Jun 5 10:23:45 myserver sshd[1234]: Accepted publickey for john from 192.168.0.100 port 54321 ssh2: RSA SHA256:1234567890
Jun 5 10:23:47 myserver sudo: john : TTY=pts/0 ; PWD=/home/john ; USER=root ; COMMAND=/bin/systemctl restart apache2
Jun 5 10:24:25 myserver sshd[1234]: Received disconnect from 192.168.0.100 port 54321:11: disconnected by user
Jun 5 10:24:25 myserver sshd[1234]: Disconnected from authenticating user john 192.168.0.100 port 54321 ssh2: RSA SHA256:1234567890
Jun 5 10:24:50 myserver sudo: john : TTY=pts/0 ; PWD=/home/john ; USER=root ; COMMAND=/usr/bin/apt-get install nginx
Jun 5 10:24:50 myserver sudo: john : TTY=pts/0 ; PWD=/home/john ; USER=root ; COMMAND=/usr/bin/apt-get: authentication failure; logname=john uid=1000 euid=0 tty=/dev/pts/0 ruser= rhost=  user=john
Jun 5 10:24:50 myserver sshd[5678]: Failed password for invalid user john from 192.168.0.200 port 12345 ssh2
Jun 5 10:24:51 myserver sshd[5678]: Received disconnect from 192.168.0.200 port 12345:11: Bye Bye [preauth]
Jun 5 10:25:05 myserver sshd[7890]: Invalid user john from 192.168.0.200 port 54321
Jun 5 10:25:05 myserver sshd[7890]: FAILED LOGIN for invalid user john from 192.168.0.200 port 54321 ssh2
Jun 5 10:25:06 myserver sshd[7890]: Received disconnect from 192.168.0.200 port 54321:11: Bye Bye [preauth]
Jun 5 10:25:15 myserver sshd[9012]: Failed password for john from 192.168.0.100 port 54321 ssh2
Jun 5 10:25:15 myserver sshd[9012]: Failed password for john from 192.168.0.100 port 54321 ssh2
Jun 5 10:25:15 myserver sshd[9012]: Disconnecting invalid user john 192.168.0.100 port 54321 ssh2: RSA SHA256:1234567890
Jun 5 10:25:15 myserver sshd[9012]: FAILED LOGIN for root from 192.168.0.100 port 54321 ssh2
Jun 5 11:01:01 myserver CRON[1234]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 5 11:01:01 myserver CRON[1234]: pam_unix(cron:session): session closed for user root
Jun 5 11:04:21 myserver sshd[5678]: Failed password for root from 192.168.0.100 port 54321 ssh2
Jun 5 11:04:22 myserver sshd[5678]: Failed password for root from 192.168.0.100 port 54321 ssh2
Jun 5 11:04:22 myserver sshd[5678]: Failed password for root from 192.168.0.100 port 54321 ssh2
Jun 5 11:04:22 myserver sshd[5678]: Received disconnect from 192.168.0.100 port 54321: Too many authentication failures
Jun 5 11:04:22 myserver sshd[5678]: Disconnected from authenticating user root 192.168.0.100 port 54321 ssh2
Jun 5 11:06:33 myserver sudo: pam_unix(sudo:auth): authentication failure; logname=root uid=0 euid=0 tty=/dev/pts/0 ruser=ubuntu rhost=  user=root
Jun 5 11:06:35 myserver sudo: pam_unix(sudo:auth): conversation failed
Jun 5 11:06:35 myserver sudo: pam_unix(sudo:auth): auth could not identify password for [root]
Jun 5 11:06:36 myserver sudo: pam_unix(sudo:auth): conversation failed
Jun 5 11:06:36 myserver sudo: pam_unix(sudo:auth): auth could not identify password for [root]
Jun 5 11:08:15 myserver su[9876]: Successful su for john by root
Jun 5 11:08:15 myserver su[9876]: + /dev/pts/1 root:john
Jun 5 11:08:15 myserver su[9876]: pam_unix(su:session): session opened for user john by (uid=0)
Jun 5 11:10:01 myserver CRON[8765]: pam_unix(cron:session): session opened for user john by (uid=0)
Jun 5 11:10:01 myserver CRON[8765]: pam_unix(cron:session): session closed for user john
Jun 5 11:12:45 myserver sshd[5432]: Accepted publickey for jane from 192.168.0.200 port 12345 ssh2: RSA SHA256:AbCdEfGhIjKlMnOpQrStUvWxYz1234567890
Jun 5 11:12:45 myserver sshd[5432]: pam_unix(sshd:session): session opened for user jane by (uid=0)
Jun 5 11:14:23 myserver sshd[5432]: Received disconnect from 192.168.0.200 port 12345: authenticated
Jun 5 11:14:23 myserver sshd[5432]: Disconnected from authenticating user jane 192.168.0.200 port 12345 ssh2
Jun 5 12:01:01 myserver CRON[1234]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 5 12:01:01 myserver CRON[1234]: pam_unix(cron:session): session closed for user root
Jun 5 12:04:21 myserver sshd[5678]: Failed password for root from 192.168.0.100 port 54321 ssh2
