-BlackBerry.NETHellosevenofnine.itsp.purdue
.edu128.210.177.115,pleasedtomeetyou SMTP"
0 91 - 206.51.26.232 - OutboundConnectionCommand
01/Apr/2004000108 -0500 "MAIL
-?FROMltksander_at_purdue.edugtSIZE2234 SMTP" 0 4 - 206.51.26.232 - OutboundConnectionResponse
01/Apr/2004000108 -0500 "-
-?2502.1.0ltksander_at_purdue.edugt...Senderok
SMTP" 0 43 - 206.51.26.232 - OutboundConnectionCommand
01/Apr/2004000108 -0500 "RCPT
-?TOltnetwork_at_blackberry.netgt SMTP" 0 4 - 206.51.26.232 - OutboundConnectionResponse
01/Apr/2004000109 -0500 "-
-?2502.1.5ltnetwork_at_blackberry.netgt...Recipient
ok SMTP" 0 50 - 206.51.26.232 - OutboundConnectionCommand
01/Apr/2004000109 -0500 "DATA - SMTP" 0 4 - 206.51.26.232 - OutboundConnectionResponse
01/Apr/2004000109 -0500 "-
-?354Entermail,endwith"."onalinebyitself
SMTP" 0 48 - 206.51.26.232 - OutboundConnectionResponse
01/Apr/2004000109 -0500 "-
-?2502.0.0i3151878008246Messageacceptedforde
livery SMTP" 0 54 - 206.51.26.232 - OutboundConnectionCommand
01/Apr/2004000109 -0500 "QUIT - SMTP" 0 4
6
Application Specific Exchange Web Server
- Software Microsoft Internet Information
Services 5.0 - Version 1.0
- Date 2004-04-01 004443
- Fields date time c-ip cs-username s-ip s-port
cs-method cs-uri-stem cs-uri-query sc-status
cs(User-Agent) - 2004-04-01 004443 66.244.82.241 -
128.210.177.115 80 GET /iisstart.asp - 200
Mozilla/4.0(compatibleMSIE5.5Windows98) - 2004-04-01 004443 66.244.82.241 -
128.210.177.115 80 SEARCH / - 411 - - 2004-04-01 011521 220.105.34.207 -
128.210.177.115 80 GET /iisstart.asp - 200
Mozilla/4.0(compatibleMSIE5.5Windows98) - 2004-04-01 011521 220.105.34.207 -
128.210.177.115 80 SEARCH / - 411 - - 2004-04-01 011711 220.159.98.168 -
128.210.177.115 80 GET /iisstart.asp - 200
Mozilla/4.0(compatibleMSIE5.5Windows98) - 2004-04-01 011713 220.159.98.168 -
128.210.177.115 80 SEARCH / - 411 - - 2004-04-01 022018 220.107.99.253 -
128.210.177.115 80 GET /iisstart.asp - 200
Mozilla/4.0(compatibleMSIE5.5Windows98) - 2004-04-01 022018 220.107.99.253 -
128.210.177.115 80 SEARCH / - 411 - - 2004-04-01 023220 67.136.46.116 -
128.210.177.115 80 GET /iisstart.asp - 200
Mozilla/4.0(compatibleMSIE5.5Windows98) - 2004-04-01 023220 67.136.46.116 -
128.210.177.115 80 SEARCH / - 411 - - 2004-04-01 024719 209.246.61.50 -
128.210.177.115 80 GET /iisstart.asp - 200 - - 2004-04-01 030713 24.56.54.20 - 128.210.177.115
80 GET /iisstart.asp - 200 Mozilla/4.0(compatible
MSIE5.5Windows98) - 2004-04-01 030713 24.56.54.20 - 128.210.177.115
80 SEARCH / - 411 -
7
Application Specific - WebMail
- Mar 31 040206 wm-ss1 syslogd 1.4.1 restart
(remote reception). - Mar 31 040206 wm-cpu3 HORDE3220 imp Logout
for bt_at_purdue.edu 128.211.202.173 from
bt.mail.purdue.edu993 on line 34 of
"/var/www/html/webmail/imp/login.php" - Mar 31 040234 wm-gw1 Keepalived Removing
service 128.210.11.23380 from VS
128.210.11.24180 - Mar 31 040238 wm-gw1 Keepalived Adding service
128.210.11.23380 to VS 128.210.11.24180 - Mar 31 040238 wm-cpu5 HORDE7755 imp Logout
for ng_at_purdue.edu 12.223.217.173 from
ng.mail.purdue.edu993 on line 34 of
"/var/www/html/webmail/imp/login.php" - Mar 31 040247 wm-gw1 Keepalived Removing
service 128.210.11.23780 from VS
128.210.11.24180 - Mar 31 040247 wm-gw1 Keepalived Removing
service 128.210.11.23480 from VS
128.210.11.24180 - Mar 31 040250 wm-gw1 Keepalived Adding service
128.210.11.23780 to VS 128.210.11.24180 - Mar 31 040250 wm-gw1 Keepalived Adding service
128.210.11.23480 to VS 128.210.11.24180 - Mar 31 040253 wm-cpu3 array_flip10248 IMAP
toolkit crash Lock when already locked - Mar 31 040257 wm-cpu6 HORDE28824 imp
FAILED LOGIN 130.226.44.21 to ng.mail.purdue.edu9
93imap/ssl as ng on line 294 of
"/var/www/html/webmail/imp/lib/IMP.php" - Mar 31 040258 wm-gw1 Keepalived Removing
service 128.210.11.23480 from VS
128.210.11.24180 - Mar 31 040258 wm-cpu1 HORDE31466 imp
FAILED LOGIN 128.12.195.55 to bo.mail.purdue.edu9
93imap/ssl as bowens on line 294 of
"/var/www/html/webmail/imp/lib/IMP.php" - Mar 31 040302 wm-gw1 Keepalived Adding service
128.210.11.23480 to VS 128.210.11.24180 - Mar 31 040308 wm-gw1 Keepalived Removing
service 128.210.11.23480 from VS
128.210.11.24180 - Mar 31 040308 wm-gw1 Keepalived Adding service
128.210.11.23480 to VS 128.210.11.24180 - Mar 31 040320 wm-cpu2 HORDE21963 imp
FAILED LOGIN 80.36.154.122 to ra.mail.purdue.edu9
93imap/ssl as ramoore on line 294 of
"/var/www/html/webmail/imp/lib/IMP.php"
Recommended
CrystalGraphics Presentations
![Read [PDF] Police Fire and EMS Scanner Logbook: A medium size 6” x 9” PowerPoint PPT Presentation](https://s3.amazonaws.com/images.powershow.com/10082644.th0.jpg?_=20240720064)
