API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 8th, 2019
156
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.60 KB | None | 0 0
raw download clone embed print report
  1. C:\Users\Administrator>"C:\Program Files\Winlogbeat\winlogbeat.exe" -c "C:\Program Files\Winlogbeat\winlogbeat.yml" -path.home "C:\Program Files\Winlogbeat" -path.data "C:\ProgramData\winlogbeat" -e -d "*"
  2. 2019-08-08T11:33:29.374+0200 INFO instance/beat.go:606 Home path: [C:\Program Files\Winlogbeat] Config path: [C:\Program Files\Winlogbeat] Data path: [C:\ProgramData\winlogbeat] Logs path: [C:\Program Files\Winlogbeat\logs]
  3. 2019-08-08T11:33:29.378+0200 DEBUG [beat] instance/beat.go:658 Beat metadata path: C:\ProgramData\winlogbeat\meta.json
  4. 2019-08-08T11:33:29.383+0200 INFO instance/beat.go:614 Beat ID: 1e5dde95-86fc-4c86-9625-347ec1c7a07a
  5. 2019-08-08T11:33:29.411+0200 DEBUG [filters] add_cloud_metadata/add_cloud_metadata.go:164 add_cloud_metadata: starting to fetch metadata, timeout=3s
  6. 2019-08-08T11:33:29.430+0200 DEBUG [filters] add_cloud_metadata/add_cloud_metadata.go:196 add_cloud_metadata: received disposition for qcloud after 16.0268ms. result=[provider:qcloud, error=failed requesting qcloud metadata: Get http://metadata.tencentyun.com/meta-data/placement/zone: dial tcp: lookup metadata.tencentyun.com: no such host, metadata={}]
  7. 2019-08-08T11:33:32.415+0200 DEBUG [filters] add_cloud_metadata/add_cloud_metadata.go:203 add_cloud_metadata: timed-out waiting for all responses
  8. 2019-08-08T11:33:32.415+0200 DEBUG [filters] add_cloud_metadata/add_cloud_metadata.go:167 add_cloud_metadata: fetchMetadata ran for 3.0008446s
  9. 2019-08-08T11:33:32.417+0200 INFO add_cloud_metadata/add_cloud_metadata.go:347 add_cloud_metadata: hosting provider type not detected.
  10. 2019-08-08T11:33:32.417+0200 DEBUG [processors] processors/processor.go:93 Generated new processors: add_host_metadata=[netinfo.enabled=[false], cache.ttl=[5m0s]], add_cloud_metadata=null
  11. 2019-08-08T11:33:32.418+0200 DEBUG [seccomp] seccomp/seccomp.go:96 Syscall filtering is only supported on Linux
  12. 2019-08-08T11:33:32.420+0200 INFO [beat] instance/beat.go:902 Beat info {"system_info": {"beat": {"path": {"config": "C:\\Program Files\\Winlogbeat", "data": "C:\\ProgramData\\winlogbeat", "home": "C:\\Program Files\\Winlogbeat", "logs": "C:\\Program Files\\Winlogbeat\\logs"}, "type": "winlogbeat", "uuid": "1e5dde95-86fc-4c86-9625-347ec1c7a07a"}}}
  13. 2019-08-08T11:33:32.421+0200 INFO [beat] instance/beat.go:911 Build info {"system_info": {"build": {"commit": "6f0ec01a0e57fe7d4fd703b017fb5a2f6448d097", "libbeat": "7.3.0", "time": "2019-07-24T17:45:51.000Z", "version": "7.3.0"}}}
  14. 2019-08-08T11:33:32.421+0200 INFO [beat] instance/beat.go:914 Go runtime info {"system_info": {"go": {"os":"windows","arch":"amd64","max_procs":4,"version":"go1.12.4"}}}
  15. 2019-08-08T11:33:32.441+0200 INFO [beat] instance/beat.go:918 Host info {"system_info": {"host": {"architecture":"x86_64","boot_time":"2019-08-08T10:52:35.03+02:00","name":"MDT-01","ip":["fe80::c02a:2b35:585a:1905/64","10.134.240.110/24","::1/128","127.0.0.1/8"],"kernel_version":"10.0.17763.615 (WinBuild.160101.0800)","mac":["00:50:56:86:6f:90"],"os":{"family":"windows","platform":"windows","name":"Windows Server 2019 Datacenter","version":"10.0","major":10,"minor":0,"patch":0,"build":"17763.615"},"timezone":"CEST","timezone_offset_sec":7200,"id":"c9408118-ac9f-4672-b64c-7fee9268818d"}}}
