Apologies - I tried to post this in the Samba forum, but when ever I clicked on its link it would show me not logged in...strange or no posting allowed in there?

In any case, here is my question please:

I'm using Debian 5.0.4 Lenny with shell access only.

I've recently set up logwatch. I received an e-mail from 'Cron Daemon' stating:
subject: Cron test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
/etc/cron.daily/00logwatch:
Can't exec "/bin/sh": Argument list too long at /usr/sbin/logwatch line 853.
system 'cat /var/log/samba/log.0.0.0.0 /var/log/samba/log.7100s-eab3b1090 /var/log/samba/log
So I took a look into /var/log/samba/ and it contains 5782 files!
- 5194 are 0 bytes named with an IP at the end, for example: log.__ffff_123.456.789
- 248 are log.__ffff_* containing the same error over and over again
[2009/07/01 00:47:50, 0] lib/util_sock.c:get_peer_addr_internal(1676)
getpeername failed. Error was Transport endpoint is not connected
read_socket_with_timeout: client 0.0.0.0 read error = Connection reset by peer.
I read up on this error and it seems to have been related only to XP users connecting to the site (client's program by default trying a different port first). I read to add smb ports=139 to samba conf to fix this. I haven't done this since there hasn't been any new error files created (I'm presuming this has been fixed in some upgrade I did, no idea).

- 78 are various logs, all 0 bytes, each having unique, mostly strange names such as
log._0xbade5dee_
log.administrador
log.____-____
log.horizon
log.hotel-1a4dc9750
log.leonardo
log.moron
log.shrek
log.xiongzhi
- The balance of logs again are various unique names.
Containing either the error above, or log.momerdadd for example:
[2009/07/13 12:57:28, 1] smbd/service.c:make_connection(1288)
make_connection: refusing to connect with no session setup
- The largest files are 1MB.

- The only compressed files are 7: log.nmbd.1.gz - 7.

- The latest date on any of these files in July 19 2009.

- There has not been any new files created in this directory since then.

(There is also a sub directory /cores/smbd & /cores/nmbd both empty)


- So my questions are:
1. Should I be concerned with those strange names (log.____-____, log.shrek etc)?

2. How do I, or even should I, try to set those log.__ffff_* files to one log so it doesn't create a new one for every IP?

3. If I do logrotate with settings for example:
/var/log/samba/log.__ffff_* {

It is still going to leave those 1000's of 0 byte logs and if this were to happen again, endless amounts I imagine.

I imagine I could create a cron job to rm /var/log/samba/*log*

I don't know if this would be optimal tho and miss some important notifications.

4. Any idea why there hasn't been any new log files created since July 2009 - could it be because there are already over stuffed in there?
Or I'm just fortunate that there are no errors to log?
Or it could be because, if I recall correctly, I moved SSH port off of 22, and closed webmin around that time.

So I'm thinking is OK to just delete all.

Thank you for taking the time to read this.