API tools faq
paste
kooos

ECK Filebeat

kooos
Aug 14th, 2020 (edited)
94
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 34.10 KB | None | 0 0
raw download clone embed print report
  1. 2020-08-14T08:03:18.595Z INFO instance/beat.go:647 Home path: [/usr/share/filebeat] Config path: [/usr/share/filebeat] Data path: [/usr/share/filebeat/data] Logs path: [/usr/share/filebeat/logs]
  2. 2020-08-14T08:03:18.595Z DEBUG [beat] instance/beat.go:699 Beat metadata path: /usr/share/filebeat/data/meta.json
  3. 2020-08-14T08:03:18.595Z INFO instance/beat.go:655 Beat ID: a1f29ab0-4102-44b0-a212-25a65ff346db
  4. 2020-08-14T08:03:18.597Z DEBUG [add_cloud_metadata] add_cloud_metadata/providers.go:126 add_cloud_metadata: starting to fetch metadata, timeout=3s
  5. 2020-08-14T08:03:18.675Z DEBUG [add_cloud_metadata] add_cloud_metadata/providers.go:162 add_cloud_metadata: received disposition for digitalocean after 78.055141ms. result=[provider:digitalocean, error=failed with http status code 404, metadata={}]
  6. 2020-08-14T08:03:18.676Z DEBUG [add_cloud_metadata] add_cloud_metadata/providers.go:162 add_cloud_metadata: received disposition for aws after 78.556113ms. result=[provider:aws, error=<nil>, metadata={"account":{"id":"xxxxxxxxxxxxxx"},"availability_zone":"eu-west-1c","image":{"id":"ami-0b4cbc24e98bbe268"},"instance":{"id":"i-051d07720f157beec"},"machine":{"type":"i3.large"},"provider":"aws","region":"eu-west-1"}]
  7. 2020-08-14T08:03:18.676Z DEBUG [add_cloud_metadata] add_cloud_metadata/providers.go:129 add_cloud_metadata: fetchMetadata ran for 78.758973ms
  8. 2020-08-14T08:03:18.676Z INFO [add_cloud_metadata] add_cloud_metadata/add_cloud_metadata.go:93 add_cloud_metadata: hosting provider type detected as aws, metadata={"account":{"id":"xxxxxxxxxxxxxx"},"availability_zone":"eu-west-1c","image":{"id":"ami-0b4cbc24e98bbe268"},"instance":{"id":"i-051d07720f157beec"},"machine":{"type":"i3.large"},"provider":"aws","region":"eu-west-1"}
  9. 2020-08-14T08:03:18.676Z DEBUG [processors] processors/processor.go:101 Generated new processors: add_cloud_metadata={"account":{"id":"xxxxxxxxxxxxxx"},"availability_zone":"eu-west-1c","image":{"id":"ami-0b4cbc24e98bbe268"},"instance":{"id":"i-051d07720f157beec"},"machine":{"type":"i3.large"},"provider":"aws","region":"eu-west-1"}, add_host_metadata=[netinfo.enabled=[true], cache.ttl=[5m0s]]
  10. 2020-08-14T08:03:18.676Z DEBUG [seccomp] seccomp/seccomp.go:117 Loading syscall filter {"seccomp_filter": {"no_new_privs":true,"flag":"tsync","policy":{"default_action":"errno","syscalls":[{"names":["accept","accept4","access","arch_prctl","bind","brk","chmod","chown","clock_gettime","clone","close","connect","dup","dup2","epoll_create","epoll_create1","epoll_ctl","epoll_pwait","epoll_wait","exit","exit_group","fchdir","fchmod","fchmodat","fchown","fchownat","fcntl","fdatasync","flock","fstat","fstatfs","fsync","ftruncate","futex","getcwd","getdents","getdents64","geteuid","getgid","getpeername","getpid","getppid","getrandom","getrlimit","getrusage","getsockname","getsockopt","gettid","gettimeofday","getuid","inotify_add_watch","inotify_init1","inotify_rm_watch","ioctl","kill","listen","lseek","lstat","