(standard_in) 1: syntax error(standard_in) 1: syntax error % Total % Rec

1. (standard_in) 1: syntax error
2. (standard_in) 1: syntax error
3. % Total % Received % Xferd Average Speed Time Time Time Current
4. Dload Upload Total Spent Left Speed
5.  
6. 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
7. 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
8. 100 13 0 13 0 0 6 0 --:--:-- 0:00:01 --:--:-- 6
9. 100 13 0 13 0 0 6 0 --:--:-- 0:00:01 --:--:-- 6
10. % Total % Received % Xferd Average Speed Time Time Time Current
11. Dload Upload Total Spent Left Speed
12.  
13. 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
14. 100 1 0 1 0 0 2 0 --:--:-- --:--:-- --:--:-- 2
15. =========================================================================
16. Service Status
17. =========================================================================
18. Status: securityonion
19. * SO-user server[ OK ]
20. Status: HIDS
21. * ossec_agent (SO-user)[ OK ]
22. Status: Bro
23. Name Type Host Status Pid Started
24. manager manager localhost running 3716 19 Sep 12:12:53
25. proxy proxy localhost running 3901 19 Sep 12:12:55
26. securityonion-eth5-1 worker localhost running 6040 19 Sep 12:12:57
27. securityonion-eth5-2 worker localhost running 6063 19 Sep 12:12:57
28. securityonion-eth5-3 worker localhost running 6079 19 Sep 12:12:57
29. securityonion-eth5-4 worker localhost running 6096 19 Sep 12:12:57
30. securityonion-eth5-5 worker localhost running 6080 19 Sep 12:12:57
31. securityonion-eth5-6 worker localhost running 6108 19 Sep 12:12:57
32. securityonion-eth5-7 worker localhost running 6112 19 Sep 12:12:57
33. securityonion-eth5-8 worker localhost running 6134 19 Sep 12:12:57
34. securityonion-eth5-9 worker localhost running 6124 19 Sep 12:12:57
35. securityonion-eth5-10 worker localhost running 6141 19 Sep 12:12:57
36. securityonion-eth5-11 worker localhost running 6138 19 Sep 12:12:57
37. securityonion-eth5-12 worker localhost running 6140 19 Sep 12:12:57
38. securityonion-eth5-13 worker localhost running 6151 19 Sep 12:12:57
39. securityonion-eth5-14 worker localhost running 6152 19 Sep 12:12:57
40. securityonion-eth5-15 worker localhost running 6153 19 Sep 12:12:57
41. Status: securityonion-eth5
42. * netsniff-ng (full packet data)[ OK ]
43. * pcap_agent (SO-user)[ OK ]
44. * snort_agent-1 (SO-user)[ OK ]
45. * snort_agent-2 (SO-user)[ OK ]
46. * snort_agent-3 (SO-user)[ OK ]
47. * snort_agent-4 (SO-user)[ OK ]
48. * snort_agent-5 (SO-user)[ OK ]
49. * snort_agent-6 (SO-user)[ OK ]
50. * snort_agent-7 (SO-user)[ OK ]
51. * snort_agent-8 (SO-user)[ OK ]
52. * snort_agent-9 (SO-user)[ OK ]
53. * snort_agent-10 (SO-user)[ OK ]
54. * snort_agent-11 (SO-user)[ OK ]
55. * snort_agent-12 (SO-user)[ OK ]
56. * snort_agent-13 (SO-user)[ OK ]
57. * snort_agent-14 (SO-user)[ OK ]
58. * snort_agent-15 (SO-user)[ OK ]
59. * snort-1 (alert data)[ OK ]
60. * snort-2 (alert data)[ OK ]
61. * snort-3 (alert data)[ OK ]
62. * snort-4 (alert data)[ OK ]
63. * snort-5 (alert data)[ OK ]
64. * snort-6 (alert data)[ OK ]
65. * snort-7 (alert data)[ OK ]
66. * snort-8 (alert data)[ OK ]
67. * snort-9 (alert data)[ OK ]
68. * snort-10 (alert data)[ OK ]
69. * snort-11 (alert data)[ OK ]
70. * snort-12 (alert data)[ OK ]
71. * snort-13 (alert data)[ OK ]
72. * snort-14 (alert data)[ OK ]
73. * snort-15 (alert data)[ OK ]
74. * barnyard2-1 (spooler, unified2 format)[ OK ]
75. * barnyard2-2 (spooler, unified2 format)[ OK ]
76. * barnyard2-3 (spooler, unified2 format)[ OK ]
77. * barnyard2-4 (spooler, unified2 format)[ OK ]
78. * barnyard2-5 (spooler, unified2 format)[ OK ]
79. * barnyard2-6 (spooler, unified2 format)[ OK ]
80. * barnyard2-7 (spooler, unified2 format)[ OK ]
81. * barnyard2-8 (spooler, unified2 format)[ OK ]
82. * barnyard2-9 (spooler, unified2 format)[ OK ]
83. * barnyard2-10 (spooler, unified2 format)[ OK ]
84. * barnyard2-11 (spooler, unified2 format)[ OK ]
85. * barnyard2-12 (spooler, unified2 format)[ OK ]
86. * barnyard2-13 (spooler, unified2 format)[ OK ]
87. * barnyard2-14 (spooler, unified2 format)[ OK ]
88. * barnyard2-15 (spooler, unified2 format)[ OK ]
89. * http_agent (SO-user)[ OK ]
90.  
91. =========================================================================
92. Interface Status
93. =========================================================================
94. docker0 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
95. inet addr:X.X.X.X Bcast:X.X.X.X Mask:X.X.X.X
96. inet6 addr: X.X.X.X/64 Scope:Link
97. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
98. RX packets:44904 errors:0 dropped:0 overruns:0 frame:0
99. TX packets:46065 errors:0 dropped:0 overruns:0 carrier:0
100. collisions:0 txqueuelen:0
101. RX bytes:2677645 (2.6 MB) TX bytes:6658691 (6.6 MB)
102.  
103. eth0 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
104. inet addr:X.X.X.X Bcast:X.X.X.X Mask:X.X.X.X
105. inet6 addr: X.X.X.X/64 Scope:Link
106. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
107. RX packets:81829 errors:0 dropped:0 overruns:0 frame:0
108. TX packets:92603 errors:0 dropped:0 overruns:0 carrier:0
109. collisions:0 txqueuelen:1000
110. RX bytes:6365355 (6.3 MB) TX bytes:34054024 (34.0 MB)
111. Interrupt:26
112.  
113. eth5 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
114. UP BROADCAST RUNNING NOARP PROMISC MULTICAST MTU:1500 Metric:1
115. RX packets:225922888 errors:0 dropped:0 overruns:102912 frame:0
116. TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
117. collisions:0 txqueuelen:1000
118. RX bytes:169288373994 (169.2 GB) TX bytes:0 (0.0 B)
119. Memory:f77c0000-f77dffff
120.  
121. lo Link encap:Local Loopback
122. inet addr:X.X.X.X Mask:X.X.X.X
123. inet6 addr: X.X.X.X/128 Scope:Host
124. UP LOOPBACK RUNNING MTU:65536 Metric:1
125. RX packets:1719581 errors:0 dropped:0 overruns:0 frame:0
126. TX packets:1719581 errors:0 dropped:0 overruns:0 carrier:0
127. collisions:0 txqueuelen:1
128. RX bytes:1860154800 (1.8 GB) TX bytes:1860154800 (1.8 GB)
129.  
130. veth27ff45f Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
131. inet6 addr: X.X.X.X/64 Scope:Link
132. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
133. RX packets:1914 errors:0 dropped:0 overruns:0 frame:0
134. TX packets:3028 errors:0 dropped:0 overruns:0 carrier:0
135. collisions:0 txqueuelen:0
136. RX bytes:132680 (132.6 KB) TX bytes:3503735 (3.5 MB)
137.  
138. veth2cfc8f0 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
139. inet6 addr: X.X.X.X/64 Scope:Link
140. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
141. RX packets:34323 errors:0 dropped:0 overruns:0 frame:0
142. TX packets:34370 errors:0 dropped:0 overruns:0 carrier:0
143. collisions:0 txqueuelen:0
144. RX bytes:2498046 (2.4 MB) TX bytes:2504196 (2.5 MB)
145.  
146. veth6219cc9 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
147. inet6 addr: X.X.X.X/64 Scope:Link
148. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
149. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
150. TX packets:84 errors:0 dropped:0 overruns:0 carrier:0
151. collisions:0 txqueuelen:0
152. RX bytes:0 (0.0 B) TX bytes:11966 (11.9 KB)
153.  
154. veth6df0aeb Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
155. inet6 addr: X.X.X.X/64 Scope:Link
156. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
157. RX packets:167 errors:0 dropped:0 overruns:0 frame:0
158. TX packets:249 errors:0 dropped:0 overruns:0 carrier:0
159. collisions:0 txqueuelen:0
160. RX bytes:28082 (28.0 KB) TX bytes:26106 (26.1 KB)
161.  
162. veth7306f14 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
163. inet6 addr: X.X.X.X/64 Scope:Link
164. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
165. RX packets:7212 errors:0 dropped:0 overruns:0 frame:0
166. TX packets:7290 errors:0 dropped:0 overruns:0 carrier:0
167. collisions:0 txqueuelen:0
168. RX bytes:557685 (557.6 KB) TX bytes:554793 (554.7 KB)
169.  
170. vethb6ace5d Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
171. inet6 addr: X.X.X.X/64 Scope:Link
172. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
173. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
174. TX packets:73 errors:0 dropped:0 overruns:0 carrier:0
175. collisions:0 txqueuelen:0
176. RX bytes:0 (0.0 B) TX bytes:10521 (10.5 KB)
177.  
178. vethc0c0c6a Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
179. inet6 addr: X.X.X.X/64 Scope:Link
180. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
181. RX packets:1288 errors:0 dropped:0 overruns:0 frame:0
182. TX packets:1336 errors:0 dropped:0 overruns:0 carrier:0
183. collisions:0 txqueuelen:0
184. RX bytes:89808 (89.8 KB) TX bytes:96102 (96.1 KB)
185.  
186.  
187. =========================================================================
188. Link Statistics
189. =========================================================================
190. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
191. link/loopback MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
192. RX: bytes packets errors dropped overrun mcast
193. 1860154905 1719582 0 0 0 0
194. RX errors: length crc frame fifo missed
195. 0 0 0 0 0
196. TX: bytes packets errors dropped carrier collsns
197. 1860154905 1719582 0 0 0 0
198. TX errors: aborted fifo window heartbeat
199. 0 0 0 0
200. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
201. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
202. RX: bytes packets errors dropped overrun mcast
203. 6365355 81829 0 0 0 5595
204. RX errors: length crc frame fifo missed
205. 0 0 0 0 0
206. TX: bytes packets errors dropped carrier collsns
207. 34054024 92603 0 0 0 0
208. TX errors: aborted fifo window heartbeat
209. 0 0 0 0
210. 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
211. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
212. RX: bytes packets errors dropped overrun mcast
213. 0 0 0 0 0 0
214. RX errors: length crc frame fifo missed
215. 0 0 0 0 0
216. TX: bytes packets errors dropped carrier collsns
217. 0 0 0 0 0 0
218. TX errors: aborted fifo window heartbeat
219. 0 0 0 0
220. 4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
221. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
222. RX: bytes packets errors dropped overrun mcast
223. 0 0 0 0 0 0
224. RX errors: length crc frame fifo missed
225. 0 0 0 0 0
226. TX: bytes packets errors dropped carrier collsns
227. 0 0 0 0 0 0
228. TX errors: aborted fifo window heartbeat
229. 0 0 0 0
230. 5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
231. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
232. RX: bytes packets errors dropped overrun mcast
233. 0 0 0 0 0 0
234. RX errors: length crc frame fifo missed
235. 0 0 0 0 0
236. TX: bytes packets errors dropped carrier collsns
237. 0 0 0 0 0 0
238. TX errors: aborted fifo window heartbeat
239. 0 0 0 0
240. 6: eth4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
241. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
242. RX: bytes packets errors dropped overrun mcast
243. 0 0 0 0 0 0
244. RX errors: length crc frame fifo missed
245. 0 0 0 0 0
246. TX: bytes packets errors dropped carrier collsns
247. 0 0 0 0 0 0
248. TX errors: aborted fifo window heartbeat
249. 0 0 0 0
250. 7: eth5: <BROADCAST,MULTICAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
251. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
252. RX: bytes packets errors dropped overrun mcast
253. 169288446250 225922985 0 0 0 5491
254. RX errors: length crc frame fifo missed
255. 0 0 0 102912 0
256. TX: bytes packets errors dropped carrier collsns
257. 0 0 0 0 0 0
258. TX errors: aborted fifo window heartbeat
259. 0 0 0 0
260. 8: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
261. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
262. RX: bytes packets errors dropped overrun mcast
263. 2677645 44904 0 0 0 0
264. RX errors: length crc frame fifo missed
265. 0 0 0 0 0
266. TX: bytes packets errors dropped carrier collsns
267. 6658691 46065 0 0 0 0
268. TX errors: aborted fifo window heartbeat
269. 0 0 0 0
270. 10: veth6219cc9@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
271. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
272. RX: bytes packets errors dropped overrun mcast
273. 0 0 0 0 0 0
274. RX errors: length crc frame fifo missed
275. 0 0 0 0 0
276. TX: bytes packets errors dropped carrier collsns
277. 11966 84 0 0 0 0
278. TX errors: aborted fifo window heartbeat
279. 0 0 0 0
280. 12: vethb6ace5d@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
281. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
282. RX: bytes packets errors dropped overrun mcast
283. 0 0 0 0 0 0
284. RX errors: length crc frame fifo missed
285. 0 0 0 0 0
286. TX: bytes packets errors dropped carrier collsns
287. 10521 73 0 0 0 0
288. TX errors: aborted fifo window heartbeat
289. 0 0 0 0
290. 14: veth6df0aeb@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
291. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
292. RX: bytes packets errors dropped overrun mcast
293. 28082 167 0 0 0 0
294. RX errors: length crc frame fifo missed
295. 0 0 0 0 0
296. TX: bytes packets errors dropped carrier collsns
297. 26106 249 0 0 0 0
298. TX errors: aborted fifo window heartbeat
299. 0 0 0 0
300. 16: veth27ff45f@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
301. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
302. RX: bytes packets errors dropped overrun mcast
303. 132680 1914 0 0 0 0
304. RX errors: length crc frame fifo missed
305. 0 0 0 0 0
306. TX: bytes packets errors dropped carrier collsns
307. 3503735 3028 0 0 0 0
308. TX errors: aborted fifo window heartbeat
309. 0 0 0 0
310. 18: veth7306f14@if17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
311. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
312. RX: bytes packets errors dropped overrun mcast
313. 557685 7212 0 0 0 0
314. RX errors: length crc frame fifo missed
315. 0 0 0 0 0
316. TX: bytes packets errors dropped carrier collsns
317. 554793 7290 0 0 0 0
318. TX errors: aborted fifo window heartbeat
319. 0 0 0 0
320. 20: veth2cfc8f0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
321. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
322. RX: bytes packets errors dropped overrun mcast
323. 2498046 34323 0 0 0 0
324. RX errors: length crc frame fifo missed
325. 0 0 0 0 0
326. TX: bytes packets errors dropped carrier collsns
327. 2504196 34370 0 0 0 0
328. TX errors: aborted fifo window heartbeat
329. 0 0 0 0
330. 22: vethc0c0c6a@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
331. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
332. RX: bytes packets errors dropped overrun mcast
333. 89808 1288 0 0 0 0
334. RX errors: length crc frame fifo missed
335. 0 0 0 0 0
336. TX: bytes packets errors dropped carrier collsns
337. 96102 1336 0 0 0 0
338. TX errors: aborted fifo window heartbeat
339. 0 0 0 0
340.  
