SHARE
TWEET

ULSM

a guest Jun 2nd, 2019 8 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. {"ts": 1559505360, "event_type": "Process Creation", "ppid": 2482, "pid": 2490, "shell": "/bin/bash", "pwd": "/root", "user": "root", "ssh": "192.168.0.181 49541 192.168.0.197 22", "last_cmd": "/usr/sbin/reboot", "cmd": " reboot"}
  3. {"ts": 1559505360, "event_type": "Socket Activity", "pid: 2490", "domain": 1, "type": 526337, "proto": 0}
  4. {"ts": 1559505360, "event_type": "Process Terminated", "pid: 2490"}
  5. {"ts": 1559505360, "event_type": "Socket Activity", "pid: 2470", "domain": 1, "type": 526337, "proto": 0}
  6. {"ts": 1559505360, "event_type": "Process Terminated", "pid: 2482"}
  7. {"ts": 1559505361, "event_type": "Process Creation", "ppid": 6, "pid": 2493, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-0.slice/session-c11.scope"}
  8. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2493", "domain": 1, "type": 524290, "proto": 0}
  9. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2493", "domain": 1, "type": 524290, "proto": 0}
  10. {"ts": 1559505361, "event_type": "Process Terminated", "pid: 2493"}
  11. {"ts": 1559505361, "event_type": "Process Creation", "ppid": 6, "pid": 2499, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/polkit.service"}
  12. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2499", "domain": 1, "type": 524290, "proto": 0}
  13. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2499", "domain": 1, "type": 524290, "proto": 0}
  14. {"ts": 1559505361, "event_type": "Process Terminated", "pid: 2499"}
  15. {"ts": 1559505361, "event_type": "Process Creation", "ppid": 6, "pid": 2494, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/ssh.service"}
  16. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2494", "domain": 1, "type": 524290, "proto": 0}
  17. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2494", "domain": 1, "type": 524290, "proto": 0}
  18. {"ts": 1559505361, "event_type": "Process Terminated", "pid: 2494"}
  19. {"ts": 1559505361, "event_type": "Process Creation", "ppid": 6, "pid": 2495, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/cron.service"}
  20. {"ts": 1559505361, "event_type": "Process Creation", "ppid": 6, "pid": 2496, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/system-getty.slice/getty@tty1.service"}
  21. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2495", "domain": 1, "type": 524290, "proto": 0}
  22. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2496", "domain": 1, "type": 524290, "proto": 0}
  23. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2496", "domain": 1, "type": 524290, "proto": 0}
  24. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2495", "domain": 1, "type": 524290, "proto": 0}
  25. {"ts": 1559505361, "event_type": "Process Terminated", "pid: 2496"}
  26. {"ts": 1559505361, "event_type": "Process Terminated", "pid: 2495"}
  27. {"ts": 1559505361, "event_type": "Process Creation", "ppid": 6, "pid": 2498, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/rsyslog.service"}
  28. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2498", "domain": 1, "type": 524290, "proto": 0}
  29. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2498", "domain": 1, "type": 524290, "proto": 0}
  30. {"ts": 1559505361, "event_type": "Process Terminated", "pid: 2498"}
  31. {"ts": 1559505361, "event_type": "Process Creation", "ppid": 6, "pid": 2497, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/system-serial\x2dgetty.slice/serial-getty@ttyS0.service"}
  32. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2497", "domain": 1, "type": 524290, "proto": 0}
  33. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2497", "domain": 1, "type": 524290, "proto": 0}
  34. {"ts": 1559505361, "event_type": "Process Terminated", "pid: 2497"}
  35. {"ts": 1559505361, "event_type": "Process Creation", "ppid": 6, "pid": 2500, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/ModemManager.service"}
  36. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2500", "domain": 1, "type": 524290, "proto": 0}
  37. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2500", "domain": 1, "type": 524290, "proto": 0}
  38. {"ts": 1559505361, "event_type": "Process Terminated", "pid: 2500"}
  39. {"ts": 1559505361, "event_type": "Process Creation", "ppid": 6, "pid": 2503, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/system-serial\x2dgetty.slice"}
  40. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2503", "domain": 1, "type": 524290, "proto": 0}
  41. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2503", "domain": 1, "type": 524290, "proto": 0}
  42. {"ts": 1559505361, "event_type": "Process Terminated", "pid: 2503"}
  43. {"ts": 1559505361, "event_type": "Process Creation", "ppid": 6, "pid": 2504, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/system-getty.slice"}
  44. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2504", "domain": 1, "type": 524290, "proto": 0}
  45. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2504", "domain": 1, "type": 524290, "proto": 0}
  46. {"ts": 1559505361, "event_type": "Process Terminated", "pid: 2504"}
  47. {"ts": 1559505361, "event_type": "Process Creation", "ppid": 6, "pid": 2505, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-0.slice"}
  48. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2505", "domain": 1, "type": 524290, "proto": 0}
  49. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2505", "domain": 1, "type": 524290, "proto": 0}
  50. {"ts": 1559505361, "event_type": "Process Terminated", "pid: 2505"}
  51. {"ts": 1559505361, "event_type": "Process Creation", "ppid": 1, "pid": 2506, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-user-runtime-dir stop 0"}
  52. {"ts": 1559505361, "event_type": "Process Terminated", "pid: 2506"}
  53. {"ts": 1559505361, "event_type": "Process Creation", "ppid": 6, "pid": 2508, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-0.slice/user-runtime-dir@0.service"}
  54. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2508", "domain": 1, "type": 524290, "proto": 0}
  55. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2508", "domain": 1, "type": 524290, "proto": 0}
  56. {"ts": 1559505361, "event_type": "Process Terminated", "pid: 2508"}
  57. {"ts": 1559505361, "event_type": "Process Creation", "ppid": 6, "pid": 2510, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-0.slice"}
  58. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2510", "domain": 1, "type": 524290, "proto": 0}
  59. {"ts": 1559505361, "event_type": "Socket Activity", "pid: 2510", "domain": 1, "type": 524290, "proto": 0}
  60. {"ts": 1559505361, "event_type": "Process Terminated", "pid: 2510"}
  61. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 6, "pid": 2511, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-110.slice/session-c1.scope"}
  62. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 6, "pid": 2512, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/lightdm.service"}
  63. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2512", "domain": 1, "type": 524290, "proto": 0}
  64. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2511", "domain": 1, "type": 524290, "proto": 0}
  65. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2511", "domain": 1, "type": 524290, "proto": 0}
  66. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2512", "domain": 1, "type": 524290, "proto": 0}
  67. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2511"}
  68. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2512"}
  69. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 6, "pid": 2514, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-110.slice/user@110.service/at-spi-dbus-bus.service"}
  70. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2514", "domain": 1, "type": 524290, "proto": 0}
  71. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2514", "domain": 1, "type": 524290, "proto": 0}
  72. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2514"}
  73. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 6, "pid": 2513, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-110.slice/user@110.service/dbus.service"}
  74. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2513", "domain": 1, "type": 524290, "proto": 0}
  75. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2513", "domain": 1, "type": 524290, "proto": 0}
  76. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2513"}
  77. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 6, "pid": 2515, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-110.slice/user@110.service/gvfs-daemon.service"}
  78. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2515", "domain": 1, "type": 524290, "proto": 0}
  79. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2515", "domain": 1, "type": 524290, "proto": 0}
  80. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2515"}
  81. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 6, "pid": 2516, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-110.slice/user@110.service/init.scope"}
  82. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2516", "domain": 1, "type": 524290, "proto": 0}
  83. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2516", "domain": 1, "type": 524290, "proto": 0}
  84. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2516"}
  85. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 6, "pid": 2518, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-110.slice"}
  86. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 6, "pid": 2517, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-110.slice/user@110.service"}
  87. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2517", "domain": 1, "type": 524290, "proto": 0}
  88. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2518", "domain": 1, "type": 524290, "proto": 0}
  89. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2517", "domain": 1, "type": 524290, "proto": 0}
  90. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2518", "domain": 1, "type": 524290, "proto": 0}
  91. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2517"}
  92. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2518"}
  93. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 1, "pid": 2519, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-user-runtime-dir stop 110"}
  94. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2519"}
  95. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 6, "pid": 2520, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-110.slice/user-runtime-dir@110.service"}
  96. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2520", "domain": 1, "type": 524290, "proto": 0}
  97. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2520", "domain": 1, "type": 524290, "proto": 0}
  98. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2520"}
  99. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 6, "pid": 2521, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-110.slice"}
  100. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2521", "domain": 1, "type": 524290, "proto": 0}
  101. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2521", "domain": 1, "type": 524290, "proto": 0}
  102. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2521"}
  103. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 6, "pid": 2523, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-logind.service"}
  104. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2523", "domain": 1, "type": 524290, "proto": 0}
  105. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2523", "domain": 1, "type": 524290, "proto": 0}
  106. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2523"}
  107. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 6, "pid": 2524, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice"}
  108. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2524", "domain": 1, "type": 524290, "proto": 0}
  109. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2524", "domain": 1, "type": 524290, "proto": 0}
  110. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2524"}
  111. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 1, "pid": 2525, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-user-sessions stop"}
  112. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2525", "domain": 1, "type": 524290, "proto": 0}
  113. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2525"}
  114. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 6, "pid": 2526, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-user-sessions.service"}
  115. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2526", "domain": 1, "type": 524290, "proto": 0}
  116. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2526", "domain": 1, "type": 524290, "proto": 0}
  117. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2526"}
  118. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 1, "pid": 2528, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/ifdown -a --read-environment --exclude=lo"}
  119. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 2528, "pid": 2529, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c /bin/run-parts /etc/network/if-down.d"}
  120. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 2529, "pid": 2530, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/run-parts /etc/network/if-down.d"}
  121. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 2530, "pid": 2531, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-down.d/wpasupplicant"}
  122. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2530"}
  123. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 2528, "pid": 2532, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c /bin/run-parts /etc/network/if-down.d"}
  124. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 2532, "pid": 2533, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/run-parts /etc/network/if-down.d"}
  125. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 2533, "pid": 2534, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-down.d/wpasupplicant"}
  126. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2533"}
  127. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 2528, "pid": 2535, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c /sbin/dhclient -4 -v -i -r -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases -I -df /var/lib/dhcp/dhclient6.eth0.leases eth0"}
  128. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 2535, "pid": 2536, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/dhclient -4 -v -i -r -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases -I -df /var/lib/dhcp/dhclient6.eth0.leases eth0"}
  129. {"ts": 1559505362, "event_type": "File Access", "path: /dev/null", "mode": 2, "pid: 2536"}
  130. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 6, "pid": 2537, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/NetworkManager.service"}
  131. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2537", "domain": 1, "type": 524290, "proto": 0}
  132. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2537", "domain": 1, "type": 524290, "proto": 0}
  133. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2537"}
  134. {"ts": 1559505362, "event_type": "Process Creation", "ppid": 6, "pid": 2538, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/dbus.service"}
  135. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2538", "domain": 1, "type": 524290, "proto": 0}
  136. {"ts": 1559505362, "event_type": "Socket Activity", "pid: 2538", "domain": 1, "type": 524290, "proto": 0}
  137. {"ts": 1559505362, "event_type": "Process Terminated", "pid: 2538"}
  138. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 1, "pid": 2540, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-update-utmp shutdown"}
  139. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 1, "pid": 2539, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-random-seed save"}
  140. {"ts": 1559505363, "event_type": "Socket Activity", "pid: 2539", "domain": 1, "type": 524290, "proto": 0}
  141. {"ts": 1559505363, "event_type": "Socket Activity", "pid: 2540", "domain": 1, "type": 524290, "proto": 0}
  142. {"ts": 1559505363, "event_type": "Socket Activity", "pid: 2540", "domain": 16, "type": 3, "proto": 9}
