Mar 13 17:25:00 dc-backup-03 sudo[7190]: Accepted publickey for root from 10.4.65.32 port 64365
Mar 14 08:32:36 dc-backup-03 sshd[7527]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 14 03:30:27 srv-prod-01 kernel[11261]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 01:54:04 db-master NetworkManager[4521]: systemd[1]: Started Session 50839 of user jsmith.
Mar 15 21:27:13 log-collector rsyslogd[30206]: session opened for user bwilliams
Mar 14 23:17:18 srv-prod-02 systemd[8886]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 12 17:22:53 srv-prod-01 NetworkManager[5971]: COMMAND=/usr/bin/systemctl restart nginx
Mar 11 12:13:34 srv-prod-02 cron[1571]: New session 15433 of user nagios.
Mar 12 15:07:06 edge-fw-01 systemd[28701]: COMMAND=/usr/bin/systemctl restart nginx
Mar 11 07:17:06 log-collector nginx[8824]: session opened for user jsmith
Mar 13 14:13:14 srv-prod-01 auditd[28763]: Accepted publickey for deployer from 10.4.149.221 port 40327
Mar 15 12:54:39 srv-prod-01 NetworkManager[13457]: auditd[10879]: Audit daemon rotating log files
Mar 15 15:27:50 dc-backup-03 mysqld[18168]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 13 14:38:13 log-collector cron[5735]: FAILED SU (to root) deployer on /dev/pts/41370
Mar 13 05:50:25 dc-backup-03 mysqld[8141]: COMMAND=/usr/bin/systemctl restart nginx
Mar 12 07:24:38 srv-prod-01 rsyslogd[16391]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 13 22:51:01 dc-backup-03 mysqld[19732]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 15 14:58:27 dc-backup-03 mysqld[15331]: Accepted publickey for deployer from 10.4.6.126 port 29616
Mar 12 15:10:10 db-master NetworkManager[28972]: COMMAND=/usr/bin/systemctl restart nginx
Mar 10 12:23:03 srv-prod-01 kernel[8490]: auditd[13850]: Audit daemon rotating log files
Mar 10 08:05:33 edge-fw-01 kernel[9360]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 12 05:14:26 db-master cron[6460]: systemd[1]: Started Session 29590 of user bwilliams.
Mar 10 18:41:50 log-collector kernel[29568]: auditd[41718]: Audit daemon rotating log files
Mar 13 05:15:01 db-master cron[7402]: auditd[62759]: Audit daemon rotating log files
Mar 11 17:07:49 dc-backup-03 kernel[19135]: Connection closed by 10.4.198.26 port 18656 [preauth]
Mar 11 00:20:54 dc-backup-03 NetworkManager[26111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.137.239 user=jsmith
Mar 10 12:08:10 srv-prod-02 kernel[16370]: session opened for user auditor
Mar 12 18:50:17 edge-fw-01 kernel[9054]: Connection closed by 10.4.221.156 port 55699 [preauth]
Mar 11 20:38:48 edge-fw-01 kernel[3197]: session opened for user backup_svc
Mar 13 21:48:25 log-collector auditd[18742]: Received disconnect from 10.4.74.118 port 35685:11: Bye Bye
Mar 14 11:50:38 log-collector auditd[24539]: New session 43448 of user nagios.
Mar 13 05:32:54 srv-prod-01 systemd[5136]: Connection closed by 10.4.65.135 port 62422 [preauth]
Mar 12 03:38:57 edge-fw-01 nginx[13536]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 11 00:13:27 srv-prod-02 sudo[21920]: auditd[32954]: Audit daemon rotating log files
Mar 15 04:41:50 srv-prod-02 kernel[13987]: systemd[1]: Started Session 50749 of user auditor.
Mar 13 08:31:25 edge-fw-01 mysqld[24359]: Connection closed by 10.4.231.59 port 60246 [preauth]
Mar 10 07:09:57 srv-prod-01 nginx[31236]: Removed session 28273.
Mar 13 20:55:27 dc-backup-03 mysqld[20603]: Accepted publickey for bwilliams from 10.4.14.90 port 31504
Mar 10 15:04:22 dc-backup-03 NetworkManager[7339]: FAILED SU (to auditor) deployer on /dev/pts/32291
Mar 11 23:45:35 srv-prod-01 NetworkManager[2962]: systemd[1]: Started Session 7662 of user jsmith.