madvise","mincore","mkdirat","mmap","mprotect","munmap","nanosleep","newfstatat","open","openat","pipe","pipe2","poll","ppoll","pread64","pselect6","pwrite64","read","readlink","readlinkat","recvfrom","recvmmsg","recvmsg","rename","renameat","rt_sigaction","rt_sigprocmask","rt_sigreturn","sched_getaffinity","sched_yield","sendfile","sendmmsg","sendmsg","sendto","set_robust_list","setitimer","setsockopt","shutdown","sigaltstack","socket","splice","stat","statfs","sysinfo","tgkill","time","tkill","uname","unlink","unlinkat","wait4","waitid","write","writev"],"action":"allow"}]}}}
  11. 2020-08-14T08:03:18.677Z INFO [seccomp] seccomp/seccomp.go:124 Syscall filter successfully installed
  12. 2020-08-14T08:03:18.677Z INFO [beat] instance/beat.go:983 Beat info {"system_info": {"beat": {"path": {"config": "/usr/share/filebeat", "data": "/usr/share/filebeat/data", "home": "/usr/share/filebeat", "logs": "/usr/share/filebeat/logs"}, "type": "filebeat", "uuid": "a1f29ab0-4102-44b0-a212-25a65ff346db"}}}
  13. 2020-08-14T08:03:18.677Z INFO [beat] instance/beat.go:992 Build info {"system_info": {"build": {"commit": "94f7632be5d56a7928595da79f4b829ffe123744", "libbeat": "7.8.1", "time": "2020-07-21T15:12:45.000Z", "version": "7.8.1"}}}
  14. 2020-08-14T08:03:18.677Z INFO [beat] instance/beat.go:995 Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":2,"version":"go1.13.10"}}}
  15. 2020-08-14T08:03:18.678Z INFO [beat] instance/beat.go:999 Host info {"system_info": {"host": {"architecture":"x86_64","boot_time":"2020-08-14T07:39:33Z","containerized":false,"name":"ip-172-26-77-132.clickatell.com","ip":["127.0.0.1/8","::1/128","172.26.77.132/23","fe80::83f:b4ff:fe22:c17d/64","fe80::d0c6:61ff:fe26:fd3a/64","fe80::f0da:1ff:fe02:3dc1/64","172.26.77.62/23","fe80::80d:c2ff:fe48:3457/64","fe80::b8d9:97ff:febf:c2b5/64","fe80::7431:77ff:fee1:7240/64"],"kernel_version":"4.14.186-146.268.amzn2.x86_64","mac":["0a:3f:b4:22:c1:7d","d2:c6:61:26:fd:3a","f2:da:01:02:3d:c1","0a:0d:c2:48:34:57","ba:d9:97:bf:c2:b5","76:31:77:e1:72:40"],"os":{"family":"redhat","platform":"centos","name":"CentOS Linux","version":"7 (Core)","major":7,"minor":8,"patch":2003,"codename":"Core"},"timezone":"UTC","timezone_offset_sec":0,"id":"1a018e03a49f4bfc904c69b0d6c08959"}}}
  16. 2020-08-14T08:03:18.678Z INFO [beat] instance/beat.go:1028 Process info {"system_info": {"process": {"capabilities": {"inheritable":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"permitted":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"effective":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"bounding":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"ambient":null}, "cwd": "/usr/share/filebeat", "exe": "/usr/share/filebeat/filebeat", "name": "filebeat", "pid": 1, "ppid": 0, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2020-08-14T08:03:17.710Z"}}}
  17. 2020-08-14T08:03:18.679Z INFO instance/beat.go:310 Setup Beat: filebeat; Version: 7.8.1
  18. 2020-08-14T08:03:18.679Z DEBUG [beat] instance/beat.go:336 Initializing output plugins
  19. 2020-08-14T08:03:18.679Z INFO [index-management] idxmgmt/std.go:184 Set output.elasticsearch.index to 'filebeat-7.8.1' as ILM is enabled.
