API tools faq
paste
Guest User

Untitled

a guest
Apr 12th, 2018
283
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 47.35 KB | None | 0 0
raw download clone embed print report
  1. =========================================================================
  2. Service Status
  3. =========================================================================
  4. Status: securityonion
  5. * SO-user server[ OK ]
  6. Status: HIDS
  7. * ossec_agent (SO-user)[ OK ]
  8. Status: Bro
  9. Name Type Host Status Pid Started
  10. bro standalone localhost running 10369 12 Apr 14:11:46
  11. Status: SO-server-eth1
  12. * netsniff-ng (full packet data)[ OK ]
  13. * pcap_agent (SO-user)[ OK ]
  14. * snort_agent-1 (SO-user)[ OK ]
  15. * snort-1 (alert data)[ OK ]
  16. * barnyard2-1 (spooler, unified2 format)[ OK ]
  17.  
  18. =========================================================================
  19. Interface Status
  20. =========================================================================
  21. br-5e455ea35dc9 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  22. inet addr:X.X.X.X Bcast:X.X.X.X Mask:X.X.X.X
  23. inet6 addr: X.X.X.X/64 Scope:Link
  24. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  25. RX packets:3 errors:0 dropped:0 overruns:0 frame:0
  26. TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
  27. collisions:0 txqueuelen:0
  28. RX bytes:84 (84.0 B) TX bytes:7154 (7.1 KB)
  29.  
  30. docker0 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  31. inet addr:X.X.X.X Bcast:X.X.X.X Mask:X.X.X.X
  32. inet6 addr: X.X.X.X/64 Scope:Link
  33. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  34. RX packets:1943 errors:0 dropped:0 overruns:0 frame:0
  35. TX packets:1948 errors:0 dropped:0 overruns:0 carrier:0
  36. collisions:0 txqueuelen:0
  37. RX bytes:8717119 (8.7 MB) TX bytes:8471404 (8.4 MB)
  38.  
  39. eth0 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  40. inet addr:X.X.X.X Bcast:X.X.X.X Mask:X.X.X.X
  41. inet6 addr: X.X.X.X/64 Scope:Link
  42. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  43. RX packets:543 errors:0 dropped:0 overruns:0 frame:0
  44. TX packets:661 errors:0 dropped:0 overruns:0 carrier:0
  45. collisions:0 txqueuelen:1000
  46. RX bytes:63638 (63.6 KB) TX bytes:63619 (63.6 KB)
  47.  
  48. eth1 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  49. UP BROADCAST RUNNING NOARP PROMISC MULTICAST MTU:1500 Metric:1
  50. RX packets:123050 errors:0 dropped:0 overruns:0 frame:0
  51. TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
  52. collisions:0 txqueuelen:1000
  53. RX bytes:7481807 (7.4 MB) TX bytes:270 (270.0 B)
  54.  
  55. lo Link encap:Local Loopback
  56. inet addr:X.X.X.X Mask:X.X.X.X
  57. inet6 addr: X.X.X.X/128 Scope:Host
  58. UP LOOPBACK RUNNING MTU:65536 Metric:1
  59. RX packets:5746 errors:0 dropped:0 overruns:0 frame:0
  60. TX packets:5746 errors:0 dropped:0 overruns:0 carrier:0
  61. collisions:0 txqueuelen:1
  62. RX bytes:17671172 (17.6 MB) TX bytes:17671172 (17.6 MB)
  63.  
  64.  
  65. so-curator
  66. -------------------------------------------------------------------------
  67. (eth0)
  68. veth749199a Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  69. inet6 addr: X.X.X.X/64 Scope:Link
  70. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  71. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  72. TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
  73. collisions:0 txqueuelen:0
  74. RX bytes:0 (0.0 B) TX bytes:6056 (6.0 KB)
  75.  
  76. (eth1)
  77. veth8d65c25 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  78. inet6 addr: X.X.X.X/64 Scope:Link
  79. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  80. RX packets:328 errors:0 dropped:0 overruns:0 frame:0
  81. TX packets:260 errors:0 dropped:0 overruns:0 carrier:0
  82. collisions:0 txqueuelen:0
  83. RX bytes:47012 (47.0 KB) TX bytes:303939 (303.9 KB)
  84.  
  85.  
  86. so-elastalert
  87. -------------------------------------------------------------------------
  88. (eth0)
  89. veth08048b7 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  90. inet6 addr: X.X.X.X/64 Scope:Link
  91. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  92. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  93. TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
  94. collisions:0 txqueuelen:0
  95. RX bytes:0 (0.0 B) TX bytes:6056 (6.0 KB)
  96.  
  97. (eth1)
  98. vetha658568 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  99. inet6 addr: X.X.X.X/64 Scope:Link
  100. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  101. RX packets:526 errors:0 dropped:0 overruns:0 frame:0
  102. TX packets:454 errors:0 dropped:0 overruns:0 carrier:0
  103. collisions:0 txqueuelen:0
  104. RX bytes:125714 (125.7 KB) TX bytes:94048 (94.0 KB)
  105.  
  106.  
  107. so-kibana
  108. -------------------------------------------------------------------------
  109. (eth0)
  110. vethbe07365 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  111. inet6 addr: X.X.X.X/64 Scope:Link
  112. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  113. RX packets:1613 errors:0 dropped:0 overruns:0 frame:0
  114. TX packets:1503 errors:0 dropped:0 overruns:0 carrier:0
  115. collisions:0 txqueuelen:0
  116. RX bytes:8349109 (8.3 MB) TX bytes:8434654 (8.4 MB)
  117.  
  118. (eth1)
  119. veth1f6f38d Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  120. inet6 addr: X.X.X.X/64 Scope:Link
  121. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  122. RX packets:4976 errors:0 dropped:0 overruns:0 frame:0
  123. TX packets:3645 errors:0 dropped:0 overruns:0 carrier:0
  124. collisions:0 txqueuelen:0
  125. RX bytes:8869533 (8.8 MB) TX bytes:1318994 (1.3 MB)
  126.  
  127.  
  128. so-elasticsearch
  129. -------------------------------------------------------------------------
  130. (eth0)
  131. vethe3f2c7f Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  132. inet6 addr: X.X.X.X/64 Scope:Link
  133. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  134. RX packets:313 errors:0 dropped:0 overruns:0 frame:0
  135. TX packets:489 errors:0 dropped:0 overruns:0 carrier:0
  136. collisions:0 txqueuelen:0
  137. RX bytes:394426 (394.4 KB) TX bytes:44176 (44.1 KB)
  138.  
  139. (eth1)
  140. veth186c3f0 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  141. inet6 addr: X.X.X.X/64 Scope:Link
  142. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  143. RX packets:4226 errors:0 dropped:0 overruns:0 frame:0
  144. TX packets:5890 errors:0 dropped:0 overruns:0 carrier:0
  145. collisions:0 txqueuelen:0
  146. RX bytes:1698726 (1.6 MB) TX bytes:9050990 (9.0 MB)
  147.  
  148.  