Mar 10 14:25:21 edge-fw-01 mysqld[21084]: auditd[25355]: Audit daemon rotating log files
Mar 10 16:37:07 edge-fw-01 auditd[15365]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 14 23:47:36 srv-prod-02 auditd[3204]: Received disconnect from 10.4.132.10 port 44691:11: Bye Bye
Mar 15 23:40:17 srv-prod-02 cron[5659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.170.183 user=bwilliams
Mar 11 01:02:19 srv-prod-02 auditd[5356]: session opened for user nagios
Mar 11 13:35:36 srv-prod-02 sshd[31017]: systemd[1]: Started Session 53418 of user nagios.
Mar 12 23:30:50 edge-fw-01 kernel[8179]: Accepted publickey for root from 10.4.42.220 port 3479
Mar 15 14:51:57 log-collector mysqld[21211]: FAILED SU (to backup_svc) deployer on /dev/pts/6264
Mar 12 18:35:35 log-collector mysqld[30534]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 11 21:43:53 db-master nginx[20325]: cron[35542]: (backup_svc) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 11 07:52:01 dc-backup-03 mysqld[16839]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 15 12:03:37 dc-backup-03 cron[27269]: systemd[1]: Started Session 64774 of user nagios.
Mar 11 07:29:57 srv-prod-01 NetworkManager[31344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.38.143 user=auditor
Mar 13 13:36:21 srv-prod-02 kernel[3658]: systemd[1]: Started Session 49686 of user nagios.
Mar 15 02:49:20 srv-prod-01 auditd[30140]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 13 15:01:21 dc-backup-03 systemd[4874]: FAILED SU (to deployer) deployer on /dev/pts/11119
Mar 13 18:13:25 srv-prod-02 nginx[28834]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 12 05:38:20 srv-prod-01 cron[13348]: New session 11830 of user jsmith.
Mar 10 04:34:27 srv-prod-01 kernel[30379]: Connection closed by 10.4.22.204 port 49352 [preauth]
Mar 10 04:18:53 log-collector mysqld[23240]: FAILED SU (to root) deployer on /dev/pts/12661
Mar 11 09:21:06 srv-prod-01 sshd[20099]: session opened for user backup_svc
Mar 11 05:57:25 srv-prod-01 nginx[17068]: mysqld[61484]: Aborted connection 61484 to db: 'production' user: 'app' host: 'localhost'
Mar 14 02:53:39 srv-prod-01 sudo[5542]: systemd[1]: Started Session 55867 of user nagios.
Mar 15 22:32:06 srv-prod-02 nginx[20873]: Connection closed by 10.4.219.67 port 11338 [preauth]
Mar 15 05:44:30 dc-backup-03 NetworkManager[15827]: auditd[23218]: Audit daemon rotating log files
Mar 13 13:51:59 dc-backup-03 mysqld[27026]: COMMAND=/usr/bin/systemctl restart nginx
Mar 15 04:02:05 srv-prod-01 kernel[20257]: session opened for user jsmith
Mar 15 02:18:49 dc-backup-03 rsyslogd[23535]: FAILED SU (to root) deployer on /dev/pts/10810
Mar 13 03:59:41 log-collector NetworkManager[31886]: Removed session 29554.
Mar 15 06:57:30 dc-backup-03 kernel[2108]: Removed session 62459.
Mar 10 01:53:54 edge-fw-01 kernel[9263]: auditd[5353]: Audit daemon rotating log files
Mar 13 22:55:20 dc-backup-03 auditd[5354]: Connection closed by 10.4.128.119 port 44168 [preauth]
Mar 14 22:11:00 srv-prod-02 nginx[26664]: mysqld[61021]: Aborted connection 61021 to db: 'production' user: 'app' host: 'localhost'
Mar 12 04:02:56 db-master rsyslogd[8865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.24.125 user=deployer
Mar 11 23:11:26 srv-prod-01 mysqld[26259]: session opened for user deployer
Mar 12 10:00:06 db-master systemd[26282]: Connection closed by 10.4.88.205 port 41320 [preauth]
Mar 15 23:47:32 edge-fw-01 NetworkManager[18395]: systemd[1]: Started Session 45611 of user jsmith.
