diff --git a/vendor/github.com/elastic/beats/.appveyor.yml b/vendor/github.com/elastic/beats/.appveyor.yml index 04e6b737..f7f4d819 100644 --- a/vendor/github.com/elastic/beats/.appveyor.yml +++ b/vendor/github.com/elastic/beats/.appveyor.yml @@ -6,8 +6,8 @@ os: Windows Server 2012 R2 # Environment variables environment: - GOROOT: c:\go1.7.4 GOPATH: c:\gopath + GVM_DL: https://github.com/andrewkroh/gvm/releases/download/v0.0.1/gvm-windows-amd64.exe PYWIN_DL: https://beats-files.s3.amazonaws.com/deps/pywin32-220.win32-py2.7.exe matrix: - PROJ: github.com\elastic\beats\metricbeat @@ -24,15 +24,19 @@ clone_folder: c:\gopath\src\github.com\elastic\beats cache: - C:\ProgramData\chocolatey\bin -> .appveyor.yml - C:\ProgramData\chocolatey\lib -> .appveyor.yml -- C:\go1.7.4 -> .appveyor.yml +- C:\Users\appveyor\.gvm -> .go-version +- C:\Windows\System32\gvm.exe -> .appveyor.yml - C:\tools\mingw64 -> .appveyor.yml - C:\pywin_inst.exe -> .appveyor.yml # Scripts that run after cloning repository install: - - ps: c:\gopath\src\github.com\elastic\beats\libbeat\scripts\install-go.ps1 -version 1.7.4 - - set PATH=%GOROOT%\bin;%PATH% - # AppVeyor installed mingw is 32-bit only. + - ps: >- + if(!(Test-Path "C:\Windows\System32\gvm.exe")) { + wget "$env:GVM_DL" -Outfile C:\Windows\System32\gvm.exe + } + - ps: gvm --format=powershell $(Get-Content .go-version) | Invoke-Expression + # AppVeyor installed mingw is 32-bit only so install 64-bit version. - ps: >- if(!(Test-Path "C:\tools\mingw64\bin\gcc.exe")) { cinst mingw > mingw-install.txt diff --git a/vendor/github.com/elastic/beats/.gitignore b/vendor/github.com/elastic/beats/.gitignore index a09ac628..3980198c 100644 --- a/vendor/github.com/elastic/beats/.gitignore +++ b/vendor/github.com/elastic/beats/.gitignore @@ -4,7 +4,8 @@ /build /*/data /*/logs -/*/_meta/kibana/index-pattern +/*/_meta/kibana/5.x/index-pattern +/*/_meta/kibana/default/index-pattern # Files .DS_Store diff --git a/vendor/github.com/elastic/beats/.go-version b/vendor/github.com/elastic/beats/.go-version new file mode 100644 index 00000000..de28578a --- /dev/null +++ b/vendor/github.com/elastic/beats/.go-version @@ -0,0 +1 @@ +1.7.6 diff --git a/vendor/github.com/elastic/beats/.travis.yml b/vendor/github.com/elastic/beats/.travis.yml index 8206a90e..5f671c40 100644 --- a/vendor/github.com/elastic/beats/.travis.yml +++ b/vendor/github.com/elastic/beats/.travis.yml @@ -12,73 +12,73 @@ env: global: # Cross-compile for amd64 only to speed up testing. - GOX_FLAGS="-arch amd64" - - DOCKER_COMPOSE_VERSION: 1.9.0 - - &go_version 1.7.4 + - DOCKER_COMPOSE_VERSION=1.9.0 + - GO_VERSION="$(cat .go-version)" matrix: include: # General checks - os: linux env: TARGETS="check" - go: *go_version + go: $GO_VERSION # Filebeat - os: linux env: TARGETS="-C filebeat testsuite" - go: *go_version + go: $GO_VERSION - os: osx env: TARGETS="TEST_ENVIRONMENT=0 -C filebeat testsuite" - go: *go_version + go: $GO_VERSION # Heartbeat - os: linux env: TARGETS="-C heartbeat testsuite" - go: *go_version + go: $GO_VERSION - os: osx env: TARGETS="TEST_ENVIRONMENT=0 -C heartbeat testsuite" - go: *go_version + go: $GO_VERSION # Libbeat - os: linux env: TARGETS="-C libbeat testsuite" - go: *go_version + go: $GO_VERSION - os: linux env: TARGETS="-C libbeat crosscompile" - go: *go_version + go: $GO_VERSION # Metricbeat - os: linux env: TARGETS="-C metricbeat testsuite" - go: *go_version + go: $GO_VERSION - os: osx env: TARGETS="TEST_ENVIRONMENT=0 -C metricbeat testsuite" - go: *go_version + go: $GO_VERSION - os: linux env: TARGETS="-C metricbeat crosscompile" - go: *go_version + go: $GO_VERSION # Packetbeat - os: linux env: TARGETS="-C packetbeat testsuite" - go: *go_version + go: $GO_VERSION # Winlogbeat - os: linux env: TARGETS="-C winlogbeat crosscompile" - go: *go_version + go: $GO_VERSION # Dashboards - os: linux env: TARGETS="-C libbeat/dashboards" - go: *go_version + go: $GO_VERSION # Generators - os: linux env: TARGETS="-C generator/metricbeat test" - go: *go_version + go: $GO_VERSION - os: linux env: TARGETS="-C generator/beat test" - go: *go_version + go: $GO_VERSION addons: apt: @@ -104,6 +104,9 @@ script: notifications: slack: + on_success: change + on_failure: always + on_pull_requests: false rooms: secure: "e25J5puEA31dOooTI4T+K+zrTs8XeWIGq2cgmiPt9u/g7eqWeQj1UJnVsr8GOu1RPDyuJZJHXqfrvuOYJTdHzXbwjD0JTbwwVVZMkkZW2SWZHG46HCXPiucjWXEr3hXJKBJDDpIx6VxrN7r17dejv1biQ8QuEFZfiB1H8kbH/ho=" diff --git a/vendor/github.com/elastic/beats/CHANGELOG.asciidoc b/vendor/github.com/elastic/beats/CHANGELOG.asciidoc index 31d6ca6b..91373fa2 100644 --- a/vendor/github.com/elastic/beats/CHANGELOG.asciidoc +++ b/vendor/github.com/elastic/beats/CHANGELOG.asciidoc @@ -8,7 +8,7 @@ // Template, add newest changes here === Beats version HEAD -https://github.com/elastic/beats/compare/v5.3.1...master[Check the HEAD diff] +https://github.com/elastic/beats/compare/v5.6.5...5.6[Check the HEAD diff] ==== Breaking changes @@ -24,20 +24,16 @@ https://github.com/elastic/beats/compare/v5.3.1...master[Check the HEAD diff] *Winlogbeat* - ==== Bugfixes *Affecting all Beats* *Filebeat* -- Properly shut down crawler in case one prospector is misconfigured. {pull}4037[4037] -- Fix panic in JSON decoding code if the input line is "null". {pull}4042[4042] *Heartbeat* *Metricbeat* - *Packetbeat* *Winlogbeat* @@ -70,7 +66,7 @@ https://github.com/elastic/beats/compare/v5.3.1...master[Check the HEAD diff] *Winlogbeat* -==== Knwon Issue +==== Known Issue *Affecting all Beats* @@ -84,9 +80,283 @@ https://github.com/elastic/beats/compare/v5.3.1...master[Check the HEAD diff] *Winlogbeat* - //////////////////////////////////////////////////////////// +[[release-notes-5.6.5]] +=== Beats version 5.6.5 +https://github.com/elastic/beats/compare/v5.6.4...v5.6.5[View commits] + +==== Bugfixes + +*Affecting all Beats* + +- Fix duplicate batches of events in retry queue. {pull}5520[5520] + +*Metricbeat* + +- Clarify meaning of percentages reported by system core metricset. {pull}5565[5565] +- Fix map overwrite in docker diskio module. {issue}5582[5582] + +[[release-notes-5.6.4]] +=== Beats version 5.6.4 +https://github.com/elastic/beats/compare/v5.6.3...v5.6.4[View commits] + +==== Bugfixes + +*Affecting all Beats* + +- Fix race condition in internal logging rotator. {pull}4519[4519] + +*Packetbeat* + +- Fix missing length check in the PostgreSQL module. {pull}5457[5457] + +==== Added + +*Affecting all Beats* + +- Add support for enabling TLS renegotiation. {issue}4386[4386] +- Add setting to enable/disable the slow start in logstash output. {pull}5400[5400] + +[[release-notes-5.6.3]] +=== Beats version 5.6.3 +https://github.com/elastic/beats/compare/v5.6.2...v5.6.3[View commits] + +No changes in this release. + +[[release-notes-5.6.2]] +=== Beats version 5.6.2 +https://github.com/elastic/beats/compare/v5.6.1...v5.6.2[View commits] + +No changes in this release. + +[[release-notes-5.6.1]] +=== Beats version 5.6.1 +https://github.com/elastic/beats/compare/v5.6.0...v5.6.1[View commits] + +No changes in this release. + +[[release-notes-5.6.0]] +=== Beats version 5.6.0 +https://github.com/elastic/beats/compare/v5.5.3...v5.6.0[View commits] + +==== Breaking changes + +*Affecting all Beats* + +- The _all.norms setting in the Elasticsearch template is no longer disabled. + This increases the storage size with one byte per document, but allows for a + better upgrade experience to 6.0. {issue}4901[4901] + + +==== Bugfixes + +*Filebeat* + +- Fix issue where the `fileset.module` could have the wrong value. {issue}4761[4761] + +*Packetbeat* + +- Update flow timestamp on each packet being received. {issue}4895[4895] + +*Metricbeat* + +- Fix a debug statement that said a module wrapper had stopped when it hadn't. {pull}4264[4264] +- Use MemAvailable value from /proc/meminfo on Linux 3.14. {pull}4316[4316] +- Fix panic when events were dropped by filters. {issue}4327[4327] + +==== Added + +*Affecting all Beats* + +- Add option to the import_dashboards script to load the dashboards via Kibana API. {pull}4682[4682] +- Add `logging.files` `permissions` option. {pull}4295[4295] + +*Filebeat* + +- Add support for loading Xpack Machine Learning configurations from the modules, and added sample configurations for the Nginx module. {pull}4506[4506] {pull}4609[4609] +- Add ability to parse nginx logs exposing the X-Forwarded-For header instead of the remote address. {pull}4351[4351] + +*Metricbeat* + +- Add `filesystem.ignore_types` to system module for ignoring filesystem types. {issue}4685[4685] + +==== Deprecated + +*Affecting all Beats* + +- Loading more than one output is deprecated and will be removed in 6.0. {pull}4907[4907] + +[[release-notes-5.5.3]] +=== Beats version 5.5.3 +https://github.com/elastic/beats/compare/v5.5.2...v5.5.3[View commits] + +No changes in this release. + +[[release-notes-5.5.2]] +=== Beats version 5.5.2 +https://github.com/elastic/beats/compare/v5.5.1...v5.5.2[View commits] + +No changes in this release. + +[[release-notes-5.5.1]] +=== Beats version 5.5.1 +https://github.com/elastic/beats/compare/v5.5.0...v5.5.1[View commits] + +==== Bugfixes + +*Affecting all Beats* + +- Normalize all times to UTC to ensure proper index naming. {issue}4569[4569] + +[[release-notes-5.5.0]] +=== Beats version 5.5.0 +https://github.com/elastic/beats/compare/v5.4.2...v5.5.0[View commits] + +==== Breaking changes + +*Affecting all Beats* + +- Usage of field `_type` is now ignored and hardcoded to `doc`. {pull}3757[3757] + +*Metricbeat* +- Change all `system.cpu.*.pct` metrics to be scaled by the number of CPU cores. + This will make the CPU usage percentages from the system cpu metricset consistent + with the system process metricset. The documentation for these metrics already + stated that on multi-core systems the percentages could be greater than 100%. {pull}4544[4544] + +==== Bugfixes + +*Affecting all Beats* + +- Fix console output. {pull}4045[4045] + +*Filebeat* + +- Allow string characters in user agent patch version (NGINX and Apache) {pull}4415[4415] + +*Metricbeat* + +- Fix type of field `haproxy.stat.check.health.last`. {issue}4407[4407] + +*Packetbeat* + +- Fix `packetbeat.interface` options that contain underscores (e.g. `with_vlans` or `bpf_filter`). {pull}4378[4378] +- Enabled /proc/net/tcp6 scanning and fixed ip v6 parsing. {pull}4442[4442] + +==== Deprecated + +*Filebeat* + +- Deprecate `document_type` prospector config option as _type is removed in elasticsearch 6.0. Use fields instead. {pull}4225[4225] + +*Winlogbeat* + +- Deprecated metrics endpoint. It is superseded by a libbeat feature that can serve metrics on an HTTP endpoint. {pull}4145[4145] + +[[release-notes-5.4.2]] +=== Beats version 5.4.2 +https://github.com/elastic/beats/compare/v5.4.1...v5.4.2[View commits] + +==== Bugfixes + +*Affecting all Beats* + +- Removed empty sections from the template files, causing indexing errors for array objects. {pull}4488[4488] + +*Metricbeat* + +- Fix issue affecting Windows services timing out at startup. {pull}4491[4491] +- Add filtering to system filesystem metricset to remove relative mountpoints like those + from Linux network namespaces. {pull}4370[4370] + +*Packetbeat* + +- Clean configured geoip.paths before attempting to open the database. {pull}4306[4306] + +[[release-notes-5.4.1]] +=== Beats version 5.4.1 +https://github.com/elastic/beats/compare/v5.4.0...v5.4.1[View commits] + +==== Bugfixes + +*Affecting all Beats* + +- Fix importing the dashboards when the limit for max open files is too low. {issue}4244[4244] +- Fix console output. {pull}4045[4045] + +*Filebeat* + +- Fix issue that new prospector was not reloaded on conflict. {pull}4128[4128] +- Fix grok pattern in filebeat module system/auth without hostname. {pull}4224[4224] +- Fix the Mysql slowlog parsing of IP addresses. {pull}4183[4183] + +==== Added + +*Affecting all Beats* + +- Binaries upgraded to Go 1.7.6 which contains security fixes. {pull}4400[4400] + +*Winlogbeat* + +- Add the ability to use LevelRaw if Level isn't populated in the event XML. {pull}4257[4257] + +[[release-notes-5.4.0]] +=== Beats version 5.4.0 +https://github.com/elastic/beats/compare/v5.3.1...v5.4.0[View commits] + +==== Bugfixes + +*Affecting all Beats* + +- Improve error message when downloading the dashboards fails. {pull}3805[3805] +- Fix potential Elasticsearch output URL parsing error if protocol scheme is missing. {pull}3671[3671] +- Downgrade Elasticsearch per batch item failure log to debug level. {issue}3953[3953] +- Make `@timestamp` accessible from format strings. {pull}3721[3721] + +*Filebeat* + +- Allow log lines without a program name in the Syslog fileset. {pull}3944[3944] +- Don't stop Filebeat when modules are used with the Logstash output. {pull}3929[3929] +- Properly shut down crawler in case one prospector is misconfigured. {pull}4037[4037] + +*Metricbeat* + +- Fixing panic on the Prometheus collector when label has a comma. {pull}3947[3947] +- Make system process metricset honor the `cpu_ticks` config option. {issue}3590[3590] + +*Winlogbeat* + +- Fix null terminators include in raw XML string when include_xml is enabled. {pull}3943[3943] + +==== Added + +*Affecting all Beats* + +- Update index mappings to support future Elasticsearch 6.X. {pull}3778[3778] + +*Filebeat* + +- Add auditd module for reading audit logs on Linux. {pull}3750[3750] {pull}3941[3941] +- Add fileset for the Linux authorization logs. {pull}3669[3669] + +*Heartbeat* + +- Add default ports in HTTP monitor. {pull}3924[3924] + +*Metricbeat* + +- Add beta Jolokia module. {pull}3844[3844] +- Add dashboard for the MySQL module. {pull}3716[3716] +- Module configuration reloading is now beta instead of experimental. {pull}3841[3841] +- Marked http fields from the HAProxy module optional to improve compatibility with 1.5. {pull}3788[3788] +- Add support for custom HTTP headers and TLS for the Metricbeat modules. {pull}3945[3945] + +*Packetbeat* + +- Add DNS dashboard for an overview the DNS traffic. {pull}3883[3883] +- Add DNS Tunneling dashboard to highlight domains with large numbers of subdomains or high data volume. {pull}3884[3884] + [[release-notes-5.3.1]] === Beats version 5.3.1 https://github.com/elastic/beats/compare/v5.3.0...v5.3.1[View commits] @@ -106,7 +376,6 @@ https://github.com/elastic/beats/compare/v5.3.0...v5.3.1[View commits] - Avoid errors when some Apache status fields are missing. {issue}3074[3074] - [[release-notes-5.3.0]] === Beats version 5.3.0 https://github.com/elastic/beats/compare/v5.2.2...v5.3.0[View commits] @@ -132,6 +401,10 @@ https://github.com/elastic/beats/compare/v5.2.2...v5.3.0[View commits] *Affecting all Beats* - Add `_id`, `_type`, `_index` and `_score` fields in the generated index pattern. {pull}3282[3282] +- Fix potential elasticsearch output URL parsing error if protocol scheme is missing. {pull}3671[3671] +- Improve error message when downloading the dashboards fails. {pull}3805[3805] +- Downgrade Elasticsearch per batch item failure log to debug level. {issue}3953[3953] +- Fix panic due to race condition in kafka output. {pull}4098[4098] *Filebeat* - Always use absolute path for event and registry. {pull}3328[3328] @@ -143,6 +416,12 @@ https://github.com/elastic/beats/compare/v5.2.2...v5.3.0[View commits] - Add error handling to system process metricset for when Linux cgroups are missing from the kernel. {pull}3692[3692] - Add labels to the Docker healthcheck metricset output. {pull}3707[3707] +- Make system process metricset honor the cpu_ticks config option. {issue}3590[3590] +- Support common.Time in mapstriface.toTime() {pull}3812[3812] +- Fixing panic on prometheus collector when label has , {pull}3947[3947] +- Fix MongoDB dbstats fields mapping. {pull}4025[4025] + +*Packetbeat* *Winlogbeat* diff --git a/vendor/github.com/elastic/beats/CONTRIBUTING.md b/vendor/github.com/elastic/beats/CONTRIBUTING.md index 29cef7f8..809b4d77 100644 --- a/vendor/github.com/elastic/beats/CONTRIBUTING.md +++ b/vendor/github.com/elastic/beats/CONTRIBUTING.md @@ -51,7 +51,7 @@ Beats](https://github.com/elastic/beats/blob/master/libbeat/docs/communitybeats. The Beats are Go programs, so install the latest version of [golang](http://golang.org/) if you don't have it already. The current Go version -used for development is Golang 1.7.4. +used for development is Golang 1.7.6. The location where you clone is important. Please clone under the source directory of your `GOPATH`. If you don't have `GOPATH` already set, you can diff --git a/vendor/github.com/elastic/beats/Dockerfile b/vendor/github.com/elastic/beats/Dockerfile index 22d24f42..fb2bab2c 100644 --- a/vendor/github.com/elastic/beats/Dockerfile +++ b/vendor/github.com/elastic/beats/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.7.4 +FROM golang:1.7.6 MAINTAINER Nicolas Ruflin RUN set -x && \ diff --git a/vendor/github.com/elastic/beats/codecov.yml b/vendor/github.com/elastic/beats/codecov.yml index 959972a6..41da7c8b 100644 --- a/vendor/github.com/elastic/beats/codecov.yml +++ b/vendor/github.com/elastic/beats/codecov.yml @@ -1 +1,33 @@ -comment: false \ No newline at end of file +# Enable coverage report message for diff on commit +# Docs can be found here: https://docs.codecov.io/v4.3.0/docs/commit-status +coverage: + status: + project: + default: + target: auto + # Overall coverage should never drop more then 0.5% + threshold: 0.5 + base: auto + branches: null + if_no_uploads: error + if_not_found: success + if_ci_failed: error + only_pulls: false + flags: null + paths: null + patch: + default: + target: auto + # Allows PRs without tests, overall stats count + threshold: 100 + base: auto + branches: null + if_no_uploads: error + if_not_found: success + if_ci_failed: error + only_pulls: false + flags: null + paths: null + +# Disable comments on Pull Requests +comment: false diff --git a/vendor/github.com/elastic/beats/dev-tools/cherrypick_pr b/vendor/github.com/elastic/beats/dev-tools/cherrypick_pr index 88dc0309..ca2e1c19 100755 --- a/vendor/github.com/elastic/beats/dev-tools/cherrypick_pr +++ b/vendor/github.com/elastic/beats/dev-tools/cherrypick_pr @@ -1,17 +1,22 @@ #!/usr/bin/env python +"""Cherry pick and backport a PR""" + import sys import argparse +from os.path import expanduser +import re from subprocess import check_call, call, check_output +import requests -""" +usage = """ Example usage: -./dev-tools/cherrypick_pr 5.0 2565 6490604aa0cf7fa61932a90700e6ca988fc8a527 +./dev-tools/cherrypick_pr --create_pr 5.0 2565 6490604aa0cf7fa61932a90700e6ca988fc8a527 In case of backporting errors, fix them, then run: git cherry-pick --continue -./dev-tools/cherrypick_pr 5.0 2565 6490604aa0cf7fa61932a90700e6ca988fc8a527 --continue +./dev-tools/cherrypick_pr --create_pr 5.0 2565 6490604aa0cf7fa61932a90700e6ca988fc8a527 --continue This script does the following: @@ -20,8 +25,9 @@ This script does the following: * calls the git cherry-pick command in this branch * after fixing the merge errors (if needed), pushes the branch to your remote - -You then just need to go to Github and open the PR. +* if the --create_pr flag is used, it uses the GitHub API to create the PR + for you. Note that this requires you to have a Github token with the + public_repo scope in the `~/.elastic/github.token` file Note that you need to take the commit hashes from `git log` on the from_branch, copying the IDs from Github doesn't work in case we squashed the @@ -30,8 +36,11 @@ PR. def main(): + """Main""" parser = argparse.ArgumentParser( - description="Creates a PR for merging two branches") + description="Creates a PR for merging two branches", + formatter_class=argparse.RawDescriptionHelpFormatter, + epilog=usage) parser.add_argument("to_branch", help="To branch (e.g 5.0)") parser.add_argument("pr_number", @@ -45,15 +54,18 @@ def main(): help="Continue after fixing merging errors.") parser.add_argument("--from_branch", default="master", help="From branch") + parser.add_argument("--create_pr", action="store_true", + help="Create a PR using the Github API " + + "(requires token in ~/.elastic/github.token)") args = parser.parse_args() - print args + print(args) tmp_branch = "backport_{}_{}".format(args.pr_number, args.to_branch) if not vars(args)["continue"]: if not args.yes and raw_input("This will destroy all local changes. " + - "Continue? [y/n]: ") != "y": + "Continue? [y/n]: ") != "y": return 1 check_call("git reset --hard", shell=True) check_call("git clean -df", shell=True) @@ -91,9 +103,46 @@ def main(): shell=True) check_call("git push --set-upstream {} {}" .format(remote, tmp_branch), shell=True) - print("Done. Open PR by following this URL: \n\t" + - "https://github.com/elastic/beats/compare/{}...{}:{}?expand=1" - .format(args.to_branch, remote, tmp_branch)) + if not args.create_pr: + print("Done. Open PR by following this URL: \n\t" + + "https://github.com/elastic/beats/compare/{}...{}:{}?expand=1" + .format(args.to_branch, remote, tmp_branch)) + else: + token = open(expanduser("~/.elastic/github.token"), "r").read().strip() + base = "https://api.github.com/repos/elastic/beats" + session = requests.Session() + session.headers.update({"Authorization": "token " + token}) + + original_pr = session.get(base + "/pulls/" + args.pr_number).json() + + # get the github username from the remote where we pushed + remote_url = check_output("git remote get-url {}".format(remote), + shell=True) + remote_user = re.search("github.com:(.+)/beats", remote_url).group(1) + + # create PR + request = session.post(base + "/pulls", json=dict( + title="Cherry-pick #{} to {}: {}".format(args.pr_number, args.to_branch, original_pr["title"]), + head=remote_user + ":" + tmp_branch, + base=args.to_branch, + body="Cherry-pick of PR #{} to {} branch. Original message: \n\n{}" + .format(args.pr_number, args.to_branch, original_pr["body"]) + )) + if request.status_code > 299: + print("Creating PR failed: {}".format(request.json())) + sys.exit(1) + new_pr = request.json() + + # add labels + session.post( + base + "/issues/{}/labels".format(new_pr["number"]), json=["backport", "review"]) + + # remove needs backport label from the original PR + session.delete(base + "/issues/{}/labels/needs_backport".format(args.pr_number)) + + print("\nDone. PR created: {}".format(new_pr["html_url"])) + print("Please go and check it and add the review tags") + if __name__ == "__main__": sys.exit(main()) diff --git a/vendor/github.com/elastic/beats/dev-tools/common.bash b/vendor/github.com/elastic/beats/dev-tools/common.bash index 64bf8cf4..07dbe7d8 100644 --- a/vendor/github.com/elastic/beats/dev-tools/common.bash +++ b/vendor/github.com/elastic/beats/dev-tools/common.bash @@ -27,7 +27,7 @@ err() # Read the project's Go version and return it in the GO_VERSION variable. # On failure it will exit. get_go_version() { - GO_VERSION=$(awk '/^:go-version:/{print $NF}' "${_sdir}/../libbeat/docs/version.asciidoc") + GO_VERSION=$(cat "${_sdir}/../.go-version") if [ -z "$GO_VERSION" ]; then err "Failed to detect the project's Go version" exit 1 @@ -78,3 +78,21 @@ setup_go_path() { debug "GOPATH=${GOPATH}" } + +jenkins_setup() { + : "${HOME:?Need to set HOME to a non-empty value.}" + : "${WORKSPACE:?Need to set WORKSPACE to a non-empty value.}" + + # Setup Go. + export GOPATH=${WORKSPACE} + export PATH=${GOPATH}/bin:${PATH} + if [ -f ".go-version" ]; then + eval "$(gvm $(cat .go-version))" + else + eval "$(gvm 1.7.5)" + fi + + # Workaround for Python virtualenv path being too long. + export TEMP_PYTHON_ENV=$(mktemp -d) + export PYTHON_ENV="${TEMP_PYTHON_ENV}/python-env" +} diff --git a/vendor/github.com/elastic/beats/dev-tools/jenkins_ci b/vendor/github.com/elastic/beats/dev-tools/jenkins_ci deleted file mode 100755 index fb5afaa8..00000000 --- a/vendor/github.com/elastic/beats/dev-tools/jenkins_ci +++ /dev/null @@ -1,145 +0,0 @@ -#!/usr/bin/env bash -set -e - -# Script directory: -SDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -SNAME="$(basename "$0")" - -source "${SDIR}/common.bash" - -usage() { -cat << EOF - Usage: $SNAME [-d] [-h] [-v] [-r] [-w=WORKSPACE] (-g|-b|-c) - - Description: Executes a build using the project's Go version. - - Options: - -w=WORKSPACE Required. Specifies the path to the Jenkins workspace. - If not set then the WORKSPACE environment variable is - used. The workspace will be treated as the GOPATH. - -b | --build Perform a build which includes make targets: check, - testsuite, coverage-report, and docs. - -c | --cleanup Clean up after the build by removing the checkout of - elastic/docs and stopping any running containers - started by the build. This cannot be specified with - --build. - -g | --go-version Optional. Write the project's Go version to stdout - and then exits. Can be used to setup Go with - eval "\$(gimme \$(./jenkins_ci -g))". - -i | --install-gimme Optional. Installs gimme to HOME/bin. - -r | --race Optional. Enable the Go race detector for tests that - are run. - -d | --debug Optional. Runs the script with 'set -x' to log a trace - of all commands and their arguments being executed. - -v | --verbose Optional. Enable verbose logging from this script to stderr. - -h | --help Optional. Print this usage information. - - Examples: - Print project Go version: ./$SNAME --go-version - Build with race detector: ./$SNAME -b -r - Stop test environment: ./$SNAME -c - - Jenkins Setup: - - 1) Jenkins should be setup to checkout elastic/beats into - \$WORKSPACE/src/github.com/elastic/ - 2) The single build script should be added that executes - \$WORKSPACE/src/github.com/elastic/beats/dev-tools/$SNAME -d -v -b --race - 3) A post build action should be added that executes - \$WORKSPACE/src/github.com/elastic/beats/dev-tools/$SNAME -d -v -c -EOF -} - -# Parse command line arguments. -parse_args() { - for i in "$@" - do - case $i in - -b|--build) - BUILD=true - shift - ;; - -c|--cleanup) - CLEANUP=true - shift - ;; - -d|--debug) - set -x - shift - ;; - -g|--go-version) - get_go_version - echo "${GO_VERSION}" - exit 0 - ;; - -h|--help) - usage - exit 1 - ;; - -i|--install-gimme) - install_gimme - exit 0 - ;; - -r|--race) - export RACE_DETECTOR=1 - shift - ;; - -v|--verbose) - VERBOSE=true - shift - ;; - -w=*|--workspace=*) - WORKSPACE="${i#*=}" - shift - ;; - *) - echo "Invalid argument: $i" - usage - exit 1 - ;; - esac - done - - if [ -z "$WORKSPACE" ]; then - err "WORKSPACE env var must be set or --workspace must be specified" - exit 1 - fi -} - -build() { - make check - make testsuite - make coverage-report - make docs -} - -cleanup() { - # Remove the checkout of elastic/docs if it exists. - rm -rf "${SDIR}/../build/docs" - - make stop-environments -} - -main() { - cd "${SDIR}/.." - parse_args $* - get_go_version - setup_go_root ${GO_VERSION} - setup_go_path ${WORKSPACE} - - if [ "$BUILD" == "true" ] && [ "$CLEANUP" == "true" ]; then - err "--build and --cleanup cannot be used together" - exit 1 - elif [ "$BUILD" == "true" ]; then - chmod -R go-w "${GOPATH}/src/github.com/elastic/beats" - build - elif [ "$CLEANUP" == "true" ]; then - cleanup - else - err "Use either --build or --cleanup" - exit 1 - fi -} - -umask 022 -main $* diff --git a/vendor/github.com/elastic/beats/dev-tools/jenkins_ci.ps1 b/vendor/github.com/elastic/beats/dev-tools/jenkins_ci.ps1 new file mode 100755 index 00000000..a7f9f5d3 --- /dev/null +++ b/vendor/github.com/elastic/beats/dev-tools/jenkins_ci.ps1 @@ -0,0 +1,61 @@ +function Exec +{ + param( + [Parameter(Position=0,Mandatory=1)][scriptblock]$cmd, + [Parameter(Position=1,Mandatory=0)][string]$errorMessage = ($msgs.error_bad_command -f $cmd) + ) + + & $cmd + if ($LastExitCode -ne 0) { + Write-Error $errorMessage + exit $LastExitCode + } +} + +# Setup Go. +$env:GOPATH = $env:WORKSPACE +$env:PATH = "$env:GOPATH\bin;C:\tools\mingw64\bin;$env:PATH" +if (Test-Path -PathType leaf .go-version) { + & gvm --format=powershell $(Get-Content .go-version) | Invoke-Expression +} else { + & gvm --format=powershell 1.7.5 | Invoke-Expression +} + +if (Test-Path "$env:beat") { + cd "$env:beat" +} else { + echo "$env:beat does not exist" + New-Item -ItemType directory -Path build | Out-Null + New-Item -Name build\TEST-empty.xml -ItemType File | Out-Null + exit +} + +if (Test-Path "build") { Remove-Item -Recurse -Force build } +New-Item -ItemType directory -Path build\coverage | Out-Null +New-Item -ItemType directory -Path build\system-tests | Out-Null +New-Item -ItemType directory -Path build\system-tests\run | Out-Null + +exec { go get -u github.com/jstemmer/go-junit-report } + +echo "Building $env:beat" +exec { go build } "Build FAILURE" + +if ($env:beat -eq "metricbeat") { + cp .\_meta\fields.common.yml .\_meta\fields.generated.yml + python .\scripts\fields_collector.py | out-file -append -encoding UTF8 -filepath .\_meta\fields.generated.yml +} elseif ($env:beat -eq "libbeat") { + cp .\_meta\fields.common.yml .\_meta\fields.generated.yml + cat processors\*\_meta\fields.yml | Out-File -append -encoding UTF8 -filepath .\_meta\fields.generated.yml + cp .\_meta\fields.generated.yml .