Mar 15 21:41:51 db-master sudo[9662]: cron[51617]: (nagios) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 14 09:14:19 log-collector systemd[10470]: auditd[19308]: Audit daemon rotating log files
Mar 13 11:35:59 log-collector nginx[27063]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 14 12:57:25 srv-prod-02 nginx[12309]: mysqld[45367]: Aborted connection 45367 to db: 'production' user: 'app' host: 'localhost'
Mar 10 11:59:28 log-collector sudo[9403]: Removed session 47825.
Mar 12 17:44:17 db-master rsyslogd[4579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.52.212 user=jsmith
Mar 14 07:40:14 edge-fw-01 mysqld[4283]: session opened for user jsmith
Mar 11 00:35:59 log-collector sudo[14333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.121.26 user=backup_svc
Mar 12 10:18:41 srv-prod-01 rsyslogd[30751]: session opened for user deployer
Mar 10 05:26:56 srv-prod-01 auditd[6760]: mysqld[48414]: Aborted connection 48414 to db: 'production' user: 'app' host: 'localhost'
Mar 15 09:56:02 db-master rsyslogd[10777]: session opened for user auditor
Mar 12 14:41:34 srv-prod-02 NetworkManager[17184]: Received disconnect from 10.4.238.252 port 22981:11: Bye Bye
Mar 10 10:10:46 dc-backup-03 kernel[22243]: Connection closed by 10.4.70.50 port 54030 [preauth]
Mar 12 18:43:48 db-master auditd[6750]: COMMAND=/usr/bin/systemctl restart nginx
Mar 10 12:42:06 edge-fw-01 mysqld[5607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.110.132 user=auditor
Mar 11 14:48:17 db-master rsyslogd[10894]: FAILED SU (to jsmith) deployer on /dev/pts/26161
Mar 15 07:03:42 dc-backup-03 kernel[16250]: Accepted publickey for root from 10.4.67.168 port 24587
Mar 15 09:44:07 dc-backup-03 mysqld[31019]: Removed session 61520.
Mar 11 15:09:29 dc-backup-03 auditd[20848]: cron[63765]: (nagios) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 14 21:52:13 log-collector rsyslogd[9108]: auditd[31880]: Audit daemon rotating log files
Mar 13 16:45:23 db-master cron[31056]: Accepted publickey for auditor from 10.4.202.21 port 35463
Mar 14 06:36:34 dc-backup-03 NetworkManager[6391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.213.141 user=root
Mar 15 18:31:05 edge-fw-01 sshd[17723]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 13 18:03:35 dc-backup-03 sshd[23045]: Connection closed by 10.4.34.132 port 28249 [preauth]
Mar 15 06:37:04 dc-backup-03 cron[14883]: session opened for user deployer
Mar 10 15:02:18 srv-prod-02 auditd[6897]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 13 12:05:43 db-master kernel[29657]: Removed session 30419.
Mar 11 17:25:33 srv-prod-02 sshd[24850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.221.90 user=backup_svc
Mar 13 21:46:34 edge-fw-01 systemd[18430]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 12 06:59:56 srv-prod-01 sshd[26083]: cron[11190]: (jsmith) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 10 07:13:04 srv-prod-01 sudo[20462]: Accepted publickey for auditor from 10.4.170.108 port 41323
Mar 10 07:47:02 srv-prod-02 NetworkManager[15383]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 04:32:18 log-collector rsyslogd[27731]: COMMAND=/usr/bin/systemctl restart nginx
Mar 15 10:15:19 log-collector NetworkManager[5694]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 10 17:37:56 srv-prod-02 auditd[30870]: cron[19056]: (jsmith) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 20:42:24 dc-backup-03 auditd[18185]: auditd[64744]: Audit daemon rotating log files
Mar 11 17:30:15 dc-backup-03 kernel[8384]: mysqld[25695]: Aborted connection 25695 to db: 'production' user: 'app' host: 'localhost'
Mar 14 13:26:35 edge-fw-01 systemd[5393]: Received disconnect from 10.4.119.235 port 4800:11: Bye Bye
Mar 10 14:54:23 log-collector systemd[18551]: Accepted publickey for bwilliams from 10.4.53.85 port 43406
Mar 14 19:02:55 db-master NetworkManager[7165]: Accepted publickey for root from 10.4.69.97 port 45173
Mar 12 09:58:00 srv-prod-02 cron[31708]: COMMAND=/usr/bin/systemctl restart nginx
Mar 11 22:38:45 srv-prod-02 NetworkManager[13996]: COMMAND=/usr/bin/systemctl restart nginx
Mar 13 17:41:22 dc-backup-03 NetworkManager[9570]: systemd[1]: Started Session 25971 of user bwilliams.