341. =========================================================================
342. Disk Usage
343. =========================================================================
344. Filesystem Size Used Avail Use% Mounted on
345. udev 16G 4,0K 16G 1% /dev
346. tmpfs 3,2G 2,0M 3,2G 1% /run
347. /dev/sda1 244G 8,3G 223G 4% /
348. none 4,0K 0 4,0K 0% /sys/fs/cgroup
349. none 5,0M 0 5,0M 0% /run/lock
350. none 16G 2,5M 16G 1% /run/shm
351. none 100M 28K 100M 1% /run/user
352. /dev/sdb 2,2T 246G 1,8T 12% /nsm
353. none 244G 8,3G 223G 4% /var/lib/docker/aufs/mnt/a5d99d64894bd6c04d3d744d3ec4a76039085d9b1afc3c8852703252745842cb
354. shm 64M 0 64M 0% /var/lib/docker/containers/949e6698dea7ba79f467f5b19f3a2660937c4604c021a45525fba74af0604021/shm
355. none 244G 8,3G 223G 4% /var/lib/docker/aufs/mnt/dc0e4bb8e8929843ba1d7f249267c5c2f94bb040324474d5efac6608c8369902
356. shm 64M 0 64M 0% /var/lib/docker/containers/609c9bcb5a9a0e635472627377480418fae6ce97437ea5371bcd7404607c1f66/shm
357. none 244G 8,3G 223G 4% /var/lib/docker/aufs/mnt/f581ead38d71d98fba4a83002956239bbab8599af786d38c3ea2aacee23dde65
358. shm 64M 0 64M 0% /var/lib/docker/containers/81abd74f44d8245556d59793e662931953a6579264cbb751cc3d55e685d08866/shm
359. none 244G 8,3G 223G 4% /var/lib/docker/aufs/mnt/c95dc676103fb7c6436da8ca6bd209f26238130eec2558124d09ee0c0317d27b
360. shm 64M 0 64M 0% /var/lib/docker/containers/123d773694200c1b0da1662345a5b349b0487a6cee748f76b595d6ae9f8e4977/shm
361. none 244G 8,3G 223G 4% /var/lib/docker/aufs/mnt/d9c845e6a840423e926252d948b6bcad4a5ba3c3ce7c8541dde1ff33a13ec7c2
362. shm 64M 0 64M 0% /var/lib/docker/containers/f62e3a514bd009178f948dec9feb6c1cc7c14f41d4e2c23b456dbb747511a40e/shm
363. none 244G 8,3G 223G 4% /var/lib/docker/aufs/mnt/97c2515ba8541b2bd09a5d0e09ebff27312d97de3cc1914f840d91d241dd40f7
364. shm 64M 0 64M 0% /var/lib/docker/containers/e48987198190f16eb9299363bf6ba87381994a200006de215b582bd26e7f8a3a/shm
365. none 244G 8,3G 223G 4% /var/lib/docker/aufs/mnt/c6fed1ca13d844d332913f45fcfe1956ef52a28e8c9517117dcd42495b3cb343
366. shm 64M 0 64M 0% /var/lib/docker/containers/310badede7252463b052496e32ce744d54ed89982b3e7d62a51829fcf1b75b2c/shm
367.  
368. =========================================================================
369. Network Sockets
370. =========================================================================
371. COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
372. avahi-dae 1036 avahi 12u IPv4 38950 0t0 UDP *:5353
373. avahi-dae 1036 avahi 13u IPv6 38951 0t0 UDP *:5353
374. avahi-dae 1036 avahi 14u IPv4 38952 0t0 UDP *:36150
375. avahi-dae 1036 avahi 15u IPv6 38953 0t0 UDP *:38927
376. sshd 1911 root 3u IPv4 27751 0t0 TCP *:ssh_port (LISTEN)
377. sshd 1911 root 4u IPv6 27753 0t0 TCP *:ssh_port (LISTEN)
378. cups-brow 1972 root 6u IPv6 9765 0t0 TCP [X.X.X.X]:43372->[X.X.X.X]:631 (CLOSE_WAIT)
379. cups-brow 1972 root 8u IPv4 9767 0t0 UDP *:631
380. syslog-ng 2021 root 9u IPv4 32872 0t0 TCP *:514 (LISTEN)
381. syslog-ng 2021 root 10u IPv4 32873 0t0 UDP *:514
382. syslog-ng 2021 root 38u IPv4 52976 0t0 TCP X.X.X.X:43179->X.X.X.X:6050 (ESTABLISHED)
383. mysqld 2067 mysql 10u IPv4 42124 0t0 TCP X.X.X.X:3306 (LISTEN)
384. ossec-csy 2110 ossecm 5u IPv4 16562 0t0 UDP X.X.X.X:47552->X.X.X.X:514
385. ossec-rem 2133 ossecr 4u IPv4 24689 0t0 UDP *:1514
386. salt-mast 2168 root 12u IPv4 11451 0t0 TCP *:4505 (LISTEN)
387. salt-mast 2188 root 20u IPv4 30764 0t0 TCP *:4506 (LISTEN)
388. ntpd 3114 ntp 16u IPv4 17639 0t0 UDP *:123
389. ntpd 3114 ntp 17u IPv6 17640 0t0 UDP *:123
390. ntpd 3114 ntp 18u IPv4 17646 0t0 UDP X.X.X.X:123
391. ntpd 3114 ntp 19u IPv4 17647 0t0 UDP X.X.X.X:123
392. ntpd 3114 ntp 20u IPv4 17648 0t0 UDP X.X.X.X:123
393. ntpd 3114 ntp 21u IPv6 17649 0t0 UDP [X.X.X.X]:123
394. ntpd 3114 ntp 22u IPv6 17650 0t0 UDP [X.X.X.X]:123
395. ntpd 3114 ntp 24u IPv6 26944 0t0 UDP [X.X.X.X]:123
396. ntpd 3114 ntp 25u IPv6 26945 0t0 UDP [X.X.X.X]:123
397. ntpd 3114 ntp 26u IPv6 26946 0t0 UDP [X.X.X.X]:123
398. ntpd 3114 ntp 27u IPv6 26947 0t0 UDP [X.X.X.X]:123
399. ntpd 3114 ntp 28u IPv6 38351 0t0 UDP [X.X.X.X]:123
400. ntpd 3114 ntp 29u IPv6 47177 0t0 UDP [X.X.X.X]:123
401. ntpd 3114 ntp 30u IPv6 47178 0t0 UDP [X.X.X.X]:123
402. ntpd 3114 ntp 31u IPv6 47179 0t0 UDP [X.X.X.X]:123
403. apache2 3167 root 4u IPv6 35920 0t0 TCP *:443 (LISTEN)
404. apache2 3167 root 6u IPv6 35924 0t0 TCP *:9876 (LISTEN)
405. apache2 3172 www-data 4u IPv6 35920 0t0 TCP *:443 (LISTEN)
406. apache2 3172 www-data 6u IPv6 35924 0t0 TCP *:9876 (LISTEN)
407. apache2 3172 www-data 21u IPv4 180491 0t0 TCP X.X.X.X:39654->X.X.X.X:5601 (CLOSE_WAIT)
408. apache2 3172 www-data 22u IPv4 168427 0t0 TCP X.X.X.X:39690->X.X.X.X:5601 (CLOSE_WAIT)
409. apache2 3172 www-data 23u IPv4 184844 0t0 TCP X.X.X.X:39716->X.X.X.X:5601 (CLOSE_WAIT)
410. apache2 3173 www-data 4u IPv6 35920 0t0 TCP *:443 (LISTEN)
411. apache2 3173 www-data 6u IPv6 35924 0t0 TCP *:9876 (LISTEN)
412. apache2 3174 www-data 4u IPv6 35920 0t0 TCP *:443 (LISTEN)
413. apache2 3174 www-data 6u IPv6 35924 0t0 TCP *:9876 (LISTEN)
414. apache2 3174 www-data 21u IPv4 179427 0t0 TCP X.X.X.X:39700->X.X.X.X:5601 (CLOSE_WAIT)
415. apache2 3174 www-data 22u IPv4 179425 0t0 TCP X.X.X.X:39666->X.X.X.X:5601 (CLOSE_WAIT)
416. apache2 3175 www-data 4u IPv6 35920 0t0 TCP *:443 (LISTEN)
417. apache2 3175 www-data 6u IPv6 35924 0t0 TCP *:9876 (LISTEN)
418. apache2 3175 www-data 21u IPv4 168421 0t0 TCP X.X.X.X:39656->X.X.X.X:5601 (CLOSE_WAIT)
419. apache2 3175 www-data 22u IPv4 181927 0t0 TCP X.X.X.X:39672->X.X.X.X:5601 (CLOSE_WAIT)
420. apache2 3175 www-data 23u IPv4 190771 0t0 TCP X.X.X.X:39696->X.X.X.X:5601 (CLOSE_WAIT)
421. apache2 3295 www-data 4u IPv6 35920 0t0 TCP *:443 (LISTEN)
422. apache2 3295 www-data 6u IPv6 35924 0t0 TCP *:9876 (LISTEN)
423. apache2 3295 www-data 21u IPv4 36688 0t0 TCP X.X.X.X:38732->X.X.X.X:5601 (CLOSE_WAIT)
424. apache2 3295 www-data 22u IPv4 167913 0t0 TCP X.X.X.X:39642->X.X.X.X:5601 (CLOSE_WAIT)
425. cupsd 3307 root 10u IPv6 20589 0t0 TCP [X.X.X.X]:631 (LISTEN)
426. cupsd 3307 root 11u IPv4 20590 0t0 TCP X.X.X.X:631 (LISTEN)
427. tclsh 3392 SO-user 13u IPv4 9775 0t0 TCP *:7734 (LISTEN)
428. tclsh 3392 SO-user 14u IPv6 9776 0t0 TCP *:7734 (LISTEN)
429. tclsh 3392 SO-user 15u IPv4 9779 0t0 TCP *:7736 (LISTEN)
430. tclsh 3392 SO-user 16u IPv6 9780 0t0 TCP *:7736 (LISTEN)
431. tclsh 3392 SO-user 17u IPv4 9951 0t0 TCP X.X.X.X:7736->X.X.X.X:39823 (ESTABLISHED)
432. tclsh 3392 SO-user 18u IPv4 10742 0t0 TCP X.X.X.X:7736->X.X.X.X:46106 (ESTABLISHED)
433. tclsh 3392 SO-user 19u IPv4 38211 0t0 TCP X.X.X.X:7736->X.X.X.X:45720 (ESTABLISHED)
434. tclsh 3392 SO-user 20u IPv4 33149 0t0 TCP X.X.X.X:7736->X.X.X.X:43160 (ESTABLISHED)
435. tclsh 3392 SO-user 21u IPv4 11759 0t0 TCP X.X.X.X:7736->X.X.X.X:37382 (ESTABLISHED)
436. tclsh 3392 SO-user 22u IPv4 11760 0t0 TCP X.X.X.X:7736->X.X.X.X:41150 (ESTABLISHED)
437. tclsh 3392 SO-user 23u IPv4 28391 0t0 TCP X.X.X.X:7736->X.X.X.X:45280 (ESTABLISHED)
438. tclsh 3392 SO-user 24u IPv4 28392 0t0 TCP X.X.X.X:7736->X.X.X.X:46280 (ESTABLISHED)
439. tclsh 3392 SO-user 25u IPv4 28393 0t0 TCP X.X.X.X:7736->X.X.X.X:46360 (ESTABLISHED)
440. tclsh 3392 SO-user 26u IPv4 22086 0t0 TCP X.X.X.X:7736->X.X.X.X:39275 (ESTABLISHED)
441. tclsh 3392 SO-user 27u IPv4 16803 0t0 TCP X.X.X.X:7736->X.X.X.X:32891 (ESTABLISHED)
442. tclsh 3392 SO-user 28u IPv4 22087 0t0 TCP X.X.X.X:7736->X.X.X.X:38317 (ESTABLISHED)
443. tclsh 3392 SO-user 29u IPv4 37170 0t0 TCP X.X.X.X:7736->X.X.X.X:42149 (ESTABLISHED)
444. tclsh 3392 SO-user 30u IPv4 22924 0t0 TCP X.X.X.X:7736->X.X.X.X:40310 (ESTABLISHED)
445. tclsh 3392 SO-user 31u IPv4 22925 0t0 TCP X.X.X.X:7736->X.X.X.X:45052 (ESTABLISHED)
446. tclsh 3392 SO-user 32u IPv4 22926 0t0 TCP X.X.X.X:7736->X.X.X.X:39369 (ESTABLISHED)
447. tclsh 3392 SO-user 33u IPv4 22947 0t0 TCP X.X.X.X:7736->X.X.X.X:32964 (ESTABLISHED)
448. tclsh 3392 SO-user 34u IPv4 14752 0t0 TCP X.X.X.X:7736->X.X.X.X:33396 (ESTABLISHED)
449. tclsh 3392 SO-user 35u IPv4 51931 0t0 TCP X.X.X.X:7734->X.X.X.X:64828 (ESTABLISHED)
450. tclsh 3439 SO-user 3u IPv4 12871 0t0 TCP X.X.X.X:39823->X.X.X.X:7736 (ESTABLISHED)
451. bro 3716 SO-user 4u IPv4 14531 0t0 UDP X.X.X.X:57464->X.X.X.X:53
452. bro 3718 SO-user 0u IPv4 16675 0t0 TCP *:47761 (LISTEN)
453. bro 3718 SO-user 1u IPv6 16676 0t0 TCP *:47761 (LISTEN)
454. bro 3718 SO-user 2u IPv4 16714 0t0 TCP X.X.X.X:47761->X.X.X.X:60394 (ESTABLISHED)
455. bro 3718 SO-user 4u IPv4 14531 0t0 UDP X.X.X.X:57464->X.X.X.X:53
456. bro 3718 SO-user 14u IPv4 9905 0t0 TCP X.X.X.X:47761->X.X.X.X:60398 (ESTABLISHED)
457. bro 3718 SO-user 19u IPv4 33939 0t0 TCP X.X.X.X:47761->X.X.X.X:60400 (ESTABLISHED)
458. bro 3718 SO-user 24u IPv4 33942 0t0 TCP X.X.X.X:47761->X.X.X.X:60404 (ESTABLISHED)
459. bro 3718 SO-user 29u IPv4 33945 0t0 TCP X.X.X.X:47761->X.X.X.X:60408 (ESTABLISHED)
460. bro 3718 SO-user 34u IPv4 33948 0t0 TCP X.X.X.X:47761->X.X.X.X:60412 (ESTABLISHED)
461. bro 3718 SO-user 39u IPv4 33951 0t0 TCP X.X.X.X:47761->X.X.X.X:60416 (ESTABLISHED)
462. bro 3718 SO-user 44u IPv4 33954 0t0 TCP X.X.X.X:47761->X.X.X.X:60422 (ESTABLISHED)
463. bro 3718 SO-user 49u IPv4 33957 0t0 TCP X.X.X.X:47761->X.X.X.X:60424 (ESTABLISHED)
464. bro 3718 SO-user 54u IPv4 33960 0t0 TCP X.X.X.X:47761->X.X.X.X:60428 (ESTABLISHED)
465. bro 3718 SO-user 59u IPv4 33963 0t0 TCP X.X.X.X:47761->X.X.X.X:60432 (ESTABLISHED)
466. bro 3718 SO-user 64u IPv4 33966 0t0 TCP X.X.X.X:47761->X.X.X.X:60436 (ESTABLISHED)
467. bro 3718 SO-user 69u IPv4 33969 0t0 TCP X.X.X.X:47761->X.X.X.X:60442 (ESTABLISHED)
468. bro 3718 SO-user 74u IPv4 33972 0t0 TCP X.X.X.X:47761->X.X.X.X:60446 (ESTABLISHED)
469. bro 3718 SO-user 79u IPv4 33975 0t0 TCP X.X.X.X:47761->X.X.X.X:60448 (ESTABLISHED)
470. bro 3718 SO-user 84u IPv4 28096 0t0 TCP X.X.X.X:47761->X.X.X.X:60452 (ESTABLISHED)
471. bro 3901 SO-user 4u IPv4 27995 0t0 UDP X.X.X.X:48232->X.X.X.X:53
472. bro 3903 SO-user 0u IPv4 33055 0t0 TCP X.X.X.X:60394->X.X.X.X:47761 (ESTABLISHED)
