I have very strange problem. I set up puppet client on several servers but have problem with one of them.
When I invoke:
root#www ~ # puppet agent --server puppetmaster.domain.ltd --test
notice: Ignoring --listen on onetime run
info: Caching catalog for puppetclient.domain.ltd
info: Applying configuration version '1326444431'
notice: Finished catalog run in 3.15 seconds
everything works ok.
New changes are applied to system.
When I try to pull changes to client from server:
root#www ~ # puppet kick puppetclient.domain.ltd
I got errors on client's syslog:
Jan 15 14:01:23 www puppet-agent[20903]: triggered run
Jan 15 14:01:24 www puppet-agent[20903]: Could not retrieve catalog from remote server: Connection refused - connect(2)
Jan 15 14:01:24 www puppet-agent[20903]: Using cached catalog
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Cronapt/File[/etc/cron.daily/cronapt]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///cronapt/cronapt: Connection refused - connect(2) at /etc/puppet/modules/cronapt/manifests/init.pp:7
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/File[/usr/lib/nagios/plugins/]) Failed to generate additional resources using 'eval_generate: Connection refused - connect(2)
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/File[/usr/lib/nagios/plugins/]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///nagios/usr/lib/nagios/plugins: Connection refused - connect(2) at /etc/puppet/modules/nagios/manifests/init.pp:27
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/File[/etc/nagios/nrpe.cfg]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///nagios/etc/nagios/nrpe.cfg: Connection refused - connect(2) at /etc/puppet/modules/nagios/manifests/init.pp:18
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/Exec[/etc/init.d/nagios-nrpe-server reload]) Dependency File[/etc/nagios/nrpe.cfg] has failures: true
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/Exec[/etc/init.d/nagios-nrpe-server reload]) Skipping because of failed dependencies
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/File[/etc/apache2/conf.d/deny.conf]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///apache2/etc/apache2/conf.d/deny.conf: Connection refused - connect(2) at /etc/puppet/modules/apache2/manifests/init.pp:7
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/Service[apache2]) Dependency File[/etc/apache2/conf.d/deny.conf] has failures: true
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/Service[apache2]) Skipping because of failed dependencies
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/File[/etc/nagios/cfg.d/]) Failed to generate additional resources using 'eval_generate: Connection refused - connect(2)
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/File[/etc/nagios/cfg.d/]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///nagios/etc/nagios/cfg.d: Connection refused - connect(2) at /etc/puppet/modules/nagios/manifests/init.pp:37
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/File[/etc/apache2/.htpasswd]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///apache2/etc/apache2/.htpasswd: Connection refused - connect(2) at /etc/puppet/modules/apache2/manifests/init.pp:31
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/File[/usr/share/phpmyadmin/.htaccess]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///apache2/usr/share/phpmyadmin/.htaccess: Connection refused - connect(2) at /etc/puppet/modules/apache2/manifests/init.pp:23
Jan 15 14:01:24 www puppet-agent[20903]: Finished catalog run in 0.33 seconds
Jan 15 14:01:24 www puppet-agent[20903]: Could not send report: Connection refused - connect(2)
Here are configuration files at puppetclient.domain.ltd
puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
listen = true
runinterval=1800
splay=true
summarize = true
auth.conf:
path /
method find, search, save
auth yes
allow puppetmaster.domain.ltd
namespaceauth.conf
[fileserver]
allow *
[puppetmaster]
allow *
[puppetrunner]
allow *
[puppetbucket]
allow *
[puppetreports]
allow *
[resource]
allow *
Puppet master version 2.7.9
Puppet client version 2.7.6
Since you're specifying --server when running puppet agent, you should put this into the client's puppet.conf file as server = puppetmaster.domain.ltd under the [main] section. Otherwise the client will be trying to connect to the default host "puppet" when being kicked.
Related
What version of gRPC and what language are you using?
#grpc/grpc-js - 1.5.10
What operating system (Linux, Windows,...) and version?
server running in a docker container on azure cloud
What did you do?
I have created a grpc server with SSL. It is a test server, where I use self signed certificates for server. The connection between server and client works fine. But I enabled the debug and trace (tcp, http) logs on the server. I keep getting handshake failed error.