Mar 11 13:49:46 edge-fw-01 rsyslogd[2291]: auditd[41146]: Audit daemon rotating log files
Mar 13 01:18:21 db-master cron[14347]: session opened for user nagios
Mar 13 19:36:14 db-master systemd[11327]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 15 01:52:14 db-master nginx[30634]: Removed session 59450.
Mar 11 01:14:52 edge-fw-01 sshd[8830]: Connection closed by 10.4.68.2 port 35806 [preauth]
Mar 12 17:52:57 edge-fw-01 sshd[31799]: Received disconnect from 10.4.13.246 port 6011:11: Bye Bye
Mar 15 09:49:38 edge-fw-01 rsyslogd[2677]: Removed session 49045.
Mar 12 03:54:15 db-master mysqld[13747]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 10 21:27:05 srv-prod-02 sudo[22195]: FAILED SU (to jsmith) deployer on /dev/pts/14148
Mar 15 23:16:10 log-collector nginx[10578]: Removed session 62043.
Mar 11 23:10:23 dc-backup-03 nginx[26070]: Accepted publickey for deployer from 10.4.42.232 port 28971
Mar 10 02:09:55 srv-prod-01 systemd[28952]: Accepted publickey for nagios from 10.4.178.141 port 42902
Mar 12 05:07:48 srv-prod-01 NetworkManager[12060]: Connection closed by 10.4.200.198 port 53087 [preauth]
Mar 13 16:07:30 dc-backup-03 cron[21131]: Removed session 36059.
Mar 11 12:51:12 dc-backup-03 sshd[31963]: Received disconnect from 10.4.202.24 port 24173:11: Bye Bye
Mar 10 02:10:09 db-master NetworkManager[6254]: FAILED SU (to nagios) deployer on /dev/pts/53014
Mar 15 11:01:21 edge-fw-01 cron[13755]: mysqld[61626]: Aborted connection 61626 to db: 'production' user: 'app' host: 'localhost'
Mar 13 06:10:12 edge-fw-01 rsyslogd[21889]: New session 54226 of user auditor.
Mar 15 07:53:42 edge-fw-01 NetworkManager[30913]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 15 11:12:57 edge-fw-01 systemd[2192]: session opened for user auditor
Mar 15 11:41:21 srv-prod-01 mysqld[25567]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 19:33:35 db-master kernel[4817]: auditd[9811]: Audit daemon rotating log files
Mar 15 10:07:39 log-collector mysqld[2064]: auditd[37173]: Audit daemon rotating log files
Mar 13 09:02:54 dc-backup-03 kernel[2799]: Accepted publickey for jsmith from 10.4.80.138 port 54905
Mar 11 08:21:54 db-master mysqld[3437]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 12 13:01:01 srv-prod-02 cron[11739]: systemd[1]: Started Session 49430 of user root.
Mar 14 19:54:06 srv-prod-01 nginx[4715]: FAILED SU (to auditor) deployer on /dev/pts/35427
Mar 10 05:36:13 srv-prod-01 systemd[27226]: New session 59246 of user auditor.
Mar 14 17:58:54 log-collector NetworkManager[27593]: Accepted publickey for root from 10.4.71.80 port 56170
Mar 12 17:42:19 edge-fw-01 sshd[30338]: Accepted publickey for nagios from 10.4.223.177 port 36810
Mar 10 21:21:17 srv-prod-02 cron[2705]: cron[28560]: (bwilliams) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 10 03:57:30 dc-backup-03 auditd[16375]: session opened for user root
Mar 14 17:57:50 dc-backup-03 kernel[3687]: COMMAND=/usr/bin/systemctl restart nginx
Mar 15 03:40:51 srv-prod-02 kernel[16411]: session opened for user jsmith
Mar 15 16:15:26 db-master nginx[23328]: session opened for user jsmith
Mar 11 15:35:15 srv-prod-02 rsyslogd[15081]: session opened for user nagios
Mar 14 09:22:08 edge-fw-01 rsyslogd[20358]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 22:26:16 edge-fw-01 sshd[20833]: Removed session 41419.
Mar 15 08:44:08 log-collector rsyslogd[7041]: New session 13552 of user root.
Mar 11 22:02:14 srv-prod-01 cron[25408]: COMMAND=/usr/bin/systemctl restart nginx
Mar 11 08:07:36 srv-prod-02 cron[22359]: session opened for user backup_svc
Mar 10 10:13:28 log-collector cron[5816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.179.4 user=auditor
Mar 13 12:42:33 edge-fw-01 systemd[10013]: Removed session 65069.
