API tools faq
paste
Advertisement
MarAag

sostat-redacted

MarAag
Jun 19th, 2019
64
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 32.40 KB | None | 0 0
raw download clone embed print report
  1. =========================================================================
  2. Service Status
  3. =========================================================================
  4. so-autossh is running:
  5. 4344 /usr/lib/autossh/autossh -M 0 -q -N -o ServerAliveInterval 60 -o ServerAliveCountMax 3 -o ExitOnForwardFailure yes -i /root/.ssh/securityonion -L 6050:localhost:6050 SO-user@X.X.X.X
  6. Status: HIDS
  7. * ossec_agent (SO-user)[ OK ]
  8. Status: Bro
  9. Name Type Host Status Pid Started
  10. logger logger localhost running 2892 19 Jun 19:58:00
  11. manager manager localhost running 3211 19 Jun 19:58:03
  12. proxy proxy localhost running 3405 19 Jun 19:58:05
  13. SO-server-ens224-1 worker localhost running 4066 19 Jun 19:58:08
  14. SO-server-ens224-2 worker localhost running 4068 19 Jun 19:58:08
  15. SO-server-ens224-3 worker localhost running 4070 19 Jun 19:58:08
  16. SO-server-ens224-4 worker localhost running 4072 19 Jun 19:58:08
  17. Status: SO-server-ens224
  18. * netsniff-ng (full packet data)[ OK ]
  19. * pcap_agent (SO-user)[ OK ]
  20. * snort_agent (SO-user)[ OK ]
  21. * suricata (alert data)[ OK ]
  22. * barnyard2 (spooler, unified2 format)[ OK ]
  23.  
  24. =========================================================================
  25. Interface Status
  26. =========================================================================
  27. br-c6bb3a338335 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  28. inet addr:X.X.X.X Bcast:X.X.X.X Mask:X.X.X.X
  29. UP BROADCAST MULTICAST MTU:1500 Metric:1
  30. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  31. TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  32. collisions:0 txqueuelen:0
  33. RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
  34.  
  35. docker0 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  36. inet addr:X.X.X.X Bcast:X.X.X.X Mask:X.X.X.X
  37. UP BROADCAST MULTICAST MTU:1500 Metric:1
  38. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  39. TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  40. collisions:0 txqueuelen:0
  41. RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
  42.  
  43. ens160 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  44. inet addr:X.X.X.X Bcast:X.X.X.X Mask:X.X.X.X
  45. inet6 addr: X.X.X.X/64 Scope:Link
  46. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  47. RX packets:50080 errors:0 dropped:0 overruns:0 frame:0
  48. TX packets:63590 errors:0 dropped:0 overruns:0 carrier:0
  49. collisions:0 txqueuelen:1000
  50. RX bytes:3944684 (3.9 MB) TX bytes:364501785 (364.5 MB)
  51.  
  52. ens192 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  53. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  54. RX packets:12082 errors:0 dropped:0 overruns:0 frame:0
  55. TX packets:187 errors:0 dropped:0 overruns:0 carrier:0
  56. collisions:0 txqueuelen:1000
  57. RX bytes:1477439 (1.4 MB) TX bytes:39250 (39.2 KB)
  58.  
  59. ens224 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  60. UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
  61. RX packets:50784979 errors:0 dropped:0 overruns:0 frame:0
  62. TX packets:184 errors:0 dropped:0 overruns:0 carrier:0
  63. collisions:0 txqueuelen:1000
  64. RX bytes:42771942591 (42.7 GB) TX bytes:38224 (38.2 KB)
  65.  
  66. ens256 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
  67. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  68. RX packets:12081 errors:0 dropped:0 overruns:0 frame:0
  69. TX packets:185 errors:0 dropped:0 overruns:0 carrier:0
  70. collisions:0 txqueuelen:1000
  71. RX bytes:1477943 (1.4 MB) TX bytes:38566 (38.5 KB)
  72.  
  73. lo Link encap:Local Loopback
  74. inet addr:X.X.X.X Mask:X.X.X.X
  75. inet6 addr: X.X.X.X/128 Scope:Host
  76. UP LOOPBACK RUNNING MTU:65536 Metric:1
  77. RX packets:547758 errors:0 dropped:0 overruns:0 frame:0
  78. TX packets:547758 errors:0 dropped:0 overruns:0 carrier:0
  79. collisions:0 txqueuelen:1000
  80. RX bytes:1274361446 (1.2 GB) TX bytes:1274361446 (1.2 GB)
  81.  
  82.  