  149. so-freqserver
  150. -------------------------------------------------------------------------
  151. (eth0)
  152. veth4cb899a Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  153. inet6 addr: X.X.X.X/64 Scope:Link
  154. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  155. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  156. TX packets:81 errors:0 dropped:0 overruns:0 carrier:0
  157. collisions:0 txqueuelen:0
  158. RX bytes:0 (0.0 B) TX bytes:12119 (12.1 KB)
  159.  
  160. (eth1)
  161. veth30cc751 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  162. inet6 addr: X.X.X.X/64 Scope:Link
  163. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  164. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  165. TX packets:83 errors:0 dropped:0 overruns:0 carrier:0
  166. collisions:0 txqueuelen:0
  167. RX bytes:0 (0.0 B) TX bytes:12293 (12.2 KB)
  168.  
  169.  
  170. =========================================================================
  171. Link Statistics
  172. =========================================================================
  173. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
  174. link/loopback MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  175. RX: bytes packets errors dropped overrun mcast
  176. 17671172 5746 0 0 0 0
  177. RX errors: length crc frame fifo missed
  178. 0 0 0 0 0
  179. TX: bytes packets errors dropped carrier collsns
  180. 17671172 5746 0 0 0 0
  181. TX errors: aborted fifo window heartbeat
  182. 0 0 0 0
  183. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
  184. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  185. RX: bytes packets errors dropped overrun mcast
  186. 63638 543 0 0 0 0
  187. RX errors: length crc frame fifo missed
  188. 0 0 0 0 0
  189. TX: bytes packets errors dropped carrier collsns
  190. 63619 661 0 0 0 0
  191. TX errors: aborted fifo window heartbeat
  192. 0 0 0 0
  193. 3: eth1: <BROADCAST,MULTICAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
  194. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  195. RX: bytes packets errors dropped overrun mcast
  196. 7481807 123050 0 0 0 0
  197. RX errors: length crc frame fifo missed
  198. 0 0 0 0 0
  199. TX: bytes packets errors dropped carrier collsns
  200. 270 3 0 0 0 0
  201. TX errors: aborted fifo window heartbeat
  202. 0 0 0 0
  203. 4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
  204. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  205. RX: bytes packets errors dropped overrun mcast
  206. 8717119 1943 0 0 0 0
  207. RX errors: length crc frame fifo missed
  208. 0 0 0 0 0
  209. TX: bytes packets errors dropped carrier collsns
  210. 8471404 1948 0 0 0 0
  211. TX errors: aborted fifo window heartbeat
  212. 0 0 0 0
  213. 5: br-5e455ea35dc9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
  214. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  215. RX: bytes packets errors dropped overrun mcast
  216. 84 3 0 0 0 0
  217. RX errors: length crc frame fifo missed
  218. 0 0 0 0 0
  219. TX: bytes packets errors dropped carrier collsns
  220. 7154 48 0 0 0 0
  221. TX errors: aborted fifo window heartbeat
  222. 0 0 0 0
  223. 7: veth4cb899a@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
  224. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  225. RX: bytes packets errors dropped overrun mcast
  226. 0 0 0 0 0 0
  227. RX errors: length crc frame fifo missed
  228. 0 0 0 0 0
  229. TX: bytes packets errors dropped carrier collsns
  230. 12119 81 0 0 0 0
  231. TX errors: aborted fifo window heartbeat
  232. 0 0 0 0
  233. 9: veth30cc751@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-5e455ea35dc9 state UP mode DEFAULT group default
  234. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  235. RX: bytes packets errors dropped overrun mcast
  236. 0 0 0 0 0 0
  237. RX errors: length crc frame fifo missed
  238. 0 0 0 0 0
  239. TX: bytes packets errors dropped carrier collsns
  240. 12293 83 0 0 0 0
  241. TX errors: aborted fifo window heartbeat
  242. 0 0 0 0
  243. 11: vethe3f2c7f@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
  244. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  245. RX: bytes packets errors dropped overrun mcast
  246. 394426 313 0 0 0 0
  247. RX errors: length crc frame fifo missed
  248. 0 0 0 0 0
  249. TX: bytes packets errors dropped carrier collsns
  250. 44176 489 0 0 0 0
  251. TX errors: aborted fifo window heartbeat
  252. 0 0 0 0
  253. 13: veth186c3f0@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-5e455ea35dc9 state UP mode DEFAULT group default
  254. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  255. RX: bytes packets errors dropped overrun mcast
  256. 1698858 4228 0 0 0 0
  257. RX errors: length crc frame fifo missed
  258. 0 0 0 0 0
  259. TX: bytes packets errors dropped carrier collsns
  260. 9051122 5892 0 0 0 0
  261. TX errors: aborted fifo window heartbeat
  262. 0 0 0 0
  263. 19: vethbe07365@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
  264. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  265. RX: bytes packets errors dropped overrun mcast
  266. 8349109 1613 0 0 0 0
  267. RX errors: length crc frame fifo missed
  268. 0 0 0 0 0
  269. TX: bytes packets errors dropped carrier collsns
  270. 8434654 1503 0 0 0 0
  271. TX errors: aborted fifo window heartbeat
  272. 0 0 0 0
  273. 21: veth1f6f38d@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-5e455ea35dc9 state UP mode DEFAULT group default
  274. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  275. RX: bytes packets errors dropped overrun mcast
  276. 8869665 4978 0 0 0 0
  277. RX errors: length crc frame fifo missed
  278. 0 0 0 0 0
  279. TX: bytes packets errors dropped carrier collsns
  280. 1319126 3647 0 0 0 0
  281. TX errors: aborted fifo window heartbeat
  282. 0 0 0 0
  283. 23: veth08048b7@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
  284. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  285. RX: bytes packets errors dropped overrun mcast
  286. 0 0 0 0 0 0
  287. RX errors: length crc frame fifo missed
  288. 0 0 0 0 0
  289. TX: bytes packets errors dropped carrier collsns
  290. 6056 44 0 0 0 0
  291. TX errors: aborted fifo window heartbeat
  292. 0 0 0 0
  293. 25: vetha658568@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-5e455ea35dc9 state UP mode DEFAULT group default
  294. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  295. RX: bytes packets errors dropped overrun mcast
  296. 125714 526 0 0 0 0
  297. RX errors: length crc frame fifo missed
  298. 0 0 0 0 0
  299. TX: bytes packets errors dropped carrier collsns
  300. 94048 454 0 0 0 0
  301. TX errors: aborted fifo window heartbeat
  302. 0 0 0 0
  303. 27: veth749199a@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
  304. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  305. RX: bytes packets errors dropped overrun mcast
  306. 0 0 0 0 0 0
  307. RX errors: length crc frame fifo missed
  308. 0 0 0 0 0
  309. TX: bytes packets errors dropped carrier collsns
  310. 6056 44 0 0 0 0
  311. TX errors: aborted fifo window heartbeat
  312. 0 0 0 0
  313. 29: veth8d65c25@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-5e455ea35dc9 state UP mode DEFAULT group default
  314. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  315. RX: bytes packets errors dropped overrun mcast
  316. 47012 328 0 0 0 0
  317. RX errors: length crc frame fifo missed
  318. 0 0 0 0 0
  319. TX: bytes packets errors dropped carrier collsns
  320. 303939 260 0 0 0 0
  321. TX errors: aborted fifo window heartbeat
  322. 0 0 0 0
  323.  
