Join Log in
Score:1
hYEOnOO null avatar Ubuntu

For reasons of unknown cause, a huge size of syslog continues to be created

cn flag
hYEOnOO null

I am struggling with huge syslog files that occur frequently. In only 24 hours, 740G files were created, and a lots of addresses were recorded.

Even similar domains and ip addresses appear repeatedly.

syslog, syslog.1, syslog.2.gz, syslog.3.gz, syslog.4.gz, syslog.5.gz, syslog.6.gz, syslog.7.gz Eight files have been created, all of which are 1.5T in size.

These huge files have filled the root mount, and they continue to produce the following errors.

bash: cannot create temp file for here-document: No space left on device

I'm sharing the log contents.

Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb691.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb691.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb691.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      haumea.vds.sh
Oct 28 00:41:45 bio507-3 vino-server[4958]: message repeated 2 times: [ 28/10/2021 00h 41m 45s      haumea.vds.sh]
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb691.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb691.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb691.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: message repeated 2 times: [ 28/10/2021 00h 41m 45s      45.12.6.88]
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      haumea.vds.sh
Oct 28 00:41:45 bio507-3 vino-server[4958]: message repeated 2 times: [ 28/10/2021 00h 41m 45s      haumea.vds.sh]
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb691.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb691.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb691.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      221.165.214.185
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      106.246.244.122
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      haumea.vds.sh
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      haumea.vds.sh
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb691.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: message repeated 2 times: [ 28/10/2021 00h 41m 45s      haumea.vds.sh]
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mandimichaelibws961.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mandimichaelibws961.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      106.246.244.122
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      176.111.173.12
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      176.111.173.12
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      haumea.vds.sh
Oct 28 00:41:45 bio507-3 vino-server[4958]: message repeated 2 times: [ 28/10/2021 00h 41m 45s      haumea.vds.sh]
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mandimichaelibws961.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mandimichaelibws961.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mandimichaelibws961.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      176.111.173.12
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      176.111.173.12
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      haumea.vds.sh
Oct 28 00:41:45 bio507-3 vino-server[4958]: message repeated 2 times: [ 28/10/2021 00h 41m 45s      haumea.vds.sh]
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mandimichaelibws961.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mandimichaelibws961.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      176.111.173.12
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      176.111.173.12
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      176.111.173.12
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      haumea.vds.sh
Oct 28 00:41:45 bio507-3 vino-server[4958]: message repeated 2 times: [ 28/10/2021 00h 41m 45s      haumea.vds.sh]
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mandimichaelibws961.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mandimichaelibws961.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mandimichaelibws961.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      176.111.173.12
Oct 28 00:41:45 bio507-3 vino-server[4958]: message repeated 2 times: [ 28/10/2021 00h 41m 45s      176.111.173.12]
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      haumea.vds.sh
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      haumea.vds.sh
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mandimichaelibws961.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mandimichaelibws961.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mandimichaelibws961.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      176.111.173.12
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      video.nowfc.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      176.111.173.12
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      176.111.173.12
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      haumea.vds.sh
Oct 28 00:41:45 bio507-3 vino-server[4958]: message repeated 2 times: [ 28/10/2021 00h 41m 45s      haumea.vds.sh]
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mandimichaelibws961.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mandimichaelibws961.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      45.12.6.88
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mitziejamelymb69.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      176.111.173.12
Oct 28 00:41:45 bio507-3 vino-server[4958]: message repeated 2 times: [ 28/10/2021 00h 41m 45s      176.111.173.12]
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      106.246.244.122
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      haumea.vds.sh
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      haumea.vds.sh
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      mandimichaelibws961.example.com
Oct 28 00:41:45 bio507-3 vino-server[4958]: 28/10/2021 00h 41m 45s      haumea.vds.sh

I doubt that this is related to hacking.

What do experts think?

I know that there is no problem with the system even if I delete these files, but I want to know the cause of the huge log file that continues to be generated even after deletion.

I am using Ubuntu version 18.04.

I don't want these huge log files to be created anymore. If hacking or other problems are the cause, please advise on how to solve them.

Thank you.

75
0 + 0
in flag
matigo
Have you seen [this similar question](https://askubuntu.com/q/1364457/1222991) and followed the suggestion at the bottom to limit the log file size?
0
Reply
cn flag
Rinzwind
vino-server is logging everything to it (actions, warnings,errors and critical notes) so change it to have it log for errors and critital only.
1
Reply
hYEOnOO null avatar
cn flag
hYEOnOO null
@Rinzwind I would like to change that. Do you know how can I change it?
0
Reply
hYEOnOO null avatar
cn flag
hYEOnOO null
@matigo The way to limit the size can prevent errors, but I don't think we can find the cause of the huge log file. Is there any additional process I have to do to find out the cause?
0
Reply
cn flag
Rinzwind
My prev. comment might be wrong: it is probably not vino itself but the fact connections are made to your system that triggers this (I am used to see these in access,log on apache). It is indeed not a hacker but it is a ddos attack; probably automated and not targeted at you specifically. The fix is likely outside of Ubuntu (block IPs not yours at your router for instance). A firewall on Ubuntu can block this too but the connection attempts are still going to reach your server clogging your internet line.
0
Reply
Score:1
sancho.s ReinstateMonicaCellio avatar Ubuntu
pl flag
sancho.s ReinstateMonicaCellio

You are likely being attacked. Are you behind some kind of firewall?

You better use VNC via SSH tunneling.

Related

  1. https://ubuntuforums.org/showthread.php?t=2362684
  2. https://forums.developer.nvidia.com/t/do-you-know-what-the-following-in-syslog-means/111348
  3. Is my Vino server being attacked?
0 + 0
hYEOnOO null avatar
cn flag
hYEOnOO null
Thank you. Your advice was very helpful. I got a big hint through link #2. I saw https://ubuntuforums.org/showthread.php?t=2362684 among the comments in the post, and I saw "world-reachable IP address (172.x.x.x)" in the article and checked it with my computer. As a result of checking, it was confirmed that the Docker installed on the computer was assigned a 172.x.x.x IP address, and the docker was stopped. Since then, logs have no longer accumulated. Thanks once again.
0
Reply
sancho.s ReinstateMonicaCellio avatar
pl flag
sancho.s ReinstateMonicaCellio
@hYEOnOOnull - Great! Your response is very good, and uncommon: Using the suggestions to further dig into the problem, finding the solution, and posting feedback with details. (I see all too often OPs waiting for a step-by-step list of instructions on what to do, with no signs of effort.) Cheers for that!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.