  83. =========================================================================
  84. Link Statistics
  85. =========================================================================
  86. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
  87. link/loopback MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  88. RX: bytes packets errors dropped overrun mcast
  89. 1274361446 547758 0 0 0 0
  90. RX errors: length crc frame fifo missed
  91. 0 0 0 0 0
  92. TX: bytes packets errors dropped carrier collsns
  93. 1274361446 547758 0 0 0 0
  94. TX errors: aborted fifo window heartbeat transns
  95. 0 0 0 0 0
  96. 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
  97. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  98. RX: bytes packets errors dropped overrun mcast
  99. 3944684 50080 0 0 0 18
  100. RX errors: length crc frame fifo missed
  101. 0 0 0 0 0
  102. TX: bytes packets errors dropped carrier collsns
  103. 364501785 63590 0 0 0 0
  104. TX errors: aborted fifo window heartbeat transns
  105. 0 0 0 0 1
  106. 3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
  107. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  108. RX: bytes packets errors dropped overrun mcast
  109. 1477439 12082 0 0 0 0
  110. RX errors: length crc frame fifo missed
  111. 0 0 0 0 0
  112. TX: bytes packets errors dropped carrier collsns
  113. 39250 187 0 0 0 0
  114. TX errors: aborted fifo window heartbeat transns
  115. 0 0 0 0 1
  116. 4: ens224: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
  117. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  118. RX: bytes packets errors dropped overrun mcast
  119. 42771942591 50784979 0 0 0 82720
  120. RX errors: length crc frame fifo missed
  121. 0 0 0 0 0
  122. TX: bytes packets errors dropped carrier collsns
  123. 38224 184 0 0 0 0
  124. TX errors: aborted fifo window heartbeat transns
  125. 0 0 0 0 1
  126. 5: ens256: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
  127. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  128. RX: bytes packets errors dropped overrun mcast
  129. 1477943 12081 0 0 0 0
  130. RX errors: length crc frame fifo missed
  131. 0 0 0 0 0
  132. TX: bytes packets errors dropped carrier collsns
  133. 38566 185 0 0 0 0
  134. TX errors: aborted fifo window heartbeat transns
  135. 0 0 0 0 1
  136. 6: br-c6bb3a338335: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
  137. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  138. RX: bytes packets errors dropped overrun mcast
  139. 0 0 0 0 0 0
  140. RX errors: length crc frame fifo missed
  141. 0 0 0 0 0
  142. TX: bytes packets errors dropped carrier collsns
  143. 0 0 0 0 0 0
  144. TX errors: aborted fifo window heartbeat transns
  145. 0 0 0 0 1
  146. 7: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
  147. link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
  148. RX: bytes packets errors dropped overrun mcast
  149. 0 0 0 0 0 0
  150. RX errors: length crc frame fifo missed
  151. 0 0 0 0 0
  152. TX: bytes packets errors dropped carrier collsns
  153. 0 0 0 0 0 0
  154. TX errors: aborted fifo window heartbeat transns
  155. 0 0 0 0 1
  156.  
  157. =========================================================================
  158. Disk Usage
  159. =========================================================================
  160. Filesystem Size Used Avail Use% Mounted on
  161. udev 7,9G 0 7,9G 0% /dev
  162. tmpfs 1,6G 9,4M 1,6G 1% /run
  163. /dev/sda1 49G 8,4G 38G 19% /
  164. tmpfs 7,9G 0 7,9G 0% /dev/shm
  165. tmpfs 5,0M 0 5,0M 0% /run/lock
  166. tmpfs 7,9G 0 7,9G 0% /sys/fs/cgroup
  167. /dev/sdb 197G 169G 19G 90% /nsm
  168. tmpfs 1,6G 0 1,6G 0% /run/user/1001
  169. tmpfs 1,6G 4,0K 1,6G 1% /run/user/114
  170. tmpfs 1,6G 0 1,6G 0% /run/user/1000
  171.  
  172. =========================================================================
  173. Network Sockets
