SUMMARY: mysterious IP in syslog

From: Christopher Barnard <>
Date: Sat Jul 17 2010 - 13:07:55 EDT
I asked

> We have a central syslog server in our environment.  Since every line in
> a syslog entry includes the server name, we are able to determine which
> server sent the alert.  However, we have one server that instead of a
> hostname has a six-octet number.  This doesn't happen often, and most of
> the time it is not anything bad (like this one), but when it does it is
> baffling because we do not know where it is coming from...
> Jul 13 22:05:32 [] sshd[20280]: [ID 800047
>] Accepted publickey for epicadm from port 35428
> ssh2
> 10.74. is definitely recognizable as an IP range we use.  10.74.131. is not
> however.
> The user 'epicadm' is not very descriptive because this is a group account
> (yes, I know.  group account = evil) and that group account exists on
> every server.
> Any ideas how to track down the mysterious

The answer:

Ah, the continuing clash between network administrators and system
administrators.  Thanks to the individual who pointed me to Cisco's FAQ page.
This is an issue that sysadmins bring up regularly and network admins have to
explain regularly.  All of the gory details are at

Thanks to:

Taylor, Matthew <>
Harka Gyozo <>
Charles Morris <>
Ric Anderson <ric@Opus1.COM>
Bill Voight <>

Christopher L. Barnard
comment your code as if the maintainer is a homicidal maniac who knows where
you live.
sunmanagers mailing list
Received on Sat Jul 17 13:09:22 2010

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:17 EST