Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {"took":166,"timed_out":false,"_shards":{"total":5,"successful":5,"failed":0},"hits":{"total":2228,"max_score":1.0,"hits":[{"_index":"logstash_netflow9-2016.04.05","_type":"syslog","_id":"AVPjx9rnBb8txh-QrdX1","_score":1.0,"_source":{"message":"Apr 5 02:17:01 ubuntuS2 CRON[3273]: pam_unix(cron:session): session closed for user root","@version":"1","@timestamp":"2016-04-05T00:17:01.000Z","beat":{"hostname":"ubuntuS2","name":"ubuntuS2"},"count":1,"fields":null,"input_type":"log","offset":8595,"source":"/var/log/auth.log","type":"syslog","host":"ubuntuS2","tags":["beats_input_codec_plain_applied"],"syslog_timestamp":["Apr 5 02:17:01","Apr 5 02:17:01"],"syslog_hostname":["ubuntuS2","ubuntuS2"],"syslog_program":["CRON","CRON"],"syslog_pid":["3273","3273"],"syslog_message":["pam_unix(cron:session): session closed for user root","pam_unix(cron:session): session closed for user root"],"received_at":["2016-04-05T00:17:06.623Z","2016-04-05T00:17:01.000Z"],"received_from":["ubuntuS2","ubuntuS2"],"syslog_severity_code":5,"syslog_facility_code":1,"syslog_facility":"user-level","syslog_severity":"notice"}},{"_index":"logstash_netflow9-2016.04.05","_type":"netflow","_id":"AVPjx-L6Bb8txh-QrdX7","_score":1.0,"_source":{"@timestamp":"2016-04-05T00:16:47.000Z","netflow":{"version":9,"flow_seq_num":18747,"flowset_id":256,"sampling_algorithm":2,"sampling_interval":100},"@version":"1","type":"netflow","host":"10.0.0.2"}},{"_index":"logstash_netflow9-2016.04.05","_type":"netflow","_id":"AVPj0QTbBb8txh-QrdYr","_score":1.0,"_source":{"@timestamp":"2016-04-05T00:26:44.000Z","netflow":{"version":9,"flow_seq_num":18757,"flowset_id":257,"ipv4_src_addr":"0.0.0.0","ipv4_dst_addr":"255.255.255.255","src_tos":16,"protocol":17,"l4_src_port":68,"l4_dst_port":67,"icmp_type":0,"input_snmp":529,"src_mask":0,"dst_mask":0,"src_as":0,"dst_as":0,"bgp_ipv4_next_hop":"0.0.0.0","tcp_flags":0,"output_snmp":0,"ipv4_next_hop":"0.0.0.1","in_bytes":328,"in_pkts":1,"first_switched":"2016-04-05T00:25:43.999Z","last_switched":"2016-04-05T00:25:43.999Z","ip_protocol_version":4},"@version":"1","type":"netflow","host":"10.0.0.2"}},{"_index":"logstash_netflow9-2016.04.05","_type":"syslog","_id":"AVPjxkEEBb8txh-QrdXp","_score":1.0,"_source":{"message":"<78>Apr 5 02:15:00 cr1.zwd-sw.layer23.nl cron[23761]: (root) CMD ( /usr/libexec/atrun)","@version":"1","@timestamp":"2016-04-05T00:15:00.000Z","type":"syslog","host":"10.0.0.2","syslog_timestamp":["Apr 5 02:15:00","Apr 5 02:15:00"],"syslog_hostname":["cr1.zwd-sw.layer23.nl","cr1.zwd-sw.layer23.nl"],"syslog_program":["cron","cron"],"syslog_pid":["23761","23761"],"syslog_message":["(root) CMD ( /usr/libexec/atrun)","(root) CMD ( /usr/libexec/atrun)"],"received_at":["2016-04-05T00:15:33.496Z","2016-04-05T00:15:00.000Z"],"received_from":["10.0.0.2","10.0.0.2"],"syslog_severity_code":5,"syslog_facility_code":1,"syslog_facility":"user-level","syslog_severity":"notice"}},{"_index":"logstash_netflow9-2016.04.05","_type":"syslog","_id":"AVPjuW5oBb8txh-QrdWV","_score":1.0,"_source":{"message":"<78>Apr 5 02:01:00 cr1.zwd-sw.layer23.nl cron[23750]: (root) CMD (adjkerntz -a)","@version":"1","@timestamp":"2016-04-05T00:01:00.000Z","type":"syslog","host":"10.0.0.2","syslog_timestamp":["Apr 5 02:01:00","Apr 5 02:01:00"],"syslog_hostname":["cr1.zwd-sw.layer23.nl","cr1.zwd-sw.layer23.nl"],"syslog_program":["cron","cron"],"syslog_pid":["23750","23750"],"syslog_message":["(root) CMD (adjkerntz -a)","(root) CMD (adjkerntz -a)"],"received_at":["2016-04-05T00:01:33.150Z","2016-04-05T00:01:00.000Z"],"received_from":["10.0.0.2","10.0.0.2"],"syslog_severity_code":5,"syslog_facility_code":1,"syslog_facility":"user-level","syslog_severity":"notice"}},{"_index":"logstash_netflow9-2016.04.05","_type":"syslog","_id":"AVPjw6qvBb8txh-QrdXT","_score":1.0,"_source":{"message":"<99>Apr 5 02:12:11 cr1.zwd-sw.layer23.nl xntpd[1450]: NTP Server Unreachable","@version":"1","@timestamp":"2016-04-05T00:12:11.000Z","type":"syslog","host":"10.0.0.2","syslog_timestamp":["Apr 5 02:12:11","Apr 5 02:12:11"],"syslog_hostname":["cr1.zwd-sw.layer23.nl","cr1.zwd-sw.layer23.nl"],"syslog_program":["xntpd","xntpd"],"syslog_pid":["1450","1450"],"syslog_message":["NTP Server Unreachable","NTP Server Unreachable"],"received_at":["2016-04-05T00:12:44.558Z","2016-04-05T00:12:11.000Z"],"received_from":["10.0.0.2","10.0.0.2"],"syslog_severity_code":5,"syslog_facility_code":1,"syslog_facility":"user-level","syslog_severity":"notice"}},{"_index":"logstash_netflow9-2016.04.05","_type":"netflow","_id":"AVPjuwroBb8txh-QrdWe","_score":1.0,"_source":{"@timestamp":"2016-04-05T00:02:45.000Z","netflow":{"version":9,"flow_seq_num":18733,"flowset_id":256,"sampling_algorithm":2,"sampling_interval":100},"@version":"1","type":"netflow","host":"10.0.0.2"}},{"_index":"logstash_netflow9-2016.04.05","_type":"netflow","_id":"AVPju_XEBb8txh-QrdWj","_score":1.0,"_source":{"@timestamp":"2016-04-05T00:03:45.000Z","netflow":{"version":9,"flow_seq_num":18734,"flowset_id":256,"sampling_algorithm":2,"sampling_interval":100},"@version":"1","type":"netflow","host":"10.0.0.2"}},{"_index":"logstash_netflow9-2016.04.05","_type":"netflow","_id":"AVPjvrVJBb8txh-QrdW5","_score":1.0,"_source":{"@timestamp":"2016-04-05T00:06:46.000Z","netflow":{"version":9,"flow_seq_num":18737,"flowset_id":256,"sampling_algorithm":2,"sampling_interval":100},"@version":"1","type":"netflow","host":"10.0.0.2"}},{"_index":"logstash_netflow9-2016.04.05","_type":"netflow","_id":"AVPjv5-TBb8txh-QrdW8","_score":1.0,"_source":{"@timestamp":"2016-04-05T00:07:46.000Z","netflow":{"version":9,"flow_seq_num":18738,"flowset_id":256,"sampling_algorithm":2,"sampling_interval":100},"@version":"1","type":"netflow","host":"10.0.0.2"}}]}}
Add Comment
Please, Sign In to add comment