  20. 2020-08-14T08:03:18.679Z DEBUG [tls] tlscommon/tls.go:160 tls%!(EXTRA string=successfully loaded CA certificate: %v, string=/mnt/elastic-internal/elasticsearch-certs/ca.crt)
  21. 2020-08-14T08:03:18.679Z INFO eslegclient/connection.go:99 elasticsearch url: https://elasticsearch-es-http.elastic-system.svc:9200
  22. 2020-08-14T08:03:18.680Z DEBUG [publisher] pipeline/consumer.go:137 start pipeline event consumer
  23. 2020-08-14T08:03:18.680Z INFO [publisher] pipeline/module.go:113 Beat name: ip-172-26-77-132.clickatell.com
  24. 2020-08-14T08:03:18.680Z INFO [monitoring] log/log.go:118 Starting metrics logging every 30s
  25. 2020-08-14T08:03:18.681Z INFO kibana/client.go:118 Kibana url: https://kibana-kb-http.elastic-system.svc:5601
  26. 2020-08-14T08:03:18.681Z DEBUG [tls] tlscommon/tls.go:160 tls%!(EXTRA string=successfully loaded CA certificate: %v, string=/mnt/elastic-internal/kibana-certs/ca.crt)
  27. 2020-08-14T08:03:25.304Z INFO kibana/client.go:118 Kibana url: https://kibana-kb-http.elastic-system.svc:5601
  28. 2020-08-14T08:03:25.306Z DEBUG [tls] tlscommon/tls.go:160 tls%!(EXTRA string=successfully loaded CA certificate: %v, string=/mnt/elastic-internal/kibana-certs/ca.crt)
  29. 2020-08-14T08:03:25.615Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Initialize the Kibana 7.8.1 loader
  30. 2020-08-14T08:03:25.615Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Kibana URL https://kibana-kb-http.elastic-system.svc:5601
  31. 2020-08-14T08:03:27.089Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Importing directory /usr/share/filebeat/kibana/7
  32. 2020-08-14T08:03:27.176Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import directory /usr/share/filebeat/kibana/7
  33. 2020-08-14T08:03:27.177Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/749203a0-67b1-11ea-a76f-bf44814e437d.json
  34. 2020-08-14T08:03:28.054Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Coredns-Overview-Dashboard.json
  35. 2020-08-14T08:03:29.147Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-Cisco-ASA.json
  36. 2020-08-14T08:03:30.251Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-Envoyproxy-Overview.json
  37. 2020-08-14T08:03:31.355Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-IBMMQ-Overview.json
  38. 2020-08-14T08:03:32.472Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-Iptables-Overview.json
  39. 2020-08-14T08:03:33.532Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-Iptables-Ubiquiti-Firewall-Overview.json
  40. 2020-08-14T08:03:34.600Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-Kafka-overview.json
  41. 2020-08-14T08:03:35.673Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-MISP-Overview.json
  42. 2020-08-14T08:03:36.755Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-Mongodb-overview.json
  43. 2020-08-14T08:03:37.808Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-O365-Audit.json
  44. 2020-08-14T08:03:38.955Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-Postgresql-overview.json
  45. 2020-08-14T08:03:39.995Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-Postgresql-slowlogs.json
  46. 2020-08-14T08:03:41.035Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-Suricata-Alert-Overview.json
  47. 2020-08-14T08:03:42.111Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-Suricata-Overview.json
  48. 2020-08-14T08:03:43.192Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-Zeek-Overview.json
  49. 2020-08-14T08:03:44.287Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-activemq-application-events.json
  50. 2020-08-14T08:03:45.371Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-activemq-audit-events.json
  51. 2020-08-14T08:03:46.407Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-apache.json
  52. 2020-08-14T08:03:47.451Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-auditd.json
  53. 2020-08-14T08:03:48.519Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-auth-sudo-commands.json
  54. 2020-08-14T08:03:48.692Z INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":50,"time":{"ms":54}},"total":{"ticks":830,"time":{"ms":838},"value":830},"user":{"ticks":780,"time":{"ms":784}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":8},"info":{"ephemeral_id":"eeebe13f-0bf1-4434-98b0-5fcdf5e8ca64","uptime":{"ms":30505}},"memstats":{"gc_next":14366864,"memory_alloc":7817448,"memory_total":104056256,"rss":75317248},"runtime":{"goroutines":16}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"output":{"type":"elasticsearch"},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"cpu":{"cores":2},"load":{"1":1.37,"15":0.59,"5":0.95,"norm":{"1":0.685,"15":0.295,"5":0.475}}}}}}
  55. 2020-08-14T08:03:49.630Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-aws-elb-overview.json
  56. 2020-08-14T08:03:50.691Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-aws-s3access-overview.json
  57. 2020-08-14T08:03:51.755Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-aws-vpcflow-overview.json
