I cannot say how wide spread this issue is within the logging mechanism itself but I can for sure prove that about 1 in 10 times of someone logging in to or failing to log in to the admin / management console of 9.x (various versions) but tested extensively on 9.207-19 that their IP address and or username will not be correctly logged. Instead the IP address or username of another person that has used the same URL will be logged instead.
Example:
My counter part logs in to the admin screen from his desktop 192.168.1.1 with the username user1
I do the same from my desktop 192.168.1.2 with the username user2
the log looks like the following for my event:
srcip="192.168.1.2" user="user1" caller="webadmin"
Best I can tell this is totally random. It will even shoot off emails with the wrong username on login failure.
Example: I go to login with username "user2" and fail authentication and an email will get kicked off saying "user1" failed to login.
Again, totally random and happens about one in ten times.
Now the real issue, is this wide spread throughout the logging system? Have we used logs while investigating other issues that might have been wrong...
This thread was automatically locked due to age.
