Mar 12 04:38:38 edge-fw-01 nginx[13890]: session opened for user bwilliams
Mar 14 12:52:58 dc-backup-03 sshd[6401]: FAILED SU (to backup_svc) deployer on /dev/pts/28676
Mar 11 03:20:58 db-master auditd[21030]: FAILED SU (to deployer) deployer on /dev/pts/52018
Mar 13 05:11:54 db-master sshd[5092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.123.36 user=auditor
Mar 15 20:42:18 srv-prod-01 nginx[26989]: Connection closed by 10.4.61.56 port 62095 [preauth]
Mar 13 09:34:18 dc-backup-03 mysqld[26738]: Removed session 60056.
Mar 12 05:06:54 srv-prod-02 NetworkManager[27797]: mysqld[29668]: Aborted connection 29668 to db: 'production' user: 'app' host: 'localhost'
Mar 10 04:18:21 srv-prod-02 cron[12393]: cron[33077]: (jsmith) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 14 01:00:47 srv-prod-02 kernel[13923]: COMMAND=/usr/bin/systemctl restart nginx
Mar 15 15:15:59 srv-prod-02 sudo[21974]: auditd[5479]: Audit daemon rotating log files
Mar 12 17:41:34 db-master mysqld[9073]: cron[51644]: (deployer) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 17:20:10 log-collector nginx[20151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.83.183 user=nagios
Mar 11 22:54:20 srv-prod-01 NetworkManager[14306]: Accepted publickey for jsmith from 10.4.175.216 port 23717
Mar 10 14:04:03 srv-prod-01 NetworkManager[31023]: FAILED SU (to bwilliams) deployer on /dev/pts/41325
Mar 12 19:05:16 dc-backup-03 nginx[15880]: Connection closed by 10.4.164.13 port 24831 [preauth]
Mar 15 06:22:49 edge-fw-01 NetworkManager[10750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.59.196 user=deployer
Mar 12 03:53:50 srv-prod-01 mysqld[16114]: mysqld[49012]: Aborted connection 49012 to db: 'production' user: 'app' host: 'localhost'
Mar 14 14:12:16 db-master systemd[28767]: systemd[1]: Started Session 53831 of user nagios.
Mar 14 17:01:14 db-master systemd[5089]: COMMAND=/usr/bin/systemctl restart nginx
Mar 10 22:12:15 db-master rsyslogd[22112]: mysqld[52634]: Aborted connection 52634 to db: 'production' user: 'app' host: 'localhost'
Mar 14 15:32:34 db-master cron[6737]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 14 15:12:00 db-master auditd[28106]: systemd[1]: Started Session 32475 of user bwilliams.
Mar 12 05:07:28 edge-fw-01 mysqld[11018]: cron[5126]: (jsmith) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 23:14:30 db-master sshd[27403]: auditd[61748]: Audit daemon rotating log files
Mar 10 11:27:43 dc-backup-03 nginx[7160]: Connection closed by 10.4.132.145 port 57612 [preauth]
Mar 15 15:28:47 srv-prod-02 rsyslogd[31589]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 09:14:13 srv-prod-02 rsyslogd[13977]: mysqld[62112]: Aborted connection 62112 to db: 'production' user: 'app' host: 'localhost'
Mar 13 20:50:27 dc-backup-03 sshd[30688]: systemd[1]: Started Session 59263 of user nagios.
Mar 10 22:02:07 db-master NetworkManager[18441]: session opened for user nagios
Mar 10 17:57:14 log-collector mysqld[31511]: mysqld[38867]: Aborted connection 38867 to db: 'production' user: 'app' host: 'localhost'
Mar 14 19:26:42 dc-backup-03 kernel[10519]: Received disconnect from 10.4.25.181 port 6593:11: Bye Bye
Mar 15 16:49:33 log-collector rsyslogd[21291]: systemd[1]: Started Session 19173 of user backup_svc.
Mar 13 05:35:58 edge-fw-01 mysqld[13154]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 14 04:33:47 db-master sshd[28609]: Accepted publickey for backup_svc from 10.4.182.147 port 23865
Mar 15 18:29:46 log-collector cron[20962]: Received disconnect from 10.4.37.19 port 29932:11: Bye Bye
Mar 14 06:40:38 edge-fw-01 cron[29176]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 14 16:19:58 dc-backup-03 cron[31324]: systemd[1]: Started Session 22530 of user deployer.
