Mar 12 07:14:08 log-collector NetworkManager[4358]: cron[49622]: (backup_svc) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 10 02:13:14 srv-prod-01 NetworkManager[20726]: Received disconnect from 10.4.152.109 port 3106:11: Bye Bye
Mar 14 13:14:28 srv-prod-01 kernel[10115]: New session 46986 of user jsmith.
Mar 11 06:48:21 edge-fw-01 cron[4039]: Accepted publickey for backup_svc from 10.4.109.88 port 19234
Mar 12 01:46:29 edge-fw-01 cron[5090]: Received disconnect from 10.4.217.89 port 40589:11: Bye Bye
Mar 14 11:36:12 srv-prod-01 systemd[3279]: cron[42222]: (nagios) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 11 03:24:17 dc-backup-03 kernel[21830]: Connection closed by 10.4.75.253 port 6253 [preauth]
Mar 12 22:59:43 db-master kernel[3339]: Removed session 44944.
Mar 13 12:17:59 db-master systemd[23549]: Removed session 11732.
Mar 10 07:52:02 edge-fw-01 nginx[11336]: auditd[51376]: Audit daemon rotating log files
Mar 14 22:20:13 edge-fw-01 sudo[17358]: Removed session 62818.
Mar 15 17:34:16 edge-fw-01 rsyslogd[20155]: cron[17186]: (jsmith) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 14 15:05:48 srv-prod-01 kernel[29216]: session opened for user deployer
Mar 13 19:04:24 edge-fw-01 NetworkManager[20526]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 21:46:07 db-master nginx[29992]: Removed session 57436.
Mar 12 13:10:29 log-collector nginx[24661]: session opened for user auditor
Mar 10 20:19:53 db-master systemd[17635]: Removed session 34295.
Mar 14 16:58:00 edge-fw-01 sshd[11621]: New session 11611 of user jsmith.
Mar 12 07:03:15 srv-prod-01 cron[19591]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 14 04:08:42 srv-prod-02 nginx[19015]: Connection closed by 10.4.125.209 port 5559 [preauth]
Mar 11 17:48:46 log-collector nginx[7591]: cron[28754]: (nagios) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 13 16:28:07 srv-prod-01 mysqld[8362]: COMMAND=/usr/bin/systemctl restart nginx
Mar 14 07:00:04 srv-prod-01 systemd[21679]: cron[16104]: (root) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 02:32:15 edge-fw-01 systemd[22921]: systemd[1]: Started Session 57361 of user root.
Mar 14 18:30:15 edge-fw-01 systemd[16498]: auditd[62333]: Audit daemon rotating log files
Mar 12 13:26:29 srv-prod-01 cron[24890]: mysqld[29273]: Aborted connection 29273 to db: 'production' user: 'app' host: 'localhost'
Mar 10 07:12:12 srv-prod-02 auditd[15700]: Received disconnect from 10.4.104.187 port 23260:11: Bye Bye
Mar 10 14:51:55 srv-prod-01 sshd[19033]: mysqld[17395]: Aborted connection 17395 to db: 'production' user: 'app' host: 'localhost'
Mar 10 07:10:26 srv-prod-02 auditd[16773]: Connection closed by 10.4.139.215 port 1991 [preauth]
Mar 13 08:59:50 dc-backup-03 auditd[15909]: auditd[1165]: Audit daemon rotating log files
Mar 14 21:45:31 dc-backup-03 systemd[7222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.246.188 user=backup_svc
Mar 10 23:20:03 edge-fw-01 NetworkManager[20142]: session opened for user root
Mar 14 02:54:11 srv-prod-01 systemd[20498]: Accepted publickey for auditor from 10.4.136.41 port 4751
Mar 14 07:37:38 srv-prod-01 auditd[21295]: session opened for user deployer
Mar 12 08:13:42 srv-prod-02 nginx[11295]: cron[35285]: (backup_svc) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 14:20:59 srv-prod-01 sshd[31662]: auditd[43327]: Audit daemon rotating log files
Mar 10 17:13:32 dc-backup-03 cron[5340]: systemd[1]: Started Session 7576 of user deployer.