473. bro 3903 SO-user 4u IPv4 27995 0t0 UDP X.X.X.X:48232->X.X.X.X:53
474. bro 3903 SO-user 12u IPv4 33060 0t0 TCP *:47762 (LISTEN)
475. bro 3903 SO-user 13u IPv6 33061 0t0 TCP *:47762 (LISTEN)
476. bro 3903 SO-user 14u IPv4 28961 0t0 TCP X.X.X.X:47762->X.X.X.X:47226 (ESTABLISHED)
477. bro 3903 SO-user 19u IPv4 28964 0t0 TCP X.X.X.X:47762->X.X.X.X:47232 (ESTABLISHED)
478. bro 3903 SO-user 24u IPv4 28967 0t0 TCP X.X.X.X:47762->X.X.X.X:47236 (ESTABLISHED)
479. bro 3903 SO-user 29u IPv4 28970 0t0 TCP X.X.X.X:47762->X.X.X.X:47240 (ESTABLISHED)
480. bro 3903 SO-user 34u IPv4 28973 0t0 TCP X.X.X.X:47762->X.X.X.X:47244 (ESTABLISHED)
481. bro 3903 SO-user 39u IPv4 28976 0t0 TCP X.X.X.X:47762->X.X.X.X:47248 (ESTABLISHED)
482. bro 3903 SO-user 44u IPv4 28072 0t0 TCP X.X.X.X:47762->X.X.X.X:47250 (ESTABLISHED)
483. bro 3903 SO-user 49u IPv4 28075 0t0 TCP X.X.X.X:47762->X.X.X.X:47256 (ESTABLISHED)
484. bro 3903 SO-user 54u IPv4 28078 0t0 TCP X.X.X.X:47762->X.X.X.X:47260 (ESTABLISHED)
485. bro 3903 SO-user 59u IPv4 28081 0t0 TCP X.X.X.X:47762->X.X.X.X:47264 (ESTABLISHED)
486. bro 3903 SO-user 64u IPv4 28084 0t0 TCP X.X.X.X:47762->X.X.X.X:47268 (ESTABLISHED)
487. bro 3903 SO-user 69u IPv4 28087 0t0 TCP X.X.X.X:47762->X.X.X.X:47270 (ESTABLISHED)
488. bro 3903 SO-user 74u IPv4 28090 0t0 TCP X.X.X.X:47762->X.X.X.X:47274 (ESTABLISHED)
489. bro 3903 SO-user 79u IPv4 28093 0t0 TCP X.X.X.X:47762->X.X.X.X:47280 (ESTABLISHED)
490. bro 3903 SO-user 84u IPv4 28099 0t0 TCP X.X.X.X:47762->X.X.X.X:47284 (ESTABLISHED)
491. bro 6040 SO-user 4u IPv4 34993 0t0 UDP X.X.X.X:60272->X.X.X.X:53
492. bro 6063 SO-user 4u IPv4 30928 0t0 UDP X.X.X.X:60905->X.X.X.X:53
493. bro 6079 SO-user 4u IPv4 19874 0t0 UDP X.X.X.X:58147->X.X.X.X:53
494. bro 6080 SO-user 4u IPv4 33118 0t0 UDP X.X.X.X:37315->X.X.X.X:53
495. bro 6096 SO-user 4u IPv4 39053 0t0 UDP X.X.X.X:41588->X.X.X.X:53
496. bro 6108 SO-user 4u IPv4 20651 0t0 UDP X.X.X.X:39657->X.X.X.X:53
497. bro 6112 SO-user 4u IPv4 42207 0t0 UDP X.X.X.X:43426->X.X.X.X:53
498. bro 6124 SO-user 4u IPv4 22844 0t0 UDP X.X.X.X:53553->X.X.X.X:53
499. bro 6134 SO-user 4u IPv4 37078 0t0 UDP X.X.X.X:47527->X.X.X.X:53
500. bro 6138 SO-user 4u IPv4 26796 0t0 UDP X.X.X.X:58973->X.X.X.X:53
501. bro 6140 SO-user 4u IPv4 21886 0t0 UDP X.X.X.X:56607->X.X.X.X:53
502. bro 6141 SO-user 4u IPv4 26227 0t0 UDP X.X.X.X:33445->X.X.X.X:53
503. bro 6151 SO-user 4u IPv4 14679 0t0 UDP X.X.X.X:45648->X.X.X.X:53
504. bro 6152 SO-user 4u IPv4 11674 0t0 UDP X.X.X.X:51781->X.X.X.X:53
505. bro 6153 SO-user 4u IPv4 9902 0t0 UDP X.X.X.X:45577->X.X.X.X:53
506. bro 6154 SO-user 0u IPv4 12832 0t0 TCP X.X.X.X:47226->X.X.X.X:47762 (ESTABLISHED)
507. bro 6154 SO-user 4u IPv4 14679 0t0 UDP X.X.X.X:45648->X.X.X.X:53
508. bro 6154 SO-user 12u IPv4 12835 0t0 TCP X.X.X.X:60398->X.X.X.X:47761 (ESTABLISHED)
509. bro 6154 SO-user 17u IPv4 12840 0t0 TCP *:47775 (LISTEN)
510. bro 6154 SO-user 18u IPv6 12841 0t0 TCP *:47775 (LISTEN)
511. bro 6155 SO-user 0u IPv4 37093 0t0 TCP X.X.X.X:60404->X.X.X.X:47761 (ESTABLISHED)
512. bro 6155 SO-user 4u IPv4 37078 0t0 UDP X.X.X.X:47527->X.X.X.X:53
513. bro 6155 SO-user 12u IPv4 37096 0t0 TCP X.X.X.X:47236->X.X.X.X:47762 (ESTABLISHED)
514. bro 6155 SO-user 17u IPv4 37101 0t0 TCP *:47770 (LISTEN)
515. bro 6155 SO-user 18u IPv6 37102 0t0 TCP *:47770 (LISTEN)
516. bro 6156 SO-user 0u IPv4 37083 0t0 TCP X.X.X.X:60400->X.X.X.X:47761 (ESTABLISHED)
517. bro 6156 SO-user 4u IPv4 9902 0t0 UDP X.X.X.X:45577->X.X.X.X:53
518. bro 6156 SO-user 12u IPv4 37086 0t0 TCP X.X.X.X:47232->X.X.X.X:47762 (ESTABLISHED)
519. bro 6156 SO-user 17u IPv4 37091 0t0 TCP *:47777 (LISTEN)
520. bro 6156 SO-user 18u IPv6 37092 0t0 TCP *:47777 (LISTEN)
521. bro 6157 SO-user 0u IPv4 37103 0t0 TCP X.X.X.X:60412->X.X.X.X:47761 (ESTABLISHED)
522. bro 6157 SO-user 4u IPv4 33118 0t0 UDP X.X.X.X:37315->X.X.X.X:53
523. bro 6157 SO-user 12u IPv4 37106 0t0 TCP X.X.X.X:47244->X.X.X.X:47762 (ESTABLISHED)
524. bro 6157 SO-user 17u IPv4 37111 0t0 TCP *:47767 (LISTEN)
525. bro 6157 SO-user 18u IPv6 37112 0t0 TCP *:47767 (LISTEN)
526. bro 6160 SO-user 0u IPv4 38179 0t0 TCP X.X.X.X:60408->X.X.X.X:47761 (ESTABLISHED)
527. bro 6160 SO-user 4u IPv4 22844 0t0 UDP X.X.X.X:53553->X.X.X.X:53
528. bro 6160 SO-user 12u IPv4 38182 0t0 TCP X.X.X.X:47240->X.X.X.X:47762 (ESTABLISHED)
529. bro 6160 SO-user 17u IPv4 38187 0t0 TCP *:47771 (LISTEN)
530. bro 6160 SO-user 18u IPv6 38188 0t0 TCP *:47771 (LISTEN)
531. bro 6162 SO-user 0u IPv4 37113 0t0 TCP X.X.X.X:60416->X.X.X.X:47761 (ESTABLISHED)
532. bro 6162 SO-user 4u IPv4 30928 0t0 UDP X.X.X.X:60905->X.X.X.X:53
533. bro 6162 SO-user 12u IPv4 37116 0t0 TCP X.X.X.X:47248->X.X.X.X:47762 (ESTABLISHED)
534. bro 6162 SO-user 17u IPv4 37121 0t0 TCP *:47764 (LISTEN)
535. bro 6162 SO-user 18u IPv6 37122 0t0 TCP *:47764 (LISTEN)
536. bro 6163 SO-user 0u IPv4 37123 0t0 TCP X.X.X.X:60428->X.X.X.X:47761 (ESTABLISHED)
537. bro 6163 SO-user 4u IPv4 34993 0t0 UDP X.X.X.X:60272->X.X.X.X:53
538. bro 6163 SO-user 12u IPv4 37126 0t0 TCP X.X.X.X:47260->X.X.X.X:47762 (ESTABLISHED)
539. bro 6163 SO-user 17u IPv4 37131 0t0 TCP *:47763 (LISTEN)
540. bro 6163 SO-user 18u IPv6 37132 0t0 TCP *:47763 (LISTEN)
541. bro 6168 SO-user 0u IPv4 12842 0t0 TCP X.X.X.X:47250->X.X.X.X:47762 (ESTABLISHED)
542. bro 6168 SO-user 4u IPv4 39053 0t0 UDP X.X.X.X:41588->X.X.X.X:53
543. bro 6168 SO-user 12u IPv4 12845 0t0 TCP X.X.X.X:60422->X.X.X.X:47761 (ESTABLISHED)
544. bro 6168 SO-user 17u IPv4 12850 0t0 TCP *:47766 (LISTEN)
545. bro 6168 SO-user 18u IPv6 12851 0t0 TCP *:47766 (LISTEN)
546. bro 6173 SO-user 0u IPv4 40541 0t0 TCP X.X.X.X:60424->X.X.X.X:47761 (ESTABLISHED)
547. bro 6173 SO-user 4u IPv4 11674 0t0 UDP X.X.X.X:51781->X.X.X.X:53
548. bro 6173 SO-user 12u IPv4 40544 0t0 TCP X.X.X.X:47256->X.X.X.X:47762 (ESTABLISHED)
549. bro 6173 SO-user 17u IPv4 40549 0t0 TCP *:47776 (LISTEN)
550. bro 6173 SO-user 18u IPv6 40550 0t0 TCP *:47776 (LISTEN)
551. bro 6175 SO-user 0u IPv4 37133 0t0 TCP X.X.X.X:60436->X.X.X.X:47761 (ESTABLISHED)
552. bro 6175 SO-user 4u IPv4 26227 0t0 UDP X.X.X.X:33445->X.X.X.X:53
553. bro 6175 SO-user 12u IPv4 37136 0t0 TCP X.X.X.X:47268->X.X.X.X:47762 (ESTABLISHED)
554. bro 6175 SO-user 17u IPv4 37141 0t0 TCP *:47772 (LISTEN)
555. bro 6175 SO-user 18u IPv6 37142 0t0 TCP *:47772 (LISTEN)
556. bro 6176 SO-user 0u IPv4 38189 0t0 TCP X.X.X.X:60432->X.X.X.X:47761 (ESTABLISHED)
557. bro 6176 SO-user 4u IPv4 26796 0t0 UDP X.X.X.X:58973->X.X.X.X:53
558. bro 6176 SO-user 12u IPv4 38192 0t0 TCP X.X.X.X:47264->X.X.X.X:47762 (ESTABLISHED)
559. bro 6176 SO-user 17u IPv4 38197 0t0 TCP *:47773 (LISTEN)
560. bro 6176 SO-user 18u IPv6 38198 0t0 TCP *:47773 (LISTEN)
561. bro 6179 SO-user 0u IPv4 42216 0t0 TCP X.X.X.X:47270->X.X.X.X:47762 (ESTABLISHED)
562. bro 6179 SO-user 4u IPv4 20651 0t0 UDP X.X.X.X:39657->X.X.X.X:53
563. bro 6179 SO-user 12u IPv4 42219 0t0 TCP X.X.X.X:60442->X.X.X.X:47761 (ESTABLISHED)
564. bro 6179 SO-user 17u IPv4 42224 0t0 TCP *:47768 (LISTEN)
565. bro 6179 SO-user 18u IPv6 42225 0t0 TCP *:47768 (LISTEN)
566. bro 6183 SO-user 0u IPv4 14690 0t0 TCP X.X.X.X:47274->X.X.X.X:47762 (ESTABLISHED)
567. bro 6183 SO-user 4u IPv4 42207 0t0 UDP X.X.X.X:43426->X.X.X.X:53
568. bro 6183 SO-user 12u IPv4 14693 0t0 TCP X.X.X.X:60446->X.X.X.X:47761 (ESTABLISHED)
569. bro 6183 SO-user 17u IPv4 14698 0t0 TCP *:47769 (LISTEN)
570. bro 6183 SO-user 18u IPv6 14699 0t0 TCP *:47769 (LISTEN)
571. bro 6185 SO-user 0u IPv4 12852 0t0 TCP X.X.X.X:60448->X.X.X.X:47761 (ESTABLISHED)
572. bro 6185 SO-user 4u IPv4 19874 0t0 UDP X.X.X.X:58147->X.X.X.X:53
573. bro 6185 SO-user 12u IPv4 12855 0t0 TCP X.X.X.X:47280->X.X.X.X:47762 (ESTABLISHED)
574. bro 6185 SO-user 17u IPv4 12860 0t0 TCP *:47765 (LISTEN)
575. bro 6185 SO-user 18u IPv6 12861 0t0 TCP *:47765 (LISTEN)
576. bro 6196 SO-user 0u IPv4 10714 0t0 TCP X.X.X.X:60452->X.X.X.X:47761 (ESTABLISHED)
577. bro 6196 SO-user 4u IPv4 21886 0t0 UDP X.X.X.X:56607->X.X.X.X:53
578. bro 6196 SO-user 12u IPv4 10717 0t0 TCP X.X.X.X:47284->X.X.X.X:47762 (ESTABLISHED)
579. bro 6196 SO-user 17u IPv4 10722 0t0 TCP *:47774 (LISTEN)
580. bro 6196 SO-user 18u IPv6 10723 0t0 TCP *:47774 (LISTEN)
581. tclsh 6467 SO-user 3u IPv4 29880 0t0 TCP X.X.X.X:46106->X.X.X.X:7736 (ESTABLISHED)
582. tclsh 6486 SO-user 3u IPv4 29890 0t0 TCP X.X.X.X:45720->X.X.X.X:7736 (ESTABLISHED)
583. tclsh 6486 SO-user 4u IPv4 29891 0t0 TCP X.X.X.X:8501 (LISTEN)
584. tclsh 6486 SO-user 6u IPv4 36156 0t0 TCP X.X.X.X:8501->X.X.X.X:38310 (ESTABLISHED)
585. tclsh 6504 SO-user 3u IPv4 13545 0t0 TCP X.X.X.X:43160->X.X.X.X:7736 (ESTABLISHED)
586. tclsh 6504 SO-user 4u IPv4 14730 0t0 TCP X.X.X.X:8502 (LISTEN)
587. tclsh 6504 SO-user 6u IPv4 18773 0t0 TCP X.X.X.X:8502->X.X.X.X:55532 (ESTABLISHED)
588. tclsh 6526 SO-user 3u IPv4 17797 0t0 TCP X.X.X.X:37382->X.X.X.X:7736 (ESTABLISHED)
589. tclsh 6526 SO-user 4u IPv4 17798 0t0 TCP X.X.X.X:8503 (LISTEN)
590. tclsh 6526 SO-user 6u IPv4 12008 0t0 TCP X.X.X.X:8503->X.X.X.X:46260 (ESTABLISHED)
591. tclsh 6544 SO-user 3u IPv4 23811 0t0 TCP X.X.X.X:41150->X.X.X.X:7736 (ESTABLISHED)
592. tclsh 6544 SO-user 4u IPv4 23812 0t0 TCP X.X.X.X:8504 (LISTEN)
593. tclsh 6544 SO-user 6u IPv4 12009 0t0 TCP X.X.X.X:8504->X.X.X.X:44900 (ESTABLISHED)
594. tclsh 6563 SO-user 3u IPv4 34026 0t0 TCP X.X.X.X:45280->X.X.X.X:7736 (ESTABLISHED)
595. tclsh 6563 SO-user 4u IPv4 34027 0t0 TCP X.X.X.X:8505 (LISTEN)
596. tclsh 6563 SO-user 6u IPv4 28414 0t0 TCP X.X.X.X:8505->X.X.X.X:37604 (ESTABLISHED)
597. tclsh 6583 SO-user 3u IPv4 34036 0t0 TCP X.X.X.X:46280->X.X.X.X:7736 (ESTABLISHED)
598. tclsh 6583 SO-user 4u IPv4 34037 0t0 TCP X.X.X.X:8506 (LISTEN)
599. tclsh 6583 SO-user 6u IPv4 12007 0t0 TCP X.X.X.X:8506->X.X.X.X:39944 (ESTABLISHED)
600. tclsh 6601 SO-user 3u IPv4 35013 0t0 TCP X.X.X.X:46360->X.X.X.X:7736 (ESTABLISHED)
601. tclsh 6601 SO-user 4u IPv4 35014 0t0 TCP X.X.X.X:8507 (LISTEN)
602. tclsh 6601 SO-user 6u IPv4 37421 0t0 TCP X.X.X.X:8507->X.X.X.X:52402 (ESTABLISHED)