Jun 5 12:04:22 myserver sshd[5678]: Failed password for root from 192.168.0.100 port 54321 ssh2
Jun 5 12:04:22 myserver sshd[5678]: Failed password for root from 192.168.0.100 port 54321 ssh2
Jun 5 12:04:22 myserver sshd[5678]: Received disconnect from 192.168.0.100 port 54321: Too many authentication failures
Jun 5 12:04:22 myserver sshd[5678]: Disconnected from authenticating user root 192.168.0.100 port 54321 ssh2
Jun 5 12:06:33 myserver sudo: pam_unix(sudo:auth): authentication failure; logname=root uid=0 euid=0 tty=/dev/pts/0 ruser=ubuntu rhost=  user=root
Jun 5 12:06:35 myserver sudo: pam_unix(sudo:auth): conversation failed
Jun 5 12:06:35 myserver sudo: pam_unix(sudo:auth): auth could not identify password for [root]
Jun 5 12:06:36 myserver sudo: pam_unix(sudo:auth): conversation failed
Jun 5 12:06:36 myserver sudo: pam_unix(sudo:auth): auth could not identify password for [root]
Jun 5 12:08:15 myserver su[9876]: Successful su for john by root
Jun 5 12:08:15 myserver su[9876]: + /dev/pts/1 root:john
Jun 5 12:08:15 myserver su[9876]: pam_unix(su:session): session opened for user john by (uid=0)
Jun 5 12:10:01 myserver CRON[8765]: pam_unix(cron:session): session opened for user john by (uid=0)
Jun 5 12:10:01 myserver CRON[8765]: pam_unix(cron:session): session closed for user john
Jun 5 12:12:45 myserver sshd[5432]: Accepted publickey for jane from 192.168.0.200 port 12345 ssh2: RSA SHA256:AbCdEfGhIjKlMnOpQrStUvWxYz1234567890
Jun 5 12:12:45 myserver sshd[5432]: pam_unix(sshd:session): session opened for user jane by (uid=0)
Jun 5 12:14:23 myserver sshd[5432]: Received disconnect from 192.168.0.200 port 12345: authenticated
Jun 5 12:14:23 myserver sshd[5432]: Disconnected from authenticating user jane 192.168.0.200 port 12345 ssh2
Jun 5 12:17:10 myserver sshd[4321]: Connection closed by authenticating user alice 192.168.0.150 port 54321 [preauth]
Jun 5 12:17:11 myserver sshd[4321]: Accepted publickey for alice from 192.168.0.150 port 54321 ssh2: RSA SHA256:ZyXwVuTsRqPoNmLkJiHgFeDcBa9876543210
Jun 5 12:17:11 myserver sshd[4321]: pam_unix(sshd:session): session opened for user alice by (uid=0)
Jun 5 12:18:45 myserver su[2468]: pam_unix(su:auth): authentication failure; logname=root uid=1000 euid=0 tty=/dev/pts/2 ruser=john rhost=  user=root
Jun 5 12:18:47 myserver su[2468]: pam_unix(su:auth): conversation failed
Jun 5 12:18:47 myserver su[2468]: pam_unix(su:auth): auth could not identify password for [root]
Jun 5 12:18:48 myserver su[2468]: pam_unix(su:auth): conversation failed
Jun 5 12:18:48 myserver su[2468]: pam_unix(su:auth): auth could not identify password for [root]
Jun 5 12:20:01 myserver CRON[1357]: pam_unix(cron:session): session opened for user alice by (uid=0)
Jun 5 12:20:01 myserver CRON[1357]: pam_unix(cron:session): session closed for user alice
Jun 5 12:23:15 myserver sshd[7890]: Failed password for invalid user testuser from 192.168.0.75 port 54321 ssh2
Jun 5 12:23:17 myserver sshd[7890]: Connection closed by invalid user testuser 192.168.0.75 port 54321 [preauth]
Jun 5 12:25:01 myserver CRON[2468]: pam_unix(cron:session): session opened for user alice by (uid=0)
Jun 5 12:25:01 myserver CRON[2468]: pam_unix(cron:session): session closed for user alice
Jun 5 12:27:42 myserver sudo:  alice : TTY=pts/0 ; PWD=/home/alice ; USER=root ; COMMAND=/bin/cat /var/log/syslog
Jun 5 12:27:42 myserver sudo: pam_unix(sudo:session): session opened for user root by alice(uid=1000)
Jun 5 12:30:01 myserver CRON[3579]: pam_unix(cron:session): session opened for user alice by (uid=0)
Jun 5 12:30:01 myserver CRON[3579]: pam_unix(cron:session): session closed for user alice
Jun 5 12:32:15 myserver sshd[6789]: Failed password for alice from 192.168.0.150 port 54321 ssh2
Jun 5 12:32:17 myserver sshd[6789]: Failed password for alice from 192.168.0.150 port 54321 ssh2
Jun 5 12:32:17 myserver sshd[6789]: Failed password for alice from 192.168.0.150 port 54321 ssh2
Jun 5 12:32:18 myserver sshd[6789]: Connection closed by invalid user alice 192.168.0.150 port 54321 [preauth]
