[syslog-ng]syslog-ng 1.4.9a mixing up log sources?
Kent =?iso-8859-1?q?Engstr=F6m?=
kent@unit.liu.se
24 Nov 2000 16:24:24 +0100
Today, I upgraded to 1.4.9a on our Solaris log server. Some hours
later, my "logcheck clone" reported strange things; our webserver's
logs contained lines for netsrvm (part of the Mimer database). However, we
do not run Mimer on that machine, but on some others.
Sample log line (host names/IP:s changed):
Nov 24 13:29:08 web.example/web.example netsrvm[15501]: connect from mimerclient.example<30>sshd[9892]: log: Connection from 192.168.1.1 port 57733
The second part could be a correct entry for the web machine.
Please contact me personally if unmodified log lines are needed for
some debugging.
--
Kent Engström, Linköping University Incident Response Team
kent@unit.liu.se abuse@liu.se
+46 13 28 1744
UNIT, Linköping University; SE-581 83 LINKÖPING; SWEDEN