  143. {"ts": 1559505363, "event_type": "Socket Activity", "pid: 2540", "domain": 1, "type": 526337, "proto": 0}
  144. {"ts": 1559505363, "event_type": "Process Terminated", "pid: 2539"}
  145. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 6, "pid": 2541, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-random-seed.service"}
  146. {"ts": 1559505363, "event_type": "Socket Activity", "pid: 2541", "domain": 1, "type": 524290, "proto": 0}
  147. {"ts": 1559505363, "event_type": "Socket Activity", "pid: 2541", "domain": 1, "type": 524290, "proto": 0}
  148. {"ts": 1559505363, "event_type": "Process Terminated", "pid: 2541"}
  149. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 6, "pid": 2542, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-timesyncd.service"}
  150. {"ts": 1559505363, "event_type": "Socket Activity", "pid: 2542", "domain": 1, "type": 524290, "proto": 0}
  151. {"ts": 1559505363, "event_type": "Socket Activity", "pid: 2542", "domain": 1, "type": 524290, "proto": 0}
  152. {"ts": 1559505363, "event_type": "Process Terminated", "pid: 2542"}
  153. {"ts": 1559505363, "event_type": "Process Terminated", "pid: 2540"}
  154. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 6, "pid": 2545, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-update-utmp.service"}
  155. {"ts": 1559505363, "event_type": "Socket Activity", "pid: 2545", "domain": 1, "type": 524290, "proto": 0}
  156. {"ts": 1559505363, "event_type": "Socket Activity", "pid: 2545", "domain": 1, "type": 524290, "proto": 0}
  157. {"ts": 1559505363, "event_type": "Process Terminated", "pid: 2545"}
  158. {"ts": 1559505363, "event_type": "File Access", "path: /etc/dhcp/dhclient.conf", "mode": 0, "pid: 2536"}
  159. {"ts": 1559505363, "event_type": "File Access", "path: /var/lib/dhcp/dhclient.eth0.leases", "mode": 0, "pid: 2536"}
  160. {"ts": 1559505363, "event_type": "Socket Activity", "pid: 2536", "domain": 17, "type": 3, "proto": 768}
  161. {"ts": 1559505363, "event_type": "Socket Activity", "pid: 2536", "domain": 2, "type": 2, "proto": 0}
  162. {"ts": 1559505363, "event_type": "Socket Activity", "pid: 2536", "domain": 2, "type": 2, "proto": 17}
  163. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 2536, "pid": 2546, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /sbin/dhclient-script"}
  164. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 2546, "pid": 2547, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " run-parts --list /etc/dhcp/dhclient-enter-hooks.d"}
  165. {"ts": 1559505363, "event_type": "Process Terminated", "pid: 2547"}
  166. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 2546, "pid": 2548, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " mv /var/lib/samba/dhcp.conf.new /var/lib/samba/dhcp.conf"}
  167. {"ts": 1559505363, "event_type": "Process Terminated", "pid: 2548"}
  168. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 2546, "pid": 2549, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " ip -4 addr flush dev eth0 label eth0"}
  169. {"ts": 1559505363, "event_type": "Socket Activity", "pid: 2549", "domain": 16, "type": 524291, "proto": 0}
  170. {"ts": 1559505363, "event_type": "Process Terminated", "pid: 2549"}
  171. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 2546, "pid": 2550, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " run-parts --list /etc/dhcp/dhclient-exit-hooks.d"}
  172. {"ts": 1559505363, "event_type": "Process Terminated", "pid: 2550"}
  173. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 2546, "pid": 2551, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " rm -f /run/ntpdate.dhcp"}
  174. {"ts": 1559505363, "event_type": "Process Terminated", "pid: 2551"}
  175. {"ts": 1559505363, "event_type": "Process Terminated", "pid: 2536"}
  176. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 2528, "pid": 2552, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c /sbin/ip link set dev eth0 down"}
  177. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 2552, "pid": 2553, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/ip link set dev eth0 down"}
  178. {"ts": 1559505363, "event_type": "Socket Activity", "pid: 2553", "domain": 16, "type": 524291, "proto": 0}
  179. {"ts": 1559505363, "event_type": "Process Terminated", "pid: 2553"}
  180. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 2528, "pid": 2554, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c /bin/run-parts /etc/network/if-post-down.d"}
  181. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 2554, "pid": 2555, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/run-parts /etc/network/if-post-down.d"}
  182. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 2555, "pid": 2556, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-post-down.d/wireless-tools"}
  183. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 2556, "pid": 2557, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/iwconfig eth0"}
  184. {"ts": 1559505363, "event_type": "Socket Activity", "pid: 2557", "domain": 2, "type": 2, "proto": 0}
  185. {"ts": 1559505363, "event_type": "Process Terminated", "pid: 2557"}
  186. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 2555, "pid": 2558, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-post-down.d/wpasupplicant"}
  187. {"ts": 1559505363, "event_type": "Process Terminated", "pid: 2555"}
  188. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 2528, "pid": 2559, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c "}
  189. {"ts": 1559505363, "event_type": "Process Creation", "ppid": 2528, "pid": 2560, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c /bin/run-parts /etc/network/if-post-down.d"}
  190. {"ts": 1559505364, "event_type": "Process Creation", "ppid": 2560, "pid": 2561, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/run-parts /etc/network/if-post-down.d"}
  191. {"ts": 1559505364, "event_type": "Process Creation", "ppid": 2561, "pid": 2562, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-post-down.d/wireless-tools"}
  192. {"ts": 1559505364, "event_type": "Process Creation", "ppid": 2562, "pid": 2563, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/iwconfig --all"}
  193. {"ts": 1559505364, "event_type": "Socket Activity", "pid: 2563", "domain": 2, "type": 2, "proto": 0}
  194. {"ts": 1559505364, "event_type": "Process Creation", "ppid": 2564, "pid": 2565, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/modprobe -q -- netdev---all"}
  195. {"ts": 1559505364, "event_type": "Process Terminated", "pid: 2565"}
  196. {"ts": 1559505364, "event_type": "Process Creation", "ppid": 2566, "pid": 2567, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/modprobe -q -- --all"}
  197. {"ts": 1559505364, "event_type": "Process Terminated", "pid: 2567"}
  198. {"ts": 1559505364, "event_type": "Process Creation", "ppid": 2568, "pid": 2569, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/modprobe -q -- netdev---all"}
  199. {"ts": 1559505364, "event_type": "Process Terminated", "pid: 2569"}
  200. {"ts": 1559505364, "event_type": "Process Creation", "ppid": 2570, "pid": 2571, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/modprobe -q -- --all"}
  201. {"ts": 1559505364, "event_type": "Process Terminated", "pid: 2571"}
  202. {"ts": 1559505364, "event_type": "Process Terminated", "pid: 2563"}
  203. {"ts": 1559505364, "event_type": "Process Creation", "ppid": 2561, "pid": 2572, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-post-down.d/wpasupplicant"}
  204. {"ts": 1559505364, "event_type": "Process Terminated", "pid: 2561"}
  205. {"ts": 1559505364, "event_type": "Process Terminated", "pid: 2528"}
  206. {"ts": 1559505364, "event_type": "Process Creation", "ppid": 6, "pid": 2573, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/networking.service"}
  207. {"ts": 1559505364, "event_type": "Socket Activity", "pid: 2573", "domain": 1, "type": 524290, "proto": 0}
  208. {"ts": 1559505364, "event_type": "Socket Activity", "pid: 2573", "domain": 1, "type": 524290, "proto": 0}
  209. {"ts": 1559505364, "event_type": "Process Terminated", "pid: 2573"}
  210. {"ts": 1559505364, "event_type": "Process Creation", "ppid": 0, "pid": 1, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-shutdown reboot --timeout 90000000us --log-level 6 --log-target kmsg --log-color"}
  211. {"ts": 1559505365, "event_type": "Process Creation", "ppid": 6, "pid": 2575, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/false"}
  212. {"ts": 1559505365, "event_type": "Process Terminated", "pid: 2575"}
  213. {"ts": 1559505365, "event_type": "Process Creation", "ppid": 6, "pid": 2576, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/false"}
  214. {"ts": 1559505365, "event_type": "Process Terminated", "pid: 2576"}
  215. {"ts": 1559505365, "event_type": "Process Creation", "ppid": 2492, "pid": 2577, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/false"}
  216. {"ts": 1559505365, "event_type": "Process Terminated", "pid: 2577"}
  217. {"ts": 1, "event_type": "Process Creation", "ppid": 0, "pid": 1, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/init"}
  218. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 97, "pid": 98, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/modprobe -q -- fs-cgroup2"}
  219. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 98"}
  220. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 99, "pid": 100, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/modprobe -q -- fs-cgroup2"}
  221. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 100"}
  222. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 1", "domain": 16, "type": 526339, "proto": 0}
  223. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 101, "pid": 110, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/systemd/system-generators/systemd-run-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late"}
  224. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 110"}
  225. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 101, "pid": 104, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/systemd/system-generators/systemd-debug-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late"}
  226. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 104"}
  227. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 101, "pid": 102, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/systemd/system-generators/systemd-bless-boot-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late"}
  228. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 102"}
  229. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 101, "pid": 113, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/systemd/system-generators/systemd-veritysetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late"}
  230. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 101, "pid": 107, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/systemd/system-generators/systemd-gpt-auto-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late"}
  231. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 101, "pid": 106, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/systemd/system-generators/systemd-getty-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late"}
  232. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 101, "pid": 109, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/systemd/system-generators/systemd-rc-local-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late"}
  233. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 101, "pid": 103, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/systemd/system-generators/systemd-cryptsetup-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late"}
  234. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 106"}
  235. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 109"}
  236. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 103"}
  237. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 101, "pid": 111, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/systemd/system-generators/systemd-system-update-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late"}
  238. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 111"}
  239. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 101, "pid": 105, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/systemd/system-generators/systemd-fstab-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late"}
  240. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 113"}
  241. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 101, "pid": 108, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/systemd/system-generators/systemd-hibernate-resume-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late"}
  242. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 108"}
  243. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 105"}
  244. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 101, "pid": 112, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/systemd/system-generators/systemd-sysv-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/generator.late"}
  245. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 112"}
  246. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 107"}
  247. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 1", "domain": 16, "type": 526339, "proto": 15}
  248. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526338, "proto": 0}
  249. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526338, "proto": 0}
  250. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  251. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  252. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 1", "domain": 16, "type": 526339, "proto": 15}
  253. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526338, "proto": 0}
  254. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526341, "proto": 0}
  255. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  256. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526338, "proto": 0}
  257. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 114", "domain": 1, "type": 1, "proto": 0}
  258. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 115", "domain": 1, "type": 1, "proto": 0}
  259. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 116", "domain": 1, "type": 1, "proto": 0}
  260. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 1, "pid": 114, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/mount debugfs /sys/kernel/debug -t debugfs"}
  261. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 117", "domain": 1, "type": 1, "proto": 0}
  262. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 1, "pid": 117, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/kmod static-nodes --format=tmpfiles --output=/run/tmpfiles.d/kmod.conf"}
  263. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 117"}
  264. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 118", "domain": 1, "type": 1, "proto": 0}
  265. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 121", "domain": 1, "type": 1, "proto": 0}
  266. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526338, "proto": 0}
  267. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 1, "pid": 118, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/mount mqueue /dev/mqueue -t mqueue"}
  268. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 1, "pid": 115, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-modules-load"}
  269. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 115", "domain": 1, "type": 524290, "proto": 0}
  270. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 1, "pid": 116, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/udevadm trigger --type=subsystems --action=add"}
  271. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 88, "pid": 119, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/kmod-static-nodes.service"}
  272. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 119", "domain": 1, "type": 524290, "proto": 0}
  273. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 119", "domain": 1, "type": 524290, "proto": 0}
  274. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 119"}
  275. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 1", "domain": 16, "type": 3, "proto": 9}