\fields.yml +} + +echo "Unit testing $env:beat" +go test -v $(go list ./... | select-string -Pattern "vendor" -NotMatch) 2>&1 | Out-File -encoding UTF8 build/TEST-go-unit.out +exec { Get-Content build/TEST-go-unit.out | go-junit-report.exe -set-exit-code | Out-File -encoding UTF8 build/TEST-go-unit.xml } "Unit test FAILURE" + +echo "System testing $env:beat" +# TODO (elastic/beats#5050): Use a vendored copy of this. +exec { go get github.com/docker/libcompose } +exec { go test -race -c -cover -covermode=atomic -coverpkg ./... } +exec { cd tests/system } +exec { nosetests --with-timer --with-xunit --xunit-file=../../build/TEST-system.xml } "System test FAILURE" \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/dev-tools/jenkins_ci.sh b/vendor/github.com/elastic/beats/dev-tools/jenkins_ci.sh new file mode 100755 index 00000000..5c7a61d3 --- /dev/null +++ b/vendor/github.com/elastic/beats/dev-tools/jenkins_ci.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash +set -euox pipefail + +: "${HOME:?Need to set HOME to a non-empty value.}" +: "${WORKSPACE:?Need to set WORKSPACE to a non-empty value.}" +: "${beat:?Need to set beat to a non-empty value.}" + +if [ ! -d "$beat" ]; then + echo "$beat does not exist" + mkdir -p build + touch build/TEST-empty.xml + exit +fi + +source ./dev-tools/common.bash + +jenkins_setup + +cleanup() { + echo "Running cleanup..." + rm -rf $TEMP_PYTHON_ENV + make stop-environment fix-permissions + echo "Killing all running containers..." + docker ps -q | xargs -r docker kill || true + echo "Cleaning stopped docker containers and dangling images/networks/volumes..." + docker system prune -f || true + echo "Cleanup complete." +} +trap cleanup EXIT + +rm -rf ${GOPATH}/pkg +cd ${beat} +RACE_DETECTOR=1 make clean check testsuite \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/dev-tools/jenkins_intake.sh b/vendor/github.com/elastic/beats/dev-tools/jenkins_intake.sh new file mode 100755 index 00000000..de8ec969 --- /dev/null +++ b/vendor/github.com/elastic/beats/dev-tools/jenkins_intake.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash +set -euox pipefail + +: "${HOME:?Need to set HOME to a non-empty value.}" +: "${WORKSPACE:?Need to set WORKSPACE to a non-empty value.}" + +source ./dev-tools/common.bash + +jenkins_setup + +cleanup() { + echo "Running cleanup..." + rm -rf $TEMP_PYTHON_ENV + echo "Cleanup complete." +} +trap cleanup EXIT + +make check diff --git a/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image-deb6/beats-builder/Dockerfile b/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image-deb6/beats-builder/Dockerfile index 21b22864..7b5af7e6 100644 --- a/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image-deb6/beats-builder/Dockerfile +++ b/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image-deb6/beats-builder/Dockerfile @@ -1,4 +1,4 @@ -FROM tudorg/xgo-deb6-1.7.4 +FROM tudorg/xgo-deb6-1.7.6 MAINTAINER Tudor Golubenco diff --git a/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image-deb6/build.sh b/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image-deb6/build.sh index df68d8af..edd8c52a 100755 --- a/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image-deb6/build.sh +++ b/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image-deb6/build.sh @@ -1,5 +1,5 @@ #!/bin/sh docker build --rm=true -t tudorg/xgo-deb6-base base/ && \ - docker build --rm=true -t tudorg/xgo-deb6-1.7.4 go-1.7.4/ && + docker build --rm=true -t tudorg/xgo-deb6-1.7.6 go-1.7.6/ && docker build --rm=true -t tudorg/beats-builder-deb6 beats-builder diff --git a/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image-deb6/go-1.7.4/Dockerfile b/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image-deb6/go-1.7.6/Dockerfile similarity index 69% rename from vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image-deb6/go-1.7.4/Dockerfile rename to vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image-deb6/go-1.7.6/Dockerfile index 075478f5..03880405 100644 --- a/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image-deb6/go-1.7.4/Dockerfile +++ b/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image-deb6/go-1.7.6/Dockerfile @@ -1,4 +1,4 @@ -# Go cross compiler (xgo): Go 1.7.4 layer +# Go cross compiler (xgo): Go 1.7.6 layer # Copyright (c) 2014 Péter Szilágyi. All rights reserved. # # Released under the MIT license. @@ -9,7 +9,7 @@ MAINTAINER Tudor Golubenco # Configure the root Go distribution and bootstrap based on it RUN \ - export ROOT_DIST="https://storage.googleapis.com/golang/go1.7.4.linux-amd64.tar.gz" && \ - export ROOT_DIST_SHA1="2e5baf03d1590e048c84d1d5b4b6f2540efaaea1" && \ + export ROOT_DIST="https://storage.googleapis.com/golang/go1.7.6.linux-amd64.tar.gz" && \ + export ROOT_DIST_SHA1="6a7014f34048d95ab60247814a1b8b98018810ff" && \ \ $BOOTSTRAP_PURE diff --git a/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/base/Dockerfile b/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/base/Dockerfile index d827126a..ceadbb30 100644 --- a/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/base/Dockerfile +++ b/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/base/Dockerfile @@ -29,14 +29,13 @@ RUN \ binutils-multiarch rsync \ --no-install-recommends -# Configure the container for OSX cross compilation # Configure the container for OSX cross compilation ENV OSX_SDK MacOSX10.11.sdk ENV OSX_NDK_X86 /usr/local/osx-ndk-x86 RUN \ - OSX_SDK_PATH=https://s3.dockerproject.org/darwin/v2/$OSX_SDK.tar.xz && \ - $FETCH $OSX_SDK_PATH dd228a335194e3392f1904ce49aff1b1da26ca62 && \ + OSX_SDK_PATH=https://github.com/phracker/MacOSX-SDKs/releases/download/MacOSX10.11.sdk/MacOSX10.11.sdk.tar.xz && \ + $FETCH $OSX_SDK_PATH f3430e3d923644e66c0c13f7a48754e7b6aa2e3f && \ \ git clone https://github.com/tpoechtrager/osxcross.git && \ mv `basename $OSX_SDK_PATH` /osxcross/tarballs/ && \ diff --git a/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/beats-builder/Dockerfile b/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/beats-builder/Dockerfile index c13f1c04..b9a02835 100644 --- a/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/beats-builder/Dockerfile +++ b/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/beats-builder/Dockerfile @@ -1,4 +1,4 @@ -FROM tudorg/xgo-1.7.4 +FROM tudorg/xgo-1.7.6 MAINTAINER Tudor Golubenco diff --git a/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/build.sh b/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/build.sh index 6c70b820..013a0d15 100755 --- a/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/build.sh +++ b/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/build.sh @@ -1,5 +1,5 @@ #!/bin/sh docker build --rm=true -t tudorg/xgo-base base/ && \ - docker build --rm=true -t tudorg/xgo-1.7.4 go-1.7.4/ && + docker build --rm=true -t tudorg/xgo-1.7.6 go-1.7.6/ && docker build --rm=true -t tudorg/beats-builder beats-builder diff --git a/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/go-1.7.4/Dockerfile b/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/go-1.7.6/Dockerfile similarity index 69% rename from vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/go-1.7.4/Dockerfile rename to vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/go-1.7.6/Dockerfile index 4f19a095..417e80c6 100644 --- a/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/go-1.7.4/Dockerfile +++ b/vendor/github.com/elastic/beats/dev-tools/packer/docker/xgo-image/go-1.7.6/Dockerfile @@ -1,4 +1,4 @@ -# Go cross compiler (xgo): Go 1.7.4 layer +# Go cross compiler (xgo): Go 1.7.6 layer # Copyright (c) 2014 Péter Szilágyi. All rights reserved. # # Released under the MIT license. @@ -9,7 +9,7 @@ MAINTAINER Tudor Golubenco # Configure the root Go distribution and bootstrap based on it RUN \ - export ROOT_DIST="https://storage.googleapis.com/golang/go1.7.4.linux-amd64.tar.gz" && \ - export ROOT_DIST_SHA1="2e5baf03d1590e048c84d1d5b4b6f2540efaaea1" && \ + export ROOT_DIST="https://storage.googleapis.com/golang/go1.7.6.linux-amd64.tar.gz" && \ + export ROOT_DIST_SHA1="6a7014f34048d95ab60247814a1b8b98018810ff" && \ \ $BOOTSTRAP_PURE diff --git a/vendor/github.com/elastic/beats/dev-tools/packer/platforms/binary/run.sh.j2 b/vendor/github.com/elastic/beats/dev-tools/packer/platforms/binary/run.sh.j2 index 9ae01a10..df442222 100644 --- a/vendor/github.com/elastic/beats/dev-tools/packer/platforms/binary/run.sh.j2 +++ b/vendor/github.com/elastic/beats/dev-tools/packer/platforms/binary/run.sh.j2 @@ -18,6 +18,7 @@ cp {{.beat_name}}-linux.yml /{{.beat_name}}-${VERSION}-linux-{{.bin_arch}}/{{.be cp {{.beat_name}}-linux.full.yml /{{.beat_name}}-${VERSION}-linux-{{.bin_arch}}/{{.beat_name}}.full.yml cp {{.beat_name}}.template.json /{{.beat_name}}-${VERSION}-linux-{{.bin_arch}}/ cp {{.beat_name}}.template-es2x.json /{{.beat_name}}-${VERSION}-linux-{{.bin_arch}}/ +cp {{.beat_name}}.template-es6x.json /{{.beat_name}}-${VERSION}-linux-{{.bin_arch}}/ mkdir -p upload tar czvf upload/{{.beat_name}}-${VERSION}-linux-{{.bin_arch}}.tar.gz /{{.beat_name}}-${VERSION}-linux-{{.bin_arch}} diff --git a/vendor/github.com/elastic/beats/dev-tools/packer/platforms/centos/run.sh.j2 b/vendor/github.com/elastic/beats/dev-tools/packer/platforms/centos/run.sh.j2 index d5df40c6..cf6cc589 100644 --- a/vendor/github.com/elastic/beats/dev-tools/packer/platforms/centos/run.sh.j2 +++ b/vendor/github.com/elastic/beats/dev-tools/packer/platforms/centos/run.sh.j2 @@ -38,6 +38,7 @@ fpm --force -s dir -t rpm \ {{.beat_name}}-linux.full.yml=/etc/{{.beat_name}}/{{.beat_name}}.full.yml \ {{.beat_name}}.template.json=/etc/{{.beat_name}}/{{.beat_name}}.template.json \ {{.beat_name}}.template-es2x.json=/etc/{{.beat_name}}/{{.beat_name}}.template-es2x.json \ + {{.beat_name}}.template-es6x.json=/etc/{{.beat_name}}/{{.beat_name}}.template-es6x.json \ ${RUNID}.service=/lib/systemd/system/{{.beat_name}}.service \ god-linux-{{.arch}}=/usr/share/{{.beat_name}}/bin/{{.beat_name}}-god \ import_dashboards-linux-{{.arch}}=/usr/share/{{.beat_name}}/scripts/import_dashboards diff --git a/vendor/github.com/elastic/beats/dev-tools/packer/platforms/darwin/run.sh.j2 b/vendor/github.com/elastic/beats/dev-tools/packer/platforms/darwin/run.sh.j2 index f246aeec..61f0924c 100644 --- a/vendor/github.com/elastic/beats/dev-tools/packer/platforms/darwin/run.sh.j2 +++ b/vendor/github.com/elastic/beats/dev-tools/packer/platforms/darwin/run.sh.j2 @@ -18,6 +18,7 @@ cp {{.beat_name}}-darwin.yml /{{.beat_name}}-${VERSION}-darwin-x86_64/{{.beat_na cp {{.beat_name}}-darwin.full.yml /{{.beat_name}}-${VERSION}-darwin-x86_64/{{.beat_name}}.full.yml cp {{.beat_name}}.template.json /{{.beat_name}}-${VERSION}-darwin-x86_64/ cp {{.beat_name}}.template-es2x.json /{{.beat_name}}-${VERSION}-darwin-x86_64/ +cp {{.beat_name}}.template-es6x.json /{{.beat_name}}-${VERSION}-darwin-x86_64/ mkdir -p upload tar czvf upload/{{.beat_name}}-${VERSION}-darwin-x86_64.tar.gz /{{.beat_name}}-${VERSION}-darwin-x86_64 diff --git a/vendor/github.com/elastic/beats/dev-tools/packer/platforms/debian/run.sh.j2 b/vendor/github.com/elastic/beats/dev-tools/packer/platforms/debian/run.sh.j2 index 95ff0179..ef2e2825 100644 --- a/vendor/github.com/elastic/beats/dev-tools/packer/platforms/debian/run.sh.j2 +++ b/vendor/github.com/elastic/beats/dev-tools/packer/platforms/debian/run.sh.j2 @@ -35,6 +35,7 @@ fpm --force -s dir -t deb \ {{.beat_name}}-linux.full.yml=/etc/{{.beat_name}}/{{.beat_name}}.full.yml \ {{.beat_name}}.template.json=/etc/{{.beat_name}}/{{.beat_name}}.template.json \ {{.beat_name}}.template-es2x.json=/etc/{{.beat_name}}/{{.beat_name}}.template-es2x.json \ + {{.beat_name}}.template-es6x.json=/etc/{{.beat_name}}/{{.beat_name}}.template-es6x.json \ ${RUNID}.service=/lib/systemd/system/{{.beat_name}}.service \ god-linux-{{.arch}}=/usr/share/{{.beat_name}}/bin/{{.beat_name}}-god \ import_dashboards-linux-{{.arch}}=/usr/share/{{.beat_name}}/scripts/import_dashboards diff --git a/vendor/github.com/elastic/beats/dev-tools/packer/platforms/windows/run.sh.j2 b/vendor/github.com/elastic/beats/dev-tools/packer/platforms/windows/run.sh.j2 index d35643cd..a2f392f1 100644 --- a/vendor/github.com/elastic/beats/dev-tools/packer/platforms/windows/run.sh.j2 +++ b/vendor/github.com/elastic/beats/dev-tools/packer/platforms/windows/run.sh.j2 @@ -19,6 +19,7 @@ cp {{.beat_name}}-win.yml /{{.beat_name}}-${VERSION}-windows-{{.win_arch}}/{{.be cp {{.beat_name}}-win.full.yml /{{.beat_name}}-${VERSION}-windows-{{.win_arch}}/{{.beat_name}}.full.yml cp {{.beat_name}}.template.json /{{.beat_name}}-${VERSION}-windows-{{.win_arch}}/ cp {{.beat_name}}.template-es2x.json /{{.beat_name}}-${VERSION}-windows-{{.win_arch}}/ +cp {{.beat_name}}.template-es6x.json /{{.beat_name}}-${VERSION}-windows-{{.win_arch}}/ cp install-service-{{.beat_name}}.ps1 /{{.beat_name}}-${VERSION}-windows-{{.win_arch}}/ cp uninstall-service-{{.beat_name}}.ps1 /{{.beat_name}}-${VERSION}-windows-{{.win_arch}}/ diff --git a/vendor/github.com/elastic/beats/dev-tools/packer/version.yml b/vendor/github.com/elastic/beats/dev-tools/packer/version.yml index 0400b167..3945cd84 100644 --- a/vendor/github.com/elastic/beats/dev-tools/packer/version.yml +++ b/vendor/github.com/elastic/beats/dev-tools/packer/version.yml @@ -1 +1 @@ -version: "1.1.1" +version: "5.6.6" diff --git a/vendor/github.com/elastic/beats/dev-tools/packer/xgo-scripts/before_build.sh b/vendor/github.com/elastic/beats/dev-tools/packer/xgo-scripts/before_build.sh index 9ebcaaed..b9c3787f 100755 --- a/vendor/github.com/elastic/beats/dev-tools/packer/xgo-scripts/before_build.sh +++ b/vendor/github.com/elastic/beats/dev-tools/packer/xgo-scripts/before_build.sh @@ -15,6 +15,7 @@ PREFIX=/build # Copy template cp $BEAT_NAME.template.json $PREFIX/$BEAT_NAME.template.json cp $BEAT_NAME.template-es2x.json $PREFIX/$BEAT_NAME.template-es2x.json +cp $BEAT_NAME.template-es6x.json $PREFIX/$BEAT_NAME.template-es6x.json # linux cp $BEAT_NAME.yml $PREFIX/$BEAT_NAME-linux.yml diff --git a/vendor/github.com/elastic/beats/filebeat/Dockerfile b/vendor/github.com/elastic/beats/filebeat/Dockerfile index 0cb92d48..21a51723 100644 --- a/vendor/github.com/elastic/beats/filebeat/Dockerfile +++ b/vendor/github.com/elastic/beats/filebeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.7.4 +FROM golang:1.7.6 MAINTAINER Nicolas Ruflin RUN set -x && \ diff --git a/vendor/github.com/elastic/beats/filebeat/_meta/beat.full.yml b/vendor/github.com/elastic/beats/filebeat/_meta/beat.full.yml deleted file mode 100644 index d2200107..00000000 --- a/vendor/github.com/elastic/beats/filebeat/_meta/beat.full.yml +++ /dev/null @@ -1,418 +0,0 @@ -######################## Filebeat Configuration ############################ - -# This file is a full configuration example documenting all non-deprecated -# options in comments. For a shorter configuration example, that contains only -# the most common options, please see filebeat.yml in the same directory. -# -# You can find the full configuration reference here: -# https://www.elastic.co/guide/en/beats/filebeat/index.html - - -#========================== Modules configuration ============================ -filebeat.modules: - -#------------------------------- System Module ------------------------------- -#- module: system - # Syslog - #syslog: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - # Prospector configuration (advanced). Any prospector configuration option - # can be added under this section. - #prospector: - - # Authorization logs - #auth: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - # Prospector configuration (advanced). Any prospector configuration option - # can be added under this section. - #prospector: - -#------------------------------- Apache2 Module ------------------------------ -#- module: apache2 - # Access logs - #access: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - # Prospector configuration (advanced). Any prospector configuration option - # can be added under this section. - #prospector: - - # Error logs - #error: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - # Prospector configuration (advanced). Any prospector configuration option - # can be added under this section. - #prospector: - -#------------------------------- Auditd Module ------------------------------- -#- module: auditd - #log: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - # Prospector configuration (advanced). Any prospector configuration option - # can be added under this section. - #prospector: - -#------------------------------- Icinga Module ------------------------------- -#- module: icinga - # Main logs - #main: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - # Prospector configuration (advanced). Any prospector configuration option - # can be added under this section. - #prospector: - - # Debug logs - #debug: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - # Prospector configuration (advanced). Any prospector configuration option - # can be added under this section. - #prospector: - - # Startup logs - #startup: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - # Prospector configuration (advanced). Any prospector configuration option - # can be added under this section. - #prospector: - -#-------------------------------- MySQL Module ------------------------------- -#- module: mysql - # Error logs - #error: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - # Prospector configuration (advanced). Any prospector configuration option - # can be added under this section. - #prospector: - - # Slow logs - #slowlog: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - # Prospector configuration (advanced). Any prospector configuration option - # can be added under this section. - #prospector: - -#-------------------------------- Nginx Module ------------------------------- -#- module: nginx - # Access logs - #access: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - # Prospector configuration (advanced). Any prospector configuration option - # can be added under this section. - #prospector: - - # Error logs - #error: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - # Prospector configuration (advanced). Any prospector configuration option - # can be added under this section. - #prospector: - - -#=========================== Filebeat prospectors ============================= - -# List of prospectors to fetch data. -filebeat.prospectors: -# Each - is a prospector. Most options can be set at the prospector level, so -# you can use different prospectors for various configurations. -# Below are the prospector specific configurations. - -# Type of the files. Based on this the way the file is read is decided. -# The different types cannot be mixed in one prospector -# -# Possible options are: -# * log: Reads every line of the log file (default) -# * stdin: Reads the standard in - -#------------------------------ Log prospector -------------------------------- -- input_type: log - - # Change to true to enable this prospector configuration. - enabled: false - - # Paths that should be crawled and fetched. Glob based paths. - # To fetch all ".log" files from a specific level of subdirectories - # /var/log/*/*.log can be used. - # For each file found under this path, a harvester is started. - # Make sure not file is defined twice as this can lead to unexpected behaviour. - paths: - - /var/log/*.log - #- c:\programdata\elasticsearch\logs\* - - # Configure the file encoding for reading files with international characters - # following the W3C recommendation for HTML5 (http://www.w3.org/TR/encoding). - # Some sample encodings: - # plain, utf-8, utf-16be-bom, utf-16be, utf-16le, big5, gb18030, gbk, - # hz-gb-2312, euc-kr, euc-jp, iso-2022-jp, shift-jis, ... - #encoding: plain - - - # Exclude lines. A list of regular expressions to match. It drops the lines that are - # matching any regular expression from the list. The include_lines is called before - # exclude_lines. By default, no lines are dropped. - #exclude_lines: ['^DBG'] - - # Include lines. A list of regular expressions to match. It exports the lines that are - # matching any regular expression from the list. The include_lines is called before - # exclude_lines. By default, all the lines are exported. - #include_lines: ['^ERR', '^WARN'] - - # Exclude files. A list of regular expressions to match. Filebeat drops the files that - # are matching any regular expression from the list. By default, no files are dropped. - #exclude_files: ['.gz$'] - - # Optional additional fields. These field can be freely picked - # to add additional information to the crawled log files for filtering - #fields: - # level: debug - # review: 1 - - # Set to true to store the additional fields as top level fields instead - # of under the "fields" sub-dictionary. In case of name conflicts with the - # fields added by Filebeat itself, the custom fields overwrite the default - # fields. - #fields_under_root: false - - # Ignore files which were modified more then the defined timespan in the past. - # ignore_older is disabled by default, so no files are ignored by setting it to 0. - # Time strings like 2h (2 hours), 5m (5 minutes) can be used. - #ignore_older: 0 - - # Type to be published in the 'type' field. For Elasticsearch output, - # the type defines the document type these entries should be stored - # in. Default: log - #document_type: log - - # How often the prospector checks for new files in the paths that are specified - # for harvesting. Specify 1s to scan the directory as frequently as possible - # without causing Filebeat to scan too frequently. Default: 10s. - #scan_frequency: 10s - - # Defines the buffer size every harvester uses when fetching the file - #harvester_buffer_size: 16384 - - # Maximum number of bytes a single log event can have - # All bytes after max_bytes are discarded and not sent. The default is 10MB. - # This is especially useful for multiline log messages which can get large. - #max_bytes: 10485760 - - ### Recursive glob configuration - - # Expand "**" patterns into regular glob patterns. - #recursive_glob.enabled: true - - ### JSON configuration - - # Decode JSON options. Enable this if your logs are structured in JSON. - # JSON key on which to apply the line filtering and multiline settings. This key - # must be top level and its value must be string, otherwise it is ignored. If - # no text key is defined, the line filtering and multiline features cannot be used. - #json.message_key: - - # By default, the decoded JSON is placed under a "json" key in the output document. - # If you enable this setting, the keys are copied top level in the output document. - #json.keys_under_root: false - - # If keys_under_root and this setting are enabled, then the values from the decoded - # JSON object overwrite the fields that Filebeat normally adds (type, source, offset, etc.) - # in case of conflicts. - #json.overwrite_keys: false - - # If this setting is enabled, Filebeat adds a "json_error" key in case of JSON - # unmarshaling errors or when a text key is defined in the configuration but cannot - # be used. - #json.add_error_key: false - - ### Multiline options - - # Mutiline can be used for log messages spanning multiple lines. This is common - # for Java Stack Traces or C-Line Continuation - - # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [ - #multiline.pattern: ^\[ - - # Defines if the pattern set under pattern should be negated or not. Default is false. - #multiline.negate: false - - # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern - # that was (not) matched before or after or as long as a pattern is not matched based on negate. - # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash - #multiline.match: after - - # The maximum number of lines that are combined to one event. - # In case there are more the max_lines the additional lines are discarded. - # Default is 500 - #multiline.max_lines: 500 - - # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event - # Default is 5s. - #multiline.timeout: 5s - - # Setting tail_files to true means filebeat starts reading new files at the end - # instead of the beginning. If this is used in combination with log rotation - # this can mean that the first entries of a new file are skipped. - #tail_files: false - - # The Ingest Node pipeline ID associated with this prospector. If this is set, it - # overwrites the pipeline option from the Elasticsearch output. - #pipeline: - - # If symlinks is enabled, symlinks are opened and harvested. The harvester is openening the - # original for harvesting but will report the symlink name as source. - #symlinks: false - - # Backoff values define how aggressively filebeat crawls new files for updates - # The default values can be used in most cases. Backoff defines how long it is waited - # to check a file again after EOF is reached. Default is 1s which means the file - # is checked every second if new lines were added. This leads to a near real time crawling. - # Every time a new line appears, backoff is reset to the initial value. - #backoff: 1s - - # Max backoff defines what the maximum backoff time is. After having backed off multiple times - # from checking the files, the waiting time will never exceed max_backoff independent of the - # backoff factor. Having it set to 10s means in the worst case a new line can be added to a log - # file after having backed off multiple times, it takes a maximum of 10s to read the new line - #max_backoff: 10s - - # The backoff factor defines how fast the algorithm backs off. The bigger the backoff factor, - # the faster the max_backoff value is reached. If this value is set to 1, no backoff will happen. - # The backoff value will be multiplied each time with the backoff_factor until max_backoff is reached - #backoff_factor: 2 - - # Max number of harvesters that are started in parallel. - # Default is 0 which means unlimited - #harvester_limit: 0 - - ### Harvester closing options - - # Close inactive closes the file handler after the predefined period. - # The period starts when the last line of the file was, not the file ModTime. - # Time strings like 2h (2 hours), 5m (5 minutes) can be used. - #close_inactive: 5m - - # Close renamed closes a file handler when the file is renamed or rotated. - # Note: Potential data loss. Make sure to read and understand the docs for this option. - #close_renamed: false - - # When enabling this option, a file handler is closed immediately in case a file can't be found - # any more. In case the file shows up again later, harvesting will continue at the last known position - # after scan_frequency. - #close_removed: true - - # Closes the file handler as soon as the harvesters reaches the end of the file. - # By default this option is disabled. - # Note: Potential data loss. Make sure to read and understand the docs for this option. - #close_eof: false - - ### State options - - # Files for the modification data is older then clean_inactive the state from the registry is removed - # By default this is disabled. - #clean_inactive: 0 - - # Removes the state for file which cannot be found on disk anymore immediately - #clean_removed: true - - # Close timeout closes the harvester after the predefined time. - # This is independent if the harvester did finish reading the file or not. - # By default this option is disabled. - # Note: Potential data loss. Make sure to read and understand the docs for this option. - #close_timeout: 0 - - # Defines if prospectors is enabled - #enabled: true - -#----------------------------- Stdin prospector ------------------------------- -# Configuration to use stdin input -#- input_type: stdin - -#========================= Filebeat global options ============================ - -# Event count spool threshold - forces network flush if exceeded -#filebeat.spool_size: 2048 - -# Enable async publisher pipeline in filebeat (Experimental!) -#filebeat.publish_async: false - -# Defines how often the spooler is flushed. After idle_timeout the spooler is -# Flush even though spool_size is not reached. -#filebeat.idle_timeout: 5s - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. -#filebeat.registry_file: ${path.data}/registry - -# -# These config files must have the full filebeat config part inside, but only -# the prospector part is processed. All global options like spool_size are ignored. -# The config_dir MUST point to a different directory then where the main filebeat config file is in. -#filebeat.config_dir: - -# How long filebeat waits on shutdown for the publisher to finish. -# Default is 0, not waiting. -#filebeat.shutdown_timeout: 0 - -# Enable filebeat config reloading -#filebeat.config.prospectors: - #enabled: false - #path: configs/*.yml - #reload.enabled: true - #reload.period: 10s diff --git a/vendor/github.com/elastic/beats/filebeat/_meta/beat.yml b/vendor/github.com/elastic/beats/filebeat/_meta/beat.yml deleted file mode 100644 index f90ea651..00000000 --- a/vendor/github.com/elastic/beats/filebeat/_meta/beat.yml +++ /dev/null @@ -1,151 +0,0 @@ -###################### Filebeat Configuration Example ######################### - -# This file is an example configuration file highlighting only the most common -# options. The filebeat.full.yml file from the same directory contains all the -# supported options with more comments. You can use it as a reference. -# -# You can find the full configuration reference here: -# https://www.elastic.co/guide/en/beats/filebeat/index.html - - -#========================== Modules configuration ============================ -filebeat.modules: - -#------------------------------- System Module ------------------------------- -#- module: system - # Syslog - #syslog: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - # Authorization logs - #auth: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - -#------------------------------- Apache2 Module ------------------------------ -#- module: apache2 - # Access logs - #access: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - # Error logs - #error: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - -#------------------------------- Auditd Module ------------------------------- -#- module: auditd - #log: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - -#-------------------------------- MySQL Module ------------------------------- -#- module: mysql - # Error logs - #error: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - # Slow logs - #slowlog: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - -#-------------------------------- Nginx Module ------------------------------- -#- module: nginx - # Access logs - #access: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - # Error logs - #error: - #enabled: true - - # Set custom paths for the log files. If left empty, - # Filebeat will choose the paths depending on your OS. - #var.paths: - - -# For more available modules and options, please see the filebeat.full.yml sample -# configuration file. - -#=========================== Filebeat prospectors ============================= - -filebeat.prospectors: - -# Each - is a prospector. Most options can be set at the prospector level, so -# you can use different prospectors for various configurations. -# Below are the prospector specific configurations. - -- input_type: log - - # Change to true to enable this prospector configuration. - enabled: false - - # Paths that should be crawled and fetched. Glob based paths. - paths: - - /var/log/*.log - #- c:\programdata\elasticsearch\logs\* - - # Exclude lines. A list of regular expressions to match. It drops the lines that are - # matching any regular expression from the list. - #exclude_lines: ['^DBG'] - - # Include lines. A list of regular expressions to match. It exports the lines that are - # matching any regular expression from the list. - #include_lines: ['^ERR', '^WARN'] - - # Exclude files. A list of regular expressions to match. Filebeat drops the files that - # are matching any regular expression from the list. By default, no files are dropped. - #exclude_files: ['.gz$'] - - # Optional additional fields. These field can be freely picked - # to add additional information to the crawled log files for filtering - #fields: - # level: debug - # review: 1 - - ### Multiline options - - # Mutiline can be used for log messages spanning multiple lines. This is common - # for Java Stack Traces or C-Line Continuation - - # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [ - #multiline.pattern: ^\[ - - # Defines if the pattern set under pattern should be negated or not. Default is false. - #multiline.negate: false - - # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern - # that was (not) matched before or after or as long as a pattern is not matched based on negate. - # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash - #multiline.match: after - diff --git a/vendor/github.com/elastic/beats/filebeat/beater/filebeat.go b/vendor/github.com/elastic/beats/filebeat/beater/filebeat.go index 21467ace..2f75b95c 100644 --- a/vendor/github.com/elastic/beats/filebeat/beater/filebeat.go +++ b/vendor/github.com/elastic/beats/filebeat/beater/filebeat.go @@ -1,11 +1,12 @@ package beater import ( - "errors" "flag" "fmt" "sync" + "github.com/pkg/errors" + "github.com/elastic/beats/libbeat/beat" "github.com/elastic/beats/libbeat/common" "github.com/elastic/beats/libbeat/logp" @@ -41,6 +42,9 @@ func New(b *beat.Beat, rawConfig *common.Config) (beat.Beater, error) { if err != nil { return nil, err } + if !moduleRegistry.Empty() { + logp.Info("Enabled modules/filesets: %s", moduleRegistry.InfoString()) + } moduleProspectors, err := moduleRegistry.GetProspectorConfigs() if err != nil { @@ -54,8 +58,16 @@ func New(b *beat.Beat, rawConfig *common.Config) (beat.Beater, error) { // Add prospectors created by the modules config.Prospectors = append(config.Prospectors, moduleProspectors...) - if !config.ProspectorReload.Enabled() && len(config.Prospectors) == 0 { - return nil, errors.New("No prospectors defined. What files do you want me to watch?") + haveEnabledProspectors := false + for _, prospector := range config.Prospectors { + if prospector.Enabled() { + haveEnabledProspectors = true + break + } + } + + if !config.ProspectorReload.Enabled() && !haveEnabledProspectors { + return nil, errors.New("No modules or prospectors enabled and configuration reloading disabled. What files do you want me to watch?") } if *once && config.ProspectorReload.Enabled() { @@ -67,15 +79,26 @@ func New(b *beat.Beat, rawConfig *common.Config) (beat.Beater, error) { config: &config, moduleRegistry: moduleRegistry, } + + // register `setup` callback for ML jobs + if !moduleRegistry.Empty() { + b.SetupMLCallback = func(b *beat.Beat) error { + return fb.loadModulesML(b) + } + } return fb, nil } -// modulesSetup is called when modules are configured to do the initial +// loadModulesPipelines is called when modules are configured to do the initial // setup. -func (fb *Filebeat) modulesSetup(b *beat.Beat) error { +func (fb *Filebeat) loadModulesPipelines(b *beat.Beat) error { esConfig := b.Config.Output["elasticsearch"] if esConfig == nil || !esConfig.Enabled() { - return fmt.Errorf("Filebeat modules configured but the Elasticsearch output is not configured/enabled") + logp.Warn("Filebeat is unable to load the Ingest Node pipelines for the configured" + + " modules because the Elasticsearch output is not configured/enabled. If you have" + + " already loaded the Ingest Node pipelines or are using Logstash pipelines, you" + + " can ignore this warning.") + return nil } esClient, err := elasticsearch.NewConnectedClient(esConfig) if err != nil { @@ -91,13 +114,31 @@ func (fb *Filebeat) modulesSetup(b *beat.Beat) error { return nil } +func (fb *Filebeat) loadModulesML(b *beat.Beat) error { + logp.Debug("machine-learning", "Setting up ML jobs for modules") + + esConfig := b.Config.Output["elasticsearch"] + if esConfig == nil || !esConfig.Enabled() { + logp.Warn("Filebeat is unable to load the Xpack Machine Learning configurations for the" + + " modules because the Elasticsearch output is not configured/enabled.") + return nil + } + + esClient, err := elasticsearch.NewConnectedClient(esConfig) + if err != nil { + return errors.Errorf("Error creating Elasticsearch client: %v", err) + } + + return fb.moduleRegistry.LoadML(esClient) +} + // Run allows the beater to be run as a beat. func (fb *Filebeat) Run(b *beat.Beat) error { var err error config := fb.config if !fb.moduleRegistry.Empty() { - err = fb.modulesSetup(b) + err = fb.loadModulesPipelines(b) if err != nil { return err } diff --git a/vendor/github.com/elastic/beats/filebeat/docs/command-line.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/command-line.asciidoc index 32bf1b78..60eabbbc 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/command-line.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/command-line.asciidoc @@ -1,4 +1,4 @@ -[[filebeat-command-line]] +[[command-line-options]] === Command Line Options The following command line option is specific to Filebeat. diff --git a/vendor/github.com/elastic/beats/filebeat/docs/fields.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/fields.asciidoc index 069e3b10..574e5686 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/fields.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/fields.asciidoc @@ -13,6 +13,7 @@ This document describes the fields that are exported by Filebeat. They are grouped in the following categories: * <> +* <> * <> * <> * <> @@ -152,7 +153,7 @@ The minor version of the user agent. [float] === apache2.access.user_agent.patch -type: long +type: keyword The patch version of the user agent. @@ -230,6 +231,22 @@ type: geo_point The longitude and latitude. +[float] +=== apache2.access.geoip.region_name + +type: keyword + +The region name. + + +[float] +=== apache2.access.geoip.city_name + +type: keyword + +The city name. + + [float] == error Fields @@ -285,6 +302,154 @@ type: keyword The module producing the logged message. +[[exported-fields-auditd]] +== Auditd Fields + +Module for parsing auditd logs. + + + +[float] +== auditd Fields + +Fields from the auditd logs. + + + +[float] +== log Fields + +Fields from the Linux audit log. Not all fields are documented here because they are dynamic and vary by audit event type. + + + +[float] +=== auditd.log.record_type + +The audit event type. + + +[float] +=== auditd.log.old_auid + +For login events this is the old audit ID used for the user prior to this login. + + +[float] +=== auditd.log.new_auid + +For login events this is the new audit ID. The audit ID can be used to trace future events to the user even if their identity changes (like becoming root). + + +[float] +=== auditd.log.old_ses + +For login events this is the old session ID used for the user prior to this login. + + +[float] +=== auditd.log.new_ses + +For login events this is the new session ID. It can be used to tie a user to future events by session ID. + + +[float] +=== auditd.log.sequence + +type: long + +The audit event sequence number. + + +[float] +=== auditd.log.acct + +The user account name associated with the event. + + +[float] +=== auditd.log.pid + +The ID of the process. + + +[float] +=== auditd.log.ppid + +The ID of the process. + + +[float] +=== auditd.log.items + +The number of items in an event. + + +[float] +=== auditd.log.item + +The item field indicates which item out of the total number of items. This number is zero-based; a value of 0 means it is the first item. + + +[float] +=== auditd.log.a0 + +The first argument to the system call. + + +[float] +=== auditd.log.res + +The result of the system call (success or failure). + + +[float] +== geoip Fields + +Contains GeoIP information gathered based on the `auditd.log.addr` field. Only present if the GeoIP Elasticsearch plugin is available and used. + + + +[float] +=== auditd.log.geoip.continent_name + +type: keyword + +The name of the continent. + + +[float] +=== auditd.log.geoip.city_name + +type: keyword + +The name of the city. + + +[float] +=== auditd.log.geoip.region_name + +type: keyword + +The name of the region. + + +[float] +=== auditd.log.geoip.country_iso_code + +type: keyword + +Country ISO code. + + +[float] +=== auditd.log.geoip.location + +type: geo_point + +The longitude and latitude. + + [[exported-fields-beat]] == Beat Fields @@ -616,12 +781,20 @@ Contains fields for the Nginx access logs. +[float] +=== nginx.access.remote_ip_list + +type: list + +An array of remote IP addresses. It is a list because it is common to include, besides the client IP address, IP addresses from headers like `X-Forwarded-For`. See also the `remote_ip` field. + + [float] === nginx.access.remote_ip type: keyword -Client IP address. +Client IP address. The first public IP address from the `remote_ip_list` array. If no public IP addresses are present, this field contains the first private IP address from the `remote_ip_list` array. [float] @@ -726,7 +899,7 @@ The minor version of the user agent. [float] === nginx.access.user_agent.patch -type: long +type: keyword The patch version of the user agent. @@ -804,6 +977,22 @@ type: geo_point The longitude and latitude. +[float] +=== nginx.access.geoip.region_name + +type: keyword + +The region name. + + +[float] +=== nginx.access.geoip.city_name + +type: keyword + +The city name. + + [float] == error Fields @@ -865,6 +1054,246 @@ Fields from the system log files. +[float] +== auth Fields + +Fields from the Linux authorization logs. + + + +[float] +=== system.auth.timestamp + +The timestamp as read from the auth message. + + +[float] +=== system.auth.hostname + +The hostname as read from the auth message. + + +[float] +=== system.auth.program + +The process name as read from the auth message. + + +[float] +=== system.auth.pid + +type: long + +The PID of the process that sent the auth message. + + +[float] +=== system.auth.message + +The message in the log line. + + +[float] +=== system.auth.user + +The Unix user that this event refers to. + + +[float] +== ssh Fields + +Fields specific to SSH login events. + + + +[float] +=== system.auth.ssh.event + +The SSH login event. Can be one of "Accepted", "Failed", or "Invalid". "Accepted" means a successful login. "Invalid" means that the user is not configured on the system. "Failed" means that the SSH login attempt has failed. + + +[float] +=== system.auth.ssh.method + +The SSH authentication method. Can be one of "password" or "publickey". + + +[float] +=== system.auth.ssh.ip + +type: ip + +The client IP from where the login attempt was made. + + +[float] +=== system.auth.ssh.dropped_ip + +type: ip + +The client IP from SSH connections that are open and immediately dropped. + + +[float] +=== system.auth.ssh.port + +type: long + +The client port from where the login attempt was made. + + +[float] +=== system.auth.ssh.signature + +The signature of the client public key. + + +[float] +== geoip Fields + +Contains GeoIP information gathered based on the `system.auth.ip` field. Only present if the GeoIP Elasticsearch plugin is available and used. + + + +[float] +=== system.auth.ssh.geoip.continent_name + +type: keyword + +The name of the continent. + + +[float] +=== system.auth.ssh.geoip.city_name + +type: keyword + +The name of the city. + + +[float] +=== system.auth.ssh.geoip.region_name + +type: keyword + +The name of the region. + + +[float] +=== system.auth.ssh.geoip.country_iso_code + +type: keyword + +Country ISO code. + + +[float] +=== system.auth.ssh.geoip.location + +type: geo_point + +The longitude and latitude. + + +[float] +== sudo Fields + +Fields specific to events created by the `sudo` command. + + + +[float] +=== system.auth.sudo.error + +example: user NOT in sudoers + +The error message in case the sudo command failed. + + +[float] +=== system.auth.sudo.tty + +The TTY where the sudo command is executed. + + +[float] +=== system.auth.sudo.pwd + +The current directory where the sudo command is executed. + + +[float] +=== system.auth.sudo.user + +example: root + +The target user to which the sudo command is switching. + + +[float] +=== system.auth.sudo.command + +The command executed via sudo. + + +[float] +== useradd Fields + +Fields specific to events created by the `useradd` command. + + + +[float] +=== system.auth.useradd.name + +The user name being added. + + +[float] +=== system.auth.useradd.uid + +type: long + +The user ID. + +[float] +=== system.auth.useradd.gid + +type: long + +The group ID. + +[float] +=== system.auth.useradd.home + +The home folder for the new user. + +[float] +=== system.auth.useradd.shell + +The default shell for the new user. + +[float] +== groupadd Fields + +Fields specific to events created by the `groupadd` command. + + + +[float] +=== system.auth.groupadd.name + +The name of the new group. + + +[float] +=== system.auth.groupadd.gid + +type: long + +The ID of the new group. + + [float] == syslog Fields diff --git a/vendor/github.com/elastic/beats/filebeat/docs/getting-started.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/getting-started.asciidoc index 730e2986..1de38f45 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/getting-started.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/getting-started.asciidoc @@ -18,7 +18,7 @@ After installing the Elastic Stack, read the following topics to learn how to in * <> * <> * <> -* <> +* <> * <> [[filebeat-installation]] @@ -27,17 +27,7 @@ After installing the Elastic Stack, read the following topics to learn how to in Before running Filebeat, you need to install and configure the Elastic stack. See {libbeat}/getting-started.html[Getting Started with Beats and the Elastic Stack]. -To download and install Filebeat, use the commands that work with your system -(<> for Debian/Ubuntu, <> for Redhat/Centos/Fedora, <> for OS X, and <> for Windows). - -[NOTE] -================================================== -If you use Apt or Yum, you can <> to update to the newest version more easily. - -See our https://www.elastic.co/downloads/beats/filebeat[download page] for other installation options, such as 32-bit images. - -================================================== +include::../../libbeat/docs/shared-download-and-install.asciidoc[] [[deb]] *deb:* @@ -96,6 +86,24 @@ tar xzvf filebeat-{version}-darwin-x86_64.tar.gz endif::[] +[[docker]] +*docker:* + +ifeval::["{release-state}"=="unreleased"] + +Version {stack-version} of {beatname_uc} has not yet been released. + +endif::[] + +ifeval::["{release-state}"!="unreleased"] + +["source", "shell", subs="attributes"] +------------------------------------------------ +docker pull {dockerimage} +------------------------------------------------ + +endif::[] + [[win]] *win:* @@ -116,7 +124,8 @@ https://www.elastic.co/downloads/beats/filebeat[downloads page]. . Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select *Run As Administrator*). If you are running Windows XP, you may need to download and install PowerShell. -. Run the following commands to install Filebeat as a Windows service: +. From the PowerShell prompt, run the following commands to install Filebeat as a +Windows service: + [source,shell] ---------------------------------------------------------------------- @@ -138,15 +147,7 @@ started, you can skip the content in this section, including the remaining getting started steps, and go directly to the <> page. -To configure Filebeat manually, you edit the configuration file. For rpm and deb, -you'll find the configuration file at `/etc/filebeat/filebeat.yml`. For mac and -win, look in the archive that you just extracted. There’s also a full example -configuration file called `filebeat.full.yml` that shows all non-deprecated -options. - -See the -{libbeat}/config-file-format.html[Config File Format] section of the -_Beats Platform Reference_ for more about the structure of the config file. +include::../../libbeat/docs/shared-configuring.asciidoc[] Here is a sample of the `filebeat` section of the `filebeat.yml` file. Filebeat uses predefined default values for most configuration options. @@ -219,10 +220,10 @@ include::../../libbeat/docs/shared-template-load.asciidoc[] [[filebeat-starting]] === Step 5: Starting Filebeat -Start Filebeat by issuing the appropriate command for your platform. +Start Filebeat by issuing the appropriate command for your platform. NOTE: If you use an init.d script to start Filebeat on deb or rpm, you can't -specify command line flags (see <>). To specify flags, +specify command line flags (see <>). To specify flags, start Filebeat in the foreground. *deb:* @@ -239,6 +240,13 @@ sudo /etc/init.d/filebeat start sudo /etc/init.d/filebeat start ---------------------------------------------------------------------- +*docker:* + +["source", "shell", subs="attributes"] +---------------------------------------------------------------------- +docker run {dockerimage} +---------------------------------------------------------------------- + *mac:* [source,shell] diff --git a/vendor/github.com/elastic/beats/filebeat/docs/how-filebeat-works.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/how-filebeat-works.asciidoc index e8435f40..3130b2c4 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/how-filebeat-works.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/how-filebeat-works.asciidoc @@ -39,7 +39,9 @@ filebeat.prospectors: - /var/path2/*.log ------------------------------------------------------------------------------------- -Filebeat currently supports two `prospector` types: `log` and `stdin`. Each prospector type can be defined multiple times. The `log` prospector checks each file to see whether a harvester needs to be started, whether one is already running, or whether the file can be ignored (see <>). New files are only picked up if the size of the file has changed since the harvester was closed. +Filebeat currently supports two `prospector` types: `log` and `stdin`. Each prospector type can be defined multiple times. The `log` prospector checks each file to see whether a harvester needs to be started, whether one is already running, or whether the file can be ignored (see <>). New lines are only picked up if the size of the file has changed since the harvester was closed. + +NOTE: Filebeat prospectors can only read local files. There is no functionality to connect to remote hosts to read stored files or logs. [float] === How Does Filebeat Keep the State of Files? diff --git a/vendor/github.com/elastic/beats/filebeat/docs/images/false-after-multi.png b/vendor/github.com/elastic/beats/filebeat/docs/images/false-after-multi.png new file mode 100644 index 00000000..1918c531 Binary files /dev/null and b/vendor/github.com/elastic/beats/filebeat/docs/images/false-after-multi.png differ diff --git a/vendor/github.com/elastic/beats/filebeat/docs/images/false-before-multi.png b/vendor/github.com/elastic/beats/filebeat/docs/images/false-before-multi.png new file mode 100644 index 00000000..ecb949b7 Binary files /dev/null and b/vendor/github.com/elastic/beats/filebeat/docs/images/false-before-multi.png differ diff --git a/vendor/github.com/elastic/beats/filebeat/docs/images/kibana-audit-auditd.png b/vendor/github.com/elastic/beats/filebeat/docs/images/kibana-audit-auditd.png new file mode 100644 index 00000000..6d9f4ba5 Binary files /dev/null and b/vendor/github.com/elastic/beats/filebeat/docs/images/kibana-audit-auditd.png differ diff --git a/vendor/github.com/elastic/beats/filebeat/docs/images/true-after-multi.png b/vendor/github.com/elastic/beats/filebeat/docs/images/true-after-multi.png new file mode 100644 index 00000000..a77af69d Binary files /dev/null and b/vendor/github.com/elastic/beats/filebeat/docs/images/true-after-multi.png differ diff --git a/vendor/github.com/elastic/beats/filebeat/docs/images/true-before-multi.png b/vendor/github.com/elastic/beats/filebeat/docs/images/true-before-multi.png new file mode 100644 index 00000000..dc6bfcaf Binary files /dev/null and b/vendor/github.com/elastic/beats/filebeat/docs/images/true-before-multi.png differ diff --git a/vendor/github.com/elastic/beats/filebeat/docs/index.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/index.asciidoc index f33c2b30..a51a550f 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/index.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/index.asciidoc @@ -15,6 +15,7 @@ include::../../libbeat/docs/version.asciidoc[] :beatname_lc: filebeat :beatname_uc: Filebeat :security: X-Pack Security +:dockerimage: docker.elastic.co/beats/{beatname_lc}:{version} include::./overview.asciidoc[] @@ -28,6 +29,8 @@ include::../../libbeat/docs/shared-directory-layout.asciidoc[] include::../../libbeat/docs/repositories.asciidoc[] +include::./running-on-docker.asciidoc[] + include::./upgrading.asciidoc[] include::./how-filebeat-works.asciidoc[] @@ -40,6 +43,7 @@ include::./multiline.asciidoc[] include::../../libbeat/docs/shared-config-ingest.asciidoc[] +:standalone: include::../../libbeat/docs/shared-env-vars.asciidoc[] include::./multiple-prospectors.asciidoc[] diff --git a/vendor/github.com/elastic/beats/filebeat/docs/migration.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/migration.asciidoc index 8f4b18ba..254f87f9 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/migration.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/migration.asciidoc @@ -304,7 +304,7 @@ options with Logstash Forwarder, make sure that you add your options to the configuration file. For naming changes, see <>. Filebeat does provide command line options that are common to all Beats. For more details about -these options, see <>. +these options, see <>. [[renamed-options]] [float] diff --git a/vendor/github.com/elastic/beats/filebeat/docs/modules-getting-started.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/modules-getting-started.asciidoc index 1b3c1156..926133d4 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/modules-getting-started.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/modules-getting-started.asciidoc @@ -15,7 +15,7 @@ modules, see <>. If you are using a log file type that isn't supported by one of the available Filebeat modules, you'll need to set up and configure Filebeat manually by -following the numbered steps under <>. +following the numbered steps under <>. ==== Prerequisites @@ -116,4 +116,4 @@ Open the dashboard and explore the visualizations for your parsed logs. Here's an example of the syslog dashboard: -image:./images/kibana-system.png[Sylog dashboard] \ No newline at end of file +image:./images/kibana-system.png[Syslog dashboard] diff --git a/vendor/github.com/elastic/beats/filebeat/docs/modules-overview.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/modules-overview.asciidoc index 6e5bbb21..8ed17b80 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/modules-overview.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/modules-overview.asciidoc @@ -6,7 +6,7 @@ beta[] Filebeat modules simplify the collection, parsing, and visualization of common log formats. -A typical module (say, for the Nginx logs) is composed of one ore +A typical module (say, for the Nginx logs) is composed of one or more filesets (in the case of Nginx, `access` and `error`). A fileset contains the following: @@ -32,6 +32,8 @@ NOTE: At the moment, Filebeat modules require using the Elasticsearch be able to also configure Logstash as a more powerful alternative to Ingest Node. +Filebeat modules require Elasticsearch 5.2 or later. + === Tutorial This tutorial assumes you have Elasticsearch and Kibana installed and @@ -103,6 +105,7 @@ filebeat.modules: Then you can start Filebeat simply with: `./filebeat -e`. +[[module-varialbe-overrides]] ==== Variable overrides Each module and fileset has a set of "variables" which allow adjusting their @@ -129,10 +132,10 @@ Or via the configuration file: filebeat.modules: - module: nginx access: - var.paths = ["/var/log/nginx/access.log*"] + var.paths: ["/var/log/nginx/access.log*"] ---------------------------------------------------------------------- -The Nginx `access` fileset also has a `pipeline` variables which allows +The Nginx `access` fileset also has a `pipeline` variable which allows selecting which of the available Ingest Node pipelines is used for parsing. At the moment, two such pipelines are available, one that requires the two ingest plugins (`ingest-geoip` and `ingest-user-agent`) and one that doesn't. If you diff --git a/vendor/github.com/elastic/beats/filebeat/docs/modules.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/modules.asciidoc index b4e1c16e..0a1a2111 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/modules.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/modules.asciidoc @@ -7,6 +7,8 @@ This section contains an <> of the Filebeat modules feature as well as details about each of the currently supported modules. +Filebeat modules require Elasticsearch 5.2 or later. + //pass macro block used here to remove Edit links from modules documentation because it is generated pass::[] include::modules_list.asciidoc[] diff --git a/vendor/github.com/elastic/beats/filebeat/docs/modules/apache2.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/modules/apache2.asciidoc index b031627b..3255e51e 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/modules/apache2.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/modules/apache2.asciidoc @@ -47,6 +47,7 @@ An array of paths where to look for the log files. If left empty, Filebeat will choose the paths depending on your operating systems. +[float] === Fields For a description of each field in the metricset, see the diff --git a/vendor/github.com/elastic/beats/filebeat/docs/modules/auditd.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/modules/auditd.asciidoc new file mode 100644 index 00000000..711f9385 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/docs/modules/auditd.asciidoc @@ -0,0 +1,42 @@ +//// +This file is generated! See scripts/docs_collector.py +//// + +[[filebeat-module-auditd]] +== Auditd module + +This module collects and parses logs from the audit daemon (`auditd`). + +[float] +=== Compatibility + +This module was tested with logs from `auditd` on OSes like CentOS 6 and +CentOS 7. + +This module is not available for Windows. + +[float] +=== Dashboard + +This module comes with a sample dashboard showing an overview of the audit log +data. You can build more specific dashboards that are tailored to the audit +rules that you use on your systems. + +image::./images/kibana-audit-auditd.png[] + +[float] +=== Syslog fileset settings + +[float] +==== var.paths + +An array of paths where to look for the log files. If left empty, Filebeat +will choose the paths depending on your operating systems. + + +[float] +=== Fields + +For a description of each field in the metricset, see the +<> section. + diff --git a/vendor/github.com/elastic/beats/filebeat/docs/modules/mysql.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/modules/mysql.asciidoc index 71491fce..3b20dc90 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/modules/mysql.