Advertisement
Guest User

Untitled

a guest
May 27th, 2020
57
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
  2. Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; vendor preset: disabled)
  3. Active: active (running) since Wed 2020-05-27 14:00:10 CST; 1min 54s ago
  4. Docs: https://www.elastic.co/products/beats/filebeat
  5. Main PID: 7490 (filebeat)
  6. Tasks: 8 (limit: 49646)
  7. Memory: 28.9M
  8. CGroup: /system.slice/filebeat.service
  9. └─7490 /usr/share/filebeat/bin/filebeat -environment systemd -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat
  10.  
  11. May 27 14:01:21 ssl filebeat[7490]: 2020-05-27T14:01:21.970+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e6c39a09e50, ext:70068323701, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1440041},"message":"{\"timestamp\":\"2020-05-27T14:01:15.083+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /bin/sleep\",\"id\":\"80792\",\"firedtimes\":16,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559275.1297232\",\"full_log\":\"type=SYSCALL msg=audit(1590559277.405:121363): arch=c000003e syscall=59 success=yes exit=0 a0=5614633a3cc0 a1=5614633a32e0 a2=5614633a1880 a3=8 items=2 ppid=5217 pid=11945 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"sleep\\\" exe=\\\"/bin/sleep\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559277.405:121363): argc=2 a0=\\\"sleep\\\" a1=\\\"120\\\" type=CWD msg=audit(1590559277.405:121363): cwd=\\\"/tank2/testnet\\\" type=PATH msg=audit(1590559277.405:121363): item=0 name=\\\"/bin/sleep\\\" inode=5111893 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1590559277.405:121363): item=1 name=\\\"/lib64/ld-linux-x86-64.so.2\\\" inode=6291858 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PROCTITLE msg=audit(1590559277.405:121363): proctitle=736C65657000313230\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121363\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"5217\",\"pid\":\"11945\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"sleep\",\"exe\":\"/bin/sleep\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"sleep\",\"a1\":\"120\"},\"cwd\":\"/tank2/testnet\",\"file\":{\"name\":\"/bin/sleep\",\"inode\":\"5111893\",\"mode\":\"0100755\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1441941, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
  12. May 27 14:01:40 ssl filebeat[7490]: 2020-05-27T14:01:40.940+0800 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":10,"time":{"ms":1}},"total":{"ticks":120,"time":{"ms":3},"value":120},"user":{"ticks":110,"time":{"ms":2}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":11},"info":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","uptime":{"ms":90039}},"memstats":{"gc_next":15575968,"memory_alloc":13014848,"memory_total":38706856},"runtime":{"goroutines":27}},"filebeat":{"events":{"added":8,"done":8},"harvester":{"files":{"f45809b4-bebf-4b53-a2c1-f12281d269a4":{"last_event_published_time":"2020-05-27T14:01:20.966Z","last_event_timestamp":"2020-05-27T14:01:20.966Z","read_offset":14268,"size":15404}},"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"batches":1,"dropped":8,"total":8}},"pipeline":{"clients":1,"events":{"active":0,"published":8,"total":8},"queue":{"acked":8}}},"registrar":{"states":{"current":1,"update":8},"writes":{"success":1,"total":1}},"system":{"load":{"1":0.07,"15":0.09,"5":0.18,"norm":{"1":0.07,"15":0.09,"5":0.18}}}}}}
  13. May 27 14:01:46 ssl filebeat[7490]: 2020-05-27T14:01:46.970+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e7279b3994c, ext:95069567601, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1441941},"message":"{\"timestamp\":\"2020-05-27T14:01:45.261+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /bin/date\",\"id\":\"80792\",\"firedtimes\":17,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559305.1298961\",\"full_log\":\"type=SYSCALL msg=audit(1590559308.042:121364): arch=c000003e syscall=59 success=yes exit=0 a0=55f3b1ddfe60 a1=55f3b1df5bd0 a2=55f3b1df3880 a3=8 items=2 ppid=5452 pid=12003 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"date\\\" exe=\\\"/bin/date\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559308.042:121364): argc=2 a0=\\\"date\\\" a1=2B25592D256D2D25642025483A254D3A2553 type=CWD msg=audit(1590559308.042:121364): cwd=\\\"/tank2/testnet\\\" type=PATH msg=audit(1590559308.042:121364): item=0 name=\\\"/bin/date\\\" inode=5111829 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1590559308.042:121364): item=1 name=\\\"/lib64/ld-linux-x86-64.so.2\\\" inode=6291858 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PROCTITLE msg=audit(1590559308.042:121364): proctitle=64617465002B25592D256D2D25642025483A254D3A2553\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121364\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"5452\",\"pid\":\"12003\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"date\",\"exe\":\"/bin/date\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"date\"},\"cwd\":\"/tank2/testnet\",\"file\":{\"name\":\"/bin/date\",\"inode\":\"5111829\",\"mode\":\"0100755\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1443878, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