Mar 13 11:12:55 log-collector systemd[29118]: Removed session 14575.
Mar 13 01:16:00 srv-prod-02 sshd[16190]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 15 14:33:18 srv-prod-01 nginx[14546]: COMMAND=/usr/bin/systemctl restart nginx
Mar 13 00:30:50 srv-prod-01 rsyslogd[18353]: auditd[12627]: Audit daemon rotating log files
Mar 11 14:12:44 edge-fw-01 auditd[10031]: mysqld[43245]: Aborted connection 43245 to db: 'production' user: 'app' host: 'localhost'
Mar 13 04:01:49 edge-fw-01 auditd[22142]: COMMAND=/usr/bin/systemctl restart nginx
Mar 14 20:59:09 log-collector mysqld[9771]: Accepted publickey for jsmith from 10.4.253.243 port 37183
Mar 12 21:33:51 edge-fw-01 sshd[25458]: systemd[1]: Started Session 7501 of user nagios.
Mar 10 07:57:18 srv-prod-02 NetworkManager[27532]: systemd[1]: Started Session 59010 of user root.
Mar 14 05:40:31 srv-prod-02 sshd[1110]: Received disconnect from 10.4.158.148 port 53386:11: Bye Bye
Mar 14 13:36:21 srv-prod-02 kernel[16762]: session opened for user bwilliams
Mar 13 08:44:51 srv-prod-02 auditd[20208]: systemd[1]: Started Session 48267 of user root.
Mar 14 18:22:06 db-master systemd[16461]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 12 11:30:48 dc-backup-03 sudo[18448]: COMMAND=/usr/bin/systemctl restart nginx
Mar 10 22:04:06 srv-prod-02 systemd[30357]: New session 37883 of user jsmith.
Mar 13 13:34:47 log-collector NetworkManager[4362]: Accepted publickey for deployer from 10.4.222.12 port 14456
Mar 15 06:13:23 dc-backup-03 sshd[2199]: Accepted publickey for deployer from 10.4.184.35 port 15489
Mar 15 18:56:28 srv-prod-01 mysqld[7851]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 12 19:34:47 srv-prod-02 sshd[31745]: Removed session 7152.
Mar 11 21:48:44 edge-fw-01 systemd[1208]: cron[36483]: (deployer) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 10 02:32:37 db-master nginx[31304]: COMMAND=/usr/bin/systemctl restart nginx
Mar 12 14:35:44 log-collector cron[1881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.110.179 user=root
Mar 12 06:11:52 log-collector sshd[8674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.147.6 user=backup_svc
Mar 11 06:08:18 log-collector sudo[3007]: Connection closed by 10.4.46.51 port 55240 [preauth]
Mar 10 23:58:46 log-collector nginx[13014]: COMMAND=/usr/bin/systemctl restart nginx
Mar 15 02:53:57 edge-fw-01 sshd[16523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.176.111 user=auditor
Mar 11 21:53:57 srv-prod-01 kernel[4556]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 10 13:14:44 dc-backup-03 NetworkManager[6445]: mysqld[28224]: Aborted connection 28224 to db: 'production' user: 'app' host: 'localhost'
Mar 14 18:57:58 edge-fw-01 kernel[11815]: New session 45401 of user backup_svc.
Mar 14 06:28:27 edge-fw-01 nginx[21019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.153.137 user=auditor
Mar 15 00:12:25 db-master sudo[13305]: systemd[1]: Started Session 15058 of user bwilliams.
Mar 15 04:57:03 log-collector NetworkManager[25150]: COMMAND=/usr/bin/systemctl restart nginx
Mar 13 20:37:45 srv-prod-02 sshd[27761]: cron[32436]: (auditor) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 11 04:15:58 db-master NetworkManager[17659]: session opened for user nagios
Mar 10 10:33:34 dc-backup-03 mysqld[9508]: Accepted publickey for root from 10.4.62.138 port 37218
Mar 10 13:31:54 srv-prod-02 systemd[7727]: mysqld[12709]: Aborted connection 12709 to db: 'production' user: 'app' host: 'localhost'
Mar 11 19:28:04 log-collector NetworkManager[24623]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 13 05:43:17 srv-prod-01 sshd[12065]: mysqld[22116]: Aborted connection 22116 to db: 'production' user: 'app' host: 'localhost'
Mar 15 22:01:55 srv-prod-01 cron[24694]: auditd[2814]: Audit daemon rotating log files
Mar 15 18:05:05 edge-fw-01 cron[7239]: cron[49664]: (bwilliams) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 15 11:03:50 db-master sshd[25525]: Removed session 36349.