Mar 13 17:45:19 log-collector NetworkManager[27447]: New session 11362 of user jsmith.
Mar 12 21:06:56 srv-prod-01 cron[9666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.171.210 user=root
Mar 12 19:13:45 log-collector nginx[7671]: FAILED SU (to backup_svc) deployer on /dev/pts/18872
Mar 10 02:40:27 srv-prod-01 sshd[10066]: mysqld[60356]: Aborted connection 60356 to db: 'production' user: 'app' host: 'localhost'
Mar 12 05:47:28 edge-fw-01 NetworkManager[24123]: Received disconnect from 10.4.198.34 port 42777:11: Bye Bye
Mar 15 04:34:02 db-master NetworkManager[13098]: mysqld[62958]: Aborted connection 62958 to db: 'production' user: 'app' host: 'localhost'
Mar 12 11:57:59 srv-prod-01 mysqld[29203]: auditd[3765]: Audit daemon rotating log files
Mar 10 11:49:35 edge-fw-01 rsyslogd[29662]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 11 05:51:51 edge-fw-01 sshd[29882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.40.237 user=backup_svc
Mar 13 21:55:47 dc-backup-03 kernel[9131]: auditd[22794]: Audit daemon rotating log files
Mar 10 15:14:12 edge-fw-01 mysqld[31095]: mysqld[26094]: Aborted connection 26094 to db: 'production' user: 'app' host: 'localhost'
Mar 11 07:01:42 dc-backup-03 nginx[14056]: COMMAND=/usr/bin/systemctl restart nginx
Mar 12 11:41:32 db-master mysqld[23266]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 12 05:37:16 db-master auditd[4552]: session opened for user root
Mar 13 19:32:07 db-master systemd[30474]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 16:59:51 log-collector systemd[23506]: Received disconnect from 10.4.12.182 port 29601:11: Bye Bye
Mar 15 10:39:20 srv-prod-01 nginx[28787]: Removed session 63209.
Mar 12 12:44:18 srv-prod-02 auditd[5170]: Received disconnect from 10.4.80.171 port 27788:11: Bye Bye
Mar 15 05:39:36 db-master sshd[14306]: systemd[1]: Started Session 45412 of user backup_svc.
Mar 14 19:41:20 edge-fw-01 systemd[15476]: Connection closed by 10.4.74.54 port 29197 [preauth]
Mar 15 05:42:05 log-collector rsyslogd[17890]: systemd[1]: Started Session 60083 of user nagios.
Mar 11 21:19:14 srv-prod-02 sshd[7525]: auditd[63414]: Audit daemon rotating log files
Mar 14 02:29:26 db-master systemd[21636]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 13 07:09:41 srv-prod-01 auditd[1181]: cron[33423]: (backup_svc) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 15 16:29:03 srv-prod-01 sudo[9165]: Received disconnect from 10.4.46.206 port 63805:11: Bye Bye
Mar 14 17:38:20 edge-fw-01 rsyslogd[30210]: auditd[44774]: Audit daemon rotating log files
Mar 13 17:28:57 edge-fw-01 sudo[25368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.185.229 user=auditor
Mar 15 08:49:49 log-collector systemd[16879]: Received disconnect from 10.4.193.64 port 56065:11: Bye Bye
Mar 12 07:17:21 db-master cron[30262]: FAILED SU (to bwilliams) deployer on /dev/pts/47786
Mar 15 04:45:13 edge-fw-01 mysqld[14594]: Accepted publickey for jsmith from 10.4.39.60 port 26126
Mar 11 13:24:57 log-collector sshd[20139]: auditd[5104]: Audit daemon rotating log files
Mar 13 15:00:22 edge-fw-01 auditd[25689]: systemd[1]: Started Session 38752 of user auditor.
Mar 14 07:31:14 edge-fw-01 sshd[15281]: systemd[1]: Started Session 36815 of user nagios.