  58. 2020-08-14T08:03:52.823Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-azure-alerts-overview.json
  59. 2020-08-14T08:03:53.875Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-azure-overview.json
  60. 2020-08-14T08:03:54.992Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-azure-user-activity.json
  61. 2020-08-14T08:03:56.048Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-haproxy-overview.json
  62. 2020-08-14T08:03:57.075Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-icinga-debug-log.json
  63. 2020-08-14T08:03:58.113Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-icinga-main-log.json
  64. 2020-08-14T08:03:59.155Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-icinga-startup-errors.json
  65. 2020-08-14T08:04:00.199Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-iis.json
  66. 2020-08-14T08:04:01.239Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-logstash-log.json
  67. 2020-08-14T08:04:02.267Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-logstash-slowlog.json
  68. 2020-08-14T08:04:03.351Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-mysql.json
  69. 2020-08-14T08:04:04.391Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-nats-overview.json
  70. 2020-08-14T08:04:05.455Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-new-users-and-groups.json
  71. 2020-08-14T08:04:06.479Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-nginx-logs.json
  72. 2020-08-14T08:04:07.519Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-nginx-overview.json
  73. 2020-08-14T08:04:08.568Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-panw-network-overview.json
  74. 2020-08-14T08:04:09.607Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-panw-threat-overview.json
  75. 2020-08-14T08:04:10.647Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-redis.json
  76. 2020-08-14T08:04:11.723Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-ssh-login-attempts.json
  77. 2020-08-14T08:04:12.795Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-syslog.json
  78. 2020-08-14T08:04:13.831Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/Filebeat-traefik-overview.json
  79. 2020-08-14T08:04:14.907Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-aws-cloudtrail.json
  80. 2020-08-14T08:04:15.976Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-cef-endpoint-os-activity.json
  81. 2020-08-14T08:04:17.176Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-cef-endpoint-overview.json
  82. 2020-08-14T08:04:18.236Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-cef-microsoft-dns.json
  83. 2020-08-14T08:04:18.686Z INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":50,"time":{"ms":4}},"total":{"ticks":940,"time":{"ms":113},"value":940},"user":{"ticks":890,"time":{"ms":109}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":8},"info":{"ephemeral_id":"eeebe13f-0bf1-4434-98b0-5fcdf5e8ca64","uptime":{"ms":60506}},"memstats":{"gc_next":12273024,"memory_alloc":9089192,"memory_total":112373424},"runtime":{"goroutines":16}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":1.39,"15":0.62,"5":1,"norm":{"1":0.695,"15":0.31,"5":0.5}}}}}}
  84. 2020-08-14T08:04:19.324Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-cef-network-overview.json
  85. 2020-08-14T08:04:20.408Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-cef-network-suspicious-activity.json
  86. 2020-08-14T08:04:21.484Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-googlecloud-audit.json
  87. 2020-08-14T08:04:22.528Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-netflow-autonomous-systems.json
  88. 2020-08-14T08:04:23.563Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-netflow-conversation-partners.json
  89. 2020-08-14T08:04:24.563Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-netflow-flow-exporters.json
  90. 2020-08-14T08:04:25.635Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-netflow-flow-records.json
  91. 2020-08-14T08:04:26.663Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-netflow-geo-location.json
  92. 2020-08-14T08:04:27.731Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-netflow-overview.json
  93. 2020-08-14T08:04:28.788Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-netflow-top-n.json
  94. 2020-08-14T08:04:29.839Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-netflow-traffic-analysis.json
  95. 2020-08-14T08:04:30.903Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-network-flows-top-n.json
  96. 2020-08-14T08:04:31.944Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/filebeat-santa-log-overview.json
  97. 2020-08-14T08:04:32.987Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/osquery-compliance.json
  98. 2020-08-14T08:04:34.035Z DEBUG [dashboards] dashboards/kibana_loader.go:156 Import dashboard from /usr/share/filebeat/kibana/7/dashboard/osquery-rootkit.json
  99. 2020-08-14T08:04:35.060Z INFO instance/beat.go:817 Kibana dashboards successfully loaded.