  276. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  277. {"ts": 1550139118, "event_type": "Process Creation", "ppid": 1, "pid": 121, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-remount-fs"}
  278. {"ts": 1550139118, "event_type": "Socket Activity", "pid: 121", "domain": 1, "type": 524290, "proto": 0}
  279. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 121"}
  280. {"ts": 1550139118, "event_type": "Process Terminated", "pid: 115"}
  281. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 88, "pid": 124, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-remount-fs.service"}
  282. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 124", "domain": 1, "type": 524290, "proto": 0}
  283. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 124", "domain": 1, "type": 524290, "proto": 0}
  284. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 124"}
  285. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  286. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 114"}
  287. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 118"}
  288. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 1, "pid": 122, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-journald"}
  289. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 88, "pid": 126, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-modules-load.service"}
  290. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 126", "domain": 1, "type": 524290, "proto": 0}
  291. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 126", "domain": 1, "type": 524290, "proto": 0}
  292. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 126"}
  293. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 116"}
  294. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  295. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  296. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  297. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 130", "domain": 1, "type": 1, "proto": 0}
  298. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 122", "domain": 1, "type": 526338, "proto": 0}
  299. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 131", "domain": 1, "type": 1, "proto": 0}
  300. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 133", "domain": 1, "type": 1, "proto": 0}
  301. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 1, "pid": 131, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/mount configfs /sys/kernel/config -t configfs"}
  302. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 131"}
  303. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 1, "pid": 130, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/udevadm trigger --type=devices --action=add"}
  304. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 135", "domain": 1, "type": 1, "proto": 0}
  305. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  306. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 134", "domain": 1, "type": 1, "proto": 0}
  307. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 1, "pid": 133, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-sysctl"}
  308. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 133", "domain": 1, "type": 524290, "proto": 0}
  309. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 88, "pid": 132, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-udev-trigger.service"}
  310. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 132", "domain": 1, "type": 524290, "proto": 0}
  311. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 132", "domain": 1, "type": 524290, "proto": 0}
  312. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 132"}
  313. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 88, "pid": 136, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/sys-kernel-config.mount"}
  314. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 133"}
  315. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 136", "domain": 1, "type": 524290, "proto": 0}
  316. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 136", "domain": 1, "type": 524290, "proto": 0}
  317. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 1, "pid": 134, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-random-seed load"}
  318. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 134", "domain": 1, "type": 524290, "proto": 0}
  319. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 136"}
  320. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 88, "pid": 137, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/dev-mqueue.mount"}
  321. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 137", "domain": 1, "type": 524290, "proto": 0}
  322. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 137", "domain": 1, "type": 524290, "proto": 0}
  323. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 137"}
  324. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 1, "pid": 135, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/systemd-sysusers"}
  325. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 135", "domain": 1, "type": 524290, "proto": 0}
  326. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 134"}
  327. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 88, "pid": 138, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/sys-kernel-debug.mount"}
  328. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 138", "domain": 1, "type": 524290, "proto": 0}
  329. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 138", "domain": 1, "type": 524290, "proto": 0}
  330. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 138"}
  331. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  332. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 135"}
  333. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  334. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 524290, "proto": 0}
  335. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  336. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 88, "pid": 140, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-sysusers.service"}
  337. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 140", "domain": 1, "type": 524290, "proto": 0}
  338. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 140", "domain": 1, "type": 524290, "proto": 0}
  339. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 140"}
  340. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  341. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 141", "domain": 1, "type": 1, "proto": 0}
  342. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 142", "domain": 1, "type": 1, "proto": 0}
  343. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 1, "pid": 141, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/systemd-tmpfiles --prefix=/dev --create --boot"}
  344. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 141", "domain": 1, "type": 524290, "proto": 0}
  345. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 1, "pid": 142, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/journalctl --flush"}
  346. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 142", "domain": 1, "type": 526337, "proto": 0}
  347. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 141"}
  348. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 88, "pid": 143, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-tmpfiles-setup-dev.service"}
  349. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 143", "domain": 1, "type": 524290, "proto": 0}
  350. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 143", "domain": 1, "type": 524290, "proto": 0}
  351. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 143"}
  352. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  353. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 144", "domain": 1, "type": 1, "proto": 0}
  354. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 130"}
  355. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 1, "pid": 144, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-udevd"}
  356. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 88, "pid": 145, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-udev-trigger.service"}
  357. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 145", "domain": 1, "type": 524290, "proto": 0}
  358. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 145", "domain": 1, "type": 524290, "proto": 0}
  359. {"ts": 1550139119, "event_type": "Process Terminated", "pid: 145"}
  360. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  361. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 147", "domain": 1, "type": 1, "proto": 0}
  362. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 144", "domain": 1, "type": 524290, "proto": 0}
  363. {"ts": 1550139119, "event_type": "Socket Activity", "pid: 144", "domain": 1, "type": 524290, "proto": 0}
  364. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 1, "pid": 147, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c if [ "$CONFIGURE_INTERFACES" != "no" ] && [ -n "$(ifquery --read-environment --list --exclude=lo)" ] && [ -x /bin/udevadm ]; then udevadm settle; fi"}
  365. {"ts": 1550139119, "event_type": "Process Creation", "ppid": 147, "pid": 148, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " ifquery --read-environment --list --exclude=lo"}
  366. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 142"}
  367. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 148"}
  368. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 147, "pid": 150, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " udevadm settle"}
  369. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 150", "domain": 1, "type": 526341, "proto": 0}
  370. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 88, "pid": 149, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-journal-flush.service"}
  371. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 149", "domain": 1, "type": 524290, "proto": 0}
  372. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 149", "domain": 1, "type": 524290, "proto": 0}
  373. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 149"}
  374. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  375. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 151", "domain": 1, "type": 1, "proto": 0}
  376. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 1, "pid": 151, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev"}
  377. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 151", "domain": 1, "type": 524290, "proto": 0}
  378. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 144", "domain": 1, "type": 524290, "proto": 0}
  379. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  380. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 144", "domain": 16, "type": 526339, "proto": 15}
  381. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 144", "domain": 16, "type": 526339, "proto": 15}
  382. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 144", "domain": 16, "type": 526339, "proto": 15}
  383. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 144", "domain": 16, "type": 526339, "proto": 15}
  384. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 144", "domain": 16, "type": 526339, "proto": 15}
  385. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 144", "domain": 16, "type": 526339, "proto": 15}
  386. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 144", "domain": 16, "type": 526339, "proto": 15}
  387. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 144", "domain": 16, "type": 526339, "proto": 15}
  388. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 144", "domain": 16, "type": 526339, "proto": 15}
  389. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 144", "domain": 16, "type": 526339, "proto": 15}
  390. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 151"}
  391. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  392. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  393. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 88, "pid": 162, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-tmpfiles-setup.service"}
  394. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 165", "domain": 1, "type": 1, "proto": 0}
  395. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 162", "domain": 1, "type": 524290, "proto": 0}
  396. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 163", "domain": 1, "type": 1, "proto": 0}
  397. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 162", "domain": 1, "type": 524290, "proto": 0}
  398. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 162"}
  399. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 163", "domain": 16, "type": 526339, "proto": 0}
  400. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 164", "domain": 1, "type": 1, "proto": 0}
  401. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 1, "pid": 165, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-update-utmp reboot"}
  402. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 165", "domain": 1, "type": 524290, "proto": 0}
  403. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 165", "domain": 16, "type": 3, "proto": 9}
  404. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 165", "domain": 1, "type": 526337, "proto": 0}
  405. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 165"}
  406. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 1, "pid": 163, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/sbin/haveged --Foreground --verbose=1 -w 1024"}
  407. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  408. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 88, "pid": 166, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-update-utmp.service"}
  409. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 166", "domain": 1, "type": 524290, "proto": 0}
  410. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 166", "domain": 1, "type": 524290, "proto": 0}
  411. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 166"}
  412. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 155, "pid": 169, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /lib/udev/hwclock-set /dev/rtc0"}
  413. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  414. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 152", "domain": 2, "type": 524290, "proto": 0}
  415. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  416. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 172", "domain": 1, "type": 1, "proto": 0}
  417. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 174", "domain": 1, "type": 1, "proto": 0}
  418. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 175", "domain": 1, "type": 1, "proto": 0}
  419. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 156", "domain": 2, "type": 524290, "proto": 0}
  420. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 157", "domain": 2, "type": 524290, "proto": 0}
  421. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 159", "domain": 2, "type": 524290, "proto": 0}
  422. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 159, "pid": 177, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c ethtool -i $1 | sed -n s/^driver:\ //p -- lo"}
  423. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 156, "pid": 178, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c ethtool -i $1 | sed -n s/^driver:\ //p -- ip6tnl0"}
  424. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 157, "pid": 176, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c ethtool -i $1 | sed -n s/^driver:\ //p -- sit0"}
  425. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 152, "pid": 171, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -e /lib/udev/ifupdown-hotplug"}
  426. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 1, "pid": 174, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /usr/bin/amlogic.sh"}
  427. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 187, "pid": 188, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/ifquery --allow hotplug -l eth0"}
  428. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 188"}
  429. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 1, "pid": 175, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -e /etc/ppp/ip-down.d/0000usepeerdns"}