Mar 15 15:48:53 srv-prod-02 mysqld[30960]: FAILED SU (to deployer) deployer on /dev/pts/53637
Mar 11 23:09:01 db-master rsyslogd[19130]: systemd[1]: Started Session 37889 of user bwilliams.
Mar 11 10:14:24 srv-prod-02 sudo[28307]: New session 11012 of user backup_svc.
Mar 12 08:48:52 log-collector sudo[24709]: Connection closed by 10.4.168.242 port 45906 [preauth]
Mar 12 05:08:46 srv-prod-02 NetworkManager[17001]: Received disconnect from 10.4.44.188 port 53123:11: Bye Bye
Mar 10 02:52:42 srv-prod-01 auditd[26045]: session opened for user backup_svc
Mar 10 22:09:00 edge-fw-01 mysqld[17571]: COMMAND=/usr/bin/systemctl restart nginx
Mar 14 15:42:31 db-master NetworkManager[1216]: session opened for user root
Mar 15 08:34:18 log-collector auditd[17456]: session opened for user deployer
Mar 10 03:33:09 db-master NetworkManager[7289]: COMMAND=/usr/bin/systemctl restart nginx
Mar 13 02:23:25 srv-prod-02 systemd[19513]: Connection closed by 10.4.209.91 port 18543 [preauth]
Mar 10 20:54:41 srv-prod-01 auditd[2038]: auditd[56589]: Audit daemon rotating log files
Mar 10 20:00:44 edge-fw-01 auditd[3709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.97.142 user=deployer
Mar 10 16:58:02 log-collector rsyslogd[7927]: COMMAND=/usr/bin/systemctl restart nginx
Mar 10 21:59:17 db-master sshd[18794]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 10 06:37:09 log-collector auditd[27892]: auditd[21634]: Audit daemon rotating log files
Mar 11 18:53:54 db-master mysqld[23185]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 15 23:05:32 srv-prod-01 cron[12333]: cron[10195]: (deployer) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 19:49:39 dc-backup-03 sshd[13999]: New session 6005 of user deployer.
Mar 13 07:22:35 srv-prod-02 rsyslogd[15150]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 14 09:51:15 srv-prod-01 nginx[3408]: cron[51628]: (backup_svc) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 15 04:47:24 srv-prod-01 cron[12819]: FAILED SU (to jsmith) deployer on /dev/pts/52397
Mar 12 08:06:08 edge-fw-01 sudo[7140]: Accepted publickey for root from 10.4.242.79 port 30170
Mar 10 00:05:22 db-master rsyslogd[4049]: Received disconnect from 10.4.143.132 port 27765:11: Bye Bye
Mar 10 09:26:24 log-collector NetworkManager[3775]: auditd[26270]: Audit daemon rotating log files
Mar 15 12:10:08 dc-backup-03 sudo[10867]: systemd[1]: Started Session 12137 of user jsmith.
Mar 12 13:19:30 dc-backup-03 nginx[3520]: auditd[29510]: Audit daemon rotating log files
Mar 14 19:12:29 dc-backup-03 sshd[5439]: Accepted publickey for jsmith from 10.4.185.161 port 33516
Mar 13 10:28:21 log-collector rsyslogd[27721]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 15 06:30:20 dc-backup-03 nginx[14049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.77.83 user=jsmith
Mar 14 07:20:24 edge-fw-01 mysqld[27754]: systemd[1]: Started Session 33202 of user backup_svc.