  324. =========================================================================
  325. Disk Usage
  326. =========================================================================
  327. Filesystem Size Used Avail Use% Mounted on
  328. udev 1.5G 4.0K 1.5G 1% /dev
  329. tmpfs 300M 1.5M 298M 1% /run
  330. /dev/sda1 17G 8.1G 7.8G 52% /
  331. none 4.0K 0 4.0K 0% /sys/fs/cgroup
  332. none 5.0M 0 5.0M 0% /run/lock
  333. none 1.5G 1.4M 1.5G 1% /run/shm
  334. none 100M 28K 100M 1% /run/user
  335. none 17G 8.1G 7.8G 52% /var/lib/docker/aufs/mnt/e1018557b4576b3405641725f304af113fde9af85544ed1e3ed345b009431772
  336. shm 64M 0 64M 0% /var/lib/docker/containers/9f10032d2013c0217207be21bc1f05c239f210d4bf34e43e4e7f7cee6c03cf73/mounts/shm
  337. none 17G 8.1G 7.8G 52% /var/lib/docker/aufs/mnt/bb4eb4a68340aaa3618e4be7eed857ecdf608e4f0f6a279b172ccb7a27daea74
  338. shm 64M 0 64M 0% /var/lib/docker/containers/0eaeea57cf6c07d34c3f46f989f4dfdabd62e8e3bb2cdbef7c527ea4f129a45b/mounts/shm
  339. none 17G 8.1G 7.8G 52% /var/lib/docker/aufs/mnt/9caddd7f611302447461de6f24456836831f5fda7ab547bb0d8319dd78d6676b
  340. shm 64M 0 64M 0% /var/lib/docker/containers/a5ad18aedd369a71c02c2c6a18ca5f59bb80f347b66f1f2cb35e08ec7594550d/mounts/shm
  341. none 17G 8.1G 7.8G 52% /var/lib/docker/aufs/mnt/27e54819e8195f9b7c2226b4cd1dcb0c3e736f578513cdd892b3117d08edea98
  342. shm 64M 0 64M 0% /var/lib/docker/containers/2b27abf540bde224175d693e5704903f5c3d9f6aa98df1f507f42d66fc5222af/mounts/shm
  343. none 17G 8.1G 7.8G 52% /var/lib/docker/aufs/mnt/ec071781c730bcf68046102e1cb746860810973521765c2282340ed3f73a8f92
  344. shm 64M 0 64M 0% /var/lib/docker/containers/2adb19d0a241e32e9cecd2d029311400b6634ae0a9617ace2f8351e22545acc5/mounts/shm
  345.  
  346. =========================================================================
  347. Network Sockets
  348. =========================================================================
  349. COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
  350. avahi-dae 733 avahi 12u IPv4 11337 0t0 UDP *:5353
  351. avahi-dae 733 avahi 13u IPv6 11338 0t0 UDP *:5353
  352. avahi-dae 733 avahi 14u IPv4 11339 0t0 UDP *:33062
  353. avahi-dae 733 avahi 15u IPv6 11340 0t0 UDP *:43467
  354. sshd 1704 root 3u IPv4 13613 0t0 TCP *:ssh_port (LISTEN)
  355. sshd 1704 root 4u IPv6 13615 0t0 TCP *:ssh_port (LISTEN)
  356. cups-brow 1792 root 6u IPv6 20351 0t0 TCP [X.X.X.X]:55548->[X.X.X.X]:631 (CLOSE_WAIT)
  357. cups-brow 1792 root 8u IPv4 20358 0t0 UDP *:631
  358. cupsd 3186 root 10u IPv6 20281 0t0 TCP [X.X.X.X]:631 (LISTEN)
  359. cupsd 3186 root 11u IPv4 20282 0t0 TCP X.X.X.X:631 (LISTEN)
  360. mysqld 3619 mysql 10u IPv4 21250 0t0 TCP X.X.X.X:3306 (LISTEN)
  361. tclsh 5472 SO-user 13u IPv4 24159 0t0 TCP *:7734 (LISTEN)
  362. tclsh 5472 SO-user 14u IPv6 24160 0t0 TCP *:7734 (LISTEN)
  363. tclsh 5472 SO-user 15u IPv4 24163 0t0 TCP *:7736 (LISTEN)
  364. tclsh 5472 SO-user 16u IPv6 24164 0t0 TCP *:7736 (LISTEN)
  365. tclsh 5472 SO-user 17u IPv4 24394 0t0 TCP X.X.X.X:7736->X.X.X.X:40500 (ESTABLISHED)
  366. tclsh 5472 SO-user 18u IPv4 29808 0t0 TCP X.X.X.X:7736->X.X.X.X:35440 (ESTABLISHED)
  367. tclsh 5472 SO-user 19u IPv4 29975 0t0 TCP X.X.X.X:7736->X.X.X.X:41428 (ESTABLISHED)
  368. tclsh 5522 SO-user 3u IPv4 24393 0t0 TCP X.X.X.X:40500->X.X.X.X:7736 (ESTABLISHED)
  369. tclsh 5930 SO-user 3u IPv4 29807 0t0 TCP X.X.X.X:35440->X.X.X.X:7736 (ESTABLISHED)
  370. tclsh 5949 SO-user 3u IPv4 29974 0t0 TCP X.X.X.X:41428->X.X.X.X:7736 (ESTABLISHED)
  371. tclsh 5949 SO-user 4u IPv4 29976 0t0 TCP X.X.X.X:8101 (LISTEN)
  372. tclsh 5949 SO-user 5u IPv4 33845 0t0 TCP X.X.X.X:8101->X.X.X.X:33716 (ESTABLISHED)
  373. barnyard2 6034 SO-user 3u IPv4 33844 0t0 TCP X.X.X.X:33716->X.X.X.X:8101 (ESTABLISHED)
  374. docker-pr 6983 root 4u IPv4 31895 0t0 TCP X.X.X.X:9300 (LISTEN)
  375. docker-pr 7001 root 4u IPv4 31925 0t0 TCP X.X.X.X:9200 (LISTEN)
  376. docker-pr 8073 root 4u IPv4 36010 0t0 TCP X.X.X.X:5601 (LISTEN)
  377. ntpd 8699 ntp 16u IPv4 37398 0t0 UDP *:123
  378. ntpd 8699 ntp 17u IPv6 37399 0t0 UDP *:123
  379. ntpd 8699 ntp 18u IPv4 37405 0t0 UDP X.X.X.X:123
  380. ntpd 8699 ntp 19u IPv4 37406 0t0 UDP X.X.X.X:123
  381. ntpd 8699 ntp 20u IPv4 37407 0t0 UDP X.X.X.X:123
  382. ntpd 8699 ntp 21u IPv4 37408 0t0 UDP X.X.X.X:123
  383. ntpd 8699 ntp 22u IPv6 37409 0t0 UDP [X.X.X.X]:123
  384. ntpd 8699 ntp 24u IPv6 37411 0t0 UDP [X.X.X.X]:123
  385. ntpd 8699 ntp 25u IPv6 37412 0t0 UDP [X.X.X.X]:123
  386. ntpd 8699 ntp 26u IPv6 37413 0t0 UDP [X.X.X.X]:123
  387. ntpd 8699 ntp 27u IPv6 37414 0t0 UDP [X.X.X.X]:123
  388. ntpd 8699 ntp 28u IPv6 37415 0t0 UDP [X.X.X.X]:123
  389. ntpd 8699 ntp 30u IPv6 37417 0t0 UDP [X.X.X.X]:123
  390. ntpd 8699 ntp 31u IPv6 37418 0t0 UDP [X.X.X.X]:123
  391. ntpd 8699 ntp 32u IPv6 37419 0t0 UDP [X.X.X.X]:123