  430. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 174, "pid": 186, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " cat /proc/cmdline"}
  431. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 186"}
  432. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 174, "pid": 192, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " cat /sys/class/amhdmitx/amhdmitx0/hpd_state"}
  433. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 192"}
  434. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 177, "pid": 184, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " sed -n s/^driver: //p"}
  435. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  436. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 178, "pid": 183, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " sed -n s/^driver: //p"}
  437. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 194", "domain": 1, "type": 1, "proto": 0}
  438. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 195", "domain": 1, "type": 1, "proto": 0}
  439. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 176, "pid": 185, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " sed -n s/^driver: //p"}
  440. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  441. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 176, "pid": 181, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " ethtool -i sit0"}
  442. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 174, "pid": 193, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " fbset -fb /dev/fb0 -g 1920 1080 1920 2160 32"}
  443. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 177, "pid": 179, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " ethtool -i lo"}
  444. {"ts": 1550139120, "event_type": "File Access", "path: /dev/fb0", "mode": 0, "pid: 193"}
  445. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 178, "pid": 180, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " ethtool -i ip6tnl0"}
  446. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 152, "pid": 189, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-sysctl --prefix=/net/ipv4/conf/eth0 --prefix=/net/ipv4/neigh/eth0 --prefix=/net/ipv6/conf/eth0 --prefix=/net/ipv6/neigh/eth0"}
  447. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 189", "domain": 1, "type": 524290, "proto": 0}
  448. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 189"}
  449. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 175, "pid": 190, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " readlink --canonicalize /etc/resolv.conf"}
  450. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 190"}
  451. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 196", "domain": 1, "type": 1, "proto": 0}
  452. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  453. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 1, "pid": 194, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/sbin/cron -f"}
  454. {"ts": 1550139120, "event_type": "File Access", "path: /var/run/crond.pid", "mode": 66, "pid: 194"}
  455. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 180", "domain": 2, "type": 2, "proto": 0}
  456. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 180"}
  457. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 179", "domain": 2, "type": 2, "proto": 0}
  458. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 179"}
  459. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 184"}
  460. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 181", "domain": 2, "type": 2, "proto": 0}
  461. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 181"}
  462. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 185"}
  463. {"ts": 1550139120, "event_type": "Process Terminated", "pid: 183"}
  464. {"ts": 1550139120, "event_type": "Socket Activity", "pid: 198", "domain": 1, "type": 1, "proto": 0}
  465. {"ts": 1550139120, "event_type": "File Access", "path: /etc/crontab", "mode": 0, "pid: 194"}
  466. {"ts": 1550139120, "event_type": "File Access", "path: /etc/cron.d/john", "mode": 0, "pid: 194"}
  467. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 159, "pid": 199, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -e /lib/udev/ifupdown-hotplug"}
  468. {"ts": 1550139120, "event_type": "Process Creation", "ppid": 156, "pid": 201, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -e /lib/udev/ifupdown-hotplug"}
  469. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 157, "pid": 200, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -e /lib/udev/ifupdown-hotplug"}
  470. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 202, "pid": 203, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/ifquery --allow hotplug -l ip6tnl0"}
  471. {"ts": 1550139121, "event_type": "Process Terminated", "pid: 203"}
  472. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 204, "pid": 205, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/ifquery --allow hotplug -l sit0"}
  473. {"ts": 1550139121, "event_type": "Process Terminated", "pid: 205"}
  474. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 88, "pid": 197, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/pppd-dns.service"}
  475. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 197", "domain": 1, "type": 524290, "proto": 0}
  476. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 197", "domain": 1, "type": 524290, "proto": 0}
  477. {"ts": 1550139121, "event_type": "Process Terminated", "pid: 197"}
  478. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 1, "pid": 195, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-logind"}
  479. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 195", "domain": 1, "type": 524290, "proto": 0}
  480. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 195", "domain": 1, "type": 524290, "proto": 0}
  481. {"ts": 1550139121, "event_type": "Process Terminated", "pid: 193"}
  482. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 174, "pid": 208, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " fbset -fb /dev/fb1 -g 32 32 32 32 32"}
  483. {"ts": 1550139121, "event_type": "File Access", "path: /dev/fb1", "mode": 0, "pid: 208"}
  484. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 156, "pid": 206, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-sysctl --prefix=/net/ipv4/conf/ip6tnl0 --prefix=/net/ipv4/neigh/ip6tnl0 --prefix=/net/ipv6/conf/ip6tnl0 --prefix=/net/ipv6/neigh/ip6tnl0"}
  485. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 206", "domain": 1, "type": 524290, "proto": 0}
  486. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 157, "pid": 207, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-sysctl --prefix=/net/ipv4/conf/sit0 --prefix=/net/ipv4/neigh/sit0 --prefix=/net/ipv6/conf/sit0 --prefix=/net/ipv6/neigh/sit0"}
  487. {"ts": 1550139121, "event_type": "Process Terminated", "pid: 206"}
  488. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 207", "domain": 1, "type": 524290, "proto": 0}
  489. {"ts": 1550139121, "event_type": "Process Terminated", "pid: 208"}
  490. {"ts": 1550139121, "event_type": "Process Terminated", "pid: 207"}
  491. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 195", "domain": 16, "type": 526339, "proto": 15}
  492. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 195", "domain": 16, "type": 526339, "proto": 15}
  493. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 195", "domain": 16, "type": 526339, "proto": 15}
  494. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 195", "domain": 16, "type": 526339, "proto": 15}
  495. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 195", "domain": 1, "type": 526337, "proto": 0}
  496. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 195", "domain": 1, "type": 524290, "proto": 0}
  497. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 88, "pid": 209, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/amlogic.service"}
  498. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 209", "domain": 1, "type": 524290, "proto": 0}
  499. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 209", "domain": 1, "type": 524290, "proto": 0}
  500. {"ts": 1550139121, "event_type": "Process Terminated", "pid: 209"}
  501. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 1, "pid": 173, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/sbin/rsyslogd -n -iNONE"}
  502. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 1, "pid": 196, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only"}
  503. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  504. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 173", "domain": 1, "type": 524290, "proto": 0}
  505. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  506. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 1, "pid": 172, "shell": "/bin/sh", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/sbin/ModemManager --filter-policy=strict"}
  507. {"ts": 1550139121, "event_type": "File Access", "path: /proc/sys/kernel/cap_last_cap", "mode": 0, "pid: 196"}
  508. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 155, "pid": 216, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/udev/v4l_id /dev/video13"}
  509. {"ts": 1550139121, "event_type": "Process Terminated", "pid: 216"}
  510. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 154, "pid": 217, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/udev/v4l_id /dev/video10"}
  511. {"ts": 1550139121, "event_type": "Process Terminated", "pid: 217"}
  512. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 159, "pid": 218, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c /sbin/mdadm --detail --export /dev/md0 | /bin/sed s/^MD_/UDISKS_MD_/g"}
  513. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 172", "domain": 1, "type": 524289, "proto": 0}
  514. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 218, "pid": 220, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sed s/^MD_/UDISKS_MD_/g"}
  515. {"ts": 1550139121, "event_type": "Process Terminated", "pid: 220"}
  516. {"ts": 1550139121, "event_type": "File Access", "path: /dev/random", "mode": 2, "pid: 163"}
  517. {"ts": 1550139121, "event_type": "Process Terminated", "pid: 150"}
  518. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 88, "pid": 222, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/ifupdown-pre.service"}
  519. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 222", "domain": 1, "type": 524290, "proto": 0}
  520. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 222", "domain": 1, "type": 524290, "proto": 0}
  521. {"ts": 1550139121, "event_type": "Process Terminated", "pid: 222"}
  522. {"ts": 1550139121, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  523. {"ts": 1550139121, "event_type": "Process Creation", "ppid": 1, "pid": 198, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/sbin/NetworkManager --no-daemon"}
  524. {"ts": 1550139122, "event_type": "Socket Activity", "pid: 198", "domain": 1, "type": 524290, "proto": 0}
  525. {"ts": 1550139122, "event_type": "Socket Activity", "pid: 198", "domain": 16, "type": 526339, "proto": 15}
  526. {"ts": 1550139122, "event_type": "Socket Activity", "pid: 198", "domain": 16, "type": 524291, "proto": 16}
  527. {"ts": 1550139122, "event_type": "Socket Activity", "pid: 198", "domain": 16, "type": 524291, "proto": 0}
  528. {"ts": 1550139122, "event_type": "File Access", "path: /dev/urandom", "mode": 524544, "pid: 198"}
  529. {"ts": 1550139122, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  530. {"ts": 1550139122, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  531. {"ts": 1550139122, "event_type": "File Access", "path: /sys/class/net/eth0", "mode": 540672, "pid: 198"}
  532. {"ts": 1550139122, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  533. {"ts": 1550139122, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  534. {"ts": 1550139122, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  535. {"ts": 1550139122, "event_type": "Socket Activity", "pid: 198", "domain": 1, "type": 524289, "proto": 0}
  536. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  537. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 226", "domain": 1, "type": 1, "proto": 0}
  538. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 226", "domain": 16, "type": 526339, "proto": 0}
  539. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 227", "domain": 1, "type": 1, "proto": 0}
  540. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 228", "domain": 1, "type": 1, "proto": 0}
  541. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 1, "pid": 228, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/ifup -a --read-environment"}
  542. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 228, "pid": 229, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c /bin/run-parts --exit-on-error /etc/network/if-pre-up.d"}
  543. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  544. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 229, "pid": 230, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/run-parts --exit-on-error /etc/network/if-pre-up.d"}
  545. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 230, "pid": 231, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-pre-up.d/ethtool"}
  546. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 230, "pid": 232, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-pre-up.d/wireless-tools"}
  547. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 1, "pid": 227, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/policykit-1/polkitd --no-debug"}
  548. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 227", "domain": 1, "type": 524289, "proto": 0}
  549. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 232, "pid": 233, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/iwconfig --all"}
  550. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 233", "domain": 2, "type": 2, "proto": 0}
  551. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 237, "pid": 238, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/modprobe -q -- netdev---all"}
  552. {"ts": 1550139125, "event_type": "Process Terminated", "pid: 238"}
  553. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 239, "pid": 240, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/modprobe -q -- --all"}
  554. {"ts": 1550139125, "event_type": "Process Terminated", "pid: 240"}
  555. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 241, "pid": 242, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/modprobe -q -- netdev---all"}
  556. {"ts": 1550139125, "event_type": "Process Terminated", "pid: 242"}
  557. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 243, "pid": 244, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/modprobe -q -- --all"}
  558. {"ts": 1550139125, "event_type": "Process Terminated", "pid: 244"}
  559. {"ts": 1550139125, "event_type": "Process Terminated", "pid: 233"}
  560. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 230, "pid": 245, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-pre-up.d/wpasupplicant"}
  561. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 245, "pid": 247, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " grep -q ^IF_WPA"}
  562. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  563. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 172", "domain": 16, "type": 526339, "proto": 15}
  564. {"ts": 1550139125, "event_type": "Process Terminated", "pid: 247"}
  565. {"ts": 1550139125, "event_type": "Process Terminated", "pid: 230"}
  566. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 228, "pid": 248, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c "}
  567. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 228, "pid": 249, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c /bin/run-parts --exit-on-error /etc/network/if-pre-up.d"}
  568. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 249, "pid": 250, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/run-parts --exit-on-error /etc/network/if-pre-up.d"}
  569. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 250, "pid": 251, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-pre-up.d/ethtool"}
  570. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 250, "pid": 252, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-pre-up.d/wireless-tools"}