Mar 14 17:11:43 srv-prod-01 sudo[19025]: auditd[14118]: Audit daemon rotating log files
Mar 12 22:04:52 edge-fw-01 sudo[27072]: mysqld[53301]: Aborted connection 53301 to db: 'production' user: 'app' host: 'localhost'
Mar 12 21:09:45 edge-fw-01 cron[26856]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 14 12:34:32 log-collector auditd[31159]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 12 22:57:51 log-collector cron[20458]: Received disconnect from 10.4.10.203 port 64490:11: Bye Bye
Mar 15 11:10:41 db-master auditd[2451]: New session 44120 of user root.
Mar 13 03:00:06 db-master NetworkManager[8274]: systemd[1]: Started Session 53205 of user auditor.
Mar 11 14:23:25 log-collector rsyslogd[26308]: Connection closed by 10.4.149.177 port 38722 [preauth]
Mar 10 15:06:18 srv-prod-01 cron[31164]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 12 09:21:29 db-master sudo[7778]: auditd[10308]: Audit daemon rotating log files
Mar 15 22:28:20 srv-prod-01 cron[10839]: Accepted publickey for bwilliams from 10.4.122.25 port 29739
Mar 10 21:51:10 srv-prod-02 NetworkManager[25264]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 14 13:29:14 log-collector kernel[14272]: auditd[22715]: Audit daemon rotating log files
Mar 13 00:47:39 edge-fw-01 rsyslogd[7465]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 11 06:17:48 srv-prod-01 rsyslogd[27500]: cron[47209]: (deployer) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 11 11:20:12 dc-backup-03 sudo[4734]: Connection closed by 10.4.205.224 port 36209 [preauth]
Mar 14 12:39:25 dc-backup-03 mysqld[4743]: New session 21563 of user nagios.
Mar 15 22:51:19 db-master cron[21135]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 11 09:07:11 srv-prod-02 NetworkManager[23722]: FAILED SU (to backup_svc) deployer on /dev/pts/8748
Mar 14 12:27:11 db-master kernel[21824]: Connection closed by 10.4.108.153 port 10059 [preauth]
Mar 11 05:20:53 srv-prod-01 mysqld[21296]: Connection closed by 10.4.43.126 port 19953 [preauth]
Mar 13 17:32:41 log-collector sudo[14406]: Connection closed by 10.4.125.35 port 13811 [preauth]
Mar 13 05:05:36 srv-prod-02 nginx[27079]: session opened for user deployer
Mar 12 05:49:29 edge-fw-01 NetworkManager[25330]: New session 36256 of user root.
Mar 12 17:52:23 srv-prod-01 sudo[27955]: Received disconnect from 10.4.29.147 port 8508:11: Bye Bye
Mar 10 23:53:41 dc-backup-03 sshd[9111]: auditd[28886]: Audit daemon rotating log files
Mar 10 14:55:07 srv-prod-02 systemd[27603]: auditd[57529]: Audit daemon rotating log files
Mar 12 22:39:40 db-master kernel[6438]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 18:22:34 db-master kernel[20557]: systemd[1]: Started Session 14586 of user auditor.
Mar 12 18:17:54 log-collector cron[30496]: Received disconnect from 10.4.251.181 port 20202:11: Bye Bye
Mar 13 01:17:55 log-collector kernel[5157]: Removed session 52515.
Mar 11 21:25:31 log-collector nginx[19921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.38.183 user=jsmith
Mar 10 20:50:56 edge-fw-01 NetworkManager[4050]: auditd[30645]: Audit daemon rotating log files
Mar 12 14:31:20 log-collector cron[1081]: New session 62387 of user backup_svc.