603. tclsh 6619 SO-user 3u IPv4 20715 0t0 TCP X.X.X.X:39275->X.X.X.X:7736 (ESTABLISHED)
604. tclsh 6619 SO-user 4u IPv4 26414 0t0 TCP X.X.X.X:8508 (LISTEN)
605. tclsh 6619 SO-user 6u IPv4 12005 0t0 TCP X.X.X.X:8508->X.X.X.X:39172 (ESTABLISHED)
606. tclsh 6637 SO-user 3u IPv4 36111 0t0 TCP X.X.X.X:32891->X.X.X.X:7736 (ESTABLISHED)
607. tclsh 6637 SO-user 4u IPv4 36112 0t0 TCP X.X.X.X:8509 (LISTEN)
608. tclsh 6637 SO-user 6u IPv4 33338 0t0 TCP X.X.X.X:8509->X.X.X.X:48876 (ESTABLISHED)
609. tclsh 6655 SO-user 3u IPv4 32242 0t0 TCP X.X.X.X:38317->X.X.X.X:7736 (ESTABLISHED)
610. tclsh 6655 SO-user 4u IPv4 13065 0t0 TCP X.X.X.X:8510 (LISTEN)
611. tclsh 6655 SO-user 6u IPv4 20899 0t0 TCP X.X.X.X:8510->X.X.X.X:48382 (ESTABLISHED)
612. tclsh 6674 SO-user 3u IPv4 16810 0t0 TCP X.X.X.X:42149->X.X.X.X:7736 (ESTABLISHED)
613. tclsh 6674 SO-user 4u IPv4 16811 0t0 TCP X.X.X.X:8511 (LISTEN)
614. tclsh 6674 SO-user 6u IPv4 18044 0t0 TCP X.X.X.X:8511->X.X.X.X:45624 (ESTABLISHED)
615. tclsh 6692 SO-user 3u IPv4 24942 0t0 TCP X.X.X.X:40310->X.X.X.X:7736 (ESTABLISHED)
616. tclsh 6692 SO-user 4u IPv4 24943 0t0 TCP X.X.X.X:8512 (LISTEN)
617. tclsh 6692 SO-user 6u IPv4 25034 0t0 TCP X.X.X.X:8512->X.X.X.X:39450 (ESTABLISHED)
618. tclsh 6711 SO-user 3u IPv4 35057 0t0 TCP X.X.X.X:45052->X.X.X.X:7736 (ESTABLISHED)
619. tclsh 6711 SO-user 4u IPv4 35058 0t0 TCP X.X.X.X:8513 (LISTEN)
620. tclsh 6711 SO-user 6u IPv4 37420 0t0 TCP X.X.X.X:8513->X.X.X.X:51996 (ESTABLISHED)
621. tclsh 6729 SO-user 3u IPv4 28401 0t0 TCP X.X.X.X:39369->X.X.X.X:7736 (ESTABLISHED)
622. tclsh 6729 SO-user 4u IPv4 28402 0t0 TCP X.X.X.X:8514 (LISTEN)
623. tclsh 6729 SO-user 6u IPv4 32362 0t0 TCP X.X.X.X:8514->X.X.X.X:56428 (ESTABLISHED)
624. tclsh 6750 SO-user 3u IPv4 16835 0t0 TCP X.X.X.X:32964->X.X.X.X:7736 (ESTABLISHED)
625. tclsh 6750 SO-user 4u IPv4 16836 0t0 TCP X.X.X.X:8515 (LISTEN)
626. tclsh 6750 SO-user 6u IPv4 16933 0t0 TCP X.X.X.X:8515->X.X.X.X:40458 (ESTABLISHED)
627. barnyard2 7017 SO-user 3u IPv4 36155 0t0 TCP X.X.X.X:38310->X.X.X.X:8501 (ESTABLISHED)
628. barnyard2 7034 SO-user 3u IPv4 33278 0t0 TCP X.X.X.X:55532->X.X.X.X:8502 (ESTABLISHED)
629. barnyard2 7054 SO-user 3u IPv4 13850 0t0 TCP X.X.X.X:46260->X.X.X.X:8503 (ESTABLISHED)
630. barnyard2 7072 SO-user 3u IPv4 29355 0t0 TCP X.X.X.X:44900->X.X.X.X:8504 (ESTABLISHED)
631. barnyard2 7092 SO-user 3u IPv4 28413 0t0 TCP X.X.X.X:37604->X.X.X.X:8505 (ESTABLISHED)
632. barnyard2 7110 SO-user 3u IPv4 45118 0t0 TCP X.X.X.X:39944->X.X.X.X:8506 (ESTABLISHED)
633. barnyard2 7127 SO-user 3u IPv4 12004 0t0 TCP X.X.X.X:52402->X.X.X.X:8507 (ESTABLISHED)
634. barnyard2 7146 SO-user 3u IPv4 20355 0t0 TCP X.X.X.X:39172->X.X.X.X:8508 (ESTABLISHED)
635. barnyard2 7163 SO-user 3u IPv4 33337 0t0 TCP X.X.X.X:48876->X.X.X.X:8509 (ESTABLISHED)
636. barnyard2 7181 SO-user 3u IPv4 20898 0t0 TCP X.X.X.X:48382->X.X.X.X:8510 (ESTABLISHED)
637. barnyard2 7203 SO-user 3u IPv4 18043 0t0 TCP X.X.X.X:45624->X.X.X.X:8511 (ESTABLISHED)
638. barnyard2 7236 SO-user 3u IPv4 23060 0t0 TCP X.X.X.X:39450->X.X.X.X:8512 (ESTABLISHED)
639. barnyard2 7254 SO-user 3u IPv4 25033 0t0 TCP X.X.X.X:51996->X.X.X.X:8513 (ESTABLISHED)
640. barnyard2 7272 SO-user 3u IPv4 32361 0t0 TCP X.X.X.X:56428->X.X.X.X:8514 (ESTABLISHED)
641. barnyard2 7290 SO-user 3u IPv4 32407 0t0 TCP X.X.X.X:40458->X.X.X.X:8515 (ESTABLISHED)
642. tclsh 7312 SO-user 3u IPv4 36184 0t0 TCP X.X.X.X:33396->X.X.X.X:7736 (ESTABLISHED)
643. docker-pr 7498 root 4u IPv6 26854 0t0 TCP *:10004 (LISTEN)
644. docker-pr 7801 root 4u IPv6 44079 0t0 TCP *:20000 (LISTEN)
645. docker-pr 8085 root 4u IPv6 26904 0t0 TCP *:9300 (LISTEN)
646. docker-pr 8110 root 4u IPv6 32370 0t0 TCP *:9200 (LISTEN)
647. docker-pr 8433 root 4u IPv6 35261 0t0 TCP *:6053 (LISTEN)
648. docker-pr 8445 root 4u IPv6 11994 0t0 TCP *:6052 (LISTEN)
649. docker-pr 8457 root 4u IPv6 43320 0t0 TCP *:6051 (LISTEN)
650. docker-pr 8469 root 3u IPv6 46315 0t0 TCP X.X.X.X:6050->X.X.X.X:43179 (ESTABLISHED)
651. docker-pr 8469 root 4u IPv6 12001 0t0 TCP *:6050 (LISTEN)
652. docker-pr 8469 root 6u IPv4 46317 0t0 TCP X.X.X.X:49380->X.X.X.X:6050 (ESTABLISHED)
653. sshd 8700 root 3u IPv4 18849 0t0 TCP X.X.X.X:ssh_port->X.X.X.X:64746 (ESTABLISHED)
654. sshd 8883 SO-user 3u IPv4 18849 0t0 TCP X.X.X.X:ssh_port->X.X.X.X:64746 (ESTABLISHED)
655. docker-pr 9047 root 3u IPv6 189556 0t0 TCP X.X.X.X:5601->X.X.X.X:39642 (FIN_WAIT2)
656. docker-pr 9047 root 4u IPv6 45161 0t0 TCP *:5601 (LISTEN)
657. docker-pr 9047 root 6u IPv4 189558 0t0 TCP X.X.X.X:44818->X.X.X.X:5601 (CLOSE_WAIT)
658. docker-pr 9047 root 10u IPv6 45252 0t0 TCP X.X.X.X:5601->X.X.X.X:38698 (FIN_WAIT2)
659. docker-pr 9047 root 11u IPv4 45254 0t0 TCP X.X.X.X:43874->X.X.X.X:5601 (CLOSE_WAIT)
660. docker-pr 9047 root 12u IPv6 52924 0t0 TCP X.X.X.X:5601->X.X.X.X:38708 (FIN_WAIT2)
661. docker-pr 9047 root 13u IPv4 52926 0t0 TCP X.X.X.X:43884->X.X.X.X:5601 (CLOSE_WAIT)
662. docker-pr 9047 root 14u IPv6 178044 0t0 TCP X.X.X.X:5601->X.X.X.X:39662 (FIN_WAIT2)
663. docker-pr 9047 root 16u IPv4 178046 0t0 TCP X.X.X.X:44838->X.X.X.X:5601 (CLOSE_WAIT)
664. docker-pr 9047 root 18u IPv6 52929 0t0 TCP X.X.X.X:5601->X.X.X.X:38730 (FIN_WAIT2)
665. docker-pr 9047 root 19u IPv4 52931 0t0 TCP X.X.X.X:43908->X.X.X.X:5601 (CLOSE_WAIT)
666. docker-pr 9047 root 20u IPv6 33643 0t0 TCP X.X.X.X:5601->X.X.X.X:38732 (FIN_WAIT2)
667. docker-pr 9047 root 21u IPv4 33645 0t0 TCP X.X.X.X:43910->X.X.X.X:5601 (CLOSE_WAIT)
668. docker-pr 9047 root 24u IPv6 189561 0t0 TCP X.X.X.X:5601->X.X.X.X:39700 (FIN_WAIT2)
669. docker-pr 9047 root 25u IPv6 189562 0t0 TCP X.X.X.X:5601->X.X.X.X:39702 (FIN_WAIT2)
670. docker-pr 9047 root 26u IPv4 195647 0t0 TCP X.X.X.X:44878->X.X.X.X:5601 (CLOSE_WAIT)
671. docker-pr 9047 root 27u IPv4 189564 0t0 TCP X.X.X.X:44880->X.X.X.X:5601 (CLOSE_WAIT)
672. docker-pr 9047 root 28u IPv6 195648 0t0 TCP X.X.X.X:5601->X.X.X.X:39708 (FIN_WAIT2)
673. docker-pr 9047 root 29u IPv4 195650 0t0 TCP X.X.X.X:44884->X.X.X.X:5601 (CLOSE_WAIT)
674. docker-pr 9047 root 30u IPv6 176900 0t0 TCP X.X.X.X:5601->X.X.X.X:39654 (FIN_WAIT2)
675. docker-pr 9047 root 31u IPv6 176901 0t0 TCP X.X.X.X:5601->X.X.X.X:39656 (FIN_WAIT2)
676. docker-pr 9047 root 32u IPv4 176903 0t0 TCP X.X.X.X:44832->X.X.X.X:5601 (CLOSE_WAIT)
677. docker-pr 9047 root 33u IPv4 192543 0t0 TCP X.X.X.X:44834->X.X.X.X:5601 (CLOSE_WAIT)
678. docker-pr 9047 root 34u IPv6 183782 0t0 TCP X.X.X.X:5601->X.X.X.X:39666 (FIN_WAIT2)
679. docker-pr 9047 root 35u IPv4 183784 0t0 TCP X.X.X.X:44842->X.X.X.X:5601 (CLOSE_WAIT)
680. docker-pr 9047 root 36u IPv6 188725 0t0 TCP X.X.X.X:5601->X.X.X.X:39672 (FIN_WAIT2)
681. docker-pr 9047 root 37u IPv4 188727 0t0 TCP X.X.X.X:44848->X.X.X.X:5601 (CLOSE_WAIT)
682. docker-pr 9047 root 38u IPv6 146371 0t0 TCP X.X.X.X:5601->X.X.X.X:39684 (FIN_WAIT2)
683. docker-pr 9047 root 39u IPv4 146373 0t0 TCP X.X.X.X:44860->X.X.X.X:5601 (CLOSE_WAIT)
684. docker-pr 9047 root 40u IPv6 171717 0t0 TCP X.X.X.X:5601->X.X.X.X:39690 (FIN_WAIT2)
685. docker-pr 9047 root 41u IPv4 171719 0t0 TCP X.X.X.X:44866->X.X.X.X:5601 (CLOSE_WAIT)
686. docker-pr 9047 root 42u IPv6 180492 0t0 TCP X.X.X.X:5601->X.X.X.X:39696 (FIN_WAIT2)
687. docker-pr 9047 root 43u IPv4 180494 0t0 TCP X.X.X.X:44872->X.X.X.X:5601 (CLOSE_WAIT)
688. docker-pr 9047 root 44u IPv6 183788 0t0 TCP X.X.X.X:5601->X.X.X.X:39716 (FIN_WAIT2)
689. docker-pr 9047 root 45u IPv4 183790 0t0 TCP X.X.X.X:44892->X.X.X.X:5601 (CLOSE_WAIT)
690. apache2 10523 www-data 4u IPv6 35920 0t0 TCP *:443 (LISTEN)
691. apache2 10523 www-data 6u IPv6 35924 0t0 TCP *:9876 (LISTEN)
692. apache2 10523 www-data 20u IPv4 39493 0t0 TCP X.X.X.X:38698->X.X.X.X:5601 (CLOSE_WAIT)
693. apache2 10523 www-data 22u IPv4 189559 0t0 TCP X.X.X.X:39662->X.X.X.X:5601 (CLOSE_WAIT)
694. apache2 10523 www-data 23u IPv4 56333 0t0 TCP X.X.X.X:38730->X.X.X.X:5601 (CLOSE_WAIT)
695. apache2 10523 www-data 24u IPv4 188730 0t0 TCP X.X.X.X:39684->X.X.X.X:5601 (CLOSE_WAIT)
696. apache2 10524 www-data 4u IPv6 35920 0t0 TCP *:443 (LISTEN)
697. apache2 10524 www-data 6u IPv6 35924 0t0 TCP *:9876 (LISTEN)
698. apache2 10524 www-data 19u IPv6 406087 0t0 TCP X.X.X.X:443->X.X.X.X:62401 (ESTABLISHED)
699. apache2 10524 www-data 20u IPv4 178362 0t0 TCP X.X.X.X:39702->X.X.X.X:5601 (CLOSE_WAIT)
700. apache2 10525 www-data 4u IPv6 35920 0t0 TCP *:443 (LISTEN)
701. apache2 10525 www-data 6u IPv6 35924 0t0 TCP *:9876 (LISTEN)
702. apache2 10525 www-data 20u IPv4 31353 0t0 TCP X.X.X.X:38708->X.X.X.X:5601 (CLOSE_WAIT)
703. apache2 10525 www-data 22u IPv4 168428 0t0 TCP X.X.X.X:39708->X.X.X.X:5601 (CLOSE_WAIT)
704. apache2 10526 www-data 4u IPv6 35920 0t0 TCP *:443 (LISTEN)
705. apache2 10526 www-data 6u IPv6 35924 0t0 TCP *:9876 (LISTEN)
706. sshd 13147 root 3u IPv4 67143 0t0 TCP X.X.X.X:ssh_port->X.X.X.X:53109 (ESTABLISHED)
707. sshd 13599 SO-user 3u IPv4 67143 0t0 TCP X.X.X.X:ssh_port->X.X.X.X:53109 (ESTABLISHED)
708. apache2 31483 www-data 4u IPv6 35920 0t0 TCP *:443 (LISTEN)
709. apache2 31483 www-data 6u IPv6 35924 0t0 TCP *:9876 (LISTEN)
710.  
711. =========================================================================
712. IDS Rules Update
713. =========================================================================
714.  
715. =========================================================================
716. CPU Usage
717. =========================================================================
718. Load average for the last 1, 5, and 15 minutes:
719. 7.91 9.01 9.63
720. Processing units: 32
721. If load average is higher than processing units,
722. then tune until load average is lower than processing units.
723.  
724. top - 13:27:15 up 1:15, 3 users, load average: 8,00, 9,01, 9,62
725. Tasks: 592 total, 17 running, 575 sleeping, 0 stopped, 0 zombie
726. %Cpu(s): 31,9 us, 3,8 sy, 0,0 ni, 63,5 id, 0,4 wa, 0,0 hi, 0,3 si, 0,0 st
727. KiB Mem: 32903884 total, 32719352 used, 184532 free, 254668 buffers
728. KiB Swap: 33518332 total, 7656744 used, 25861588 free. 13835256 cached Mem
729.  
