API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 5th, 2018
208
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 10.01 KB | None | 0 0
raw download clone embed print report
  1. 2018-09-05T11:53:40.470+0100    INFO    instance/beat.go:492    Home path: [/usr/share/auditbeat] Config path: [/etc/auditbeat] Data path: [/var/lib/auditbeat] Logs path: [/var/log/auditbeat]
  2. 2018-09-05T11:53:40.473+0100    INFO    instance/beat.go:499    Beat UUID: eac8bc0e-c7e4-4fc1-87b7-27b4d27d7613
  3. 2018-09-05T11:53:40.473+0100    INFO    [beat]  instance/beat.go:716    Beat info       {"system_info": {"beat": {"path": {"config": "/etc/auditbeat", "data": "/var/lib/auditbeat", "home": "/usr/share/auditbeat", "logs": "/var/log/auditbeat"}, "type": "auditbeat", "uuid": "eac8bc0e-c7e4-4fc1-87b7-27b4d27d7613"}}}
  4. 2018-09-05T11:53:40.473+0100    INFO    [beat]  instance/beat.go:725    Build info      {"system_info": {"build": {"commit": "45a9a9e1561b6c540e94211ebe03d18abcacae55", "libbeat": "6.3.2", "time": "2018-07-20T04:33:33.000Z", "version": "6.3.2"}}}
  5. 2018-09-05T11:53:40.473+0100    INFO    [beat]  instance/beat.go:728    Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":2,"version":"go1.9.4"}}}
  6. 2018-09-05T11:53:40.474+0100    INFO    [beat]  instance/beat.go:732    Host info       {"system_info": {"host": {"architecture":"x86_64","boot_time":"2018-06-15T16:16:38+01:00","containerized":true,"hostname":"serverXXX","ips":["127.0.0.1/8","::1/128","#.#.#.201/24","fe80::250:56ff:fe01:12/64"],"kernel_version":"3.10.0-693.17.1.el7.x86_64","mac_addresses":["00:50:56:01:00:12"],"os":{"family":"redhat","platform":"centos","name":"CentOS Linux","version":"7 (Core)","major":7,"minor":4,"patch":1708,"codename":"Core"},"timezone":"BST","timezone_offset_sec":3600,"id":"e3a9e7e0b15e492287f42f616b614918"}}}
  7. 2018-09-05T11:53:40.475+0100    INFO    [beat]  instance/beat.go:761    Process info    {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"effective":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"ambient":null}, "cwd": "/", "exe": "/usr/share/auditbeat/bin/auditbeat", "name": "auditbeat", "pid": 127408, "ppid": 1, "seccomp": {"mode":"disabled"}, "start_time": "2018-09-05T11:53:39.560+0100"}}}
  8. 2018-09-05T11:53:40.475+0100    INFO    instance/beat.go:225    Setup Beat: auditbeat; Version: 6.3.2
  9. 2018-09-05T11:53:40.475+0100    INFO    elasticsearch/client.go:145     Elasticsearch url: http://#.#.#.#:9200
  10. 2018-09-05T11:53:40.475+0100    INFO    pipeline/module.go:81   Beat name: serverXXX
  11. 2018-09-05T11:53:40.484+0100    INFO    [auditd]        auditd/audit_linux.go:65        auditd module is running as euid=0 on kernel=3.10.0-693.17.1.el7.x86_64
  12. 2018-09-05T11:53:40.490+0100    INFO    [auditd]        auditd/audit_linux.go:88        socket_type=unicast will be used.
  13. 2018-09-05T11:53:40.490+0100    INFO    elasticsearch/client.go:145     Elasticsearch url: http://#.#.#.#:9200
  14. 2018-09-05T11:53:40.491+0100    INFO    instance/beat.go:315    auditbeat start running.
  15. 2018-09-05T11:53:40.491+0100    INFO    [monitoring]    log/log.go:97   Starting metrics logging every 30s
  16. 2018-09-05T11:53:40.507+0100    INFO    elasticsearch/elasticsearch.go:181      Successfully connected to X-Pack Monitoring endpoint.