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/modules/mysql.asciidoc @@ -7,12 +7,14 @@ This file is generated! See scripts/docs_collector.py This module collects and parses the slow logs and error logs created by https://www.mysql.com/[MySQL]. +[float] === Compatibility The MySQL module was tested with logs from versions 5.5 and 5.7. On Windows, the module was tested with MySQL installed from the Chocolatey repository. +[float] === Dashboard This module comes with a sample dashboard. @@ -38,6 +40,7 @@ An array of paths where to look for the log files. If left empty, Filebeat will choose the paths depending on your operating systems. +[float] === Fields For a description of each field in the metricset, see the diff --git a/vendor/github.com/elastic/beats/filebeat/docs/modules/nginx.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/modules/nginx.asciidoc index 710fcbe8..3a764f34 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/modules/nginx.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/modules/nginx.asciidoc @@ -47,6 +47,7 @@ will choose the paths depending on your operating systems. +[float] === Fields For a description of each field in the metricset, see the diff --git a/vendor/github.com/elastic/beats/filebeat/docs/modules/system.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/modules/system.asciidoc index 9ba33031..4e93d97e 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/modules/system.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/modules/system.asciidoc @@ -5,18 +5,21 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-system]] == System module -This module collects and parses logs created by system logging server of common Unix/Linux based -distributions. +This module collects and parses logs created by system logging server of common +Unix/Linux based distributions. +[float] === Compatibility -This module was tested with logs from OSes like Ubuntu 12.04, Centos 7, macOS Sierra, and others. +This module was tested with logs from OSes like Ubuntu 12.04, Centos 7, and +macOS Sierra. This module is not available for Windows. +[float] === Dashboard -This module comes with a sample dashboard. +This module comes with a sample dashboard showing syslog data. image::./images/kibana-system.png[] @@ -30,6 +33,7 @@ An array of paths where to look for the log files. If left empty, Filebeat will choose the paths depending on your operating systems. +[float] === Fields For a description of each field in the metricset, see the diff --git a/vendor/github.com/elastic/beats/filebeat/docs/modules_list.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/modules_list.asciidoc index 30d29bd6..48dfa054 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/modules_list.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/modules_list.asciidoc @@ -4,6 +4,7 @@ This file is generated! See scripts/docs_collector.py * <> * <> + * <> * <> * <> * <> @@ -14,6 +15,7 @@ This file is generated! See scripts/docs_collector.py include::modules-overview.asciidoc[] include::modules/apache2.asciidoc[] +include::modules/auditd.asciidoc[] include::modules/mysql.asciidoc[] include::modules/nginx.asciidoc[] include::modules/system.asciidoc[] diff --git a/vendor/github.com/elastic/beats/filebeat/docs/multiline.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/multiline.asciidoc index ebaf979e..5d3c235a 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/multiline.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/multiline.asciidoc @@ -1,21 +1,28 @@ [[multiline-examples]] == Managing Multiline Messages -You can specify `multiline` settings in the +{beatname_lc}.yml+ file to control how Filebeat deals with messages that -span multiple lines. At a minimum, you need to configure: +The files harvested by {beatname_uc} may contain messages that span multiple lines of text. In order to correctly handle +these multiline events, you need to configure `multiline` settings in the +{beatname_lc}.yml+ file to specify which +lines are part of a single event. -* the `pattern` option, which specifies a regular expression. Depending on how you configure other multiline options, +IMPORTANT: If you are sending multiline events to Logstash, use the options described here to handle multiline events +before sending the event data to Logstash. Trying to implement multiline event handling in Logstash (for example, by +using the Logstash multiline codec) may result in the mixing of streams and corrupted data. + +At a minimum, you need to configure these `multiline` options: + +* the `pattern` option, which specifies a regular expression. Depending on how you configure other multiline options, lines that match the specified regular expression are considered either continuations of a previous line or the start of a new multiline event. You can set the `negate` option to negate the pattern. * the `match` option, which specifies how Filebeat combines matching lines into an event. You can specify `before` or `after`. -See the full documentation for <> to learn more about these options. Also read <> and +See the full documentation for <> to learn more about these options. Also read <> and <> to avoid common mistakes. [float] === Testing Your Regexp Pattern for Multiline -To make it easier for you to test the regexp patterns in your multiline config, we've created a +To make it easier for you to test the regexp patterns in your multiline config, we've created a https://play.golang.org/p/uAd5XHxscu[Go Playground]. You can simply plug in the regexp pattern along with the `negate` setting that you plan to use, and paste a sample message between the content backticks (` `). Then click Run, and you'll see which lines in the message match your specified configuration. For example: @@ -56,7 +63,7 @@ multiline.match: after This configuration merges any line that begins with whitespace up to the previous line. -Here's a Java stack trace that presents a slightly more complex example: +Here's a Java stack trace that presents a slightly more complex example: ["source","sh",subs="attributes,callouts"] ------------------------------------------------------------------------------------- @@ -73,7 +80,7 @@ To consolidate these lines into a single event in Filebeat, use the following mu [source,yaml] ------------------------------------------------------------------------------------- -multiline.pattern: '^[[:space:]]+|^Caused by:' +multiline.pattern: '^[[:space:]]+(at|\.{3})\b|^Caused by:' multiline.negate: false multiline.match: after ------------------------------------------------------------------------------------- @@ -86,7 +93,7 @@ In this example, the pattern matches the following lines: [float] ==== Line Continuations -Several programming languages use the backslash (`\`) character at the end of a line to denote that the line continues, +Several programming languages use the backslash (`\`) character at the end of a line to denote that the line continues, as in this example: [source,c] @@ -127,7 +134,7 @@ multiline.negate: true multiline.match: after ------------------------------------------------------------------------------------- -This configuration uses the `negate: true` and `match: after` settings to specify that any line that does not match the +This configuration uses the `negate: true` and `match: after` settings to specify that any line that does not match the specified pattern belongs to the previous line. diff --git a/vendor/github.com/elastic/beats/filebeat/docs/overview.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/overview.asciidoc index 4e4628ff..61939148 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/overview.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/overview.asciidoc @@ -1,10 +1,10 @@ [[filebeat-overview]] == Overview -Filebeat is a log data shipper. Installed as an agent on your servers, Filebeat monitors the log directories or specific log files, tails the files, +Filebeat is a log data shipper for local files. Installed as an agent on your servers, Filebeat monitors the log directories or specific log files, tails the files, and forwards them either to https://www.elastic.co/products/elasticsearch[Elasticsearch] or https://www.elastic.co/products/logstash[Logstash] for indexing. -Here's how Filebeat works: When you start Filebeat, it starts one or more prospectors that look in the paths you've specified for log files. For each log file that the prospector locates, Filebeat starts a harvester. Each harvester reads a single log file for new content and sends the new log data to the spooler, which aggregates the events and sends the aggregated data to the output that you've configured for Filebeat. +Here's how Filebeat works: When you start Filebeat, it starts one or more prospectors that look in the local paths you've specified for log files. For each log file that the prospector locates, Filebeat starts a harvester. Each harvester reads a single log file for new content and sends the new log data to the spooler, which aggregates the events and sends the aggregated data to the output that you've configured for Filebeat. image:./images/filebeat.png[Beats design] diff --git a/vendor/github.com/elastic/beats/filebeat/docs/reference/configuration/filebeat-options.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/reference/configuration/filebeat-options.asciidoc index 3f05ba61..586d9f4e 100644 --- a/vendor/github.com/elastic/beats/filebeat/docs/reference/configuration/filebeat-options.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/docs/reference/configuration/filebeat-options.asciidoc @@ -14,7 +14,6 @@ filebeat.prospectors: - input_type: log paths: - /var/log/apache/httpd-*.log - document_type: apache - input_type: log paths: @@ -297,6 +296,8 @@ The default setting is 10s. [[filebeat-document-type]] ===== document_type +deprecated[5.5,Use `fields` instead] + The event type to use for published lines read by harvesters. For Elasticsearch output, the value that you specify here is used to set the `type` field in the output document. The default value is `log`. @@ -348,6 +349,10 @@ occur. [[multiline]] ===== multiline +IMPORTANT: If you are sending multiline events to Logstash, use the options described here to handle multiline events +before sending the event data to Logstash. Trying to implement multiline event handling in Logstash (for example, by +using the Logstash multiline codec) may result in the mixing of streams and corrupted data. + Options that control how Filebeat deals with log messages that span multiple lines. Multiline messages are common in files that contain Java stack traces. The following example shows how to configure Filebeat to handle a multiline message where the first line of the message begins with a bracket (`[`). @@ -384,11 +389,11 @@ somewhat from the patterns supported by Logstash. See <> for a l + [options="header"] |======================= -|Setting for `negate` | Setting for `match` | Result -|`false` | `after` | Consecutive lines that match the pattern are appended to the previous line that doesn't match. -|`false` | `before` | Consecutive lines that match the pattern are prepended to the next line that doesn't match. -|`true` | `after` | Consecutive lines that don't match the pattern are appended to the previous line that does match. -|`true` | `before` | Consecutive lines that don't match the pattern are prepended to the next line that does match. +|Setting for `negate` | Setting for `match` | Result | Example `pattern: ^b` +|`false` | `after` | Consecutive lines that match the pattern are appended to the previous line that doesn't match. | image:./images/false-after-multi.png[Lines a b b c b b become "abb" and "cbb"] +|`false` | `before` | Consecutive lines that match the pattern are prepended to the next line that doesn't match. | image:./images/false-before-multi.png[Lines b b a b b c become "bba" and "bbc"] +|`true` | `after` | Consecutive lines that don't match the pattern are appended to the previous line that does match. | image:./images/true-after-multi.png[Lines b a c b d e become "bac" and "bde"] +|`true` | `before` | Consecutive lines that don't match the pattern are prepended to the next line that does match. | image:./images/true-before-multi.png[Lines a c b d e b become "acb" and "deb"] |======================= + NOTE: The `after` setting is equivalent to `previous` in https://www.elastic.co/guide/en/logstash/current/plugins-codecs-multiline.html[Logstash], and `before` is equivalent to `next`. @@ -427,7 +432,7 @@ Because this option may lead to data loss, it is disabled by default. ===== backoff -The backoff options specify how aggressively Filebeat crawls new files for updates. +The backoff options specify how aggressively Filebeat crawls open files for updates. You can use the default values in most cases. The `backoff` option defines how long Filebeat diff --git a/vendor/github.com/elastic/beats/filebeat/docs/running-on-docker.asciidoc b/vendor/github.com/elastic/beats/filebeat/docs/running-on-docker.asciidoc new file mode 100644 index 00000000..6bbc976a --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/docs/running-on-docker.asciidoc @@ -0,0 +1 @@ +include::../../libbeat/docs/shared-docker.asciidoc[] diff --git a/vendor/github.com/elastic/beats/filebeat/fields.yml b/vendor/github.com/elastic/beats/filebeat/fields.yml deleted file mode 100644 index dd6da8af..00000000 --- a/vendor/github.com/elastic/beats/filebeat/fields.yml +++ /dev/null @@ -1,876 +0,0 @@ - -- key: beat - title: Beat - description: > - Contains common beat fields available in all event types. - fields: - - - name: beat.name - description: > - The name of the Beat sending the log messages. If the Beat name is - set in the configuration file, then that value is used. If it is not - set, the hostname is used. To set the Beat name, use the `name` - option in the configuration file. - - name: beat.hostname - description: > - The hostname as returned by the operating system on which the Beat is - running. - - name: beat.timezone - description: > - The timezone as returned by the operating system on which the Beat is - running. - - name: beat.version - description: > - The version of the beat that generated this event. - - - name: "@timestamp" - type: date - required: true - format: date - example: August 26th 2016, 12:35:53.332 - description: > - The timestamp when the event log record was generated. - - - name: tags - description: > - Arbitrary tags that can be set per Beat and per transaction - type. - - - name: fields - type: object - object_type: keyword - description: > - Contains user configurable fields. - - - name: error - type: group - description: > - Error fields containing additional info in case of errors. - fields: - - name: message - type: text - description: > - Error message. - - name: code - type: long - description: > - Error code. - - name: type - type: keyword - description: > - Error type. -- key: cloud - title: Cloud Provider Metadata - description: > - Metadata from cloud providers added by the add_cloud_metadata processor. - fields: - - - name: meta.cloud.provider - example: ec2 - description: > - Name of the cloud provider. Possible values are ec2, gce, or digitalocean. - - - name: meta.cloud.instance_id - description: > - Instance ID of the host machine. - - - name: meta.cloud.machine_type - example: t2.medium - description: > - Machine type of the host machine. - - - name: meta.cloud.availability_zone - example: us-east-1c - description: > - Availability zone in which this host is running. - - - name: meta.cloud.project_id - example: project-x - description: > - Name of the project in Google Cloud. - - - name: meta.cloud.region - description: > - Region in which this host is running. -- key: kubernetes - title: Kubernetes info - description: > - Kubernetes metadata added by the kubernetes processor - fields: - - name: kubernetes.pod.name - type: keyword - description: > - Kubernetes pod name - - - name: kubernetes.namespace - type: keyword - description: > - Kubernetes namespace - - - name: kubernetes.labels - type: object - description: > - Kubernetes labels map - - - name: kubernetes.annotations - type: object - description: > - Kubernetes annotations map - - - name: kubernetes.container.name - type: keyword - description: > - Kubernetes container name -- key: log - title: Log File Content - description: > - Contains log file lines. - fields: - - name: source - type: keyword - required: true - description: > - The file from which the line was read. This field contains the absolute path to the file. - For example: `/var/log/system.log`. - - - name: offset - type: long - required: false - description: > - The file offset the reported line starts at. - - - name: message - type: text - ignore_above: 0 - required: true - description: > - The content of the line read from the log file. - - - name: type - required: true - description: > - The name of the log event. This field is set to the value specified for the `document_type` option in the prospector section of the Filebeat config file. - - - name: input_type - required: true - description: > - The input type from which the event was generated. This field is set to the value specified for the `input_type` option in the prospector section of the Filebeat config file. - - - name: error - description: > - Ingestion pipeline error message, added in case there are errors reported by - the Ingest Node in Elasticsearch. - - - name: read_timestamp - description: > - In case the ingest pipeline parses the timestamp from the log contents, it stores - the original `@timestamp` (representing the time when the log line was read) in this - field. - - - name: fileset.module - description: > - The Filebeat module that generated this event. - - - name: fileset.name - description: > - The Filebeat fileset that generated this event. -- key: apache2 - title: "Apache2" - description: > - Apache2 Module - short_config: true - fields: - - name: apache2 - type: group - description: > - Apache2 fields. - fields: - - name: access - type: group - description: > - Contains fields for the Apache2 HTTPD access logs. - fields: - - name: remote_ip - type: keyword - description: > - Client IP address. - - name: user_name - type: keyword - description: > - The user name used when basic authentication is used. - - name: method - type: keyword - example: GET - description: > - The request HTTP method. - - name: url - type: keyword - description: > - The request HTTP URL. - - name: http_version - type: keyword - description: > - The HTTP version. - - name: response_code - type: long - description: > - The HTTP response code. - - name: body_sent.bytes - type: long - format: bytes - description: > - The number of bytes of the server response body. - - name: referrer - type: keyword - description: > - The HTTP referrer. - - name: agent - type: text - description: > - Contains the un-parsed user agent string. Only present if the user - agent Elasticsearch plugin is not available or not used. - - name: user_agent - type: group - description: > - Contains the parsed User agent field. Only present if the user - agent Elasticsearch plugin is available and used. - fields: - - name: device - type: keyword - description: > - The name of the physical device. - - name: major - type: long - description: > - The major version of the user agent. - - name: minor - type: long - description: > - The minor version of the user agent. - - name: patch - type: long - description: > - The patch version of the user agent. - - name: name - type: keyword - example: Chrome - description: > - The name of the user agent. - - name: os - type: keyword - description: > - The name of the operating system. - - name: os_major - type: long - description: > - The major version of the operating system. - - name: os_minor - type: long - description: > - The minor version of the operating system. - - name: os_name - type: keyword - description: > - The name of the operating system. - - name: geoip - type: group - description: > - Contains GeoIP information gathered based on the remote_ip field. - Only present if the GeoIP Elasticsearch plugin is available and - used. - fields: - - name: continent_name - type: keyword - description: > - The name of the continent. - - name: country_iso_code - type: keyword - description: > - Country ISO code. - - name: location - type: geo_point - description: > - The longitude and latitude. - - - - name: error - type: group - description: > - Fields from the Apache error logs. - fields: - - name: level - type: keyword - description: > - The severity level of the message. - - name: client - type: keyword - description: > - The IP address of the client that generated the error. - - name: message - type: text - description: > - The logged message. - - name: pid - type: long - description: > - The process ID. - - name: tid - type: long - description: > - The thread ID. - - name: module - type: keyword - description: > - The module producing the logged message. - -- key: auditd - title: "Auditd" - description: > - Module for parsing auditd logs. - short_config: true - fields: - - name: auditd - type: group - description: > - Fields from the auditd logs. - fields: - - name: log - type: group - description: > - Fields from the Linux audit log. Not all fields are documented here because - they are dynamic and vary by audit event type. - fields: - - name: record_type - description: > - The audit event type. - - name: old_auid - description: > - For login events this is the old audit ID used for the user prior to - this login. - - name: new_auid - description: > - For login events this is the new audit ID. The audit ID can be used to - trace future events to the user even if their identity changes (like - becoming root). - - name: old_ses - description: > - For login events this is the old session ID used for the user prior to - this login. - - name: new_ses - description: > - For login events this is the new session ID. It can be used to tie a - user to future events by session ID. - - name: sequence - type: long - description: > - The audit event sequence number. - - name: acct - description: > - The user account name associated with the event. - - name: pid - description: > - The ID of the process. - - name: ppid - description: > - The ID of the process. - - name: items - description: > - The number of items in an event. - - name: item - description: > - The item field indicates which item out of the total number of items. - This number is zero-based; a value of 0 means it is the first item. - - name: a0 - description: > - The first argument to the system call. - - name: res - description: > - The result of the system call (success or failure). - - name: geoip - type: group - description: > - Contains GeoIP information gathered based on the `auditd.log.addr` - field. Only present if the GeoIP Elasticsearch plugin is available and - used. - fields: - - name: continent_name - type: keyword - description: > - The name of the continent. - - name: city_name - type: keyword - description: > - The name of the city. - - name: region_name - type: keyword - description: > - The name of the region. - - name: country_iso_code - type: keyword - description: > - Country ISO code. - - name: location - type: geo_point - description: > - The longitude and latitude. - -- key: icinga - title: "Icinga" - description: > - Icinga Module - fields: - - name: icinga - type: group - description: > - fields: - - name: debug - type: group - description: > - Contains fields for the Icinga debug logs. - fields: - - name: facility - type: keyword - description: > - Specifies what component of Icinga logged the message. - - name: severity - type: keyword - description: > - Possible values are "debug", "notice", "information", "warning" or - "critical". - - name: message - type: text - description: > - The logged message. - - - name: main - type: group - description: > - Contains fields for the Icinga main logs. - fields: - - name: facility - type: keyword - description: > - Specifies what component of Icinga logged the message. - - name: severity - type: keyword - description: > - Possible values are "debug", "notice", "information", "warning" or - "critical". - - name: message - type: text - description: > - The logged message. - - - name: startup - type: group - description: > - Contains fields for the Icinga startup logs. - fields: - - name: facility - type: keyword - description: > - Specifies what component of Icinga logged the message. - - name: severity - type: keyword - description: > - Possible values are "debug", "notice", "information", "warning" or - "critical". - - name: message - type: text - description: > - The logged message. - -- key: mysql - title: "MySQL" - description: > - Module for parsing the MySQL log files. - short_config: true - fields: - - name: mysql - type: group - description: > - Fields from the MySQL log files. - fields: - - name: error - type: group - description: > - Contains fields from the MySQL error logs. - fields: - - name: timestamp - description: > - The timestamp from the log line. - - name: thread_id - type: long - description: > - As of MySQL 5.7.2, this is the thread id. For MySQL versions prior to 5.7.2, this - field contains the process id. - - name: level - example: "Warning" - description: - The log level. - - name: message - type: text - description: > - The logged message. - - - name: slowlog - type: group - description: > - Contains fields from the MySQL slow logs. - fields: - - name: user - description: > - The MySQL user that created the query. - - name: host - description: > - The host from where the user that created the query logged in. - - name: ip - description: > - The IP address from where the user that created the query logged in. - - name: query_time.sec - type: float - description: > - The total time the query took, in seconds, as a floating point number. - - name: lock_time.sec - type: float - description: > - The amount of time the query waited for the lock to be available. The - value is in seconds, as a floating point number. - - name: rows_sent - type: long - description: > - The number of rows returned by the query. - - name: rows_examined - type: long - description: > - The number of rows scanned by the query. - - name: timestamp - type: long - description: > - The unix timestamp taken from the `SET timestamp` query. - - name: query - description: > - The slow query. - - name: id - type: long - description: > - The connection ID for the query. - -- key: nginx - title: "Nginx" - description: > - Module for parsing the Nginx log files. - short_config: true - fields: - - name: nginx - type: group - description: > - Fields from the Nginx log files. - fields: - - name: access - type: group - description: > - Contains fields for the Nginx access logs. - fields: - - name: remote_ip - type: keyword - description: > - Client IP address. - - name: user_name - type: keyword - description: > - The user name used when basic authentication is used. - - name: method - type: keyword - example: GET - description: > - The request HTTP method. - - name: url - type: keyword - description: > - The request HTTP URL. - - name: http_version - type: keyword - description: > - The HTTP version. - - name: response_code - type: long - description: > - The HTTP response code. - - name: body_sent.bytes - type: long - format: bytes - description: > - The number of bytes of the server response body. - - name: referrer - type: keyword - description: > - The HTTP referrer. - - name: agent - type: text - description: > - Contains the un-parsed user agent string. Only present if the user - agent Elasticsearch plugin is not available or not used. - - name: user_agent - type: group - description: > - Contains the parsed User agent field. Only present if the user - agent Elasticsearch plugin is available and used. - fields: - - name: device - type: keyword - description: > - The name of the physical device. - - name: major - type: long - description: > - The major version of the user agent. - - name: minor - type: long - description: > - The minor version of the user agent. - - name: patch - type: long - description: > - The patch version of the user agent. - - name: name - type: keyword - example: Chrome - description: > - The name of the user agent. - - name: os - type: keyword - description: > - The name of the operating system. - - name: os_major - type: long - description: > - The major version of the operating system. - - name: os_minor - type: long - description: > - The minor version of the operating system. - - name: os_name - type: keyword - description: > - The name of the operating system. - - name: geoip - type: group - description: > - Contains GeoIP information gathered based on the remote_ip field. - Only present if the GeoIP Elasticsearch plugin is available and - used. - fields: - - name: continent_name - type: keyword - description: > - The name of the continent. - - name: country_iso_code - type: keyword - description: > - Country ISO code. - - name: location - type: geo_point - description: > - The longitude and latitude. - - - - name: error - type: group - description: > - Contains fields for the Nginx error logs. - fields: - - name: level - type: keyword - description: > - Error level (e.g. error, critical). - - name: pid - type: long - description: > - Process identifier (PID). - - name: tid - type: long - description: > - Thread identifier. - - name: connection_id - type: long - description: > - Connection identifier. - - name: message - type: text - description: > - The error message - -- key: system - title: "System" - description: > - Module for parsing system log files. - short_config: true - fields: - - name: system - type: group - description: > - Fields from the system log files. - fields: - - name: auth - type: group - description: > - Fields from the Linux authorization logs. - fields: - - name: timestamp - description: > - The timestamp as read from the auth message. - - name: hostname - description: > - The hostname as read from the auth message. - - name: program - description: > - The process name as read from the auth message. - - name: pid - type: long - description: > - The PID of the process that sent the auth message. - - name: message - description: > - The message in the log line. - - name: user - description: > - The Unix user that this event refers to. - - - name: ssh - type: group - description: > - Fields specific to SSH login events. - fields: - - name: event - description: > - The SSH login event. Can be one of "Accepted", "Failed", or "Invalid". "Accepted" - means a successful login. "Invalid" means that the user is not configured on the - system. "Failed" means that the SSH login attempt has failed. - - name: method - description: > - The SSH authentication method. Can be one of "password" or "publickey". - - name: ip - type: ip - description: > - The client IP from where the login attempt was made. - - name: dropped_ip - type: ip - description: > - The client IP from SSH connections that are open and immediately dropped. - - name: port - type: long - description: > - The client port from where the login attempt was made. - - name: signature - description: > - The signature of the client public key. - - name: geoip - type: group - description: > - Contains GeoIP information gathered based on the `system.auth.ip` field. - Only present if the GeoIP Elasticsearch plugin is available and - used. - fields: - - name: continent_name - type: keyword - description: > - The name of the continent. - - name: city_name - type: keyword - description: > - The name of the city. - - name: region_name - type: keyword - description: > - The name of the region. - - name: country_iso_code - type: keyword - description: > - Country ISO code. - - name: location - type: geo_point - description: > - The longitude and latitude. - - - name: sudo - type: group - description: > - Fields specific to events created by the `sudo` command. - fields: - - name: error - example: user NOT in sudoers - description: > - The error message in case the sudo command failed. - - name: tty - description: > - The TTY where the sudo command is executed. - - name: pwd - description: > - The current directory where the sudo command is executed. - - name: user - example: root - description: > - The target user to which the sudo command is switching. - - name: command - description: > - The command executed via sudo. - - - name: useradd - type: group - description: > - Fields specific to events created by the `useradd` command. - fields: - - name: name - description: > - The user name being added. - - name: uid - type: long - description: - The user ID. - - name: gid - type: long - description: - The group ID. - - name: home - description: - The home folder for the new user. - - name: shell - description: - The default shell for the new user. - - - name: groupadd - type: group - description: > - Fields specific to events created by the `groupadd` command. - fields: - - name: name - description: > - The name of the new group. - - name: gid - type: long - description: > - The ID of the new group. - - - name: syslog - type: group - description: > - Contains fields from the syslog system logs. - fields: - - name: timestamp - description: > - The timestamp as read from the syslog message. - - name: hostname - description: > - The hostname as read from the syslog message. - - name: program - description: > - The process name as read from the syslog message. - - name: pid - description: > - The PID of the process that sent the syslog message. - - name: message - description: > - The message in the log line. - - diff --git a/vendor/github.com/elastic/beats/filebeat/filebeat.full.yml b/vendor/github.com/elastic/beats/filebeat/filebeat.full.yml index e57ca698..81181e30 100644 --- a/vendor/github.com/elastic/beats/filebeat/filebeat.full.yml +++ b/vendor/github.com/elastic/beats/filebeat/filebeat.full.yml @@ -56,6 +56,19 @@ filebeat.modules: # can be added under this section. #prospector: +#------------------------------- Auditd Module ------------------------------- +#- module: auditd + #log: + #enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + + # Prospector configuration (advanced). Any prospector configuration option + # can be added under this section. + #prospector: + #-------------------------------- MySQL Module ------------------------------- #- module: mysql # Error logs @@ -510,6 +523,14 @@ output.elasticsearch: # Path to the Elasticsearch 2.x version of the template file. #template.versions.2x.path: "${path.config}/filebeat.template-es2x.json" + # If set to true, filebeat checks the Elasticsearch version at connect time, and if it + # is 6.x, it loads the file specified by the template.versions.6x.path setting. The + # default is true. + #template.versions.6x.enabled: true + + # Path to the Elasticsearch 6.x version of the template file. + #template.versions.6x.path: "${path.config}/filebeat.template-es6x.json" + # Use SSL settings for HTTPS. Default is true. #ssl.enabled: true @@ -542,6 +563,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #----------------------------- Logstash output --------------------------------- #output.logstash: @@ -564,6 +589,11 @@ output.elasticsearch: # new batches. #pipelining: 0 + # If enabled only a subset of events in a batch of events is transferred per + # transaction. The number of events to be sent increases up to `bulk_max_size` + # if no error is encountered. + #slow_start: false + # Optional index name. The default index name is set to name of the beat # in all lowercase. #index: 'filebeat' @@ -606,6 +636,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- Kafka output ---------------------------------- #output.kafka: # Boolean flag to enable or disable the output module. @@ -741,6 +775,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- Redis output ---------------------------------- #output.redis: # Boolean flag to enable or disable the output module. @@ -838,6 +876,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- File output ----------------------------------- #output.file: @@ -980,3 +1022,6 @@ logging.files: # Number of rotated log files to keep. Oldest files will be deleted first. #keepfiles: 7 + # The permissions mask to apply when rotating log files. The default value is 0600. + # Must be a valid Unix-style file permissions mask expressed in octal notation. + #permissions: 0600 diff --git a/vendor/github.com/elastic/beats/filebeat/filebeat.template-es2x.json b/vendor/github.com/elastic/beats/filebeat/filebeat.template-es2x.json index 753529d0..cde09bbd 100644 --- a/vendor/github.com/elastic/beats/filebeat/filebeat.template-es2x.json +++ b/vendor/github.com/elastic/beats/filebeat/filebeat.template-es2x.json @@ -7,7 +7,7 @@ } }, "_meta": { - "version": "5.3.2" + "version": "5.6.6" }, "date_detection": false, "dynamic_templates": [ @@ -46,6 +46,11 @@ }, "geoip": { "properties": { + "city_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, "continent_name": { "ignore_above": 1024, "index": "not_analyzed", @@ -58,6 +63,11 @@ }, "location": { "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" } } }, @@ -124,7 +134,9 @@ "type": "string" }, "patch": { - "type": "long" + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" } } }, @@ -169,6 +181,104 @@ } } }, + "auditd": { + "properties": { + "log": { + "properties": { + "a0": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "acct": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "geoip": { + "properties": { + "city_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "continent_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "country_iso_code": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "item": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "items": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "new_auid": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "new_ses": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "old_auid": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "old_ses": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "pid": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "ppid": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "record_type": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "res": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "sequence": { + "type": "long" + } + } + } + } + }, "beat": { "properties": { "hostname": { @@ -193,9 +303,6 @@ "index": "not_analyzed", "type": "string" }, - "fields": { - "properties": {} - }, "fileset": { "properties": { "module": { @@ -358,6 +465,11 @@ }, "geoip": { "properties": { + "city_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, "continent_name": { "ignore_above": 1024, "index": "not_analyzed", @@ -370,6 +482,11 @@ }, "location": { "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" } } }, @@ -436,7 +553,9 @@ "type": "string" }, "patch": { - "type": "long" + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" } } }, @@ -489,6 +608,163 @@ }, "system": { "properties": { + "auth": { + "properties": { + "groupadd": { + "properties": { + "gid": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "hostname": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "message": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "pid": { + "type": "long" + }, + "program": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "ssh": { + "properties": { + "dropped_ip": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "event": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "geoip": { + "properties": { + "city_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "continent_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "country_iso_code": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "ip": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "method": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "port": { + "type": "long" + }, + "signature": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "sudo": { + "properties": { + "command": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "error": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "pwd": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "tty": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "user": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + } + } + }, + "timestamp": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "user": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "useradd": { + "properties": { + "gid": { + "type": "long" + }, + "home": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "name": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "shell": { + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" + }, + "uid": { + "type": "long" + } + } + } + } + }, "syslog": { "properties": { "hostname": { diff --git a/vendor/github.com/elastic/beats/filebeat/filebeat.template-es6x.json b/vendor/github.com/elastic/beats/filebeat/filebeat.template-es6x.json new file mode 100644 index 00000000..5721f141 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/filebeat.template-es6x.json @@ -0,0 +1,691 @@ +{ + "mappings": { + "_default_": { + "_meta": { + "version": "5.6.6" + }, + "date_detection": false, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "apache2": { + "properties": { + "access": { + "properties": { + "agent": { + "norms": false, + "type": "text" + }, + "body_sent": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "geoip": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "http_version": { + "ignore_above": 1024, + "type": "keyword" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + }, + "referrer": { + "ignore_above": 1024, + "type": "keyword" + }, + "remote_ip": { + "ignore_above": 1024, + "type": "keyword" + }, + "response_code": { + "type": "long" + }, + "url": { + "ignore_above": 1024, + "type": "keyword" + }, + "user_agent": { + "properties": { + "device": { + "ignore_above": 1024, + "type": "keyword" + }, + "major": { + "type": "long" + }, + "minor": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "ignore_above": 1024, + "type": "keyword" + }, + "os_major": { + "type": "long" + }, + "os_minor": { + "type": "long" + }, + "os_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "patch": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "error": { + "properties": { + "client": { + "ignore_above": 1024, + "type": "keyword" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + }, + "message": { + "norms": false, + "type": "text" + }, + "module": { + "ignore_above": 1024, + "type": "keyword" + }, + "pid": { + "type": "long" + }, + "tid": { + "type": "long" + } + } + } + } + }, + "auditd": { + "properties": { + "log": { + "properties": { + "a0": { + "ignore_above": 1024, + "type": "keyword" + }, + "acct": { + "ignore_above": 1024, + "type": "keyword" + }, + "geoip": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "item": { + "ignore_above": 1024, + "type": "keyword" + }, + "items": { + "ignore_above": 1024, + "type": "keyword" + }, + "new_auid": { + "ignore_above": 1024, + "type": "keyword" + }, + "new_ses": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_auid": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_ses": { + "ignore_above": 1024, + "type": "keyword" + }, + "pid": { + "ignore_above": 1024, + "type": "keyword" + }, + "ppid": { + "ignore_above": 1024, + "type": "keyword" + }, + "record_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "res": { + "ignore_above": 1024, + "type": "keyword" + }, + "sequence": { + "type": "long" + } + } + } + } + }, + "beat": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "error": { + "ignore_above": 1024, + "type": "keyword" + }, + "fileset": { + "properties": { + "module": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "input_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "message": { + "norms": false, + "type": "text" + }, + "meta": { + "properties": { + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "instance_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "project_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "mysql": { + "properties": { + "error": { + "properties": { + "level": { + "ignore_above": 1024, + "type": "keyword" + }, + "message": { + "norms": false, + "type": "text" + }, + "thread_id": { + "type": "long" + }, + "timestamp": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "slowlog": { + "properties": { + "host": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "type": "long" + }, + "ip": { + "ignore_above": 1024, + "type": "keyword" + }, + "lock_time": { + "properties": { + "sec": { + "type": "float" + } + } + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + }, + "query_time": { + "properties": { + "sec": { + "type": "float" + } + } + }, + "rows_examined": { + "type": "long" + }, + "rows_sent": { + "type": "long" + }, + "timestamp": { + "type": "long" + }, + "user": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "nginx": { + "properties": { + "access": { + "properties": { + "agent": { + "norms": false, + "type": "text" + }, + "body_sent": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "geoip": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "http_version": { + "ignore_above": 1024, + "type": "keyword" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + }, + "referrer": { + "ignore_above": 1024, + "type": "keyword" + }, + "remote_ip": { + "ignore_above": 1024, + "type": "keyword" + }, + "response_code": { + "type": "long" + }, + "url": { + "ignore_above": 1024, + "type": "keyword" + }, + "user_agent": { + "properties": { + "device": { + "ignore_above": 1024, + "type": "keyword" + }, + "major": { + "type": "long" + }, + "minor": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "ignore_above": 1024, + "type": "keyword" + }, + "os_major": { + "type": "long" + }, + "os_minor": { + "type": "long" + }, + "os_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "patch": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "error": { + "properties": { + "connection_id": { + "type": "long" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + }, + "message": { + "norms": false, + "type": "text" + }, + "pid": { + "type": "long" + }, + "tid": { + "type": "long" + } + } + } + } + }, + "offset": { + "type": "long" + }, + "read_timestamp": { + "ignore_above": 1024, + "type": "keyword" + }, + "source": { + "ignore_above": 1024, + "type": "keyword" + }, + "system": { + "properties": { + "auth": { + "properties": { + "groupadd": { + "properties": { + "gid": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "message": { + "ignore_above": 1024, + "type": "keyword" + }, + "pid": { + "type": "long" + }, + "program": { + "ignore_above": 1024, + "type": "keyword" + }, + "ssh": { + "properties": { + "dropped_ip": { + "type": "ip" + }, + "event": { + "ignore_above": 1024, + "type": "keyword" + }, + "geoip": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "signature": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "sudo": { + "properties": { + "command": { + "ignore_above": 1024, + "type": "keyword" + }, + "error": { + "ignore_above": 1024, + "type": "keyword" + }, + "pwd": { + "ignore_above": 1024, + "type": "keyword" + }, + "tty": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "timestamp": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "ignore_above": 1024, + "type": "keyword" + }, + "useradd": { + "properties": { + "gid": { + "type": "long" + }, + "home": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "shell": { + "ignore_above": 1024, + "type": "keyword" + }, + "uid": { + "type": "long" + } + } + } + } + }, + "syslog": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "message": { + "ignore_above": 1024, + "type": "keyword" + }, + "pid": { + "ignore_above": 1024, + "type": "keyword" + }, + "program": { + "ignore_above": 1024, + "type": "keyword" + }, + "timestamp": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + }, + "order": 0, + "settings": { + "index.mapping.total_fields.limit": 10000, + "index.refresh_interval": "5s" + }, + "template": "filebeat-*" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/filebeat.template.json b/vendor/github.com/elastic/beats/filebeat/filebeat.template.json index 8d416d28..5721f141 100644 --- a/vendor/github.com/elastic/beats/filebeat/filebeat.template.json +++ b/vendor/github.com/elastic/beats/filebeat/filebeat.template.json @@ -1,11 +1,8 @@ { "mappings": { "_default_": { - "_all": { - "norms": false - }, "_meta": { - "version": "5.3.2" + "version": "5.6.6" }, "date_detection": false, "dynamic_templates": [ @@ -40,6 +37,10 @@ }, "geoip": { "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, "continent_name": { "ignore_above": 1024, "type": "keyword" @@ -50,6 +51,10 @@ }, "location": { "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" } } }, @@ -107,7 +112,8 @@ "type": "keyword" }, "patch": { - "type": "long" + "ignore_above": 1024, + "type": "keyword" } } }, @@ -145,6 +151,88 @@ } } }, + "auditd": { + "properties": { + "log": { + "properties": { + "a0": { + "ignore_above": 1024, + "type": "keyword" + }, + "acct": { + "ignore_above": 1024, + "type": "keyword" + }, + "geoip": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "item": { + "ignore_above": 1024, + "type": "keyword" + }, + "items": { + "ignore_above": 1024, + "type": "keyword" + }, + "new_auid": { + "ignore_above": 1024, + "type": "keyword" + }, + "new_ses": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_auid": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_ses": { + "ignore_above": 1024, + "type": "keyword" + }, + "pid": { + "ignore_above": 1024, + "type": "keyword" + }, + "ppid": { + "ignore_above": 1024, + "type": "keyword" + }, + "record_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "res": { + "ignore_above": 1024, + "type": "keyword" + }, + "sequence": { + "type": "long" + } + } + } + } + }, "beat": { "properties": { "hostname": { @@ -165,9 +253,6 @@ "ignore_above": 1024, "type": "keyword" }, - "fields": { - "properties": {} - }, "fileset": { "properties": { "module": { @@ -306,6 +391,10 @@ }, "geoip": { "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, "continent_name": { "ignore_above": 1024, "type": "keyword" @@ -316,6 +405,10 @@ }, "location": { "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" } } }, @@ -373,7 +466,8 @@ "type": "keyword" }, "patch": { - "type": "long" + "ignore_above": 1024, + "type": "keyword" } } }, @@ -419,6 +513,138 @@ }, "system": { "properties": { + "auth": { + "properties": { + "groupadd": { + "properties": { + "gid": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "message": { + "ignore_above": 1024, + "type": "keyword" + }, + "pid": { + "type": "long" + }, + "program": { + "ignore_above": 1024, + "type": "keyword" + }, + "ssh": { + "properties": { + "dropped_ip": { + "type": "ip" + }, + "event": { + "ignore_above": 1024, + "type": "keyword" + }, + "geoip": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "signature": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "sudo": { + "properties": { + "command": { + "ignore_above": 1024, + "type": "keyword" + }, + "error": { + "ignore_above": 1024, + "type": "keyword" + }, + "pwd": { + "ignore_above": 1024, + "type": "keyword" + }, + "tty": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "timestamp": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "ignore_above": 1024, + "type": "keyword" + }, + "useradd": { + "properties": { + "gid": { + "type": "long" + }, + "home": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "shell": { + "ignore_above": 1024, + "type": "keyword" + }, + "uid": { + "type": "long" + } + } + } + } + }, "syslog": { "properties": { "hostname": { diff --git a/vendor/github.com/elastic/beats/filebeat/fileset/config.go b/vendor/github.com/elastic/beats/filebeat/fileset/config.go index 57dc98b1..7a20fa15 100644 --- a/vendor/github.com/elastic/beats/filebeat/fileset/config.go +++ b/vendor/github.com/elastic/beats/filebeat/fileset/config.go @@ -15,5 +15,3 @@ type FilesetConfig struct { Var map[string]interface{} `config:"var"` Prospector map[string]interface{} `config:"prospector"` } - -var defaultFilesetConfig = FilesetConfig{} diff --git a/vendor/github.com/elastic/beats/filebeat/fileset/fileset.go b/vendor/github.com/elastic/beats/filebeat/fileset/fileset.go index a27ab9d7..1f2fd260 100644 --- a/vendor/github.com/elastic/beats/filebeat/fileset/fileset.go +++ b/vendor/github.com/elastic/beats/filebeat/fileset/fileset.go @@ -17,6 +17,7 @@ import ( "text/template" "github.com/elastic/beats/libbeat/common" + mlimporter "github.com/elastic/beats/libbeat/ml-importer" ) // Fileset struct is the representation of a fileset. @@ -74,11 +75,17 @@ func (fs *Fileset) Read(beatVersion string) error { // manifest structure is the representation of the manifest.yml file from the // fileset. type manifest struct { - ModuleVersion string `config:"module_version"` - Vars []map[string]interface{} `config:"var"` - IngestPipeline string `config:"ingest_pipeline"` - Prospector string `config:"prospector"` - Requires struct { + ModuleVersion string `config:"module_version"` + Vars []map[string]interface{} `config:"var"` + IngestPipeline string `config:"ingest_pipeline"` + Prospector string `config:"prospector"` + MachineLearning []struct { + Name string `config:"name"` + Job string `config:"job"` + Datafeed string `config:"datafeed"` + MinVersion string `config:"min_version"` + } `config:"machine_learning"` + Requires struct { Processors []ProcessorRequirement `config:"processors"` } `config:"requires"` } @@ -310,3 +317,18 @@ func removeExt(path string) string { func (fs *Fileset) GetRequiredProcessors() []ProcessorRequirement { return fs.manifest.Requires.Processors } + +// GetMLConfigs returns the list of machine-learning configurations declared +// by this fileset. +func (fs *Fileset) GetMLConfigs() []mlimporter.MLConfig { + var mlConfigs []mlimporter.MLConfig + for _, ml := range fs.manifest.MachineLearning { + mlConfigs = append(mlConfigs, mlimporter.MLConfig{ + ID: fmt.Sprintf("filebeat-%s-%s-%s", fs.mcfg.Module, fs.name, ml.Name), + JobPath: filepath.Join(fs.modulePath, fs.name, ml.Job), + DatafeedPath: filepath.Join(fs.modulePath, fs.name, ml.Datafeed), + MinVersion: ml.MinVersion, + }) + } + return mlConfigs +} diff --git a/vendor/github.com/elastic/beats/filebeat/fileset/modules.go b/vendor/github.com/elastic/beats/filebeat/fileset/modules.go index e2bc4b5b..ab3e0d4b 100644 --- a/vendor/github.com/elastic/beats/filebeat/fileset/modules.go +++ b/vendor/github.com/elastic/beats/filebeat/fileset/modules.go @@ -2,15 +2,17 @@ package fileset import ( "encoding/json" - "errors" "fmt" "io/ioutil" "os" "path/filepath" "strings" + "github.com/pkg/errors" + "github.com/elastic/beats/libbeat/common" "github.com/elastic/beats/libbeat/logp" + mlimporter "github.com/elastic/beats/libbeat/ml-importer" "github.com/elastic/beats/libbeat/paths" ) @@ -20,7 +22,7 @@ type ModuleRegistry struct { // newModuleRegistry reads and loads the configured module into the registry. func newModuleRegistry(modulesPath string, - moduleConfigs []ModuleConfig, + moduleConfigs []*ModuleConfig, overrides *ModuleOverrides, beatVersion string) (*ModuleRegistry, error) { @@ -41,11 +43,7 @@ func newModuleRegistry(modulesPath string, for _, filesetName := range moduleFilesets { fcfg, exists := mcfg.Filesets[filesetName] if !exists { - fcfg = &defaultFilesetConfig - } - - if fcfg.Enabled != nil && (*fcfg.Enabled) == false { - continue + fcfg = &FilesetConfig{} } fcfg, err = applyOverrides(fcfg, mcfg.Module, filesetName, overrides) @@ -53,7 +51,11 @@ func newModuleRegistry(modulesPath string, return nil, fmt.Errorf("Error applying overrides on fileset %s/%s: %v", mcfg.Module, filesetName, err) } - fileset, err := New(modulesPath, filesetName, &mcfg, fcfg) + if fcfg.Enabled != nil && (*fcfg.Enabled) == false { + continue + } + + fileset, err := New(modulesPath, filesetName, mcfg, fcfg) if err != nil { return nil, err } @@ -98,13 +100,13 @@ func NewModuleRegistry(moduleConfigs []*common.Config, beatVersion string) (*Mod if err != nil { return nil, err } - mcfgs := []ModuleConfig{} + mcfgs := []*ModuleConfig{} for _, moduleConfig := range moduleConfigs { mcfg, err := mcfgFromConfig(moduleConfig) if err != nil { return nil, fmt.Errorf("Error unpacking module config: %v", err) } - mcfgs = append(mcfgs, *mcfg) + mcfgs = append(mcfgs, mcfg) } mcfgs, err = appendWithoutDuplicates(mcfgs, modulesCLIList) if err != nil { @@ -207,7 +209,7 @@ func applyOverrides(fcfg *FilesetConfig, // appendWithoutDuplicates appends basic module configuration for each module in the // modules list, unless the same module is not already loaded. -func appendWithoutDuplicates(moduleConfigs []ModuleConfig, modules []string) ([]ModuleConfig, error) { +func appendWithoutDuplicates(moduleConfigs []*ModuleConfig, modules []string) ([]*ModuleConfig, error) { if len(modules) == 0 { return moduleConfigs, nil } @@ -224,7 +226,7 @@ func appendWithoutDuplicates(moduleConfigs []ModuleConfig, modules []string) ([] // add the non duplicates to the list for _, module := range modules { if _, exists := modulesMap[module]; !exists { - moduleConfigs = append(moduleConfigs, ModuleConfig{Module: module}) + moduleConfigs = append(moduleConfigs, &ModuleConfig{Module: module}) } } return moduleConfigs, nil @@ -250,6 +252,7 @@ func (reg *ModuleRegistry) GetProspectorConfigs() ([]*common.Config, error) { type PipelineLoader interface { LoadJSON(path string, json map[string]interface{}) ([]byte, error) Request(method, path string, pipeline string, params map[string]string, body interface{}) (int, []byte, error) + GetVersion() string } // LoadPipelines loads the pipelines for each configured fileset. @@ -279,6 +282,26 @@ func (reg *ModuleRegistry) LoadPipelines(esClient PipelineLoader) error { return nil } +// InfoString returns the enabled modules and filesets in a single string, ready to +// be shown to the user +func (reg *ModuleRegistry) InfoString() string { + var result string + for module, filesets := range reg.registry { + var filesetNames string + for name, _ := range filesets { + if filesetNames != "" { + filesetNames += ", " + } + filesetNames += name + } + if result != "" { + result += ", " + } + result += fmt.Sprintf("%s (%s)", module, filesetNames) + } + return result +} + // checkAvailableProcessors calls the /_nodes/ingest API and verifies that all processors listed // in the requiredProcessors list are available in Elasticsearch. Returns nil if all required // processors are available. @@ -418,6 +441,31 @@ func interpretError(initialErr error, body []byte) error { return fmt.Errorf("couldn't load pipeline: %v. Response body: %s", initialErr, body) } +// LoadML loads the machine-learning configurations into Elasticsearch, if Xpack is avaiable +func (reg *ModuleRegistry) LoadML(esClient PipelineLoader) error { + haveXpack, err := mlimporter.HaveXpackML(esClient) + if err != nil { + return errors.Errorf("Error checking if xpack is available: %v", err) + } + if !haveXpack { + logp.Warn("Xpack Machine Learning is not enabled") + return nil + } + + for module, filesets := range reg.registry { + for name, fileset := range filesets { + for _, mlConfig := range fileset.GetMLConfigs() { + err = mlimporter.ImportMachineLearningJob(esClient, &mlConfig) + if err != nil { + return errors.Errorf("Error loading ML config from %s/%s: %v", module, name, err) + } + } + } + } + + return nil +} + func (reg *ModuleRegistry) Empty() bool { count := 0 for _, filesets := range reg.registry { diff --git a/vendor/github.com/elastic/beats/filebeat/fileset/modules_integration_test.go b/vendor/github.com/elastic/beats/filebeat/fileset/modules_integration_test.go index f8c606d8..7aac643c 100644 --- a/vendor/github.com/elastic/beats/filebeat/fileset/modules_integration_test.go +++ b/vendor/github.com/elastic/beats/filebeat/fileset/modules_integration_test.go @@ -58,8 +58,8 @@ func TestSetupNginx(t *testing.T) { modulesPath, err := filepath.Abs("../module") assert.NoError(t, err) - configs := []ModuleConfig{ - {Module: "nginx"}, + configs := []*ModuleConfig{ + &ModuleConfig{Module: "nginx"}, } reg, err := newModuleRegistry(modulesPath, configs, nil, "5.2.0") diff --git a/vendor/github.com/elastic/beats/filebeat/fileset/modules_test.go b/vendor/github.com/elastic/beats/filebeat/fileset/modules_test.go index bd38ae58..fe506be6 100644 --- a/vendor/github.com/elastic/beats/filebeat/fileset/modules_test.go +++ b/vendor/github.com/elastic/beats/filebeat/fileset/modules_test.go @@ -25,10 +25,11 @@ func TestNewModuleRegistry(t *testing.T) { modulesPath, err := filepath.Abs("../module") assert.NoError(t, err) - configs := []ModuleConfig{ - {Module: "nginx"}, - {Module: "mysql"}, - {Module: "system"}, + configs := []*ModuleConfig{ + &ModuleConfig{Module: "nginx"}, + &ModuleConfig{Module: "mysql"}, + &ModuleConfig{Module: "system"}, + &ModuleConfig{Module: "auditd"}, } reg, err := newModuleRegistry(modulesPath, configs, nil, "5.2.0") @@ -36,9 +37,10 @@ func TestNewModuleRegistry(t *testing.T) { assert.NotNil(t, reg) expectedModules := map[string][]string{ + "auditd": {"log"}, "nginx": {"access", "error"}, "mysql": {"slowlog", "error"}, - "system": {"syslog"}, + "system": {"syslog", "auth"}, } assert.Equal(t, len(expectedModules), len(reg.registry)) @@ -55,8 +57,16 @@ func TestNewModuleRegistry(t *testing.T) { for module, filesets := range reg.registry { for name, fileset := range filesets { - _, err = fileset.getProspectorConfig() + cfg, err := fileset.getProspectorConfig() assert.NoError(t, err, fmt.Sprintf("module: %s, fileset: %s", module, name)) + + moduleName, err := cfg.String("_module_name", -1) + assert.NoError(t, err) + assert.Equal(t, module, moduleName) + + filesetName, err := cfg.String("_fileset_name", -1) + assert.NoError(t, err) + assert.Equal(t, name, filesetName) } } } @@ -67,8 +77,8 @@ func TestNewModuleRegistryConfig(t *testing.T) { falseVar := false - configs := []ModuleConfig{ - { + configs := []*ModuleConfig{ + &ModuleConfig{ Module: "nginx", Filesets: map[string]*FilesetConfig{ "access": { @@ -81,7 +91,7 @@ func TestNewModuleRegistryConfig(t *testing.T) { }, }, }, - { + &ModuleConfig{ Module: "mysql", Enabled: &falseVar, }, @@ -98,7 +108,7 @@ func TestNewModuleRegistryConfig(t *testing.T) { assert.NotContains(t, reg.registry["nginx"], "error") } -func TestAppplyOverrides(t *testing.T) { +func TestApplyOverrides(t *testing.T) { falseVar := false trueVar := true @@ -189,24 +199,24 @@ func TestAppendWithoutDuplicates(t *testing.T) { falseVar := false tests := []struct { name string - configs []ModuleConfig + configs []*ModuleConfig modules []string - expected []ModuleConfig + expected []*ModuleConfig }{ { name: "just modules", - configs: []ModuleConfig{}, + configs: []*ModuleConfig{}, modules: []string{"moduleA", "moduleB", "moduleC"}, - expected: []ModuleConfig{ - {Module: "moduleA"}, - {Module: "moduleB"}, - {Module: "moduleC"}, + expected: []*ModuleConfig{ + &ModuleConfig{Module: "moduleA"}, + &ModuleConfig{Module: "moduleB"}, + &ModuleConfig{Module: "moduleC"}, }, }, { name: "eliminate a duplicate, no override", - configs: []ModuleConfig{ - { + configs: []*ModuleConfig{ + &ModuleConfig{ Module: "moduleB", Filesets: map[string]*FilesetConfig{ "fileset": { @@ -218,8 +228,8 @@ func TestAppendWithoutDuplicates(t *testing.T) { }, }, modules: []string{"moduleA", "moduleB", "moduleC"}, - expected: []ModuleConfig{ - { + expected: []*ModuleConfig{ + &ModuleConfig{ Module: "moduleB", Filesets: map[string]*FilesetConfig{ "fileset": { @@ -229,14 +239,14 @@ func TestAppendWithoutDuplicates(t *testing.T) { }, }, }, - {Module: "moduleA"}, - {Module: "moduleC"}, + &ModuleConfig{Module: "moduleA"}, + &ModuleConfig{Module: "moduleC"}, }, }, { name: "disabled config", - configs: []ModuleConfig{ - { + configs: []*ModuleConfig{ + &ModuleConfig{ Module: "moduleB", Enabled: &falseVar, Filesets: map[string]*FilesetConfig{ @@ -249,8 +259,8 @@ func TestAppendWithoutDuplicates(t *testing.T) { }, }, modules: []string{"moduleA", "moduleB", "moduleC"}, - expected: []ModuleConfig{ - { + expected: []*ModuleConfig{ + &ModuleConfig{ Module: "moduleB", Enabled: &falseVar, Filesets: map[string]*FilesetConfig{ @@ -261,9 +271,9 @@ func TestAppendWithoutDuplicates(t *testing.T) { }, }, }, - {Module: "moduleA"}, - {Module: "moduleB"}, - {Module: "moduleC"}, + &ModuleConfig{Module: "moduleA"}, + &ModuleConfig{Module: "moduleB"}, + &ModuleConfig{Module: "moduleC"}, }, }, } diff --git a/vendor/github.com/elastic/beats/filebeat/harvester/config.go b/vendor/github.com/elastic/beats/filebeat/harvester/config.go index 67668b6a..f81e8e83 100644 --- a/vendor/github.com/elastic/beats/filebeat/harvester/config.go +++ b/vendor/github.com/elastic/beats/filebeat/harvester/config.go @@ -2,6 +2,7 @@ package harvester import ( "fmt" + "sync" "time" cfg "github.com/elastic/beats/filebeat/config" @@ -57,6 +58,8 @@ type harvesterConfig struct { Fileset string `config:"_fileset_name"` // hidden option to set the fileset name } +var onceCheck sync.Once + func (config *harvesterConfig) Validate() error { // DEPRECATED: remove in 6.0 @@ -87,5 +90,10 @@ func (config *harvesterConfig) Validate() error { return fmt.Errorf("When using the JSON decoder and line filtering together, you need to specify a message_key value") } + if config.DocumentType != "log" { + onceCheck.Do(func() { + logp.Warn("DEPRECATED: document_type is deprecated. Use fields instead.") + }) + } return nil } diff --git a/vendor/github.com/elastic/beats/filebeat/harvester/reader/multiline.go b/vendor/github.com/elastic/beats/filebeat/harvester/reader/multiline.go index edc50d4d..4404fd65 100644 --- a/vendor/github.com/elastic/beats/filebeat/harvester/reader/multiline.go +++ b/vendor/github.com/elastic/beats/filebeat/harvester/reader/multiline.go @@ -66,7 +66,7 @@ func NewMultiline( return nil, fmt.Errorf("unknown matcher type: %s", config.Match) } - matcher, err := matcherType(config.Pattern) + matcher, err := matcherType(*config.Pattern) if err != nil { return nil, err } diff --git a/vendor/github.com/elastic/beats/filebeat/harvester/reader/multiline_config.go b/vendor/github.com/elastic/beats/filebeat/harvester/reader/multiline_config.go index 783b2438..eeddc3e4 100644 --- a/vendor/github.com/elastic/beats/filebeat/harvester/reader/multiline_config.go +++ b/vendor/github.com/elastic/beats/filebeat/harvester/reader/multiline_config.go @@ -9,13 +9,14 @@ import ( type MultilineConfig struct { Negate bool `config:"negate"` - Match string `config:"match" validate:"required"` + Match string `config:"match" validate:"required"` MaxLines *int `config:"max_lines"` - Pattern match.Matcher `config:"pattern"` - Timeout *time.Duration `config:"timeout" validate:"positive"` + Pattern *match.Matcher `config:"pattern" validate:"required"` + Timeout *time.Duration `config:"timeout" validate:"positive"` } func (c *MultilineConfig) Validate() error { + if c.Match != "after" && c.Match != "before" { return fmt.Errorf("unknown matcher type: %s", c.Match) } diff --git a/vendor/github.com/elastic/beats/filebeat/harvester/reader/multiline_test.go b/vendor/github.com/elastic/beats/filebeat/harvester/reader/multiline_test.go index 16434f30..59536d71 100644 --- a/vendor/github.com/elastic/beats/filebeat/harvester/reader/multiline_test.go +++ b/vendor/github.com/elastic/beats/filebeat/harvester/reader/multiline_test.go @@ -24,9 +24,10 @@ func (p bufferSource) Stat() (os.FileInfo, error) { return nil, errors.New("unkn func (p bufferSource) Continuable() bool { return false } func TestMultilineAfterOK(t *testing.T) { + pattern := match.MustCompile(`^[ \t] +`) // next line is indented by spaces testMultilineOK(t, MultilineConfig{ - Pattern: match.MustCompile(`^[ \t] +`), // next line is indented by spaces + Pattern: &pattern, Match: "after", }, 2, @@ -36,9 +37,11 @@ func TestMultilineAfterOK(t *testing.T) { } func TestMultilineBeforeOK(t *testing.T) { + pattern := match.MustCompile(`\\$`) // previous line ends with \ + testMultilineOK(t, MultilineConfig{ - Pattern: match.MustCompile(`\\$`), // previous line ends with \ + Pattern: &pattern, Match: "before", }, 2, @@ -48,9 +51,11 @@ func TestMultilineBeforeOK(t *testing.T) { } func TestMultilineAfterNegateOK(t *testing.T) { + pattern := match.MustCompile(`^-`) // first line starts with '-' at beginning of line + testMultilineOK(t, MultilineConfig{ - Pattern: match.MustCompile(`^-`), // first line starts with '-' at beginning of line + Pattern: &pattern, Negate: true, Match: "after", }, @@ -61,9 +66,11 @@ func TestMultilineAfterNegateOK(t *testing.T) { } func TestMultilineBeforeNegateOK(t *testing.T) { + pattern := match.MustCompile(`;$`) // last line ends with ';' + testMultilineOK(t, MultilineConfig{ - Pattern: match.MustCompile(`;$`), // last line ends with ';' + Pattern: &pattern, Negate: true, Match: "before", }, @@ -74,9 +81,10 @@ func TestMultilineBeforeNegateOK(t *testing.T) { } func TestMultilineBeforeNegateOKWithEmptyLine(t *testing.T) { + pattern := match.MustCompile(`;$`) // last line ends with ';' testMultilineOK(t, MultilineConfig{ - Pattern: match.MustCompile(`;$`), // last line ends with ';' + Pattern: &pattern, Negate: true, Match: "before", }, diff --git a/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/dashboard/Filebeat-Apache2-Dashboard.json b/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/dashboard/Filebeat-Apache2-Dashboard.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/dashboard/Filebeat-Apache2-Dashboard.json rename to vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/dashboard/Filebeat-Apache2-Dashboard.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/search/Apache2-access-logs.json b/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/search/Apache2-access-logs.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/search/Apache2-access-logs.json rename to vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/search/Apache2-access-logs.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/search/Apache2-errors-log.json b/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/search/Apache2-errors-log.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/search/Apache2-errors-log.json rename to vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/search/Apache2-errors-log.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/visualization/Apache2-access-unique-IPs-map.json b/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/visualization/Apache2-access-unique-IPs-map.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/visualization/Apache2-access-unique-IPs-map.json rename to vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/visualization/Apache2-access-unique-IPs-map.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/visualization/Apache2-browsers.json b/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/visualization/Apache2-browsers.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/visualization/Apache2-browsers.json rename to vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/visualization/Apache2-browsers.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/visualization/Apache2-error-logs-over-time.json b/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/visualization/Apache2-error-logs-over-time.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/visualization/Apache2-error-logs-over-time.json rename to vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/visualization/Apache2-error-logs-over-time.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/visualization/Apache2-operating-systems.json b/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/visualization/Apache2-operating-systems.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/visualization/Apache2-operating-systems.json rename to vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/visualization/Apache2-operating-systems.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/visualization/Apache2-response-codes-of-top-URLs.json b/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/visualization/Apache2-response-codes-of-top-URLs.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/visualization/Apache2-response-codes-of-top-URLs.json rename to vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/visualization/Apache2-response-codes-of-top-URLs.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/visualization/Apache2-response-codes-over-time.json b/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/visualization/Apache2-response-codes-over-time.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/visualization/Apache2-response-codes-over-time.json rename to vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/5.x/visualization/Apache2-response-codes-over-time.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/default/dashboard/Filebeat-apache2.json b/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/default/dashboard/Filebeat-apache2.json new file mode 100644 index 00000000..de671b52 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/apache2/_meta/kibana/default/dashboard/Filebeat-apache2.json @@ -0,0 +1,167 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Apache2-access-logs", + "title": "Apache2 access unique IPs map", + "uiStateJSON": "{\"mapCenter\":[14.944784875088372,5.09765625]}", + "version": 1, + "visState": "{\"title\":\"Apache2 access unique IPs map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[15,5],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"apache2.access.remote_ip\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.geoip.location\",\"autoPrecision\":true}}],\"listeners\":{}}" + }, + "id": "Apache2-access-unique-IPs-map", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Apache2-access-logs", + "title": "Apache2 response codes of top URLs", + "uiStateJSON": "{\"vis\":{\"colors\":{\"200\":\"#7EB26D\",\"404\":\"#EF843C\"}}}", + "version": 1, + "visState": "{\"title\":\"Apache2 response codes of top URLs\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"apache2.access.url\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URL\",\"row\":false}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.response_code\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Apache2-response-codes-of-top-URLs", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Apache2-access-logs", + "title": "Apache2 browsers", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Apache2 browsers\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"apache2.access.remote_ip\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.user_agent.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.user_agent.major\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Apache2-browsers", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Apache2-access-logs", + "title": "Apache2 operating systems", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Apache2 operating systems\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"apache2.access.remote_ip\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.user_agent.os_name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"apache2.access.user_agent.os_major\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Apache2-operating-systems", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Apache2-errors-log", + "title": "Apache2 error logs over time", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Apache2 error logs over time\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"apache2.error.level\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Apache2-error-logs-over-time", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Apache2-access-logs", + "title": "Apache2 response codes over time", + "uiStateJSON": "{\"vis\":{\"colors\":{\"200\":\"#629E51\",\"404\":\"#EF843C\"}}}", + "version": 1, + "visState": "{\"title\":\"Apache2 response codes over time\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"apache2.access.response_code\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Apache2-response-codes-over-time", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "columns": [ + "apache2.error.client", + "apache2.error.level", + "apache2.error.module", + "apache2.error.message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"_exists_:apache2.error\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Apache2 errors log", + "version": 1 + }, + "id": "Apache2-errors-log", + "type": "search", + "version": 8 + }, + { + "attributes": { + "columns": [ + "apache2.access.remote_ip", + "apache2.access.method", + "apache2.access.url", + "apache2.access.response_code" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"_exists_:apache2.access\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Apache2 access logs", + "version": 1 + }, + "id": "Apache2-access-logs", + "type": "search", + "version": 20 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"Apache2-access-unique-IPs-map\",\"panelIndex\":1,\"row\":1,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Apache2-response-codes-of-top-URLs\",\"panelIndex\":2,\"row\":6,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Apache2-browsers\",\"panelIndex\":3,\"row\":6,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":11,\"id\":\"Apache2-operating-systems\",\"panelIndex\":4,\"row\":4,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Apache2-error-logs-over-time\",\"panelIndex\":5,\"row\":9,\"size_x\":12,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Apache2-response-codes-over-time\",\"panelIndex\":6,\"row\":4,\"size_x\":10,\"size_y\":2,\"type\":\"visualization\"},{\"id\":\"Apache2-errors-log\",\"type\":\"search\",\"panelIndex\":7,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":11,\"columns\":[\"apache2.error.client\",\"apache2.error.level\",\"apache2.error.module\",\"apache2.error.message\"],\"sort\":[\"@timestamp\",\"desc\"]}]", + "timeRestore": false, + "title": "Filebeat Apache2 Dashboard", + "uiStateJSON": "{\"P-1\":{\"mapCenter\":[40.713955826286046,-0.17578125]}}", + "version": 1 + }, + "id": "Filebeat-Apache2-Dashboard", + "type": "dashboard", + "version": 4 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/apache2/access/_meta/fields.yml b/vendor/github.com/elastic/beats/filebeat/module/apache2/access/_meta/fields.yml index c245407d..be097171 100644 --- a/vendor/github.com/elastic/beats/filebeat/module/apache2/access/_meta/fields.yml +++ b/vendor/github.com/elastic/beats/filebeat/module/apache2/access/_meta/fields.yml @@ -61,7 +61,7 @@ description: > The minor version of the user agent. - name: patch - type: long + type: keyword description: > The patch version of the user agent. - name: name @@ -104,4 +104,12 @@ type: geo_point description: > The longitude and latitude. + - name: region_name + type: keyword + description: > + The region name. + - name: city_name + type: keyword + description: > + The city name. diff --git a/vendor/github.com/elastic/beats/filebeat/module/apache2/access/test/test.log b/vendor/github.com/elastic/beats/filebeat/module/apache2/access/test/test.log index a19899c8..c04f2584 100644 --- a/vendor/github.com/elastic/beats/filebeat/module/apache2/access/test/test.log +++ b/vendor/github.com/elastic/beats/filebeat/module/apache2/access/test/test.log @@ -1,3 +1,4 @@ ::1 - - [26/Dec/2016:16:16:29 +0200] "GET /favicon.ico HTTP/1.1" 404 209 192.168.33.1 - - [26/Dec/2016:16:22:13 +0000] "GET /hello HTTP/1.1" 404 499 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0" ::1 - - [26/Dec/2016:16:16:48 +0200] "-" 408 - +172.17.0.1 - - [29/May/2017:19:02:48 +0000] "GET /stringpatch HTTP/1.1" 404 612 "-" "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2" "-" diff --git a/vendor/github.com/elastic/beats/filebeat/module/apache2/access/test/test.log-expected.json b/vendor/github.com/elastic/beats/filebeat/module/apache2/access/test/test.log-expected.json index 0997759a..9acaf955 100644 --- a/vendor/github.com/elastic/beats/filebeat/module/apache2/access/test/test.log-expected.json +++ b/vendor/github.com/elastic/beats/filebeat/module/apache2/access/test/test.log-expected.json @@ -1,140 +1,193 @@ [ -{ - "_index": "filebeat-2016.12.27", - "_type": "log", - "_id": "AVlBCaYsqYg9cc5KQfcT", - "_score": null, - "_source": { - "@timestamp": "2016-12-26T14:16:29.000Z", - "offset": 73, - "apache2": { - "access": { - "response_code": "404", - "remote_ip": "::1", - "method": "GET", - "user_name": "-", - "http_version": "1.1", - "body_sent": { - "bytes": "209" + { + "_id": "AVlBCaYsqYg9cc5KQfcT", + "_index": "filebeat-2016.12.27", + "_score": null, + "_source": { + "@timestamp": "2016-12-26T14:16:29.000Z", + "apache2": { + "access": { + "body_sent": { + "bytes": "209" + }, + "http_version": "1.1", + "method": "GET", + "remote_ip": "::1", + "response_code": "404", + "url": "/favicon.ico", + "user_name": "-" + } + }, + "beat": { + "hostname": "192-168-0-7.rdsnet.ro", + "name": "192-168-0-7.rdsnet.ro", + "version": "6.0.0-alpha1" + }, + "fields": { + "pipeline_id": "apache2-access-with_plugins", + "source_type": "apache2-access" + }, + "offset": 73, + "prospector": { + "type": "log" + }, + "read_timestamp": "2016-12-27T15:52:23.304Z", + "source": "module/apache2/access/test/test.log" }, - "url": "/favicon.ico" - } - }, - "beat": { - "hostname": "192-168-0-7.rdsnet.ro", - "name": "192-168-0-7.rdsnet.ro", - "version": "6.0.0-alpha1" - }, - "input_type": "log", - "read_timestamp": "2016-12-27T15:52:23.304Z", - "source": "module/apache2/access/test/test.log", - "fields": { - "pipeline_id": "apache2-access-with_plugins", - "source_type": "apache2-access" - }, - "type": "log" - }, - "fields": { - "@timestamp": [ - 1482761789000 - ] - }, - "sort": [ - 1482761789000 - ] -}, -{ - "_index": "filebeat-2016.12.27", - "_type": "log", - "_id": "AVlBCaYsqYg9cc5KQfcU", - "_score": null, - "_source": { - "@timestamp": "2016-12-26T16:22:13.000Z", - "offset": 238, - "apache2": { - "access": { - "referrer": "-", - "response_code": "404", - "remote_ip": "192.168.33.1", - "method": "GET", - "user_name": "-", - "http_version": "1.1", - "body_sent": { - "bytes": "499" + "_type": "log", + "fields": { + "@timestamp": [ + 1482761789000 + ] }, - "url": "/hello", - "user_agent": { - "major": "50", - "minor": "0", - "os": "Mac OS X 10.12", - "os_minor": "12", - "os_major": "10", - "name": "Firefox", - "os_name": "Mac OS X", - "device": "Other" - } - } + "sort": [ + 1482761789000 + ] }, - "beat": { - "hostname": "192-168-0-7.rdsnet.ro", - "name": "192-168-0-7.rdsnet.ro", - "version": "6.0.0-alpha1" + { + "_id": "AVlBCaYsqYg9cc5KQfcU", + "_index": "filebeat-2016.12.27", + "_score": null, + "_source": { + "@timestamp": "2016-12-26T16:22:13.000Z", + "apache2": { + "access": { + "body_sent": { + "bytes": "499" + }, + "http_version": "1.1", + "method": "GET", + "referrer": "-", + "remote_ip": "192.168.33.1", + "response_code": "404", + "url": "/hello", + "user_agent": { + "device": "Other", + "major": "50", + "minor": "0", + "name": "Firefox", + "os": "Mac OS X 10.12", + "os_major": "10", + "os_minor": "12", + "os_name": "Mac OS X" + }, + "user_name": "-" + } + }, + "beat": { + "hostname": "192-168-0-7.rdsnet.ro", + "name": "192-168-0-7.rdsnet.ro", + "version": "6.0.0-alpha1" + }, + "fields": { + "pipeline_id": "apache2-access-with_plugins", + "source_type": "apache2-access" + }, + "offset": 238, + "prospector": { + "type": "log" + }, + "read_timestamp": "2016-12-27T15:52:23.304Z", + "source": "module/apache2/access/test/test.log" + }, + "_type": "log", + "fields": { + "@timestamp": [ + 1482769333000 + ] + }, + "sort": [ + 1482769333000 + ] }, - "input_type": "log", - "read_timestamp": "2016-12-27T15:52:23.304Z", - "source": "module/apache2/access/test/test.log", - "fields": { - "pipeline_id": "apache2-access-with_plugins", - "source_type": "apache2-access" + { + "_id": "AVlBCaYsqYg9cc5KQfc-", + "_index": "filebeat-2016.12.27", + "_score": null, + "_source": { + "@timestamp": "2016-12-26T14:16:48.000Z", + "apache2": { + "access": { + "remote_ip": "::1", + "response_code": "408", + "user_name": "-" + } + }, + "beat": { + "hostname": "192-168-0-7.rdsnet.ro", + "name": "192-168-0-7.rdsnet.ro", + "version": "6.0.0-alpha1" + }, + "fields": { + "pipeline_id": "apache2-access-with_plugins", + "source_type": "apache2-access" + }, + "offset": 285, + "prospector": { + "type": "log" + }, + "read_timestamp": "2016-12-27T16:04:58.319Z", + "source": "module/apache2/access/test/test.log" + }, + "_type": "log", + "fields": { + "@timestamp": [ + 1482761808000 + ] + }, + "sort": [ + 1482761808000 + ] }, - "type": "log" - }, - "fields": { - "@timestamp": [ - 1482769333000 - ] - }, - "sort": [ - 1482769333000 - ] -}, -{ - "_index": "filebeat-2016.12.27", - "_type": "log", - "_id": "AVlBCaYsqYg9cc5KQfc-", - "_score": null, - "_source": { - "@timestamp": "2016-12-26T14:16:48.000Z", - "offset": 285, - "apache2": { - "access": { - "response_code": "408", - "remote_ip": "::1", - "user_name": "-" - } - }, - "beat": { - "hostname": "192-168-0-7.rdsnet.ro", - "name": "192-168-0-7.rdsnet.ro", - "version": "6.0.0-alpha1" - }, - "input_type": "log", - "read_timestamp": "2016-12-27T16:04:58.319Z", - "source": "module/apache2/access/test/test.log", - "fields": { - "pipeline_id": "apache2-access-with_plugins", - "source_type": "apache2-access" - }, - "type": "log" - }, - "fields": { - "@timestamp": [ - 1482761808000 - ] - }, - "sort": [ - 1482761808000 - ] -} + { + "_id": "AVxVs7QZsqw9BQCgtCgc", + "_index": "filebeat-6.0.0-alpha2-2017.05.29", + "_score": null, + "_source": { + "@timestamp": "2017-05-29T19:02:48.000Z", + "apache2": { + "access": { + "body_sent": { + "bytes": "612" + }, + "http_version": "1.1", + "method": "GET", + "referrer": "-", + "remote_ip": "172.17.0.1", + "response_code": "404", + "url": "/stringpatch", + "user_agent": { + "device": "Other", + "major": "15", + "minor": "0", + "name": "Firefox Alpha", + "os": "Windows 7", + "os_name": "Windows 7", + "patch": "a2" + }, + "user_name": "-" + } + }, + "beat": { + "hostname": "X1", + "name": "X1", + "version": "6.0.0-alpha2" + }, + "offset": 443, + "prospector": { + "type": "log" + }, + "read_timestamp": "2017-05-29T19:34:14.378Z", + "source": "/home/exekias/go/src/github.com/elastic/beats/filebeat/apache2.log" + }, + "_type": "doc", + "fields": { + "@timestamp": [ + 1496084568000 + ] + }, + "sort": [ + 1496084568000 + ] + } ] - diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/config.full.yml b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/config.full.yml new file mode 100644 index 00000000..5b0d02ba --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/config.full.yml @@ -0,0 +1,11 @@ +#- module: auditd + #log: + #enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + + # Prospector configuration (advanced). Any prospector configuration option + # can be added under this section. + #prospector: diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/config.yml b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/config.yml new file mode 100644 index 00000000..844a9b2e --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/config.yml @@ -0,0 +1 @@ +#- module: auditd diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/docs.asciidoc b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/docs.asciidoc new file mode 100644 index 00000000..484c75da --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/docs.asciidoc @@ -0,0 +1,29 @@ +== Auditd module + +This module collects and parses logs from the audit daemon (`auditd`). + +[float] +=== Compatibility + +This module was tested with logs from `auditd` on OSes like CentOS 6 and +CentOS 7. + +This module is not available for Windows. + +[float] +=== Dashboard + +This module comes with a sample dashboard showing an overview of the audit log +data. You can build more specific dashboards that are tailored to the audit +rules that you use on your systems. + +image::./images/kibana-audit-auditd.png[] + +[float] +=== Syslog fileset settings + +[float] +==== var.paths + +An array of paths where to look for the log files. If left empty, Filebeat +will choose the paths depending on your operating systems. diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/fields.yml b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/fields.yml new file mode 100644 index 00000000..360fb732 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/fields.yml @@ -0,0 +1,10 @@ +- key: auditd + title: "Auditd" + description: > + Module for parsing auditd logs. + fields: + - name: auditd + type: group + description: > + Fields from the auditd logs. + fields: diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/dashboard/dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/dashboard/dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json new file mode 100644 index 00000000..8910a16a --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/dashboard/dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb.json @@ -0,0 +1,13 @@ +{ + "hits": 0, + "timeRestore": false, + "description": "", + "title": "Filebeat Auditd", + "uiStateJSON": "{\"P-2\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "panelsJSON": "[{\"col\":1,\"id\":\"6295bdd0-0a0e-11e7-825f-6748cda7d858\",\"panelIndex\":1,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"5ebdbe50-0a0f-11e7-825f-6748cda7d858\",\"panelIndex\":2,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"2bb0fa70-0a11-11e7-9e84-43da493ad0c7\",\"panelIndex\":3,\"row\":5,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"d1726930-0a7f-11e7-8b04-eb22a5669f27\",\"panelIndex\":5,\"row\":5,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"c5411910-0a87-11e7-8b04-eb22a5669f27\",\"panelIndex\":6,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":3,\"panelIndex\":7,\"type\":\"search\",\"id\":\"4ac0a370-0a11-11e7-8b04-eb22a5669f27\",\"col\":1,\"row\":8,\"columns\":[\"auditd.log.record_type\",\"auditd.log.sequence\",\"auditd.log.acct\"],\"sort\":[\"@timestamp\",\"desc\"]}]", + "optionsJSON": "{\"darkTheme\":false}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}" + } +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/search/4ac0a370-0a11-11e7-8b04-eb22a5669f27.json b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/search/4ac0a370-0a11-11e7-8b04-eb22a5669f27.json new file mode 100644 index 00000000..f342d27d --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/search/4ac0a370-0a11-11e7-8b04-eb22a5669f27.json @@ -0,0 +1,18 @@ +{ + "sort": [ + "@timestamp", + "desc" + ], + "hits": 0, + "description": "", + "title": "Audit Events", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"_exists_:auditd.log\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "columns": [ + "auditd.log.record_type", + "auditd.log.sequence", + "auditd.log.acct" + ] +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/visualization/2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/visualization/2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json new file mode 100644 index 00000000..422da1d6 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/visualization/2bb0fa70-0a11-11e7-9e84-43da493ad0c7.