[Logwatch] Martian Source entries in LogWatch, where are they in the real logs?

NWCWEB Administration nwcwebadmin at nwcweb.com
Tue Apr 27 06:10:31 MST 2004


	We've been getting these 'martian source' notes
in our LogWatch reports lately and so far most of them
have come from IP's we can't go after to get them stopped.

	Finally on one specific day they came from an IP
set that we can actually go after and get a resolution,
but we need specific log extracts that we're not finding
from LogWatch.  Not that LW needs to tell us all the 
time, but what logs are being drawn from in relation to
any 'Kernel' entries where the martian references are
showing up?

	We've checked all the stock logs for the box (RH Linux)
and programs operating, mail server, error logs, etc.  but
so far no specific references that contain 'martian' or 
that have the IP's in question showing that we can extract.

	Anyone who might have a clue as to where we should
be looking - fire away!