Mar 15 22:22:54 db-master auditd[27072]: Accepted publickey for backup_svc from 10.4.249.118 port 42628
Mar 11 15:17:20 dc-backup-03 NetworkManager[10292]: mysqld[55081]: Aborted connection 55081 to db: 'production' user: 'app' host: 'localhost'
Mar 13 10:57:43 srv-prod-01 cron[2586]: auditd[56888]: Audit daemon rotating log files
Mar 10 03:59:54 edge-fw-01 sshd[15460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.201.215 user=backup_svc
Mar 11 20:19:10 dc-backup-03 cron[31563]: mysqld[60622]: Aborted connection 60622 to db: 'production' user: 'app' host: 'localhost'
Mar 12 21:57:41 edge-fw-01 nginx[2696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.93.65 user=backup_svc
Mar 13 20:05:45 srv-prod-02 sudo[1035]: Accepted publickey for backup_svc from 10.4.180.194 port 16368
Mar 14 21:28:00 dc-backup-03 cron[23793]: session opened for user root
Mar 13 02:14:24 srv-prod-01 cron[24945]: Accepted publickey for auditor from 10.4.109.178 port 9686
Mar 11 12:49:52 srv-prod-02 kernel[29655]: auditd[20635]: Audit daemon rotating log files
Mar 14 20:10:28 srv-prod-02 kernel[24672]: FAILED SU (to root) deployer on /dev/pts/1579
Mar 11 02:57:06 srv-prod-01 rsyslogd[25656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.158.176 user=deployer
Mar 13 10:50:08 log-collector cron[10075]: COMMAND=/usr/bin/systemctl restart nginx
Mar 15 19:18:49 log-collector nginx[1878]: cron[40346]: (jsmith) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 11 23:25:18 srv-prod-02 sudo[2788]: Removed session 34416.
Mar 15 19:04:33 dc-backup-03 mysqld[1395]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 14 13:23:34 edge-fw-01 cron[6661]: Removed session 56006.
Mar 12 06:02:59 edge-fw-01 NetworkManager[26863]: session opened for user root
Mar 13 13:44:25 db-master NetworkManager[21989]: Accepted publickey for bwilliams from 10.4.161.183 port 33860
Mar 12 02:32:58 srv-prod-02 NetworkManager[27478]: COMMAND=/usr/bin/systemctl restart nginx
Mar 15 21:41:04 edge-fw-01 systemd[23894]: systemd[1]: Started Session 42593 of user bwilliams.
Mar 13 03:29:39 dc-backup-03 kernel[2803]: New session 61620 of user root.
Mar 15 00:10:31 db-master nginx[18137]: FAILED SU (to root) deployer on /dev/pts/10016
Mar 12 23:56:07 srv-prod-01 mysqld[30487]: auditd[50161]: Audit daemon rotating log files
Mar 10 08:45:36 edge-fw-01 sudo[3525]: Removed session 35355.
Mar 14 05:23:10 srv-prod-01 rsyslogd[26340]: systemd[1]: Started Session 33766 of user nagios.
Mar 15 16:00:02 srv-prod-01 systemd[29276]: mysqld[15992]: Aborted connection 15992 to db: 'production' user: 'app' host: 'localhost'
Mar 11 05:59:54 log-collector auditd[19116]: session opened for user root
Mar 15 10:17:52 dc-backup-03 cron[19728]: Accepted publickey for jsmith from 10.4.83.64 port 28303
Mar 11 07:51:33 srv-prod-01 sudo[14137]: session opened for user nagios
Mar 12 10:05:35 dc-backup-03 systemd[1261]: Connection closed by 10.4.73.199 port 56391 [preauth]
Mar 15 19:15:29 edge-fw-01 systemd[20388]: FAILED SU (to bwilliams) deployer on /dev/pts/20941
Mar 11 04:00:59 srv-prod-02 NetworkManager[1783]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 10:00:48 log-collector nginx[13329]: Removed session 46470.
Mar 11 13:31:03 dc-backup-03 cron[24319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.53.136 user=root
Mar 14 13:44:57 log-collector cron[16022]: FAILED SU (to root) deployer on /dev/pts/59828
Mar 15 12:04:37 edge-fw-01 kernel[3040]: New session 9773 of user nagios.
Mar 12 12:44:53 dc-backup-03 sudo[11690]: cron[56789]: (jsmith) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 11 04:49:49 srv-prod-02 cron[4570]: New session 62860 of user bwilliams.
Mar 13 03:34:22 edge-fw-01 nginx[7803]: auditd[21604]: Audit daemon rotating log files
Mar 10 05:51:43 log-collector rsyslogd[28079]: systemd[1]: Started Session 8882 of user deployer.