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"type\":\"timelion\",\"title\":\"Audit Event Results\",\"params\":{\"expression\":\".es(q=\\\"_exists_:auditd.log NOT auditd.log.res:failure\\\").label(\\\"Success\\\") .es(q=\\\"auditd.log.res:failed\\\").label(\\\"Failure\\\").title(\\\"Audit Event Results\\\")\",\"interval\":\"auto\"}}", + "description": "", + "title": "Audit Event Results", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + } +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/visualization/5ebdbe50-0a0f-11e7-825f-6748cda7d858.json b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/visualization/5ebdbe50-0a0f-11e7-825f-6748cda7d858.json new file mode 100644 index 00000000..c12a7b3d --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/visualization/5ebdbe50-0a0f-11e7-825f-6748cda7d858.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"Audit Top Exec Commands\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"auditd.log.a0\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command (arg 0)\"}}],\"listeners\":{}}", + "description": "", + "title": "Audit Top Exec Commands", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"auditd.log.record_type:EXECVE\",\"analyze_wildcard\":true}},\"filter\":[]}" + } +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/visualization/6295bdd0-0a0e-11e7-825f-6748cda7d858.json b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/visualization/6295bdd0-0a0e-11e7-825f-6748cda7d858.json new file mode 100644 index 00000000..73de4815 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/visualization/6295bdd0-0a0e-11e7-825f-6748cda7d858.json @@ -0,0 +1,10 @@ +{ + "visState": "{\n \"title\": \"Audit Event Types\",\n \"type\": \"pie\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"isDonut\": true\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"auditd.log.record_type\",\n \"size\": 50,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}", + "description": "", + "title": "Audit Event Types", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" + } +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/visualization/c5411910-0a87-11e7-8b04-eb22a5669f27.json b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/visualization/c5411910-0a87-11e7-8b04-eb22a5669f27.json new file mode 100644 index 00000000..22a4543f --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/visualization/c5411910-0a87-11e7-8b04-eb22a5669f27.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"Audit Event Account Tag Cloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":15,\"maxFontSize\":42,\"hideLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"auditd.log.acct\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "Audit Event Account Tag Cloud", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + } +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/visualization/d1726930-0a7f-11e7-8b04-eb22a5669f27.json b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/visualization/d1726930-0a7f-11e7-8b04-eb22a5669f27.json new file mode 100644 index 00000000..23850e2d --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/5.x/visualization/d1726930-0a7f-11e7-8b04-eb22a5669f27.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"Audit Event Address Geo Location\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[15,5],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"auditd.log.geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}", + "description": "", + "title": "Audit Event Address Geo Location", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + } +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/default/dashboard/Filebeat-auditd.json b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/default/dashboard/Filebeat-auditd.json new file mode 100644 index 00000000..2def2254 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/_meta/kibana/default/dashboard/Filebeat-auditd.json @@ -0,0 +1,121 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" + }, + "title": "Audit Event Types", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\n \"title\": \"Audit Event Types\",\n \"type\": \"pie\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"isDonut\": true\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"auditd.log.record_type\",\n \"size\": 50,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "6295bdd0-0a0e-11e7-825f-6748cda7d858", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"auditd.log.record_type:EXECVE\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Audit Top Exec Commands", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"Audit Top Exec Commands\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"auditd.log.a0\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command (arg 0)\"}}],\"listeners\":{}}" + }, + "id": "5ebdbe50-0a0f-11e7-825f-6748cda7d858", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "title": "Audit Event Results", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"type\":\"timelion\",\"title\":\"Audit Event Results\",\"params\":{\"expression\":\".es(q=\\\"_exists_:auditd.log NOT auditd.log.res:failure\\\").label(\\\"Success\\\") .es(q=\\\"auditd.log.res:failed\\\").label(\\\"Failure\\\").title(\\\"Audit Event Results\\\")\",\"interval\":\"auto\"}}" + }, + "id": "2bb0fa70-0a11-11e7-9e84-43da493ad0c7", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Audit Event Address Geo Location", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Audit Event Address Geo Location\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[15,5],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"auditd.log.geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}" + }, + "id": "d1726930-0a7f-11e7-8b04-eb22a5669f27", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Audit Event Account Tag Cloud", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Audit Event Account Tag Cloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":15,\"maxFontSize\":42,\"hideLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"auditd.log.acct\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "c5411910-0a87-11e7-8b04-eb22a5669f27", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "columns": [ + "auditd.log.record_type", + "auditd.log.sequence", + "auditd.log.acct" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"_exists_:auditd.log\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Audit Events", + "version": 1 + }, + "id": "4ac0a370-0a11-11e7-8b04-eb22a5669f27", + "type": "search", + "version": 4 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"6295bdd0-0a0e-11e7-825f-6748cda7d858\",\"panelIndex\":1,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"5ebdbe50-0a0f-11e7-825f-6748cda7d858\",\"panelIndex\":2,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"2bb0fa70-0a11-11e7-9e84-43da493ad0c7\",\"panelIndex\":3,\"row\":5,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"d1726930-0a7f-11e7-8b04-eb22a5669f27\",\"panelIndex\":5,\"row\":5,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"c5411910-0a87-11e7-8b04-eb22a5669f27\",\"panelIndex\":6,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":3,\"panelIndex\":7,\"type\":\"search\",\"id\":\"4ac0a370-0a11-11e7-8b04-eb22a5669f27\",\"col\":1,\"row\":8,\"columns\":[\"auditd.log.record_type\",\"auditd.log.sequence\",\"auditd.log.acct\"],\"sort\":[\"@timestamp\",\"desc\"]}]", + "timeRestore": false, + "title": "Filebeat Auditd", + "uiStateJSON": "{\"P-2\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "version": 1 + }, + "id": "dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb", + "type": "dashboard", + "version": 4 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/log/_meta/fields.yml b/vendor/github.com/elastic/beats/filebeat/module/auditd/log/_meta/fields.yml new file mode 100644 index 00000000..9fff5ca6 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/log/_meta/fields.yml @@ -0,0 +1,79 @@ +- name: log + type: group + description: > + Fields from the Linux audit log. Not all fields are documented here because + they are dynamic and vary by audit event type. + fields: + - name: record_type + description: > + The audit event type. + - name: old_auid + description: > + For login events this is the old audit ID used for the user prior to + this login. + - name: new_auid + description: > + For login events this is the new audit ID. The audit ID can be used to + trace future events to the user even if their identity changes (like + becoming root). + - name: old_ses + description: > + For login events this is the old session ID used for the user prior to + this login. + - name: new_ses + description: > + For login events this is the new session ID. It can be used to tie a + user to future events by session ID. + - name: sequence + type: long + description: > + The audit event sequence number. + - name: acct + description: > + The user account name associated with the event. + - name: pid + description: > + The ID of the process. + - name: ppid + description: > + The ID of the process. + - name: items + description: > + The number of items in an event. + - name: item + description: > + The item field indicates which item out of the total number of items. + This number is zero-based; a value of 0 means it is the first item. + - name: a0 + description: > + The first argument to the system call. + - name: res + description: > + The result of the system call (success or failure). + - name: geoip + type: group + description: > + Contains GeoIP information gathered based on the `auditd.log.addr` + field. Only present if the GeoIP Elasticsearch plugin is available and + used. + fields: + - name: continent_name + type: keyword + description: > + The name of the continent. + - name: city_name + type: keyword + description: > + The name of the city. + - name: region_name + type: keyword + description: > + The name of the region. + - name: country_iso_code + type: keyword + description: > + Country ISO code. + - name: location + type: geo_point + description: > + The longitude and latitude. diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/log/config/log.yml b/vendor/github.com/elastic/beats/filebeat/module/auditd/log/config/log.yml new file mode 100644 index 00000000..56e3dfd9 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/log/config/log.yml @@ -0,0 +1,6 @@ +input_type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/log/ingest/pipeline.json b/vendor/github.com/elastic/beats/filebeat/module/auditd/log/ingest/pipeline.json new file mode 100644 index 00000000..46dacd82 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/log/ingest/pipeline.json @@ -0,0 +1,101 @@ +{ + "description": "Pipeline for parsing Linux auditd logs", + "processors": [ + { + "grok": { + "field": "message", + "pattern_definitions": { + "AUDIT_TYPE": "^type=%{NOTSPACE:auditd.log.record_type}", + "AUDIT_PREFIX": "%{AUDIT_TYPE} msg=audit\\(%{NUMBER:auditd.log.epoch}:%{NUMBER:auditd.log.sequence}\\):(%{DATA})?", + "AUDIT_KEY_VALUES": "%{WORD}=%{GREEDYDATA}" + }, + "patterns": [ + "%{AUDIT_PREFIX} %{AUDIT_KEY_VALUES:auditd.log.kv} old auid=%{NUMBER:auditd.log.old_auid} new auid=%{NUMBER:auditd.log.new_auid} old ses=%{NUMBER:auditd.log.old_ses} new ses=%{NUMBER:auditd.log.new_ses}", + "%{AUDIT_PREFIX} %{AUDIT_KEY_VALUES:auditd.log.kv} msg=['\"](%{DATA:auditd.log.msg}\\s+)?%{AUDIT_KEY_VALUES:auditd.log.sub_kv}['\"]", + "%{AUDIT_PREFIX} %{AUDIT_KEY_VALUES:auditd.log.kv}", + "%{AUDIT_PREFIX}", + "%{AUDIT_TYPE} %{AUDIT_KEY_VALUES:auditd.log.kv}" + ] + } + }, + { + "kv": { + "field": "auditd.log.kv", + "field_split": "\\s+", + "value_split": "=", + "target_field": "auditd.log" + } + }, + { + "kv": { + "field": "auditd.log.sub_kv", + "field_split": "\\s+", + "value_split": "=", + "target_field": "auditd.log", + "ignore_missing": true + } + }, + { + "remove": { + "field": "auditd.log.kv", + "ignore_failure": true + } + }, + { + "remove": { + "field": "auditd.log.sub_kv", + "ignore_failure": true + } + }, + { + "remove": { + "field": "message", + "ignore_failure": true + } + }, + { + "date": { + "field": "auditd.log.epoch", + "target_field": "@timestamp", + "formats": [ + "UNIX" + ], + "ignore_failure": true + } + }, + { + "remove": { + "field": "auditd.log.epoch", + "ignore_failure": true + } + }, + { + "convert": { + "field" : "auditd.log.sequence", + "type": "integer", + "ignore_missing": true + } + }, + { + "script": { + "lang": "painless", + "inline": " String trimQuotes(def v) {\n if (v.startsWith(\"'\") || v.startsWith('\"')) {\n v = v.substring(1, v.length());\n }\n if (v.endsWith(\"'\") || v.endsWith('\"')) {\n v = v.substring(0, v.length()-1);\n } \n return v;\n }\n \n boolean isHexAscii(String v) {\n def len = v.length();\n if (len == 0 || len % 2 != 0) {\n return false; \n }\n \n for (int i = 0 ; i < len ; i++) {\n if (Character.digit(v.charAt(i), 16) == -1) {\n return false;\n }\n }\n\n return true;\n }\n \n String convertHexToString(String hex) {\n\t StringBuilder sb = new StringBuilder();\n\n for (int i=0; i < hex.length() - 1; i+=2) {\n String output = hex.substring(i, (i + 2));\n int decimal = Integer.parseInt(output, 16);\n sb.append((char)decimal);\n }\n\n return sb.toString();\n }\n \n def possibleHexKeys = ['exe', 'cmd'];\n \n def audit = ctx.auditd.get(\"log\");\n Iterator entries = audit.entrySet().iterator();\n while (entries.hasNext()) {\n def e = entries.next();\n def k = e.getKey();\n def v = e.getValue(); \n\n // Remove entries whose value is ?\n if (v == \"?\" || v == \"(null)\" || v == \"\") {\n entries.remove();\n continue;\n }\n \n // Convert hex values to ASCII.\n if (possibleHexKeys.contains(k) && isHexAscii(v)) {\n v = convertHexToString(v);\n audit.put(k, v);\n }\n \n // Trim quotes.\n if (v instanceof String) {\n v = trimQuotes(v);\n audit.put(k, v);\n }\n \n // Convert arch.\n if (k == \"arch\" && v == \"c000003e\") {\n audit.put(k, \"x86_64\");\n }\n }" + } + }, + { + "geoip": { + "field": "auditd.log.addr", + "target_field": "auditd.log.geoip", + "ignore_failure": true + } + } + ], + "on_failure": [ + { + "set": { + "field": "error", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/log/manifest.yml b/vendor/github.com/elastic/beats/filebeat/module/auditd/log/manifest.yml new file mode 100644 index 00000000..5c8bf0a9 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/log/manifest.yml @@ -0,0 +1,15 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/audit/audit.log* + os.darwin: [""] + os.windows: [] + +ingest_pipeline: ingest/pipeline.json +prospector: config/log.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/log/test/audit-rhel6.log b/vendor/github.com/elastic/beats/filebeat/module/auditd/log/test/audit-rhel6.log new file mode 100644 index 00000000..dceee842 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/log/test/audit-rhel6.log @@ -0,0 +1,12 @@ +type=USER_END msg=audit(1489519230.178:19600327): user pid=4121 uid=0 auid=700 ses=11988 msg='op=PAM:session_close acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' +type=CRED_DISP msg=audit(1489519230.178:19600328): user pid=4121 uid=0 auid=700 ses=11988 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' +type=USER_CMD msg=audit(1489519256.192:19600329): user pid=4151 uid=497 auid=700 ses=11988 msg='cwd="/" cmd=2F7573722F6C696236342F6E6167696F732F706C7567696E732F636865636B5F617374657269736B5F7369705F7065657273202D7020323032 terminal=? res=success' +type=CRED_ACQ msg=audit(1489519256.193:19600330): user pid=4151 uid=0 auid=700 ses=11988 msg='op=PAM:setcred acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' +type=USER_START msg=audit(1489519256.193:19600331): user pid=4151 uid=0 auid=700 ses=11988 msg='op=PAM:session_open acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success' +type=MAC_IPSEC_EVENT msg=audit(1489519382.529:19600354): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=10.100.0.0 src_prefixlen=16 dst=10.100.4.0 dst_prefixlen=22 +type=SYSCALL msg=audit(1489519382.529:19600354): arch=c000003e syscall=44 success=yes exit=184 a0=9 a1=7f564ee6d2a0 a2=b8 a3=0 items=0 ppid=1240 pid=1275 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="charon" exe=2F7573722F6C6962657865632F7374726F6E677377616E2F636861726F6E202864656C6574656429 key=(null) +type=LOGIN msg=audit(1489636960.072:19623791): pid=28281 uid=0 old auid=700 new auid=700 old ses=6793 new ses=12286 +type=CRYPTO_KEY_USER msg=audit(1489636960.070:19623788): user pid=28281 uid=0 auid=700 ses=6793 msg='op=destroy kind=session fp=? direction=both spid=28282 suid=74 rport=58994 laddr=107.170.139.210 lport=50022 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1489636960.072:19623789): user pid=28281 uid=0 auid=700 ses=6793 msg='op=success acct="admin" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=ssh res=success' +type=USER_AUTH msg=audit(1489636977.804:19623807): user pid=28395 uid=0 auid=700 ses=12286 msg='op=PAM:authentication acct="root" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' +type=USER_ACCT msg=audit(1489636977.805:19623808): user pid=28395 uid=0 auid=700 ses=12286 msg='op=PAM:accounting acct="root" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/log/test/audit-rhel7.log b/vendor/github.com/elastic/beats/filebeat/module/auditd/log/test/audit-rhel7.log new file mode 100644 index 00000000..4b193c8d --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/log/test/audit-rhel7.log @@ -0,0 +1,2447 @@ +type=DAEMON_START msg=audit(1481076983.819:7798): auditd start, ver=2.4.1 format=raw kernel=3.10.0-327.36.3.el7.x86_64 auid=4294967295 pid=251 subj=system_u:system_r:auditd_t:s0 res=success +type=SERVICE_START msg=audit(1481076983.864:6): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=auditd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SYSTEM_BOOT msg=audit(1481076983.876:7): pid=273 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076983.879:8): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.075:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hwdb-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.088:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-done comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.163:11): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-udev-trigger comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.212:12): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.521:13): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=avahi-daemon comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.521:14): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.526:15): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rsyslog comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076984.534:16): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=irqbalance comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076984.827:17): table=filter family=2 entries=0 +type=SYSCALL msg=audit(1481076984.827:17): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=390 pid=391 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076984.858:18): table=raw family=2 entries=0 +type=SYSCALL msg=audit(1481076984.858:18): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=395 pid=396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076984.870:19): table=security family=2 entries=0 +type=SYSCALL msg=audit(1481076984.870:19): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=398 pid=399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076984.877:20): table=mangle family=2 entries=0 +type=SYSCALL msg=audit(1481076984.877:20): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=401 pid=402 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076984.931:21): table=nat family=2 entries=0 +type=SYSCALL msg=audit(1481076984.931:21): arch=c000003e syscall=313 success=yes exit=0 a0=3 a1=41a15c a2=0 a3=3 items=0 ppid=406 pid=407 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076984.939:22): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=yum-cron comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.945:23): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=rhel-dmesg comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.953:24): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=acpid comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.954:25): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-user-sessions comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076984.960:26): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ntpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076984.982:27): table=filter family=10 entries=0 +type=SYSCALL msg=audit(1481076984.982:27): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=422 pid=423 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076985.012:28): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-logind comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076985.031:29): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=crond comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076985.043:30): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=expand-root comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076985.044:31): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=expand-root comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076985.069:32): table=raw family=10 entries=0 +type=SYSCALL msg=audit(1481076985.069:32): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=439 pid=440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076985.104:33): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd-keygen comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076985.099:34): table=security family=10 entries=0 +type=SYSCALL msg=audit(1481076985.099:34): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=445 pid=446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.128:35): table=mangle family=10 entries=0 +type=SYSCALL msg=audit(1481076985.128:35): arch=c000003e syscall=313 success=yes exit=0 a0=0 a1=41a15c a2=0 a3=0 items=0 ppid=449 pid=450 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076985.164:36): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076985.166:37): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076985.167:38): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076985.168:39): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076985.170:40): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076985.170:41): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076985.180:42): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076985.187:43): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=getty@tty1 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076985.191:44): table=nat family=10 entries=0 +type=SYSCALL msg=audit(1481076985.191:44): arch=c000003e syscall=313 success=yes exit=0 a0=1 a1=41a15c a2=0 a3=1 items=0 ppid=452 pid=453 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod" subj=system_u:system_r:insmod_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076985.511:45): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=firewalld comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076985.528:46): table=nat family=2 entries=5 +type=SYSCALL msg=audit(1481076985.528:46): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=25be720 items=0 ppid=296 pid=476 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.532:47): table=nat family=2 entries=5 +type=SYSCALL msg=audit(1481076985.532:47): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1819720 items=0 ppid=296 pid=478 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.534:48): table=mangle family=2 entries=6 +type=SYSCALL msg=audit(1481076985.534:48): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=13d0850 items=0 ppid=296 pid=479 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.537:49): table=mangle family=2 entries=6 +type=SYSCALL msg=audit(1481076985.537:49): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1125850 items=0 ppid=296 pid=481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.538:50): table=security family=2 entries=4 +type=SYSCALL msg=audit(1481076985.538:50): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=20a3600 items=0 ppid=296 pid=482 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.542:51): table=security family=2 entries=4 +type=SYSCALL msg=audit(1481076985.542:51): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=9f0600 items=0 ppid=296 pid=484 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.543:52): table=raw family=2 entries=3 +type=SYSCALL msg=audit(1481076985.543:52): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=232e4d0 items=0 ppid=296 pid=485 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.546:53): table=raw family=2 entries=3 +type=SYSCALL msg=audit(1481076985.546:53): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=14404d0 items=0 ppid=296 pid=487 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.548:54): table=filter family=2 entries=4 +type=SYSCALL msg=audit(1481076985.548:54): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=c31600 items=0 ppid=296 pid=488 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.552:55): table=filter family=2 entries=4 +type=SYSCALL msg=audit(1481076985.552:55): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=143a600 items=0 ppid=296 pid=490 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.553:56): table=nat family=10 entries=5 +type=SYSCALL msg=audit(1481076985.553:56): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=109b880 items=0 ppid=296 pid=491 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.556:57): table=nat family=10 entries=5 +type=SYSCALL msg=audit(1481076985.556:57): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=b53880 items=0 ppid=296 pid=493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.557:58): table=mangle family=10 entries=6 +type=SYSCALL msg=audit(1481076985.557:58): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=17b09e0 items=0 ppid=296 pid=494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.560:59): table=mangle family=10 entries=6 +type=SYSCALL msg=audit(1481076985.560:59): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=25cc9e0 items=0 ppid=296 pid=496 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.562:60): table=security family=10 entries=4 +type=SYSCALL msg=audit(1481076985.562:60): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=14db720 items=0 ppid=296 pid=497 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.566:61): table=security