  16. 2019-08-08T11:33:32.455+0200 INFO [beat] instance/beat.go:947 Process info {"system_info": {"process": {"cwd": "C:\\Users\\Administrator", "exe": "C:\\Program Files\\winlogbeat\\winlogbeat.exe", "name": "winlogbeat.exe", "pid": 3308, "ppid": 2544, "start_time": "2019-08-08T11:33:29.234+0200"}}}
  17. 2019-08-08T11:33:32.456+0200 INFO instance/beat.go:292 Setup Beat: winlogbeat; Version: 7.3.0
  18. 2019-08-08T11:33:32.456+0200 DEBUG [beat] instance/beat.go:318 Initializing output plugins
  19. 2019-08-08T11:33:32.458+0200 DEBUG [publisher] pipeline/consumer.go:137 start pipeline event consumer
  20. 2019-08-08T11:33:32.459+0200 INFO [publisher] pipeline/module.go:97 Beat name: MDT-01
  21. 2019-08-08T11:33:32.459+0200 INFO beater/winlogbeat.go:69 State will be read from and persisted to C:\ProgramData\winlogbeat\.winlogbeat.yml
  22. 2019-08-08T11:33:32.460+0200 DEBUG [eventlog] eventlog/factory.go:147 Using highest priority API, wineventlog, for event log Application
  23. 2019-08-08T11:33:32.461+0200 DEBUG [winlogbeat] beater/winlogbeat.go:96 Initialized EventLog[Application]
  24. 2019-08-08T11:33:32.461+0200 DEBUG [eventlog] eventlog/factory.go:147 Using highest priority API, wineventlog, for event log System
  25. 2019-08-08T11:33:32.462+0200 DEBUG [winlogbeat] beater/winlogbeat.go:96 Initialized EventLog[System]
  26. 2019-08-08T11:33:32.469+0200 DEBUG [eventlog] eventlog/factory.go:147 Using highest priority API, wineventlog, for event log Security
  27. 2019-08-08T11:33:32.470+0200 DEBUG [winlogbeat] beater/winlogbeat.go:96 Initialized EventLog[Security]
  28. 2019-08-08T11:33:32.473+0200 DEBUG [processor.javascript] javascript/session.go:108 Registering module _type_mapstr with the Javascript runtime.
  29. 2019-08-08T11:33:32.474+0200 DEBUG [processor.javascript] javascript/session.go:108 Registering module require with the Javascript runtime.
  30. 2019-08-08T11:33:32.482+0200 DEBUG [processors] processors/processor.go:93 Generated new processors: script=[type=javascript, id=, sources=C:\Program Files\Winlogbeat/module/security/config/winlogbeat-security.js]
  31. 2019-08-08T11:33:32.487+0200 DEBUG [eventlog] eventlog/factory.go:147 Using highest priority API, wineventlog, for event log Microsoft-Windows-Sysmon/Operational
  32. 2019-08-08T11:33:32.488+0200 DEBUG [winlogbeat] beater/winlogbeat.go:96 Initialized EventLog[Microsoft-Windows-Sysmon/Operational]
  33. 2019-08-08T11:33:32.500+0200 DEBUG [processor.javascript] javascript/session.go:108 Registering module _type_mapstr with the Javascript runtime.
  34. 2019-08-08T11:33:32.501+0200 DEBUG [processor.javascript] javascript/session.go:108 Registering module require with the Javascript runtime.
  35. 2019-08-08T11:33:32.521+0200 DEBUG [processors] processors/processor.go:93 Generated new processors: script=[type=javascript, id=, sources=C:\Program Files\Winlogbeat/module/sysmon/config/winlogbeat-sysmon.js]
  36. 2019-08-08T11:33:32.522+0200 INFO instance/beat.go:421 winlogbeat start running.