  174. =========================================================================
  175. COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
  176. syslog-ng 1343 root 7u IPv4 22635 0t0 TCP *:514 (LISTEN)
  177. syslog-ng 1343 root 8u IPv4 22636 0t0 UDP *:514
  178. syslog-ng 1343 root 25u IPv4 26418 0t0 TCP X.X.X.X:39723->X.X.X.X:6050 (ESTABLISHED)
  179. sshd 1791 root 3u IPv4 24049 0t0 TCP *:ssh_port (LISTEN)
  180. sshd 1791 root 4u IPv6 24051 0t0 TCP *:ssh_port (LISTEN)
  181. ntpd 2117 ntp 16u IPv6 26761 0t0 UDP *:123
  182. ntpd 2117 ntp 17u IPv4 26764 0t0 UDP *:123
  183. ntpd 2117 ntp 18u IPv4 26769 0t0 UDP X.X.X.X:123
  184. ntpd 2117 ntp 19u IPv4 26771 0t0 UDP X.X.X.X:123
  185. ntpd 2117 ntp 20u IPv6 26773 0t0 UDP [X.X.X.X]:123
  186. ntpd 2117 ntp 21u IPv6 26775 0t0 UDP [X.X.X.X]:123
  187. tclsh 2357 SO-user 3u IPv4 27716 0t0 TCP X.X.X.X:32845->X.X.X.X:7736 (ESTABLISHED)
  188. bro 2892 SO-user 4u IPv4 28928 0t0 UDP X.X.X.X:46458->X.X.X.X:53
  189. bro 2892 SO-user 19u IPv6 30772 0t0 TCP *:47761 (LISTEN)
  190. bro 2892 SO-user 22u IPv6 27160 0t0 TCP X.X.X.X:47761->X.X.X.X:37620 (ESTABLISHED)
  191. bro 2892 SO-user 24u IPv6 27177 0t0 TCP X.X.X.X:47761->X.X.X.X:37622 (ESTABLISHED)
  192. bro 2892 SO-user 25u IPv6 27301 0t0 TCP X.X.X.X:47761->X.X.X.X:37626 (ESTABLISHED)
  193. bro 2892 SO-user 26u IPv6 27302 0t0 TCP X.X.X.X:47761->X.X.X.X:37632 (ESTABLISHED)
  194. bro 2892 SO-user 27u IPv6 27303 0t0 TCP X.X.X.X:47761->X.X.X.X:37638 (ESTABLISHED)
  195. bro 2892 SO-user 29u IPv6 27304 0t0 TCP X.X.X.X:47761->X.X.X.X:37642 (ESTABLISHED)
  196. bro 3211 SO-user 4u IPv4 28001 0t0 UDP X.X.X.X:33275->X.X.X.X:53
  197. bro 3211 SO-user 18u IPv6 27158 0t0 TCP *:47762 (LISTEN)
  198. bro 3211 SO-user 19u IPv4 27159 0t0 TCP X.X.X.X:37620->X.X.X.X:47761 (ESTABLISHED)
  199. bro 3211 SO-user 20u IPv6 25458 0t0 TCP X.X.X.X:47762->X.X.X.X:53224 (ESTABLISHED)
  200. bro 3211 SO-user 21u IPv6 25580 0t0 TCP X.X.X.X:47762->X.X.X.X:53230 (ESTABLISHED)
  201. bro 3211 SO-user 22u IPv6 25581 0t0 TCP X.X.X.X:47762->X.X.X.X:53236 (ESTABLISHED)
  202. bro 3211 SO-user 23u IPv6 25582 0t0 TCP X.X.X.X:47762->X.X.X.X:53244 (ESTABLISHED)
  203. bro 3211 SO-user 24u IPv6 25583 0t0 TCP X.X.X.X:47762->X.X.X.X:53248 (ESTABLISHED)
  204. bro 3405 SO-user 4u IPv4 28023 0t0 UDP X.X.X.X:59952->X.X.X.X:53
  205. bro 3405 SO-user 18u IPv6 24255 0t0 TCP *:47763 (LISTEN)
  206. bro 3405 SO-user 19u IPv4 24256 0t0 TCP X.X.X.X:37622->X.X.X.X:47761 (ESTABLISHED)
  207. bro 3405 SO-user 20u IPv4 24257 0t0 TCP X.X.X.X:53224->X.X.X.X:47762 (ESTABLISHED)
  208. bro 3405 SO-user 21u IPv6 25579 0t0 TCP X.X.X.X:47763->X.X.X.X:37182 (ESTABLISHED)
  209. bro 3405 SO-user 22u IPv6 31049 0t0 TCP X.X.X.X:47763->X.X.X.X:37188 (ESTABLISHED)
  210. bro 3405 SO-user 23u IPv6 31050 0t0 TCP X.X.X.X:47763->X.X.X.X:37194 (ESTABLISHED)
  211. bro 3405 SO-user 24u IPv6 31051 0t0 TCP X.X.X.X:47763->X.X.X.X:37200 (ESTABLISHED)
  212. bro 4066 SO-user 4u IPv4 29084 0t0 UDP X.X.X.X:33534->X.X.X.X:53
  213. bro 4066 SO-user 18u IPv6 29117 0t0 TCP *:47764 (LISTEN)
  214. bro 4066 SO-user 19u IPv4 29118 0t0 TCP X.X.X.X:37642->X.X.X.X:47761 (ESTABLISHED)
  215. bro 4066 SO-user 20u IPv4 29119 0t0 TCP X.X.X.X:37200->X.X.X.X:47763 (ESTABLISHED)
  216. bro 4066 SO-user 21u IPv4 29120 0t0 TCP X.X.X.X:53248->X.X.X.X:47762 (ESTABLISHED)
  217. bro 4068 SO-user 4u IPv4 30017 0t0 UDP X.X.X.X:42163->X.X.X.X:53
  218. bro 4068 SO-user 18u IPv6 30042 0t0 TCP *:47765 (LISTEN)
  219. bro 4068 SO-user 19u IPv4 30043 0t0 TCP X.X.X.X:37632->X.X.X.X:47761 (ESTABLISHED)
  220. bro 4068 SO-user 20u IPv4 30044 0t0 TCP X.X.X.X:37188->X.X.X.X:47763 (ESTABLISHED)
  221. bro 4068 SO-user 21u IPv4 30046 0t0 TCP X.X.X.X:53236->X.X.X.X:47762 (ESTABLISHED)
  222. bro 4070 SO-user 4u IPv4 29087 0t0 UDP X.X.X.X:58660->X.X.X.X:53
  223. bro 4070 SO-user 18u IPv6 29106 0t0 TCP *:47766 (LISTEN)