I0427 12:07:40.319067700 18 tcp_server_custom.cc:224] SERVER_CONNECT: 0x7f06409cf3a0 accepted connection: ipv4:10.92.0.9:52824
I0427 12:07:40.319239300 18 tcp_custom.cc:353] Creating TCP endpoint 0x7f0640c78430
I0427 12:07:40.319432800 18 tcp_custom.cc:174] TCP:0x7f0640c78430 read_allocation_done: "No Error"
I0427 12:07:40.319503900 18 tcp_custom.cc:191] Initiating read on 0x7f0640c78430: error="No Error"
I0427 12:07:40.331081600 18 tcp_custom.cc:127] TCP:0x7f0640afea60 call_cb 0x7f0641ed57e0 0x7f0640848b90:0x7f0641ed5610
I0427 12:07:40.331206000 18 tcp_custom.cc:131] read: error={"created":"#1651061260.331064200","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":106}
D0427 12:07:40.331327300 18 security_handshaker.cc:176] Security handshake failed: {"created":"#1651061260.331311100","description":"Handshake read failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":357,"referenced_errors":[{"created":"#1651061260.331064200","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":106}]}
I0427 12:07:40.331412400 18 tcp_custom.cc:287] TCP 0x7f0640afea60 shutdown why={"created":"#1651061260.331311100","description":"Handshake read failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":357,"referenced_errors":[{"created":"#1651061260.331064200","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":106}]}
D0427 12:07:40.331443800 18 chttp2_server.cc:122] Handshaking failed: {"created":"#1651061260.331311100","description":"Handshake read failed","file":"../deps/grpc/src/core/lib/security/transport/security_handshaker.cc","file_line":357,"referenced_errors":[{"created":"#1651061260.331064200","description":"EOF","file":"../deps/grpc/src/core/lib/iomgr/tcp_uv.cc","file_line":106}]}
### Anything else we should know about your project / environment?
I have an envoy proxy also running for the grpc server to make grpc-web requests.
Node version: node:14-alpine
We are using a webserver with ElasticBeanstalk from 2019.,
the platform is
tomcat 8.5 with java8 running on 64 bit Amazon Linux. httpd as proxy
recently (from Jan 30th) we started getting Service Unavailable issues if go to the endpoint from time to time. and if we refresh 2-3 times it will get resolved on its own.
then I download full logs. under elasticbeanstalk-error_log I can see
[Mon Feb 28 10:00:58.338035 2022] [proxy:error] [pid 14882:tid 139757313533696] (13)Permission denied: AH02454: HTTP: attempt to connect to Unix domain socket /var/run/httpd/ (localhost) failed
[Mon Feb 28 10:00:58.338078 2022] [proxy_http:error] [pid 14882:tid 139757313533696] [client <private-ip-here>:12566] AH01114: HTTP: failed to make connection to backend: httpd-UDS, referer: http://<custom-end-point>/1/<name.jsp>?s=sec$$4P!&refresh=300
[Mon Feb 28 10:43:40.663468 2022] [proxy:error] [pid 14882:tid 139757120071424] (13)Permission denied: AH02454: HTTP: attempt to connect to Unix domain socket /var/run/httpd/ (localhost) failed
[Mon Feb 28 10:43:40.663518 2022] [proxy_http:error] [pid 14882:tid 139757120071424] [client <private-ip-here>:21136] AH01114: HTTP: failed to make connection to backend: httpd-UDS
repeated multiple times from Jan30th.
and when I look at access.log
I can see 503 error log exactly at the same time when permission denied error logs in elasticbeanstalk-error_log
And I looked at the running process using ps -aux | grep HTTPd and ps -aux | grep tomcat
both are running from 2019 and have no restarts.
