sshd /var/log/secure entries
Jacques B.
jjrboucher at gmail.com
Thu Mar 23 10:28:03 UTC 2006
I did a fresh install of FC5 on our web server which also runs sshd.
When I checked /var/log/secure this morning I noted connections to my
account from my IP, but during the early hours of the morning when I
was sleeping.
Upon further examination I noted that there were two entries for each
connection. One for the correct local time. The second with the
GMT/UTC time for the same entry (same PID, same Port #, etc, just
different time stamp).
I tested it this morning and sure enough, it created two entries. One
for the current time and one for 4 hours later (GMT/UTC time).
Anyone else experiencing this? Any ideas what would cause this? I
hesitate to report it as a bug until I can rule out misconfiguration
on my part as the cause. I haven't checked yet but I assume that
somewhere you can define the log format for sshd log entries. The
problem may lie there.
Thanks,
Jacques B.
More information about the fedora-list
mailing list