For example on ssh logon - logread shows that last line is not formatted correctly (we see similar issue on syslog server),
Wed Sep 30 09:42:13 2020 authpriv.notice dropbear[8062]: Password auth succeeded for 'root' from ipremoved:49793
Wed Sep 30 09:42:13 2020 kern.notice Password auth succeeded for root from ipremoved:49793
...same on RUT955,
Wed Sep 30 09:43:56 2020 authpriv.notice dropbear[18517]: Password auth succeeded for 'root' from ipremoved:49835
Wed Sep 30 09:43:57 2020 user.info Messaged[18644]: Start from new event "SSH" "Password auth succeeded from WAN ipremoved:49835"
Also when we RUTX09 reboot router - part of message is missing,
Wed Sep 30 09:45:54 2020 kern.emerg Request from SSH
...same on RUT955,
Wed Sep 30 09:46:44 2020 user.info Messaged[19528]: Start from new event "Reboot" "Request from SSH"