  224. bro 4070 SO-user 19u IPv4 29107 0t0 TCP X.X.X.X:37626->X.X.X.X:47761 (ESTABLISHED)
  225. bro 4070 SO-user 20u IPv4 29108 0t0 TCP X.X.X.X:37182->X.X.X.X:47763 (ESTABLISHED)
  226. bro 4070 SO-user 21u IPv4 29109 0t0 TCP X.X.X.X:53230->X.X.X.X:47762 (ESTABLISHED)
  227. bro 4072 SO-user 4u IPv4 30020 0t0 UDP X.X.X.X:58657->X.X.X.X:53
  228. bro 4072 SO-user 18u IPv6 30049 0t0 TCP *:47767 (LISTEN)
  229. bro 4072 SO-user 19u IPv4 30050 0t0 TCP X.X.X.X:37638->X.X.X.X:47761 (ESTABLISHED)
  230. bro 4072 SO-user 20u IPv4 30051 0t0 TCP X.X.X.X:37194->X.X.X.X:47763 (ESTABLISHED)
  231. bro 4072 SO-user 21u IPv4 30052 0t0 TCP X.X.X.X:53244->X.X.X.X:47762 (ESTABLISHED)
  232. tclsh 4253 SO-user 3u IPv4 27347 0t0 TCP X.X.X.X:33827->X.X.X.X:7736 (ESTABLISHED)
  233. tclsh 4271 SO-user 3u IPv4 24362 0t0 TCP X.X.X.X:39749->X.X.X.X:7736 (ESTABLISHED)
  234. tclsh 4271 SO-user 4u IPv4 24363 0t0 TCP X.X.X.X:8200 (LISTEN)
  235. tclsh 4271 SO-user 6u IPv4 24428 0t0 TCP X.X.X.X:8200->X.X.X.X:55402 (ESTABLISHED)
  236. barnyard2 4321 SO-user 3u IPv4 31286 0t0 TCP X.X.X.X:55402->X.X.X.X:8200 (ESTABLISHED)
  237. ssh 4345 root 3u IPv4 31269 0t0 TCP X.X.X.X:47234->X.X.X.X:ssh_port (ESTABLISHED)
  238. ssh 4345 root 4u IPv6 31283 0t0 TCP [X.X.X.X]:6050 (LISTEN)
  239. ssh 4345 root 5u IPv4 31284 0t0 TCP X.X.X.X:6050 (LISTEN)
  240. ssh 4345 root 6u IPv4 31285 0t0 TCP X.X.X.X:6050->X.X.X.X:39723 (ESTABLISHED)
  241. sshd 4642 root 3u IPv4 24575 0t0 TCP X.X.X.X:ssh_port->X.X.X.X:37732 (ESTABLISHED)
  242. sshd 4667 SO-user 3u IPv4 24575 0t0 TCP X.X.X.X:ssh_port->X.X.X.X:37732 (ESTABLISHED)
  243. sshd 4667 SO-user 9u IPv6 32806 0t0 TCP [X.X.X.X]:6010 (LISTEN)
  244. sshd 4667 SO-user 10u IPv4 32807 0t0 TCP X.X.X.X:6010 (LISTEN)
  245. sshd 19317 root 3u IPv4 58180 0t0 TCP X.X.X.X:ssh_port->X.X.X.X:46928 (ESTABLISHED)
  246. sshd 19331 SO-user 3u IPv4 58180 0t0 TCP X.X.X.X:ssh_port->X.X.X.X:46928 (ESTABLISHED)
  247. sshd 19331 SO-user 9u IPv6 67795 0t0 TCP [X.X.X.X]:6011 (LISTEN)
  248. sshd 19331 SO-user 10u IPv4 67796 0t0 TCP X.X.X.X:6011 (LISTEN)
  249.  
  250. =========================================================================
  251. IDS Rules Update
  252. =========================================================================
  253. mié jun 19 07:01:01 UTC 2019
  254. Backing up current local_rules.xml file.
  255. Cleaning up local_rules.xml backup files older than 30 days.
  256. Backing up current downloaded.rules file before it gets overwritten.
  257. Cleaning up downloaded.rules backup files older than 30 days.
  258. Backing up current local.rules file before it gets overwritten.
  259. Cleaning up local.rules backup files older than 30 days.
  260. Sleeping for 60 minutes to allow master time to download new rules.
  261. Copying rules from X.X.X.X.
  262. Restarting Barnyard2.
  263. Restarting: SO-server-ens224
  264. * stopping: barnyard2 (spooler, unified2 format)[ OK ]
  265. * starting: barnyard2 (spooler, unified2 format)[ OK ]
  266. Restarting IDS Engine.
  267. Restarting: SO-server-ens224
  268. * stopping: suricata (alert data)[ OK ]
  269. * starting: suricata (alert data)[ OK ]
  270.  
  271. =========================================================================
  272. CPU Usage
  273. =========================================================================
  274. Load average for the last 1, 5, and 15 minutes:
  275. 3.12 4.99 4.87
  276. Processing units: 8
  277. If load average is higher than processing units,
  278. then tune until load average is lower than processing units.
  279.  
  280. top - 20:28:09 up 30 min, 2 users, load average: 3,12, 4,99, 4,87
  281. Tasks: 259 total, 2 running, 157 sleeping, 0 stopped, 0 zombie
  282. %Cpu(s): 24,9 us, 5,9 sy, 0,1 ni, 54,3 id, 11,5 wa, 0,0 hi, 3,4 si, 0,0 st
  283. KiB Mem : 16425140 total, 275840 free, 3150744 used, 12998556 buff/cache
  284. KiB Swap: 998396 total, 998396 free, 0 used. 12820468 avail Mem
  285.  
