Red Hat derivative OS: syslog & syslog-ng logging to /var/log/secure are mixing local time zone & UTC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Good day-

I have not encountered this issue under GNU/Linux Debian instances
that I mostly manage. However, managing an Red Hat derivative
instance, I noticed that syslog has been mixing the local time zone of
the server with the UTC when crackers attempt penetration. This causes
fail2ban to not block the attacking intruders on the initial few
counts since it "thinks" there is an 7 hour difference between
attacks.

I have gone to the extent of installing syslog-ng with no change in
the logging (as I am reading the extensive documentation). However I
had to ask if any of you might shed some light on the issue.

Mar 16 07:04:59 [myHostIP] sshd[4498]: User root from 190.41.147.107
not allowed []
Mar 16 14:04:59 [myHostIP] sshd[4499]: input_userauth_request: invalid user root
Mar 16 14:05:00 [myHostIP] sshd[4499]: Received disconnect from
190.41.147.107: 11: Bye Bye
Mar 16 07:07:24 [myHostIP] sshd[4517]: Did not receive identification
string from 143.248.156.63
Mar 16 07:13:08 [myHostIP] sshd[4519]: Did not receive identification
string from 216.7.131.210
Mar 16 07:17:46 [myHostIP] sshd[4521]: Did not receive identification
string from 210.70.140.17
Mar 16 08:31:17 [myHostIP] sshd[4550]: User root from
mmpcr05.kaist.ac.kr not allowed []
Mar 16 15:31:17 [myHostIP] sshd[4551]: input_userauth_request: invalid user root


Thanks in advance for any input.


-- 
Jose R R
http://www.metztli-it.com
---------------------------------------------------------------------------------------------
IBM Lotus Symphony supported on GNU/Linux, Mac OS, and Windows.
---------------------------------------------------------------------------------------------
Daylight Saving Time in USA & Canada starts: Sunday, March 13 2011
---------------------------------------------------------------------------------------------

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux