[rsyslog-notify] Forum Thread: Re: Facility and Severity tabs not posting - (Mode 'reply')

noreply at adiscon.com noreply at adiscon.com
Mon Jun 15 20:12:09 CEST 2015 

User: satya1225 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25693#p25693

Message: 
----------
[quote="dlang":1xkxfjsg]I don't know loganalyzer, but the default format
for writing a log to a file doesn't include the facility or severity
information, so if loganalyzer is reading from the files, that would be why
it's missing that info

what do the contents of the files look like?[/quote:1xkxfjsg]

Hi Dlang,

Kindly find the following content from the log file.

Jun 15 22:30:51 sgxhydsyslog kernel: imklog 5.8.10, log source = /proc/kmsg
started.
Jun 15 22:30:51 sgxhydsyslog rsyslogd: [origin software="rsyslogd"
swVersion="5.8.10" x-pid="60065" x-info="http://www.rsyslog.com"] start
Jun 15 22:31:14 sgxhydsyslog sshd[60076]: reverse mapping checking
getaddrinfo for sbsasupport.sgxhyd.local [192.168.8.51] failed - POSSIBLE
BREAK-IN ATTEMPT!
Jun 15 22:31:16 sgxhydsyslog sshd[60076]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=192.168.8.51  user=root
Jun 15 22:31:18 sgxhydsyslog sshd[60076]: Failed password for root from
192.168.8.51 port 58263 ssh2
Jun 15 22:31:25 sgxhydsyslog sshd[60076]: Failed password for root from
192.168.8.51 port 58263 ssh2
Jun 15 22:31:29 sgxhydsyslog sshd[60076]: Failed password for root from
192.168.8.51 port 58263 ssh2
Jun 15 22:31:32 sgxhydsyslog sshd[60076]: Failed password for root from
192.168.8.51 port 58263 ssh2
Jun 15 22:31:35 sgxhydsyslog sshd[60076]: Failed password for root from
192.168.8.51 port 58263 ssh2
Jun 15 22:31:38 sgxhydsyslog sshd[60077]: Disconnecting: Too many
authentication failures for root
Jun 15 22:31:38 sgxhydsyslog sshd[60076]: Failed password for root from
192.168.8.51 port 58263 ssh2
Jun 15 22:31:38 sgxhydsyslog sshd[60076]: PAM 5 more authentication
failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.8.51 
user=root
Jun 15 22:31:38 sgxhydsyslog sshd[60076]: PAM service(sshd) ignoring max
retries; 6 > 3
Jun 15 22:35:40 sgxhydsyslog kernel: Kernel logging (proc) stopped.
Jun 15 22:35:40 sgxhydsyslog rsyslogd: [origin software="rsyslogd"
swVersion="5.8.10" x-pid="60065" x-info="http://www.rsyslog.com"] exiting
on signal 15.
Jun 15 22:35:40 sgxhydsyslog kernel: imklog 5.8.10, log source = /proc/kmsg
started.
Jun 15 22:35:40 sgxhydsyslog rsyslogd: [origin software="rsyslogd"
swVersion="5.8.10" x-pid="60100" x-info="http://www.rsyslog.com"] start
Jun 15 22:35:59 sgxhydsyslog sshd[60110]: reverse mapping checking
getaddrinfo for sbsasupport.sgxhyd.local [192.168.8.51] failed - POSSIBLE
BREAK-IN ATTEMPT!
Jun 15 22:36:01 sgxhydsyslog sshd[60110]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=192.168.8.51  user=root
Jun 15 22:36:03 sgxhydsyslog sshd[60110]: Failed password for root from
192.168.8.51 port 58385 ssh2
Jun 15 22:36:07 sgxhydsyslog sshd[60110]: Failed password for root from
192.168.8.51 port 58385 ssh2
Jun 15 22:36:10 sgxhydsyslog sshd[60110]: Failed password for root from
192.168.8.51 port 58385 ssh2
Jun 15 22:36:13 sgxhydsyslog sshd[60110]: Failed password for root from
192.168.8.51 port 58385 ssh2
Jun 15 22:36:16 sgxhydsyslog sshd[60110]: Failed password for root from
192.168.8.51 port 58385 ssh2
Jun 15 22:36:19 sgxhydsyslog sshd[60111]: Disconnecting: Too many
authentication failures for root
Jun 15 22:36:19 sgxhydsyslog sshd[60110]: Failed password for root from
192.168.8.51 port 58385 ssh2
Jun 15 22:36:19 sgxhydsyslog sshd[60110]: PAM 5 more authentication
failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.8.51 
user=root
Jun 15 22:36:19 sgxhydsyslog sshd[60110]: PAM service(sshd) ignoring max
retries; 6 > 3
Jun 15 22:38:01 sgxhydsyslog kernel: Kernel logging (proc) stopped.
Jun 15 22:38:01 sgxhydsyslog rsyslogd: [origin software="rsyslogd"
swVersion="5.8.10" x-pid="60100" x-info="http://www.rsyslog.com"] exiting
on signal 15.
Jun 15 22:38:01 sgxhydsyslog kernel: imklog 5.8.10, log source = /proc/kmsg
started.
Jun 15 22:38:01 sgxhydsyslog rsyslogd: [origin software="rsyslogd"
swVersion="5.8.10" x-pid="60129" x-info="http://www.rsyslog.com"] start
Jun 15 22:38:12 sgxhydsyslog sshd[60138]: reverse mapping checking
getaddrinfo for sbsasupport.sgxhyd.local [192.168.8.51] failed - POSSIBLE
BREAK-IN ATTEMPT!
Jun 15 22:38:14 sgxhydsyslog sshd[60138]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=192.168.8.51  user=root
Jun 15 22:38:16 sgxhydsyslog sshd[60138]: Failed password for root from
192.168.8.51 port 58423 ssh2
Jun 15 22:38:19 sgxhydsyslog sshd[60138]: Failed password for root from
192.168.8.51 port 58423 ssh2
Jun 15 22:38:22 sgxhydsyslog sshd[60138]: Failed password for root from
192.168.8.51 port 58423 ssh2
Jun 15 22:38:25 sgxhydsyslog sshd[60138]: Failed password for root from
192.168.8.51 port 58423 ssh2
Jun 15 22:38:27 sgxhydsyslog sshd[60138]: Failed password for root from
192.168.8.51 port 58423 ssh2
Jun 15 22:38:33 sgxhydsyslog sshd[60139]: Disconnecting: Too many
authentication failures for root
Jun 15 22:38:33 sgxhydsyslog sshd[60138]: Failed password for root from
192.168.8.51 port 58423 ssh2
Jun 15 22:38:33 sgxhydsyslog sshd[60138]: PAM 5 more authentication
failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.8.51 
user=root
Jun 15 22:38:33 sgxhydsyslog sshd[60138]: PAM service(sshd) ignoring max
retries; 6 > 3
Jun 15 22:40:35 sgxhydsyslog kernel: Kernel logging (proc) stopped.
Jun 15 22:40:35 sgxhydsyslog rsyslogd: [origin software="rsyslogd"
swVersion="5.8.10" x-pid="60129" x-info="http://www.rsyslog.com"] exiting
on signal 15.
Jun 15 22:45:44 sgxhydsyslog kernel: imklog 5.8.10, log source = /proc/kmsg
started.
Jun 15 22:45:44 sgxhydsyslog rsyslogd: [origin software="rsyslogd"
swVersion="5.8.10" x-pid="60268" x-info="http://www.rsyslog.com"] start
Jun 15 23:39:35 sgxhydsyslog sshd[60414]: reverse mapping checking
getaddrinfo for sbsasupport.sgxhyd.local [192.168.8.51] failed - POSSIBLE
BREAK-IN ATTEMPT!
Jun 15 23:39:40 sgxhydsyslog sshd[60414]: Accepted password for root from
192.168.8.51 port 59160 ssh2
Jun 15 23:39:40 sgxhydsyslog sshd[60414]: pam_unix(sshd:session): session
opened for user root by (uid=0)

More information about the rsyslog-notify mailing list