  286. %CPU %MEM COMMAND
  287. 103 5.7 suricata --user SO-user --group SO-user -c /etc/nsm/SO-server-ens224/suricata.yaml --af-packet=ens224 -l /nsm/sensor_data/SO-server-ens224
  288. 34.2 2.5 /opt/bro/bin/bro -i af_packetX.X.X.Xens224 -U .status -p broctl -p broctl-live -p local -p SO-server-ens224-3 local.bro broctl base/frameworks/cluster broctl/auto
  289. 34.1 2.6 /opt/bro/bin/bro -i af_packetX.X.X.Xens224 -U .status -p broctl -p broctl-live -p local -p SO-server-ens224-1 local.bro broctl base/frameworks/cluster broctl/auto
  290. 34.1 2.3 /opt/bro/bin/bro -i af_packetX.X.X.Xens224 -U .status -p broctl -p broctl-live -p local -p SO-server-ens224-2 local.bro broctl base/frameworks/cluster broctl/auto
  291. 34.0 2.3 /opt/bro/bin/bro -i af_packetX.X.X.Xens224 -U .status -p broctl -p broctl-live -p local -p SO-server-ens224-4 local.bro broctl base/frameworks/cluster broctl/auto
  292. 8.3 0.6 /opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p logger local.bro broctl base/frameworks/cluster broctl/auto
  293. 7.6 0.6 netsniff-ng --no-hwtimestamp -i ens224 -o /nsm/sensor_data/SO-server-ens224/dailylogs/2019-06-19/ --user 1001 --group 1001 -s --prefix snort.log. --verbose --ring-size 64MiB --interval 150MiB --mmap
  294. 4.9 0.6 /opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p manager local.bro broctl base/frameworks/cluster broctl/auto
  295. 2.7 0.5 /opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p proxy local.bro broctl base/frameworks/cluster broctl/auto
  296. 2.4 0.1 /usr/sbin/syslog-ng -F
  297. 1.6 0.0 barnyard2 -c /etc/nsm/SO-server-ens224/barnyard2.conf -u SO-user -g SO-user -d /nsm/sensor_data/SO-server-ens224 -f snort.unified2 -w /etc/nsm/SO-server-ens224/barnyard2.waldo -i SO-server-ens224 -U
  298. 1.0 0.0 /bin/bash /usr/sbin/sostat
  299. 0.6 0.0 [kswapd0]
  300. 0.5 0.0 /usr/bin/ssh -q -N -o ServerAliveInterval 60 -o ServerAliveCountMax 3 -o ExitOnForwardFailure yes -i /root/.ssh/securityonion -L 6050:localhost:6050 SO-user@X.X.X.X
  301. 0.3 0.0 [ksoftirqd/1]
  302. 0.3 0.0 [jbd2/sdb-8]
  303. 0.2 0.0 [ksoftirqd/2]
  304. 0.2 0.0 [ksoftirqd/4]
  305. 0.2 0.0 [ksoftirqd/5]
  306. 0.2 0.0 [ksoftirqd/6]
  307. 0.2 0.0 [ksoftirqd/7]
  308. 0.2 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/SO-server-ens224/snort_agent.conf
  309. 0.1 0.0 /sbin/init splash
  310. 0.1 0.0 [ksoftirqd/3]
  311. 0.1 0.0 [kworker/u16:27]
  312. 0.1 0.0 [kworker/u16:0]
  313. 0.0 0.0 [kthreadd]
  314. 0.0 0.0 [kworker/0:0H]
  315. 0.0 0.0 [mm_percpu_wq]
  316. 0.0 0.0 [ksoftirqd/0]
  317. 0.0 0.0 [rcu_sched]
  318. 0.0 0.0 [rcu_bh]
  319. 0.0 0.0 [migration/0]
  320. 0.0 0.0 [watchdog/0]
  321. 0.0 0.0 [cpuhp/0]
  322. 0.0 0.0 [cpuhp/1]
  323. 0.0 0.0 [watchdog/1]
  324. 0.0 0.0 [migration/1]
  325. 0.0 0.0 [kworker/1:0H]
  326. 0.0 0.0 [cpuhp/2]
  327. 0.0 0.0 [watchdog/2]
  328. 0.0 0.0 [migration/2]
  329. 0.0 0.0 [kworker/2:0H]
  330. 0.0 0.0 [cpuhp/3]
  331. 0.0 0.0 [watchdog/3]
  332. 0.0 0.0 [migration/3]
  333. 0.0 0.0 [kworker/3:0H]
  334. 0.0 0.0 [cpuhp/4]
  335. 0.0 0.0 [watchdog/4]
  336. 0.0 0.0 [migration/4]
  337. 0.0 0.0 [kworker/4:0H]
  338. 0.0 0.0 [cpuhp/5]
  339. 0.0 0.0 [watchdog/5]
  340. 0.0 0.0 [migration/5]
  341. 0.0 0.0 [kworker/5:0H]
  342. 0.0 0.0 [cpuhp/6]
  343. 0.0 0.0 [watchdog/6]
  344. 0.0 0.0 [migration/6]
  345. 0.0 0.0 [kworker/6:0H]
  346. 0.0 0.0 [cpuhp/7]
  347. 0.0 0.0 [watchdog/7]
  348. 0.0 0.0 [migration/7]
  349. 0.0 0.0 [kworker/7:0H]
  350. 0.0 0.0 [kdevtmpfs]
  351. 0.0 0.0 [netns]
  352. 0.0 0.0 [rcu_tasks_kthre]
  353. 0.0 0.0 [kauditd]
  354. 0.0 0.0 [khungtaskd]
  355. 0.0 0.0 [oom_reaper]
  356. 0.0 0.0 [writeback]
  357. 0.0 0.0 [kcompactd0]
  358. 0.0 0.0 [ksmd]
  359. 0.0 0.0 [khugepaged]
  360. 0.0 0.0 [crypto]
  361. 0.0 0.0 [kintegrityd]
  362. 0.0 0.0 [kblockd]
  363. 0.0 0.0 [ata_sff]
  364. 0.0 0.0 [md]
  365. 0.0 0.0 [edac-poller]