Mar 13 23:10:53 srv-prod-02 rsyslogd[31131]: Connection closed by 10.4.87.172 port 45532 [preauth]
Mar 14 18:42:01 edge-fw-01 kernel[22061]: Accepted publickey for nagios from 10.4.7.233 port 26846
Mar 12 12:20:13 dc-backup-03 auditd[11710]: Connection closed by 10.4.119.47 port 4319 [preauth]
Mar 13 08:53:05 log-collector NetworkManager[1635]: Connection closed by 10.4.193.244 port 55544 [preauth]
Mar 15 02:49:41 srv-prod-01 systemd[25714]: session opened for user root
Mar 11 07:08:30 db-master systemd[4748]: Removed session 41743.
Mar 12 05:38:38 srv-prod-01 kernel[24539]: cron[51283]: (deployer) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 18:43:58 log-collector systemd[13997]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 15 07:06:44 log-collector rsyslogd[10882]: auditd[55456]: Audit daemon rotating log files
Mar 14 01:22:34 dc-backup-03 cron[22676]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 13 15:06:27 edge-fw-01 kernel[21826]: FAILED SU (to nagios) deployer on /dev/pts/1853
Mar 15 08:39:51 edge-fw-01 sudo[18634]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 12 10:54:15 srv-prod-01 nginx[31625]: mysqld[39852]: Aborted connection 39852 to db: 'production' user: 'app' host: 'localhost'
Mar 14 19:42:24 edge-fw-01 mysqld[1940]: FAILED SU (to deployer) deployer on /dev/pts/31479
Mar 12 10:17:56 dc-backup-03 NetworkManager[23976]: New session 24277 of user jsmith.
Mar 10 07:46:26 srv-prod-02 sudo[19192]: Connection closed by 10.4.133.243 port 13545 [preauth]
Mar 10 02:18:14 srv-prod-02 nginx[23668]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 14 16:22:27 dc-backup-03 mysqld[19035]: cron[32039]: (backup_svc) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 07:07:46 srv-prod-01 NetworkManager[11339]: COMMAND=/usr/bin/systemctl restart nginx
Mar 11 23:30:17 db-master rsyslogd[20319]: cron[13576]: (auditor) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 11 09:14:23 srv-prod-01 NetworkManager[10904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.252.26 user=bwilliams
Mar 10 17:18:44 edge-fw-01 cron[21901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.71.12 user=jsmith
Mar 13 15:28:21 dc-backup-03 sudo[2683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.4.147 user=auditor
Mar 13 02:36:40 srv-prod-02 kernel[2756]: Removed session 27284.
Mar 10 07:07:35 db-master rsyslogd[14637]: auditd[20936]: Audit daemon rotating log files
Mar 14 12:28:58 db-master auditd[10743]: Connection closed by 10.4.159.58 port 51859 [preauth]
Mar 14 23:06:48 srv-prod-02 nginx[21496]: COMMAND=/usr/bin/systemctl restart nginx
Mar 11 17:04:10 edge-fw-01 rsyslogd[14386]: session opened for user backup_svc
Mar 12 22:18:44 srv-prod-01 systemd[15877]: mysqld[16194]: Aborted connection 16194 to db: 'production' user: 'app' host: 'localhost'
Mar 14 21:51:59 srv-prod-01 NetworkManager[14930]: COMMAND=/usr/bin/systemctl restart nginx
Mar 12 04:04:03 dc-backup-03 rsyslogd[26972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.166.39 user=jsmith
Mar 12 14:07:29 log-collector auditd[10964]: cron[61395]: (backup_svc) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 13 02:38:02 log-collector mysqld[15156]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 11 21:53:55 srv-prod-01 nginx[20238]: New session 7009 of user nagios.
Mar 11 15:33:41 dc-backup-03 kernel[31017]: Connection closed by 10.4.11.196 port 50586 [preauth]
Mar 13 02:30:22 dc-backup-03 cron[11921]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 15 15:18:42 db-master sshd[27658]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 12 03:49:25 srv-prod-01 NetworkManager[17862]: mysqld[17565]: Aborted connection 17565 to db: 'production' user: 'app' host: 'localhost'
Mar 14 11:39:48 edge-fw-01 sshd[21493]: Connection closed by 10.4.106.14 port 13317 [preauth]
Mar 12 14:56:44 srv-prod-01 rsyslogd[4978]: Connection closed by 10.4.69.141 port 9610 [preauth]
Mar 12 17:00:35 srv-prod-02 cron[4054]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 11 15:59:45 log-collector nginx[17674]: systemd[1]: Started Session 43472 of user deployer.