  17. 2018-09-05T11:53:40.507+0100    INFO    elasticsearch/elasticsearch.go:191      Start monitoring metrics snapshot loop.
  18. 2018-09-05T11:53:40.730+0100    INFO    [file_integrity]        file_integrity/eventreader_fsnotify.go:59       Started fsnotify watcher        {"file_path": ["/etc", "
  19. /usr/bin", "/usr/sbin"], "recursive": false}
  20. 2018-09-05T11:53:41.811+0100    INFO    elasticsearch/client.go:690     Connected to Elasticsearch version 6.3.2
  21. 2018-09-05T11:53:41.817+0100    INFO    template/load.go:73     Template already exists and will not be overwritten.
  22. 2018-09-05T11:53:42.797+0100    INFO    [file_integrity]        file_integrity/scanner.go:90    File system scan completed      {"scanner_id": 1, "took": 2067215372, "f
  23. ile_count": 1393, "total_bytes": 108505059, "bytes_per_sec": 52488512.067817576, "files_per_sec": 673.8533482615762}
  24. 2018-09-05T11:53:43.659+0100    INFO    [auditd]        auditd/audit_linux.go:158       Deleted 184 pre-existing audit rules.
  25. 2018-09-05T11:53:43.801+0100    INFO    [auditd]        auditd/audit_linux.go:171       Successfully added 184 of 184 audit rules.
  26. 2018-09-05T11:53:43.851+0100    INFO    [auditd]        auditd/audit_linux.go:192       audit status from kernel at start       {"audit_status": {"Mask":0,"Enabled":1,"
  27. Failure":0,"PID":0,"RateLimit":0,"BacklogLimit":8192,"Lost":67339,"Backlog":0,"FeatureBitmap":61,"BacklogWaitTime":0}}
  28. 2018-09-05T11:54:10.493+0100    INFO    [monitoring]    log/log.go:124  Non-zero metrics in the last 30s        {"monitoring": {"metrics": {"auditd":{"lost":1},"beat":{
  29. "cpu":{"system":{"ticks":310,"time":{"ms":315}},"total":{"ticks":620,"time":{"ms":631},"value":620},"user":{"ticks":310,"time":{"ms":316}}},"info":{"ephemeral_id":"8f28
  30. f2dc-024b-47e0-8023-441f006f469f","uptime":{"ms":30031}},"memstats":{"gc_next":4194304,"memory_alloc":2617808,"memory_total":71319784,"rss":17993728}},"libbeat":{"confi
  31. g":{"module":{"running":0}},"output":{"events":{"acked":8,"batches":2,"total":8},"read":{"bytes":1219},"type":"elasticsearch","write":{"bytes":13676}},"pipeline":{"clie
  32. nts":2,"events":{"active":0,"published":8,"retry":1,"total":8},"queue":{"acked":8}}},"metricbeat":{"auditd":{"auditd":{"events":7,"success":7}},"file_integrity":{"file"
  33. :{"events":1,"success":1}}},"system":{"cpu":{"cores":2},"load":{"1":1.03,"15":1.44,"5":1.34,"norm":{"1":0.515,"15":0.72,"5":0.67}}},"xpack":{"monitoring":{"pipeline":{"
  34. clients":1,"events":{"published":2,"retry":1,"total":2},"queue":{"acked":2}}}}}}}
  35. 2018-09-05T11:54:40.492+0100    INFO    [monitoring]    log/log.go:124  Non-zero metrics in the last 30s        {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ti
  36. cks":320,"time":{"ms":6}},"total":{"ticks":640,"time":{"ms":11},"value":640},"user":{"ticks":320,"time":{"ms":5}}},"info":{"ephemeral_id":"8f28f2dc-024b-47e0-8023-441f0
