API tools faq
paste
Advertisement
travisbgreen

Untitled

travisbgreen
May 15th, 2019
171
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.04 KB | None | 0 0
raw download clone embed print report
  1. training@SuricataThreatHunting:~$ selks-health-check_stamus
  2. ● suricata.service - LSB: Next Generation IDS/IPS
  3. Loaded: loaded (/etc/init.d/suricata; generated; vendor preset: enabled)
  4. Active: active (running) since Wed 2019-05-15 23:12:40 CEST; 9min ago
  5. Docs: man:systemd-sysv-generator(8)
  6. Process: 4051 ExecStop=/etc/init.d/suricata stop (code=exited, status=0/SUCCESS)
  7. Process: 4065 ExecStart=/etc/init.d/suricata start (code=exited, status=0/SUCCESS)
  8. Tasks: 10 (limit: 19660)
  9. CGroup: /system.slice/suricata.service
  10. └─4072 /usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid --af-packet -D -v --user=logstash
  11.  
  12. May 15 23:12:40 SuricataThreatHunting systemd[1]: Starting LSB: Next Generation IDS/IPS...
  13. May 15 23:12:40 SuricataThreatHunting suricata[4065]: Starting suricata in IDS (af-packet) mode... done.
  14. May 15 23:12:40 SuricataThreatHunting systemd[1]: Started LSB: Next Generation IDS/IPS.
  15. ● elasticsearch.service - Elasticsearch
  16. Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
  17. Active: active (running) since Wed 2019-05-15 22:05:18 CEST; 1h 16min ago
  18. Docs: http://www.elastic.co
  19. Main PID: 624 (java)
  20. Tasks: 83 (limit: 19660)
  21. CGroup: /system.slice/elasticsearch.service
  22. ├─ 624 /usr/bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -De…et
  23. └─1012 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller
  24.  
  25. May 15 22:05:18 SuricataThreatHunting systemd[1]: Started Elasticsearch.
  26. May 15 22:05:18 SuricataThreatHunting elasticsearch[624]: warning: Falling back to java on path. This behavior is deprecated. Specify JAVA_HOME
  27. ● logstash.service - logstash
  28. Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor preset: enabled)
  29. Active: active (running) since Wed 2019-05-15 22:05:18 CEST; 1h 16min ago
  30. Main PID: 458 (java)
  31. Tasks: 36 (limit: 19660)
  32. CGroup: /system.slice/logstash.service
  33. └─458 /usr/bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Dja…sh
  34.  
  35. May 15 22:06:04 SuricataThreatHunting logstash[458]: [2019-05-15T22:06:04,799][INFO ][logstash.outputs.elasticsearch] Attempting to install templa…}}
  36. May 15 22:06:04 SuricataThreatHunting logstash[458]: [2019-05-15T22:06:04,799][INFO ][logstash.outputs.elasticsearch] Attempting to install templa…}}
  37. May 15 22:06:04 SuricataThreatHunting logstash[458]: [2019-05-15T22:06:04,883][INFO ][logstash.outputs.elasticsearch] Installing elasticsea…/logstash
  38. May 15 22:06:04 SuricataThreatHunting logstash[458]: [2019-05-15T22:06:04,887][INFO ][logstash.outputs.elasticsearch] Installing elasticsea…/logstash
  39. May 15 22:06:05 SuricataThreatHunting logstash[458]: [2019-05-15T22:06:05,344][INFO ][logstash.filters.geoip ] Using geoip database {:pat…ty.mmdb"}
  40. May 15 22:06:05 SuricataThreatHunting logstash[458]: [2019-05-15T22:06:05,380][INFO ][logstash.filters.geoip ] Using geoip database {:pat…ty.mmdb"}
  41. May 15 22:06:05 SuricataThreatHunting logstash[458]: [2019-05-15T22:06:05,655][INFO ][logstash.pipeline ] Pipeline started successfu…5f run>"}
  42. May 15 22:06:05 SuricataThreatHunting logstash[458]: [2019-05-15T22:06:05,726][INFO ][logstash.agent ] Pipelines running {:count=…ines=>[]}
  43. May 15 22:06:05 SuricataThreatHunting logstash[458]: [2019-05-15T22:06:05,782][INFO ][filewatch.observingtail ] START, creating Discoverer…llections
  44. May 15 22:06:06 SuricataThreatHunting logstash[458]: [2019-05-15T22:06:06,156][INFO ][logstash.agent ] Successfully started Logst…rt=>9600}
  45. Hint: Some lines were ellipsized, use -l to show in full.
  46. ● kibana.service - Kibana
  47. Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: enabled)
  48. Active: active (running) since Wed 2019-05-15 22:05:18 CEST; 1h 16min ago
  49. Main PID: 448 (node)
  50. Tasks: 11 (limit: 19660)
  51. CGroup: /system.slice/kibana.service
  52. └─448 /usr/share/kibana/bin/../node/bin/node --no-warnings --max-http-header-size=65536 /usr/share/kibana/bin/../src/cli -c /etc/kibana…ml
  53.  
