We are new to Hughesnet since around Feb 2018
We have security concerns because some some sys_log entries had dates that were out of sequence
some appeared to be on dates 2 months before we began service
Example (from screenshot):
URL was 192.168.42.1/tmp/sys_log. (didn't capture rest)
[gratuitous_arp:125] dhclient gratuitous arp.
Dec 31 16:00:57 (none) daemon.info dhclient:
PRC: Renewing lease on eth0.2.
Dec 31 16:00:57 (none) daemon.info dhclient:
XMT: Rebew on eth0.2, interval 9830ms.
Dec 31 16:00:57 (none) daemon.info dhclient:
XMT: Renew on eth0.2, interval 18710ms.
Dec 31 16:00:57 (none) daemon.info dhclient:
RCV: Reply message on eth0.2 from
fe80::ff:fec5:e70a.
Dec 31 16:00:57 (none) daemon.info dhclient:
RCV: Reply message on eth0.2 from
fe80::ff:feC5:e70a.
Dec 31 16:01:00 (none) daemon.info dhclient:
[bind_lease:1581] dhclient bind lease.
Dec 31 16:01:00 (none) daemon.info dhclient:
bound to 100.67.144.98 renewal in 57
— —
seconds.
Mar 10 13:24:51 (none) daemon.info dhclient:
DHCPREQUEST on eth0.2 to 100.67.144.97 port 67
Mar 10 13:24:51 (none) daemon.info dhclient:
adapter index 6
Mar 10 13:24:51 (none) daemon.info dhclient:
adapter index 6
Mar 10 13:24:51 (none) daemon.info dhclient:
[send_request:2730] dhclient send request.
Mar 10 13:24:51 (none) daemon.info dhclient:
DHCPACK from 100.67.144.97
Mar 10 13:24:51 (none) daemon.info dhclient:
[dhcpack:1394] dhclient receive ack from
server(100.67.144.97).
Mar 10 13:24:51 (none) daemon.info dhclient:
[gratuitous_arp:125] dhclient gratuitous arp.
Mar 10 13:24:54 (none) daemon.info dhclient:
[bind_1ease:1581] dhclient bind lease.
Mar 10 13:24:54 (none) daemon.info dhclient:
bound to 100.67.144.98 seconds.
Mar 10 13:25:00 (none) daemon.info hostapd:
W10: STA bc:6c:2l:bb:f8:lb IEEE 802.11:
associated
Mar 10 13:25:00 (none) daemon.info hostapd:
-— renewal in 57
Why would dates from 2 months before we began service be in this log?
Can these logs be altered?
Does this mean someone altered them?
Also, we noticed logs suddently disappearing... apparently, wiped out.
Why would this happen?
Does this mean someone wiped them out?
Thanks.