what more I can do to troubleshoot these issuesWe are running a web application written in Java(tomcat8) hosted in AWS ElastcBeanStalk
Some weeks back we started getting 503 error randomly
When we checked the elasticbeanstalk-erorr_logs
[Thu Mar 03 13:22:12.906144 2022] [proxy:error] [pid 14882:tid 139757338711808] (13)Permission denied: AH02454: HTTP: attempt to connect to Unix domain socket /var/run/httpd/ (localhost) failed
[Thu Mar 03 13:22:12.906202 2022] [proxy_http:error] [pid 14882:tid 139757338711808] [client 172.31.17.0:61382] AH01114: HTTP: failed to make connection to backend: httpd-UDS, referer: http://our-domain.com/1/callBackLog.jsp
The error logs are suggesting connection error with backend unix socket
When we checked in /var/run/httpd/ folder, there were no unix sockets(.sock files)
But in apache httpd config
<VirtualHost *:80>
<Proxy *>
Require all granted
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
the proxy backend is ip address not unix socket
As per the config httpd should connect to backend ip address(localhost:8080) but why is it complaining about unix socket
Have anyone faced similar issues?
============= UPDATE
The error logs are suggesting connection error with backend unix socket
When we checked in /var/run/httpd/ folder, there were no unix sockets(.sock files)
But in apache httpd config
<VirtualHost *:80>
<Proxy *>
Require all granted
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
the proxy backend is ip address not unix socket
As per the config httpd should connect to backend ip address(localhost:8080) but why is it complaining about unix socket
Have anyone faced similar issues?
rabbitmq has connected to my ports and everything looks good so far but when i try to connect to my localhost in browser im getting this error message:
The connection was reset
The connection to the server was reset while the page was loading.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web
so the first thing i did was go and look at my rabbitmq log and i see this:
Starting RabbitMQ 3.7.9 on Erlang 20.2.2
Copyright (C) 2007-2018 Pivotal Software, Inc.
Licensed under the MPL. See http://www.rabbitmq.com/
2019-09-15 08:06:51.710 [info] <0.240.0>
node : rabbit#bowzer
home dir : /var/lib/rabbitmq
config file(s) : (none)
cookie hash : XC8syc3LUBiQChoU4UJxPA==
log(s) : /var/log/rabbitmq/rabbit#bowzer.log
: /var/log/rabbitmq/rabbit#bowzer_upgrade.log
database dir : /var/lib/rabbitmq/mnesia/rabbit#bowzer
2019-09-15 08:06:52.982 [info] <0.248.0> Memory high watermark set to 6421 MiB (6733540556 bytes) of 16054 MiB (16833851392 bytes) total
2019-09-15 08:06:52.987 [info] <0.250.0> Enabling free disk space monitoring
2019-09-15 08:06:52.987 [info] <0.250.0> Disk free limit set to 50MB
2019-09-15 08:06:52.991 [info] <0.253.0> Limiting to approx 32668 file handles (29399 sockets)
2019-09-15 08:06:52.991 [info] <0.254.0> FHC read buffering: OFF
2019-09-15 08:06:52.991 [info] <0.254.0> FHC write buffering: ON
2019-09-15 08:06:52.993 [info] <0.240.0> Waiting for Mnesia tables for 30000 ms, 9 retries left
2019-09-15 08:06:53.164 [info] <0.240.0> Waiting for Mnesia tables for 30000 ms, 9 retries left
2019-09-15 08:06:53.164 [info] <0.240.0> Peer discovery backend rabbit_peer_discovery_classic_config does not support registration, skipping registration.
2019-09-15 08:06:53.165 [info] <0.240.0> Priority queues enabled, real BQ is rabbit_variable_queue
2019-09-15 08:06:53.219 [info] <0.278.0> Starting rabbit_node_monitor
2019-09-15 08:06:53.241 [info] <0.306.0> Making sure data directory '/var/lib/rabbitmq/mnesia/rabbit#bowzer/msg_stores/vhosts/628WB79CIFDYO9LJI6DKMI09L' for vhost '/' exists
2019-09-15 08:06:53.302 [info] <0.306.0> Starting message stores for vhost '/'
2019-09-15 08:06:53.303 [info] <0.310.0> Message store "628WB79CIFDYO9LJI6DKMI09L/msg_store_transient": using rabbit_msg_store_ets_index to provide index
2019-09-15 08:06:53.305 [info] <0.306.0> Started message store of type transient for vhost '/'
2019-09-15 08:06:53.306 [info] <0.313.0> Message store "628WB79CIFDYO9LJI6DKMI09L/msg_store_persistent": using rabbit_msg_store_ets_index to provide index
2019-09-15 08:06:53.308 [info] <0.306.0> Started message store of type persistent for vhost '/'
2019-09-15 08:06:53.312 [warning] <0.334.0> Setting Ranch options together with socket options is deprecated. Please use the new map syntax that allows specifying socket options separately from other options.
