We saw this too. It is a bug in sshd, after applying the latest updates, the problem went away. Evan. Jeremy Kindy wrote:
Hello all,
I've set up syslog-ng (1.6.11) on a test server (RHEL4), and am getting some strange timestamps on messages. Here is a sample, as it appears in the log:
Nov 10 14:04:54 host1 sshd[29798]: Accepted password for bob from ::ffff:10.40.131.115 port 32799 ssh2 Nov 10 09:04:54 host1 sshd[29797]: Accepted password for bob from ::ffff:10.40.131.115 port 32799 ssh2 Nov 10 09:04:54 host1 sshd(pam_unix)[29802]: session opened for user bob by (uid=0) Nov 10 22:00:54 host1 sshd[28326]: Accepted password for bob from ::ffff:10.40.131.115 port 33569 ssh2 Nov 10 17:00:54 host1 sshd[28325]: Accepted password for bob from ::ffff:10.40.131.115 port 33569 ssh2 Nov 10 17:00:54 host1 sshd(pam_unix)[28330]: session opened for user bob by (uid=0)
Any suggestions?
My guess is that it's a local time vs GMT or something like that (we're in Eastern Time Zone of USA, which is GMT -5). All of our servers are currently in the same time zone, and all of the ones currently logging to syslog-ng are RHEL4, though we do have a few RHEL3 and RHAS2.1 hanging around.
Thank you, Jeremy
-- Evan Rempel erempel@uvic.ca Senior Programmer Analyst 250.721.7691 Computing Services University of Victoria