Mar 12 04:05:45 edge-fw-01 NetworkManager[12656]: COMMAND=/usr/bin/systemctl restart nginx
Mar 11 00:25:54 log-collector NetworkManager[19217]: Connection closed by 10.4.174.77 port 18074 [preauth]
Mar 11 03:00:03 srv-prod-02 kernel[26590]: mysqld[7702]: Aborted connection 7702 to db: 'production' user: 'app' host: 'localhost'
Mar 15 20:41:05 dc-backup-03 cron[20205]: New session 25419 of user jsmith.
Mar 15 14:51:08 dc-backup-03 cron[30657]: Accepted publickey for root from 10.4.17.51 port 60169
Mar 11 18:27:52 edge-fw-01 sshd[13943]: cron[4342]: (root) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 06:58:11 edge-fw-01 kernel[10170]: systemd[1]: Started Session 12349 of user deployer.
Mar 11 20:18:31 db-master sudo[29926]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 11 13:12:41 db-master systemd[27122]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 10 12:50:45 db-master sudo[16718]: FAILED SU (to backup_svc) deployer on /dev/pts/53115
Mar 12 12:17:11 db-master systemd[11448]: session opened for user bwilliams
Mar 12 01:51:30 db-master systemd[12712]: Received disconnect from 10.4.230.208 port 52046:11: Bye Bye
Mar 11 08:34:52 log-collector sshd[31056]: auditd[44072]: Audit daemon rotating log files
Mar 13 11:59:53 srv-prod-02 systemd[6692]: mysqld[38752]: Aborted connection 38752 to db: 'production' user: 'app' host: 'localhost'
Mar 15 11:58:37 log-collector mysqld[24050]: session opened for user nagios
Mar 11 15:34:19 srv-prod-01 cron[17070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.145.37 user=nagios
Mar 10 16:30:00 db-master systemd[31077]: FAILED SU (to root) deployer on /dev/pts/15363
Mar 11 10:03:01 log-collector kernel[20222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.34.88 user=auditor
Mar 12 02:23:45 db-master cron[13962]: Removed session 35515.
Mar 11 23:27:50 log-collector mysqld[16964]: Removed session 9966.
Mar 15 19:50:22 db-master kernel[22808]: COMMAND=/usr/bin/systemctl restart nginx
Mar 12 04:11:46 db-master auditd[24003]: session opened for user deployer
Mar 10 05:38:20 db-master systemd[27502]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 13 04:21:47 dc-backup-03 mysqld[8798]: Accepted publickey for backup_svc from 10.4.145.27 port 62410
Mar 10 22:42:40 dc-backup-03 sudo[30053]: cron[64140]: (jsmith) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 15 02:22:16 log-collector sshd[4540]: auditd[17377]: Audit daemon rotating log files
Mar 13 05:56:26 edge-fw-01 mysqld[29893]: Connection closed by 10.4.99.113 port 49034 [preauth]
Mar 13 18:41:48 srv-prod-02 sudo[8391]: Removed session 55340.
Mar 12 00:20:16 dc-backup-03 kernel[3431]: Accepted publickey for root from 10.4.205.217 port 3213
Mar 14 02:21:38 edge-fw-01 sshd[30269]: New session 5939 of user deployer.
Mar 14 13:10:03 srv-prod-02 systemd[11849]: Accepted publickey for deployer from 10.4.242.168 port 11837
Mar 15 17:16:42 srv-prod-02 cron[10745]: systemd[1]: Started Session 48343 of user deployer.