730. %CPU %MEM COMMAND
731. 77.7 0.9 snort -c /etc/nsm/securityonion-eth5/snort.conf -u SO-user -g SO-user -i eth5 -l /nsm/sensor_data/securityonion-eth5/snort-11 --perfmon-file /nsm/sensor_data/securityonion-eth5/snort-11.stats -U --snaplen 1524
732. 55.2 0.9 snort -c /etc/nsm/securityonion-eth5/snort.conf -u SO-user -g SO-user -i eth5 -l /nsm/sensor_data/securityonion-eth5/snort-4 --perfmon-file /nsm/sensor_data/securityonion-eth5/snort-4.stats -U --snaplen 1524
733. 51.3 0.9 snort -c /etc/nsm/securityonion-eth5/snort.conf -u SO-user -g SO-user -i eth5 -l /nsm/sensor_data/securityonion-eth5/snort-5 --perfmon-file /nsm/sensor_data/securityonion-eth5/snort-5.stats -U --snaplen 1524
734. 51.1 0.9 snort -c /etc/nsm/securityonion-eth5/snort.conf -u SO-user -g SO-user -i eth5 -l /nsm/sensor_data/securityonion-eth5/snort-7 --perfmon-file /nsm/sensor_data/securityonion-eth5/snort-7.stats -U --snaplen 1524
735. 49.8 0.7 snort -c /etc/nsm/securityonion-eth5/snort.conf -u SO-user -g SO-user -i eth5 -l /nsm/sensor_data/securityonion-eth5/snort-6 --perfmon-file /nsm/sensor_data/securityonion-eth5/snort-6.stats -U --snaplen 1524
736. 47.6 0.9 snort -c /etc/nsm/securityonion-eth5/snort.conf -u SO-user -g SO-user -i eth5 -l /nsm/sensor_data/securityonion-eth5/snort-1 --perfmon-file /nsm/sensor_data/securityonion-eth5/snort-1.stats -U --snaplen 1524
737. 44.4 0.5 snort -c /etc/nsm/securityonion-eth5/snort.conf -u SO-user -g SO-user -i eth5 -l /nsm/sensor_data/securityonion-eth5/snort-2 --perfmon-file /nsm/sensor_data/securityonion-eth5/snort-2.stats -U --snaplen 1524
738. 42.4 0.6 snort -c /etc/nsm/securityonion-eth5/snort.conf -u SO-user -g SO-user -i eth5 -l /nsm/sensor_data/securityonion-eth5/snort-3 --perfmon-file /nsm/sensor_data/securityonion-eth5/snort-3.stats -U --snaplen 1524
739. 40.4 0.9 snort -c /etc/nsm/securityonion-eth5/snort.conf -u SO-user -g SO-user -i eth5 -l /nsm/sensor_data/securityonion-eth5/snort-10 --perfmon-file /nsm/sensor_data/securityonion-eth5/snort-10.stats -U --snaplen 1524
740. 39.9 0.9 snort -c /etc/nsm/securityonion-eth5/snort.conf -u SO-user -g SO-user -i eth5 -l /nsm/sensor_data/securityonion-eth5/snort-15 --perfmon-file /nsm/sensor_data/securityonion-eth5/snort-15.stats -U --snaplen 1524
741. 36.6 0.9 snort -c /etc/nsm/securityonion-eth5/snort.conf -u SO-user -g SO-user -i eth5 -l /nsm/sensor_data/securityonion-eth5/snort-13 --perfmon-file /nsm/sensor_data/securityonion-eth5/snort-13.stats -U --snaplen 1524
742. 35.3 0.9 snort -c /etc/nsm/securityonion-eth5/snort.conf -u SO-user -g SO-user -i eth5 -l /nsm/sensor_data/securityonion-eth5/snort-9 --perfmon-file /nsm/sensor_data/securityonion-eth5/snort-9.stats -U --snaplen 1524
743. 31.1 0.3 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-15 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
744. 30.5 0.9 snort -c /etc/nsm/securityonion-eth5/snort.conf -u SO-user -g SO-user -i eth5 -l /nsm/sensor_data/securityonion-eth5/snort-8 --perfmon-file /nsm/sensor_data/securityonion-eth5/snort-8.stats -U --snaplen 1524
745. 30.0 12.9 netsniff-ng -i eth5 -o /nsm/sensor_data/securityonion-eth5/dailylogs/2017-09-19/ --user 1001 --group 1001 -s --prefix snort.log. --verbose --ring-size 4024 iB --interval 150 iB --mmap
746. 29.3 0.9 snort -c /etc/nsm/securityonion-eth5/snort.conf -u SO-user -g SO-user -i eth5 -l /nsm/sensor_data/securityonion-eth5/snort-12 --perfmon-file /nsm/sensor_data/securityonion-eth5/snort-12.stats -U --snaplen 1524
747. 28.5 0.3 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-2 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
748. 27.6 0.3 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-1 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
749. 27.3 0.3 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-4 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
750. 27.3 0.3 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-8 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
751. 27.1 0.3 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-7 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
752. 27.1 0.3 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-11 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
753. 27.1 0.3 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-12 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
754. 27.0 0.9 snort -c /etc/nsm/securityonion-eth5/snort.conf -u SO-user -g SO-user -i eth5 -l /nsm/sensor_data/securityonion-eth5/snort-14 --perfmon-file /nsm/sensor_data/securityonion-eth5/snort-14.stats -U --snaplen 1524
755. 26.9 0.3 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-10 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
756. 26.9 0.3 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-13 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
757. 26.8 0.3 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-9 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
758. 26.7 0.3 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-6 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
759. 26.5 0.3 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-5 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
760. 26.3 0.3 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-3 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
761. 26.3 0.3 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-14 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
762. 20.8 0.0 tclsh /usr/bin/http_agent.tcl -c /etc/nsm/securityonion-eth5/http_agent.conf -e /etc/nsm/securityonion-eth5/http_agent.exclude -f /nsm/bro/logs/current/http_eth5.log
763. 14.9 8.5 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+DisableExplicitGC -Djava.awt.headless=true -Dfile.encoding=UTF-8 -XX:+HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -Xmx8225m -Xms8225m -Xss2048k -Djffi.boot.library.path=/usr/share/logstash/vendor/jruby/lib/jni -Xbootclasspath/a:/usr/share/logstash/vendor/jruby/lib/jruby.jar -classpath : -Djruby.home=/usr/share/logstash/vendor/jruby -Djruby.lib=/usr/share/logstash/vendor/jruby/lib -Djruby.script=jruby -Djruby.shell=/bin/sh org.jruby.Main /usr/share/logstash/lib/bootstrap/environment.rb logstash/runner.rb
764. 14.1 0.4 /usr/sbin/mysqld
765. 11.4 0.2 tclsh /usr/bin/SO-userd -c /etc/nsm/securityonion/SO-userd.conf -a /etc/nsm/securityonion/autocat.conf -g /etc/nsm/securityonion/SO-userd.queries -A /etc/nsm/securityonion/SO-userd.access -C /etc/nsm/securityonion/certs
766. 9.6 0.1 /opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p manager local.bro broctl base/frameworks/cluster local-manager.bro broctl/auto
767. 6.8 0.1 /opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p proxy local.bro broctl base/frameworks/cluster local-proxy broctl/auto
768. 4.5 0.0 [ksoftirqd/20]
769. 3.1 0.0 [kworker/14:1]
770. 3.1 0.0 [kworker/11:1]
771. 3.1 0.0 [kworker/13:1]
772. 3.1 0.0 [kworker/4:0]
773. 3.0 0.0 [kworker/12:1]
774. 3.0 0.0 [kworker/10:1]
775. 3.0 0.0 [kworker/9:0]
776. 2.9 0.0 [kworker/5:1]
777. 2.9 0.0 [kworker/15:1]
778. 2.8 0.0 [kworker/8:1]
779. 2.5 0.0 [rcu_sched]
780. 2.5 0.0 [kworker/20:1]
781. 2.5 0.0 [kworker/28:1]
782. 2.5 0.0 [kworker/29:1]
783. 2.5 0.0 [kworker/0:2]
784. 2.5 0.0 [kworker/7:1]
785. 2.4 0.0 [kworker/27:1]
786. 2.4 0.0 [kworker/9:1]
787. 2.4 0.0 [kworker/26:2]
788. 2.4 0.0 [kworker/24:2]
789. 2.4 0.0 [kworker/30:2]
790. 2.4 0.0 [kworker/2:0]
791. 2.3 0.0 [kworker/31:1]
792. 2.3 0.0 [kworker/25:1]
793. 2.2 0.0 [kworker/6:2]
794. 2.2 0.0 [kworker/3:0]
795. 2.1 0.0 [kworker/1:1]
796. 2.0 0.0 [kworker/21:1]
797. 2.0 9.2 /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -Xms2g -Xmx2g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -server -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -Djdk.io.permissionsUseCanonicalPath=true -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Dlog4j.skipJansi=true -XX:+HeapDumpOnOutOfMemoryError -Des.cgroups.hierarchy.override=/ -Xms8225m -Xmx8225m -Des.path.home=/usr/share/elasticsearch -cp /usr/share/elasticsearch/lib/* org.elasticsearch.bootstrap.Elasticsearch -Etransport.host=X.X.X.X -Ehttp.host=X.X.X.X
798. 2.0 0.0 [kworker/16:2]
799. 2.0 0.0 [kworker/7:2]
800. 1.8 0.0 [kworker/6:0]
801. 1.7 0.0 [kworker/17:1]
802. 1.7 0.0 [kworker/19:1]
803. 1.7 0.0 [kworker/23:2]
804. 1.7 0.0 [kworker/18:0]
805. 1.6 0.0 [kworker/22:1]
806. 1.5 0.0 [kworker/0:1]
807. 1.5 0.0 /var/ossec/bin/ossec-syscheckd
808. 0.9 0.0 [kswapd0]
809. 0.9 0.0 [kswapd1]
810. 0.9 0.0 barnyard2 -c /etc/nsm/securityonion-eth5/barnyard2-3.conf -u SO-user -g SO-user -d /nsm/sensor_data/securityonion-eth5/snort-3 -f snort.unified2 -w /etc/nsm/securityonion-eth5/barnyard2.waldo-3 -i securityonion-eth5-3 -U
811. 0.8 0.0 /usr/sbin/syslog-ng -p /var/run/syslog-ng.pid
812. 0.8 0.0 barnyard2 -c /etc/nsm/securityonion-eth5/barnyard2-4.conf -u SO-user -g SO-user -d /nsm/sensor_data/securityonion-eth5/snort-4 -f snort.unified2 -w /etc/nsm/securityonion-eth5/barnyard2.waldo-4 -i securityonion-eth5-4 -U
813. 0.7 0.0 [jbd2/sda1-8]
814. 0.7 0.0 barnyard2 -c /etc/nsm/securityonion-eth5/barnyard2-6.conf -u SO-user -g SO-user -d /nsm/sensor_data/securityonion-eth5/snort-6 -f snort.unified2 -w /etc/nsm/securityonion-eth5/barnyard2.waldo-6 -i securityonion-eth5-6 -U
815. 0.7 0.0 barnyard2 -c /etc/nsm/securityonion-eth5/barnyard2-7.conf -u SO-user -g SO-user -d /nsm/sensor_data/securityonion-eth5/snort-7 -f snort.unified2 -w /etc/nsm/securityonion-eth5/barnyard2.waldo-7 -i securityonion-eth5-7 -U
816. 0.7 0.0 barnyard2 -c /etc/nsm/securityonion-eth5/barnyard2-8.conf -u SO-user -g SO-user -d /nsm/sensor_data/securityonion-eth5/snort-8 -f snort.unified2 -w /etc/nsm/securityonion-eth5/barnyard2.waldo-8 -i securityonion-eth5-8 -U
817. 0.7 0.0 barnyard2 -c /etc/nsm/securityonion-eth5/barnyard2-11.conf -u SO-user -g SO-user -d /nsm/sensor_data/securityonion-eth5/snort-11 -f snort.unified2 -w /etc/nsm/securityonion-eth5/barnyard2.waldo-11 -i securityonion-eth5-11 -U
818. 0.6 0.0 [kworker/23:1]
819. 0.6 0.0 [kworker/30:1]
820. 0.6 0.0 [jbd2/sdb-8]
821. 0.6 0.0 barnyard2 -c /etc/nsm/securityonion-eth5/barnyard2-12.conf -u SO-user -g SO-user -d /nsm/sensor_data/securityonion-eth5/snort-12 -f snort.unified2 -w /etc/nsm/securityonion-eth5/barnyard2.waldo-12 -i securityonion-eth5-12 -U
822. 0.6 0.0 barnyard2 -c /etc/nsm/securityonion-eth5/barnyard2-13.conf -u SO-user -g SO-user -d /nsm/sensor_data/securityonion-eth5/snort-13 -f snort.unified2 -w /etc/nsm/securityonion-eth5/barnyard2.waldo-13 -i securityonion-eth5-13 -U
823. 0.6 0.2 /usr/share/kibana/bin/../node/bin/node --no-warnings /usr/share/kibana/bin/../src/cli --cpu.cgroup.path.override=/ --cpuacct.cgroup.path.override=/ --kibana.defaultAppId=dashboard/94b52620-342a-11e7-9d52-4f090484f59e
824. 0.5 0.0 barnyard2 -c /etc/nsm/securityonion-eth5/barnyard2-9.conf -u SO-user -g SO-user -d /nsm/sensor_data/securityonion-eth5/snort-9 -f snort.unified2 -w /etc/nsm/securityonion-eth5/barnyard2.waldo-9 -i securityonion-eth5-9 -U
825. 0.5 0.0 barnyard2 -c /etc/nsm/securityonion-eth5/barnyard2-10.conf -u SO-user -g SO-user -d /nsm/sensor_data/securityonion-eth5/snort-10 -f snort.unified2 -w /etc/nsm/securityonion-eth5/barnyard2.waldo-10 -i securityonion-eth5-10 -U
826. 0.5 0.0 [kworker/15:0]
827. 0.5 0.0 [kworker/u129:1]
828. 0.4 0.0 /usr/bin/python /usr/bin/salt-master
829. 0.4 0.1 /opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p manager local.bro broctl base/frameworks/cluster local-manager.bro broctl/auto
830. 0.4 0.0 barnyard2 -c /etc/nsm/securityonion-eth5/barnyard2-1.conf -u SO-user -g SO-user -d /nsm/sensor_data/securityonion-eth5/snort-1 -f snort.unified2 -w /etc/nsm/securityonion-eth5/barnyard2.waldo-1 -i securityonion-eth5-1 -U
831. 0.4 0.0 barnyard2 -c /etc/nsm/securityonion-eth5/barnyard2-2.conf -u SO-user -g SO-user -d /nsm/sensor_data/securityonion-eth5/snort-2 -f snort.unified2 -w /etc/nsm/securityonion-eth5/barnyard2.waldo-2 -i securityonion-eth5-2 -U
832. 0.4 0.0 barnyard2 -c /etc/nsm/securityonion-eth5/barnyard2-5.conf -u SO-user -g SO-user -d /nsm/sensor_data/securityonion-eth5/snort-5 -f snort.unified2 -w /etc/nsm/securityonion-eth5/barnyard2.waldo-5 -i securityonion-eth5-5 -U
833. 0.4 0.0 barnyard2 -c /etc/nsm/securityonion-eth5/barnyard2-15.conf -u SO-user -g SO-user -d /nsm/sensor_data/securityonion-eth5/snort-15 -f snort.unified2 -w /etc/nsm/securityonion-eth5/barnyard2.waldo-15 -i securityonion-eth5-15 -U
834. 0.4 0.9 /usr/bin/python /opt/domain_stats/domain_stats.py -ip X.X.X.X 20000 -a /opt/domain_stats/top-1m.csv --preload 0
835. 0.3 0.1 /usr/bin/dockerd --raw-logs
836. 0.3 0.0 barnyard2 -c /etc/nsm/securityonion-eth5/barnyard2-14.conf -u SO-user -g SO-user -d /nsm/sensor_data/securityonion-eth5/snort-14 -f snort.unified2 -w /etc/nsm/securityonion-eth5/barnyard2.waldo-14 -i securityonion-eth5-14 -U
837. 0.3 0.0 /usr/bin/python /opt/freq_server/freq/freq_server.py -ip X.X.X.X 10004 /opt/freq_server/freq/freq_table.freq
838. 0.2 0.0 /opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p proxy local.bro broctl base/frameworks/cluster local-proxy broctl/auto
839. 0.2 0.0 [kworker/u129:0]
840. 0.1 0.0 [ksoftirqd/0]
841. 0.1 0.0 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --shim docker-containerd-shim --runtime docker-runc
842. 0.1 0.0 /var/ossec/bin/ossec-analysisd
843. 0.1 0.0 tail -n 0 -F /nsm/bro/logs/current/http_eth5.log
844. 0.1 0.0 docker-containerd-shim e48987198190f16eb9299363bf6ba87381994a200006de215b582bd26e7f8a3a /var/run/docker/libcontainerd/e48987198190f16eb9299363bf6ba87381994a200006de215b582bd26e7f8a3a docker-runc
845. 0.1 0.0 /bin/sh /opt/start-elastalert.sh
846. 0.0 0.0 /sbin/init
847. 0.0 0.0 [kthreadd]
848. 0.0 0.0 [kworker/0:0H]
849. 0.0 0.0 [kworker/u128:0]
850. 0.0 0.0 [rcu_bh]
851. 0.0 0.0 [migration/0]
852. 0.0 0.0 [watchdog/0]
853. 0.0 0.0 [watchdog/1]
854. 0.0 0.0 [migration/1]
855. 0.0 0.0 [ksoftirqd/1]
856. 0.0 0.0 [kworker/1:0H]
857. 0.0 0.0 [watchdog/2]
858. 0.0 0.0 [migration/2]
859. 0.0 0.0 [ksoftirqd/2]
860. 0.0 0.0 [kworker/2:0H]
861. 0.0 0.0 [watchdog/3]
862. 0.0 0.0 [migration/3]
863. 0.0 0.0 [ksoftirqd/3]
864. 0.0 0.0 [kworker/3:0H]
865. 0.0 0.0 [watchdog/4]
866. 0.0 0.0 [migration/4]
867. 0.0 0.0 [ksoftirqd/4]
868. 0.0 0.0 [kworker/4:0H]
869. 0.0 0.0 [watchdog/5]
870. 0.0 0.0 [migration/5]
871. 0.0 0.0 [ksoftirqd/5]
872. 0.0 0.0 [kworker/5:0H]
873. 0.0 0.0 [watchdog/6]
874. 0.0 0.0 [migration/6]
875. 0.0 0.0 [ksoftirqd/6]
876. 0.0 0.0 [kworker/6:0H]
877. 0.0 0.0 [watchdog/7]
878. 0.0 0.0 [migration/7]
879. 0.0 0.0 [ksoftirqd/7]
880. 0.0 0.0 [kworker/7:0H]
881. 0.0 0.0 [watchdog/8]
882. 0.0 0.0 [migration/8]
883. 0.0 0.0 [ksoftirqd/8]
884. 0.0 0.0 [kworker/8:0]
885. 0.0 0.0 [kworker/8:0H]
886. 0.0 0.0 [watchdog/9]
887. 0.0 0.0 [migration/9]
888. 0.0 0.0 [ksoftirqd/9]
889. 0.0 0.0 [kworker/9:0H]
890. 0.0 0.0 [watchdog/10]
891. 0.0 0.0 [migration/10]
892. 0.0 0.0 [ksoftirqd/10]
893. 0.0 0.0 [kworker/10:0]
894. 0.0 0.0 [kworker/10:0H]
895. 0.0 0.0 [watchdog/11]
896. 0.0 0.0 [migration/11]
