-1

The /var/log/messages log file on our server is filled with endless lines of

May  5 11:10:38 crm xinetd[24532]: FAIL: check_mk address from=1.2.3.4

It seems to log every 3 minutes or so, the number after the xinetd changes, but the IP address is always the same one

Can anyone tell me why this is, what's causing it and how to stop it.

The OS is CentOS 5.3 x64

Thanks

fullybaked
  • 101
  • 5

2 Answers2

0

It would appear that you installed (but probably didn't configure?) Nagios and the check_mk plugin. The address you see belongs to APNIC Debogon Project in Brisbane, AU.

As for the stop it: read up on Nagios, check_mk and do it right.

P.S.: I gave you a downvote because given the information you provided it took me 2 minutes of googling to dig this up.

tink
  • 1,035
  • 11
  • 20
  • The likelihood that the address is actually `1.2.3.4` is pretty low. I am guessing he obfuscated the address, and just didn't use one of the ranges reserved for that purpose. – Zoredache May 08 '13 at 00:07
  • @Zoredache: that is indeed a possibility. Doesn't make a difference, though? The plugin needs to be configured properly. – tink May 08 '13 at 00:14
  • It makes a difference to your sentence about the `APNIC Debogon project` which is basically pointless, and almost certainly irrelevant, since this is just an obfuscated address. Or to put it differently, I only mentioned it, because you did. – Zoredache May 08 '13 at 00:15
  • Thanks. Having already googled this numerous times and got nothing useful, you are obviously a better googler than I. Yes I obfuscated the address, not knowing what this was I didn't want to just chuck the real data in to a public forum. And no I didn't install or configure anything, I've just ended up managing this server and trying to do the best I can. – fullybaked May 08 '13 at 07:53
0

You can start by looking at /etc/xinet.d/check_mk. It has both the settings as to what should be logged or not, and probably also indication of the monitoring server's IP address.

If you set disable = yes and restart xinetd that will turn off the agent port (6556) for good. You should really know who is trying to monitor your system though :)

Florian Heigl
  • 1,479
  • 12
  • 20