Mar 13 04:03:23 srv-prod-01 nginx[15011]: session opened for user root
Mar 13 06:06:01 log-collector nginx[6597]: COMMAND=/usr/bin/systemctl restart nginx
Mar 12 12:30:31 dc-backup-03 cron[22660]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 12 12:23:11 dc-backup-03 sudo[2462]: Connection closed by 10.4.140.100 port 13140 [preauth]
Mar 12 18:03:09 log-collector cron[23821]: auditd[55882]: Audit daemon rotating log files
Mar 14 13:48:37 srv-prod-01 auditd[19140]: COMMAND=/usr/bin/systemctl restart nginx
Mar 14 21:55:59 srv-prod-02 sudo[19766]: Connection closed by 10.4.134.108 port 64307 [preauth]
Mar 15 01:32:36 db-master rsyslogd[17935]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 13 05:10:13 srv-prod-02 sshd[7315]: auditd[50647]: Audit daemon rotating log files
Mar 13 06:52:40 db-master nginx[28332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.21.253 user=deployer
Mar 10 02:24:35 dc-backup-03 nginx[19089]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 22:39:37 edge-fw-01 cron[26614]: Received disconnect from 10.4.118.235 port 58267:11: Bye Bye
Mar 14 18:48:06 db-master cron[4461]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 12 13:16:24 db-master rsyslogd[16911]: Removed session 36127.
Mar 13 04:39:38 edge-fw-01 sshd[23729]: Removed session 19073.
Mar 15 07:03:47 dc-backup-03 mysqld[31173]: Connection closed by 10.4.228.226 port 22748 [preauth]
Mar 12 09:17:53 log-collector cron[29122]: Connection closed by 10.4.87.210 port 53036 [preauth]
Mar 15 14:49:52 log-collector auditd[9828]: FAILED SU (to auditor) deployer on /dev/pts/20716
Mar 13 06:58:52 edge-fw-01 NetworkManager[25279]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 14 05:04:19 edge-fw-01 kernel[17606]: cron[4707]: (auditor) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 14 00:11:12 srv-prod-02 sshd[28293]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 12 22:12:17 edge-fw-01 NetworkManager[27984]: FAILED SU (to jsmith) deployer on /dev/pts/4337
Mar 15 00:15:23 edge-fw-01 kernel[20465]: Connection closed by 10.4.163.237 port 9142 [preauth]
Mar 12 11:10:53 log-collector cron[9475]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 11 18:49:13 log-collector systemd[8253]: mysqld[4277]: Aborted connection 4277 to db: 'production' user: 'app' host: 'localhost'
Mar 13 16:01:55 log-collector sshd[26151]: auditd[43726]: Audit daemon rotating log files
Mar 11 19:51:00 db-master nginx[9270]: COMMAND=/usr/bin/systemctl restart nginx
Mar 12 13:57:24 edge-fw-01 nginx[12426]: mysqld[43146]: Aborted connection 43146 to db: 'production' user: 'app' host: 'localhost'
Mar 14 19:25:37 db-master mysqld[1240]: Accepted publickey for jsmith from 10.4.120.78 port 45404
Mar 12 09:43:06 dc-backup-03 nginx[3091]: Connection closed by 10.4.166.153 port 40938 [preauth]
Mar 12 20:45:57 srv-prod-02 kernel[10790]: Removed session 19169.
Mar 10 19:25:42 srv-prod-02 sshd[23307]: FAILED SU (to nagios) deployer on /dev/pts/59985
Mar 13 12:24:47 log-collector rsyslogd[20104]: session opened for user backup_svc
Mar 15 07:43:34 edge-fw-01 mysqld[26719]: Removed session 48639.
Mar 15 17:11:18 srv-prod-02 nginx[16426]: Accepted publickey for nagios from 10.4.77.217 port 12164
Mar 11 21:57:21 srv-prod-02 mysqld[3926]: Removed session 51022.
Mar 13 10:23:16 edge-fw-01 cron[10635]: New session 21149 of user jsmith.
Mar 14 18:39:04 srv-prod-02 NetworkManager[30144]: Connection closed by 10.4.14.222 port 42599 [preauth]
Mar 14 09:26:03 srv-prod-02 kernel[28991]: mysqld[26037]: Aborted connection 26037 to db: 'production' user: 'app' host: 'localhost'
Mar 13 04:20:55 srv-prod-01 sudo[6909]: cron[38340]: (jsmith) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 20:03:00 srv-prod-02 kernel[9962]: Connection closed by 10.4.162.253 port 12612 [preauth]
Mar 10 04:39:27 edge-fw-01 auditd[15070]: Removed session 33108.