897. 0.0 0.0 [ksoftirqd/11]
898. 0.0 0.0 [kworker/11:0]
899. 0.0 0.0 [kworker/11:0H]
900. 0.0 0.0 [watchdog/12]
901. 0.0 0.0 [migration/12]
902. 0.0 0.0 [ksoftirqd/12]
903. 0.0 0.0 [kworker/12:0]
904. 0.0 0.0 [kworker/12:0H]
905. 0.0 0.0 [watchdog/13]
906. 0.0 0.0 [migration/13]
907. 0.0 0.0 [ksoftirqd/13]
908. 0.0 0.0 [kworker/13:0H]
909. 0.0 0.0 [watchdog/14]
910. 0.0 0.0 [migration/14]
911. 0.0 0.0 [ksoftirqd/14]
912. 0.0 0.0 [kworker/14:0]
913. 0.0 0.0 [kworker/14:0H]
914. 0.0 0.0 [watchdog/15]
915. 0.0 0.0 [migration/15]
916. 0.0 0.0 [ksoftirqd/15]
917. 0.0 0.0 [kworker/15:0H]
918. 0.0 0.0 [watchdog/16]
919. 0.0 0.0 [migration/16]
920. 0.0 0.0 [ksoftirqd/16]
921. 0.0 0.0 [kworker/16:0H]
922. 0.0 0.0 [watchdog/17]
923. 0.0 0.0 [migration/17]
924. 0.0 0.0 [ksoftirqd/17]
925. 0.0 0.0 [kworker/17:0H]
926. 0.0 0.0 [watchdog/18]
927. 0.0 0.0 [migration/18]
928. 0.0 0.0 [ksoftirqd/18]
929. 0.0 0.0 [kworker/18:0H]
930. 0.0 0.0 [watchdog/19]
931. 0.0 0.0 [migration/19]
932. 0.0 0.0 [ksoftirqd/19]
933. 0.0 0.0 [kworker/19:0H]
934. 0.0 0.0 [watchdog/20]
935. 0.0 0.0 [migration/20]
936. 0.0 0.0 [kworker/20:0H]
937. 0.0 0.0 [watchdog/21]
938. 0.0 0.0 [migration/21]
939. 0.0 0.0 [ksoftirqd/21]
940. 0.0 0.0 [kworker/21:0]
941. 0.0 0.0 [kworker/21:0H]
942. 0.0 0.0 [watchdog/22]
943. 0.0 0.0 [migration/22]
944. 0.0 0.0 [ksoftirqd/22]
945. 0.0 0.0 [kworker/22:0H]
946. 0.0 0.0 [watchdog/23]
947. 0.0 0.0 [migration/23]
948. 0.0 0.0 [ksoftirqd/23]
949. 0.0 0.0 [kworker/23:0H]
950. 0.0 0.0 [watchdog/24]
951. 0.0 0.0 [migration/24]
952. 0.0 0.0 [ksoftirqd/24]
953. 0.0 0.0 [kworker/24:0]
954. 0.0 0.0 [kworker/24:0H]
955. 0.0 0.0 [watchdog/25]
956. 0.0 0.0 [migration/25]
957. 0.0 0.0 [ksoftirqd/25]
958. 0.0 0.0 [kworker/25:0]
959. 0.0 0.0 [kworker/25:0H]
960. 0.0 0.0 [watchdog/26]
961. 0.0 0.0 [migration/26]
962. 0.0 0.0 [ksoftirqd/26]
963. 0.0 0.0 [kworker/26:0]
964. 0.0 0.0 [kworker/26:0H]
965. 0.0 0.0 [watchdog/27]
966. 0.0 0.0 [migration/27]
967. 0.0 0.0 [ksoftirqd/27]
968. 0.0 0.0 [kworker/27:0]
969. 0.0 0.0 [kworker/27:0H]
970. 0.0 0.0 [watchdog/28]
971. 0.0 0.0 [migration/28]
972. 0.0 0.0 [ksoftirqd/28]
973. 0.0 0.0 [kworker/28:0]
974. 0.0 0.0 [kworker/28:0H]
975. 0.0 0.0 [watchdog/29]
976. 0.0 0.0 [migration/29]
977. 0.0 0.0 [ksoftirqd/29]
978. 0.0 0.0 [kworker/29:0]
979. 0.0 0.0 [kworker/29:0H]
980. 0.0 0.0 [watchdog/30]
981. 0.0 0.0 [migration/30]
982. 0.0 0.0 [ksoftirqd/30]
983. 0.0 0.0 [kworker/30:0H]
984. 0.0 0.0 [watchdog/31]
985. 0.0 0.0 [migration/31]
986. 0.0 0.0 [ksoftirqd/31]
987. 0.0 0.0 [kworker/31:0]
988. 0.0 0.0 [kworker/31:0H]
989. 0.0 0.0 [kdevtmpfs]
990. 0.0 0.0 [netns]
991. 0.0 0.0 [perf]
992. 0.0 0.0 [khungtaskd]
993. 0.0 0.0 [writeback]
994. 0.0 0.0 [ksmd]
995. 0.0 0.0 [khugepaged]
996. 0.0 0.0 [crypto]
997. 0.0 0.0 [kintegrityd]
998. 0.0 0.0 [bioset]
999. 0.0 0.0 [kblockd]
1000. 0.0 0.0 [ata_sff]
1001. 0.0 0.0 [md]
1002. 0.0 0.0 [devfreq_wq]
1003. 0.0 0.0 [vmstat]
1004. 0.0 0.0 [fsnotify_mark]
1005. 0.0 0.0 [ecryptfs-kthrea]
1006. 0.0 0.0 [kthrotld]
1007. 0.0 0.0 [acpi_thermal_pm]
1008. 0.0 0.0 [bioset]
1009. 0.0 0.0 [bioset]
1010. 0.0 0.0 [bioset]
1011. 0.0 0.0 [bioset]
1012. 0.0 0.0 [bioset]
1013. 0.0 0.0 [bioset]
1014. 0.0 0.0 [bioset]
1015. 0.0 0.0 [bioset]
1016. 0.0 0.0 [scsi_eh_0]
1017. 0.0 0.0 [scsi_tmf_0]
1018. 0.0 0.0 [scsi_eh_1]
1019. 0.0 0.0 [scsi_tmf_1]
1020. 0.0 0.0 [ipv6_addrconf]
1021. 0.0 0.0 [deferwq]
1022. 0.0 0.0 [kworker/u128:1]
1023. 0.0 0.0 [charger_manager]
1024. 0.0 0.0 [kpsmoused]
1025. 0.0 0.0 [scsi_eh_2]
1026. 0.0 0.0 [scsi_tmf_2]
1027. 0.0 0.0 [bioset]
1028. 0.0 0.0 [bioset]
1029. 0.0 0.0 [bioset]
1030. 0.0 0.0 [bioset]
1031. 0.0 0.0 [bioset]
1032. 0.0 0.0 [bioset]
1033. 0.0 0.0 [ext4-rsv-conver]
1034. 0.0 0.0 [kworker/10:1H]
1035. 0.0 0.0 upstart-udev-bridge --daemon
1036. 0.0 0.0 /lib/systemd/systemd-udevd --daemon
1037. 0.0 0.0 [edac-poller]
1038. 0.0 0.0 [ext4-rsv-conver]
1039. 0.0 0.0 [kmpathd]
1040. 0.0 0.0 [kmpath_handlerd]
1041. 0.0 0.0 [kvm-irqfd-clean]
1042. 0.0 0.0 [kipmi0]
1043. 0.0 0.0 dbus-daemon --system --fork
1044. 0.0 0.0 [kworker/3:1H]
1045. 0.0 0.0 /lib/systemd/systemd-logind
1046. 0.0 0.0 avahi-daemon: running [SO-server.local]
1047. 0.0 0.0 avahi-daemon: chroot helper
1048. 0.0 0.0 /usr/sbin/bluetoothd
1049. 0.0 0.0 [krfcommd]
1050. 0.0 0.0 upstart-file-bridge --daemon
1051. 0.0 0.0 upstart-socket-bridge --daemon
1052. 0.0 0.0 [kworker/6:1H]
1053. 0.0 0.0 [kworker/4:1H]
1054. 0.0 0.0 /usr/sbin/ModemManager
1055. 0.0 0.0 /sbin/getty -8 38400 tty4
1056. 0.0 0.0 /sbin/getty -8 38400 tty5
1057. 0.0 0.0 /usr/bin/python /usr/bin/salt-minion
1058. 0.0 0.0 /sbin/getty -8 38400 tty2
1059. 0.0 0.0 /sbin/getty -8 38400 tty3
1060. 0.0 0.0 /usr/bin/python /usr/bin/salt-master
1061. 0.0 0.0 /sbin/getty -8 38400 tty6
1062. 0.0 0.0 NetworkManager
1063. 0.0 0.0 /usr/sbin/sshd -D
1064. 0.0 0.0 /usr/sbin/irqbalance
1065. 0.0 0.0 lightdm
1066. 0.0 0.0 cron
1067. 0.0 0.0 /usr/lib/policykit-1/polkitd --no-debug
1068. 0.0 0.0 /usr/sbin/cups-browsed
1069. 0.0 0.1 /usr/lib/xorg/Xorg -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
1070. 0.0 0.0 /usr/lib/accountsservice/accounts-daemon
1071. 0.0 0.0 [kworker/5:1H]
1072. 0.0 0.0 acpid -c /etc/acpi/events -s /var/run/acpid.socket
1073. 0.0 0.0 supervising syslog-ng
1074. 0.0 0.0 /usr/sbin/kerneloops
1075. 0.0 0.0 [kworker/17:1H]
1076. 0.0 0.0 /usr/bin/python /usr/bin/salt-minion
1077. 0.0 0.0 /var/ossec/bin/ossec-csyslogd
1078. 0.0 0.0 /var/ossec/bin/ossec-maild
1079. 0.0 0.0 /var/ossec/bin/ossec-execd
1080. 0.0 0.0 [kworker/13:1H]
1081. 0.0 0.0 /var/ossec/bin/ossec-logcollector
1082. 0.0 0.0 /var/ossec/bin/ossec-remoted
1083. 0.0 0.0 /usr/bin/python /usr/bin/salt-master
1084. 0.0 0.0 /usr/bin/python /usr/bin/salt-master
1085. 0.0 0.0 /usr/bin/python /usr/bin/salt-master
1086. 0.0 0.0 /usr/bin/python /usr/bin/salt-master
1087. 0.0 0.0 /usr/bin/python /usr/bin/salt-master
1088. 0.0 0.0 /usr/bin/python /usr/bin/salt-master
1089. 0.0 0.0 /usr/bin/python /usr/bin/salt-master
1090. 0.0 0.0 /usr/bin/python /usr/bin/salt-master
1091. 0.0 0.0 /usr/bin/python /usr/bin/salt-master
1092. 0.0 0.0 /var/ossec/bin/ossec-monitord
1093. 0.0 0.0 [kauditd]
1094. 0.0 0.0 [kworker/2:1H]
1095. 0.0 0.0 [kworker/7:1H]
1096. 0.0 0.0 [kworker/12:1H]
1097. 0.0 0.0 [kworker/9:1H]
1098. 0.0 0.0 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 117:126
1099. 0.0 0.0 /usr/sbin/apache2 -k start
1100. 0.0 0.0 /usr/sbin/apache2 -k start
1101. 0.0 0.0 /usr/sbin/apache2 -k start
1102. 0.0 0.0 /usr/sbin/apache2 -k start
1103. 0.0 0.0 /usr/sbin/apache2 -k start
1104. 0.0 0.0 /sbin/getty -8 38400 tty1
1105. 0.0 0.0 /usr/sbin/apache2 -k start
1106. 0.0 0.0 /usr/sbin/cupsd -f
1107. 0.0 0.0 [kworker/1:1H]
1108. 0.0 0.0 [kworker/18:1H]
1109. 0.0 0.0 su - SO-user -- /usr/bin/SO-userd -c /etc/nsm/securityonion/SO-userd.conf -a /etc/nsm/securityonion/autocat.conf -g /etc/nsm/securityonion/SO-userd.queries -A /etc/nsm/securityonion/SO-userd.access -C /etc/nsm/securityonion/certs
1110. 0.0 0.0 tclsh /usr/bin/SO-userd -c /etc/nsm/securityonion/SO-userd.conf -a /etc/nsm/securityonion/autocat.conf -g /etc/nsm/securityonion/SO-userd.queries -A /etc/nsm/securityonion/SO-userd.access -C /etc/nsm/securityonion/certs
1111. 0.0 0.0 tclsh /usr/bin/SO-userd -c /etc/nsm/securityonion/SO-userd.conf -a /etc/nsm/securityonion/autocat.conf -g /etc/nsm/securityonion/SO-userd.queries -A /etc/nsm/securityonion/SO-userd.access -C /etc/nsm/securityonion/certs
1112. 0.0 0.0 su - SO-user -- /usr/bin/ossec_agent.tcl -o -f /var/ossec/logs/alerts/alerts.log -i X.X.X.X -p 5 -c /etc/nsm/ossec/ossec_agent.conf
1113. 0.0 0.0 tclsh /usr/bin/ossec_agent.tcl -o -f /var/ossec/logs/alerts/alerts.log -i X.X.X.X -p 5 -c /etc/nsm/ossec/ossec_agent.conf
1114. 0.0 0.0 [kworker/14:1H]
1115. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -U .status -p broctl -p broctl-live -p local -p manager local.bro broctl base/frameworks/cluster local-manager.bro broctl/auto
1116. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -U .status -p broctl -p broctl-live -p local -p proxy local.bro broctl base/frameworks/cluster local-proxy broctl/auto
1117. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-1 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1118. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-2 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1119. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-5 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1120. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-4 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1121. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-3 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1122. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-6 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1123. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-7 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1124. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-9 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1125. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-8 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1126. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-10 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1127. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-11 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1128. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-12 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1129. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-14 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1130. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-13 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1131. 0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-15 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1132. 0.0 0.1 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-13 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1133. 0.0 0.1 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-8 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1134. 0.0 0.1 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-15 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1135. 0.0 0.1 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-5 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1136. 0.0 0.1 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-9 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1137. 0.0 0.1 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-2 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1138. 0.0 0.1 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-1 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1139. 0.0 0.1 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-4 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1140. 0.0 0.1 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-14 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1141. 0.0 0.1 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-10 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1142. 0.0 0.1 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-11 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1143. 0.0 0.1 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-6 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1144. 0.0 0.1 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-7 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1145. 0.0 0.1 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-3 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1146. 0.0 0.1 /opt/bro/bin/bro -i eth5 -U .status -p broctl -p broctl-live -p local -p securityonion-eth5-12 local.bro broctl base/frameworks/cluster local-worker.bro broctl/auto
1147. 0.0 0.0 [kworker/11:1H]
1148. 0.0 0.0 tail -n 0 -F /var/ossec/logs/alerts/alerts.log
1149. 0.0 0.0 su - SO-user -- /usr/bin/pcap_agent.tcl -c /etc/nsm/securityonion-eth5/pcap_agent.conf
1150. 0.0 0.0 tclsh /usr/bin/pcap_agent.tcl -c /etc/nsm/securityonion-eth5/pcap_agent.conf
1151. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-1.conf
1152. 0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-1.conf
1153. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/securityonion-eth5/snort-1.stats
1154. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-2.conf
1155. 0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-2.conf
1156. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/securityonion-eth5/snort-2.stats
1157. 0.0 0.0 [kworker/27:1H]
1158. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-3.conf
1159. 0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-3.conf
1160. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/securityonion-eth5/snort-3.stats
1161. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-4.conf
1162. 0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-4.conf
1163. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/securityonion-eth5/snort-4.stats
1164. 0.0 0.0 [kworker/8:1H]
1165. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-5.conf
1166. 0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-5.conf
1167. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/securityonion-eth5/snort-5.stats
1168. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-6.conf
1169. 0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-6.conf
1170. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/securityonion-eth5/snort-6.stats
1171. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-7.conf
1172. 0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-7.conf
1173. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/securityonion-eth5/snort-7.stats
1174. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-8.conf
1175. 0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-8.conf
1176. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/securityonion-eth5/snort-8.stats
1177. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-9.conf
1178. 0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-9.conf
1179. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/securityonion-eth5/snort-9.stats
1180. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-10.conf
1181. 0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-10.conf
1182. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/securityonion-eth5/snort-10.stats
1183. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-11.conf
1184. 0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-11.conf
1185. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/securityonion-eth5/snort-11.stats
1186. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-12.conf
1187. 0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-12.conf
1188. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/securityonion-eth5/snort-12.stats
1189. 0.0 0.0 [kworker/28:1H]
1190. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-13.conf
1191. 0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-13.conf