Jun 5 12:35:01 myserver CRON[1357]: pam_unix(cron:session): session opened for user john by (uid=0)
Jun 5 12:35:01 myserver CRON[1357]: pam_unix(cron:session): session closed for user john
Jun 5 14:23:45 myserver sshd[1234]: Accepted publickey for john from 192.168.0.100 port 54321 ssh2: RSA SHA256:1234567890
Jun 5 14:23:47 myserver sudo: john : TTY=pts/0 ; PWD=/home/john ; USER=root ; COMMAND=/bin/systemctl restart apache2
Jun 5 14:24:25 myserver sshd[1234]: Received disconnect from 192.168.0.100 port 54321:11: disconnected by user
Jun 5 14:24:25 myserver sshd[1234]: Disconnected from authenticating user john 192.168.0.100 port 54321 ssh2: RSA SHA256:1234567890
Jun 5 14:24:50 myserver sudo: john : TTY=pts/0 ; PWD=/home/john ; USER=root ; COMMAND=/usr/bin/apt-get install nginx
Jun 5 14:24:50 myserver sudo: john : TTY=pts/0 ; PWD=/home/john ; USER=root ; COMMAND=/usr/bin/apt-get: authentication failure; logname=john uid=1000 euid=0 tty=/dev/pts/0 ruser= rhost=  user=john
Jun 5 14:24:50 myserver sshd[5678]: Failed password for invalid user john from 192.168.0.200 port 12345 ssh2
Jun 5 14:24:51 myserver sshd[5678]: Received disconnect from 192.168.0.200 port 12345:11: Bye Bye [preauth]
Jun 5 14:25:05 myserver sshd[7890]: Invalid user john from 192.168.0.200 port 54321
Jun 5 14:25:05 myserver sshd[7890]: FAILED LOGIN for invalid user john from 192.168.0.200 port 54321 ssh2
Jun 5 14:25:06 myserver sshd[7890]: Received disconnect from 192.168.0.200 port 54321:11: Bye Bye [preauth]
Jun 5 14:25:15 myserver sshd[9012]: Failed password for john from 192.168.0.100 port 54321 ssh2
Jun 5 14:25:15 myserver sshd[9012]: Failed password for john from 192.168.0.100 port 54321 ssh2
Jun 5 14:25:15 myserver sshd[9012]: Disconnecting invalid user john 192.168.0.100 port 54321 ssh2: RSA SHA256:1234567890
Jun 5 14:25:15 myserver sshd[9012]: FAILED LOGIN for root from 192.168.0.100 port 54321 ssh2
Jun 5 16:01:01 myserver CRON[1234]: pam_unix(cron:session): session opened for user root by (uid=0)
Jun 5 16:01:01 myserver CRON[1234]: pam_unix(cron:session): session closed for user root
Jun 5 16:04:21 myserver sshd[5678]: Failed password for root from 192.168.0.100 port 54321 ssh2
Jun 5 16:04:22 myserver sshd[5678]: Failed password for root from 192.168.0.100 port 54321 ssh2
Jun 5 16:04:22 myserver sshd[5678]: Failed password for root from 192.168.0.100 port 54321 ssh2
Jun 5 16:04:22 myserver sshd[5678]: Received disconnect from 192.168.0.100 port 54321: Too many authentication failures
Jun 5 16:04:22 myserver sshd[5678]: Disconnected from authenticating user root 192.168.0.100 port 54321 ssh2
Jun 5 16:06:33 myserver sudo: pam_unix(sudo:auth): authentication failure; logname=root uid=0 euid=0 tty=/dev/pts/0 ruser=ubuntu rhost=  user=root
Jun 5 16:06:35 myserver sudo: pam_unix(sudo:auth): conversation failed
Jun 5 16:06:35 myserver sudo: pam_unix(sudo:auth): auth could not identify password for [root]
Jun 5 16:06:36 myserver sudo: pam_unix(sudo:auth): conversation failed
Jun 5 16:06:36 myserver sudo: pam_unix(sudo:auth): auth could not identify password for [root]
Jun 5 16:08:15 myserver su[9876]: Successful su for john by root
Jun 5 16:08:15 myserver su[9876]: + /dev/pts/1 root:john
Jun 5 16:08:15 myserver su[9876]: pam_unix(su:session): session opened for user john by (uid=0)
Jun 5 16:10:01 myserver CRON[8765]: pam_unix(cron:session): session opened for user john by (uid=0)
Jun 5 16:10:01 myserver CRON[8765]: pam_unix(cron:session): session closed for user john
Jun 5 16:12:45 myserver sshd[5432]: Accepted publickey for jane from 192.168.0.200 port 12345 ssh2: RSA SHA256:AbCdEfGhIjKlMnOpQrStUvWxYz1234567890
Jun 5 16:12:45 myserver sshd[5432]: pam_unix(sshd:session): session opened for user jane by (uid=0)
Jun 5 16:14:23 myserver sshd[5432]: Received disconnect from 192.168.0.200 port 12345: authenticated
Jun 5 16:14:23 myserver sshd[5432]: Disconnected from authenticating user jane 192.168.0.200 port 12345 ssh2