Mar 12 12:43:07 db-master nginx[30958]: auditd[24180]: Audit daemon rotating log files
Mar 10 17:52:09 db-master NetworkManager[22893]: New session 11462 of user auditor.
Mar 10 04:11:52 db-master rsyslogd[10469]: auditd[35248]: Audit daemon rotating log files
Mar 13 01:32:27 srv-prod-01 rsyslogd[1860]: Connection closed by 10.4.11.81 port 25891 [preauth]
Mar 11 12:22:40 dc-backup-03 NetworkManager[3906]: FAILED SU (to root) deployer on /dev/pts/18147
Mar 13 18:07:15 dc-backup-03 NetworkManager[5891]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 15 01:23:19 db-master auditd[6578]: mysqld[25243]: Aborted connection 25243 to db: 'production' user: 'app' host: 'localhost'
Mar 10 20:30:03 srv-prod-02 auditd[7813]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 13 19:22:50 db-master NetworkManager[26308]: session opened for user nagios
Mar 12 01:59:07 dc-backup-03 NetworkManager[13834]: mysqld[5002]: Aborted connection 5002 to db: 'production' user: 'app' host: 'localhost'
Mar 14 23:00:16 dc-backup-03 kernel[25028]: Removed session 61004.
Mar 11 16:12:24 srv-prod-02 NetworkManager[26029]: cron[33690]: (nagios) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 11 04:43:04 edge-fw-01 rsyslogd[23827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.17.103 user=backup_svc
Mar 14 18:41:42 dc-backup-03 auditd[24938]: Removed session 12222.
Mar 13 22:08:23 db-master auditd[24764]: cron[16930]: (bwilliams) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 12 02:29:55 edge-fw-01 nginx[27936]: session opened for user jsmith
Mar 12 09:55:55 edge-fw-01 systemd[7114]: session opened for user backup_svc
Mar 14 21:11:18 log-collector sshd[29359]: COMMAND=/usr/bin/systemctl restart nginx
Mar 12 13:50:17 db-master rsyslogd[10522]: mysqld[25748]: Aborted connection 25748 to db: 'production' user: 'app' host: 'localhost'
Mar 10 07:46:06 db-master NetworkManager[8911]: FAILED SU (to auditor) deployer on /dev/pts/61072
Mar 12 10:46:08 log-collector sshd[20991]: Connection closed by 10.4.46.213 port 65400 [preauth]
Mar 12 21:40:03 srv-prod-02 systemd[10547]: mysqld[3484]: Aborted connection 3484 to db: 'production' user: 'app' host: 'localhost'
Mar 12 06:53:33 dc-backup-03 cron[20238]: systemd[1]: Started Session 51162 of user jsmith.
Mar 11 03:05:06 edge-fw-01 NetworkManager[20656]: cron[53892]: (deployer) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 10 17:03:38 db-master cron[8900]: COMMAND=/usr/bin/systemctl restart nginx
Mar 11 04:25:41 srv-prod-01 auditd[8396]: FAILED SU (to backup_svc) deployer on /dev/pts/33305
Mar 10 19:48:32 dc-backup-03 auditd[25851]: Connection closed by 10.4.9.186 port 6059 [preauth]
Mar 13 17:46:55 srv-prod-01 sshd[30223]: Received disconnect from 10.4.119.246 port 33836:11: Bye Bye
Mar 10 18:06:21 srv-prod-01 NetworkManager[14599]: auditd[2765]: Audit daemon rotating log files
Mar 10 07:44:24 log-collector sudo[16475]: FAILED SU (to jsmith) deployer on /dev/pts/35356
Mar 14 03:46:58 srv-prod-01 rsyslogd[31037]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 14 11:08:56 dc-backup-03 rsyslogd[3498]: session opened for user backup_svc
Mar 14 20:49:36 db-master nginx[4566]: systemd[1]: Started Session 58095 of user root.
Mar 13 10:53:01 edge-fw-01 systemd[5564]: New session 35750 of user jsmith.