  37. 06f469f","uptime":{"ms":60029}},"memstats":{"gc_next":4194304,"memory_alloc":3542648,"memory_total":72244624}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{
  38. "clients":2,"events":{"active":0}}},"system":{"load":{"1":0.63,"15":1.39,"5":1.21,"norm":{"1":0.315,"15":0.695,"5":0.605}}},"xpack":{"monitoring":{"pipeline":{"events":
  39. {"published":3,"total":3},"queue":{"acked":3}}}}}}}
  40. 2018-09-05T11:55:10.492+0100    INFO    [monitoring]    log/log.go:124  Non-zero metrics in the last 30s        {"monitoring": {"metrics": {"auditd":{"lost":1},"beat":{
  41. "cpu":{"system":{"ticks":320,"time":{"ms":8}},"total":{"ticks":650,"time":{"ms":23},"value":650},"user":{"ticks":330,"time":{"ms":15}}},"info":{"ephemeral_id":"8f28f2dc
  42. -024b-47e0-8023-441f006f469f","uptime":{"ms":90030}},"memstats":{"gc_next":4194304,"memory_alloc":3132392,"memory_total":73808928,"rss":172032}},"libbeat":{"config":{"m
  43. odule":{"running":0}},"output":{"events":{"acked":7,"batches":1,"total":7},"read":{"bytes":390},"write":{"bytes":12704}},"pipeline":{"clients":2,"events":{"active":0,"p
  44. ublished":7,"total":7},"queue":{"acked":7}}},"metricbeat":{"auditd":{"auditd":{"events":7,"success":7}}},"system":{"load":{"1":0.38,"15":1.35,"5":1.09,"norm":{"1":0.19,
  45. "15":0.675,"5":0.545}}},"xpack":{"monitoring":{"pipeline":{"events":{"published":3,"total":3},"queue":{"acked":3}}}}}}}
  46. 2018-09-05T11:55:40.493+0100    INFO    [monitoring]    log/log.go:124  Non-zero metrics in the last 30s        {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ti
  47. cks":330,"time":{"ms":6}},"total":{"ticks":670,"time":{"ms":15},"value":670},"user":{"ticks":340,"time":{"ms":9}}},"info":{"ephemeral_id":"8f28f2dc-024b-47e0-8023-441f0
  48. 06f469f","uptime":{"ms":120030}},"memstats":{"gc_next":4194304,"memory_alloc":2092192,"memory_total":74726632,"rss":491520}},"libbeat":{"config":{"module":{"running":0}
  49. },"pipeline":{"clients":2,"events":{"active":0}}},"system":{"load":{"1":0.23,"15":1.31,"5":0.99,"norm":{"1":0.115,"15":0.655,"5":0.495}}},"xpack":{"monitoring":{"pipeli
  50. ne":{"events":{"published":3,"total":3},"queue":{"acked":3}}}}}}}
  51. 2018-09-05T11:56:10.493+0100    INFO    [monitoring]    log/log.go:124  Non-zero metrics in the last 30s        {"monitoring": {"metrics": {"auditd":{"lost":1},"beat":{
  52. "cpu":{"system":{"ticks":340,"time":{"ms":6}},"total":{"ticks":690,"time":{"ms":19},"value":690},"user":{"ticks":350,"time":{"ms":13}}},"info":{"ephemeral_id":"8f28f2dc
  53. -024b-47e0-8023-441f006f469f","uptime":{"ms":150030}},"memstats":{"gc_next":4194304,"memory_alloc":3651096,"memory_total":76285536}},"libbeat":{"config":{"module":{"run
  54. ning":0}},"output":{"events":{"acked":7,"batches":1,"total":7},"read":{"bytes":378},"write":{"bytes":12704}},"pipeline":{"clients":2,"events":{"active":0,"published":7,
  55. "total":7},"queue":{"acked":7}}},"metricbeat":{"auditd":{"auditd":{"events":7,"success":7}}},"system":{"load":{"1":0.14,"15":1.27,"5":0.9,"norm":{"1":0.07,"15":0.635,"5
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!