Hello,
Would anyone know why the syslog generated by SSHD is jumping around in
time?
The date/time tags are after all created by the syslog daemon, so the
date/time should be
monotonically increasing. Instead, I see this, with lines marked 03:00
coming after
lines marked 05:00 etc. I should probably mention that syslogd is
configured to "not flush"
the log after each line, but that should have not influence, shouldn't it?
Apr 16 02:30:03 MACHINE logrotate: postrotate
Apr 16 05:14:32 MACHINE sshd[1867]: Connection from ::ffff:127.0.0.1
port 43314
Apr 16 05:14:32 MACHINE sshd[1868]: Failed none for root from
::ffff:127.0.0.1 port 43314 ssh2
Apr 16 05:14:32 MACHINE sshd[1867]: Found matching RSA key:
b8:04:1c:94:1e:61:cd:0a:ca:df:3c:5b:b3:45:c6:8a
Apr 16 03:14:32 MACHINE sshd[1868]: Postponed publickey for root from
::ffff:127.0.0.1 port 43314 ssh2
Apr 16 05:14:33 MACHINE sshd[1867]: Found matching RSA key:
b8:04:1c:94:1e:61:cd:0a:ca:df:3c:5b:b3:45:c6:8a
Apr 16 03:14:33 MACHINE sshd[1868]: Accepted publickey for root from
::ffff:127.0.0.1 port 43314 ssh2
Apr 16 05:14:33 MACHINE sshd[1867]: Accepted publickey for root from
::ffff:127.0.0.1 port 43314 ssh2
Apr 16 05:16:49 MACHINE sshd[1867]: Connection closed by ::ffff:127.0.0.1
Apr 16 05:16:49 MACHINE sshd[1867]: Closing connection to ::ffff:127.0.0.1
Apr 16 09:15:13 MACHINE sshd[2685]: Connection from ::ffff:127.0.0.1
port 43369
Apr 16 09:15:13 MACHINE sshd[2686]: Failed none for root from
::ffff:127.0.0.1 port 43369 ssh2
Apr 16 09:15:13 MACHINE sshd[2685]: Found matching RSA key:
b8:04:1c:94:1e:61:cd:0a:ca:df:3c:5b:b3:45:c6:8a
Apr 16 07:15:13 MACHINE sshd[2686]: Postponed publickey for root from
::ffff:127.0.0.1 port 43369 ssh2
Apr 16 09:15:13 MACHINE sshd[2685]: Found matching RSA key:
b8:04:1c:94:1e:61:cd:0a:ca:df:3c:5b:b3:45:c6:8a
Apr 16 07:15:13 MACHINE sshd[2686]: Accepted publickey for root from
::ffff:127.0.0.1 port 43369 ssh2
Apr 16 09:15:13 MACHINE sshd[2685]: Accepted publickey for root from
::ffff:127.0.0.1 port 43369 ssh2
Apr 16 09:17:26 MACHINE sshd[2685]: Connection closed by ::ffff:127.0.0.1
Apr 16 09:17:26 MACHINE sshd[2685]: Closing connection to ::ffff:127.0.0.1
Apr 16 10:14:18 MACHINE sshd[2914]: Connection from ::ffff:XX.XX.XX.XX
port 49328
Apr 16 10:14:21 MACHINE sshd[2915]: Failed none for root from
::ffff:XX.XX.XX.XX port 49328 ssh2
Apr 16 08:14:48 MACHINE sshd[2915]: Accepted password for root from
::ffff:XX.XX.XX.XX port 49328 ssh2
Apr 16 10:14:48 MACHINE sshd[2914]: Accepted password for root from
::ffff:XX.XX.XX.XX port 49328 ssh2
Any help appreciated,
-- David
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
