hello all,
looking in the poa-logs, I find the following strange behavior:
normally a user activity is logged as follows:
0922poa.051:14:53:53 576 C/S Login WebAccess ::GW Id=user ::
999.888.777.666 []
where 999.888.777.666 is the ip address of the user,[] are the ips of our gw-mailserver

but what's that:
0923poa.001:01:33:02 136 C/S Login Linux ::GW Id=user ::[]
0923poa.001:01:33:05 136 C/S Login Linux ::GW Id=user ::[]
..................lots of such entries...
is it an hacking attack???
thanks for answering