  14. May 27 14:01:46 ssl filebeat[7490]: 2020-05-27T14:01:46.970+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e7279b427e0, ext:95069604101, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1443878},"message":"{\"timestamp\":\"2020-05-27T14:01:45.261+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /bin/ps\",\"id\":\"80792\",\"firedtimes\":18,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559305.1300719\",\"full_log\":\"type=SYSCALL msg=audit(1590559308.042:121365): arch=c000003e syscall=59 success=yes exit=0 a0=55f3b1de06e0 a1=55f3b1de0990 a2=55f3b1df3880 a3=55f3b1dd4010 items=2 ppid=12004 pid=12005 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"ps\\\" exe=\\\"/bin/ps\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559308.042:121365): argc=4 a0=\\\"ps\\\" a1=\\\"-u\\\" a2=\\\"testnet\\\" a3=\\\"-f\\\" type=CWD msg=audit(1590559308.042:121365): cwd=\\\"/tank2/testnet\\\"\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121365\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"12004\",\"pid\":\"12005\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"ps\",\"exe\":\"/bin/ps\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"ps\",\"a1\":\"-u\",\"a2\":\"testnet\",\"a3\":\"-f\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1445200, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
  15. May 27 14:01:46 ssl filebeat[7490]: 2020-05-27T14:01:46.970+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e7279b45850, ext:95069616501, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1445200},"message":"{\"timestamp\":\"2020-05-27T14:01:45.263+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /bin/grep\",\"id\":\"80792\",\"firedtimes\":19,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559305.1301872\",\"full_log\":\"type=SYSCALL msg=audit(1590559308.042:121366): arch=c000003e syscall=59 success=yes exit=0 a0=55f3b1de0770 a1=55f3b1de09c0 a2=55f3b1df3880 a3=55f3b1dd4010 items=2 ppid=12004 pid=12006 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"grep\\\" exe=\\\"/bin/grep\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559308.042:121366): argc=3 a0=\\\"grep\\\" a1=\\\"-w\\\" a2=\\\"lotus-slave-miner\\\"\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121366\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"12004\",\"pid\":\"12006\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"grep\",\"exe\":\"/bin/grep\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"grep\",\"a1\":\"-w\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1446445, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
  16. May 27 14:01:46 ssl filebeat[7490]: 2020-05-27T14:01:46.970+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e7279b47538, ext:95069623901, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1446445},"message":"{\"timestamp\":\"2020-05-27T14:01:45.381+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /bin/grep\",\"id\":\"80792\",\"firedtimes\":20,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559305.1302932\",\"full_log\":\"type=SYSCALL msg=audit(1590559308.042:121367): arch=c000003e syscall=59 success=yes exit=0 a0=55f3b1de0780 a1=55f3b1de09c0 a2=55f3b1df3880 a3=55f3b1dd4010 items=2 ppid=12004 pid=12007 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"grep\\\" exe=\\\"/bin/grep\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559308.042:121367): argc=3 a0=\\\"grep\\\" a1=\\\"-v\\\" a2=\\\"grep\\\" type=CWD msg=audit(1590559308.042:121367): cwd=\\\"/tank2/testnet\\\" type=PATH msg=audit(1590559308.042:121367): item=0 name=\\\"/bin/grep\\\" inode=5111871 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1590559308.042:121367): item=1 name=\\\"/lib64/ld-linux-x86-64.so.2\\\" inode=6291858 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PROCTITLE msg=audit(1590559308.042:121367): proctitle=67726570002D760067726570\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121367\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"12004\",\"pid\":\"12007\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"grep\",\"exe\":\"/bin/grep\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"grep\",\"a1\":\"-v\",\"a2\":\"grep\"},\"cwd\":\"/tank2/testnet\",\"file\":{\"name\":\"/bin/grep\",\"inode\":\"5111871\",\"mode\":\"0100755\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1448377, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
