mysterious IP in syslog

Christopher Barnard cbarnar1 at earthlink.net
Thu Jul 15 21:55:33 EDT 2010


We have a central syslog server in our environment.  Since every line in
a syslog entry includes the server name, we are able to determine which
server sent the alert.  However, we have one server that instead of a
hostname has a six-octet number.  This doesn't happen often, and most of
the time it is not anything bad (like this one), but when it does it is
baffling because we do not know where it is coming from...

Jul 13 22:05:32 [10.74.131.27.169.106] sshd[20280]: [ID 800047
auth.info] Accepted publickey for epicadm from 10.74.4.20 port 35428
ssh2

10.74. is definitely recognizable as an IP range we use.  10.74.131. is not
however.

The user 'epicadm' is not very descriptive because this is a group account
(yes, I know.  group account = evil) and that group account exists on almost
every server.

Any ideas how to track down the mysterious 10.74.131.27.169.106?

Christopher L. Barnard
-------------------
comment your code as if the maintainer is a homicidal maniac who knows where
you live.


More information about the sunmanagers mailing list