API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 27th, 2020
95
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 33.67 KB | None | 0 0
raw download clone embed print report
  1. ● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
  2. Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; vendor preset: disabled)
  3. Active: active (running) since Wed 2020-05-27 14:00:10 CST; 1min 54s ago
  4. Docs: https://www.elastic.co/products/beats/filebeat
  5. Main PID: 7490 (filebeat)
  6. Tasks: 8 (limit: 49646)
  7. Memory: 28.9M
  8. CGroup: /system.slice/filebeat.service
  9. └─7490 /usr/share/filebeat/bin/filebeat -environment systemd -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat
  10.  
  11. May 27 14:01:21 ssl filebeat[7490]: 2020-05-27T14:01:21.970+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e6c39a09e50, ext:70068323701, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1440041},"message":"{\"timestamp\":\"2020-05-27T14:01:15.083+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /bin/sleep\",\"id\":\"80792\",\"firedtimes\":16,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559275.1297232\",\"full_log\":\"type=SYSCALL msg=audit(1590559277.405:121363): arch=c000003e syscall=59 success=yes exit=0 a0=5614633a3cc0 a1=5614633a32e0 a2=5614633a1880 a3=8 items=2 ppid=5217 pid=11945 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"sleep\\\" exe=\\\"/bin/sleep\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559277.405:121363): argc=2 a0=\\\"sleep\\\" a1=\\\"120\\\" type=CWD msg=audit(1590559277.405:121363): cwd=\\\"/tank2/testnet\\\" type=PATH msg=audit(1590559277.405:121363): item=0 name=\\\"/bin/sleep\\\" inode=5111893 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1590559277.405:121363): item=1 name=\\\"/lib64/ld-linux-x86-64.so.2\\\" inode=6291858 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PROCTITLE msg=audit(1590559277.405:121363): proctitle=736C65657000313230\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121363\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"5217\",\"pid\":\"11945\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"sleep\",\"exe\":\"/bin/sleep\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"sleep\",\"a1\":\"120\"},\"cwd\":\"/tank2/testnet\",\"file\":{\"name\":\"/bin/sleep\",\"inode\":\"5111893\",\"mode\":\"0100755\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1441941, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
  12. May 27 14:01:40 ssl filebeat[7490]: 2020-05-27T14:01:40.940+0800 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":10,"time":{"ms":1}},"total":{"ticks":120,"time":{"ms":3},"value":120},"user":{"ticks":110,"time":{"ms":2}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":11},"info":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","uptime":{"ms":90039}},"memstats":{"gc_next":15575968,"memory_alloc":13014848,"memory_total":38706856},"runtime":{"goroutines":27}},"filebeat":{"events":{"added":8,"done":8},"harvester":{"files":{"f45809b4-bebf-4b53-a2c1-f12281d269a4":{"last_event_published_time":"2020-05-27T14:01:20.966Z","last_event_timestamp":"2020-05-27T14:01:20.966Z","read_offset":14268,"size":15404}},"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"batches":1,"dropped":8,"total":8}},"pipeline":{"clients":1,"events":{"active":0,"published":8,"total":8},"queue":{"acked":8}}},"registrar":{"states":{"current":1,"update":8},"writes":{"success":1,"total":1}},"system":{"load":{"1":0.07,"15":0.09,"5":0.18,"norm":{"1":0.07,"15":0.09,"5":0.18}}}}}}
  13. May 27 14:01:46 ssl filebeat[7490]: 2020-05-27T14:01:46.970+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e7279b3994c, ext:95069567601, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1441941},"message":"{\"timestamp\":\"2020-05-27T14:01:45.261+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /bin/date\",\"id\":\"80792\",\"firedtimes\":17,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559305.1298961\",\"full_log\":\"type=SYSCALL msg=audit(1590559308.042:121364): arch=c000003e syscall=59 success=yes exit=0 a0=55f3b1ddfe60 a1=55f3b1df5bd0 a2=55f3b1df3880 a3=8 items=2 ppid=5452 pid=12003 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"date\\\" exe=\\\"/bin/date\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559308.042:121364): argc=2 a0=\\\"date\\\" a1=2B25592D256D2D25642025483A254D3A2553 type=CWD msg=audit(1590559308.042:121364): cwd=\\\"/tank2/testnet\\\" type=PATH msg=audit(1590559308.042:121364): item=0 name=\\\"/bin/date\\\" inode=5111829 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1590559308.042:121364): item=1 name=\\\"/lib64/ld-linux-x86-64.so.2\\\" inode=6291858 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PROCTITLE msg=audit(1590559308.042:121364): proctitle=64617465002B25592D256D2D25642025483A254D3A2553\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121364\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"5452\",\"pid\":\"12003\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"date\",\"exe\":\"/bin/date\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"date\"},\"cwd\":\"/tank2/testnet\",\"file\":{\"name\":\"/bin/date\",\"inode\":\"5111829\",\"mode\":\"0100755\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1443878, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
