7657 questions

9091 answers

14651 comments

12043 members

0 votes
117 views 2 comments
by
On rutx09 we see invalid log messages - please fix this to show for example reboot in this scenario (RUT955 shows it correctly),

Tue Sep 29 17:59:06 2020 kern.emerg Request from SSH

1 Answer

0 votes
by
Hello,

Could you send a screenshot from your event logs and point out invalid log messages?

Regards.
by

For example on ssh logon - logread shows that last line is not formatted correctly (we see similar issue on syslog server),

Wed Sep 30 09:42:13 2020 authpriv.notice dropbear[8062]: Password auth succeeded for 'root' from ipremoved:49793
Wed Sep 30 09:42:13 2020 kern.notice Password auth succeeded for root from ipremoved:49793

...same on RUT955,

Wed Sep 30 09:43:56 2020 authpriv.notice dropbear[18517]: Password auth succeeded for 'root' from ipremoved:49835
Wed Sep 30 09:43:57 2020 user.info Messaged[18644]: Start from new event "SSH" "Password auth succeeded from WAN ipremoved:49835"

Also when we RUTX09 reboot router - part of message is missing,

Wed Sep 30 09:45:54 2020 kern.emerg Request from SSH

...same on RUT955,

Wed Sep 30 09:46:44 2020 user.info Messaged[19528]: Start from new event "Reboot" "Request from SSH"
by
Well, the first SSh outputs you provided are intended and I do not understand where are they formatted wrong?

I can agree on the Reboot action SSH message is not informative enough. But if you look at the event logs in WebUI, it clearly states that it was a reboot action.