2019-09-15 08:06:53.313 [info] <0.348.0> started TCP listener on [::]:5672
2019-09-15 08:06:53.314 [info] <0.240.0> Setting up a table for connection tracking on this node: tracked_connection_on_node_rabbit#bowzer
2019-09-15 08:06:53.314 [info] <0.240.0> Setting up a table for per-vhost connection counting on this node: tracked_connection_per_vhost_on_node_rabbit#bowzer
2019-09-15 08:06:53.315 [info] <0.33.0> Application rabbit started on node rabbit#bowzer
2019-09-15 08:06:53.375 [notice] <0.86.0> Changed loghwm of /var/log/rabbitmq/rabbit#bowzer.log to 50
2019-09-15 08:06:53.540 [info] <0.5.0> Server startup complete; 0 plugins started.
2019-09-15 08:10:51.196 [info] <0.378.0> accepting AMQP connection <0.378.0> (127.0.0.1:55986 -> 127.0.0.1:5672)
2019-09-15 08:10:51.196 [error] <0.378.0> closing AMQP connection <0.378.0> (127.0.0.1:55986 -> 127.0.0.1:5672):
{bad_header,<<"GET / HT">>}
2019-09-15 08:13:26.916 [info] <0.385.0> accepting AMQP connection <0.385.0> (127.0.0.1:55990 -> 127.0.0.1:5672)
2019-09-15 08:13:26.916 [error] <0.385.0> closing AMQP connection <0.385.0> (127.0.0.1:55990 -> 127.0.0.1:5672):
{bad_header,<<"GET / HT">>}
2019-09-15 08:13:27.007 [info] <0.389.0> accepting AMQP connection <0.389.0> (127.0.0.1:55992 -> 127.0.0.1:5672)
2019-09-15 08:13:27.007 [error] <0.389.0> closing AMQP connection <0.389.0> (127.0.0.1:55992 -> 127.0.0.1:5672):
{bad_header,<<"GET /fav">>}
so i went and checked my ports and i get this:
sudo lsof -i -p -n | grep rabbitmq:
epmd 5687 rabbitmq 3u IPv4 59822 0t0 TCP *:4369 (LISTEN)
epmd 5687 rabbitmq 4u IPv6 59823 0t0 TCP *:4369 (LISTEN)
beam.smp 5892 rabbitmq 59u IPv4 57068 0t0 TCP *:25672 (LISTEN)
beam.smp 5892 rabbitmq 69u IPv6 58166 0t0 TCP *:5672 (LISTEN)
sudo service rabbitmq-server status:
● rabbitmq-server.service - RabbitMQ broker
Loaded: loaded (/lib/systemd/system/rabbitmq-server.service; enabled; vendor preset:
Active: active (running) since Sun 2019-09-15 07:53:32 MST; 2min 19s ago
Main PID: 875 (beam.smp)
Status: "Initialized"
Tasks: 90 (limit: 4915)
CGroup: /system.slice/rabbitmq-server.service
├─ 875 /usr/lib/erlang/erts-9.2/bin/beam.smp -W w -A 64 -P 1048576 -t 500000
├─1037 /usr/lib/erlang/erts-9.2/bin/epmd -daemon
├─1387 erl_child_setup 32768
├─1691 inet_gethost 4
└─1692 inet_gethost 4
Sep 15 07:53:27 bowzer rabbitmq-server[875]: ## ##
Sep 15 07:53:27 bowzer rabbitmq-server[875]: ## ## RabbitMQ 3.7.9. Copyright (C
Sep 15 07:53:27 bowzer rabbitmq-server[875]: ########## Licensed under the MPL. See
Sep 15 07:53:27 bowzer rabbitmq-server[875]: ###### ##
Sep 15 07:53:27 bowzer rabbitmq-server[875]: ########## Logs: /var/log/rabbitmq/rabb
Sep 15 07:53:27 bowzer rabbitmq-server[875]: /var/log/rabbitmq/rabb
Sep 15 07:53:27 bowzer rabbitmq-server[875]: Starting broker...