  100. 2020-08-14T08:04:35.060Z INFO instance/beat.go:463 filebeat start running.
  101. 2020-08-14T08:04:35.060Z DEBUG [test] registrar/migrate.go:159 isFile(/usr/share/filebeat/data/registry) -> false
  102. 2020-08-14T08:04:35.060Z DEBUG [test] registrar/migrate.go:159 isFile() -> false
  103. 2020-08-14T08:04:35.060Z DEBUG [test] registrar/migrate.go:152 isDir(/usr/share/filebeat/data/registry/filebeat) -> false
  104. 2020-08-14T08:04:35.060Z DEBUG [registrar] registrar/migrate.go:51 Registry type '' found
  105. 2020-08-14T08:04:35.061Z DEBUG [test] registrar/migrate.go:159 isFile(.bak) -> false
  106. 2020-08-14T08:04:35.061Z DEBUG [test] registrar/migrate.go:152 isDir(/usr/share/filebeat/data/registry/filebeat) -> false
  107. 2020-08-14T08:04:35.061Z INFO registrar/migrate.go:104 No registry home found. Create: /usr/share/filebeat/data/registry/filebeat
  108. 2020-08-14T08:04:35.061Z DEBUG [test] registrar/migrate.go:159 isFile(/usr/share/filebeat/data/registry/filebeat/meta.json) -> false
  109. 2020-08-14T08:04:35.061Z INFO registrar/migrate.go:112 Initialize registry meta file
  110. 2020-08-14T08:04:35.063Z INFO registrar/registrar.go:108 No registry file found under: /usr/share/filebeat/data/registry/filebeat/data.json. Creating a new registry file.
  111. 2020-08-14T08:04:35.063Z DEBUG [registrar] registrar/registrar.go:411 Write registry file: /usr/share/filebeat/data/registry/filebeat/data.json (0)
  112. 2020-08-14T08:04:35.066Z DEBUG [registrar] registrar/registrar.go:404 Registry file updated. 0 states written.
  113. 2020-08-14T08:04:35.066Z INFO registrar/registrar.go:145 Loading registrar data from /usr/share/filebeat/data/registry/filebeat/data.json
  114. 2020-08-14T08:04:35.066Z INFO registrar/registrar.go:152 States Loaded from registrar: 0
  115. 2020-08-14T08:04:35.066Z INFO [crawler] beater/crawler.go:71 Loading Inputs: 0
  116. 2020-08-14T08:04:35.066Z INFO [crawler] beater/crawler.go:108 Loading and starting Inputs completed. Enabled inputs: 0
  117. 2020-08-14T08:04:35.067Z DEBUG [registrar] registrar/registrar.go:278 Starting Registrar
  118. 2020-08-14T08:04:35.069Z INFO [autodiscover.pod] kubernetes/util.go:79 kubernetes: Using node ip-172-26-77-132.clickatell.com provided in the config
  119. 2020-08-14T08:04:35.069Z DEBUG [autodiscover.pod] kubernetes/pod.go:67 Initializing a new Kubernetes watcher using node: ip-172-26-77-132.clickatell.com
  120. 2020-08-14T08:04:35.070Z DEBUG [autodiscover] autodiscover/autodiscover.go:90 Configured autodiscover provider: kubernetes
  121. 2020-08-14T08:04:35.070Z INFO [autodiscover] autodiscover/autodiscover.go:113 Starting autodiscover manager
  122. 2020-08-14T08:04:35.365Z DEBUG [kubernetes] kubernetes/watcher.go:152 cache sync done
  123. 2020-08-14T08:04:48.682Z INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":70,"time":{"ms":12}},"total":{"ticks":1040,"time":{"ms":98},"value":1040},"user":{"ticks":970,"time":{"ms":86}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":11},"info":{"ephemeral_id":"eeebe13f-0bf1-4434-98b0-5fcdf5e8ca64","uptime":{"ms":90503}},"memstats":{"gc_next":14019152,"memory_alloc":7268720,"memory_total":120873680,"rss":294912},"runtime":{"goroutines":31}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0},"writes":{"success":1,"total":1}},"system":{"load":{"1":0.9,"15":0.61,"5":0.92,"norm":{"1":0.45,"15":0.305,"5":0.46}}}}}}
