On Apr 12, 2008, at 2:20 PM, NN_il_Confusionario wrote:
On Sat, Apr 12, 2008 at 09:24:30AM -0500, Hose wrote:installed package that is spitting out snort-esque emails to rootcheck cron jobs check active daemons check the complete headers of the e-mail (Since you can not find the log file, double check: is the email originating from that box? from another log-host?)
Well I went back through the mail server logs to identify the host and then the email headers, and then realized something - it WASN'T originating from the localhost. At first I thought it was, but then I completely misread the IP address in the headers. Doh.
FYI traced it down to an old WAP we use in legacy space that someone hacked to bits with openwrt, hence, the weird logs. Thanks.