  37. 2019-08-08T11:33:32.522+0200 INFO [monitoring] log/log.go:118 Starting metrics logging every 30s
  38. 2019-08-08T11:33:32.524+0200 DEBUG [service] service/service_windows.go:72 Windows is interactive: true
  39. 2019-08-08T11:33:32.549+0200 DEBUG [eventlog] eventlog/wineventlog.go:181 WinEventLog[Application] using subscription query=<QueryList>
  40. <Query Id="0">
  41. <Select Path="Application">*[System[TimeCreated[timediff(@SystemTime) &lt;= 259200000]]]</Select>
  42. </Query>
  43. </QueryList>
  44. 2019-08-08T11:33:32.549+0200 DEBUG [eventlog] eventlog/wineventlog.go:181 WinEventLog[Microsoft-Windows-Sysmon/Operational] using subscription query=<QueryList>
  45. <Query Id="0">
  46. <Select Path="Microsoft-Windows-Sysmon/Operational">*</Select>
  47. </Query>
  48. </QueryList>
  49. 2019-08-08T11:33:32.549+0200 DEBUG [eventlog] eventlog/wineventlog.go:181 WinEventLog[Security] using subscription query=<QueryList>
  50. <Query Id="0">
  51. <Select Path="Security">*</Select>
  52. </Query>
  53. </QueryList>
  54. 2019-08-08T11:33:32.549+0200 DEBUG [eventlog] eventlog/wineventlog.go:181 WinEventLog[System] using subscription query=<QueryList>
  55. <Query Id="0">
  56. <Select Path="System">*</Select>
  57. </Query>
  58. </QueryList>
  59. 2019-08-08T11:33:32.552+0200 DEBUG [winlogbeat] beater/eventlogger.go:121 EventLog[Application] opened successfully
  60. 2019-08-08T11:33:32.554+0200 WARN beater/eventlogger.go:108 EventLog[Microsoft-Windows-Sysmon/Operational] Open() error. No events will be read from this source. The specified channel could not be found.
  61. 2019-08-08T11:33:32.556+0200 DEBUG [winlogbeat] beater/eventlogger.go:121 EventLog[Security] opened successfully
  62. 2019-08-08T11:33:32.558+0200 DEBUG [winlogbeat] beater/eventlogger.go:121 EventLog[System] opened successfully
  63. 2019-08-08T11:33:32.559+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Application] No more events
  64. 2019-08-08T11:33:32.560+0200 DEBUG [publisher] pipeline/client.go:149 client: closing acker
  65. 2019-08-08T11:33:32.578+0200 DEBUG [publisher] pipeline/client.go:151 client: done closing acker
  66. 2019-08-08T11:33:32.562+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Security] No more events
  67. 2019-08-08T11:33:32.575+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:245 WinEventLog[System] EventHandles returned 1 handles
  68. 2019-08-08T11:33:32.577+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Application] Read() returned 0 records
  69. 2019-08-08T11:33:32.579+0200 DEBUG [publisher] pipeline/client.go:155 client: cancelled 0 events
  70. 2019-08-08T11:33:32.581+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Security] Read() returned 0 records
  71. 2019-08-08T11:33:32.582+0200 DEBUG [eventlog] eventlog/cache.go:86 messageFilesCache[System] size=1
  72. 2019-08-08T11:33:32.606+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:346 WinEventLog[System] XML=<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{555908d1-a6d7-4695-8e1e-26931d2012f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7036</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2019-08-08T09:33:20.734172900Z'/><EventRecordID>70742</EventRecordID><Correlation/><Execution ProcessID='752' ThreadID='9244'/><Channel>System</Channel><Computer>MDT-01.intra.crailsheim.de</Computer><Security/></System><EventData><Data Name='param1'>Network Setup Service</Data><Data Name='param2'>running</Data><Binary>4E0065007400530065007400750070005300760063002F0034000000</Binary></EventData><RenderingInfo Culture='de-DE'><Message>The Network Setup Service service entered the running state.</Message><Level>Information</Level><Task></Task><Opcode></Opcode><Channel></Channel><Provider>Microsoft-Windows-Service Control Manager</Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event> Event={Provider:{Name:Service Control Manager GUID:{555908d1-a6d7-4695-8e1e-26931d2012f4} EventSourceName:Service Control Manager} EventIdentifier:{Qualifiers:16384 ID:7036} Version:0 LevelRaw:4 TaskRaw:0 OpcodeRaw:0 TimeCreated:{SystemTime:2019-08-08 09:33:20.7341729 +0000 UTC} RecordID:70742 Correlation:{ActivityID: RelatedActivityID:} Execution:{ProcessID:752 ThreadID:9244 ProcessorID:0 SessionID:0 KernelTime:0 UserTime:0 ProcessorTime:0} Channel:System Computer:MDT-01.intra.crailsheim.de User:SID Identifier[] Name[] Domain[] Type[] EventData:{Pairs:[{Key:param1 Value:Network Setup Service} {Key:param2 Value:running} {Key:Binary Value:4E0065007400530065007400750070005300760063002F0034000000}]} UserData:{Name:{Space: Local:} Pairs:[]} Message:The Network Setup Service service entered the running state. Level:Information Task: Opcode: Keywords:[Classic] RenderErrorCode:0 RenderErrorDataItemName: RenderErr:[]}