Mar 11 13:31:48 db-master auditd[6238]: mysqld[61708]: Aborted connection 61708 to db: 'production' user: 'app' host: 'localhost'
Mar 15 06:40:01 db-master mysqld[18306]: COMMAND=/usr/bin/systemctl restart nginx
Mar 10 02:36:15 db-master cron[17111]: New session 36175 of user auditor.
Mar 14 00:56:52 db-master rsyslogd[25179]: session opened for user bwilliams
Mar 10 14:29:36 dc-backup-03 kernel[13137]: session opened for user backup_svc
Mar 13 18:13:14 dc-backup-03 cron[26864]: mysqld[61619]: Aborted connection 61619 to db: 'production' user: 'app' host: 'localhost'
Mar 15 16:34:48 log-collector sudo[25724]: session opened for user backup_svc
Mar 15 10:12:08 srv-prod-01 cron[13929]: Removed session 55820.
Mar 14 02:00:15 srv-prod-02 rsyslogd[18453]: mysqld[52618]: Aborted connection 52618 to db: 'production' user: 'app' host: 'localhost'
Mar 12 11:07:15 srv-prod-01 rsyslogd[14978]: cron[43381]: (deployer) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 14 03:54:32 srv-prod-01 nginx[5031]: cron[22525]: (root) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 06:45:29 srv-prod-01 mysqld[14122]: COMMAND=/usr/bin/systemctl restart nginx
Mar 13 06:24:48 edge-fw-01 cron[5582]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 15 19:25:36 dc-backup-03 systemd[7848]: COMMAND=/usr/bin/systemctl restart nginx
Mar 10 20:21:34 edge-fw-01 cron[29633]: FAILED SU (to auditor) deployer on /dev/pts/47181
Mar 13 21:15:05 edge-fw-01 auditd[11954]: Removed session 20153.
Mar 11 11:22:50 srv-prod-01 auditd[4790]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 15 19:02:42 db-master systemd[28470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.64.101 user=bwilliams
Mar 10 05:34:38 log-collector auditd[26090]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 11 09:11:33 dc-backup-03 nginx[13376]: Accepted publickey for deployer from 10.4.2.88 port 60931
Mar 13 02:02:57 log-collector sudo[21429]: Accepted publickey for root from 10.4.210.181 port 45782
Mar 12 17:55:52 dc-backup-03 auditd[31115]: Removed session 14441.
Mar 12 03:02:12 db-master sshd[19357]: Removed session 64942.
Mar 10 08:09:31 edge-fw-01 kernel[7833]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 12 20:16:43 srv-prod-01 NetworkManager[15853]: systemd[1]: Started Session 7738 of user auditor.
Mar 12 06:59:01 db-master sshd[14492]: New session 39819 of user auditor.
Mar 15 21:55:38 srv-prod-01 rsyslogd[23677]: Removed session 18071.
Mar 12 19:32:29 dc-backup-03 mysqld[9834]: auditd[36189]: Audit daemon rotating log files
Mar 12 17:47:57 edge-fw-01 cron[5449]: Connection closed by 10.4.220.181 port 16564 [preauth]
Mar 10 20:27:51 srv-prod-01 cron[19348]: Received disconnect from 10.4.69.228 port 13904:11: Bye Bye
Mar 12 23:49:53 dc-backup-03 systemd[7655]: session opened for user auditor
Mar 10 16:31:13 edge-fw-01 mysqld[16397]: Received disconnect from 10.4.129.195 port 35280:11: Bye Bye
Mar 11 12:18:48 srv-prod-01 nginx[15729]: Connection closed by 10.4.57.188 port 16361 [preauth]
Mar 14 00:39:58 dc-backup-03 systemd[31870]: Accepted publickey for root from 10.4.60.184 port 1576
Mar 13 00:11:34 srv-prod-02 mysqld[13972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.212.164 user=nagios
Mar 10 08:04:41 srv-prod-02 cron[6583]: mysqld[64586]: Aborted connection 64586 to db: 'production' user: 'app' host: 'localhost'
Mar 12 14:29:08 dc-backup-03 cron[9799]: session opened for user nagios
Mar 13 22:37:53 srv-prod-01 rsyslogd[9916]: cron[46253]: (root) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 11 17:41:04 edge-fw-01 rsyslogd[21361]: session opened for user jsmith
Mar 11 04:48:17 srv-prod-01 rsyslogd[16257]: Received disconnect from 10.4.26.245 port 42592:11: Bye Bye
Mar 11 23:24:16 db-master auditd[31582]: mysqld[32131]: Aborted connection 32131 to db: 'production' user: 'app' host: 'localhost'
Mar 10 15:53:19 srv-prod-02 nginx[5723]: auditd[25481]: Audit daemon rotating log files
Mar 15 20:43:13 srv-prod-01 cron[14736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.68.214 user=root
Mar 10 06:19:24 srv-prod-01 auditd[15143]: Received disconnect from 10.4.213.160 port 4406:11: Bye Bye
Mar 11 17:25:28 srv-prod-02 sshd[22390]: cron[1810]: (jsmith) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 14 10:49:50 edge-fw-01 kernel[13809]: COMMAND=/usr/bin/systemctl restart nginx
Mar 13 17:37:01 edge-fw-01 sudo[12107]: session opened for user root
Mar 10 15:15:08 db-master sshd[27146]: FAILED SU (to nagios) deployer on /dev/pts/4951
Mar 14 14:05:12 srv-prod-01 sudo[26516]: auditd[15192]: Audit daemon rotating log files
Mar 11 17:52:24 log-collector NetworkManager[2351]: New session 8177 of user jsmith.