  54. May 15 22:41:34 SuricataThreatHunting kibana[448]: {"type":"response","@timestamp":"2019-05-15T20:41:34Z","tags":[],"pid":448,"method":"get","stat…"}
  55. May 15 22:41:35 SuricataThreatHunting kibana[448]: {"type":"response","@timestamp":"2019-05-15T20:41:35Z","tags":[],"pid":448,"method":"post","sta…"}
  56. May 15 22:41:35 SuricataThreatHunting kibana[448]: {"type":"response","@timestamp":"2019-05-15T20:41:35Z","tags":[],"pid":448,"method":"get","stat…"}
  57. May 15 22:41:35 SuricataThreatHunting kibana[448]: {"type":"response","@timestamp":"2019-05-15T20:41:35Z","tags":[],"pid":448,"method":"get","stat…"}
  58. May 15 22:41:40 SuricataThreatHunting kibana[448]: {"type":"response","@timestamp":"2019-05-15T20:41:40Z","tags":[],"pid":448,"method":"post","sta…"}
  59. May 15 22:41:42 SuricataThreatHunting kibana[448]: {"type":"response","@timestamp":"2019-05-15T20:41:42Z","tags":[],"pid":448,"method":"post","sta…"}
  60. May 15 22:42:00 SuricataThreatHunting kibana[448]: {"type":"response","@timestamp":"2019-05-15T20:41:59Z","tags":[],"pid":448,"method":"post","sta…"}
  61. May 15 22:42:31 SuricataThreatHunting kibana[448]: {"type":"response","@timestamp":"2019-05-15T20:42:31Z","tags":[],"pid":448,"method":"post","sta…"}
  62. May 15 22:42:56 SuricataThreatHunting kibana[448]: {"type":"response","@timestamp":"2019-05-15T20:42:56Z","tags":[],"pid":448,"method":"post","sta…"}
  63. May 15 22:45:56 SuricataThreatHunting kibana[448]: {"type":"response","@timestamp":"2019-05-15T20:45:56Z","tags":[],"pid":448,"method":"get","stat…"}
  64. Hint: Some lines were ellipsized, use -l to show in full.
  65. ● evebox.service - EveBox Server
  66. Loaded: loaded (/lib/systemd/system/evebox.service; enabled; vendor preset: enabled)
  67. Active: active (running) since Wed 2019-05-15 22:05:18 CEST; 1h 16min ago
  68. Main PID: 446 (evebox)
  69. Tasks: 12 (limit: 19660)
  70. CGroup: /system.slice/evebox.service
  71. └─446 /usr/bin/evebox server
  72.  
  73. May 15 23:21:32 SuricataThreatHunting evebox[446]: 2019-05-15 23:21:32 (anonymous.go:64) <Info> -- Logging in anonymous user {training} fro…:1]:41330
  74. May 15 23:21:32 SuricataThreatHunting evebox[446]: 2019-05-15 23:21:32 (datastore-alertquery.go:155) <Info> -- Query elapsed time: 8.500778ms
  75. May 15 23:21:37 SuricataThreatHunting evebox[446]: 2019-05-15 23:21:37 (anonymous.go:64) <Info> -- Logging in anonymous user {training} fro…:1]:41334
  76. May 15 23:21:37 SuricataThreatHunting evebox[446]: 2019-05-15 23:21:37 (datastore-alertquery.go:155) <Info> -- Query elapsed time: 8.294859ms
  77. May 15 23:21:42 SuricataThreatHunting evebox[446]: 2019-05-15 23:21:42 (anonymous.go:64) <Info> -- Logging in anonymous user {training} fro…:1]:41344
  78. May 15 23:21:42 SuricataThreatHunting evebox[446]: 2019-05-15 23:21:42 (datastore-alertquery.go:155) <Info> -- Query elapsed time: 2.537598ms
  79. May 15 23:21:47 SuricataThreatHunting evebox[446]: 2019-05-15 23:21:47 (anonymous.go:64) <Info> -- Logging in anonymous user {training} fro…:1]:41348
  80. May 15 23:21:47 SuricataThreatHunting evebox[446]: 2019-05-15 23:21:47 (datastore-alertquery.go:155) <Info> -- Query elapsed time: 6.996214ms
  81. May 15 23:21:52 SuricataThreatHunting evebox[446]: 2019-05-15 23:21:52 (anonymous.go:64) <Info> -- Logging in anonymous user {training} fro…:1]:41358
  82. May 15 23:21:52 SuricataThreatHunting evebox[446]: 2019-05-15 23:21:52 (datastore-alertquery.go:155) <Info> -- Query elapsed time: 4.367815ms