  14. May 27 14:01:46 ssl filebeat[7490]: 2020-05-27T14:01:46.970+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e7279b427e0, ext:95069604101, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1443878},"message":"{\"timestamp\":\"2020-05-27T14:01:45.261+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /bin/ps\",\"id\":\"80792\",\"firedtimes\":18,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559305.1300719\",\"full_log\":\"type=SYSCALL msg=audit(1590559308.042:121365): arch=c000003e syscall=59 success=yes exit=0 a0=55f3b1de06e0 a1=55f3b1de0990 a2=55f3b1df3880 a3=55f3b1dd4010 items=2 ppid=12004 pid=12005 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"ps\\\" exe=\\\"/bin/ps\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559308.042:121365): argc=4 a0=\\\"ps\\\" a1=\\\"-u\\\" a2=\\\"testnet\\\" a3=\\\"-f\\\" type=CWD msg=audit(1590559308.042:121365): cwd=\\\"/tank2/testnet\\\"\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121365\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"12004\",\"pid\":\"12005\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"ps\",\"exe\":\"/bin/ps\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"ps\",\"a1\":\"-u\",\"a2\":\"testnet\",\"a3\":\"-f\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1445200, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
  15. May 27 14:01:46 ssl filebeat[7490]: 2020-05-27T14:01:46.970+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e7279b45850, ext:95069616501, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1445200},"message":"{\"timestamp\":\"2020-05-27T14:01:45.263+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /bin/grep\",\"id\":\"80792\",\"firedtimes\":19,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559305.1301872\",\"full_log\":\"type=SYSCALL msg=audit(1590559308.042:121366): arch=c000003e syscall=59 success=yes exit=0 a0=55f3b1de0770 a1=55f3b1de09c0 a2=55f3b1df3880 a3=55f3b1dd4010 items=2 ppid=12004 pid=12006 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"grep\\\" exe=\\\"/bin/grep\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559308.042:121366): argc=3 a0=\\\"grep\\\" a1=\\\"-w\\\" a2=\\\"lotus-slave-miner\\\"\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121366\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"12004\",\"pid\":\"12006\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"grep\",\"exe\":\"/bin/grep\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"grep\",\"a1\":\"-w\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1446445, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
  16. May 27 14:01:46 ssl filebeat[7490]: 2020-05-27T14:01:46.970+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e7279b47538, ext:95069623901, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1446445},"message":"{\"timestamp\":\"2020-05-27T14:01:45.381+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /bin/grep\",\"id\":\"80792\",\"firedtimes\":20,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559305.1302932\",\"full_log\":\"type=SYSCALL msg=audit(1590559308.042:121367): arch=c000003e syscall=59 success=yes exit=0 a0=55f3b1de0780 a1=55f3b1de09c0 a2=55f3b1df3880 a3=55f3b1dd4010 items=2 ppid=12004 pid=12007 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"grep\\\" exe=\\\"/bin/grep\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559308.042:121367): argc=3 a0=\\\"grep\\\" a1=\\\"-v\\\" a2=\\\"grep\\\" type=CWD msg=audit(1590559308.042:121367): cwd=\\\"/tank2/testnet\\\" type=PATH msg=audit(1590559308.042:121367): item=0 name=\\\"/bin/grep\\\" inode=5111871 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1590559308.042:121367): item=1 name=\\\"/lib64/ld-linux-x86-64.so.2\\\" inode=6291858 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PROCTITLE msg=audit(1590559308.042:121367): proctitle=67726570002D760067726570\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121367\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"12004\",\"pid\":\"12007\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"grep\",\"exe\":\"/bin/grep\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"grep\",\"a1\":\"-v\",\"a2\":\"grep\"},\"cwd\":\"/tank2/testnet\",\"file\":{\"name\":\"/bin/grep\",\"inode\":\"5111871\",\"mode\":\"0100755\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1448377, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
  17. May 27 14:01:46 ssl filebeat[7490]: 2020-05-27T14:01:46.970+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e7279b48ca8, ext:95069629901, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1448377},"message":"{\"timestamp\":\"2020-05-27T14:01:45.381+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /usr/bin/wc\",\"id\":\"80792\",\"firedtimes\":21,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559305.1304701\",\"full_log\":\"type=SYSCALL msg=audit(1590559308.042:121368): arch=c000003e syscall=59 success=yes exit=0 a0=55f3b1de08a0 a1=55f3b1df5bd0 a2=55f3b1df3880 a3=8 items=2 ppid=12004 pid=12008 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"wc\\\" exe=\\\"/usr/bin/wc\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559308.042:121368): argc=2 a0=\\\"wc\\\" a1=\\\"-l\\\" type=CWD msg=audit(1590559308.042:121368): cwd=\\\"/tank2/testnet\\\" type=PATH msg=audit(1590559308.042:121368): item=0 name=\\\"/usr/bin/wc\\\" inode=1048881 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1590559308.042:121368): item=1 name=\\\"/lib64/ld-linux-x86-64.so.2\\\" inode=6291858 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PROCTITLE msg=audit(1590559308.042:121368): proctitle=7763002D6C\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121368\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"12004\",\"pid\":\"12008\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"wc\",\"exe\":\"/usr/bin/wc\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"wc\",\"a1\":\"-l\"},\"cwd\":\"/tank2/testnet\",\"file\":{\"name\":\"/usr/bin/wc\",\"inode\":\"1048881\",\"mode\":\"0100755\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1450262, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