Mar 11 19:38:32 srv-prod-02 sudo[3408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.209.186 user=jsmith
Mar 10 02:16:59 log-collector nginx[23787]: session opened for user bwilliams
Mar 15 01:53:23 dc-backup-03 systemd[1696]: Removed session 27713.
Mar 13 23:02:33 srv-prod-01 kernel[4145]: cron[29117]: (deployer) CMD (/usr/bin/find /tmp -mtime +7 -delete)
Mar 10 06:55:03 srv-prod-02 mysqld[29997]: Received disconnect from 10.4.200.217 port 2201:11: Bye Bye
Mar 10 00:24:09 srv-prod-01 mysqld[15930]: Removed session 40832.
Mar 11 06:16:57 srv-prod-01 auditd[12658]: FAILED SU (to backup_svc) deployer on /dev/pts/63465
Mar 14 03:31:40 edge-fw-01 NetworkManager[16901]: mysqld[29613]: Aborted connection 29613 to db: 'production' user: 'app' host: 'localhost'
Mar 11 16:53:16 srv-prod-01 cron[25564]: systemd[1]: Started Session 41733 of user backup_svc.
Mar 10 16:28:49 dc-backup-03 systemd[12226]: COMMAND=/usr/bin/systemctl restart nginx
Mar 14 23:57:33 srv-prod-01 systemd[14351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.221.171 user=deployer
Mar 15 03:03:06 edge-fw-01 sshd[13142]: Removed session 41296.
Mar 12 18:37:45 dc-backup-03 nginx[27322]: Accepted publickey for nagios from 10.4.211.13 port 34276
Mar 15 14:16:37 edge-fw-01 rsyslogd[6426]: auditd[2057]: Audit daemon rotating log files
Mar 15 13:49:39 edge-fw-01 nginx[27478]: New session 62797 of user backup_svc.
Mar 14 23:46:43 edge-fw-01 cron[25939]: Removed session 40651.
Mar 12 18:24:40 srv-prod-02 mysqld[9133]: New session 36103 of user nagios.
Mar 14 09:36:39 srv-prod-02 kernel[29076]: auditd[2418]: Audit daemon rotating log files
Mar 11 09:49:09 edge-fw-01 rsyslogd[15086]: auditd[56020]: Audit daemon rotating log files
Mar 13 19:44:01 srv-prod-02 auditd[16498]: Received disconnect from 10.4.246.241 port 4613:11: Bye Bye
Mar 13 00:41:28 srv-prod-02 nginx[25552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.31.118 user=backup_svc
Mar 14 19:14:20 db-master mysqld[22710]: Removed session 15973.
Mar 14 04:42:57 srv-prod-01 nginx[25805]: Received disconnect from 10.4.63.231 port 63287:11: Bye Bye
Mar 13 21:07:09 db-master rsyslogd[23778]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 11 12:37:48 log-collector kernel[18842]: FAILED SU (to deployer) deployer on /dev/pts/37019
Mar 14 12:36:24 log-collector cron[14334]: FAILED SU (to deployer) deployer on /dev/pts/7151
Mar 13 13:06:43 srv-prod-02 systemd[23468]: mysqld[37841]: Aborted connection 37841 to db: 'production' user: 'app' host: 'localhost'
Mar 12 03:16:53 dc-backup-03 auditd[26467]: COMMAND=/usr/bin/systemctl restart nginx
Mar 12 16:17:40 srv-prod-01 kernel[2329]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 10 21:54:32 edge-fw-01 auditd[20673]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 13 16:12:04 srv-prod-02 rsyslogd[22899]: Accepted publickey for root from 10.4.15.30 port 55662
Mar 10 01:04:24 db-master nginx[2834]: Received disconnect from 10.4.211.249 port 54981:11: Bye Bye
Mar 10 23:20:03 srv-prod-02 NetworkManager[14362]: Connection closed by 10.4.76.162 port 40773 [preauth]
Mar 13 20:26:40 log-collector mysqld[2648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.224.150 user=jsmith
Mar 10 15:28:28 edge-fw-01 kernel[10224]: New session 18726 of user jsmith.
Mar 11 23:25:48 log-collector kernel[14488]: mysqld[30451]: Aborted connection 30451 to db: 'production' user: 'app' host: 'localhost'
Mar 14 02:47:55 log-collector sudo[24756]: Connection closed by 10.4.36.89 port 2299 [preauth]
Mar 11 18:44:59 dc-backup-03 sshd[3188]: New session 65379 of user deployer.