Mar 13 15:09:11 dc-backup-03 mysqld[1817]: Accepted publickey for deployer from 10.4.227.20 port 43955
Mar 12 23:26:50 srv-prod-01 rsyslogd[17252]: Accepted publickey for auditor from 10.4.237.182 port 51714
Mar 10 15:53:00 dc-backup-03 systemd[9415]: Connection closed by 10.4.141.207 port 64227 [preauth]
Mar 11 07:48:19 srv-prod-02 kernel[29076]: systemd[1]: Started Session 65142 of user deployer.
Mar 13 00:09:21 db-master nginx[8034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.37.24 user=bwilliams
Mar 15 21:46:01 dc-backup-03 sudo[9899]: New session 63568 of user auditor.
Mar 11 12:39:01 srv-prod-02 auditd[23098]: COMMAND=/usr/bin/systemctl restart nginx
Mar 10 07:59:08 srv-prod-01 sudo[14401]: Connection closed by 10.4.161.91 port 21720 [preauth]
Mar 14 00:43:08 log-collector mysqld[12303]: systemd[1]: Started Session 48223 of user nagios.
Mar 13 01:08:06 log-collector cron[19840]: Accepted publickey for nagios from 10.4.139.90 port 8360
Mar 14 02:10:51 edge-fw-01 nginx[18710]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 13 08:30:35 db-master auditd[26924]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 00:32:33 edge-fw-01 nginx[11222]: systemd[1]: Started Session 25886 of user jsmith.
Mar 13 21:35:05 db-master sshd[4589]: New session 16144 of user root.
Mar 14 04:05:27 srv-prod-01 auditd[2429]: systemd[1]: Started Session 56491 of user deployer.
Mar 14 06:25:38 srv-prod-02 systemd[21490]: cron[51099]: (nagios) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 17:17:32 edge-fw-01 sshd[9861]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 14 16:26:20 srv-prod-02 kernel[15145]: systemd[1]: Started Session 15704 of user nagios.
Mar 10 05:12:47 log-collector kernel[17110]: cron[12045]: (backup_svc) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 00:56:13 srv-prod-01 sshd[8137]: auditd[60180]: Audit daemon rotating log files
Mar 13 07:50:18 edge-fw-01 sudo[24406]: cron[35036]: (root) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 10 00:33:33 db-master cron[26169]: New session 41144 of user jsmith.
Mar 10 00:37:54 edge-fw-01 rsyslogd[4025]: mysqld[27644]: Aborted connection 27644 to db: 'production' user: 'app' host: 'localhost'
Mar 11 04:43:31 edge-fw-01 rsyslogd[31599]: COMMAND=/usr/bin/systemctl restart nginx
Mar 14 23:29:47 srv-prod-01 auditd[21243]: cron[51705]: (backup_svc) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 09:34:53 db-master auditd[31893]: Accepted publickey for root from 10.4.139.204 port 49065
Mar 10 01:01:58 db-master NetworkManager[27736]: New session 17076 of user deployer.
Mar 13 03:56:06 srv-prod-02 sudo[28362]: cron[17345]: (bwilliams) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 10 10:05:42 log-collector mysqld[19195]: New session 35324 of user root.