  366. 0.0 0.0 [devfreq_wq]
  367. 0.0 0.0 [watchdogd]
  368. 0.0 0.0 [kworker/3:1]
  369. 0.0 0.0 [kworker/4:1]
  370. 0.0 0.0 [kworker/6:1]
  371. 0.0 0.0 [kworker/7:1]
  372. 0.0 0.0 [kworker/5:1]
  373. 0.0 0.0 [kworker/u17:0]
  374. 0.0 0.0 [ecryptfs-kthrea]
  375. 0.0 0.0 [kthrotld]
  376. 0.0 0.0 [acpi_thermal_pm]
  377. 0.0 0.0 [scsi_eh_0]
  378. 0.0 0.0 [scsi_tmf_0]
  379. 0.0 0.0 [scsi_eh_1]
  380. 0.0 0.0 [scsi_tmf_1]
  381. 0.0 0.0 [ipv6_addrconf]
  382. 0.0 0.0 [kstrp]
  383. 0.0 0.0 [charger_manager]
  384. 0.0 0.0 [mpt_poll_0]
  385. 0.0 0.0 [mpt/0]
  386. 0.0 0.0 [scsi_eh_2]
  387. 0.0 0.0 [scsi_tmf_2]
  388. 0.0 0.0 [scsi_eh_3]
  389. 0.0 0.0 [scsi_tmf_3]
  390. 0.0 0.0 [scsi_eh_4]
  391. 0.0 0.0 [scsi_tmf_4]
  392. 0.0 0.0 [scsi_eh_5]
  393. 0.0 0.0 [scsi_tmf_5]
  394. 0.0 0.0 [scsi_eh_6]
  395. 0.0 0.0 [scsi_tmf_6]
  396. 0.0 0.0 [scsi_eh_7]
  397. 0.0 0.0 [scsi_tmf_7]
  398. 0.0 0.0 [scsi_eh_8]
  399. 0.0 0.0 [scsi_tmf_8]
  400. 0.0 0.0 [scsi_eh_9]
  401. 0.0 0.0 [scsi_tmf_9]
  402. 0.0 0.0 [scsi_eh_10]
  403. 0.0 0.0 [scsi_tmf_10]
  404. 0.0 0.0 [scsi_eh_11]
  405. 0.0 0.0 [scsi_tmf_11]
  406. 0.0 0.0 [scsi_eh_12]
  407. 0.0 0.0 [scsi_tmf_12]
  408. 0.0 0.0 [scsi_eh_13]
  409. 0.0 0.0 [scsi_tmf_13]
  410. 0.0 0.0 [scsi_eh_14]
  411. 0.0 0.0 [scsi_tmf_14]
  412. 0.0 0.0 [scsi_eh_15]
  413. 0.0 0.0 [scsi_tmf_15]
  414. 0.0 0.0 [scsi_eh_16]
  415. 0.0 0.0 [scsi_tmf_16]
  416. 0.0 0.0 [scsi_eh_17]
  417. 0.0 0.0 [scsi_tmf_17]
  418. 0.0 0.0 [scsi_eh_18]
  419. 0.0 0.0 [scsi_tmf_18]
  420. 0.0 0.0 [scsi_eh_19]
  421. 0.0 0.0 [scsi_tmf_19]
  422. 0.0 0.0 [scsi_eh_20]
  423. 0.0 0.0 [scsi_tmf_20]
  424. 0.0 0.0 [scsi_eh_21]
  425. 0.0 0.0 [scsi_tmf_21]
  426. 0.0 0.0 [scsi_eh_22]
  427. 0.0 0.0 [scsi_tmf_22]
  428. 0.0 0.0 [scsi_eh_23]
  429. 0.0 0.0 [scsi_tmf_23]
  430. 0.0 0.0 [scsi_eh_24]
  431. 0.0 0.0 [scsi_tmf_24]
  432. 0.0 0.0 [scsi_eh_25]
  433. 0.0 0.0 [scsi_tmf_25]
  434. 0.0 0.0 [scsi_eh_26]
  435. 0.0 0.0 [scsi_tmf_26]
  436. 0.0 0.0 [scsi_eh_27]
  437. 0.0 0.0 [scsi_tmf_27]
  438. 0.0 0.0 [scsi_eh_28]
  439. 0.0 0.0 [scsi_tmf_28]
  440. 0.0 0.0 [scsi_eh_29]
  441. 0.0 0.0 [scsi_tmf_29]
  442. 0.0 0.0 [scsi_eh_30]
  443. 0.0 0.0 [scsi_tmf_30]
  444. 0.0 0.0 [scsi_eh_31]
  445. 0.0 0.0 [scsi_tmf_31]
  446. 0.0 0.0 [scsi_eh_32]
  447. 0.0 0.0 [scsi_tmf_32]
  448. 0.0 0.0 [ttm_swap]
  449. 0.0 0.0 [irq/16-vmwgfx]
  450. 0.0 0.0 [kworker/6:1H]
  451. 0.0 0.0 [kworker/3:1H]
  452. 0.0 0.0 [kworker/2:1H]
  453. 0.0 0.0 [kworker/4:1H]
  454. 0.0 0.0 [raid5wq]
  455. 0.0 0.0 [kworker/0:1H]
  456. 0.0 0.0 [kworker/5:1H]
  457. 0.0 0.0 [kworker/1:1H]
  458. 0.0 0.0 [jbd2/sda1-8]
  459. 0.0 0.0 [ext4-rsv-conver]
  460. 0.0 0.0 [kworker/7:1H]
  461. 0.0 0.0 [kworker/6:2]
  462. 0.0 0.0 /lib/systemd/systemd-journald
  463. 0.0 0.0 [iscsi_eh]
  464. 0.0 0.0 [ib-comp-wq]
  465. 0.0 0.0 [ib_mcast]
  466. 0.0 0.0 [ib_nl_sa_wq]
  467. 0.0 0.0 [rdma_cm]
  468. 0.0 0.0 /lib/systemd/systemd-udevd
  469. 0.0 0.0 [kworker/7:2]
  470. 0.0 0.0 [kworker/2:2]
  471. 0.0 0.0 /sbin/lvmetad -f
  472. 0.0 0.0 [kworker/1:2]
  473. 0.0 0.0 [kworker/0:2]
  474. 0.0 0.0 [ext4-rsv-conver]
  475. 0.0 0.0 /usr/sbin/atd -f
  476. 0.0 0.0 /usr/lib/accountsservice/accounts-daemon
  477. 0.0 0.0 /usr/sbin/acpid
  478. 0.0 0.0 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
  479. 0.0 0.0 /lib/systemd/systemd-logind
  480. 0.0 0.1 /usr/sbin/NetworkManager --no-daemon
  481. 0.0 0.0 /usr/sbin/cron -f
  482. 0.0 0.0 /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
  483. 0.0 0.0 /usr/lib/policykit-1/polkitd --no-debug
  484. 0.0 0.1 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
  485. 0.0 0.2 /usr/bin/containerd
  486. 0.0 0.0 /usr/sbin/sshd -D
  487. 0.0 0.4 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
  488. 0.0 0.0 /sbin/iscsid
  489. 0.0 0.0 /sbin/iscsid
  490. 0.0 0.0 /usr/sbin/lightdm
