mysterious IP in syslog

Christopher Barnard cbarnar1 at
Thu Jul 15 21:55:33 EDT 2010

We have a central syslog server in our environment.  Since every line in
a syslog entry includes the server name, we are able to determine which
server sent the alert.  However, we have one server that instead of a
hostname has a six-octet number.  This doesn't happen often, and most of
the time it is not anything bad (like this one), but when it does it is
baffling because we do not know where it is coming from...

Jul 13 22:05:32 [] sshd[20280]: [ID 800047] Accepted publickey for epicadm from port 35428

10.74. is definitely recognizable as an IP range we use.  10.74.131. is not

The user 'epicadm' is not very descriptive because this is a group account
(yes, I know.  group account = evil) and that group account exists on almost
every server.

Any ideas how to track down the mysterious

Christopher L. Barnard
comment your code as if the maintainer is a homicidal maniac who knows where
you live.

More information about the sunmanagers mailing list