Mar 13 07:29:35 srv-prod-02 rsyslogd[13569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.214.124 user=deployer
Mar 10 08:49:50 dc-backup-03 NetworkManager[14596]: mysqld[9970]: Aborted connection 9970 to db: 'production' user: 'app' host: 'localhost'
Mar 15 09:53:37 edge-fw-01 kernel[22624]: New session 19560 of user bwilliams.
Mar 12 17:48:34 dc-backup-03 systemd[15920]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 11 13:02:20 log-collector auditd[16498]: cron[26122]: (backup_svc) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 15 04:31:02 db-master mysqld[17459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.254.170 user=deployer
Mar 13 03:33:58 log-collector kernel[1502]: Connection closed by 10.4.26.224 port 56404 [preauth]
Mar 11 02:30:50 db-master auditd[12093]: systemd[1]: Started Session 64591 of user deployer.
Mar 15 17:24:20 edge-fw-01 NetworkManager[24550]: Removed session 22556.
Mar 15 21:58:18 srv-prod-01 auditd[25470]: COMMAND=/usr/bin/systemctl restart nginx
Mar 10 14:10:44 srv-prod-01 sshd[30603]: systemd[1]: Started Session 47154 of user root.
Mar 12 11:27:09 edge-fw-01 rsyslogd[18405]: COMMAND=/usr/bin/systemctl restart nginx
Mar 11 02:39:55 log-collector systemd[21306]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 11 14:40:16 log-collector sshd[9366]: Connection closed by 10.4.234.150 port 10403 [preauth]
Mar 15 17:10:04 dc-backup-03 rsyslogd[31973]: Connection closed by 10.4.120.231 port 19874 [preauth]
Mar 15 08:29:54 edge-fw-01 sudo[7527]: systemd[1]: Started Session 28831 of user bwilliams.
Mar 12 18:18:44 log-collector auditd[1718]: systemd[1]: Started Session 38505 of user root.
Mar 15 23:03:58 edge-fw-01 nginx[25417]: New session 57717 of user bwilliams.
Mar 12 07:40:12 log-collector kernel[9212]: New session 40808 of user auditor.
Mar 15 01:19:50 db-master mysqld[2093]: Connection closed by 10.4.25.232 port 42145 [preauth]
Mar 12 10:47:26 srv-prod-02 NetworkManager[7579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.34.24 user=backup_svc
Mar 12 05:16:58 edge-fw-01 nginx[31939]: mysqld[60890]: Aborted connection 60890 to db: 'production' user: 'app' host: 'localhost'
Mar 10 14:04:09 log-collector auditd[8392]: auditd[53730]: Audit daemon rotating log files
Mar 10 12:00:16 edge-fw-01 mysqld[5049]: Received disconnect from 10.4.206.143 port 24995:11: Bye Bye
Mar 14 12:52:40 log-collector systemd[4550]: FAILED SU (to backup_svc) deployer on /dev/pts/18205
Mar 14 10:58:39 srv-prod-01 sudo[22222]: COMMAND=/usr/bin/systemctl restart nginx
Mar 10 04:02:02 srv-prod-01 cron[17142]: systemd[1]: Started Session 27782 of user backup_svc.