  392. ntpd 8699 ntp 33u IPv6 37420 0t0 UDP [X.X.X.X]:123
  393. ntpd 8699 ntp 35u IPv6 43046 0t0 UDP [X.X.X.X]:123
  394. ntpd 8699 ntp 36u IPv6 43047 0t0 UDP [X.X.X.X]:123
  395. ntpd 8699 ntp 37u IPv6 43048 0t0 UDP [X.X.X.X]:123
  396. ntpd 8699 ntp 38u IPv6 43049 0t0 UDP [X.X.X.X]:123
  397. apache2 9546 root 4u IPv6 41648 0t0 TCP *:443 (LISTEN)
  398. apache2 9550 www-data 4u IPv6 41648 0t0 TCP *:443 (LISTEN)
  399. apache2 9551 www-data 4u IPv6 41648 0t0 TCP *:443 (LISTEN)
  400. apache2 9552 www-data 4u IPv6 41648 0t0 TCP *:443 (LISTEN)
  401. apache2 9553 www-data 4u IPv6 41648 0t0 TCP *:443 (LISTEN)
  402. apache2 9554 www-data 4u IPv6 41648 0t0 TCP *:443 (LISTEN)
  403. syslog-ng 9621 root 12u IPv4 41705 0t0 TCP *:514 (LISTEN)
  404. syslog-ng 9621 root 13u IPv4 41706 0t0 UDP *:514
  405. ossec-csy 9728 ossecm 5u IPv4 41919 0t0 UDP X.X.X.X:42224->X.X.X.X:514
  406. bro 10369 SO-user 4u IPv4 42711 0t0 UDP X.X.X.X:43904->X.X.X.X:53
  407. bro 10380 SO-user 0u IPv4 42765 0t0 TCP *:47760 (LISTEN)
  408. bro 10380 SO-user 1u IPv6 42766 0t0 TCP *:47760 (LISTEN)
  409. bro 10380 SO-user 4u IPv4 42711 0t0 UDP X.X.X.X:43904->X.X.X.X:53
  410.  
  411. =========================================================================
  412. CPU Usage
  413. =========================================================================
  414. Load average for the last 1, 5, and 15 minutes:
  415. 1.12 1.78 1.69
  416. Processing units: 1
  417. If load average is higher than processing units,
  418. then tune until load average is lower than processing units.
  419.  
  420. top - 14:24:20 up 16 min, 4 users, load average: 1.12, 1.78, 1.69
  421. Tasks: 272 total, 1 running, 271 sleeping, 0 stopped, 0 zombie
  422. %Cpu(s): 53.4 us, 8.6 sy, 5.7 ni, 27.1 id, 4.6 wa, 0.0 hi, 0.6 si, 0.0 st
  423. KiB Mem: 3062204 total, 2969180 used, 93024 free, 25092 buffers
  424. KiB Swap: 3143676 total, 522228 used, 2621448 free. 902160 cached Mem
  425.  
  426. %CPU %MEM COMMAND
  427. 7.7 5.9 /opt/bro/bin/bro -i eth1 -U .status -p broctl -p broctl-live -p standalone -p local -p bro local.bro broctl broctl/standalone broctl/auto
  428. 3.5 7.2 wireshark
  429. 3.3 33.0 /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -Xms765m -Xmx765m -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.io.tmpdir=/tmp/elasticsearch.8DTPA80e -XX:+HeapDumpOnOutOfMemoryError -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime -Xloggc:logs/gc.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=32 -XX:GCLogFileSize=64m -Des.cgroups.hierarchy.override=/ -Des.path.home=/usr/share/elasticsearch -Des.path.conf=/usr/share/elasticsearch/config -cp /usr/share/elasticsearch/lib/* org.elasticsearch.bootstrap.Elasticsearch -Ecluster.name=SO-server -Ebootstrap.memory_lock=true -Etransport.host=X.X.X.X -Ehttp.host=X.X.X.X
  430. 3.1 4.1 snort -c /etc/nsm/SO-server-eth1/snort.conf -u SO-user -g SO-user -i eth1 -l /nsm/sensor_data/SO-server-eth1/snort-1 --perfmon-file /nsm/sensor_data/SO-server-eth1/snort-1.stats -U --snaplen 1524
  431. 1.2 2.4 /usr/share/kibana/bin/../node/bin/node --no-warnings /usr/share/kibana/bin/../src/cli --cpu.cgroup.path.override=/ --cpuacct.cgroup.path.override=/ --kibana.defaultAppId=dashboard/94b52620-342a-11e7-9d52-4f090484f59e
  432. 1.0 1.1 /usr/lib/xorg/Xorg -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
  433. 0.8 0.2 barnyard2 -c /etc/nsm/SO-server-eth1/barnyard2-1.conf -u SO-user -g SO-user -d /nsm/sensor_data/SO-server-eth1/snort-1 -f snort.unified2 -w /etc/nsm/SO-server-eth1/barnyard2.waldo-1 -i SO-server-eth1-1 -U
  434. 0.8 0.0 /var/ossec/bin/ossec-syscheckd
  435. 0.7 0.0 [kswapd0]
  436. 0.4 0.0 /var/ossec/bin/ossec-analysisd
  437. 0.3 0.1 /usr/bin/python3 /usr/bin/update-manager
  438. 0.3 0.8 xfce4-terminal
  439. 0.2 1.0 /usr/bin/dockerd --raw-logs
  440. 0.2 0.7 python -m elastalert.elastalert --config /etc/elastalert/conf/elastalert_config.yaml --verbose
  441. 0.1 0.1 /sbin/init
  442. 0.1 0.3 docker-containerd --config /var/run/docker/containerd/containerd.toml
  443. 0.1 0.1 /usr/sbin/vmtoolsd
  444. 0.1 0.6 xfdesktop --display :0.0 --sm-client-id 2f62bb50b-ad07-48b7-ad16-9a6b84d818b4
  445. 0.1 0.2 /usr/lib/vmware-tools/sbin64/vmtoolsd -n vmusr --blockFd 3
  446. 0.1 2.2 netsniff-ng -i eth1 -o /nsm/sensor_data/SO-server-eth1/dailylogs/2018-04-12/ --user 1001 --group 1001 -s --prefix snort.log. --verbose --ring-size 64 iB --interval 150 iB -c
  447. 0.1 0.1 /usr/bin/python /opt/freq_server/freq/freq_server.py -ip X.X.X.X 10004 /opt/freq_server/freq/freq_table.freq
  448. 0.1 0.0 [kworker/0:2]
  449. 0.1 0.2 bash
  450. 0.0 0.0 [kthreadd]
  451. 0.0 0.0 [ksoftirqd/0]
  452. 0.0 0.0 [kworker/0:0H]
  453. 0.0 0.0 [rcu_sched]
  454. 0.0 0.0 [rcu_bh]
  455. 0.0 0.0 [migration/0]
  456. 0.0 0.0 [watchdog/0]
  457. 0.0 0.0 [kdevtmpfs]
  458. 0.0 0.0 [netns]
