auth log file shows wrong time?

linux time ubuntu-14.04

I was looking at the auth log of my server, and I was surprised to see that the times are offset. 

root@server:/home/admin# date
Tue Jan 12 09:51:36 CET 2016
root@server:/home/admin# tail /var/log/auth.log 
Jan 12 03:10:05 server sshd[18973]: Connection closed by 222.189.40.171 [preauth]
Jan 12 03:25:43 server sshd[18983]: reverse mapping checking getaddrinfo for 210.subnet222-124-218.static.astinet.telkom.net.id [222.124.218.210] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 12 03:25:43 server sshd[18983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.218.210  user=root
Jan 12 03:25:45 server sshd[18983]: Failed password for root from 222.124.218.210 port 34563 ssh2
Jan 12 03:25:45 server sshd[18983]: Connection closed by 222.124.218.210 [preauth]
Jan 12 03:41:45 server sshd[18991]: Accepted publickey for admin from 217.111.52.130 port 35090 ssh2: RSA 0b:7a:fa:16:89:a2:ad:9c:06:7f:d1:c8:91:de:23:ae
Jan 12 03:41:45 server sshd[18991]: pam_unix(sshd:session): session opened for user admin by (uid=0)
Jan 12 03:42:38 server su[19013]: Successful su for root by admin
Jan 12 03:42:38 server su[19013]: + /dev/pts/0 admin:root
Jan 12 03:42:38 server

This the time zone the server has configured:

cat /etc/timezone 
Europe/Berlin

Maybe it is helpful to know that the server is a VZ guest.

Here is what the commands show in a row:

$ su -c "date && tail -n 5 /var/log/auth.log"
Password: 
Tue Jan 12 10:33:24 CET 2016
Jan 12 03:41:45 server sshd[18991]: Accepted publickey for admin from 217.111.52.130 port 35090 ssh2: RSA 0b:7a:fa:16:89:a2:ad:9c:06:7f:d1:c8:91:de:23:ae
Jan 12 03:41:45 server sshd[18991]: pam_unix(sshd:session): session opened for user admin by (uid=0)
Jan 12 03:42:38 server su[19013]: Successful su for root by admin
Jan 12 03:42:38 server su[19013]: + /dev/pts/0 admin:root
Jan 12 03:42:38 server su[19013]: pam_unix(su:session): session opened for user root by admin(uid=1000)

Solution 1:

Apparently this is a known issue.

I fixed this by restarting rsyslog.

Related

How can I configure Postfix to relay emails addressed to particular domains through a separate SMTP relay [duplicate]
How to (properly) back up a live QEMU/KVM VM?
How to force Linux users to respect max login rate
How to redirect all Apache 2.4 websites to maintenance page while allowing access to specified IP addresses
Installing php-fpm apache 2.4.6 on Centos 7
rclone quits FTP server after asking for UTF8
Advertise self as ipv6 dns server, with ra-pd / radvd
Enable offline file sync for computer owner only
Issue expanding raid6 array using storcli
ssh and monitor attached on the server [closed]
Synonyms for "default"
What is "reboatory"?