  124. 2020-08-14T08:05:18.682Z INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":70,"time":{"ms":1}},"total":{"ticks":1050,"time":{"ms":12},"value":1050},"user":{"ticks":980,"time":{"ms":11}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":11},"info":{"ephemeral_id":"eeebe13f-0bf1-4434-98b0-5fcdf5e8ca64","uptime":{"ms":120503}},"memstats":{"gc_next":14019152,"memory_alloc":7568552,"memory_total":121173512},"runtime":{"goroutines":31}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0.6,"15":0.59,"5":0.85,"norm":{"1":0.3,"15":0.295,"5":0.425}}}}}}
  125. 2020-08-14T08:05:48.682Z INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":70,"time":{"ms":1}},"total":{"ticks":1060,"time":{"ms":11},"value":1060},"user":{"ticks":990,"time":{"ms":10}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":10},"info":{"ephemeral_id":"eeebe13f-0bf1-4434-98b0-5fcdf5e8ca64","uptime":{"ms":150503}},"memstats":{"gc_next":14019152,"memory_alloc":8041440,"memory_total":121646400},"runtime":{"goroutines":29}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0.36,"15":0.57,"5":0.76,"norm":{"1":0.18,"15":0.285,"5":0.38}}}}}}
  126. 2020-08-14T08:06:18.682Z INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":70},"total":{"ticks":1080,"time":{"ms":11},"value":1080},"user":{"ticks":1010,"time":{"ms":11}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":10},"info":{"ephemeral_id":"eeebe13f-0bf1-4434-98b0-5fcdf5e8ca64","uptime":{"ms":180503}},"memstats":{"gc_next":14019152,"memory_alloc":8169912,"memory_total":121774872},"runtime":{"goroutines":29}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0.22,"15":0.55,"5":0.69,"norm":{"1":0.11,"15":0.275,"5":0.345}}}}}}
  127. 2020-08-14T08:06:48.682Z INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":70,"time":{"ms":4}},"total":{"ticks":1140,"time":{"ms":66},"value":1140},"user":{"ticks":1070,"time":{"ms":62}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":9},"info":{"ephemeral_id":"eeebe13f-0bf1-4434-98b0-5fcdf5e8ca64","uptime":{"ms":210503}},"memstats":{"gc_next":12520160,"memory_alloc":6446824,"memory_total":122257560},"runtime":{"goroutines":27}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0.13,"15":0.53,"5":0.62,"norm":{"1":0.065,"15":0.265,"5":0.31}}}}}}
  128. 2020-08-14T08:07:18.682Z INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":70,"time":{"ms":1}},"total":{"ticks":1150,"time":{"ms":11},"value":1150},"user":{"ticks":1080,"time":{"ms":10}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":9},"info":{"ephemeral_id":"eeebe13f-0bf1-4434-98b0-5fcdf5e8ca64","uptime":{"ms":240503}},"memstats":{"gc_next":12520160,"memory_alloc":6574080,"memory_total":122384816},"runtime":{"goroutines":27}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0.08,"15":0.51,"5":0.56,"norm":{"1":0.04,"15":0.255,"5":0.28}}}}}}