Mar 13 14:23:42 db-master auditd[23822]: cron[9914]: (jsmith) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 13 20:06:53 edge-fw-01 nginx[21173]: Connection closed by 10.4.191.187 port 11150 [preauth]
Mar 13 14:15:54 log-collector mysqld[4255]: FAILED SU (to root) deployer on /dev/pts/15262
Mar 12 01:25:17 edge-fw-01 cron[5002]: COMMAND=/usr/bin/systemctl restart nginx
Mar 14 00:03:50 srv-prod-02 rsyslogd[8981]: FAILED SU (to backup_svc) deployer on /dev/pts/42933
Mar 14 06:37:13 srv-prod-02 mysqld[29498]: mysqld[51169]: Aborted connection 51169 to db: 'production' user: 'app' host: 'localhost'
Mar 14 00:17:54 db-master nginx[5259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.38.202 user=auditor
Mar 10 04:00:22 srv-prod-02 rsyslogd[26835]: auditd[44347]: Audit daemon rotating log files
Mar 10 04:47:26 log-collector cron[4724]: Received disconnect from 10.4.5.45 port 18415:11: Bye Bye
Mar 14 18:06:28 db-master sshd[8259]: Received disconnect from 10.4.115.200 port 24750:11: Bye Bye
Mar 15 16:19:29 srv-prod-01 sudo[2020]: Removed session 57842.
Mar 10 15:45:58 srv-prod-01 mysqld[3408]: Connection closed by 10.4.103.110 port 45988 [preauth]
Mar 12 19:40:37 dc-backup-03 auditd[24335]: Received disconnect from 10.4.38.17 port 9294:11: Bye Bye
Mar 14 19:27:06 srv-prod-01 NetworkManager[23995]: auditd[30758]: Audit daemon rotating log files
Mar 13 07:26:21 edge-fw-01 auditd[15860]: mysqld[29209]: Aborted connection 29209 to db: 'production' user: 'app' host: 'localhost'
Mar 12 21:16:23 edge-fw-01 cron[23505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.25.81 user=backup_svc
Mar 13 03:47:47 srv-prod-02 NetworkManager[27600]: FAILED SU (to root) deployer on /dev/pts/7133
Mar 14 10:42:07 log-collector auditd[12586]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 12 19:19:22 db-master systemd[19937]: Accepted publickey for auditor from 10.4.235.185 port 4395
Mar 10 11:54:35 dc-backup-03 rsyslogd[4764]: FAILED SU (to jsmith) deployer on /dev/pts/15720
Mar 14 19:39:43 srv-prod-01 rsyslogd[19243]: Removed session 56412.
Mar 10 05:17:44 dc-backup-03 mysqld[11124]: auditd[18551]: Audit daemon rotating log files
Mar 14 21:25:04 log-collector sshd[25280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.47.223 user=root
Mar 13 13:29:21 dc-backup-03 mysqld[13125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.192.136 user=root
Mar 10 01:09:10 srv-prod-01 cron[21245]: auditd[40098]: Audit daemon rotating log files
Mar 13 19:28:26 db-master cron[8063]: systemd[1]: Started Session 28812 of user bwilliams.
Mar 15 21:37:31 dc-backup-03 sshd[22860]: Received disconnect from 10.4.111.29 port 19586:11: Bye Bye
Mar 10 00:13:19 srv-prod-02 nginx[26144]: COMMAND=/usr/bin/systemctl restart nginx
Mar 13 23:27:11 db-master systemd[13458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.84.31 user=bwilliams
Mar 12 02:25:55 edge-fw-01 sshd[2386]: cron[44805]: (nagios) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 18:27:36 log-collector auditd[24248]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 12 05:51:39 log-collector mysqld[28263]: Connection closed by 10.4.30.104 port 2390 [preauth]
Mar 11 13:37:25 edge-fw-01 nginx[3577]: Received disconnect from 10.4.112.217 port 7961:11: Bye Bye
Mar 11 02:32:40 db-master systemd[18386]: Accepted publickey for backup_svc from 10.4.87.57 port 22851
Mar 15 04:15:06 srv-prod-02 kernel[9387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.90.90 user=auditor
Mar 15 02:11:49 edge-fw-01 rsyslogd[17191]: Removed session 50775.
Mar 14 20:40:39 log-collector mysqld[29319]: FAILED SU (to auditor) deployer on /dev/pts/45662
Mar 13 20:19:50 srv-prod-01 mysqld[20379]: systemd[1]: Started Session 31755 of user jsmith.