  83. Hint: Some lines were ellipsized, use -l to show in full.
  84. ● molochviewer-selks.service - Moloch Viewer
  85. Loaded: loaded (/etc/systemd/system/molochviewer-selks.service; enabled; vendor preset: enabled)
  86. Active: active (running) since Wed 2019-05-15 23:16:04 CEST; 5min ago
  87. Main PID: 4204 (sh)
  88. Tasks: 11 (limit: 19660)
  89. CGroup: /system.slice/molochviewer-selks.service
  90. ├─4204 /bin/sh -c /data/moloch/bin/node viewer.js -c /data/moloch/etc/config.ini >> /data/moloch/logs/viewer.log 2>&1
  91. └─4208 /data/moloch/bin/node viewer.js -c /data/moloch/etc/config.ini
  92.  
  93. May 15 23:16:04 SuricataThreatHunting systemd[1]: Started Moloch Viewer.
  94. ● molochpcapread-selks.service - Moloch Pcap Read
  95. Loaded: loaded (/etc/systemd/system/molochpcapread-selks.service; enabled; vendor preset: enabled)
  96. Active: active (running) since Wed 2019-05-15 23:16:04 CEST; 5min ago
  97. Main PID: 4201 (sh)
  98. Tasks: 5 (limit: 19660)
  99. CGroup: /system.slice/molochpcapread-selks.service
  100. ├─4201 /bin/sh -c /data/moloch/bin/moloch-capture -c /data/moloch/etc/config.ini -m -s -R /data/nsm/ >> /data/moloch/logs/capture.log …&1
  101. └─4202 /data/moloch/bin/moloch-capture -c /data/moloch/etc/config.ini -m -s -R /data/nsm/
  102.  
  103. May 15 23:16:04 SuricataThreatHunting systemd[1]: Stopped Moloch Pcap Read.
  104. May 15 23:16:04 SuricataThreatHunting systemd[1]: Started Moloch Pcap Read.
  105. error: <class 'socket.error'>, [Errno 13] Permission denied: file: /usr/lib/python2.7/socket.py line: 228
  106. ii elasticsearch 6.7.2 all Elasticsearch is a distributed RESTful search engine built for the cloud. Reference documentation can be found at https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html and the 'Elasticsearch: The Definitive Guide' book can be found at https://www.elastic.co/guide/en/elasticsearch/guide/current/index.html
  107. ii elasticsearch-curator 5.7.6 amd64 Have indices in Elasticsearch? This is the tool for you!\n\nLike a museum curator manages the exhibits and collections on display, \nElasticsearch Curator helps you curate, or manage your indices.
  108. ii evebox 1:0.10.2 amd64 no description given
  109. ii kibana 6.7.2 amd64 Explore and visualize your Elasticsearch data
  110. ii kibana-dashboards-stamus 2019030501 amd64 Kibana 6 dashboard templates.
  111. ii logstash 1:6.7.2-1 all An extensible logging pipeline
  112. ii moloch 1.8.0-1 amd64 Moloch Full Packet System
  113. ii scirius 3.2.0-1 amd64 Django application to manage Suricata ruleset
  114. ii suricata 2019040702-0stamus0 amd64 Suricata open source multi-thread IDS/IPS/NSM system.
  115. Filesystem Type Size Used Avail Use% Mounted on
  116. udev devtmpfs 3.9G 0 3.9G 0% /dev
  117. tmpfs tmpfs 797M 17M 780M 3% /run
  118. /dev/sda1 ext4 24G 8.7G 14G 39% /
  119. tmpfs tmpfs 3.9G 19M 3.9G 1% /dev/shm
  120. tmpfs tmpfs 5.0M 0 5.0M 0% /run/lock
  121. tmpfs tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
  122. tmpfs tmpfs 797M 12K 797M 1% /run/user/1001
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!