  18. May 27 14:01:46 ssl filebeat[7490]: 2020-05-27T14:01:46.971+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e7279b4a288, ext:95069635501, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1450262},"message":"{\"timestamp\":\"2020-05-27T14:01:45.381+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /bin/date\",\"id\":\"80792\",\"firedtimes\":22,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559305.1306415\",\"full_log\":\"type=SYSCALL msg=audit(1590559308.062:121369): arch=c000003e syscall=59 success=yes exit=0 a0=55f3b1df5c50 a1=55f3b1df5bd0 a2=55f3b1df3880 a3=8 items=2 ppid=5452 pid=12009 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"date\\\" exe=\\\"/bin/date\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559308.062:121369): argc=2 a0=\\\"date\\\" a1=2B25592D256D2D25642025483A254D3A2553 type=CWD msg=audit(1590559308.062:121369): cwd=\\\"/tank2/testnet\\\" type=PATH msg=audit(1590559308.062:121369): item=0 name=\\\"/bin/date\\\" inode=5111829 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1590559308.062:121369): item=1 name=\\\"/lib64/ld-linux-x86-64.so.2\\\" inode=6291858 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PROCTITLE msg=audit(1590559308.062:121369): proctitle=64617465002B25592D256D2D25642025483A254D3A2553\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121369\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"5452\",\"pid\":\"12009\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"date\",\"exe\":\"/bin/date\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"date\"},\"cwd\":\"/tank2/testnet\",\"file\":{\"name\":\"/bin/date\",\"inode\":\"5111829\",\"mode\":\"0100755\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1452199, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
  19. May 27 14:01:46 ssl filebeat[7490]: 2020-05-27T14:01:46.971+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e7279b4c484, ext:95069644301, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1452199},"message":"{\"timestamp\":\"2020-05-27T14:01:45.381+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /bin/date\",\"id\":\"80792\",\"firedtimes\":23,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559305.1308173\",\"full_log\":\"type=SYSCALL msg=audit(1590559308.062:121370): arch=c000003e syscall=59 success=yes exit=0 a0=55f3b1ddfe90 a1=55f3b1df5bd0 a2=55f3b1df3880 a3=8 items=2 ppid=5452 pid=12010 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"date\\\" exe=\\\"/bin/date\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559308.062:121370): argc=2 a0=\\\"date\\\" a1=2B25592D256D2D25642025483A254D3A2553 type=CWD msg=audit(1590559308.062:121370): cwd=\\\"/tank2/testnet\\\" type=PATH msg=audit(1590559308.062:121370): item=0 name=\\\"/bin/date\\\" inode=5111829 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1590559308.062:121370): item=1 name=\\\"/lib64/ld-linux-x86-64.so.2\\\" inode=6291858 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PROCTITLE msg=audit(1590559308.062:121370): proctitle=64617465002B25592D256D2D25642025483A254D3A2553\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121370\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"5452\",\"pid\":\"12010\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"date\",\"exe\":\"/bin/date\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"date\"},\"cwd\":\"/tank2/testnet\",\"file\":{\"name\":\"/bin/date\",\"inode\":\"5111829\",\"mode\":\"0100755\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1454136, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
  20. May 27 14:01:46 ssl filebeat[7490]: 2020-05-27T14:01:46.971+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e7279b4db2c, ext:95069650001, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1454136},"message":"{\"timestamp\":\"2020-05-27T14:01:45.381+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /bin/sleep\",\"id\":\"80792\",\"firedtimes\":24,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559305.1309931\",\"full_log\":\"type=SYSCALL msg=audit(1590559308.062:121371): arch=c000003e syscall=59 success=yes exit=0 a0=55f3b1df52a0 a1=55f3b1df5c50 a2=55f3b1df3880 a3=8 items=2 ppid=5452 pid=12011 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"sleep\\\" exe=\\\"/bin/sleep\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559308.062:121371): argc=2 a0=\\\"sleep\\\" a1=\\\"120\\\" type=CWD msg=audit(1590559308.062:121371): cwd=\\\"/tank2/testnet\\\" type=PATH msg=audit(1590559308.062:121371): item=0 name=\\\"/bin/sleep\\\" inode=5111893 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1590559308.062:121371): item=1 name=\\\"/lib64/ld-linux-x86-64.so.2\\\" inode=6291858 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PROCTITLE msg=audit(1590559308.062:121371): proctitle=736C65657000313230\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121371\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"5452\",\"pid\":\"12011\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"sleep\",\"exe\":\"/bin/sleep\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"sleep\",\"a1\":\"120\"},\"cwd\":\"/tank2/testnet\",\"file\":{\"name\":\"/bin/sleep\",\"inode\":\"5111893\",\"mode\":\"0100755\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1456036, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!