  571. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 252, "pid": 253, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/iwconfig lo"}
  572. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 253", "domain": 2, "type": 2, "proto": 0}
  573. {"ts": 1550139125, "event_type": "Process Terminated", "pid: 253"}
  574. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 250, "pid": 254, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-pre-up.d/wpasupplicant"}
  575. {"ts": 1550139125, "event_type": "Process Terminated", "pid: 250"}
  576. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 228, "pid": 255, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c /sbin/ip link set dev lo up"}
  577. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 255, "pid": 256, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/ip link set dev lo up"}
  578. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 256", "domain": 16, "type": 524291, "proto": 0}
  579. {"ts": 1550139125, "event_type": "Process Terminated", "pid: 256"}
  580. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  581. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 228, "pid": 257, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c /bin/run-parts --exit-on-error /etc/network/if-up.d"}
  582. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 257, "pid": 258, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/run-parts --exit-on-error /etc/network/if-up.d"}
  583. {"ts": 1550139125, "event_type": "File Access", "path: /etc/resolv.conf", "mode": 524288, "pid: 198"}
  584. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 198", "domain": 16, "type": 526339, "proto": 15}
  585. {"ts": 1550139125, "event_type": "File Access", "path: /dev/rfkill", "mode": 524290, "pid: 198"}
  586. {"ts": 1550139125, "event_type": "File Access", "path: /dev/rfkill", "mode": 524290, "pid: 198"}
  587. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 198", "domain": 10, "type": 2, "proto": 0}
  588. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 258, "pid": 259, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-up.d/ethtool"}
  589. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 258, "pid": 260, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-up.d/wpasupplicant"}
  590. {"ts": 1550139125, "event_type": "Process Terminated", "pid: 258"}
  591. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 228, "pid": 261, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c "}
  592. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 228, "pid": 262, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c /bin/run-parts --exit-on-error /etc/network/if-pre-up.d"}
  593. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 262, "pid": 263, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/run-parts --exit-on-error /etc/network/if-pre-up.d"}
  594. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 263, "pid": 264, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-pre-up.d/ethtool"}
  595. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 263, "pid": 265, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-pre-up.d/wireless-tools"}
  596. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 265, "pid": 266, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/iwconfig eth0"}
  597. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 266", "domain": 2, "type": 2, "proto": 0}
  598. {"ts": 1550139125, "event_type": "Process Terminated", "pid: 266"}
  599. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 267", "domain": 1, "type": 1, "proto": 0}
  600. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 263, "pid": 268, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-pre-up.d/wpasupplicant"}
  601. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 268, "pid": 270, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " grep -q ^IF_WPA"}
  602. {"ts": 1550139125, "event_type": "Process Terminated", "pid: 270"}
  603. {"ts": 1550139125, "event_type": "Process Terminated", "pid: 263"}
  604. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 228, "pid": 271, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c "}
  605. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 228, "pid": 272, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c /sbin/dhclient -4 -v -i -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases -I -df /var/lib/dhcp/dhclient6.eth0.leases eth0    "}
  606. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 1, "pid": 267, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/NetworkManager/nm-dispatcher"}
  607. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 267", "domain": 1, "type": 524289, "proto": 0}
  608. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  609. {"ts": 1550139125, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  610. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 267, "pid": 276, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -e /etc/NetworkManager/dispatcher.d/01-ifupdown none hostname"}
  611. {"ts": 1550139125, "event_type": "Process Creation", "ppid": 272, "pid": 273, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/dhclient -4 -v -i -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases -I -df /var/lib/dhcp/dhclient6.eth0.leases eth0"}
  612. {"ts": 1550139125, "event_type": "File Access", "path: /dev/null", "mode": 2, "pid: 273"}
  613. {"ts": 1550139126, "event_type": "File Access", "path: /etc/dhcp/dhclient.conf", "mode": 0, "pid: 277"}
  614. {"ts": 1550139126, "event_type": "File Access", "path: /var/lib/dhcp/dhclient.eth0.leases", "mode": 0, "pid: 277"}
  615. {"ts": 1550139126, "event_type": "Process Creation", "ppid": 277, "pid": 278, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /sbin/dhclient-script"}
  616. {"ts": 1550139126, "event_type": "Process Creation", "ppid": 278, "pid": 279, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " run-parts --list /etc/dhcp/dhclient-enter-hooks.d"}
  617. {"ts": 1550139126, "event_type": "Process Terminated", "pid: 279"}
  618. {"ts": 1550139126, "event_type": "Process Creation", "ppid": 278, "pid": 280, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " ip link set dev eth0 up"}
  619. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 280", "domain": 16, "type": 524291, "proto": 0}
  620. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 198", "domain": 16, "type": 526339, "proto": 15}
  621. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  622. {"ts": 1550139126, "event_type": "Process Terminated", "pid: 280"}
  623. {"ts": 1550139126, "event_type": "File Access", "path: /sys/class/net/lo", "mode": 540672, "pid: 198"}
  624. {"ts": 1550139126, "event_type": "File Access", "path: /sys/class/net/lo", "mode": 540672, "pid: 198"}
  625. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  626. {"ts": 1550139126, "event_type": "File Access", "path: /sys/class/net/lo", "mode": 540672, "pid: 198"}
  627. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  628. {"ts": 1550139126, "event_type": "Process Creation", "ppid": 278, "pid": 282, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " run-parts --list /etc/dhcp/dhclient-exit-hooks.d"}
  629. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  630. {"ts": 1550139126, "event_type": "Process Terminated", "pid: 282"}
  631. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 277", "domain": 17, "type": 3, "proto": 768}
  632. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  633. {"ts": 1550139126, "event_type": "File Access", "path: /sys/class/net/eth0", "mode": 540672, "pid: 198"}
  634. {"ts": 1550139126, "event_type": "File Access", "path: /sys/class/net/eth0", "mode": 540672, "pid: 198"}
  635. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  636. {"ts": 1550139126, "event_type": "File Access", "path: /sys/class/net/eth0", "mode": 540672, "pid: 198"}
  637. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  638. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  639. {"ts": 1550139126, "event_type": "File Access", "path: /sys/class/net/ip6tnl0", "mode": 540672, "pid: 198"}
  640. {"ts": 1550139126, "event_type": "File Access", "path: /sys/class/net/ip6tnl0", "mode": 540672, "pid: 198"}
  641. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  642. {"ts": 1550139126, "event_type": "File Access", "path: /sys/class/net/ip6tnl0", "mode": 540672, "pid: 198"}
  643. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  644. {"ts": 1550139126, "event_type": "File Access", "path: /sys/class/net/sit0", "mode": 540672, "pid: 198"}
  645. {"ts": 1550139126, "event_type": "File Access", "path: /sys/class/net/sit0", "mode": 540672, "pid: 198"}
  646. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  647. {"ts": 1550139126, "event_type": "File Access", "path: /sys/class/net/sit0", "mode": 540672, "pid: 198"}
  648. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  649. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  650. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 277", "domain": 2, "type": 2, "proto": 0}
  651. {"ts": 1550139126, "event_type": "Socket Activity", "pid: 277", "domain": 2, "type": 2, "proto": 17}
  652. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 198", "domain": 2, "type": 524290, "proto": 0}
  653. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 277, "pid": 283, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /sbin/dhclient-script"}
  654. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 283, "pid": 284, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " run-parts --list /etc/dhcp/dhclient-enter-hooks.d"}
  655. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 284"}
  656. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 283, "pid": 285, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " mv /var/lib/samba/dhcp.conf.new /var/lib/samba/dhcp.conf"}
  657. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 285"}
  658. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 283, "pid": 286, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " ip -4 addr add 192.168.0.197/255.255.255.0 broadcast 192.168.0.255 valid_lft 7200 preferred_lft 7200 dev eth0 label eth0"}
  659. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 286", "domain": 16, "type": 524291, "proto": 0}
  660. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 286"}
  661. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 283, "pid": 287, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " ip -4 route add default via 192.168.0.1 dev eth0"}
  662. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 287", "domain": 16, "type": 524291, "proto": 0}
  663. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 287"}
  664. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 283, "pid": 288, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " readlink -f /etc/resolv.conf"}
  665. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 288"}
  666. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 283, "pid": 289, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " rm -f /etc/resolv.conf.dhclient-new.283"}
  667. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 289"}
  668. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 283, "pid": 290, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " chown --reference=/etc/resolv.conf /etc/resolv.conf.dhclient-new.283"}
  669. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 290"}
  670. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 283, "pid": 291, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " chmod --reference=/etc/resolv.conf /etc/resolv.conf.dhclient-new.283"}
  671. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 291"}
  672. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 283, "pid": 292, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " mv -f /etc/resolv.conf.dhclient-new.283 /etc/resolv.conf"}
  673. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 292"}
  674. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 283, "pid": 293, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " run-parts --list /etc/dhcp/dhclient-exit-hooks.d"}
  675. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 293"}
  676. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 283, "pid": 294, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " rm -f /run/ntpdate.dhcp"}
  677. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 294"}
  678. {"ts": 1550139130, "event_type": "File Access", "path: /dev/null", "mode": 2, "pid: 277"}
  679. {"ts": 1550139130, "event_type": "File Access", "path: /dev/null", "mode": 2, "pid: 277"}
  680. {"ts": 1550139130, "event_type": "File Access", "path: /dev/null", "mode": 2, "pid: 277"}
  681. {"ts": 1550139130, "event_type": "File Access", "path: /run/dhclient.eth0.pid", "mode": 577, "pid: 277"}
  682. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 228, "pid": 295, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c /bin/run-parts --exit-on-error /etc/network/if-up.d"}
  683. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 295, "pid": 296, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/run-parts --exit-on-error /etc/network/if-up.d"}
  684. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 296, "pid": 297, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-up.d/ethtool"}
  685. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 298, "pid": 300, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " sed -n
  686. /^IF_ETHERNET_PAUSE_[A-Za-z0-9_]*=/ {
  687.    h;                             # hold line
  688.    s/^IF_ETHERNET_PAUSE_//; s/=.*//; s/_/-/g;  # get name without prefix
  689.    y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;  # lower-case
  690.    p;
  691.    g;                             # restore line
  692.    s/^[^=]*=//; s/^'\(.*\)'/\1/;  # get value
  693.    p;
  694. }"}
  695. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 300"}
  696. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 301, "pid": 303, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " sed -n
  697. /^IF_HARDWARE_IRQ_COALESCE_[A-Za-z0-9_]*=/ {
  698.    h;                             # hold line
  699.    s/^IF_HARDWARE_IRQ_COALESCE_//; s/=.*//; s/_/-/g;  # get name without prefix
  700.    y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;  # lower-case
  701.    p;
  702.    g;                             # restore line
  703.    s/^[^=]*=//; s/^'\(.*\)'/\1/;  # get value
  704.    p;
  705. }"}
  706. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 303"}
  707. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 304, "pid": 306, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " sed -n
  708. /^IF_HARDWARE_DMA_RING_[A-Za-z0-9_]*=/ {
  709.    h;                             # hold line
  710.    s/^IF_HARDWARE_DMA_RING_//; s/=.*//; s/_/-/g;  # get name without prefix
  711.    y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;  # lower-case
  712.    p;
  713.    g;                             # restore line
  714.    s/^[^=]*=//; s/^'\(.*\)'/\1/;  # get value
  715.    p;
  716. }"}
  717. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 306"}
  718. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 307, "pid": 309, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " sed -n
  719. /^IF_OFFLOAD_[A-Za-z0-9_]*=/ {
  720.    h;                             # hold line
  721.    s/^IF_OFFLOAD_//; s/=.*//; s/_/-/g;  # get name without prefix
  722.    y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;  # lower-case
  723.    p;
  724.    g;                             # restore line
  725.    s/^[^=]*=//; s/^'\(.*\)'/\1/;  # get value
  726.    p;
  727. }"}
  728. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 309"}
  729. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 296, "pid": 310, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-up.d/wpasupplicant"}
  730. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 310, "pid": 312, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " grep -q ^IF_WPA"}
  731. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 312"}
  732. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 296"}