  459. 0.0 0.0 [perf]
  460. 0.0 0.0 [khungtaskd]
  461. 0.0 0.0 [writeback]
  462. 0.0 0.0 [ksmd]
  463. 0.0 0.0 [khugepaged]
  464. 0.0 0.0 [crypto]
  465. 0.0 0.0 [kintegrityd]
  466. 0.0 0.0 [bioset]
  467. 0.0 0.0 [kblockd]
  468. 0.0 0.0 [ata_sff]
  469. 0.0 0.0 [md]
  470. 0.0 0.0 [devfreq_wq]
  471. 0.0 0.0 [kworker/0:1]
  472. 0.0 0.0 [vmstat]
  473. 0.0 0.0 [fsnotify_mark]
  474. 0.0 0.0 [ecryptfs-kthrea]
  475. 0.0 0.0 [kthrotld]
  476. 0.0 0.0 [acpi_thermal_pm]
  477. 0.0 0.0 [bioset]
  478. 0.0 0.0 [bioset]
  479. 0.0 0.0 [bioset]
  480. 0.0 0.0 [bioset]
  481. 0.0 0.0 [bioset]
  482. 0.0 0.0 [bioset]
  483. 0.0 0.0 [bioset]
  484. 0.0 0.0 [bioset]
  485. 0.0 0.0 [scsi_eh_0]
  486. 0.0 0.0 [scsi_tmf_0]
  487. 0.0 0.0 [scsi_eh_1]
  488. 0.0 0.0 [scsi_tmf_1]
  489. 0.0 0.0 [ipv6_addrconf]
  490. 0.0 0.0 [deferwq]
  491. 0.0 0.0 [charger_manager]
  492. 0.0 0.0 [mpt_poll_0]
  493. 0.0 0.0 [mpt/0]
  494. 0.0 0.0 [kpsmoused]
  495. 0.0 0.0 [scsi_eh_2]
  496. 0.0 0.0 [scsi_tmf_2]
  497. 0.0 0.0 [bioset]
  498. 0.0 0.0 [ttm_swap]
  499. 0.0 0.0 [scsi_eh_3]
  500. 0.0 0.0 [scsi_tmf_3]
  501. 0.0 0.0 [scsi_eh_4]
  502. 0.0 0.0 [scsi_tmf_4]
  503. 0.0 0.0 [scsi_eh_5]
  504. 0.0 0.0 [scsi_tmf_5]
  505. 0.0 0.0 [scsi_eh_6]
  506. 0.0 0.0 [scsi_tmf_6]
  507. 0.0 0.0 [scsi_eh_7]
  508. 0.0 0.0 [scsi_tmf_7]
  509. 0.0 0.0 [scsi_eh_8]
  510. 0.0 0.0 [scsi_tmf_8]
  511. 0.0 0.0 [scsi_eh_9]
  512. 0.0 0.0 [scsi_tmf_9]
  513. 0.0 0.0 [scsi_eh_10]
  514. 0.0 0.0 [scsi_tmf_10]
  515. 0.0 0.0 [scsi_eh_11]
  516. 0.0 0.0 [scsi_tmf_11]
  517. 0.0 0.0 [scsi_eh_12]
  518. 0.0 0.0 [scsi_tmf_12]
  519. 0.0 0.0 [scsi_eh_13]
  520. 0.0 0.0 [scsi_tmf_13]
  521. 0.0 0.0 [scsi_eh_14]
  522. 0.0 0.0 [scsi_tmf_14]
  523. 0.0 0.0 [scsi_eh_15]
  524. 0.0 0.0 [scsi_tmf_15]
  525. 0.0 0.0 [scsi_eh_16]
  526. 0.0 0.0 [scsi_tmf_16]
  527. 0.0 0.0 [scsi_eh_17]
  528. 0.0 0.0 [scsi_tmf_17]
  529. 0.0 0.0 [scsi_eh_18]
  530. 0.0 0.0 [scsi_tmf_18]
  531. 0.0 0.0 [scsi_eh_19]
  532. 0.0 0.0 [scsi_tmf_19]
  533. 0.0 0.0 [scsi_eh_20]
  534. 0.0 0.0 [scsi_tmf_20]
  535. 0.0 0.0 [scsi_eh_21]
  536. 0.0 0.0 [scsi_tmf_21]
  537. 0.0 0.0 [scsi_eh_22]
  538. 0.0 0.0 [scsi_tmf_22]
  539. 0.0 0.0 [scsi_eh_23]
  540. 0.0 0.0 [scsi_tmf_23]
  541. 0.0 0.0 [scsi_eh_24]
  542. 0.0 0.0 [scsi_tmf_24]
  543. 0.0 0.0 [scsi_eh_25]
  544. 0.0 0.0 [scsi_tmf_25]
  545. 0.0 0.0 [scsi_eh_26]
  546. 0.0 0.0 [scsi_tmf_26]
  547. 0.0 0.0 [scsi_eh_27]
  548. 0.0 0.0 [scsi_tmf_27]
  549. 0.0 0.0 [scsi_eh_28]
  550. 0.0 0.0 [scsi_tmf_28]
  551. 0.0 0.0 [scsi_eh_29]
  552. 0.0 0.0 [scsi_tmf_29]
  553. 0.0 0.0 [scsi_eh_30]
  554. 0.0 0.0 [scsi_tmf_30]
  555. 0.0 0.0 [scsi_eh_31]
  556. 0.0 0.0 [scsi_tmf_31]
  557. 0.0 0.0 [scsi_eh_32]
  558. 0.0 0.0 [scsi_tmf_32]
  559. 0.0 0.0 [kworker/u256:29]
  560. 0.0 0.0 [bioset]
  561. 0.0 0.0 [bioset]
  562. 0.0 0.0 [jbd2/sda1-8]
  563. 0.0 0.0 [ext4-rsv-conver]
  564. 0.0 0.0 [kworker/0:1H]
  565. 0.0 0.0 upstart-udev-bridge --daemon
  566. 0.0 0.0 /lib/systemd/systemd-udevd --daemon
  567. 0.0 0.0 dbus-daemon --system --fork
  568. 0.0 0.0 /lib/systemd/systemd-logind
  569. 0.0 0.0 /usr/sbin/bluetoothd
  570. 0.0 0.0 avahi-daemon: running [SO-server.local]
  571. 0.0 0.0 avahi-daemon: chroot helper
  572. 0.0 0.0 [krfcommd]
  573. 0.0 0.0 upstart-file-bridge --daemon
  574. 0.0 0.0 [kmpathd]
  575. 0.0 0.0 [kmpath_handlerd]
  576. 0.0 0.0 upstart-socket-bridge --daemon
  577. 0.0 0.0 /sbin/getty -8 38400 tty4
  578. 0.0 0.0 /sbin/getty -8 38400 tty5
  579. 0.0 0.0 thermald --no-daemon --dbus-enable
  580. 0.0 0.0 /sbin/getty -8 38400 tty2
  581. 0.0 0.0 /sbin/getty -8 38400 tty3
  582. 0.0 0.0 /sbin/getty -8 38400 tty6
  583. 0.0 0.0 /usr/sbin/sshd -D
  584. 0.0 0.0 cron
  585. 0.0 0.0 acpid -c /etc/acpi/events -s /var/run/acpid.socket
  586. 0.0 0.0 [kauditd]
  587. 0.0 0.0 lightdm
  588. 0.0 0.0 /usr/sbin/cups-browsed
  589. 0.0 0.0 /usr/lib/accountsservice/accounts-daemon
  590. 0.0 0.1 /usr/lib/policykit-1/polkitd --no-debug
  591. 0.0 0.0 /usr/sbin/kerneloops
  592. 0.0 0.0 lightdm --session-child 12 15
  593. 0.0 0.0 init --user
  594. 0.0 0.0 /usr/sbin/vmware-vmblock-fuse -o subtype=vmware-vmblock,default_permissions,allow_other /var/run/vmblock-fuse
  595. 0.0 0.0 dbus-daemon --fork --session --address=unix:abstract=/tmp/dbus-q2zm7lfNju
  596. 0.0 0.0 upstart-event-bridge
  597. 0.0 0.0 upstart-dbus-bridge --daemon --session --user --bus-name session
  598. 0.0 0.0 upstart-dbus-bridge --daemon --system --user --bus-name system
  599. 0.0 0.0 upstart-file-bridge --daemon --user
  600. 0.0 0.0 gnome-keyring-daemon --start --components pkcs11,secrets
  601. 0.0 0.0 /usr/lib/vmware-vgauth/VGAuthService -s
  602. 0.0 0.1 //usr/lib/vmware-caf/pme/bin/ManagementAgentHost
  603. 0.0 0.0 /bin/sh /etc/xdg/xfce4/xinitrc -- /etc/X11/xinit/xserverrc
  604. 0.0 0.1 xfce4-session