  73. 2019-08-08T11:33:32.615+0200 DEBUG [eventlog] eventlog/wineventlog.go:277 WinEventLog[System] Read() is returning 1 records
  74. 2019-08-08T11:33:32.616+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[System] Read() returned 1 records
  75. 2019-08-08T11:33:32.618+0200 DEBUG [processors] processing/processors.go:183 Publish event: {
  76. "@timestamp": "2019-08-08T09:33:20.734Z",
  77. "@metadata": {
  78. "beat": "winlogbeat",
  79. "type": "_doc",
  80. "version": "7.3.0"
  81. },
  82. "winlog": {
  83. "record_id": 70742,
  84. "process": {
  85. "pid": 752,
  86. "thread": {
  87. "id": 9244
  88. }
  89. },
  90. "event_data": {
  91. "param1": "Network Setup Service",
  92. "param2": "running",
  93. "Binary": "4E0065007400530065007400750070005300760063002F0034000000"
  94. },
  95. "event_id": 7036,
  96. "provider_name": "Service Control Manager",
  97. "task": "",
  98. "api": "wineventlog",
  99. "computer_name": "MDT-01.intra.crailsheim.de",
  100. "channel": "System",
  101. "keywords": [
  102. "Classic"
  103. ],
  104. "provider_guid": "{555908d1-a6d7-4695-8e1e-26931d2012f4}"
  105. },
  106. "ecs": {
  107. "version": "1.0.1"
  108. },
  109. "host": {
  110. "name": "MDT-01",
  111. "id": "c9408118-ac9f-4672-b64c-7fee9268818d",
  112. "hostname": "MDT-01",
  113. "architecture": "x86_64",
  114. "os": {
  115. "kernel": "10.0.17763.615 (WinBuild.160101.0800)",
  116. "build": "17763.615",
  117. "platform": "windows",
  118. "version": "10.0",
  119. "family": "windows",
  120. "name": "Windows Server 2019 Datacenter"
  121. }
  122. },
  123. "agent": {
  124. "ephemeral_id": "749d79b8-e4db-4325-9817-91632dc16475",
  125. "hostname": "MDT-01",
  126. "id": "1e5dde95-86fc-4c86-9625-347ec1c7a07a",
  127. "version": "7.3.0",
  128. "type": "winlogbeat"
  129. },
  130. "event": {
  131. "code": 7036,
  132. "created": "2019-08-08T09:33:32.618Z",
  133. "kind": "event"
  134. },
  135. "log": {
  136. "level": "information"
  137. },
  138. "message": "The Network Setup Service service entered the running state."
  139. }
  140. 2019-08-08T11:33:32.626+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[System] No more events
  141. 2019-08-08T11:33:32.648+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[System] Read() returned 0 records
  142. 2019-08-08T11:33:33.583+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Application] No more events
  143. 2019-08-08T11:33:33.584+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Application] Read() returned 0 records
  144. 2019-08-08T11:33:33.600+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Security] No more events
  145. 2019-08-08T11:33:33.602+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Security] Read() returned 0 records
  146. 2019-08-08T11:33:33.626+0200 INFO pipeline/output.go:95 Connecting to backoff(async(tcp://elk.intra.crailsheim.de:5044))
  147. 2019-08-08T11:33:33.626+0200 DEBUG [logstash] logstash/async.go:111 connect
  148. 2019-08-08T11:33:33.649+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[System] No more events
  149. 2019-08-08T11:33:33.652+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[System] Read() returned 0 records
  150. 2019-08-08T11:33:33.799+0200 INFO pipeline/output.go:105 Connection to backoff(async(tcp://elk.intra.crailsheim.de:5044)) established
  151. 2019-08-08T11:33:33.806+0200 DEBUG [logstash] logstash/async.go:159 1 events out of 1 events sent to logstash host elk.intra.crailsheim.de:5044. Continue sending
  152. 2019-08-08T11:33:33.821+0200 DEBUG [publisher] memqueue/ackloop.go:160 ackloop: receive ack [0: 0, 1]
  153. 2019-08-08T11:33:33.825+0200 DEBUG [publisher] memqueue/eventloop.go:535 broker ACK events: count=1, start-seq=1, end-seq=1
  154.  