  733. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 228, "pid": 313, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c /bin/run-parts --exit-on-error /etc/network/if-up.d"}
  734. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 313, "pid": 314, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/run-parts --exit-on-error /etc/network/if-up.d"}
  735. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 314, "pid": 315, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-up.d/ethtool"}
  736. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 316, "pid": 318, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " sed -n
  737. /^IF_ETHERNET_PAUSE_[A-Za-z0-9_]*=/ {
  738.    h;                             # hold line
  739.    s/^IF_ETHERNET_PAUSE_//; s/=.*//; s/_/-/g;  # get name without prefix
  740.    y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;  # lower-case
  741.    p;
  742.    g;                             # restore line
  743.    s/^[^=]*=//; s/^'\(.*\)'/\1/;  # get value
  744.    p;
  745. }"}
  746. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 318"}
  747. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 319, "pid": 321, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " sed -n
  748. /^IF_HARDWARE_IRQ_COALESCE_[A-Za-z0-9_]*=/ {
  749.    h;                             # hold line
  750.    s/^IF_HARDWARE_IRQ_COALESCE_//; s/=.*//; s/_/-/g;  # get name without prefix
  751.    y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;  # lower-case
  752.    p;
  753.    g;                             # restore line
  754.    s/^[^=]*=//; s/^'\(.*\)'/\1/;  # get value
  755.    p;
  756. }"}
  757. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 321"}
  758. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 322, "pid": 324, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " sed -n
  759. /^IF_HARDWARE_DMA_RING_[A-Za-z0-9_]*=/ {
  760.    h;                             # hold line
  761.    s/^IF_HARDWARE_DMA_RING_//; s/=.*//; s/_/-/g;  # get name without prefix
  762.    y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;  # lower-case
  763.    p;
  764.    g;                             # restore line
  765.    s/^[^=]*=//; s/^'\(.*\)'/\1/;  # get value
  766.    p;
  767. }"}
  768. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 324"}
  769. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 325, "pid": 327, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " sed -n
  770. /^IF_OFFLOAD_[A-Za-z0-9_]*=/ {
  771.    h;                             # hold line
  772.    s/^IF_OFFLOAD_//; s/=.*//; s/_/-/g;  # get name without prefix
  773.    y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;  # lower-case
  774.    p;
  775.    g;                             # restore line
  776.    s/^[^=]*=//; s/^'\(.*\)'/\1/;  # get value
  777.    p;
  778. }"}
  779. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 327"}
  780. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 314, "pid": 328, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /etc/network/if-up.d/wpasupplicant"}
  781. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 328, "pid": 330, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " grep -q ^IF_WPA"}
  782. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 330"}
  783. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 314"}
  784. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 228"}
  785. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  786. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 331", "domain": 1, "type": 1, "proto": 0}
  787. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 332", "domain": 1, "type": 1, "proto": 0}
  788. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 1, "pid": 332, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-user-sessions start"}
  789. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 332", "domain": 1, "type": 524290, "proto": 0}
  790. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 332"}
  791. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 1, "pid": 331, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/sbin/sshd -t"}
  792. {"ts": 1550139130, "event_type": "File Access", "path: /dev/urandom", "mode": 0, "pid: 331"}
  793. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 6, "pid": 333, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-user-sessions.service"}
  794. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 333", "domain": 1, "type": 524290, "proto": 0}
  795. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 333", "domain": 1, "type": 524290, "proto": 0}
  796. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 333"}
  797. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 331"}
  798. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  799. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 334", "domain": 1, "type": 1, "proto": 0}
  800. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  801. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 337", "domain": 1, "type": 1, "proto": 0}
  802. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  803. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 1, "pid": 337, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh -c [ "$(cat /etc/X11/default-display-manager 2>/dev/null)" = "/usr/sbin/lightdm" ]"}
  804. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 337, "pid": 339, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " cat /etc/X11/default-display-manager"}
  805. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 1, "pid": 334, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/sbin/sshd -D"}
  806. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 339"}
  807. {"ts": 1550139130, "event_type": "File Access", "path: /dev/urandom", "mode": 0, "pid: 334"}
  808. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 341", "domain": 1, "type": 1, "proto": 0}
  809. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 6, "pid": 336, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/ssh.service"}
  810. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 336", "domain": 1, "type": 524290, "proto": 0}
  811. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 336", "domain": 1, "type": 524290, "proto": 0}
  812. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 336"}
  813. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 334", "domain": 2, "type": 1, "proto": 6}
  814. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 334", "domain": 10, "type": 1, "proto": 6}
  815. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 334", "domain": 1, "type": 524290, "proto": 0}
  816. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  817. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 6, "pid": 340, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/lightdm.service"}
  818. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 340", "domain": 1, "type": 524290, "proto": 0}
  819. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 340", "domain": 1, "type": 524290, "proto": 0}
  820. {"ts": 1550139130, "event_type": "Process Terminated", "pid: 340"}
  821. {"ts": 1550139130, "event_type": "Process Creation", "ppid": 1, "pid": 341, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/sbin/lightdm"}
  822. {"ts": 1550139130, "event_type": "File Access", "path: /var/log/lightdm/lightdm.log", "mode": 577, "pid: 341"}
  823. {"ts": 1550139130, "event_type": "Socket Activity", "pid: 341", "domain": 1, "type": 524289, "proto": 0}
  824. {"ts": 1550139131, "event_type": "File Access", "path: /var/run/lightdm/root/:0", "mode": 65, "pid: 341"}
  825. {"ts": 1550139131, "event_type": "File Access", "path: /var/log/lightdm/x-0.log", "mode": 577, "pid: 341"}
  826. {"ts": 1550139131, "event_type": "File Access", "path: /dev/null", "mode": 0, "pid: 346"}
  827. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  828. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 341", "domain": 1, "type": 524290, "proto": 0}
  829. {"ts": 1550139131, "event_type": "Process Creation", "ppid": 341, "pid": 346, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /usr/bin/X :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch"}
  830. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 347", "domain": 1, "type": 1, "proto": 0}
  831. {"ts": 1550139131, "event_type": "Process Creation", "ppid": 341, "pid": 346, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/xorg/Xorg.wrap :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch"}
  832. {"ts": 1550139131, "event_type": "Process Creation", "ppid": 1, "pid": 349, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/rm -rf /var/lib/lightdm/data/lightdm"}
  833. {"ts": 1550139131, "event_type": "Process Terminated", "pid: 349"}
  834. {"ts": 1550139131, "event_type": "Process Creation", "ppid": 1, "pid": 347, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-update-utmp runlevel"}
  835. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 347", "domain": 1, "type": 524290, "proto": 0}
  836. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 347", "domain": 16, "type": 3, "proto": 9}
  837. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 347", "domain": 1, "type": 526337, "proto": 0}
  838. {"ts": 1550139131, "event_type": "Process Terminated", "pid: 347"}
  839. {"ts": 1550139131, "event_type": "Process Creation", "ppid": 6, "pid": 350, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-update-utmp-runlevel.service"}
  840. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 350", "domain": 1, "type": 524290, "proto": 0}
  841. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 350", "domain": 1, "type": 524290, "proto": 0}
  842. {"ts": 1550139131, "event_type": "Process Terminated", "pid: 350"}
  843. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 335", "domain": 1, "type": 1, "proto": 0}
  844. {"ts": 1550139131, "event_type": "File Access", "path: /proc/self/auxv", "mode": 0, "pid: 346"}
  845. {"ts": 1550139131, "event_type": "Process Creation", "ppid": 341, "pid": 346, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/xorg/Xorg :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch"}
  846. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 338", "domain": 1, "type": 1, "proto": 0}
  847. {"ts": 1550139131, "event_type": "Process Creation", "ppid": 1, "pid": 335, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/agetty -o -p -- \u --keep-baud 115200,38400,9600 ttyS0 vt220"}
  848. {"ts": 1550139131, "event_type": "Process Creation", "ppid": 1, "pid": 338, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /sbin/agetty -o -p -- \u --noclear tty1 linux"}
  849. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 338", "domain": 1, "type": 526337, "proto": 0}
  850. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 338", "domain": 1, "type": 526337, "proto": 0}
  851. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 335", "domain": 1, "type": 526337, "proto": 0}
  852. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 335", "domain": 1, "type": 526337, "proto": 0}
  853. {"ts": 1550139131, "event_type": "File Access", "path: /proc/346/maps", "mode": 0, "pid: 346"}
  854. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 346", "domain": 1, "type": 1, "proto": 0}
  855. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 346", "domain": 1, "type": 1, "proto": 0}
  856. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 346", "domain": 16, "type": 526339, "proto": 15}
  857. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 346", "domain": 1, "type": 524289, "proto": 0}
  858. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 144", "domain": 16, "type": 526339, "proto": 15}
  859. {"ts": 1550139131, "event_type": "Socket Activity", "pid: 144", "domain": 16, "type": 526339, "proto": 15}
  860. {"ts": 1550139133, "event_type": "File Access", "path: /dev/urandom", "mode": 0, "pid: 346"}
  861. {"ts": 1550139133, "event_type": "File Access", "path: /dev/urandom", "mode": 0, "pid: 346"}
  862. {"ts": 1550139133, "event_type": "File Access", "path: /dev/urandom", "mode": 0, "pid: 346"}
  863. {"ts": 1550139133, "event_type": "File Access", "path: /dev/urandom", "mode": 0, "pid: 346"}
  864. {"ts": 1550139133, "event_type": "File Access", "path: /usr/share/fonts/X11/Type1/fonts.dir", "mode": 32768, "pid: 346"}
  865. {"ts": 1550139133, "event_type": "File Access", "path: /usr/share/fonts/X11/Type1/fonts.alias", "mode": 32768, "pid: 346"}
  866. {"ts": 1550139133, "event_type": "Process Creation", "ppid": 346, "pid": 357, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " sh -c "xkbcomp" -w 1 "-R/usr/share/X11/xkb" -xkm "-" -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" "/var/lib/xkb/server-0.xkm""}
  867. {"ts": 1550139133, "event_type": "Process Creation", "ppid": 357, "pid": 358, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 The XKEYBOARD keymap compiler (xkbcomp) reports: -emp >  -eml Errors from xkbcomp are not fatal to the X server /var/lib/xkb/server-0.xkm"}
  868. {"ts": 1550139133, "event_type": "File Access", "path: /usr/share/X11/XKeysymDB", "mode": 0, "pid: 358"}
  869. {"ts": 1550139133, "event_type": "File Access", "path: /var/lib/xkb/server-0.xkm", "mode": 193, "pid: 358"}
  870. {"ts": 1550139133, "event_type": "Process Terminated", "pid: 358"}
  871. {"ts": 1550139134, "event_type": "File Access", "path: /proc/346/cmdline", "mode": 0, "pid: 346"}
  872. {"ts": 1550139134, "event_type": "Socket Activity", "pid: 341", "domain": 1, "type": 524289, "proto": 0}
  873. {"ts": 1550139134, "event_type": "File Access", "path: /proc/341/cmdline", "mode": 0, "pid: 346"}
  874. {"ts": 1550139134, "event_type": "Process Creation", "ppid": 341, "pid": 361, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " lightdm --session-child 18 21"}
  875. {"ts": 1550139134, "event_type": "File Access", "path: /dev/null", "mode": 0, "pid: 361"}
  876. {"ts": 1550139134, "event_type": "File Access", "path: /dev/null", "mode": 1, "pid: 361"}
  877. {"ts": 1550139134, "event_type": "Socket Activity", "pid: 361", "domain": 1, "type": 524289, "proto": 0}
  878. {"ts": 1550139134, "event_type": "Socket Activity", "pid: 361", "domain": 1, "type": 524290, "proto": 0}
  879. {"ts": 1550139134, "event_type": "File Access", "path: /var/log/lightdm/seat0-greeter.log", "mode": 577, "pid: 361"}
  880. {"ts": 1550139134, "event_type": "Socket Activity", "pid: 361", "domain": 16, "type": 3, "proto": 9}
  881. {"ts": 1550139134, "event_type": "Socket Activity", "pid: 361", "domain": 1, "type": 526337, "proto": 0}
  882. {"ts": 1550139134, "event_type": "Socket Activity", "pid: 364", "domain": 1, "type": 1, "proto": 0}
  883. {"ts": 1550139134, "event_type": "Process Creation", "ppid": 1, "pid": 364, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-user-runtime-dir start 110"}
  884. {"ts": 1550139134, "event_type": "Socket Activity", "pid: 364", "domain": 1, "type": 526337, "proto": 0}
  885. {"ts": 1550139134, "event_type": "Process Terminated", "pid: 364"}
  886. {"ts": 1550139134, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  887. {"ts": 1550139134, "event_type": "Process Creation", "ppid": 6, "pid": 365, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-110.slice/user-runtime-dir@110.service"}
  888. {"ts": 1550139134, "event_type": "Socket Activity", "pid: 365", "domain": 1, "type": 524290, "proto": 0}
  889. {"ts": 1550139134, "event_type": "Socket Activity", "pid: 365", "domain": 1, "type": 524290, "proto": 0}
  890. {"ts": 1550139134, "event_type": "Process Terminated", "pid: 365"}
  891. {"ts": 1550139134, "event_type": "Process Creation", "ppid": 6, "pid": 366, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-110.slice"}
  892. {"ts": 1550139134, "event_type": "Socket Activity", "pid: 366", "domain": 1, "type": 524290, "proto": 0}
  893. {"ts": 1550139134, "event_type": "Socket Activity", "pid: 366", "domain": 1, "type": 524290, "proto": 0}
  894. {"ts": 1550139134, "event_type": "Process Terminated", "pid: 366"}
  895. {"ts": 1550139134, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  896. {"ts": 1550139134, "event_type": "Socket Activity", "pid: 367", "domain": 1, "type": 1, "proto": 0}
  897. {"ts": 1550139134, "event_type": "Socket Activity", "pid: 367", "domain": 16, "type": 3, "proto": 9}