1192. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/securityonion-eth5/snort-13.stats
1193. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-14.conf
1194. 0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-14.conf
1195. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/securityonion-eth5/snort-14.stats
1196. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-15.conf
1197. 0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/securityonion-eth5/snort_agent-15.conf
1198. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/securityonion-eth5/snort-15.stats
1199. 0.0 0.0 [kworker/31:1H]
1200. 0.0 0.0 [kworker/24:1H]
1201. 0.0 0.0 [kworker/22:1H]
1202. 0.0 0.0 su - SO-user -- /usr/bin/http_agent.tcl -c /etc/nsm/securityonion-eth5/http_agent.conf -e /etc/nsm/securityonion-eth5/http_agent.exclude -f /nsm/bro/logs/current/http_eth5.log
1203. 0.0 0.0 [kworker/19:1H]
1204. 0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 10004 -container-ip X.X.X.X -container-port 10004
1205. 0.0 0.0 docker-containerd-shim 949e6698dea7ba79f467f5b19f3a2660937c4604c021a45525fba74af0604021 /var/run/docker/libcontainerd/949e6698dea7ba79f467f5b19f3a2660937c4604c021a45525fba74af0604021 docker-runc
1206. 0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 20000 -container-ip X.X.X.X -container-port 20000
1207. 0.0 0.0 docker-containerd-shim 609c9bcb5a9a0e635472627377480418fae6ce97437ea5371bcd7404607c1f66 /var/run/docker/libcontainerd/609c9bcb5a9a0e635472627377480418fae6ce97437ea5371bcd7404607c1f66 docker-runc
1208. 0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 9300 -container-ip X.X.X.X -container-port 9300
1209. 0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 9200 -container-ip X.X.X.X -container-port 9200
1210. 0.0 0.0 docker-containerd-shim 81abd74f44d8245556d59793e662931953a6579264cbb751cc3d55e685d08866 /var/run/docker/libcontainerd/81abd74f44d8245556d59793e662931953a6579264cbb751cc3d55e685d08866 docker-runc
1211. 0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 6053 -container-ip X.X.X.X -container-port 6053
1212. 0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 6052 -container-ip X.X.X.X -container-port 6052
1213. 0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 6051 -container-ip X.X.X.X -container-port 6051
1214. 0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 6050 -container-ip X.X.X.X -container-port 6050
1215. 0.0 0.0 docker-containerd-shim 123d773694200c1b0da1662345a5b349b0487a6cee748f76b595d6ae9f8e4977 /var/run/docker/libcontainerd/123d773694200c1b0da1662345a5b349b0487a6cee748f76b595d6ae9f8e4977 docker-runc
1216. 0.0 0.0 [kworker/15:1H]
1217. 0.0 0.0 [kworker/26:1H]
1218. 0.0 0.0 [kworker/25:1H]
1219. 0.0 0.0 [kworker/29:1H]
1220. 0.0 0.0 [kworker/30:1H]
1221. 0.0 0.0 sshd: SO-user [priv]
1222. 0.0 0.0 [kworker/23:1H]
1223. 0.0 0.0 sshd: SO-user@pts/1
1224. 0.0 0.0 -bash
1225. 0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 5601 -container-ip X.X.X.X -container-port 5601
1226. 0.0 0.0 docker-containerd-shim f62e3a514bd009178f948dec9feb6c1cc7c14f41d4e2c23b456dbb747511a40e /var/run/docker/libcontainerd/f62e3a514bd009178f948dec9feb6c1cc7c14f41d4e2c23b456dbb747511a40e docker-runc
1227. 0.0 0.0 docker-containerd-shim 310badede7252463b052496e32ce744d54ed89982b3e7d62a51829fcf1b75b2c /var/run/docker/libcontainerd/310badede7252463b052496e32ce744d54ed89982b3e7d62a51829fcf1b75b2c docker-runc
1228. 0.0 0.0 /bin/bash
1229. 0.0 0.0 su
1230. 0.0 0.0 bash
1231. 0.0 0.0 [kworker/0:1H]
1232. 0.0 0.0 [kworker/16:1H]
1233. 0.0 0.0 /usr/sbin/apache2 -k start
1234. 0.0 0.0 /usr/sbin/apache2 -k start
1235. 0.0 0.0 /usr/sbin/apache2 -k start
1236. 0.0 0.0 /usr/sbin/apache2 -k start
1237. 0.0 0.0 [kworker/21:1H]
1238. 0.0 0.0 [kworker/20:1H]
1239. 0.0 0.0 lightdm --session-child 12 21
1240. 0.0 0.0 /usr/bin/gnome-keyring-daemon --daemonize --login
1241. 0.0 0.0 init --user
1242. 0.0 0.0 dbus-daemon --fork --session --address=unix:abstract=/tmp/dbus-102J1iuxlt
1243. 0.0 0.0 upstart-event-bridge
1244. 0.0 0.0 upstart-dbus-bridge --daemon --system --user --bus-name system
1245. 0.0 0.0 upstart-dbus-bridge --daemon --session --user --bus-name session
1246. 0.0 0.0 upstart-file-bridge --daemon --user
1247. 0.0 0.0 /bin/sh /etc/xdg/xfce4/xinitrc -- /etc/X11/xinit/xserverrc
1248. 0.0 0.0 xfce4-session
1249. 0.0 0.0 /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
1250. 0.0 0.0 /usr/bin/ssh-agent -s
1251. 0.0 0.0 xfwm4
1252. 0.0 0.0 xfce4-panel
1253. 0.0 0.0 Thunar --daemon
1254. 0.0 0.0 xfdesktop
1255. 0.0 0.0 /usr/bin/python /usr/share/system-config-printer/applet.py
1256. 0.0 0.0 update-notifier
1257. 0.0 0.1 /usr/bin/python /usr/bin/blueman-applet
1258. 0.0 0.0 /usr/lib/x86_64-linux-gnu/indicator-power/indicator-power-service
1259. 0.0 0.0 light-locker
1260. 0.0 0.0 nm-applet
1261. 0.0 0.0 /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
1262. 0.0 0.0 /usr/lib/x86_64-linux-gnu/indicator-application/indicator-application-service
1263. 0.0 0.0 /usr/lib/gvfs/gvfsd
1264. 0.0 0.0 xfsettingsd
1265. 0.0 0.0 xfce4-power-manager
1266. 0.0 0.0 xfce4-volumed
1267. 0.0 0.0 /usr/lib/upower/upowerd
1268. 0.0 0.0 /usr/lib/gvfs/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
1269. 0.0 0.0 /usr/bin/pulseaudio --start --log-target=syslog
1270. 0.0 0.0 /usr/lib/rtkit/rtkit-daemon
1271. 0.0 0.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libwhiskermenu.so 1 12582944 whiskermenu Whisker Menu Show a menu to easily access installed applications
1272. 0.0 0.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 4 12582945 systray Notification Area Area where notification icons appear
1273. 0.0 0.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libindicator-plugin.so 5 12582946 indicator Indicator Plugin Provides a panel area for Unity indicators. Indicators allow applications and system services to display their status and interact with the user.
1274. 0.0 0.0 init --user --startup-event indicator-services-start
1275. 0.0 0.0 /usr/lib/x86_64-linux-gnu/indicator-messages/indicator-messages-service
1276. 0.0 0.0 /usr/lib/gvfs/gvfs-udisks2-volume-monitor
1277. 0.0 0.0 /usr/lib/udisks2/udisksd --no-debug
1278. 0.0 0.0 /usr/lib/x86_64-linux-gnu/gconf/gconfd-2
1279. 0.0 0.0 sshd: SO-user [priv]
1280. 0.0 0.0 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
1281. 0.0 0.0 /usr/lib/gvfs/gvfs-afc-volume-monitor
1282. 0.0 0.0 /usr/lib/gvfs/gvfs-mtp-volume-monitor
1283. 0.0 0.0 /usr/lib/gvfs/gvfsd-trash --spawner :1.15 /org/gtk/gvfs/exec_spaw/0
1284. 0.0 0.0 /usr/bin/obex-data-server --no-daemon
1285. 0.0 0.0 sshd: SO-user@pts/7
1286. 0.0 0.0 -bash
1287. 0.0 0.0 su
1288. 0.0 0.0 bash
1289. 0.0 0.0 [kworker/20:2]
1290. 0.0 0.1 /usr/lib/xorg/Xorg -core :1 -seat seat0 -auth /var/run/lightdm/root/:1 -nolisten tcp vt8 -novtswitch
1291. 0.0 0.0 lightdm --session-child 17 22
1292. 0.0 0.0 /bin/sh /usr/lib/lightdm/lightdm-greeter-session /usr/sbin/lightdm-gtk-greeter
1293. 0.0 0.0 //bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
1294. 0.0 0.0 /usr/sbin/lightdm-gtk-greeter
1295. 0.0 0.0 /usr/lib/at-spi2-core/at-spi-bus-launcher
1296. 0.0 0.0 /bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork --print-address 3
1297. 0.0 0.0 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
1298. 0.0 0.0 /usr/lib/gvfs/gvfsd
1299. 0.0 0.0 /usr/lib/gvfs/gvfsd-fuse /run/user/112/gvfs -f -o big_writes
1300. 0.0 0.0 lightdm --session-child 13 22
1301. 0.0 0.0 [kworker/1:2]
1302. 0.0 0.0 [kworker/16:0]
1303. 0.0 0.0 /usr/sbin/apache2 -k start
1304. 0.0 0.0 [kworker/19:0]
1305. 0.0 0.0 [kworker/18:1]
1306. 0.0 0.0 [kworker/4:1]
1307. 0.0 0.0 [kworker/22:0]
1308. 0.0 0.0 [kworker/2:2]
1309. 0.0 0.0 [kworker/u130:2]
1310. 0.0 0.0 [kworker/13:2]
1311. 0.0 0.0 [kworker/3:2]
1312. 0.0 0.0 [kworker/u130:1]
1313. 0.0 0.0 [kworker/17:0]
1314. 0.0 0.0 [kworker/5:2]
1315. 0.0 0.0 [kworker/u130:0]
1316. 0.0 0.0 [kworker/1:0]
1317. 0.0 0.0 [kworker/6:1]
1318. 0.0 0.0 /bin/bash /usr/sbin/sostat-redacted
1319. 0.0 0.0 /bin/bash /usr/sbin/sostat
1320. 0.0 0.0 sleep 1
1321. 0.0 0.0 ps -eo pcpu,pmem,args --sort -pcpu
1322.  
1323. =========================================================================
1324. Packets received during last monitoring interval (600 seconds)
1325. =========================================================================
1326.  
1327. eth5: 25155129
1328.  
1329. =========================================================================
1330. Packet Loss Stats
1331. =========================================================================
1332.  
1333. NIC:
1334.  
1335. eth5:
1336.  
1337. RX packets:225934055 dropped:0 TX packets:0 dropped:0
1338.  
1339. -------------------------------------------------------------------------
1340.  
1341. pf_ring:
1342.  
1343. Appl. Name : bro-eth5
1344. Tot Packets : 14674880
1345. Tot Pkt Lost : 0
1346.  
1347.  
1348. Appl. Name : bro-eth5
1349. Tot Packets : 14441597
1350. Tot Pkt Lost : 0
1351.  
1352.  
1353. Appl. Name : bro-eth5
1354. Tot Packets : 11651421
1355. Tot Pkt Lost : 0
1356.  
1357.  
1358. Appl. Name : bro-eth5
1359. Tot Packets : 12390514
1360. Tot Pkt Lost : 0
1361.  
1362.  
1363. Appl. Name : bro-eth5
1364. Tot Packets : 11015484
1365. Tot Pkt Lost : 0
1366.  
1367.  
1368. Appl. Name : bro-eth5
1369. Tot Packets : 10333591
1370. Tot Pkt Lost : 0
1371.  
1372.  
1373. Appl. Name : bro-eth5
1374. Tot Packets : 14135288
1375. Tot Pkt Lost : 0
1376.  
1377.  
1378. Appl. Name : bro-eth5
1379. Tot Packets : 13772934
1380. Tot Pkt Lost : 0
1381.  
1382.  
1383. Appl. Name : bro-eth5
1384. Tot Packets : 14267720
1385. Tot Pkt Lost : 0
1386.  
1387.  
1388. Appl. Name : bro-eth5
1389. Tot Packets : 16884773
1390. Tot Pkt Lost : 0
1391.  
1392.  
1393. Appl. Name : bro-eth5
1394. Tot Packets : 12403044
1395. Tot Pkt Lost : 0
1396.  
1397.  
1398. Appl. Name : bro-eth5
1399. Tot Packets : 10375336
1400. Tot Pkt Lost : 0
1401.  
1402.  
1403. Appl. Name : bro-eth5
1404. Tot Packets : 10462557
1405. Tot Pkt Lost : 0
1406.  
1407.  
1408. Appl. Name : bro-eth5
1409. Tot Packets : 12134321
1410. Tot Pkt Lost : 0
1411.  
1412.  
1413. Appl. Name : bro-eth5
1414. Tot Packets : 43224611
1415. Tot Pkt Lost : 0
1416.  
1417.  
1418. Appl. Name : snort-cluster-56-socket-0
1419. Tot Packets : 10561551
1420. Tot Pkt Lost : 482409
1421.  
1422.  
1423. Appl. Name : snort-cluster-56-socket-0
1424. Tot Packets : 13989676
1425. Tot Pkt Lost : 602354
1426.  
1427.  
1428. Appl. Name : snort-cluster-56-socket-0
1429. Tot Packets : 12383340
1430. Tot Pkt Lost : 1139819
1431.  
1432.  
1433. Appl. Name : snort-cluster-56-socket-0
1434. Tot Packets : 43117667
1435. Tot Pkt Lost : 2200083
1436.  
1437.  
1438. Appl. Name : snort-cluster-56-socket-0
1439. Tot Packets : 13704746
1440. Tot Pkt Lost : 887457
1441.  
1442.  
1443. Appl. Name : snort-cluster-56-socket-0
1444. Tot Packets : 14623414
1445. Tot Pkt Lost : 1767633
1446.  
1447.  
1448. Appl. Name : snort-cluster-56-socket-0
1449. Tot Packets : 14414443
1450. Tot Pkt Lost : 2041826
1451.  
1452.  
1453. Appl. Name : snort-cluster-56-socket-0
1454. Tot Packets : 11023521
1455. Tot Pkt Lost : 123622
1456.  
1457.  
1458. Appl. Name : snort-cluster-56-socket-0
1459. Tot Packets : 10218650
1460. Tot Pkt Lost : 427547
1461.  
1462.  
1463. Appl. Name : snort-cluster-56-socket-0
1464. Tot Packets : 11887195
1465. Tot Pkt Lost : 118050
1466.  
1467.  
1468. Appl. Name : snort-cluster-56-socket-0
1469. Tot Packets : 16720116
1470. Tot Pkt Lost : 2314997
1471.  
1472.  
1473. Appl. Name : snort-cluster-56-socket-0
1474. Tot Packets : 10244401
1475. Tot Pkt Lost : 126094
1476.  
1477.  
1478. Appl. Name : snort-cluster-56-socket-0
1479. Tot Packets : 13762091
1480. Tot Pkt Lost : 963874
1481.  
1482.  
1483. Appl. Name : snort-cluster-56-socket-0
1484. Tot Packets : 11510314
1485. Tot Pkt Lost : 31979
1486.  
1487.  
1488. Appl. Name : snort-cluster-56-socket-0
1489. Tot Packets : 12184142
1490. Tot Pkt Lost : 117871
1491.  
1492. -------------------------------------------------------------------------
1493.  
1494. IDS Engine (snort) packet drops:
1495.  
1496. /nsm/sensor_data/securityonion-eth5/snort-10.stats last reported pkt_drop_percent as 0.000
1497. /nsm/sensor_data/securityonion-eth5/snort-11.stats last reported pkt_drop_percent as 0.000
1498. /nsm/sensor_data/securityonion-eth5/snort-12.stats last reported pkt_drop_percent as 0.000
1499. /nsm/sensor_data/securityonion-eth5/snort-13.stats last reported pkt_drop_percent as 0.443
1500. /nsm/sensor_data/securityonion-eth5/snort-14.stats last reported pkt_drop_percent as 0.000
1501. /nsm/sensor_data/securityonion-eth5/snort-15.stats last reported pkt_drop_percent as 2.276
1502. /nsm/sensor_data/securityonion-eth5/snort-1.stats last reported pkt_drop_percent as 0.029
1503. /nsm/sensor_data/securityonion-eth5/snort-2.stats last reported pkt_drop_percent as 0.129
1504. /nsm/sensor_data/securityonion-eth5/snort-3.stats last reported pkt_drop_percent as 0.000
1505. /nsm/sensor_data/securityonion-eth5/snort-4.stats last reported pkt_drop_percent as 0.684
1506. /nsm/sensor_data/securityonion-eth5/snort-5.stats last reported pkt_drop_percent as 2.530
1507. /nsm/sensor_data/securityonion-eth5/snort-6.stats last reported pkt_drop_percent as 0.958
1508. /nsm/sensor_data/securityonion-eth5/snort-7.stats last reported pkt_drop_percent as 4.045
1509. /nsm/sensor_data/securityonion-eth5/snort-8.stats last reported pkt_drop_percent as 2.222
1510. /nsm/sensor_data/securityonion-eth5/snort-9.stats last reported pkt_drop_percent as 1.639
1511. -------------------------------------------------------------------------
1512.  
1513. Bro:
1514.  
1515. Average packet loss as percent across all Bro workers: 0.000000
1516.  
1517. securityonion-eth5-1: 1505827637.610031 recvd=14677896 dropped=0 link=14677896
1518. securityonion-eth5-2: 1505827639.907888 recvd=14471795 dropped=0 link=14471795
1519. securityonion-eth5-3: 1505827642.913935 recvd=11658939 dropped=0 link=11658939
1520. securityonion-eth5-4: 1505827644.116536 recvd=11023921 dropped=0 link=11023921
1521. securityonion-eth5-5: 1505827645.118083 recvd=12416561 dropped=0 link=12416561
1522. securityonion-eth5-6: 1505827646.120856 recvd=10341181 dropped=0 link=10341181
1523. securityonion-eth5-7: 1505827647.122667 recvd=14158557 dropped=0 link=14158557
1524. securityonion-eth5-8: 1505827648.326707 recvd=14284727 dropped=0 link=14284727
1525. securityonion-eth5-9: 1505827649.931020 recvd=13789856 dropped=0 link=13789856
1526. securityonion-eth5-10: 1505827650.934033 recvd=10398417 dropped=0 link=10398417
1527. securityonion-eth5-11: 1505827651.460123 recvd=16922816 dropped=0 link=16922816
1528. securityonion-eth5-12: 1505827652.363852 recvd=12448316 dropped=0 link=12448316
1529. securityonion-eth5-13: 1505827656.345810 recvd=10502061 dropped=0 link=10502061
1530. securityonion-eth5-14: 1505827658.149342 recvd=12156907 dropped=0 link=12156907
1531. securityonion-eth5-15: 1505827659.151160 recvd=43269547 dropped=0 link=43269547
1532.  
