Hello Vlad, * Vlad Galu <d...@dudu.ro>, 20120224 23:54: > [1330014380.652067 -- Thu Feb 23 17:26:20 2012] user process: > id="4f86d023f250d3c9" pid="39012" user="dudu" line="pts/0" host="A.B.C.D" > [1330014398.177818 -- Thu Feb 23 17:26:38 2012] user process: > id="269d75b37f295346" pid="39221" user="dudu" line="pts/1" host="A.B.C.D" > [1330085459.796787 -- Fri Feb 24 13:10:59 2012] user process: > id="d026e8e5c0648ec2" pid="38093" user="dudu" line="pts/0" host="A.B.C.D" > [1330122640.813570 -- Fri Feb 24 23:30:40 2012] user process: > id="dd8d3dff2f3002a0" pid="82959" user="dudu" line="pts/0" host="X.Y.Z.T" > [1330122493.638088 -- Fri Feb 24 23:28:13 2012] user process: > id="92b73279a543d99f" pid="73085" user="dudu" line="pts/1" host="X.Y.Z.T" > [1330122498.444614 -- Fri Feb 24 23:28:18 2012] user process: > id="c0f3c404a3ca8565" pid="73573" user="dudu" line="pts/2" host="X.Y.Z.T" > [1330122634.538515 -- Fri Feb 24 23:30:34 2012] dead process: > id="fea56df5dde26e4d" pid="76338"
You mentioned in a previous email that these entries belong to SSH sessions. Are you sure about this? The identifiers seem to contain randomly generated data, just like pam_lastlog(8) does. OpenSSH uses identifiers based on the TTY name, like so: > [1330124273.955165 -- Fri Feb 24 23:57:53 2012] user process: > id="7074732f30000000" pid="15880" user="ed" line="pts/0" host="m.fxq.nl" 0x7074732f30 is equal to "pts/0". Maybe they're generated by some different login service or you've configured PAM/OpenSSH/etc. in a non-default way? Thanks so far, -- Ed Schouten <e...@80386.nl> WWW: http://80386.nl/
pgplN0Q8HgmxK.pgp
Description: PGP signature