Mar 14 06:46:23 dc-backup-03 NetworkManager[30229]: session opened for user deployer
Mar 15 23:15:14 dc-backup-03 nginx[29737]: cron[1294]: (jsmith) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 14 09:10:04 dc-backup-03 nginx[2498]: mysqld[34010]: Aborted connection 34010 to db: 'production' user: 'app' host: 'localhost'
Mar 14 10:27:56 dc-backup-03 sudo[5384]: Removed session 40107.
Mar 13 00:14:14 srv-prod-02 sshd[5299]: cron[11829]: (bwilliams) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 22:41:50 log-collector nginx[13294]: session opened for user nagios
Mar 14 01:42:06 srv-prod-01 sshd[28397]: Removed session 4208.
Mar 13 03:35:16 srv-prod-02 systemd[23998]: Connection closed by 10.4.30.107 port 30142 [preauth]
Mar 12 13:42:06 dc-backup-03 rsyslogd[18049]: Removed session 1633.
Mar 10 16:46:39 srv-prod-01 cron[10263]: Accepted publickey for nagios from 10.4.180.36 port 28472
Mar 12 16:12:22 dc-backup-03 kernel[14426]: cron[14114]: (deployer) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 11 22:59:30 srv-prod-01 sshd[8684]: FAILED SU (to root) deployer on /dev/pts/60685
Mar 14 21:31:09 db-master cron[26543]: Accepted publickey for backup_svc from 10.4.23.233 port 8261
Mar 12 20:14:29 edge-fw-01 sshd[9654]: systemd[1]: Started Session 60319 of user backup_svc.
Mar 10 09:23:51 edge-fw-01 cron[11246]: Removed session 58311.
Mar 10 00:54:08 srv-prod-02 mysqld[22207]: Removed session 59370.
Mar 14 08:56:46 dc-backup-03 kernel[13210]: Accepted publickey for bwilliams from 10.4.229.113 port 63616
Mar 13 08:53:24 edge-fw-01 auditd[28874]: cron[64089]: (root) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 10 04:44:46 srv-prod-02 cron[31882]: session opened for user backup_svc
Mar 14 21:28:11 dc-backup-03 rsyslogd[13443]: New session 32656 of user deployer.
Mar 15 04:30:58 edge-fw-01 sudo[4700]: Connection closed by 10.4.221.176 port 58692 [preauth]
Mar 12 00:45:55 log-collector rsyslogd[18197]: Removed session 43948.
Mar 15 10:33:33 db-master cron[23956]: cron[65111]: (backup_svc) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 13 11:42:43 srv-prod-02 NetworkManager[13611]: Removed session 17314.
Mar 11 16:54:30 srv-prod-02 cron[17247]: mysqld[43189]: Aborted connection 43189 to db: 'production' user: 'app' host: 'localhost'
Mar 12 08:03:32 log-collector auditd[19038]: COMMAND=/usr/bin/systemctl restart nginx
Mar 13 14:51:36 edge-fw-01 sudo[3884]: Connection closed by 10.4.210.61 port 6190 [preauth]
Mar 15 20:01:06 srv-prod-01 NetworkManager[14511]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 14 19:40:19 db-master systemd[17657]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 12 11:52:03 edge-fw-01 mysqld[8304]: mysqld[63306]: Aborted connection 63306 to db: 'production' user: 'app' host: 'localhost'
Mar 13 22:42:23 srv-prod-01 cron[15828]: cron[40342]: (nagios) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 11:53:40 db-master NetworkManager[10567]: auditd[1167]: Audit daemon rotating log files
Mar 11 15:08:52 log-collector auditd[25330]: cron[4024]: (bwilliams) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 11 03:59:54 edge-fw-01 systemd[8064]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 13 01:59:40 db-master cron[23024]: mysqld[50644]: Aborted connection 50644 to db: 'production' user: 'app' host: 'localhost'
Mar 15 18:32:08 db-master sshd[1142]: Connection closed by 10.4.229.116 port 30999 [preauth]
Mar 14 15:59:32 srv-prod-02 rsyslogd[31184]: auditd[55996]: Audit daemon rotating log files
Mar 10 12:42:38 dc-backup-03 NetworkManager[29924]: New session 9437 of user jsmith.
