Pas vraiment:
vm293 ~ > journalctl -u rsyslog.service
-- Logs begin at Tue 2019-09-24 18:56:46 CEST, end at Fri 2019-09-27 09:24:44 CEST. --
sept. 26 17:14:34 vm293.jn-hebergement.com systemd[1]: Starting System Logging Service...
sept. 26 17:14:34 vm293.jn-hebergement.com systemd[1]: rsyslog.service: Main process exited, code=exited, status=1/FAILURE
sept. 26 17:14:34 vm293.jn-hebergement.com systemd[1]: Failed to start System Logging Service.
sept. 26 17:14:34 vm293.jn-hebergement.com systemd[1]: rsyslog.service: Unit entered failed state.
sept. 26 17:14:34 vm293.jn-hebergement.com systemd[1]: rsyslog.service: Failed with result 'exit-code'.
sept. 26 17:14:34 vm293.jn-hebergement.com systemd[1]: rsyslog.service: Service hold-off time over, scheduling restart.
sept. 26 17:14:34 vm293.jn-hebergement.com systemd[1]: Stopped System Logging Service.
sept. 26 17:14:34 vm293.jn-hebergement.com systemd[1]: Starting System Logging Service...
sept. 26 17:14:34 vm293.jn-hebergement.com systemd[1]: rsyslog.service: Main process exited, code=exited, status=1/FAILURE
sept. 26 17:14:34 vm293.jn-hebergement.com systemd[1]: Failed to start System Logging Service.
sept. 26 17:14:34 vm293.jn-hebergement.com systemd[1]: rsyslog.service: Unit entered failed state.
sept. 26 17:14:34 vm293.jn-hebergement.com systemd[1]: rsyslog.service: Failed with result 'exit-code'.
sept. 26 17:14:34 vm293.jn-hebergement.com systemd[1]: rsyslog.service: Service hold-off time over, scheduling restart.
sept. 26 17:14:34 vm293.jn-hebergement.com systemd[1]: Stopped System Logging Service.
sept. 26 17:14:34 vm293.jn-hebergement.com systemd[1]: Starting System Logging Service...
sept. 26 17:14:34 vm293.jn-hebergement.com systemd[1]: rsyslog.service: Main process exited, code=exited, status=1/FAILURE
...
Même message répété x fois
Pour les autres logs (joli le coup du zgrep sur l’heure ;-):
vm293 ~ > sudo zgrep “18\:37” /var/log/* 2>/dev/null
/var/log/auth.log:Sep 27 09:27:26 vm293 snoopy[15128]: [uid:0 sid:15080 tty:/dev/pts/0 cwd:/root filename:/usr/bin/sudo]: sudo zgrep “18:37” /var/log/alternatives.log /var/log/alternatives.log.1 /var/log/alternatives.log.2.gz /var/log/apache2 /var/log/apt /var/log/auth.log /var/log/auth.log.1 /var/log/auth.log.2.gz /var/log/auth.log.3.gz /var/log/auth.log.4.gz /var/log/btmp /var/log/btmp.1 /var/log/btmp.2.gz /var/log/btmp.3.gz /var/log/btmp.4.gz /var/log/clamav /var/log/cron.log /var/log/cron.log.1 /var/log/cron.log.2.gz /var/log/cron.log.3.gz /var/log/cron.log.4.gz /var/log/daemon.log /var/log/daemon.log.1 /var/log/daemon.log.2.gz /var/log/daemon.log.3.gz /var/log/daemon.log.4.gz /var/log/dbconfig-common /var/log/debug /var/log/debug.1 /var/log/debug.2.gz /var/log/dmesg /var/log/dpkg.log /var/log/dpkg.log.1 /var/log/fail2ban.log /var/log/fail2ban.log.1 /var/log/fail2ban.log.2.gz /var/log/fail2ban.log.3.gz /var/log/fail2ban.log.4.gz /var/log/fail2ban.log.5.gz /var/log/fontconfig.log /var/log/fsck /var/log/installer /var/log/ispconfig /var/log/kern.log /var/log/kern.log.1 /var/log/kern.log.2.gz /var/log/kern.log.3.gz /var/lo
