Troubleshooting
Problem
Stored messages may be found related to Linux events with a raw payload similar to: systemd: Created slice user-0.slice.
Symptom
Events such as:
<30>Jun 30 18:20:01 hostname systemd: Created slice user-0.slice.
<30>Jun 30 18:20:01 hostname systemd: Started Session 8192 of user root.
<30>Jun 30 18:20:01 hostname systemd: Removed slice user-0.slice.
<30>Jun 30 18:20:01 hostname systemd: Starting user-0.slice.
<30>Jun 30 18:20:01 hostname systemd: Stopping user-0.slice.
<30>Jun 30 18:20:01 hostname systemd: Starting Session 8192 of user root.
<78>Jun 30 18:20:01 hostname CROND[8695]: (root) CMD (/usr/lib64/sa/sa1 1 1)
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"Events","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2;7.3","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21998963