  17. May 27 14:01:46 ssl filebeat[7490]: 2020-05-27T14:01:46.970+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e7279b48ca8, ext:95069629901, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1448377},"message":"{\"timestamp\":\"2020-05-27T14:01:45.381+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /usr/bin/wc\",\"id\":\"80792\",\"firedtimes\":21,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559305.1304701\",\"full_log\":\"type=SYSCALL msg=audit(1590559308.042:121368): arch=c000003e syscall=59 success=yes exit=0 a0=55f3b1de08a0 a1=55f3b1df5bd0 a2=55f3b1df3880 a3=8 items=2 ppid=12004 pid=12008 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"wc\\\" exe=\\\"/usr/bin/wc\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559308.042:121368): argc=2 a0=\\\"wc\\\" a1=\\\"-l\\\" type=CWD msg=audit(1590559308.042:121368): cwd=\\\"/tank2/testnet\\\" type=PATH msg=audit(1590559308.042:121368): item=0 name=\\\"/usr/bin/wc\\\" inode=1048881 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1590559308.042:121368): item=1 name=\\\"/lib64/ld-linux-x86-64.so.2\\\" inode=6291858 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PROCTITLE msg=audit(1590559308.042:121368): proctitle=7763002D6C\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121368\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"12004\",\"pid\":\"12008\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"wc\",\"exe\":\"/usr/bin/wc\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"wc\",\"a1\":\"-l\"},\"cwd\":\"/tank2/testnet\",\"file\":{\"name\":\"/usr/bin/wc\",\"inode\":\"1048881\",\"mode\":\"0100755\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1450262, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
  18. May 27 14:01:46 ssl filebeat[7490]: 2020-05-27T14:01:46.971+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e7279b4a288, ext:95069635501, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1450262},"message":"{\"timestamp\":\"2020-05-27T14:01:45.381+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /bin/date\",\"id\":\"80792\",\"firedtimes\":22,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559305.1306415\",\"full_log\":\"type=SYSCALL msg=audit(1590559308.062:121369): arch=c000003e syscall=59 success=yes exit=0 a0=55f3b1df5c50 a1=55f3b1df5bd0 a2=55f3b1df3880 a3=8 items=2 ppid=5452 pid=12009 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"date\\\" exe=\\\"/bin/date\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559308.062:121369): argc=2 a0=\\\"date\\\" a1=2B25592D256D2D25642025483A254D3A2553 type=CWD msg=audit(1590559308.062:121369): cwd=\\\"/tank2/testnet\\\" type=PATH msg=audit(1590559308.062:121369): item=0 name=\\\"/bin/date\\\" inode=5111829 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1590559308.062:121369): item=1 name=\\\"/lib64/ld-linux-x86-64.so.2\\\" inode=6291858 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PROCTITLE msg=audit(1590559308.062:121369): proctitle=64617465002B25592D256D2D25642025483A254D3A2553\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121369\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"5452\",\"pid\":\"12009\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"date\",\"exe\":\"/bin/date\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"date\"},\"cwd\":\"/tank2/testnet\",\"file\":{\"name\":\"/bin/date\",\"inode\":\"5111829\",\"mode\":\"0100755\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1452199, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
  19. May 27 14:01:46 ssl filebeat[7490]: 2020-05-27T14:01:46.971+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e7279b4c484, ext:95069644301, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1452199},"message":"{\"timestamp\":\"2020-05-27T14:01:45.381+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /bin/date\",\"id\":\"80792\",\"firedtimes\":23,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559305.1308173\",\"full_log\":\"type=SYSCALL msg=audit(1590559308.062:121370): arch=c000003e syscall=59 success=yes exit=0 a0=55f3b1ddfe90 a1=55f3b1df5bd0 a2=55f3b1df3880 a3=8 items=2 ppid=5452 pid=12010 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"date\\\" exe=\\\"/bin/date\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559308.062:121370): argc=2 