  605. 0.0 0.0 /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  606. 0.0 0.0 /usr/lib/at-spi2-core/at-spi-bus-launcher
  607. 0.0 0.0 /bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork --print-address 3
  608. 0.0 0.0 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
  609. 0.0 0.0 /usr/bin/ssh-agent -s
  610. 0.0 0.2 xfwm4 --display :0.0 --sm-client-id 24dd69015-5e3f-4005-ba7a-fb57e5ccbb90
  611. 0.0 0.0 /usr/lib/gvfs/gvfsd
  612. 0.0 0.0 /usr/lib/gvfs/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
  613. 0.0 0.5 Thunar --sm-client-id 253c52dfb-ef45-42c2-aa36-1e94af7c0222 --daemon
  614. 0.0 0.3 xfce4-panel --display :0.0 --sm-client-id 26b4eea9e-73b4-45a4-ac23-6e332d0ab8df
  615. 0.0 0.0 /usr/lib/gvfs/gvfs-udisks2-volume-monitor
  616. 0.0 0.1 /usr/lib/udisks2/udisksd --no-debug
  617. 0.0 0.0 xfsettingsd --display :0.0 --sm-client-id 2ead7ddd1-8832-41d8-993e-0101578f463d
  618. 0.0 0.0 /usr/lib/upower/upowerd
  619. 0.0 0.5 /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libwhiskermenu.so 1 12582944 whiskermenu Whisker Menu Show a menu to easily access installed applications
  620. 0.0 0.0 /usr/lib/gvfs/gvfs-mtp-volume-monitor
  621. 0.0 0.0 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
  622. 0.0 0.1 /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 4 12582945 systray Notification Area Area where notification icons appear
  623. 0.0 0.1 /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libindicator-plugin.so 5 12582946 indicator Indicator Plugin Provides a panel area for Unity indicators. Indicators allow applications and system services to display their status and interact with the user.
  624. 0.0 0.0 /usr/lib/gvfs/gvfs-afc-volume-monitor
  625. 0.0 0.0 xfce4-power-manager --restart --sm-client-id 2d5f0ba76-76da-44c8-a375-eb5b73825023
  626. 0.0 0.0 /usr/lib/x86_64-linux-gnu/indicator-power/indicator-power-service
  627. 0.0 0.0 /usr/lib/x86_64-linux-gnu/indicator-application/indicator-application-service
  628. 0.0 0.1 xfce4-power-manager
  629. 0.0 0.0 light-locker
  630. 0.0 0.0 /usr/bin/python /usr/share/system-config-printer/applet.py
  631. 0.0 0.0 /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
  632. 0.0 0.1 xfce4-volumed
  633. 0.0 0.1 update-notifier
  634. 0.0 0.1 nm-applet
  635. 0.0 0.1 /usr/bin/python /usr/bin/blueman-applet
  636. 0.0 0.1 /usr/lib/gvfs/gvfsd-trash --spawner :1.12 /org/gtk/gvfs/exec_spaw/0
  637. 0.0 0.0 init --user --startup-event indicator-services-start
  638. 0.0 0.0 /usr/lib/x86_64-linux-gnu/indicator-messages/indicator-messages-service
  639. 0.0 0.0 /usr/bin/pulseaudio --start --log-target=syslog
  640. 0.0 0.0 /usr/lib/rtkit/rtkit-daemon
  641. 0.0 0.0 /usr/lib/x86_64-linux-gnu/gconf/gconfd-2
  642. 0.0 0.0 /usr/bin/obex-data-server --no-daemon
  643. 0.0 0.0 /usr/lib/dconf/dconf-service
  644. 0.0 0.0 /usr/sbin/cupsd -f
  645. 0.0 0.2 /usr/sbin/mysqld
  646. 0.0 0.0 su - SO-user -- /usr/bin/SO-userd -c /etc/nsm/securityonion/SO-userd.conf -a /etc/nsm/securityonion/autocat.conf -g /etc/nsm/securityonion/SO-userd.queries -A /etc/nsm/securityonion/SO-userd.access -C /etc/nsm/securityonion/certs
  647. 0.0 0.2 tclsh /usr/bin/SO-userd -c /etc/nsm/securityonion/SO-userd.conf -a /etc/nsm/securityonion/autocat.conf -g /etc/nsm/securityonion/SO-userd.queries -A /etc/nsm/securityonion/SO-userd.access -C /etc/nsm/securityonion/certs
  648. 0.0 0.0 tclsh /usr/bin/SO-userd -c /etc/nsm/securityonion/SO-userd.conf -a /etc/nsm/securityonion/autocat.conf -g /etc/nsm/securityonion/SO-userd.queries -A /etc/nsm/securityonion/SO-userd.access -C /etc/nsm/securityonion/certs
  649. 0.0 0.0 tclsh /usr/bin/SO-userd -c /etc/nsm/securityonion/SO-userd.conf -a /etc/nsm/securityonion/autocat.conf -g /etc/nsm/securityonion/SO-userd.queries -A /etc/nsm/securityonion/SO-userd.access -C /etc/nsm/securityonion/certs
  650. 0.0 0.0 su - SO-user -- /usr/bin/ossec_agent.tcl -o -f /var/ossec/logs/alerts/alerts.log -i X.X.X.X -p 5 -c /etc/nsm/ossec/ossec_agent.conf
  651. 0.0 0.0 tclsh /usr/bin/ossec_agent.tcl -o -f /var/ossec/logs/alerts/alerts.log -i X.X.X.X -p 5 -c /etc/nsm/ossec/ossec_agent.conf
  652. 0.0 0.0 tail -n 0 -F /var/ossec/logs/alerts/alerts.log
  653. 0.0 0.0 su - SO-user -- /usr/bin/pcap_agent.tcl -c /etc/nsm/SO-server-eth1/pcap_agent.conf
  654. 0.0 0.1 tclsh /usr/bin/pcap_agent.tcl -c /etc/nsm/SO-server-eth1/pcap_agent.conf
  655. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/SO-server-eth1/snort_agent-1.conf
  656. 0.0 0.1 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/SO-server-eth1/snort_agent-1.conf
  657. 0.0 0.0 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/9f10032d2013c0217207be21bc1f05c239f210d4bf34e43e4e7f7cee6c03cf73 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
  658. 0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 9300 -container-ip X.X.X.X -container-port 9300
