pepper Posted May 13, 2017 Share Posted May 13, 2017 Where can I find the logs to inspect? I copied the flash drive prior to booting but do not see a current syslog. Quote Link to comment
Squid Posted May 13, 2017 Share Posted May 13, 2017 logs are in ram (/var/log/syslog) Easiest to run a diagnostics, but after a reboot the log is lost. If the crash is recurrent on a regular basis, then Fix Common Problems plugin in troubleshooting mode would be the best way to grab the logs Quote Link to comment
pepper Posted June 3, 2017 Author Share Posted June 3, 2017 (edited) My system crashed again and I was running the Fix Common Problems in troubleshooting mode. Nothing jumps out at me, could some else take a look? tower-diagnostics-20170601-2245.zip FCPsyslog_tail.txt Edited June 3, 2017 by pepper Quote Link to comment
burtjr Posted June 4, 2017 Share Posted June 4, 2017 I found the below in your log, not sure if this would cause your problem, the only other thing I saw in your diagnostic was some warnings in your libvirt.txt file. Although others with more knowledge of dockers and VM's will chime in, I would check your docker and VM set ups, starting with the one using IP address 218.87.108.154 and if they look good to you, shut down all dockers and VMS, check for stability then introduce one at a time until you find the one causing the instability. Jun 1 19:53:00 Tower sshd[14274]: error: maximum authentication attempts exceeded for root from 218.87.109.154 port 52885 ssh2 [preauth] Jun 1 19:53:00 Tower sshd[14274]: Disconnecting: Too many authentication failures [preauth] Jun 1 19:53:02 Tower sshd[14416]: refused connect from 218.87.109.154 (218.87.109.154) Jun 1 19:53:19 Tower sshd[14503]: refused connect from 59.45.175.34 (59.45.175.34) Jun 1 19:53:29 Tower sshd[14545]: refused connect from 116.31.116.39 (116.31.116.39) Jun 1 19:54:03 Tower sshd[14776]: refused connect from 59.45.175.34 (59.45.175.34) Jun 1 19:54:27 Tower sshd[14888]: refused connect from 116.31.116.39 (116.31.116.39) Quote Link to comment
trurl Posted June 4, 2017 Share Posted June 4, 2017 6 minutes ago, burtjr said: I found the below in your log, not sure if this would cause your problem, the only other thing I saw in your diagnostic was some warnings in your libvirt.txt file. Although others with more knowledge of dockers and VM's will chime in, I would check your docker and VM set ups, starting with the one using IP address 218.87.108.154 and if they look good to you, shut down all dockers and VMS, check for stability then introduce one at a time until you find the one causing the instability. Jun 1 19:53:00 Tower sshd[14274]: error: maximum authentication attempts exceeded for root from 218.87.109.154 port 52885 ssh2 [preauth] Jun 1 19:53:00 Tower sshd[14274]: Disconnecting: Too many authentication failures [preauth] Jun 1 19:53:02 Tower sshd[14416]: refused connect from 218.87.109.154 (218.87.109.154) Jun 1 19:53:19 Tower sshd[14503]: refused connect from 59.45.175.34 (59.45.175.34) Jun 1 19:53:29 Tower sshd[14545]: refused connect from 116.31.116.39 (116.31.116.39) Jun 1 19:54:03 Tower sshd[14776]: refused connect from 59.45.175.34 (59.45.175.34) Jun 1 19:54:27 Tower sshd[14888]: refused connect from 116.31.116.39 (116.31.116.39) These are probably hack attempts. pepper, is your server on the internet? Quote Link to comment
Frank1940 Posted June 4, 2017 Share Posted June 4, 2017 Is this server exposed to the Internet? I would suggest that you google 'where is 218.87.109.154' as it is somewhere in China. The unRAID server should never be exposed directly to the internet as it is not hardened to resist hacking attacks which will occur within minutes of direct exposure! Quote Link to comment
pepper Posted June 5, 2017 Author Share Posted June 5, 2017 there is one ssh port open and there are numerous attempts but I haven't seen any successful connections that aren't me. The deny script works pretty good and I have one ip address in the allow list. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.