Sep 15 07:53:32 bowzer rabbitmq-server[875]: systemd unit for activation check: "rabbit
Sep 15 07:53:32 bowzer systemd[1]: Started RabbitMQ broker.
Sep 15 07:53:33 bowzer rabbitmq-server[875]: completed with 0 plugins.
i also noticed that when others download and install the server they get 'completed with 6 plugins' and mine started with 0 plugins.
Your browser is trying to talk HTTP on port 5672 which is the AMQP port of the RabbitMQ broker.
If you want to access the management console, enable the management plugin and access it on http://your-rabbitmq-host:15672/.
I am running into an interesting problem in regards to running nodejs on port 8080. I have a new EC2 instance running ubuntu 16.04, I've configured apache2 to run on port 80 and have a reserve proxy setup to switch the port to the nodejs server running inside the /public directory to port 8080. This works great but, my bundle.js package calls the server in order to be updated: http://myamazonelasticipaddress/sockjs-node/info?t=1486698514348 This continually fails and I am left with the following error messages:
Fri Feb 10 02:28:51.358580 2017] [proxy:error] [pid 19100:tid 140639517771520] AH00940: HTTP: disabled connection for (0.0.0.0)
[Fri Feb 10 02:43:57.689148 2017] [proxy:error] [pid 19101:tid 140639568127744] (111)Connection refused: AH00957: HTTP: attempt to connect to 0.0.0.0:8080 (0.0.0.0) failed
[Fri Feb 10 02:43:57.689205 2017] [proxy:error] [pid 19101:tid 140639568127744] AH00959: ap_proxy_connect_backend disabling worker for (0.0.0.0) for 60s
[Fri Feb 10 02:43:57.689211 2017] [proxy_http:error] [pid 19101:tid 140639568127744] [client 192.55.192.52:56715] AH01114: HTTP: failed to make connection to backend: 0.0.0.0
I thought my firewall might be blocking this but I've allowed all connections to this port through. I've double checked my iptables configs and can't find anything. I have a vagrant machine that does this exact same routing and I have no problem.
I have to be missing something simple, any thoughts or ideas?
So my AWS security group configurations were indeed correct. The culprit, was that I needed to add a custom TCP type in the security group to allow port 8080 for the socketjs-node to connect.
I have noticed numerous entries in Tomcat's local_access_log for various resources coming from IP address 127.0.0.1. These are clearly attempts to hack in. For example, here is a request to get access to the "manager" app:
127.0.0.1 - - [30/Apr/2015:13:35:13 +0000] "GET /manager/html HTTP/1.1" 401 2474
here is another one:
127.0.0.1 - - [30/Apr/2015:21:23:37 +0000] "POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" 404 1016
When decoded, the URL is this:
127.0.0.1 - - [30/Apr/2015:21:23:37 0000] "POST /cgi-bin/php?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env="yes" -d cgi.fix_pathinfo=1 -d auto_prepend_file=php://input -n HTTP/1.1" 404 1016
There are lots of such entries, all from IP address 127.0.0.1. Obviously, since this is the address of localhost, I can't block it. More over, I am not sure if there is something that I can do about it. Is there possibly an exploit that should be patched up? For instance, is there a version of Tomcat that has a related vulnerability? I am running Tomcat 8.
Much thanks for any advice!
UPDATE: thanks for the suggestion about a proxy. Turned out that httpd was indeed installed and not surprisingly, there are suspicious request. For example:
[Sat Mar 30 17:26:49 2013] [error] [client 5.34.247.59] Invalid URI in request GET /_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0
[Sat Mar 30 17:26:49 2013] [error] [client 5.34.247.59] Invalid URI in request GET /_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0
[Sat Mar 30 17:26:49 2013] [error] [client 5.34.247.59] Invalid URI in request GET /_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0
This is not a windows system so cmd.exe has not place for it...
If you have a proxy server running on your computer, that will often receive requests and then call the primary server using the localhost (127.0.0.1) interface.
This could explain why you're logging these requests.