Hey all.
Trying to figure out how to clear up my issue. I'm getting two separate time stamps on a syslog entry coming from a Linux box.
As you can see below, it is sending over the FQDN and short name as well.
Oct 21 10:49:53 hyperion.btlab.test Oct 21 13:49:53 hyperion su: pam_unix(su-l:session): session opened for use
Digging around, this looks to be a syslog (using rsyslog) setup.
Here is my line in rsyslog.conf
authpriv.* @prometheus:514
Pretty straight forward, but scratching my head as to why it is being sent over like that.
↧