Mar 11 18:51:19 srv-prod-02 nginx[1595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.67.85 user=backup_svc
Mar 10 11:13:20 dc-backup-03 auditd[8837]: auditd[1812]: Audit daemon rotating log files
Mar 13 18:38:38 db-master nginx[10285]: systemd[1]: Started Session 22103 of user deployer.
Mar 11 22:03:06 srv-prod-02 nginx[19039]: session opened for user auditor
Mar 11 22:49:34 log-collector NetworkManager[4001]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 11 16:28:38 dc-backup-03 sshd[26134]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 11 01:33:22 srv-prod-01 sudo[30073]: Received disconnect from 10.4.247.229 port 26653:11: Bye Bye
Mar 11 14:14:50 log-collector systemd[12747]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 11 11:29:01 srv-prod-01 kernel[10655]: session opened for user deployer
Mar 11 17:44:21 srv-prod-01 auditd[18988]: Accepted publickey for nagios from 10.4.25.198 port 37725
Mar 15 10:22:36 log-collector auditd[10399]: session opened for user root
Mar 13 19:11:14 edge-fw-01 auditd[9667]: session opened for user root
Mar 14 07:33:09 srv-prod-01 cron[3839]: Connection closed by 10.4.14.22 port 9398 [preauth]
Mar 11 06:57:08 log-collector auditd[25084]: New session 60489 of user backup_svc.
Mar 10 20:57:16 dc-backup-03 sshd[24439]: Received disconnect from 10.4.90.23 port 9222:11: Bye Bye
Mar 12 07:52:49 dc-backup-03 nginx[24937]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 12 20:11:57 edge-fw-01 systemd[15411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.186.12 user=deployer
Mar 10 03:39:05 srv-prod-01 mysqld[8752]: FAILED SU (to auditor) deployer on /dev/pts/26112
Mar 15 06:46:19 srv-prod-02 nginx[28700]: Connection closed by 10.4.185.191 port 53357 [preauth]
Mar 13 02:31:26 srv-prod-02 mysqld[6540]: Received disconnect from 10.4.90.143 port 64010:11: Bye Bye
Mar 11 14:42:11 srv-prod-01 NetworkManager[15845]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 13 11:59:44 srv-prod-02 kernel[14113]: auditd[47134]: Audit daemon rotating log files
Mar 14 14:56:26 edge-fw-01 NetworkManager[18884]: mysqld[63702]: Aborted connection 63702 to db: 'production' user: 'app' host: 'localhost'
Mar 14 09:30:29 log-collector kernel[3638]: mysqld[52804]: Aborted connection 52804 to db: 'production' user: 'app' host: 'localhost'
Mar 12 00:02:26 db-master nginx[4566]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 11 04:15:20 srv-prod-02 nginx[9908]: mysqld[20772]: Aborted connection 20772 to db: 'production' user: 'app' host: 'localhost'
Mar 15 12:35:09 srv-prod-01 mysqld[5941]: Accepted publickey for root from 10.4.79.186 port 28501
Mar 12 19:47:48 dc-backup-03 nginx[6361]: FAILED SU (to auditor) deployer on /dev/pts/56302
Mar 13 21:44:17 log-collector cron[10275]: auditd[2150]: Audit daemon rotating log files
Mar 15 19:31:49 db-master cron[18914]: COMMAND=/usr/bin/systemctl restart nginx
Mar 10 21:27:14 dc-backup-03 rsyslogd[8384]: systemd[1]: Started Session 17347 of user nagios.
