[syslog-ng]syslog-ng 1.4.9a mixing up log sources?

Kent =?iso-8859-1?q?Engstr=F6m?= kent@unit.liu.se
24 Nov 2000 16:24:24 +0100


Today, I upgraded to 1.4.9a on our Solaris log server. Some hours
later, my "logcheck clone" reported strange things; our webserver's
logs contained lines for netsrvm (part of the Mimer database). However, we
do not run Mimer on that machine, but on some others.

Sample log line (host names/IP:s changed):

Nov 24 13:29:08 web.example/web.example netsrvm[15501]: connect from mimerclient.example<30>sshd[9892]: log: Connection from 192.168.1.1 port 57733

The second part could be a correct entry for the web machine.

Please contact me personally if unmodified log lines are needed for
some debugging.

-- 
Kent Engström,		Linköping University Incident Response Team
kent@unit.liu.se  	abuse@liu.se
+46 13 28 1744

UNIT, Linköping University; SE-581 83  LINKÖPING; SWEDEN