  659. 0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 9200 -container-ip X.X.X.X -container-port 9200
  660. 0.0 0.0 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/0eaeea57cf6c07d34c3f46f989f4dfdabd62e8e3bb2cdbef7c527ea4f129a45b -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
  661. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/SO-server-eth1/snort-1.stats
  662. 0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 5601 -container-ip X.X.X.X -container-port 5601
  663. 0.0 0.0 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/a5ad18aedd369a71c02c2c6a18ca5f59bb80f347b66f1f2cb35e08ec7594550d -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
  664. 0.0 0.0 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 117:126
  665. 0.0 0.0 /sbin/getty -8 38400 tty1
  666. 0.0 0.0 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/2b27abf540bde224175d693e5704903f5c3d9f6aa98df1f507f42d66fc5222af -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
  667. 0.0 0.1 /usr/bin/python /usr/bin/supervisord -c /etc/elastalert/conf/elastalert_supervisord.conf -n
  668. 0.0 0.0 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/2adb19d0a241e32e9cecd2d029311400b6634ae0a9617ace2f8351e22545acc5 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
  669. 0.0 0.0 /bin/bash
  670. 0.0 0.2 /usr/sbin/apache2 -k start
  671. 0.0 0.0 /usr/sbin/apache2 -k start
  672. 0.0 0.0 /usr/sbin/apache2 -k start
  673. 0.0 0.0 /usr/sbin/apache2 -k start
  674. 0.0 0.0 /usr/sbin/apache2 -k start
  675. 0.0 0.0 /usr/sbin/apache2 -k start
  676. 0.0 0.0 supervising syslog-ng
  677. 0.0 0.5 /usr/sbin/syslog-ng -p /var/run/syslog-ng.pid
  678. 0.0 0.0 /var/ossec/bin/ossec-csyslogd
  679. 0.0 0.0 /var/ossec/bin/ossec-execd
  680. 0.0 0.0 /var/ossec/bin/ossec-logcollector
  681. 0.0 0.0 /var/ossec/bin/ossec-monitord
  682. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth1 -U .status -p broctl -p broctl-live -p standalone -p local -p bro local.bro broctl broctl/standalone broctl/auto
  683. 0.0 2.4 /opt/bro/bin/bro -i eth1 -U .status -p broctl -p broctl-live -p standalone -p local -p bro local.bro broctl broctl/standalone broctl/auto
  684. 0.0 0.0 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 117:126
  685. 0.0 0.0 [kworker/u256:0]
  686. 0.0 0.0 [kworker/0:0]
  687. 0.0 0.0 gnome-pty-helper
  688. 0.0 0.2 bash
  689. 0.0 0.2 bash
  690. 0.0 0.1 sudo wireshark
  691. 0.0 0.0 [cfg80211]
  692. 0.0 0.1 /usr/bin/dumpcap -n -i eth1 -y EN10MB -Z none
  693. 0.0 0.0 [kworker/u256:1]
  694. 0.0 0.1 sudo sostat-redacted
  695. 0.0 0.0 /bin/bash /usr/sbin/sostat-redacted
  696. 0.0 0.0 /bin/bash /usr/sbin/sostat
  697. 0.0 0.0 ps -eo pcpu,pmem,args --sort -pcpu
  698.  
  699. =========================================================================
  700. Packets received during last monitoring interval (600 seconds)
  701. =========================================================================
  702.  
  703. eth1: 121958
  704.  
  705. =========================================================================
  706. Packet Loss Stats
  707. =========================================================================
  708.  
  709. NIC:
  710.  
  711. eth1:
  712.  
  713. RX packets:123050 dropped:0 TX packets:3 dropped:0
  714.  
  715. -------------------------------------------------------------------------
  716.  
  717. pf_ring:
  718.  
  719. Appl. Name : <unknown>
  720. Tot Packets : 122132
  721. Tot Pkt Lost : 0
  722.  
  723.  
  724. Appl. Name : snort-cluster-52-socket-0
  725. Tot Packets : 122387
  726. Tot Pkt Lost : 21315
  727.  
  728. -------------------------------------------------------------------------
  729.  
  730. IDS Engine (snort) packet drops:
  731.  
  732. ERROR: No stats found in /nsm/sensor_data/SO-server-eth1/snort-1.stats
  733. -------------------------------------------------------------------------
  734.  
  735. Bro:
  736.  
  737. Average packet loss as percent across all Bro workers: 0.000000
  738.  
  739. bro: 1523543060.857155 recvd=122132 dropped=0 link=122132
  740.  
  741. No capture loss reported.
  742.  
  743. -------------------------------------------------------------------------
  744.  
  745. Netsniff-NG:
  746.  
  747. 0 Loss
  748.  
  749. =========================================================================
  750. PF_RING
  751. =========================================================================
  752. PF_RING Version : 6.6.0 (unknown)
  753. Total rings : 2
  754.  
  755. Standard (non ZC) Options
  756. Ring slots : 4096
  757. Slot version : 16
  758. Capture TX : Yes [RX+TX]
  759. IP Defragment : No
  760. Socket Mode : Standard
  761. Cluster Fragment Queue : 0
  762. Cluster Fragment Discard : 0
  763.  