Mar 14 08:04:12 edge-fw-01 systemd[7640]: COMMAND=/usr/bin/systemctl restart nginx
Mar 12 11:45:59 dc-backup-03 auditd[7639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.240.34 user=root
Mar 10 14:00:13 srv-prod-02 cron[30462]: mysqld[61786]: Aborted connection 61786 to db: 'production' user: 'app' host: 'localhost'
Mar 13 03:14:48 db-master mysqld[8797]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 14 11:24:07 edge-fw-01 cron[8151]: COMMAND=/usr/bin/systemctl restart nginx
Mar 12 18:03:46 db-master mysqld[29329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.140.76 user=backup_svc
Mar 12 16:02:52 dc-backup-03 nginx[15128]: Accepted publickey for root from 10.4.37.222 port 26949
Mar 15 08:53:06 db-master cron[16414]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 13 21:32:10 srv-prod-01 sshd[7116]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 13 18:34:52 log-collector systemd[4353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.42.164 user=auditor
Mar 13 05:36:34 edge-fw-01 rsyslogd[25069]: FAILED SU (to bwilliams) deployer on /dev/pts/64834
Mar 11 17:15:56 db-master kernel[28789]: Accepted publickey for deployer from 10.4.60.195 port 28943
Mar 10 10:14:36 log-collector sshd[15733]: auditd[27790]: Audit daemon rotating log files
Mar 14 23:40:27 srv-prod-01 sudo[23306]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 13 07:57:25 srv-prod-02 sshd[26555]: Received disconnect from 10.4.180.16 port 27412:11: Bye Bye
Mar 14 04:05:42 srv-prod-02 systemd[6601]: mysqld[25673]: Aborted connection 25673 to db: 'production' user: 'app' host: 'localhost'
Mar 11 02:25:43 dc-backup-03 sshd[22612]: mysqld[45187]: Aborted connection 45187 to db: 'production' user: 'app' host: 'localhost'
Mar 10 21:16:25 log-collector cron[5926]: New session 30337 of user auditor.
Mar 11 02:36:08 edge-fw-01 sudo[19607]: FAILED SU (to nagios) deployer on /dev/pts/62435
Mar 14 18:34:49 srv-prod-02 auditd[9798]: Removed session 3608.
Mar 14 00:10:08 srv-prod-01 mysqld[31100]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 15 23:14:42 edge-fw-01 rsyslogd[18769]: mysqld[40684]: Aborted connection 40684 to db: 'production' user: 'app' host: 'localhost'
Mar 12 20:08:19 dc-backup-03 rsyslogd[20844]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 15 02:18:22 db-master NetworkManager[21514]: Connection closed by 10.4.142.162 port 5350 [preauth]
Mar 10 22:41:28 srv-prod-02 systemd[12696]: Accepted publickey for deployer from 10.4.247.208 port 50252
Mar 13 06:34:49 srv-prod-01 rsyslogd[7119]: Removed session 26615.
Mar 10 19:04:46 edge-fw-01 sudo[22747]: Removed session 52158.
Mar 14 04:54:39 edge-fw-01 NetworkManager[30993]: New session 26220 of user nagios.
Mar 11 10:33:36 log-collector sshd[17184]: COMMAND=/usr/bin/systemctl restart nginx
Mar 15 16:00:25 log-collector systemd[7102]: Removed session 21881.
Mar 10 21:57:55 edge-fw-01 auditd[25758]: FAILED SU (to bwilliams) deployer on /dev/pts/18674
Mar 13 18:02:01 srv-prod-02 nginx[5090]: Removed session 45956.
Mar 12 11:17:16 db-master auditd[31612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.46.200 user=nagios
Mar 11 11:52:52 srv-prod-02 systemd[10639]: New session 13876 of user deployer.
Mar 14 23:36:54 edge-fw-01 systemd[26871]: systemd[1]: Started Session 45819 of user backup_svc.
Mar 14 03:21:25 srv-prod-01 mysqld[9543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.241.50 user=auditor
Mar 15 15:11:58 srv-prod-02 rsyslogd[13749]: FAILED SU (to jsmith) deployer on /dev/pts/23167
Mar 11 22:14:21 log-collector mysqld[20920]: Received disconnect from 10.4.104.243 port 39632:11: Bye Bye
Mar 14 03:35:45 dc-backup-03 sshd[13098]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 13 17:20:01 edge-fw-01 nginx[11500]: New session 18250 of user backup_svc.
