Обсуждение: Errors in messages file
Dear, I'm receiving the following messages in the /var/log/message file : -> logger: verify_password: user 'Admin' not found in password file. We are running on RedHat7.0 Postgresql7.1.3 How can I trace the IP adres of the client trying to connect as Admin to our database ? Kind Regards Patrick Meylemans Manager ICS CRIF-WTCM Celestijnenlaan 300C 3001 Heverlee
You could trace it in the log file by setting the following in postgresql.conf log_connections = true log_timestamp = true log_pid = true You should be getting entries in the log file as - 2002-10-23 20:26:53 [18117] DEBUG: proc_exit(1) 2002-10-23 20:26:53 [18117] DEBUG: shmem_exit(1) 2002-10-23 20:26:53 [18117] DEBUG: exit(1) 2002-10-23 20:28:51 [18070] DEBUG: BackendStartup: forked pid=18130 socket=8 2002-10-23 20:28:51 [18130] DEBUG: connection: host=192.168.1.62 user=admin database=template1 /var/local/pgsql/bin/postmaster child[18130]: starting with (postgres -d3 -v131072 -p template1 ) Hope this helps. ----- Original Message ----- From: "Patrick Meylemans" <Patrick.Meylemans@wtcm.be> To: <pgsql-admin@postgresql.org> Sent: Thursday, October 24, 2002 6:06 PM Subject: [ADMIN] Errors in messages file > Dear, > > I'm receiving the following messages in the /var/log/message file : > > -> logger: verify_password: user 'Admin' not found in password file. > > We are running on RedHat7.0 > Postgresql7.1.3 > > How can I trace the IP adres of the client trying to connect as Admin to > our database ? > > Kind Regards > > Patrick Meylemans > > Manager ICS CRIF-WTCM > Celestijnenlaan 300C > 3001 Heverlee > > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster >
Dear, The problem is detected but the reason is still not clear. It seems that if one is connecting via a ODBC link from a winbox to a postgresql database the link first tries to connect via username Admin, see syslog : Oct 25 07:47:52 backbone logger: verify_password: user 'Admin' not found in password file. Oct 25 07:47:52 backbone logger: Password authentication failed for user 'Admin' Oct 25 07:47:52 backbone logger: 2002-10-25 07:47:52 [2938] DEBUG: connection: host=192.168.244.37 user=icsadmin database=ics_poll Oct 25 07:47:53 backbone logger: 2002-10-25 07:47:53 [2938] ERROR: Relation 'msysconf' does not exist Does anybody has a clue what the relation msyconf means ? With the settings in postgresql.conf as advised we found the problem thanks !! Kind regards Patrick At 19:32 24/10/2002 +0530, Mohan A wrote: >You could trace it in the log file by setting the following in >postgresql.conf > > >log_connections = true >log_timestamp = true >log_pid = true > >You should be getting entries in the log file as - > >2002-10-23 20:26:53 [18117] DEBUG: proc_exit(1) >2002-10-23 20:26:53 [18117] DEBUG: shmem_exit(1) >2002-10-23 20:26:53 [18117] DEBUG: exit(1) >2002-10-23 20:28:51 [18070] DEBUG: BackendStartup: forked pid=18130 >socket=8 >2002-10-23 20:28:51 [18130] DEBUG: connection: host=192.168.1.62 >user=admin database=template1 >/var/local/pgsql/bin/postmaster child[18130]: starting with >(postgres -d3 -v131072 -p template1 ) > >Hope this helps. > > >----- Original Message ----- >From: "Patrick Meylemans" <Patrick.Meylemans@wtcm.be> >To: <pgsql-admin@postgresql.org> >Sent: Thursday, October 24, 2002 6:06 PM >Subject: [ADMIN] Errors in messages file > > > > Dear, > > > > I'm receiving the following messages in the /var/log/message file : > > > > -> logger: verify_password: user 'Admin' not found in password file. > > > > We are running on RedHat7.0 > > Postgresql7.1.3 > > > > How can I trace the IP adres of the client trying to connect as Admin to > > our database ? > > > > Kind Regards > > > > Patrick Meylemans > > > > Manager ICS CRIF-WTCM > > Celestijnenlaan 300C > > 3001 Heverlee > > > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 4: Don't 'kill -9' the postmaster > > > > >---------------------------(end of broadcast)--------------------------- >TIP 2: you can get off all lists at once with the unregister command > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
"Patrick Meylemans" <Patrick.Meylemans@wtcm.be> wrote in message news:5.1.1.6.0.20021024143111.00aef110@server04.site04.wtcm.be... > How can I trace the IP adres of the client trying to connect as Admin to > our database ? This is a total guess, but maybe it will help until someone who knows the answer is able to help. Look in your postgresql.conf file ( on Mandrake 9.0, it's in /var/lib/pgsql/data ) and see what your debug_level is set to. There are also a couple switches in there that may help you with your problem, like log_connections. -BEP
On Thu, 24 Oct 2002, Patrick Meylemans wrote: > Dear, > > I'm receiving the following messages in the /var/log/message file : > > -> logger: verify_password: user 'Admin' not found in password file. > > We are running on RedHat7.0 > Postgresql7.1.3 > > How can I trace the IP adres of the client trying to connect as Admin to > our database ? Looks more like a system log message than a postgres one. Simple answer to the question whether it is or is to just fire up tcpdump with something like: tcpdump -i <external interface> port 5432 or port 23 or port 21 or port 69 or port 513 ... including as many port numbers as you think are at risk or likely to be probed. Of course this is a very simplistic approach and you probably need to run a security audit which should lead to you stopping even those attempts generating log messages on the target system (Also I like xinetd instead of the plain inetd) -- Nigel J. Andrews
Patrick Meylemans <Patrick.Meylemans@wtcm.be> wrote: >The problem is detected but the reason is still not clear. It seems that if >one is connecting via a ODBC link from a winbox to a postgresql database >the link first tries to connect via username Admin, see syslog : >Oct 25 07:47:52 backbone logger: verify_password: user 'Admin' not found in >password file. >Oct 25 07:47:52 backbone logger: Password authentication failed for user >'Admin' >Oct 25 07:47:52 backbone logger: 2002-10-25 07:47:52 >[2938] DEBUG: connection: host=192.168.244.37 user=icsadmin >database=ics_poll >Oct 25 07:47:53 backbone logger: 2002-10-25 07:47:53 >[2938] ERROR: Relation 'msysconf' does not exist > >Does anybody has a clue what the relation msyconf means ? I use Microsoft Access and i have created the msysconf table in my database. I am not sure if it only has to do with Microsoft Access or it is JET based (or something other). I will refer to Access in the rest of the post. By the way try to look for msysconf in the help file for Access if it is available for you. Normally Access stores the connection data and uses these the next time it links to a external table. If Access find a msysconf table in the database it is connecting to, it will check the parameters there. One of the options is to force Access to ask the user for the username and password. create a table msysconf and set the values as shown below: >>>>>>>>>>>>>>>>>>>>>>>>>>> (psql is used) database=# \d msysconf Table "msysconf" Column | Type | Modifiers ----------+------------------------+----------- config | smallint | not null chvalue | character varying(255) | nvalue | integer | comments | character varying(255) | database=# select * from msysconf; config | chvalue | nvalue | comments --------+---------+--------+---------- 101 | | 0 | (1 row) database=# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< A warning. The Access application (or whatever it is) will ask the user for the connection details, it has to be done some programming on the frontend side to get a pleasant login box. The details may not be all correct but i hope this will give you some idea/help. Regards -- Rolf