Mar 13 01:03:23 srv-prod-01 cron[10406]: mysqld[31284]: Aborted connection 31284 to db: 'production' user: 'app' host: 'localhost'
Mar 13 18:35:50 srv-prod-01 sudo[30356]: cron[26221]: (nagios) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 19:30:32 edge-fw-01 cron[3027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.147.167 user=auditor
Mar 15 02:32:41 srv-prod-02 sudo[2282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.231.215 user=auditor
Mar 11 11:23:58 edge-fw-01 mysqld[13694]: systemd[1]: Started Session 40988 of user deployer.
Mar 15 20:21:04 db-master auditd[4096]: FAILED SU (to backup_svc) deployer on /dev/pts/52746
Mar 15 19:55:09 db-master kernel[3670]: FAILED SU (to bwilliams) deployer on /dev/pts/56832
Mar 15 21:25:08 srv-prod-01 nginx[24227]: New session 44019 of user bwilliams.
Mar 12 04:42:44 log-collector NetworkManager[25208]: mysqld[52906]: Aborted connection 52906 to db: 'production' user: 'app' host: 'localhost'
Mar 14 11:01:23 srv-prod-02 mysqld[6906]: systemd[1]: Started Session 28772 of user root.
Mar 11 04:04:18 srv-prod-01 NetworkManager[26825]: mysqld[15870]: Aborted connection 15870 to db: 'production' user: 'app' host: 'localhost'
Mar 14 01:42:21 db-master kernel[26110]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 11 22:49:39 srv-prod-02 sudo[30578]: auditd[11657]: Audit daemon rotating log files
Mar 15 07:28:39 log-collector sudo[25654]: systemd[1]: Started Session 45350 of user root.
Mar 13 06:23:43 edge-fw-01 nginx[15437]: New session 21305 of user jsmith.
Mar 13 05:52:12 srv-prod-02 nginx[20813]: auditd[35591]: Audit daemon rotating log files
Mar 12 17:59:06 db-master cron[28718]: cron[58310]: (root) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 14:57:32 edge-fw-01 cron[28231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.22.196 user=bwilliams
Mar 12 00:26:03 dc-backup-03 systemd[17449]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 10:59:06 log-collector mysqld[24419]: mysqld[15739]: Aborted connection 15739 to db: 'production' user: 'app' host: 'localhost'
Mar 12 15:44:53 log-collector sudo[25865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.38.36 user=auditor
Mar 10 00:16:13 db-master rsyslogd[5899]: mysqld[60390]: Aborted connection 60390 to db: 'production' user: 'app' host: 'localhost'
Mar 12 07:19:07 edge-fw-01 rsyslogd[8813]: session opened for user nagios
Mar 13 19:34:01 db-master systemd[17887]: Removed session 55857.
Mar 10 19:22:15 srv-prod-02 cron[14650]: New session 29154 of user backup_svc.
Mar 14 17:32:50 srv-prod-01 auditd[19158]: Received disconnect from 10.4.250.93 port 5459:11: Bye Bye
Mar 13 11:16:47 srv-prod-01 mysqld[12701]: session opened for user auditor
Mar 10 18:47:48 srv-prod-01 mysqld[5371]: FAILED SU (to jsmith) deployer on /dev/pts/42197
Mar 11 21:29:44 srv-prod-02 kernel[21700]: Connection closed by 10.4.87.209 port 43150 [preauth]
Mar 13 01:18:12 srv-prod-02 sshd[26923]: session opened for user root
Mar 13 17:30:16 log-collector systemd[25683]: session opened for user bwilliams
Mar 10 20:21:17 dc-backup-03 auditd[27192]: Accepted publickey for bwilliams from 10.4.92.221 port 52197
Mar 13 10:11:31 dc-backup-03 NetworkManager[17302]: cron[59654]: (deployer) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 13 02:27:38 db-master nginx[6913]: mysqld[48674]: Aborted connection 48674 to db: 'production' user: 'app' host: 'localhost'
Mar 15 09:19:28 edge-fw-01 kernel[24516]: New session 22514 of user bwilliams.