a0=\\\"date\\\" a1=2B25592D256D2D25642025483A254D3A2553 type=CWD msg=audit(1590559308.062:121370): cwd=\\\"/tank2/testnet\\\" type=PATH msg=audit(1590559308.062:121370): item=0 name=\\\"/bin/date\\\" inode=5111829 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1590559308.062:121370): item=1 name=\\\"/lib64/ld-linux-x86-64.so.2\\\" inode=6291858 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PROCTITLE msg=audit(1590559308.062:121370): proctitle=64617465002B25592D256D2D25642025483A254D3A2553\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121370\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"5452\",\"pid\":\"12010\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"date\",\"exe\":\"/bin/date\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"date\"},\"cwd\":\"/tank2/testnet\",\"file\":{\"name\":\"/bin/date\",\"inode\":\"5111829\",\"mode\":\"0100755\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1454136, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
  20. May 27 14:01:46 ssl filebeat[7490]: 2020-05-27T14:01:46.971+0800 WARN [elasticsearch] elasticsearch/client.go:384 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xbfab9e7279b4db2c, ext:95069650001, loc:(*time.Location)(0x594e5e0)}, Meta:{"pipeline":"filebeat-7.7.0-wazuh-alerts-pipeline"}, Fields:{"agent":{"ephemeral_id":"633f72cd-92f6-47ab-8209-eb4ebf6fceda","hostname":"ssl","id":"36a1c9a1-e768-428a-957d-e9d12340ae32","type":"filebeat","version":"7.7.0"},"ecs":{"version":"1.5.0"},"event":{"dataset":"wazuh.alerts","module":"wazuh"},"fields":{"index_prefix":"wazuh-alerts-3.x-"},"fileset":{"name":"alerts"},"host":{"name":"ssl"},"input":{"type":"log"},"log":{"file":{"path":"/var/ossec/logs/alerts/alerts.json"},"offset":1454136},"message":"{\"timestamp\":\"2020-05-27T14:01:45.381+0800\",\"rule\":{\"level\":3,\"description\":\"Audit: Command: /bin/sleep\",\"id\":\"80792\",\"firedtimes\":24,\"mail\":false,\"groups\":[\"audit\",\"audit_command\"],\"gdpr\":[\"IV_30.1.g\"]},\"agent\":{\"id\":\"003\",\"name\":\"device\",\"ip\":\"192.168.2.159\"},\"manager\":{\"name\":\"ssl\"},\"id\":\"1590559305.1309931\",\"full_log\":\"type=SYSCALL msg=audit(1590559308.062:121371): arch=c000003e syscall=59 success=yes exit=0 a0=55f3b1df52a0 a1=55f3b1df5c50 a2=55f3b1df3880 a3=8 items=2 ppid=5452 pid=12011 auid=1007 uid=1007 gid=1002 euid=1007 suid=1007 fsuid=1007 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4337 comm=\\\"sleep\\\" exe=\\\"/bin/sleep\\\" key=\\\"audit-wazuh-c\\\" type=EXECVE msg=audit(1590559308.062:121371): argc=2 a0=\\\"sleep\\\" a1=\\\"120\\\" type=CWD msg=audit(1590559308.062:121371): cwd=\\\"/tank2/testnet\\\" type=PATH msg=audit(1590559308.062:121371): item=0 name=\\\"/bin/sleep\\\" inode=5111893 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PATH msg=audit(1590559308.062:121371): item=1 name=\\\"/lib64/ld-linux-x86-64.so.2\\\" inode=6291858 dev=103:02 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=PROCTITLE msg=audit(1590559308.062:121371): proctitle=736C65657000313230\",\"decoder\":{\"parent\":\"auditd\",\"name\":\"auditd\"},\"data\":{\"audit\":{\"type\":\"SYSCALL\",\"id\":\"121371\",\"arch\":\"c000003e\",\"syscall\":\"59\",\"success\":\"yes\",\"exit\":\"0\",\"ppid\":\"5452\",\"pid\":\"12011\",\"auid\":\"1007\",\"uid\":\"1007\",\"gid\":\"1002\",\"euid\":\"1007\",\"suid\":\"1007\",\"fsuid\":\"1007\",\"egid\":\"1002\",\"sgid\":\"1002\",\"fsgid\":\"1002\",\"tty\":\"(none)\",\"session\":\"4337\",\"command\":\"sleep\",\"exe\":\"/bin/sleep\",\"key\":\"audit-wazuh-c\",\"execve\":{\"a0\":\"sleep\",\"a1\":\"120\"},\"cwd\":\"/tank2/testnet\",\"file\":{\"name\":\"/bin/sleep\",\"inode\":\"5111893\",\"mode\":\"0100755\"}}},\"location\":\"/var/log/audit/audit.log\"}","service":{"type":"wazuh"}}, Private:file.State{Id:"", Finished:false, Fileinfo:(*os.fileStat)(0xc00029a0d0), Source:"/var/ossec/logs/alerts/alerts.json", Offset:1456036, Timestamp:time.Time{wall:0xbfab9e5ab86bfc8c, ext:48097301, loc:(*time.Location)(0x594e5e0)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x4071abe, Device:0xfd00}}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=404): {"type":"index_not_found_exception","reason":"no such index [<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>] and [action.auto_create_index] ([.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*,wazuh-alerts-3.x-*,wazuh-monitoring-3.x-*]) doesn't match","index_uuid":"_na_","index":"<wazuh-alerts-3.x-{2020.05.27||/d{yyyy.MM.dd|UTC}}>"}
Advertisement
RAW Paste Data Copied
Advertisement