Mar 14 05:46:04 dc-backup-03 rsyslogd[17935]: Received disconnect from 10.4.74.129 port 58330:11: Bye Bye
Mar 13 12:16:55 dc-backup-03 cron[1599]: auditd[2544]: Audit daemon rotating log files
Mar 10 05:52:56 srv-prod-02 nginx[11190]: FAILED SU (to auditor) deployer on /dev/pts/12934
Mar 11 00:07:45 dc-backup-03 rsyslogd[2669]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 07:31:09 log-collector NetworkManager[24380]: Accepted publickey for backup_svc from 10.4.244.136 port 28803
Mar 11 05:03:44 db-master sudo[4441]: COMMAND=/usr/bin/systemctl restart nginx
Mar 14 01:05:05 srv-prod-01 sshd[10044]: auditd[41846]: Audit daemon rotating log files
Mar 13 03:15:06 edge-fw-01 cron[23605]: auditd[62417]: Audit daemon rotating log files
Mar 15 17:26:02 srv-prod-01 auditd[25550]: auditd[50957]: Audit daemon rotating log files
Mar 12 21:45:39 log-collector NetworkManager[2668]: auditd[62621]: Audit daemon rotating log files
Mar 12 20:29:52 dc-backup-03 sshd[11769]: Received disconnect from 10.4.26.149 port 43492:11: Bye Bye
Mar 13 10:14:21 log-collector cron[6427]: Received disconnect from 10.4.31.20 port 14526:11: Bye Bye
Mar 14 16:43:55 db-master sshd[15537]: mysqld[11933]: Aborted connection 11933 to db: 'production' user: 'app' host: 'localhost'
Mar 14 01:45:14 edge-fw-01 cron[4668]: Connection closed by 10.4.36.200 port 31693 [preauth]
Mar 14 03:49:39 srv-prod-02 kernel[28354]: Connection closed by 10.4.8.142 port 46260 [preauth]
Mar 14 20:24:16 srv-prod-01 NetworkManager[17069]: Connection closed by 10.4.174.153 port 58637 [preauth]
Mar 11 01:28:56 srv-prod-01 sshd[19338]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 21:46:45 dc-backup-03 sudo[13004]: Received disconnect from 10.4.205.74 port 36874:11: Bye Bye
Mar 10 05:41:16 dc-backup-03 systemd[29446]: Removed session 3086.
Mar 13 05:10:52 db-master sshd[13802]: Accepted publickey for auditor from 10.4.197.35 port 15001
Mar 13 17:22:54 edge-fw-01 sudo[9505]: Connection closed by 10.4.99.155 port 44860 [preauth]
Mar 15 21:22:04 log-collector cron[21307]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 12 22:47:56 dc-backup-03 sshd[3930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.148.218 user=jsmith
Mar 12 04:24:04 srv-prod-01 systemd[16739]: session opened for user backup_svc
Mar 15 16:49:16 srv-prod-02 nginx[26617]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 15 03:39:34 db-master kernel[8278]: mysqld[50048]: Aborted connection 50048 to db: 'production' user: 'app' host: 'localhost'
Mar 14 02:14:01 srv-prod-01 auditd[10877]: session opened for user bwilliams
Mar 10 10:54:14 srv-prod-01 mysqld[5828]: session opened for user nagios
Mar 12 22:35:24 edge-fw-01 systemd[10528]: cron[48189]: (root) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 14 10:14:19 srv-prod-01 sshd[3972]: Received disconnect from 10.4.171.223 port 62347:11: Bye Bye
Mar 12 15:26:16 edge-fw-01 NetworkManager[6094]: auditd[8789]: Audit daemon rotating log files
Mar 13 03:20:30 dc-backup-03 mysqld[19081]: COMMAND=/usr/bin/systemctl restart nginx
Mar 10 04:34:49 edge-fw-01 sudo[30682]: Accepted publickey for backup_svc from 10.4.196.235 port 57662
Mar 11 18:23:48 db-master cron[17310]: New session 9804 of user bwilliams.
Mar 13 20:02:48 db-master sudo[27610]: Removed session 11166.
Mar 10 04:18:50 log-collector mysqld[15258]: systemd[1]: Started Session 26147 of user jsmith.
Mar 13 14:09:02 edge-fw-01 cron[3118]: FAILED SU (to auditor) deployer on /dev/pts/51694
Mar 14 14:07:23 dc-backup-03 sudo[27394]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 13 21:46:03 edge-fw-01 mysqld[4201]: COMMAND=/usr/bin/systemctl restart nginx
Mar 10 05:56:28 srv-prod-01 nginx[27913]: systemd[1]: Started Session 35763 of user bwilliams.
Mar 13 21:11:24 db-master kernel[6308]: session opened for user nagios
Mar 13 21:33:25 edge-fw-01 kernel[30278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.67.198 user=bwilliams
Mar 10 14:26:27 srv-prod-01 sudo[5459]: systemd[1]: Started Session 20701 of user nagios.
Mar 11 04:30:04 log-collector systemd[28355]: mysqld[45797]: Aborted connection 45797 to db: 'production' user: 'app' host: 'localhost'
Mar 13 15:26:44 db-master kernel[12735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.54.187 user=bwilliams
Mar 15 16:53:30 edge-fw-01 sshd[2707]: New session 29285 of user jsmith.
Mar 14 12:37:43 srv-prod-01 mysqld[6779]: COMMAND=/usr/bin/systemctl restart nginx
Mar 12 00:22:50 db-master rsyslogd[23521]: session opened for user auditor
Mar 14 13:47:05 db-master sudo[11727]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 10 10:12:43 dc-backup-03 auditd[25178]: Removed session 51913.
