Hey All,
I am running TrueNAS-12.0-U2.1 on an iX-4236P.
I am required to enable remote syslog. That part works fine, but I noticed some services (sshd, smbd_audit) log with a non-standard syslog line. The line has the date/time and hostname twice. The local logs have date/time and hostname twice as well. Here is an example:
Not all services are doing this.
Is there some way to prevent this? I need just the first date/time and hostname.
Thanks!
I am running TrueNAS-12.0-U2.1 on an iX-4236P.
I am required to enable remote syslog. That part works fine, but I noticed some services (sshd, smbd_audit) log with a non-standard syslog line. The line has the date/time and hostname twice. The local logs have date/time and hostname twice as well. Here is an example:
Code:
Mar 10 03:00:02 everest-zfs 1 2021-03-10T03:00:02.325446-05:00 everest-zfs.ad.*** sshd 18121 - - pam_winbind(sshd): user 'root' OK Mar 11 03:00:00 everest-zfs 1 2021-03-11T03:00:00.197145-05:00 everest-zfs.ad.*** sshd 37583 - - pam_winbind(sshd): user 'root' not found Mar 11 03:00:00 everest-zfs 1 2021-03-11T03:00:00.198409-05:00 everest-zfs.ad.*** sshd 37583 - - pam_winbind(sshd): PAM_ESTABLISH_CRED not implemented Mar 11 03:00:00 everest-zfs 1 2021-03-11T03:00:00.246172-05:00 everest-zfs.ad.*** sshd 37598 - - pam_winbind(sshd): PAM_REINITIALIZE_CRED not implemented ... Mar 11 12:41:29 everest-zfs 1 2021-03-11T12:41:29.014812-05:00 everest-zfs.ad.*** smbd_audit 46012 - - *USERNAME*|192.168.84.1|chdir|ok|chdir|/ Mar 11 12:41:29 everest-zfs 1 2021-03-11T12:41:29.014848-05:00 everest-zfs.ad.*** smbd_audit 46012 - - *USERNAME*|192.168.84.1|disconnect|ok|admin Mar 11 12:41:40 everest-zfs 1 2021-03-11T12:41:40.328341-05:00 everest-zfs.ad.*** smbd_audit 46014 - - *USERNAME*|192.168.84.1|connect|ok|admin Mar 11 12:41:40 everest-zfs 1 2021-03-11T12:41:40.355262-05:00 everest-zfs.ad.*** smbd_audit 46014 - - *USERNAME*|192.168.84.1|chdir|ok|chdir|/mnt/everest-zfs/essential/shares/admin
Not all services are doing this.
Is there some way to prevent this? I need just the first date/time and hostname.
Thanks!