1533. Capture Loss:
1534.  
1535. securityonion-eth5-10 0.003343
1536. securityonion-eth5-1 0.000551
1537. securityonion-eth5-11 0.003944
1538. securityonion-eth5-12 0.033575
1539. securityonion-eth5-13 0.0264
1540. securityonion-eth5-14 0.002065
1541. securityonion-eth5-15 0.001718
1542. securityonion-eth5-2 0.002293
1543. securityonion-eth5-3 0.001227
1544. securityonion-eth5-4 0.001813
1545. securityonion-eth5-5 0.004762
1546. securityonion-eth5-6 0.001512
1547. securityonion-eth5-7 0.014542
1548. securityonion-eth5-8 0.001326
1549. securityonion-eth5-9 0.009635
1550.  
1551. If you are seeing capture loss without dropped packets, this
1552. may indicate that an upstream device is dropping packets (tap or SPAN port).
1553.  
1554. -------------------------------------------------------------------------
1555.  
1556. Netsniff-NG:
1557.  
1558.  
1559. Percentage of packets dropped:
1560.  
1561. /var/log/nsm/securityonion-eth5/netsniff-ng.log --
1562.  
1563.  
1564. =========================================================================
1565. PF_RING
1566. =========================================================================
1567. PF_RING Version : 6.6.0 (unknown)
1568. Total rings : 30
1569.  
1570. Standard (non ZC) Options
1571. Ring slots : 4096
1572. Slot version : 16
1573. Capture TX : Yes [RX+TX]
1574. IP Defragment : No
1575. Socket Mode : Standard
1576. Cluster Fragment Queue : 0
1577. Cluster Fragment Discard : 0
1578.  
1579. =========================================================================
1580. Log Archive
1581. =========================================================================
1582. /nsm/sensor_data/securityonion-eth0/dailylogs/ - 0 days
1583. 4,0K .
1584.  
1585. /nsm/sensor_data/securityonion-eth1/dailylogs/ - 0 days
1586. 4,0K .
1587.  
1588. /nsm/sensor_data/securityonion-eth2/dailylogs/ - 0 days
1589. 4,0K .
1590.  
1591. /nsm/sensor_data/securityonion-eth3/dailylogs/ - 0 days
1592. 4,0K .
1593.  
1594. /nsm/sensor_data/securityonion-eth4/dailylogs/ - 0 days
1595. 4,0K .
1596.  
1597. /nsm/sensor_data/securityonion-eth5/dailylogs/ - 2 days
1598. 244G .
1599. 85G ./2017-09-18
1600. 159G ./2017-09-19
1601.  
1602. /nsm/bro/logs/ - 2 days
1603. 198M .
1604. 118M ./2017-09-18
1605. 80M ./2017-09-19
1606. 880K ./stats
1607.  
1608. =========================================================================
1609. Sguil Uncategorized Events
1610. =========================================================================
1611. COUNT(*)
1612. 104508
1613.  
1614. =========================================================================
1615. Sguil events summary for yesterday
1616. =========================================================================
1617. Totals GenID:SigID Signature
1618. 16860 1:2015898 ET INFO Suspicious Windows NT version 1 User-Agent
1619. 16270 1:2101411 GPL SNMP public access udp
1620. 4056 1:2100480 GPL ICMP_INFO PING speedera
1621. 4056 1:2100368 GPL ICMP_INFO PING BSDtype
1622. 4056 1:2100366 GPL ICMP_INFO PING *NIX
1623. 3537 1:2008120 ET TFTP Outbound TFTP Read Request
1624. 1535 1:2000419 ET POLICY PE EXE or DLL Windows file download
1625. 550 1:2013222 ET SHELLCODE Excessive Use of HeapLib Objects Likely Malicious Heap Spray Attempt
1626. 509 1:2009702 ET POLICY DNS Update From External net
1627. 258 1:2012086 ET SHELLCODE Possible Call with No Offset TCP Shellcode
1628. 200 1:2014726 ET POLICY Outdated Windows Flash Version IE
1629. 182 1:2015744 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
1630. 172 1:2102650 GPL SQL user name buffer overflow attempt
1631. 120 1:2016149 ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
1632. 120 1:2017282 ET INFO Microsoft Script Encoder Encoded File
1633. 99 1:2016150 ET INFO Session Traversal Utilities for NAT (STUN Binding Response)
1634. 99 1:2006380 ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted
1635. 58 1:2010936 ET POLICY Suspicious inbound to Oracle SQL port 1521
1636. 54 1:2101201 GPL WEB_SERVER 403 Forbidden
1637. 53 1:2006402 ET POLICY Incoming Basic Auth Base64 HTTP Password detected unencrypted
1638. 50 1:2101390 GPL SHELLCODE x86 inc ebx NOOP
1639. 48 1:2014819 ET INFO Packed Executable Download
1640. 44 1:2012087 ET SHELLCODE Possible Call with No Offset UDP Shellcode
1641. 40 1:2010517 ET WEB_SERVER Possible HTTP 404 XSS Attempt (Local Source)
1642. 37 1:2016360 ET INFO JAVA - ClassID
1643. 32 1:2019401 ET POLICY Vulnerable Java Version 1.8.x Detected
1644. 32 1:2013273 ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 41414141
1645. 30 1:2008581 ET P2P BitTorrent DHT ping request
1646. 29 1:2019707 ET WEB_CLIENT GENERIC VB ShellExecute Function Inside of VBSCRIPT tag
1647. 25 1:2002157 ET CHAT Skype User-Agent detected
1648. 22 1:2014920 ET POLICY Microsoft Online Storage Client Hello TLSv1 Possible SkyDrive (2)
1649. 22 1:2014919 ET POLICY Microsoft Online Storage Client Hello TLSv1 Possible SkyDrive (1)
1650. 20 1:2015561 ET INFO PDF Using CCITTFax Filter
1651. 20 1:2012888 ET POLICY Http Client Body contains pwd= in cleartext
1652. 19 1:2000418 ET POLICY Executable and linking format (ELF) file download
1653. 16 1:2015743 ET INFO Revoked Adobe Code Signing Certificate Seen
1654. 16 1:2011582 ET POLICY Vulnerable Java Version 1.6.x Detected
1655. 15 1:2010935 ET POLICY Suspicious inbound to MSSQL port 1433
1656. 15 1:2101892 GPL SNMP null community string attempt
1657. 15 1:2103003 GPL NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt
1658. 14 1:2014520 ET INFO EXE - Served Attached HTTP
1659. 14 1:2002878 ET POLICY iTunes User Agent
1660. 12 1:2001343 ET WEB_SERVER IIS ASP.net Auth Bypass / Canonicalization % 5 C
1661. 11 1:2100651 GPL SHELLCODE x86 stealth NOOP
1662. 10 1:2102466 GPL NETBIOS SMB-DS IPC$ unicode share access
1663. 8 1:2013505 ET POLICY GNU/Linux YUM User-Agent Outbound likely related to package management
1664. 8 1:2014297 ET POLICY Vulnerable Java Version 1.7.x Detected
1665. 8 1:2102314 GPL SHELLCODE x86 0x90 NOOP unicode
1666. 5 1:2001329 ET POLICY RDP connection request
1667. 5 1:2001330 ET POLICY RDP connection confirm
1668. 3 1:2016104 ET TROJAN DNS Reply for unallocated address space - Potentially Malicious X.X.X.X/24
1669. 3 1:2013410 ET POLICY Outbound MSSQL Connection to Standard port (1433)
1670. 3 1:2100230 GPL CHAT Jabber/Google Talk Outgoing Traffic
1671. 3 1:2001239 ET POLICY Cisco Device in Config Mode
1672. 2 1:2002327 ET CHAT Google Talk (Jabber) Client Login
1673. 2 1:2001240 ET POLICY Cisco Device New Config Built
1674. 2 1:2016670 ET WEB_SERVER SQL Errors in HTTP 200 Response (SqlException)
1675. 2 1:2012887 ET POLICY Http Client Body contains pass= in cleartext
1676. 2 1:2019584 ET TROJAN CORESHELL Malware Response from server
1677. 2 1:2100232 GPL CHAT Google Talk Logon
1678. 2 1:2010937 ET POLICY Suspicious inbound to mySQL port 3306
1679. 2 1:2002334 ET CHAT Google IM traffic Jabber client sign-on
1680. 2 1:2013031 ET POLICY Python-urllib/ Suspicious User Agent
1681. 2 1:2522827 ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 414
1682. 1 1:2012709 ET POLICY MS Remote Desktop Administrator Login Request
1683. 1 1:2003310 ET P2P Edonkey Publicize File
1684. 1 1:2012247 ET P2P BTWebClient UA uTorrent in use
1685. 1 1:2018959 ET POLICY PE EXE or DLL Windows file download HTTP
1686. 1 1:2003317 ET P2P Edonkey Search Request (any type file)
1687. 1 1:2014169 ET POLICY DNS Query for .su TLD (Soviet Union) Often Malware Related
1688. 1 1:2008052 ET MALWARE User-Agent (Internet Explorer)
1689. 1 1:2000340 ET P2P Kaaza Media desktop p2pnetworking.exe Activity
1690. 1 1:2002945 ET POLICY Java Url Lib User Agent Web Crawl
1691. Total
1692. 53527
1693.  
1694. =========================================================================
1695. Top 50 All time Sguil Events
1696. =========================================================================
1697. Totals GenID:SigID Signature
1698. 34314 1:2101411 GPL SNMP public access udp
1699. 30837 1:2015898 ET INFO Suspicious Windows NT version 1 User-Agent
1700. 7848 1:2100368 GPL ICMP_INFO PING BSDtype
1701. 7846 1:2100366 GPL ICMP_INFO PING *NIX
1702. 7842 1:2100480 GPL ICMP_INFO PING speedera
1703. 7088 1:2008120 ET TFTP Outbound TFTP Read Request
1704. 2004 1:2000419 ET POLICY PE EXE or DLL Windows file download
1705. 943 1:2009702 ET POLICY DNS Update From External net
1706. 679 1:2013222 ET SHELLCODE Excessive Use of HeapLib Objects Likely Malicious Heap Spray Attempt
1707. 544 1:2012086 ET SHELLCODE Possible Call with No Offset TCP Shellcode
1708. 482 1:2016149 ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
1709. 449 1:2102650 GPL SQL user name buffer overflow attempt
1710. 406 1:2014726 ET POLICY Outdated Windows Flash Version IE
1711. 381 1:2016150 ET INFO Session Traversal Utilities for NAT (STUN Binding Response)
1712. 189 1:2003068 ET SCAN Potential SSH Scan OUTBOUND
1713. 187 1:2006380 ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted
1714. 182 1:2015744 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
1715. 168 1:2017282 ET INFO Microsoft Script Encoder Encoded File
1716. 160 1:2101201 GPL WEB_SERVER 403 Forbidden
1717. 148 1:2102649 GPL SQL service_name buffer overflow attempt
1718. 125 1:2019707 ET WEB_CLIENT GENERIC VB ShellExecute Function Inside of VBSCRIPT tag
1719. 101 1:2010936 ET POLICY Suspicious inbound to Oracle SQL port 1521
1720. 100 1:2101424 GPL SHELLCODE x86 0xEB0C NOOP
1721. 98 1:2019401 ET POLICY Vulnerable Java Version 1.8.x Detected
1722. 92 1:2006402 ET POLICY Incoming Basic Auth Base64 HTTP Password detected unencrypted
1723. 78 1:2101390 GPL SHELLCODE x86 inc ebx NOOP
1724. 60 1:2008581 ET P2P BitTorrent DHT ping request
1725. 60 1:2014919 ET POLICY Microsoft Online Storage Client Hello TLSv1 Possible SkyDrive (1)
1726. 60 1:2014920 ET POLICY Microsoft Online Storage Client Hello TLSv1 Possible SkyDrive (2)
1727. 57 1:2001219 ET SCAN Potential SSH Scan
1728. 48 1:2014819 ET INFO Packed Executable Download
1729. 48 1:2015561 ET INFO PDF Using CCITTFax Filter
1730. 44 1:2002157 ET CHAT Skype User-Agent detected
1731. 44 1:2012087 ET SHELLCODE Possible Call with No Offset UDP Shellcode
1732. 41 1:2012888 ET POLICY Http Client Body contains pwd= in cleartext
1733. 40 1:2010517 ET WEB_SERVER Possible HTTP 404 XSS Attempt (Local Source)
1734. 38 1:2016360 ET INFO JAVA - ClassID
1735. 34 1:2010935 ET POLICY Suspicious inbound to MSSQL port 1433
1736. 32 1:2013273 ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 41414141
1737. 31 1:2000418 ET POLICY Executable and linking format (ELF) file download
1738. 30 1:2103003 GPL NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt
1739. 20 1:2011582 ET POLICY Vulnerable Java Version 1.6.x Detected
1740. 19 1:2102466 GPL NETBIOS SMB-DS IPC$ unicode share access
1741. 19 1:2001330 ET POLICY RDP connection confirm
1742. 18 1:2001329 ET POLICY RDP connection request
1743. 16 1:2101892 GPL SNMP null community string attempt
1744. 16 1:2015743 ET INFO Revoked Adobe Code Signing Certificate Seen
1745. 16 1:2012887 ET POLICY Http Client Body contains pass= in cleartext
1746. 16 1:2014297 ET POLICY Vulnerable Java Version 1.7.x Detected
1747. 15 1:2001343 ET WEB_SERVER IIS ASP.net Auth Bypass / Canonicalization % 5 C
1748. Total
1749. 104308
1750.  
1751. =========================================================================
1752. Top 50 URLs for yesterday
1753. =========================================================================
1754. Totals Signature
1755.  
1756. Total
1757. 370953
1758.  
1759. =========================================================================
1760. Last update
1761. =========================================================================
1762.  
1763. Start-Date: 2017-09-18 14:17:05
1764. End-Date: 2017-09-18 14:17:05
1765.  
1766. Start-Date: 2017-09-18 14:17:15
1767. Purge: ubiquity-frontend-gtk:amd64 (X.X.X.X)
1768. End-Date: 2017-09-18 14:17:15
1769.  
1770. Start-Date: 2017-09-18 14:17:16
1771. End-Date: 2017-09-18 14:17:16
1772.  
1773. =========================================================================
1774. Elasticsearch
1775. =========================================================================
1776.  
1777. Elasticsearch is running.
1778.  
1779. Cluster Name: "docker-cluster"
1780. Cluster Status: "green"
1781. Total Nodes: 1
1782. Failed Nodes: 0
1783. Total Indices: 1
1784. Total Shards: 1
1785. Total Documents: 530
1786. Total Size (in bytes): 0MB
1787. Free Memory: 1%
1788.  
1789. CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
1790. so-elasticsearch 2.37% 3.096GiB / 31.38GiB 9.87% 30.6kB / 59.6kB 160MB / 659MB 106
1791.  
1792. =========================================================================
1793. Logstash
1794. =========================================================================
1795.  
1796. Logstash is running.
1797.  
1798. CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
1799. so-logstash 4.36% 2.644GiB / 31.38GiB 8.42% 3.51MB / 134kB 1.4GB / 596MB 187
1800.  
1801. =========================================================================
1802. Kibana
1803. =========================================================================
1804.  
1805. Kibana is running.
1806.  
1807. CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
1808. so-kibana 0.00% 68.99MiB / 31.38GiB 0.21% 560kB / 563kB 75.5MB / 4.1kB 10
1809.  
1810. =========================================================================
1811. ElastAlert
1812. =========================================================================
1813.  
1814. ElastAlert is running.
1815.  
1816. CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
1817. so-elastalert 1.54% 544KiB / 31.38GiB 0.00% 2.53MB / 2.52MB 2.96MB / 0B 2
1818.  
1819. =========================================================================
1820. Curator
1821. =========================================================================
1822.  
1823. Curator is running.
1824.  
1825. CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
1826. so-curator 14.24% 6.559MiB / 31.38GiB 0.02% 96.2kB / 89.8kB 17.1MB / 0B 2
1827.  
1828. =========================================================================
1829. Freq Server
1830. =========================================================================
1831.  
1832. Freq_server is running.
1833.  
1834. CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
1835. so-freqserver 0.20% 3.742MiB / 31.38GiB 0.01% 12kB / 0B 14.1MB / 0B 2
1836. Testing freq_server now...
1837. Freq Server is working
1838.  
1839. =========================================================================
1840. Domain Stats
1841. =========================================================================
1842.  
1843. Domain_stats is running.
1844.  
1845. CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS
1846. so-domainstats 0.47% 313.9MiB / 31.38GiB 0.98% 10.6kB / 0B 26.3MB / 0B 2
1847. Testing domain_stats now...
1848. Domain_stats is working
1849.  
1850. =========================================================================
1851. Version Information
1852. =========================================================================
1853. Ubuntu 14.04.5 LTS
1854. securityonion-sostat 20120722-0ubuntu0securityonion74