/var/log/auth.log:Sep 27 09:27:26 vm293 sudo: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/zgrep “18:37” /var/log/alternatives.log /var/log/alternatives.log.1 /var/log/alternatives.log.2.gz /var/log/apache2 /var/log/apt /var/log/auth.log /var/log/auth.log.1 /var/log/auth.log.2.gz /var/log/auth.log.3.gz /var/log/auth.log.4.gz /var/log/btmp /var/log/btmp.1 /var/log/btmp.2.gz /var/log/btmp.3.gz /var/log/btmp.4.gz /var/log/clamav /var/log/cron.log /var/log/cron.log.1 /var/log/cron.log.2.gz /var/log/cron.log.3.gz /var/log/cron.log.4.gz /var/log/daemon.log /var/log/daemon.log.1 /var/log/daemon.log.2.gz /var/log/daemon.log.3.gz /var/log/daemon.log.4.gz /var/log/dbconfig-common /var/log/debug /var/log/debug.1 /var/log/debug.2.gz /var/log/dmesg /var/log/dpkg.log /var/log/dpkg.log.1 /var/log/fail2ban.log /var/log/fail2ban.log.1 /var/log/fail2ban.log.2.gz /var/log/fail2ban.log.3.gz /var/log/fail2ban.log.4.gz /var/log/fail2ban.log.5.gz /var/log/fontconfig.log /var/log/fsck
/var/log/auth.log:Sep 27 09:27:26 vm293 snoopy[15129]: [uid:0 sid:15080 tty:/dev/pts/0 cwd:/root filename:/bin/zgrep]: zgrep “18:37” /var/log/alternatives.log /var/log/alternatives.log.1 /var/log/alternatives.log.2.gz /var/log/apache2 /var/log/apt /var/log/auth.log /var/log/auth.log.1 /var/log/auth.log.2.gz /var/log/auth.log.3.gz /var/log/auth.log.4.gz /var/log/btmp /var/log/btmp.1 /var/log/btmp.2.gz /var/log/btmp.3.gz /var/log/btmp.4.gz /var/log/clamav /var/log/cron.log /var/log/cron.log.1 /var/log/cron.log.2.gz /var/log/cron.log.3.gz /var/log/cron.log.4.gz /var/log/daemon.log /var/log/daemon.log.1 /var/log/daemon.log.2.gz /var/log/daemon.log.3.gz /var/log/daemon.log.4.gz /var/log/dbconfig-common /var/log/debug /var/log/debug.1 /var/log/debug.2.gz /var/log/dmesg /var/log/dpkg.log /var/log/dpkg.log.1 /var/log/fail2ban.log /var/log/fail2ban.log.1 /var/log/fail2ban.log.2.gz /var/log/fail2ban.log.3.gz /var/log/fail2ban.log.4.gz /var/log/fail2ban.log.5.gz /var/log/fontconfig.log /var/log/fsck /var/log/installer /var/log/ispconfig /var/log/kern.log /var/log/kern.log.1 /var/log/kern.log.2.gz /var/log/kern.log.3.gz /var/log/ker
/var/log/auth.log:Sep 27 09:27:26 vm293 snoopy[15137]: [uid:0 sid:15080 tty:(none) cwd:/root filename:/bin/grep]: /bin/grep -- “18:37”
/var/log/auth.log:Sep 27 09:27:26 vm293 snoopy[15145]: [uid:0 sid:15080 tty:(none) cwd:/root filename:/bin/grep]: /bin/grep -- “18:37”
/var/log/auth.log:Sep 27 09:27:26 vm293 snoopy[15153]: [uid:0 sid:15080 tty:(none) cwd:/root filename:/bin/grep]: /bin/grep -- “18:37”
/var/log/auth.log:Sep 27 09:27:26 vm293 snoopy[15161]: [uid:0 sid:15080 tty:(none) cwd:/root filename:/bin/grep]: /bin/grep -- “18:37”
/var/log/auth.log:Sep 27 09:27:26 vm293 snoopy[15169]: [uid:0 sid:15080 tty:(none) cwd:/root filename:/bin/grep]: /bin/grep -- “18:37”
/var/log/auth.log:Sep 27 09:27:26 vm293 snoopy[15177]: [uid:0 sid:15080 tty:(none) cwd:/root filename:/bin/grep]: /bin/grep -- “18:37”