  155. 2019-08-08T11:33:33.827+0200 DEBUG [publisher] memqueue/ackloop.go:128 ackloop: return ack to broker loop:1
  156. 2019-08-08T11:33:33.828+0200 DEBUG [publisher] memqueue/ackloop.go:131 ackloop: done send ack
  157. 2019-08-08T11:33:33.827+0200 INFO beater/eventlogger.go:76 EventLog[System] successfully published 1 events
  158. 2019-08-08T11:33:34.592+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Application] No more events
  159. 2019-08-08T11:33:34.593+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Application] Read() returned 0 records
  160. 2019-08-08T11:33:34.605+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Security] No more events
  161. 2019-08-08T11:33:34.605+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Security] Read() returned 0 records
  162. 2019-08-08T11:33:34.655+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[System] No more events
  163. 2019-08-08T11:33:34.656+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[System] Read() returned 0 records
  164. 2019-08-08T11:33:35.602+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Application] No more events
  165. 2019-08-08T11:33:35.603+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Application] Read() returned 0 records
  166. 2019-08-08T11:33:35.608+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Security] No more events
  167. 2019-08-08T11:33:35.615+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Security] Read() returned 0 records
  168. 2019-08-08T11:33:35.667+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[System] No more events
  169. 2019-08-08T11:33:35.667+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[System] Read() returned 0 records
  170. 2019-08-08T11:33:36.613+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Application] No more events
  171. 2019-08-08T11:33:36.614+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Application] Read() returned 0 records
  172. 2019-08-08T11:33:36.617+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Security] No more events
  173. 2019-08-08T11:33:36.624+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Security] Read() returned 0 records
  174. 2019-08-08T11:33:36.680+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[System] No more events
  175. 2019-08-08T11:33:36.681+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[System] Read() returned 0 records
  176. 2019-08-08T11:33:37.566+0200 DEBUG [checkpoint] checkpoint/checkpoint.go:204 Checkpoint saved to disk. numUpdates=1
  177. 2019-08-08T11:33:37.624+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Application] No more events
  178. 2019-08-08T11:33:37.626+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Application] Read() returned 0 records
  179. 2019-08-08T11:33:37.627+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Security] No more events
  180. 2019-08-08T11:33:37.667+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Security] Read() returned 0 records
  181. 2019-08-08T11:33:37.698+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[System] No more events
  182. 2019-08-08T11:33:37.715+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[System] Read() returned 0 records
  183. 2019-08-08T11:33:38.667+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Application] No more events
  184. 2019-08-08T11:33:38.668+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Application] Read() returned 0 records
  185. 2019-08-08T11:33:38.715+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Security] No more events
  186. 2019-08-08T11:33:38.715+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Security] Read() returned 0 records
  187. 2019-08-08T11:33:38.735+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[System] No more events
  188. 2019-08-08T11:33:38.739+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[System] Read() returned 0 records
  189. 2019-08-08T11:33:39.673+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Application] No more events
  190. 2019-08-08T11:33:39.674+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Application] Read() returned 0 records
  191. 2019-08-08T11:33:39.722+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Security] No more events
  192. 2019-08-08T11:33:39.723+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Security] Read() returned 0 records
  193. 2019-08-08T11:33:39.742+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[System] No more events
  194. 2019-08-08T11:33:39.742+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[System] Read() returned 0 records
  195. 2019-08-08T11:33:40.683+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Application] No more events
  196. 2019-08-08T11:33:40.683+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Application] Read() returned 0 records
  197. 2019-08-08T11:33:40.740+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Security] No more events
  198. 2019-08-08T11:33:40.741+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Security] Read() returned 0 records
  199. 2019-08-08T11:33:40.746+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[System] No more events