Mar 15 07:17:25 edge-fw-01 kernel[10639]: FAILED SU (to deployer) deployer on /dev/pts/40935
Mar 15 16:19:53 dc-backup-03 NetworkManager[18950]: cron[46900]: (jsmith) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 14 22:18:43 log-collector kernel[31185]: FAILED SU (to backup_svc) deployer on /dev/pts/14767
Mar 11 16:34:44 log-collector cron[11563]: Removed session 63828.
Mar 14 18:42:45 log-collector NetworkManager[23093]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 16:06:01 srv-prod-01 sshd[5762]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 11 09:43:16 srv-prod-01 nginx[28504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.69.193 user=jsmith
Mar 12 14:06:39 log-collector NetworkManager[23135]: mysqld[3141]: Aborted connection 3141 to db: 'production' user: 'app' host: 'localhost'
Mar 14 12:15:32 log-collector nginx[27110]: auditd[43433]: Audit daemon rotating log files
Mar 13 12:26:50 db-master sshd[11245]: Removed session 61742.
Mar 14 14:53:14 log-collector mysqld[21767]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 14 06:49:46 edge-fw-01 kernel[10639]: COMMAND=/usr/bin/systemctl restart nginx
Mar 11 23:32:07 edge-fw-01 nginx[2331]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 14 08:00:21 srv-prod-02 sshd[24255]: Connection closed by 10.4.68.34 port 11570 [preauth]
Mar 10 20:39:53 edge-fw-01 rsyslogd[10868]: Removed session 40141.
Mar 15 10:33:14 srv-prod-01 NetworkManager[18059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.92.19 user=nagios
Mar 13 02:22:14 log-collector mysqld[7991]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 14 16:30:35 log-collector sshd[25645]: mysqld[15340]: Aborted connection 15340 to db: 'production' user: 'app' host: 'localhost'
Mar 11 20:39:58 srv-prod-01 mysqld[8989]: New session 30231 of user root.
Mar 10 12:16:34 srv-prod-01 NetworkManager[10267]: cron[62954]: (deployer) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 14 14:31:02 log-collector systemd[30434]: systemd[1]: Started Session 34729 of user auditor.
Mar 10 05:49:34 log-collector cron[1240]: Received disconnect from 10.4.132.22 port 63166:11: Bye Bye
Mar 11 21:27:53 db-master auditd[7736]: Accepted publickey for jsmith from 10.4.172.162 port 51721
Mar 15 21:09:01 dc-backup-03 sshd[24490]: Connection closed by 10.4.210.241 port 5750 [preauth]
Mar 12 17:04:36 dc-backup-03 auditd[8459]: mysqld[12688]: Aborted connection 12688 to db: 'production' user: 'app' host: 'localhost'
Mar 13 10:01:24 db-master sshd[4876]: Removed session 27529.
Mar 15 18:02:44 dc-backup-03 NetworkManager[3378]: mysqld[5168]: Aborted connection 5168 to db: 'production' user: 'app' host: 'localhost'
Mar 12 19:05:18 edge-fw-01 auditd[31365]: auditd[45973]: Audit daemon rotating log files
Mar 13 05:34:14 edge-fw-01 NetworkManager[25469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.211.170 user=deployer
Mar 12 21:56:58 log-collector mysqld[29414]: auditd[10466]: Audit daemon rotating log files
Mar 11 03:02:00 edge-fw-01 NetworkManager[20551]: New session 37401 of user root.
Mar 11 23:47:57 srv-prod-02 auditd[12267]: cron[20992]: (nagios) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 11 05:14:39 srv-prod-02 cron[9281]: mysqld[10359]: Aborted connection 10359 to db: 'production' user: 'app' host: 'localhost'
Mar 10 17:29:41 dc-backup-03 cron[3396]: Received disconnect from 10.4.172.205 port 38202:11: Bye Bye
Mar 14 15:21:22 log-collector systemd[22997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=