Mar 14 19:56:29 dc-backup-03 mysqld[24287]: Connection closed by 10.4.15.189 port 32067 [preauth]
Mar 10 18:45:55 db-master nginx[8904]: session opened for user bwilliams
Mar 11 12:47:53 log-collector systemd[15923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.217.47 user=jsmith
Mar 11 20:09:30 srv-prod-01 sudo[4487]: Accepted publickey for jsmith from 10.4.16.181 port 12562
Mar 13 13:38:07 edge-fw-01 kernel[4493]: Connection closed by 10.4.95.167 port 59154 [preauth]
Mar 14 17:23:07 db-master auditd[9788]: systemd[1]: Started Session 11353 of user root.
Mar 12 05:06:53 srv-prod-01 systemd[19959]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 11 00:57:11 db-master NetworkManager[14540]: cron[12766]: (nagios) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 05:43:25 srv-prod-01 sshd[17235]: systemd[1]: Started Session 59382 of user root.
Mar 10 14:29:56 srv-prod-01 systemd[25886]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 11 14:56:49 dc-backup-03 sshd[30103]: session opened for user auditor
Mar 11 05:26:53 dc-backup-03 nginx[7014]: Connection closed by 10.4.75.150 port 14018 [preauth]
Mar 10 14:10:36 edge-fw-01 auditd[26641]: systemd[1]: Started Session 56913 of user deployer.
Mar 14 07:36:02 dc-backup-03 nginx[14031]: cron[1373]: (jsmith) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 14 23:39:52 srv-prod-01 rsyslogd[11651]: Received disconnect from 10.4.41.226 port 23948:11: Bye Bye
Mar 11 14:44:10 srv-prod-02 NetworkManager[17163]: auditd[15760]: Audit daemon rotating log files
Mar 14 03:52:24 log-collector sshd[12405]: COMMAND=/usr/bin/systemctl restart nginx
Mar 13 01:08:53 edge-fw-01 sudo[24544]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 11 14:55:10 dc-backup-03 mysqld[22119]: Received disconnect from 10.4.166.85 port 55029:11: Bye Bye
Mar 14 23:40:37 edge-fw-01 sshd[1766]: FAILED SU (to jsmith) deployer on /dev/pts/18376
Mar 12 00:26:47 edge-fw-01 sshd[12907]: Connection closed by 10.4.220.140 port 29522 [preauth]
Mar 15 22:59:06 srv-prod-02 rsyslogd[28603]: New session 1694 of user jsmith.
Mar 10 11:49:52 srv-prod-02 rsyslogd[29905]: systemd[1]: Started Session 51594 of user root.
Mar 14 01:37:14 srv-prod-02 mysqld[30450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.72.67 user=root
Mar 10 05:15:22 srv-prod-02 mysqld[2334]: Accepted publickey for jsmith from 10.4.64.53 port 12382
Mar 10 03:39:56 dc-backup-03 nginx[8413]: cron[23571]: (backup_svc) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 10 07:54:25 db-master NetworkManager[17524]: New session 45781 of user bwilliams.
Mar 14 06:48:49 srv-prod-02 nginx[7315]: COMMAND=/usr/bin/systemctl restart nginx
Mar 11 18:27:08 db-master sshd[27602]: session opened for user auditor
Mar 14 20:14:07 dc-backup-03 nginx[28251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.145.192 user=bwilliams
Mar 10 14:49:21 edge-fw-01 mysqld[20609]: auditd[39020]: Audit daemon rotating log files
Mar 11 01:07:09 edge-fw-01 systemd[17266]: COMMAND=/usr/bin/systemctl restart nginx
Mar 14 11:17:10 srv-prod-01 auditd[30701]: Accepted publickey for root from 10.4.124.118 port 21273
Mar 12 20:05:36 edge-fw-01 mysqld[30546]: COMMAND=/usr/bin/systemctl restart nginx
Mar 14 04:11:25 log-collector systemd[3490]: Connection closed by 10.4.253.204 port 7432 [preauth]
Mar 15 12:08:27 edge-fw-01 mysqld[9980]: mysqld[16236]: Aborted connection 16236 to db: 'production' user: 'app' host: 'localhost'
Mar 15 12:16:24 srv-prod-02 sshd[30402]: Accepted publickey for jsmith from 10.4.171.219 po