Mar 11 09:40:39 log-collector NetworkManager[29762]: Accepted publickey for auditor from 10.4.67.58 port 1522
Mar 10 15:38:30 srv-prod-02 NetworkManager[2536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.148.20 user=auditor
Mar 11 08:50:02 dc-backup-03 systemd[28478]: Accepted publickey for auditor from 10.4.181.86 port 39164
Mar 12 14:06:20 srv-prod-02 cron[11740]: mysqld[22339]: Aborted connection 22339 to db: 'production' user: 'app' host: 'localhost'
Mar 14 06:52:26 db-master cron[24849]: Connection closed by 10.4.187.45 port 25017 [preauth]
Mar 12 01:01:39 srv-prod-02 cron[28741]: systemd[1]: Started Session 30340 of user jsmith.
Mar 10 01:49:22 edge-fw-01 rsyslogd[15962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.244.198 user=bwilliams
Mar 14 16:30:35 log-collector kernel[20826]: session opened for user nagios
Mar 12 04:15:54 db-master mysqld[18261]: Received disconnect from 10.4.123.2 port 18828:11: Bye Bye
Mar 12 17:51:58 edge-fw-01 auditd[26423]: auditd[9992]: Audit daemon rotating log files
Mar 14 16:26:50 db-master sudo[15738]: auditd[57649]: Audit daemon rotating log files
Mar 11 15:45:21 log-collector nginx[12052]: Received disconnect from 10.4.77.221 port 12007:11: Bye Bye
Mar 14 13:23:50 log-collector rsyslogd[11398]: mysqld[49054]: Aborted connection 49054 to db: 'production' user: 'app' host: 'localhost'
Mar 12 19:58:07 log-collector auditd[27621]: Accepted publickey for bwilliams from 10.4.46.129 port 9471
Mar 10 01:02:09 dc-backup-03 systemd[11054]: auditd[62141]: Audit daemon rotating log files
Mar 10 07:08:41 srv-prod-01 mysqld[28060]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 10 10:21:30 srv-prod-02 auditd[18097]: session opened for user auditor
Mar 10 09:19:18 db-master rsyslogd[18033]: mysqld[45719]: Aborted connection 45719 to db: 'production' user: 'app' host: 'localhost'
Mar 15 15:09:31 srv-prod-02 auditd[23621]: mysqld[41653]: Aborted connection 41653 to db: 'production' user: 'app' host: 'localhost'
Mar 13 23:18:41 log-collector sshd[5905]: kernel: EXT4-fs (sda1): re-mounted. Opts: errors=remount-ro
Mar 15 22:10:58 srv-prod-02 cron[10434]: FAILED SU (to jsmith) deployer on /dev/pts/34795
Mar 11 22:34:51 log-collector kernel[4468]: mysqld[54341]: Aborted connection 54341 to db: 'production' user: 'app' host: 'localhost'
Mar 11 19:09:56 srv-prod-01 nginx[22140]: mysqld[9300]: Aborted connection 9300 to db: 'production' user: 'app' host: 'localhost'
Mar 15 00:56:05 edge-fw-01 nginx[9019]: Received disconnect from 10.4.24.16 port 25741:11: Bye Bye
Mar 14 14:22:01 edge-fw-01 auditd[6408]: Received disconnect from 10.4.41.53 port 48049:11: Bye Bye
Mar 13 05:50:11 edge-fw-01 sudo[12471]: rsyslogd: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0]
Mar 12 17:40:17 edge-fw-01 kernel[5445]: Connection closed by 10.4.67.192 port 64809 [preauth]
Mar 12 04:39:05 log-collector sudo[27760]: Received disconnect from 10.4.147.242 port 3166:11: Bye Bye
Mar 11 23:06:25 srv-prod-02 sudo[19001]: session opened for user deployer
Mar 10 14:43:13 log-collector systemd[15512]: COMMAND=/usr/bin/systemctl restart nginx
Mar 11 00:20:11 db-master rsyslogd[6085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.4.168.150 user=nagios
Mar 11 03:46:27 log-collector rsyslogd[11713]: auditd[28020]: Audit daemon rotating log files
Mar 14 17:09:15 dc-backup-03 mysqld[6457]: rsyslogd: action 'action-0-builtin:omfwd' resumed (mod