  491. 0.0 0.0 /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
  492. 0.0 0.0 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 111:118
  493. 0.0 0.2 /usr/lib/xorg/Xorg -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
  494. 0.0 0.0 /sbin/agetty --noclear tty1 linux
  495. 0.0 0.0 su - SO-user -- /usr/bin/ossec_agent.tcl -o -f /var/ossec/logs/alerts/alerts.log -i X.X.X.X -p 5 -c /etc/nsm/ossec/ossec_agent.conf
  496. 0.0 0.0 /lib/systemd/systemd --user
  497. 0.0 0.0 (sd-pam)
  498. 0.0 0.0 tclsh /usr/bin/ossec_agent.tcl -o -f /var/ossec/logs/alerts/alerts.log -i X.X.X.X -p 5 -c /etc/nsm/ossec/ossec_agent.conf
  499. 0.0 0.0 lightdm --session-child 16 19
  500. 0.0 0.0 /lib/systemd/systemd --user
  501. 0.0 0.0 (sd-pam)
  502. 0.0 0.0 /bin/sh /usr/lib/lightdm/lightdm-greeter-session /usr/sbin/lightdm-gtk-greeter
  503. 0.0 0.0 tail -n 0 -F /var/ossec/logs/alerts/alerts.log
  504. 0.0 0.0 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
  505. 0.0 0.3 /usr/sbin/lightdm-gtk-greeter
  506. 0.0 0.0 /usr/lib/at-spi2-core/at-spi-bus-launcher --launch-immediately
  507. 0.0 0.0 /usr/lib/gvfs/gvfsd
  508. 0.0 0.0 /usr/bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork --print-address 3
  509. 0.0 0.0 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
  510. 0.0 0.0 lightdm --session-child 12 19
  511. 0.0 0.0 bash /opt/bro/share/broctl/scripts/run-bro -1 -U .status -p broctl -p broctl-live -p local -p logger local.bro broctl base/frameworks/cluster broctl/auto
  512. 0.0 0.0 bash /opt/bro/share/broctl/scripts/run-bro -1 -U .status -p broctl -p broctl-live -p local -p manager local.bro broctl base/frameworks/cluster broctl/auto
  513. 0.0 0.0 bash /opt/bro/share/broctl/scripts/run-bro -1 -U .status -p broctl -p broctl-live -p local -p proxy local.bro broctl base/frameworks/cluster broctl/auto
  514. 0.0 0.0 bash /opt/bro/share/broctl/scripts/run-bro 6 -i af_packetX.X.X.Xens224 -U .status -p broctl -p broctl-live -p local -p SO-server-ens224-1 local.bro broctl base/frameworks/cluster broctl/auto
  515. 0.0 0.0 bash /opt/bro/share/broctl/scripts/run-bro 7 -i af_packetX.X.X.Xens224 -U .status -p broctl -p broctl-live -p local -p SO-server-ens224-2 local.bro broctl base/frameworks/cluster broctl/auto
  516. 0.0 0.0 bash /opt/bro/share/broctl/scripts/run-bro 6 -i af_packetX.X.X.Xens224 -U .status -p broctl -p broctl-live -p local -p SO-server-ens224-3 local.bro broctl base/frameworks/cluster broctl/auto
  517. 0.0 0.0 bash /opt/bro/share/broctl/scripts/run-bro 7 -i af_packetX.X.X.Xens224 -U .status -p broctl -p broctl-live -p local -p SO-server-ens224-4 local.bro broctl base/frameworks/cluster broctl/auto
  518. 0.0 0.0 su - SO-user -- /usr/bin/pcap_agent.tcl -c /etc/nsm/SO-server-ens224/pcap_agent.conf
  519. 0.0 0.0 tclsh /usr/bin/pcap_agent.tcl -c /etc/nsm/SO-server-ens224/pcap_agent.conf
  520. 0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/SO-server-ens224/snort_agent.conf
  521. 0.0 0.0 tail -n 1 -f /nsm/sensor_data/SO-server-ens224/snort.stats
  522. 0.0 0.0 /usr/lib/autossh/autossh -M 0 -q -N -o ServerAliveInterval 60 -o ServerAliveCountMax 3 -o ExitOnForwardFailure yes -i /root/.ssh/securityonion -L 6050:localhost:6050 SO-user@X.X.X.X
  523. 0.0 0.0 sshd: SO-user [priv]
  524. 0.0 0.0 /lib/systemd/systemd --user
  525. 0.0 0.0 (sd-pam)
  526. 0.0 0.0 sshd: SO-user@pts/0
  527. 0.0 0.0 -bash
  528. 0.0 0.0 fish
  529. 0.0 0.0 [kworker/2:0]
  530. 0.0 0.0 [kworker/3:0]
  531. 0.0 0.0 [kworker/0:0]
  532. 0.0 0.0 [kworker/1:0]
  533. 0.0 0.0 [kworker/u16:2]
  534. 0.0 0.0 [kworker/4:0]
  535. 0.0 0.0 [kworker/5:0]
  536. 0.0 0.0 sshd: SO-user [priv]
  537. 0.0 0.0 sshd: SO-user@pts/1
  538. 0.0 0.0 [kworker/1:1]
  539. 0.0 0.0 [kworker/1:3]
  540. 0.0 0.0 -bash
  541. 0.0 0.0 fish
  542. 0.0 0.0 sudo sostat-redacted
  543. 0.0 0.0 /bin/bash /usr/sbin/sostat-redacted
  544. 0.0 0.0 ps -eo pcpu,pmem,args --sort -pcpu
  545.  