  898. {"ts": 1550139134, "event_type": "Socket Activity", "pid: 367", "domain": 16, "type": 3, "proto": 9}
  899. {"ts": 1550139135, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  900. {"ts": 1550139135, "event_type": "Process Creation", "ppid": 6, "pid": 378, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-110.slice/user@110.service/dbus.socket"}
  901. {"ts": 1550139135, "event_type": "Socket Activity", "pid: 378", "domain": 1, "type": 524290, "proto": 0}
  902. {"ts": 1550139135, "event_type": "Socket Activity", "pid: 378", "domain": 1, "type": 524290, "proto": 0}
  903. {"ts": 1550139135, "event_type": "Process Terminated", "pid: 378"}
  904. {"ts": 1550139135, "event_type": "Socket Activity", "pid: 361", "domain": 16, "type": 3, "proto": 9}
  905. {"ts": 1550139135, "event_type": "File Access", "path: /dev/tty0", "mode": 256, "pid: 341"}
  906. {"ts": 1550139136, "event_type": "File Access", "path: /proc/379/cmdline", "mode": 0, "pid: 346"}
  907. {"ts": 1550139136, "event_type": "Process Terminated", "pid: 267"}
  908. {"ts": 1550139136, "event_type": "File Access", "path: /proc/379/cmdline", "mode": 0, "pid: 346"}
  909. {"ts": 1550139137, "event_type": "File Access", "path: /proc/404/cmdline", "mode": 0, "pid: 346"}
  910. {"ts": 1550139138, "event_type": "File Access", "path: /proc/404/cmdline", "mode": 0, "pid: 346"}
  911. {"ts": 1550139138, "event_type": "File Access", "path: /proc/404/cmdline", "mode": 0, "pid: 346"}
  912. {"ts": 1550139140, "event_type": "Process Creation", "ppid": 341, "pid": 412, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " lightdm --session-child 14 21"}
  913. {"ts": 1550139140, "event_type": "File Access", "path: /dev/null", "mode": 0, "pid: 412"}
  914. {"ts": 1550139140, "event_type": "File Access", "path: /dev/null", "mode": 1, "pid: 412"}
  915. {"ts": 1559505414, "event_type": "Socket Activity", "pid: 414", "domain": 1, "type": 1, "proto": 0}
  916. {"ts": 1559505415, "event_type": "Process Creation", "ppid": 1, "pid": 414, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/apt/apt-helper wait-online"}
  917. {"ts": 1559505416, "event_type": "Process Creation", "ppid": 414, "pid": 416, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " systemctl is-active -q systemd-networkd.service"}
  918. {"ts": 1559505416, "event_type": "Socket Activity", "pid: 416", "domain": 1, "type": 526337, "proto": 0}
  919. {"ts": 1559505416, "event_type": "Process Terminated", "pid: 416"}
  920. {"ts": 1559505416, "event_type": "Process Creation", "ppid": 414, "pid": 417, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " systemctl is-active -q NetworkManager.service"}
  921. {"ts": 1559505416, "event_type": "Socket Activity", "pid: 417", "domain": 1, "type": 526337, "proto": 0}
  922. {"ts": 1559505416, "event_type": "Process Terminated", "pid: 417"}
  923. {"ts": 1559505416, "event_type": "Process Creation", "ppid": 414, "pid": 418, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " nm-online -q --timeout 30"}
  924. {"ts": 1559505416, "event_type": "Socket Activity", "pid: 418", "domain": 1, "type": 524289, "proto": 0}
  925. {"ts": 1559505416, "event_type": "File Access", "path: /dev/urandom", "mode": 524544, "pid: 418"}
  926. {"ts": 1559505416, "event_type": "Process Terminated", "pid: 418"}
  927. {"ts": 1559505416, "event_type": "Process Creation", "ppid": 414, "pid": 422, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " systemctl is-active -q connman.service"}
  928. {"ts": 1559505416, "event_type": "Socket Activity", "pid: 422", "domain": 1, "type": 526337, "proto": 0}
  929. {"ts": 1559505416, "event_type": "Process Terminated", "pid: 422"}
  930. {"ts": 1559505416, "event_type": "Process Terminated", "pid: 414"}
  931. {"ts": 1559505416, "event_type": "Socket Activity", "pid: 424", "domain": 1, "type": 1, "proto": 0}
  932. {"ts": 1559505416, "event_type": "Process Creation", "ppid": 6, "pid": 423, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/apt-daily.service"}
  933. {"ts": 1559505416, "event_type": "Socket Activity", "pid: 423", "domain": 1, "type": 524290, "proto": 0}
  934. {"ts": 1559505416, "event_type": "Socket Activity", "pid: 423", "domain": 1, "type": 524290, "proto": 0}
  935. {"ts": 1559505416, "event_type": "Process Terminated", "pid: 423"}
  936. {"ts": 1559505416, "event_type": "Process Creation", "ppid": 1, "pid": 424, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /usr/lib/apt/apt.systemd.daily update"}
  937. {"ts": 1559505416, "event_type": "Process Creation", "ppid": 424, "pid": 425, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell StateDir Dir::State/d"}
  938. {"ts": 1559505416, "event_type": "Process Creation", "ppid": 425, "pid": 426, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  939. {"ts": 1559505416, "event_type": "Process Terminated", "pid: 426"}
  940. {"ts": 1559505416, "event_type": "Process Terminated", "pid: 425"}
  941. {"ts": 1559505416, "event_type": "Process Creation", "ppid": 424, "pid": 427, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " flock -w 3600 3"}
  942. {"ts": 1559505416, "event_type": "Process Terminated", "pid: 427"}
  943. {"ts": 1559505416, "event_type": "Process Creation", "ppid": 424, "pid": 428, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /usr/lib/apt/apt.systemd.daily lock_is_held update"}
  944. {"ts": 1559505416, "event_type": "Process Creation", "ppid": 428, "pid": 429, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " cmp -s apt.extended_states.0 /var/lib/apt/extended_states"}
  945. {"ts": 1559505416, "event_type": "Process Terminated", "pid: 429"}
  946. {"ts": 1559505416, "event_type": "Process Creation", "ppid": 428, "pid": 430, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " cp -p /var/lib/apt/extended_states apt.extended_states"}
  947. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 430"}
  948. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 428, "pid": 431, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /usr/bin/savelog -c 7 apt.extended_states"}
  949. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 431, "pid": 432, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " date +%Y%m%d%H%M%S"}
  950. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 432"}
  951. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 431, "pid": 433, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " basename /usr/bin/savelog"}
  952. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 433"}
  953. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 431, "pid": 434, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /usr/bin/which gzip"}
  954. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 431, "pid": 435, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " dirname -- apt.extended_states"}
  955. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 435"}
  956. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 431, "pid": 436, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " basename -- apt.extended_states"}
  957. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 436"}
  958. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 431, "pid": 437, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " rm -f -- .//apt.extended_states.6 .//apt.extended_states.6.gz"}
  959. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 437"}
  960. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 431, "pid": 438, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " mv -f -- .//apt.extended_states.1.gz .//apt.extended_states.2.gz"}
  961. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 438"}
  962. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 431, "pid": 439, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " gzip -f -9 .//apt.extended_states.0"}
  963. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 439"}
  964. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 431, "pid": 440, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " mv -- .//apt.extended_states.0.gz .//apt.extended_states.1.gz"}
  965. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 440"}
  966. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 431, "pid": 441, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " mv -- apt.extended_states .//apt.extended_states.0"}
  967. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 441"}
  968. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 431, "pid": 442, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " date"}
  969. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 442"}
  970. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 428, "pid": 443, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /usr/bin/which apt-config"}
  971. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 428, "pid": 444, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell AutoAptEnable APT::Periodic::Enable"}
  972. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 444, "pid": 445, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  973. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 445"}
  974. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 444"}
  975. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 428, "pid": 446, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell VERBOSE APT::Periodic::Verbose"}
  976. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 446, "pid": 447, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  977. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 447"}
  978. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 446"}
  979. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 428, "pid": 448, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /usr/bin/which apt-get"}
  980. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 428, "pid": 449, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-get check -qq"}
  981. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 449, "pid": 450, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  982. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 450"}
  983. {"ts": 1559505418, "event_type": "Process Creation", "ppid": 449, "pid": 451, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  984. {"ts": 1559505418, "event_type": "Process Terminated", "pid: 451"}
  985. {"ts": 1559505419, "event_type": "Process Creation", "ppid": 6, "pid": 452, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/systemd-hostnamed.service"}
  986. {"ts": 1559505419, "event_type": "Socket Activity", "pid: 452", "domain": 1, "type": 524290, "proto": 0}
  987. {"ts": 1559505419, "event_type": "Socket Activity", "pid: 452", "domain": 1, "type": 524290, "proto": 0}
  988. {"ts": 1559505419, "event_type": "Process Terminated", "pid: 452"}
  989. {"ts": 1559505419, "event_type": "Socket Activity", "pid: 144", "domain": 16, "type": 526339, "proto": 15}
  990. {"ts": 1559505419, "event_type": "Socket Activity", "pid: 144", "domain": 16, "type": 526339, "proto": 15}
  991. {"ts": 1559505421, "event_type": "Process Terminated", "pid: 449"}
  992. {"ts": 1559505421, "event_type": "Process Creation", "ppid": 428, "pid": 457, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " date +%s"}
  993. {"ts": 1559505421, "event_type": "Process Terminated", "pid: 457"}
  994. {"ts": 1559505421, "event_type": "Process Creation", "ppid": 428, "pid": 458, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell UpdateInterval APT::Periodic::Update-Package-Lists"}
  995. {"ts": 1559505421, "event_type": "Process Creation", "ppid": 458, "pid": 459, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  996. {"ts": 1559505421, "event_type": "Process Terminated", "pid: 459"}
  997. {"ts": 1559505421, "event_type": "Process Terminated", "pid: 458"}
  998. {"ts": 1559505421, "event_type": "Process Creation", "ppid": 428, "pid": 460, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell DownloadUpgradeableInterval APT::Periodic::Download-Upgradeable-Packages"}
  999. {"ts": 1559505421, "event_type": "Process Creation", "ppid": 460, "pid": 461, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1000. {"ts": 1559505421, "event_type": "Process Terminated", "pid: 461"}
  1001. {"ts": 1559505421, "event_type": "Process Terminated", "pid: 460"}
  1002. {"ts": 1559505421, "event_type": "Process Creation", "ppid": 428, "pid": 462, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell UnattendedUpgradeInterval APT::Periodic::Unattended-Upgrade"}
  1003. {"ts": 1559505421, "event_type": "Process Creation", "ppid": 462, "pid": 463, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1004. {"ts": 1559505421, "event_type": "Process Terminated", "pid: 463"}
  1005. {"ts": 1559505421, "event_type": "Process Terminated", "pid: 462"}
  1006. {"ts": 1559505421, "event_type": "Process Creation", "ppid": 428, "pid": 464, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell AutocleanInterval APT::Periodic::AutocleanInterval"}
  1007. {"ts": 1559505421, "event_type": "Process Creation", "ppid": 464, "pid": 465, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1008. {"ts": 1559505421, "event_type": "Process Terminated", "pid: 465"}
  1009. {"ts": 1559505421, "event_type": "Process Terminated", "pid: 464"}
  1010. {"ts": 1559505421, "event_type": "Process Creation", "ppid": 428, "pid": 466, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell CleanInterval APT::Periodic::CleanInterval"}
  1011. {"ts": 1559505421, "event_type": "Process Creation", "ppid": 466, "pid": 467, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1012. {"ts": 1559505421, "event_type": "Process Terminated", "pid: 467"}
  1013. {"ts": 1559505421, "event_type": "Process Terminated", "pid: 466"}
  1014. {"ts": 1559505421, "event_type": "Process Creation", "ppid": 428, "pid": 468, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell BackupArchiveInterval APT::Periodic::BackupArchiveInterval"}
  1015. {"ts": 1559505421, "event_type": "Process Creation", "ppid": 468, "pid": 469, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1016. {"ts": 1559505421, "event_type": "Process Terminated", "pid: 469"}
  1017. {"ts": 1559505421, "event_type": "Process Terminated", "pid: 468"}
  1018. {"ts": 1559505421, "event_type": "Process Creation", "ppid": 428, "pid": 470, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell Debdelta APT::Periodic::Download-Upgradeable-Packages-Debdelta"}
  1019. {"ts": 1559505421, "event_type": "Process Creation", "ppid": 470, "pid": 471, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1020. {"ts": 1559505421, "event_type": "Process Terminated", "pid: 471"}
  1021. {"ts": 1559505421, "event_type": "Process Terminated", "pid: 470"}
  1022. {"ts": 1559505421, "event_type": "Process Creation", "ppid": 428, "pid": 472, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell MaxAge APT::Archives::MaxAge"}
  1023. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 472, "pid": 473, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1024. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 473"}
  1025. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 472"}
  1026. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 428, "pid": 474, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell MaxAge APT::Periodic::MaxAge"}
  1027. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 474, "pid": 475, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1028. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 475"}
  1029. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 474"}
  1030. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 428, "pid": 476, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell MinAge APT::Archives::MinAge"}
  1031. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 476, "pid": 477, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1032. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 477"}
  1033. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 476"}
  1034. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 428, "pid": 478, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell MinAge APT::Periodic::MinAge"}
  1035. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 478, "pid": 479, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1036. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 479"}
