Where are "Log AttacLog" emails coming from...
On Apr 12, 2008, at 2:20 PM, NN_il_Confusionario wrote:
On Sat, Apr 12, 2008 at 09:24:30AM -0500, Hose wrote:
installed package that is spitting out snort-esque emails to root
check cron jobs
check active daemons
check the complete headers of the e-mail
(Since you can not find the log file, double check: is the email
originating from that box? from another log-host?)
Well I went back through the mail server logs to identify the host and
then the email headers, and then realized something - it WASN'T
originating from the localhost. At first I thought it was, but then I
completely misread the IP address in the headers. Doh.
FYI traced it down to an old WAP we use in legacy space that someone
hacked to bits with openwrt, hence, the weird logs. Thanks.
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org