  546. =========================================================================
  547. Packets received during last monitoring interval (600 seconds)
  548. =========================================================================
  549.  
  550.  
  551. Stats not yet available for ens224.
  552.  
  553. Please wait until the current monitoring interval has completed.
  554.  
  555.  
  556.  
  557. =========================================================================
  558. Packet Loss Stats
  559. =========================================================================
  560.  
  561. NIC:
  562.  
  563. ens224:
  564.  
  565. RX packets:50784979 dropped:0 TX packets:184 dropped:0
  566.  
  567. -------------------------------------------------------------------------
  568.  
  569. pf_ring:
  570. -------------------------------------------------------------------------
  571.  
  572. IDS Engine (suricata) packet drops:
  573.  
  574. /nsm/sensor_data/SO-server-ens224/stats.log
  575.  
  576. tcp.segment_memcap_drop | Total | 101
  577.  
  578. -------------------------------------------------------------------------
  579.  
  580. Bro:
  581.  
  582. Average packet loss as percent across all Bro workers: 0.000000
  583.  
  584. SO-server-ens224-1: 1560976089.989201 recvd=10832116 dropped=0 link=10832116
  585. SO-server-ens224-2: 1560976089.996037 recvd=14016446 dropped=0 link=14016446
  586. SO-server-ens224-3: 1560976090.004580 recvd=14827989 dropped=0 link=14827989
  587. SO-server-ens224-4: 1560976090.015636 recvd=11108593 dropped=0 link=11108593
  588.  
  589. Capture Loss:
  590.  
  591. SO-server-ens224-1: 1.540934
  592. 1.549479
  593. 1.700134
  594. 1.705217
  595. SO-server-ens224-2: 1.540934
  596. 1.549479
  597. 1.700134
  598. 1.705217
  599. SO-server-ens224-3: 1.540934
  600. 1.549479
  601. 1.700134
  602. 1.705217
  603. SO-server-ens224-4: 1.540934
  604. 1.549479
  605. 1.700134
  606. 1.705217
  607.  
  608. If you are seeing capture loss without dropped packets, this
  609. may indicate that an upstream device is dropping packets (tap or SPAN port).
  610.  
  611. -------------------------------------------------------------------------
  612.  
  613. Netsniff-NG:
  614.  
  615. This may take a second...
  616.  
  617.  
  618. Percentage of packets dropped:
  619.  
  620. /var/log/nsm/SO-server-ens224/netsniff-ng.log -- .39
  621.  
  622.  
  623. =========================================================================
  624. PF_RING
  625. =========================================================================
  626. PF_RING Version : 6.6.0 (unknown)
  627. Total rings : 0
  628.  
  629. Standard (non ZC) Options
  630. Ring slots : 4096
  631. Slot version : 16
  632. Capture TX : Yes [RX+TX]
  633. IP Defragment : No
  634. Socket Mode : Standard
  635. Cluster Fragment Queue : 0
  636. Cluster Fragment Discard : 0
  637.  
  638. =========================================================================
  639. Log Archive
  640. =========================================================================
  641. /nsm/sensor_data/SO-server-ens160/dailylogs/ - 0 days
  642. 4,0K .
  643.  
  644. /nsm/sensor_data/SO-server-ens192/dailylogs/ - 0 days
  645. 4,0K .
  646.  
  647. /nsm/sensor_data/SO-server-ens224/dailylogs/ - 1 days
  648. 167G .
  649. 167G ./2019-06-19
  650.  
  651. /nsm/bro/logs/ - 1 days
  652. 327M .
  653. 323M ./2019-06-19
  654. 3,8M ./stats
  655.  
  656. =========================================================================
  657. Last update
  658. =========================================================================
  659. Commandline: apt install sysstat
  660. Requested-By: SO-user (1000)
  661. Install: sysstat:amd64 (11.2.0-1ubuntu0.2)
  662. End-Date: 2019-06-14 19:23:23
  663.  
  664. Start-Date: 2019-06-14 19:23:37
  665. Commandline: apt autoremove
  666. Requested-By: SO-user (1000)
  667. Remove: gir1.2-appindicator3-0.1:amd64 (12.10.1+16.04.20170215-0ubuntu1), libtimezonemap1:amd64 (0.4.5), gir1.2-timezonemap-1.0:amd64 (0.4.5), gir1.2-webkit2-4.0:amd64 (2.20.5-0ubuntu0.16.04.1), libtimezonemap-data:amd64 (0.4.5), gir1.2-nma-1.0:amd64 (1.2.6-0ubuntu0.16.04.4), gir1.2-javascriptcoregtk-4.0:amd64 (2.20.5-0ubuntu0.16.04.1)
  668. End-Date: 2019-06-14 19:23:38
  669.  
  670. =========================================================================
  671. Available updates
  672. =========================================================================
  673. 46 packages can be updated.
  674. 28 updates are security updates.
  675.  
  676. Run 'sudo soup' to install the latest updates.
  677.  
  678. =========================================================================
  679. Version Information
  680. =========================================================================
  681.  
  682. Ubuntu 16.04.6 LTS
  683. securityonion-sostat 20120722-0ubuntu0securityonion126
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!