  1037. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 478"}
  1038. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 428, "pid": 480, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell MaxSize APT::Archives::MaxSize"}
  1039. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 480, "pid": 481, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1040. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 481"}
  1041. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 480"}
  1042. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 428, "pid": 482, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell MaxSize APT::Periodic::MaxSize"}
  1043. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 482, "pid": 483, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1044. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 483"}
  1045. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 482"}
  1046. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 428, "pid": 484, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell Cache Dir::Cache::archives/d"}
  1047. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 484, "pid": 485, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1048. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 485"}
  1049. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 484"}
  1050. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 6, "pid": 486, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/apt-daily.service"}
  1051. {"ts": 1559505422, "event_type": "Socket Activity", "pid: 486", "domain": 1, "type": 524290, "proto": 0}
  1052. {"ts": 1559505422, "event_type": "Socket Activity", "pid: 486", "domain": 1, "type": 524290, "proto": 0}
  1053. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 486"}
  1054. {"ts": 1559505422, "event_type": "Socket Activity", "pid: 487", "domain": 1, "type": 1, "proto": 0}
  1055. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 1, "pid": 487, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/lib/apt/apt-helper wait-online"}
  1056. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 487, "pid": 488, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " systemctl is-active -q systemd-networkd.service"}
  1057. {"ts": 1559505422, "event_type": "Socket Activity", "pid: 488", "domain": 1, "type": 526337, "proto": 0}
  1058. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 488"}
  1059. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 487, "pid": 489, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " systemctl is-active -q NetworkManager.service"}
  1060. {"ts": 1559505422, "event_type": "Socket Activity", "pid: 489", "domain": 1, "type": 526337, "proto": 0}
  1061. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 489"}
  1062. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 487, "pid": 490, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " nm-online -q --timeout 30"}
  1063. {"ts": 1559505422, "event_type": "Socket Activity", "pid: 490", "domain": 1, "type": 524289, "proto": 0}
  1064. {"ts": 1559505422, "event_type": "File Access", "path: /dev/urandom", "mode": 524544, "pid: 490"}
  1065. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 490"}
  1066. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 487, "pid": 494, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " systemctl is-active -q connman.service"}
  1067. {"ts": 1559505422, "event_type": "Socket Activity", "pid: 494", "domain": 1, "type": 526337, "proto": 0}
  1068. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 494"}
  1069. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 487"}
  1070. {"ts": 1559505422, "event_type": "Socket Activity", "pid: 496", "domain": 1, "type": 1, "proto": 0}
  1071. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 1, "pid": 496, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /usr/lib/apt/apt.systemd.daily install"}
  1072. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 496, "pid": 497, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell StateDir Dir::State/d"}
  1073. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 6, "pid": 495, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /system.slice/apt-daily-upgrade.service"}
  1074. {"ts": 1559505422, "event_type": "Socket Activity", "pid: 495", "domain": 1, "type": 524290, "proto": 0}
  1075. {"ts": 1559505422, "event_type": "Socket Activity", "pid: 495", "domain": 1, "type": 524290, "proto": 0}
  1076. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 495"}
  1077. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 497, "pid": 498, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1078. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 498"}
  1079. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 497"}
  1080. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 496, "pid": 499, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " flock -w 3600 3"}
  1081. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 499"}
  1082. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 496, "pid": 500, "shell": "(null)", "pwd": "/", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /usr/lib/apt/apt.systemd.daily lock_is_held install"}
  1083. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 500, "pid": 501, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " cmp -s apt.extended_states.0 /var/lib/apt/extended_states"}
  1084. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 501"}
  1085. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 500, "pid": 502, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /usr/bin/which apt-config"}
  1086. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 500, "pid": 503, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell AutoAptEnable APT::Periodic::Enable"}
  1087. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 503, "pid": 504, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1088. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 504"}
  1089. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 503"}
  1090. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 500, "pid": 505, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell VERBOSE APT::Periodic::Verbose"}
  1091. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 505, "pid": 506, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1092. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 506"}
  1093. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 505"}
  1094. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 500, "pid": 507, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /bin/sh /usr/bin/which apt-get"}
  1095. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 500, "pid": 508, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-get check -qq"}
  1096. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 508, "pid": 509, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1097. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 509"}
  1098. {"ts": 1559505422, "event_type": "Process Creation", "ppid": 508, "pid": 510, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1099. {"ts": 1559505422, "event_type": "Process Terminated", "pid: 510"}
  1100. {"ts": 1559505423, "event_type": "Process Terminated", "pid: 508"}
  1101. {"ts": 1559505423, "event_type": "Process Creation", "ppid": 500, "pid": 511, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " date +%s"}
  1102. {"ts": 1559505423, "event_type": "Process Terminated", "pid: 511"}
  1103. {"ts": 1559505423, "event_type": "Process Creation", "ppid": 500, "pid": 512, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell UpdateInterval APT::Periodic::Update-Package-Lists"}
  1104. {"ts": 1559505423, "event_type": "Process Creation", "ppid": 512, "pid": 513, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1105. {"ts": 1559505423, "event_type": "Process Terminated", "pid: 513"}
  1106. {"ts": 1559505423, "event_type": "Process Terminated", "pid: 512"}
  1107. {"ts": 1559505423, "event_type": "Process Creation", "ppid": 500, "pid": 514, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell DownloadUpgradeableInterval APT::Periodic::Download-Upgradeable-Packages"}
  1108. {"ts": 1559505423, "event_type": "Process Creation", "ppid": 514, "pid": 515, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1109. {"ts": 1559505423, "event_type": "Process Terminated", "pid: 515"}
  1110. {"ts": 1559505423, "event_type": "Process Terminated", "pid: 514"}
  1111. {"ts": 1559505423, "event_type": "Process Creation", "ppid": 500, "pid": 516, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell UnattendedUpgradeInterval APT::Periodic::Unattended-Upgrade"}
  1112. {"ts": 1559505423, "event_type": "Process Creation", "ppid": 516, "pid": 517, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1113. {"ts": 1559505423, "event_type": "Process Terminated", "pid: 517"}
  1114. {"ts": 1559505423, "event_type": "Process Terminated", "pid: 516"}
  1115. {"ts": 1559505423, "event_type": "Process Creation", "ppid": 500, "pid": 518, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell AutocleanInterval APT::Periodic::AutocleanInterval"}
  1116. {"ts": 1559505423, "event_type": "Process Creation", "ppid": 518, "pid": 519, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1117. {"ts": 1559505423, "event_type": "Process Terminated", "pid: 519"}
  1118. {"ts": 1559505423, "event_type": "Process Terminated", "pid: 518"}
  1119. {"ts": 1559505423, "event_type": "Process Creation", "ppid": 500, "pid": 520, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell CleanInterval APT::Periodic::CleanInterval"}
  1120. {"ts": 1559505423, "event_type": "Process Creation", "ppid": 520, "pid": 521, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1121. {"ts": 1559505423, "event_type": "Process Terminated", "pid: 521"}
  1122. {"ts": 1559505423, "event_type": "Process Terminated", "pid: 520"}
  1123. {"ts": 1559505423, "event_type": "Process Creation", "ppid": 500, "pid": 522, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell BackupArchiveInterval APT::Periodic::BackupArchiveInterval"}
  1124. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 522, "pid": 523, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1125. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 523"}
  1126. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 522"}
  1127. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 500, "pid": 524, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell Debdelta APT::Periodic::Download-Upgradeable-Packages-Debdelta"}
  1128. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 524, "pid": 525, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1129. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 525"}
  1130. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 524"}
  1131. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 500, "pid": 526, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell MaxAge APT::Archives::MaxAge"}
  1132. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 526, "pid": 527, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1133. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 527"}
  1134. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 526"}
  1135. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 500, "pid": 528, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell MaxAge APT::Periodic::MaxAge"}
  1136. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 528, "pid": 529, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1137. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 529"}
  1138. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 528"}
  1139. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 500, "pid": 530, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell MinAge APT::Archives::MinAge"}
  1140. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 530, "pid": 531, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1141. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 531"}
  1142. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 530"}
  1143. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 500, "pid": 532, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell MinAge APT::Periodic::MinAge"}
  1144. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 532, "pid": 533, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1145. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 533"}
  1146. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 532"}
  1147. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 500, "pid": 534, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell MaxSize APT::Archives::MaxSize"}
  1148. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 534, "pid": 535, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1149. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 535"}
  1150. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 534"}
  1151. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 500, "pid": 536, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell MaxSize APT::Periodic::MaxSize"}
  1152. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 536, "pid": 537, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1153. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 537"}
  1154. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 536"}
  1155. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 500, "pid": 538, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " apt-config shell Cache Dir::Cache::archives/d"}
  1156. {"ts": 1559505424, "event_type": "Process Creation", "ppid": 538, "pid": 539, "shell": "(null)", "pwd": "/var/backups", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/bin/dpkg --print-foreign-architectures"}
  1157. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 539"}
  1158. {"ts": 1559505424, "event_type": "Process Terminated", "pid: 538"}
  1159. {"ts": 1559505440, "event_type": "Process Creation", "ppid": 334, "pid": 540, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /usr/sbin/sshd -D -R"}
  1160. {"ts": 1559505440, "event_type": "File Access", "path: /dev/urandom", "mode": 0, "pid: 540"}
  1161. {"ts": 1559505442, "event_type": "Socket Activity", "pid: 540", "domain": 16, "type": 3, "proto": 9}
  1162. {"ts": 1559505442, "event_type": "Socket Activity", "pid: 540", "domain": 16, "type": 3, "proto": 9}
  1163. {"ts": 1559505442, "event_type": "Socket Activity", "pid: 540", "domain": 16, "type": 3, "proto": 9}
  1164. {"ts": 1559505442, "event_type": "Socket Activity", "pid: 540", "domain": 1, "type": 526337, "proto": 0}
  1165. {"ts": 1559505442, "event_type": "Socket Activity", "pid: 195", "domain": 1, "type": 524290, "proto": 0}
  1166. {"ts": 1559505442, "event_type": "Socket Activity", "pid: 542", "domain": 1, "type": 1, "proto": 0}
  1167. {"ts": 1559505442, "event_type": "Process Creation", "ppid": 1, "pid": 542, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-user-runtime-dir start 0"}
  1168. {"ts": 1559505442, "event_type": "Socket Activity", "pid: 542", "domain": 1, "type": 526337, "proto": 0}
  1169. {"ts": 1559505442, "event_type": "Process Terminated", "pid: 542"}
  1170. {"ts": 1559505442, "event_type": "Socket Activity", "pid: 1", "domain": 1, "type": 526337, "proto": 0}
  1171. {"ts": 1559505443, "event_type": "Process Creation", "ppid": 6, "pid": 543, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-0.slice/user-runtime-dir@0.service"}
  1172. {"ts": 1559505443, "event_type": "Socket Activity", "pid: 543", "domain": 1, "type": 524290, "proto": 0}
  1173. {"ts": 1559505443, "event_type": "Socket Activity", "pid: 543", "domain": 1, "type": 524290, "proto": 0}
  1174. {"ts": 1559505443, "event_type": "Process Terminated", "pid: 543"}
  1175. {"ts": 1559505443, "event_type": "Process Creation", "ppid": 6, "pid": 544, "shell": "(null)", "pwd": "(null)", "user": "(null)", "ssh": "(null)", "last_cmd": "(null)", "cmd": " /lib/systemd/systemd-cgroups-agent /user.slice/user-0.slice"}
  1176. {"ts": 1559505443, "event_type": "Socket Activity", "pid: 544", "domain": 1, "type": 524290, "proto": 0}
  1177. {"ts": 1559505443, "event_type": "Socket Activity", "pid: 544", "domain": 1, "type"