Incorrect IP address in syslog when logging commands in Unix

Lee, Winston Winston.Lee at commscope.com
Thu May 19 11:18:38 EST 2011


Hi All,

I've turned on logging in the sshd_config file and it now logs all commands, which is great. The trouble is, the source IP address in the log is always the same, regardless of where I log in from.

e.g.
In syslog,

"May 19 10:58:11 n1 audit: [ID 702911 audit.notice] execve(2) ok session 3800170877 by emob as root:root from 1.2.3.4 obj /usr/bin/less"

IP address 1.2.3.4 doesn't change at all... This could jolly well be the IP address of the machine that was first used to connect using ssh.

I'm not sure if this is an ssh problem but telnet seems to show the right address...

Using OpenSSH 5.3

Cheers,
Winston


More information about the openssh-unix-dev mailing list