  764. =========================================================================
  765. Log Archive
  766. =========================================================================
  767. /nsm/sensor_data/SO-server-eth0/dailylogs/ - 0 days
  768. 4.0K .
  769.  
  770. /nsm/sensor_data/SO-server-eth1/dailylogs/ - 1 days
  771. 9.0M .
  772. 9.0M ./2018-04-12
  773.  
  774. /nsm/bro/logs/ - 1 days
  775. 108K .
  776. 84K ./2018-04-12
  777. 20K ./stats
  778.  
  779. =========================================================================
  780. Sguil Uncategorized Events
  781. =========================================================================
  782. COUNT(*)
  783. 85
  784.  
  785. =========================================================================
  786. Sguil events summary for yesterday
  787. =========================================================================
  788. Total
  789. 0
  790.  
  791. =========================================================================
  792. Top 50 All time Sguil Events
  793. =========================================================================
  794. Totals GenID:SigID Signature
  795. 51 1:2100366 GPL ICMP_INFO PING *NIX
  796. Total
  797. 51
  798.  
  799. =========================================================================
  800. Last update
  801. =========================================================================
  802.  
  803. Start-Date: 2018-04-12 14:56:11
  804. Commandline: aptdaemon role='role-commit-packages' sender=':1.83'
  805. Install: linux-image-extra-4.4.0-119-generic:amd64 (4.4.0-119.143~14.04.1), linux-image-4.4.0-119-generic:amd64 (4.4.0-119.143~14.04.1), linux-headers-4.4.0-119-generic:amd64 (4.4.0-119.143~14.04.1), linux-headers-4.4.0-119:amd64 (4.4.0-119.143~14.04.1)
  806. Upgrade: python-crypto:amd64 (2.6.1-4ubuntu0.2, 2.6.1-4ubuntu0.3), libruby1.9.1:amd64 (X.X.X.X-2ubuntu1.7, X.X.X.X-2ubuntu1.8), avahi-daemon:amd64 (0.6.31-4ubuntu1.1, 0.6.31-4ubuntu1.2), ubuntu-release-upgrader-gtk:amd64 (0.220.9, 0.220.10), libwayland-server0:amd64 (1.4.0-1ubuntu1, 1.4.0-1ubuntu1.1), securityonion-nsmnow-admin-scripts:amd64 (20120724-0ubuntu0securityonion165, 20120724-0ubuntu0securityonion166), linux-generic-lts-xenial:amd64 (X.X.X.X.98, X.X.X.X.100), libavahi-glib1:amd64 (0.6.31-4ubuntu1.1, 0.6.31-4ubuntu1.2), patch:amd64 (2.7.1-4ubuntu2.3, 2.7.1-4ubuntu2.4), libwayland-cursor0:amd64 (1.4.0-1ubuntu1, 1.4.0-1ubuntu1.1), linux-headers-generic-lts-xenial:amd64 (X.X.X.X.98, X.X.X.X.100), libavahi-common-data:amd64 (0.6.31-4ubuntu1.1, 0.6.31-4ubuntu1.2), libavahi-client3:amd64 (0.6.31-4ubuntu1.1, 0.6.31-4ubuntu1.2), libavahi-core7:amd64 (0.6.31-4ubuntu1.1, 0.6.31-4ubuntu1.2), libwayland-client0:amd64 (1.4.0-1ubuntu1, 1.4.0-1ubuntu1.1), libavahi-common3:amd64 (0.6.31-4ubuntu1.1, 0.6.31-4ubuntu1.2), python3-distupgrade:amd64 (0.220.9, 0.220.10), avahi-utils:amd64 (0.6.31-4ubuntu1.1, 0.6.31-4ubuntu1.2), linux-image-generic-lts-xenial:amd64 (X.X.X.X.98, X.X.X.X.100), ruby1.9.1:amd64 (X.X.X.X-2ubuntu1.7, X.X.X.X-2ubuntu1.8), securityonion-networkminer:amd64 (20170828-1ubuntu1securityonion1, 20180410-1ubuntu1securityonion1), ubuntu-release-upgrader-core:amd64 (0.220.9, 0.220.10), linux-libc-dev:amd64 (3.13.0-143.192, 3.13.0-144.193), avahi-autoipd:amd64 (0.6.31-4ubuntu1.1, 0.6.31-4ubuntu1.2)
  807. End-Date: 2018-04-12 14:57:28
  808.  
  809. =========================================================================
  810. Elasticsearch
  811. =========================================================================
  812.  
  813. Elasticsearch is running.
  814.  
  815. Cluster Name: "SO-server"
  816. Cluster Status: "green"
  817. Total Nodes: 1
  818. Failed Nodes: 0
  819. Total Indices: 6
  820. Total Shards: 26
  821. Total Documents: 532
  822. Total Size: 1MB
  823. Free Memory: 4%
  824. Total Number of Events: 532
  825. Avg. Event Size (In Bytes): 3730
  826.  
  827. CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
  828. 0eaeea57cf6c so-elasticsearch 0.30% 970.8MiB / 2.92GiB 32.46% 9.1MB / 2.22MB 73.8MB / 10MB 38
  829.  
  830. =========================================================================
  831. Logstash
  832. =========================================================================
  833.  
  834. Logstash is not running.
  835.  
  836. Try starting it with:
  837.  
  838. 'sudo so-elastic-start'
  839. OR
  840. 'sudo docker start so-logstash'
  841.  
  842.  
  843. If that does not work, try checking /var/log/logstash/logstash.log for clues.
  844.  
  845. =========================================================================
  846. Kibana
  847. =========================================================================
  848.  
  849. Kibana is running.
  850.  
  851. CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
  852. a5ad18aedd36 so-kibana 1.63% 64.75MiB / 2.92GiB 2.17% 9.76MB / 17.2MB 162MB / 53.2kB 10
  853.  
  854. =========================================================================
  855. ElastAlert
  856. =========================================================================
  857.  
  858. ElastAlert is running.
  859.  
  860. CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
  861. 2b27abf540bd so-elastalert 0.03% 20.45MiB / 2.92GiB 0.68% 100kB / 126kB 62.7MB / 16.4kB 2
  862.  
  863. =========================================================================
  864. Curator
  865. =========================================================================
  866.  
  867. Curator is running.
  868.  
  869. CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
  870. 2adb19d0a241 so-curator 0.00% 32KiB / 2.92GiB 0.00% 310kB / 47kB 74.6MB / 0B 1
  871.  
  872. =========================================================================
  873. Freq Server
  874. =========================================================================
  875.  
  876. Freq_server is running.
  877.  
  878. CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
  879. 9f10032d2013 so-freqserver 0.16% 1.098MiB / 2.92GiB 0.04% 24.4kB / 0B 13.7MB / 0B 2
  880.  
  881. Testing freq_server now...
  882.  
  883. Freq Server is working.
  884.  
  885. =========================================================================
  886. Version Information
  887. =========================================================================
  888.  
  889. Ubuntu 14.04.5 LTS
  890. securityonion-sostat 20120722-0ubuntu0securityonion95
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!