  200. 2019-08-08T11:33:40.753+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[System] Read() returned 0 records
  201. 2019-08-08T11:33:41.692+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Application] No more events
  202. 2019-08-08T11:33:41.693+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Application] Read() returned 0 records
  203. 2019-08-08T11:33:41.752+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Security] No more events
  204. 2019-08-08T11:33:41.753+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Security] Read() returned 0 records
  205. 2019-08-08T11:33:41.756+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[System] No more events
  206. 2019-08-08T11:33:41.766+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[System] Read() returned 0 records
  207. 2019-08-08T11:33:42.700+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Application] No more events
  208. 2019-08-08T11:33:42.701+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Application] Read() returned 0 records
  209. 2019-08-08T11:33:42.765+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Security] No more events
  210. 2019-08-08T11:33:42.766+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Security] Read() returned 0 records
  211. 2019-08-08T11:33:42.767+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[System] No more events
  212. 2019-08-08T11:33:42.776+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[System] Read() returned 0 records
  213. 2019-08-08T11:33:43.708+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Application] No more events
  214. 2019-08-08T11:33:43.708+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Application] Read() returned 0 records
  215. 2019-08-08T11:33:43.774+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[Security] No more events
  216. 2019-08-08T11:33:43.774+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[Security] Read() returned 0 records
  217. 2019-08-08T11:33:43.776+0200 DEBUG [eventlog_detail] eventlog/wineventlog.go:296 WinEventLog[System] No more events
  218. 2019-08-08T11:33:43.778+0200 DEBUG [winlogbeat] beater/eventlogger.go:142 EventLog[System] Read() returned 0 records
  219. 2019-08-08T11:33:44.707+0200 DEBUG [service] service/service.go:53 Received sigterm/sigint, stopping
  220. 2019-08-08T11:33:44.708+0200 INFO beater/winlogbeat.go:169 Stopping Winlogbeat
  221. 2019-08-08T11:33:44.707+0200 DEBUG [service] service/service.go:64 Received svc stop/shutdown request
  222. 2019-08-08T11:33:44.715+0200 DEBUG [publisher] pipeline/client.go:149 client: closing acker
  223. 2019-08-08T11:33:44.720+0200 DEBUG [publisher] pipeline/client.go:151 client: done closing acker
  224. 2019-08-08T11:33:44.715+0200 DEBUG [publisher] pipeline/client.go:149 client: closing acker
  225. 2019-08-08T11:33:44.715+0200 DEBUG [publisher] pipeline/client.go:149 client: closing acker
  226. 2019-08-08T11:33:44.715+0200 INFO beater/eventlogger.go:113 EventLog[Application] Stop processing.
  227. 2019-08-08T11:33:44.722+0200 DEBUG [publisher] pipeline/client.go:155 client: cancelled 0 events
  228. 2019-08-08T11:33:44.730+0200 DEBUG [publisher] pipeline/client.go:151 client: done closing acker
  229. 2019-08-08T11:33:44.732+0200 DEBUG [publisher] pipeline/client.go:151 client: done closing acker
  230. 2019-08-08T11:33:44.735+0200 DEBUG [eventlog] eventlog/wineventlog.go:282 WinEventLog[Application] Closing handle
  231. 2019-08-08T11:33:44.739+0200 DEBUG [publisher] pipeline/client.go:155 client: cancelled 0 events
  232. 2019-08-08T11:33:44.750+0200 DEBUG [publisher] pipeline/client.go:155 client: cancelled 0 events
  233. 2019-08-08T11:33:44.777+0200 INFO beater/eventlogger.go:113 EventLog[Security] Stop processing.
  234. 2019-08-08T11:33:44.777+0200 DEBUG [eventlog] eventlog/wineventlog.go:282 WinEventLog[Security] Closing handle
  235. 2019-08-08T11:33:44.785+0200 INFO beater/eventlogger.go:113 EventLog[System] Stop processing.
  236. 2019-08-08T11:33:44.797+0200 DEBUG [eventlog] eventlog/wineventlog.go:282 WinEventLog[System] Closing handle
  237. 2019-08-08T11:33:44.809+0200 INFO [monitoring] log/log.go:153 Total non-zero metrics {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":171,"time":{"ms":171}},"total":{"ticks":358,"time":{"ms":358},"value":358},"user":{"ticks":187,"time":{"ms":187}}},"handles":{"open":358},"info":{"ephemeral_id":"749d79b8-e4db-4325-9817-91632dc16475","uptime":{"ms":15502}},"memstats":{"gc_next":8719504,"memory_alloc":4544624,"memory_total":8553920,"rss":28524544},"runtime":{"goroutines":16}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":1,"batches":1,"total":1},"read":{"bytes":4421},"type":"logstash","write":{"bytes":1082}},"pipeline":{"clients":0,"events":{"active":0,"published":1,"retry":1,"total":1},"queue":{"acked":1}}},"msg_file_cache":{"SystemMisses":1,"SystemSize":1},"published_events":{"System":1,"total":1},"system":{"cpu":{"cores":4}}}}}
  238. 2019-08-08T11:33:44.811+0200 INFO [monitoring] log/log.go:154 Uptime: 15.5065337s
  239. 2019-08-08T11:33:44.813+0200 INFO [monitoring] log/log.go:131 Stopping metrics logging.
  240. 2019-08-08T11:33:44.815+0200 INFO instance/beat.go:431 winlogbeat stopped.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!