  129. 2020-08-14T08:07:48.682Z INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":70,"time":{"ms":1}},"total":{"ticks":1160,"time":{"ms":11},"value":1160},"user":{"ticks":1090,"time":{"ms":10}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":9},"info":{"ephemeral_id":"eeebe13f-0bf1-4434-98b0-5fcdf5e8ca64","uptime":{"ms":270503}},"memstats":{"gc_next":12520160,"memory_alloc":6959904,"memory_total":122770640},"runtime":{"goroutines":27}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0.05,"15":0.5,"5":0.51,"norm":{"1":0.025,"15":0.25,"5":0.255}}}}}}
  130. 2020-08-14T08:08:18.682Z INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":70},"total":{"ticks":1170,"time":{"ms":10},"value":1170},"user":{"ticks":1100,"time":{"ms":10}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":9},"info":{"ephemeral_id":"eeebe13f-0bf1-4434-98b0-5fcdf5e8ca64","uptime":{"ms":300503}},"memstats":{"gc_next":12520160,"memory_alloc":7342848,"memory_total":123153584},"runtime":{"goroutines":27}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0.03,"15":0.48,"5":0.46,"norm":{"1":0.015,"15":0.24,"5":0.23}}}}}}
  131. 2020-08-14T08:08:48.682Z INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":70,"time":{"ms":1}},"total":{"ticks":1190,"time":{"ms":19},"value":1190},"user":{"ticks":1120,"time":{"ms":18}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":9},"info":{"ephemeral_id":"eeebe13f-0bf1-4434-98b0-5fcdf5e8ca64","uptime":{"ms":330503}},"memstats":{"gc_next":12358656,"memory_alloc":6269328,"memory_total":123369000},"runtime":{"goroutines":27}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0.02,"15":0.46,"5":0.41,"norm":{"1":0.01,"15":0.23,"5":0.205}}}}}}
  132. 2020-08-14T08:09:18.682Z INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":80,"time":{"ms":6}},"total":{"ticks":1200,"time":{"ms":10},"value":1200},"user":{"ticks":1120,"time":{"ms":4}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":9},"info":{"ephemeral_id":"eeebe13f-0bf1-4434-98b0-5fcdf5e8ca64","uptime":{"ms":360503}},"memstats":{"gc_next":12358656,"memory_alloc":6489136,"memory_total":123588808},"runtime":{"goroutines":27}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0.01,"15":0.45,"5":0.37,"norm":{"1":0.005,"15":0.225,"5":0.185}}}}}}
  133. 2020-08-14T08:09:48.682Z INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":80,"time":{"ms":1}},"total":{"ticks":1210,"time":{"ms":10},"value":1210},"user":{"ticks":1130,"time":{"ms":9}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":9},"info":{"ephemeral_id":"eeebe13f-0bf1-4434-98b0-5fcdf5e8ca64","uptime":{"ms":390503}},"memstats":{"gc_next":12358656,"memory_alloc":6962504,"memory_total":124062176},"runtime":{"goroutines":27}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0,"15":0.43,"5":0.33,"norm":{"1":0,"15":0.215,"5":0.165}}}}}}
  134. 2020-08-14T08:10:18.682Z INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":80,"time":{"ms":1}},"total":{"ticks":1220,"time":{"ms":11},"value":1220},"user":{"ticks":1140,"time":{"ms":10}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":9},"info":{"ephemeral_id":"eeebe13f-0bf1-4434-98b0-5fcdf5e8ca64","uptime":{"ms":420503}},"memstats":{"gc_next":12358656,"memory_alloc":7088416,"memory_total":124188088},"runtime":{"goroutines":27}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0,"15":0.42,"5":0.3,"norm":{"1":0,"15":0.21,"5":0.15}}}}}}
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!