Mar 10 23:55:58 edge-fw-01 nginx[21147]: FAILED SU (to backup_svc) deployer on /dev/pts/30327
Mar 10 02:42:40 db-master kernel[12904]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 15 14:02:08 log-collector mysqld[8733]: Accepted publickey for root from 10.4.37.218 port 40841
Mar 10 19:09:43 dc-backup-03 sudo[13155]: Connection closed by 10.4.99.244 port 38198 [preauth]
Mar 14 11:25:20 srv-prod-02 cron[10132]: Removed session 10047.
Mar 14 12:58:35 dc-backup-03 sudo[9577]: Accepted publickey for root from 10.4.189.48 port 33729
Mar 13 06:07:08 edge-fw-01 kernel[3426]: mysqld[46504]: Aborted connection 46504 to db: 'production' user: 'app' host: 'localhost'
Mar 15 10:42:22 db-master NetworkManager[3127]: cron[54141]: (backup_svc) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 11 22:45:59 srv-prod-02 mysqld[21896]: cron[56818]: (bwilliams) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 11 07:50:31 db-master rsyslogd[12825]: session opened for user nagios
Mar 14 04:39:56 dc-backup-03 auditd[3154]: Accepted publickey for bwilliams from 10.4.120.206 port 65446
Mar 13 13:52:36 dc-backup-03 cron[5106]: Accepted publickey for backup_svc from 10.4.185.123 port 35475
Mar 12 04:56:53 log-collector rsyslogd[19065]: auditd[34929]: Audit daemon rotating log files
Mar 13 16:58:55 srv-prod-01 NetworkManager[28243]: session opened for user jsmith
Mar 12 22:14:22 dc-backup-03 cron[30324]: Received disconnect from 10.4.78.43 port 11638:11: Bye Bye
Mar 14 08:08:40 db-master cron[21133]: systemd[1]: Started Session 63699 of user bwilliams.
Mar 14 04:10:42 db-master mysqld[24613]: New session 39808 of user nagios.
Mar 10 02:02:41 dc-backup-03 systemd[19899]: auditd[3723]: Audit daemon rotating log files
Mar 15 00:31:56 dc-backup-03 nginx[18877]: Removed session 41532.
Mar 15 12:19:29 srv-prod-01 kernel[23564]: Accepted publickey for deployer from 10.4.63.207 port 53934
Mar 11 10:38:09 log-collector mysqld[29229]: FAILED SU (to deployer) deployer on /dev/pts/31461
Mar 13 04:48:23 srv-prod-01 mysqld[19404]: Received disconnect from 10.4.253.221 port 23658:11: Bye Bye
Mar 13 07:09:06 edge-fw-01 rsyslogd[10509]: session opened for user jsmith
Mar 11 10:59:36 srv-prod-02 kernel[11247]: cron[57732]: (deployer) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 15:01:05 edge-fw-01 systemd[17562]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 09:31:38 log-collector sudo[28618]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 10 13:08:56 dc-backup-03 auditd[24838]: systemd[1]: Started Session 56544 of user bwilliams.
Mar 14 17:12:23 srv-prod-01 auditd[10456]: Received disconnect from 10.4.12.103 port 4376:11: Bye Bye
Mar 12 19:43:39 srv-prod-01 auditd[5216]: Accepted publickey for nagios from 10.4.116.196 port 37059
Mar 14 11:48:09 db-master auditd[20741]: COMMAND=/usr/bin/systemctl restart nginx
Mar 11 22:21:51 edge-fw-01 kernel[18017]: Connection closed by 10.4.11.12 port 3574 [preauth]
Mar 12 19:20:10 log-collector nginx[21201]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 14 17:31:45 edge-fw-01 sshd[10823]: New session 55306 of user nagios.
Mar 13 18:19:50 log-collector sshd[24767]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 15 18:36:14 db-master sudo[2682]: cron[64401]: (nagios) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 14 12:09:52 srv-prod-01 rsyslogd[8936]: Removed session 48287.
Mar 13 10:26:09 srv-prod-02 auditd[23626]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 13 23:46:03 db-master systemd[5524]: cron[61351]: (nagios) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 14 12:20:11 db-master mysqld[30888]: Connecti