family=10 entries=4 +type=SYSCALL msg=audit(1481076985.566:61): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=9d2720 items=0 ppid=296 pid=499 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.569:62): table=raw family=10 entries=3 +type=SYSCALL msg=audit(1481076985.569:62): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=fae5c0 items=0 ppid=296 pid=500 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.573:63): table=raw family=10 entries=3 +type=SYSCALL msg=audit(1481076985.573:63): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=19545c0 items=0 ppid=296 pid=502 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.575:64): table=filter family=10 entries=4 +type=SYSCALL msg=audit(1481076985.575:64): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=23a3720 items=0 ppid=296 pid=503 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.578:65): table=filter family=10 entries=4 +type=SYSCALL msg=audit(1481076985.578:65): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=162d720 items=0 ppid=296 pid=505 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.580:66): table=mangle family=2 entries=6 +type=SYSCALL msg=audit(1481076985.580:66): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=14b0850 items=0 ppid=296 pid=506 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.582:67): table=mangle family=2 entries=6 +type=SYSCALL msg=audit(1481076985.582:67): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2398850 items=0 ppid=296 pid=507 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.583:68): table=mangle family=2 entries=6 +type=SYSCALL msg=audit(1481076985.583:68): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2679850 items=0 ppid=296 pid=508 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.585:69): table=mangle family=2 entries=6 +type=SYSCALL msg=audit(1481076985.585:69): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1715850 items=0 ppid=296 pid=509 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.587:70): table=mangle family=2 entries=6 +type=SYSCALL msg=audit(1481076985.587:70): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=196a850 items=0 ppid=296 pid=510 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.590:71): table=security family=2 entries=4 +type=SYSCALL msg=audit(1481076985.590:71): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1453600 items=0 ppid=296 pid=511 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.591:72): table=security family=2 entries=4 +type=SYSCALL msg=audit(1481076985.591:72): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=fb2600 items=0 ppid=296 pid=512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.593:73): table=security family=2 entries=4 +type=SYSCALL msg=audit(1481076985.593:73): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=255d600 items=0 ppid=296 pid=513 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.594:74): table=raw family=2 entries=3 +type=SYSCALL msg=audit(1481076985.594:74): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=15be4d0 items=0 ppid=296 pid=514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.596:75): table=raw family=2 entries=3 +type=SYSCALL msg=audit(1481076985.596:75): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=13704d0 items=0 ppid=296 pid=515 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.597:76): table=filter family=2 entries=4 +type=SYSCALL msg=audit(1481076985.597:76): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=13ef600 items=0 ppid=296 pid=516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.599:77): table=filter family=2 entries=4 +type=SYSCALL msg=audit(1481076985.599:77): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1f72600 items=0 ppid=296 pid=517 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.601:78): table=filter family=2 entries=4 +type=SYSCALL msg=audit(1481076985.601:78): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1299600 items=0 ppid=296 pid=518 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.602:79): table=mangle family=10 entries=6 +type=SYSCALL msg=audit(1481076985.602:79): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=23e29e0 items=0 ppid=296 pid=519 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.604:80): table=mangle family=10 entries=6 +type=SYSCALL msg=audit(1481076985.604:80): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=8199e0 items=0 ppid=296 pid=520 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.605:81): table=mangle family=10 entries=6 +type=SYSCALL msg=audit(1481076985.605:81): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1e879e0 items=0 ppid=296 pid=521 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.607:82): table=mangle family=10 entries=6 +type=SYSCALL msg=audit(1481076985.607:82): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1b699e0 items=0 ppid=296 pid=522 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.610:83): table=mangle family=10 entries=6 +type=SYSCALL msg=audit(1481076985.610:83): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1d599e0 items=0 ppid=296 pid=523 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.612:84): table=security family=10 entries=4 +type=SYSCALL msg=audit(1481076985.612:84): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=20be720 items=0 ppid=296 pid=525 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.613:85): table=security family=10 entries=4 +type=SYSCALL msg=audit(1481076985.613:85): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=f0a720 items=0 ppid=296 pid=526 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.615:86): table=security family=10 entries=4 +type=SYSCALL msg=audit(1481076985.615:86): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=239a720 items=0 ppid=296 pid=527 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076985.620:87): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076985.628:88): table=raw family=10 entries=3 +type=SYSCALL msg=audit(1481076985.628:88): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1a535c0 items=0 ppid=296 pid=528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.632:89): table=raw family=10 entries=3 +type=SYSCALL msg=audit(1481076985.632:89): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=11735c0 items=0 ppid=296 pid=532 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.634:90): table=filter family=10 entries=4 +type=SYSCALL msg=audit(1481076985.634:90): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2553720 items=0 ppid=296 pid=533 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.635:91): table=filter family=10 entries=4 +type=SYSCALL msg=audit(1481076985.635:91): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2257720 items=0 ppid=296 pid=534 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.641:92): table=filter family=10 entries=4 +type=SYSCALL msg=audit(1481076985.641:92): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1815720 items=0 ppid=296 pid=535 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.657:93): table=filter family=2 entries=4 +type=SYSCALL msg=audit(1481076985.657:93): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=9bc600 items=0 ppid=296 pid=537 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.661:94): table=filter family=2 entries=6 +type=SYSCALL msg=audit(1481076985.661:94): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=20ba7d0 items=0 ppid=296 pid=538 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.664:95): table=filter family=2 entries=8 +type=SYSCALL msg=audit(1481076985.664:95): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=c3d9b0 items=0 ppid=296 pid=539 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.687:96): table=filter family=2 entries=10 +type=SYSCALL msg=audit(1481076985.687:96): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1cb7280 items=0 ppid=296 pid=540 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.691:97): table=filter family=2 entries=11 +type=SYSCALL msg=audit(1481076985.691:97): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1b75610 items=0 ppid=296 pid=543 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.719:98): table=filter family=2 entries=12 +type=SYSCALL msg=audit(1481076985.719:98): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1c99770 items=0 ppid=296 pid=545 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.735:99): table=filter family=2 entries=13 +type=SYSCALL msg=audit(1481076985.735:99): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1b788e0 items=0 ppid=296 pid=548 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076985.760:100): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=wpa_supplicant comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076985.764:101): table=filter family=2 entries=14 +type=SYSCALL msg=audit(1481076985.764:101): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=97fa60 items=0 ppid=296 pid=550 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.770:102): table=filter family=2 entries=15 +type=SYSCALL msg=audit(1481076985.770:102): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=22e5f10 items=0 ppid=296 pid=551 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.779:103): table=filter family=2 entries=16 +type=SYSCALL msg=audit(1481076985.779:103): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=7ec260 items=0 ppid=296 pid=552 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.788:104): table=filter family=2 entries=17 +type=SYSCALL msg=audit(1481076985.788:104): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1104760 items=0 ppid=296 pid=558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.790:105): table=filter family=2 entries=19 +type=SYSCALL msg=audit(1481076985.790:105): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=827940 items=0 ppid=296 pid=559 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.795:106): table=filter family=2 entries=21 +type=SYSCALL msg=audit(1481076985.795:106): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1725b10 items=0 ppid=296 pid=561 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.796:107): table=filter family=2 entries=23 +type=SYSCALL msg=audit(1481076985.796:107): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=22e3cf0 items=0 ppid=296 pid=562 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.798:108): table=filter family=2 entries=25 +type=SYSCALL msg=audit(1481076985.798:108): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2389ec0 items=0 ppid=296 pid=563 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.802:109): table=filter family=2 entries=27 +type=SYSCALL msg=audit(1481076985.802:109): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=22d47a0 items=0 ppid=296 pid=564 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.805:110): table=filter family=2 entries=28 +type=SYSCALL msg=audit(1481076985.805:110): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1d10b30 items=0 ppid=296 pid=566 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076985.807:111): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=polkit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076985.812:112): table=filter family=2 entries=29 +type=SYSCALL msg=audit(1481076985.812:112): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1d3dc80 items=0 ppid=296 pid=568 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.813:113): table=filter family=2 entries=30 +type=SYSCALL msg=audit(1481076985.813:113): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=21eae00 items=0 ppid=296 pid=569 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.815:114): table=filter family=2 entries=31 +type=SYSCALL msg=audit(1481076985.815:114): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=b0ff70 items=0 ppid=296 pid=570 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.817:115): table=filter family=2 entries=32 +type=SYSCALL msg=audit(1481076985.817:115): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=19490f0 items=0 ppid=296 pid=571 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.818:116): table=filter family=2 entries=33 +type=SYSCALL msg=audit(1481076985.818:116): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1d32260 items=0 ppid=296 pid=572 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.820:117): table=filter family=2 entries=34 +type=SYSCALL msg=audit(1481076985.820:117): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=aa5720 items=0 ppid=296 pid=573 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.822:118): table=filter family=2 entries=35 +type=SYSCALL msg=audit(1481076985.822:118): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=acaa60 items=0 ppid=296 pid=574 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.823:119): table=filter family=2 entries=36 +type=SYSCALL msg=audit(1481076985.823:119): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1d17f70 items=0 ppid=296 pid=575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.825:120): table=filter family=2 entries=38 +type=SYSCALL msg=audit(1481076985.825:120): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=18cd8a0 items=0 ppid=296 pid=576 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.826:121): table=raw family=2 entries=3 +type=SYSCALL msg=audit(1481076985.826:121): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=12a74d0 items=0 ppid=296 pid=577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.828:122): table=raw family=2 entries=5 +type=SYSCALL msg=audit(1481076985.828:122): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=da4e10 items=0 ppid=296 pid=578 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.830:123): table=raw family=2 entries=6 +type=SYSCALL msg=audit(1481076985.830:123): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=6b4820 items=0 ppid=296 pid=579 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.831:124): table=raw family=2 entries=8 +type=SYSCALL msg=audit(1481076985.831:124): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1f9b160 items=0 ppid=296 pid=580 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.833:125): table=security family=2 entries=4 +type=SYSCALL msg=audit(1481076985.833:125): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=684600 items=0 ppid=296 pid=581 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.834:126): table=security family=2 entries=6 +type=SYSCALL msg=audit(1481076985.834:126): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1a4cf30 items=0 ppid=296 pid=582 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.836:127): table=security family=2 entries=7 +type=SYSCALL msg=audit(1481076985.836:127): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=fae950 items=0 ppid=296 pid=583 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.838:128): table=security family=2 entries=9 +type=SYSCALL msg=audit(1481076985.838:128): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=13e9280 items=0 ppid=296 pid=584 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.839:129): table=security family=2 entries=10 +type=SYSCALL msg=audit(1481076985.839:129): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1ae9ca0 items=0 ppid=296 pid=585 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.841:130): table=security family=2 entries=12 +type=SYSCALL msg=audit(1481076985.841:130): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=e305d0 items=0 ppid=296 pid=586 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.843:131): table=mangle family=2 entries=6 +type=SYSCALL msg=audit(1481076985.843:131): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=ba0850 items=0 ppid=296 pid=587 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.844:132): table=mangle family=2 entries=8 +type=SYSCALL msg=audit(1481076985.844:132): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=d4c180 items=0 ppid=296 pid=588 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.846:133): table=mangle family=2 entries=9 +type=SYSCALL msg=audit(1481076985.846:133): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1d99ba0 items=0 ppid=296 pid=589 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.847:134): table=mangle family=2 entries=11 +type=SYSCALL msg=audit(1481076985.847:134): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1f70d70 items=0 ppid=296 pid=590 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.849:135): table=mangle family=2 entries=13 +type=SYSCALL msg=audit(1481076985.849:135): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=24546b0 items=0 ppid=296 pid=591 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.850:136): table=mangle family=2 entries=14 +type=SYSCALL msg=audit(1481076985.850:136): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1d30820 items=0 ppid=296 pid=592 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.852:137): table=mangle family=2 entries=15 +type=SYSCALL msg=audit(1481076985.852:137): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1711240 items=0 ppid=296 pid=593 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.853:138): table=mangle family=2 entries=17 +type=SYSCALL msg=audit(1481076985.853:138): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1fedb70 items=0 ppid=296 pid=594 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.855:139): table=mangle family=2 entries=18 +type=SYSCALL msg=audit(1481076985.855:139): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2152590 items=0 ppid=296 pid=595 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.856:140): table=mangle family=2 entries=20 +type=SYSCALL msg=audit(1481076985.856:140): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=cf8ec0 items=0 ppid=296 pid=596 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.858:141): table=mangle family=2 entries=21 +type=SYSCALL msg=audit(1481076985.858:141): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=ce78e0 items=0 ppid=296 pid=597 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.860:142): table=mangle family=2 entries=23 +type=SYSCALL msg=audit(1481076985.860:142): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=838210 items=0 ppid=296 pid=598 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.861:143): table=mangle family=2 entries=24 +type=SYSCALL msg=audit(1481076985.861:143): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=759c30 items=0 ppid=296 pid=599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.863:144): table=mangle family=2 entries=26 +type=SYSCALL msg=audit(1481076985.863:144): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=e48560 items=0 ppid=296 pid=600 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.864:145): table=nat family=2 entries=5 +type=SYSCALL msg=audit(1481076985.864:145): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1879720 items=0 ppid=296 pid=601 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.866:146): table=nat family=2 entries=7 +type=SYSCALL msg=audit(1481076985.866:146): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=119c060 items=0 ppid=296 pid=602 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.867:147): table=nat family=2 entries=8 +type=SYSCALL msg=audit(1481076985.867:147): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=264fa70 items=0 ppid=296 pid=603 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.869:148): table=nat family=2 entries=10 +type=SYSCALL msg=audit(1481076985.869:148): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=cc2c50 items=0 ppid=296 pid=604 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.870:149): table=nat family=2 entries=12 +type=SYSCALL msg=audit(1481076985.870:149): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=159d580 items=0 ppid=296 pid=605 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.872:150): table=nat family=2 entries=13 +type=SYSCALL msg=audit(1481076985.872:150): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=baa700 items=0 ppid=296 pid=606 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.873:151): table=nat family=2 entries=14 +type=SYSCALL msg=audit(1481076985.873:151): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=127c110 items=0 ppid=296 pid=607 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.875:152): table=nat family=2 entries=16 +type=SYSCALL msg=audit(1481076985.875:152): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=216aa50 items=0 ppid=296 pid=608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.877:153): table=nat family=2 entries=17 +type=SYSCALL msg=audit(1481076985.877:153): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=aae460 items=0 ppid=296 pid=609 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.878:154): table=nat family=2 entries=19 +type=SYSCALL msg=audit(1481076985.878:154): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=16ad640 items=0 ppid=296 pid=610 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.880:155): table=nat family=2 entries=21 +type=SYSCALL msg=audit(1481076985.880:155): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=112af70 items=0 ppid=296 pid=611 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.881:156): table=nat family=2 entries=22 +type=SYSCALL msg=audit(1481076985.881:156): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=9760f0 items=0 ppid=296 pid=612 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.883:157): table=nat family=2 entries=23 +type=SYSCALL msg=audit(1481076985.883:157): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=11acb00 items=0 ppid=296 pid=613 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.884:158): table=nat family=2 entries=25 +type=SYSCALL msg=audit(1481076985.884:158): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2587440 items=0 ppid=296 pid=614 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.886:159): table=filter family=10 entries=4 +type=SYSCALL msg=audit(1481076985.886:159): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2236720 items=0 ppid=296 pid=615 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.887:160): table=filter family=10 entries=6 +type=SYSCALL msg=audit(1481076985.887:160): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2358960 items=0 ppid=296 pid=616 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.889:161): table=filter family=10 entries=8 +type=SYSCALL msg=audit(1481076985.889:161): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2655bb0 items=0 ppid=296 pid=617 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.890:162): table=filter family=10 entries=10 +type=SYSCALL msg=audit(1481076985.890:162): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=20a6530 items=0 ppid=296 pid=618 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.892:163): table=filter family=10 entries=11 +type=SYSCALL msg=audit(1481076985.892:163): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1b09930 items=0 ppid=296 pid=619 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.893:164): table=filter family=10 entries=12 +type=SYSCALL msg=audit(1481076985.893:164): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=12a7af0 items=0 ppid=296 pid=620 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.895:165): table=filter family=10 entries=13 +type=SYSCALL msg=audit(1481076985.895:165): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=21a4ce0 items=0 ppid=296 pid=621 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.897:166): table=filter family=10 entries=14 +type=SYSCALL msg=audit(1481076985.897:166): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=261ded0 items=0 ppid=296 pid=622 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.898:167): table=filter family=10 entries=15 +type=SYSCALL msg=audit(1481076985.898:167): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=19fc410 items=0 ppid=296 pid=623 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.902:168): table=filter family=10 entries=16 +type=SYSCALL msg=audit(1481076985.902:168): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=23917b0 items=0 ppid=296 pid=624 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.906:169): table=filter family=10 entries=17 +type=SYSCALL msg=audit(1481076985.906:169): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1825d10 items=0 ppid=296 pid=627 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.907:170): table=filter family=10 entries=19 +type=SYSCALL msg=audit(1481076985.907:170): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=d3df50 items=0 ppid=296 pid=628 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.909:171): table=filter family=10 entries=21 +type=SYSCALL msg=audit(1481076985.909:171): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=c811a0 items=0 ppid=296 pid=629 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.911:172): table=filter family=10 entries=23 +type=SYSCALL msg=audit(1481076985.911:172): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=23953e0 items=0 ppid=296 pid=630 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.912:173): table=filter family=10 entries=25 +type=SYSCALL msg=audit(1481076985.912:173): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=213d630 items=0 ppid=296 pid=631 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.914:174): table=filter family=10 entries=27 +type=SYSCALL msg=audit(1481076985.914:174): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2533fb0 items=0 ppid=296 pid=632 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.915:175): table=filter family=10 entries=28 +type=SYSCALL msg=audit(1481076985.915:175): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=b823b0 items=0 ppid=296 pid=633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.917:176): table=filter family=10 entries=29 +type=SYSCALL msg=audit(1481076985.917:176): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=756570 items=0 ppid=296 pid=634 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.919:177): table=filter family=10 entries=30 +type=SYSCALL msg=audit(1481076985.919:177): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1462760 items=0 ppid=296 pid=635 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.920:178): table=filter family=10 entries=31 +type=SYSCALL msg=audit(1481076985.920:178): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=ac1950 items=0 ppid=296 pid=636 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.922:179): table=filter family=10 entries=32 +type=SYSCALL msg=audit(1481076985.922:179): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=25a8b40 items=0 ppid=296 pid=637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.923:180): table=filter family=10 entries=33 +type=SYSCALL msg=audit(1481076985.923:180): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=775d30 items=0 ppid=296 pid=638 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.925:181): table=filter family=10 entries=34 +type=SYSCALL msg=audit(1481076985.925:181): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=8bf270 items=0 ppid=296 pid=639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.926:182): table=filter family=10 entries=35 +type=SYSCALL msg=audit(1481076985.926:182): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=14f6610 items=0 ppid=296 pid=640 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.928:183): table=filter family=10 entries=36 +type=SYSCALL msg=audit(1481076985.928:183): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=772b70 items=0 ppid=296 pid=641 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.930:184): table=filter family=10 entries=38 +type=SYSCALL msg=audit(1481076985.930:184): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1a81540 items=0 ppid=296 pid=642 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.931:185): table=raw family=10 entries=3 +type=SYSCALL msg=audit(1481076985.931:185): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=233a5c0 items=0 ppid=296 pid=643 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.933:186): table=raw family=10 entries=5 +type=SYSCALL msg=audit(1481076985.933:186): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1824f90 items=0 ppid=296 pid=644 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.934:187): table=raw family=10 entries=6 +type=SYSCALL msg=audit(1481076985.934:187): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=26329f0 items=0 ppid=296 pid=645 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.936:188): table=raw family=10 entries=8 +type=SYSCALL msg=audit(1481076985.936:188): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=ab63d0 items=0 ppid=296 pid=646 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.937:189): table=security family=10 entries=4 +type=SYSCALL msg=audit(1481076985.937:189): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=8ca720 items=0 ppid=296 pid=647 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.938:190): table=security family=10 entries=6 +type=SYSCALL msg=audit(1481076985.938:190): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=216f0f0 items=0 ppid=296 pid=648 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.940:191): table=security family=10 entries=7 +type=SYSCALL msg=audit(1481076985.940:191): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1776b50 items=0 ppid=296 pid=649 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.942:192): table=security family=10 entries=9 +type=SYSCALL msg=audit(1481076985.942:192): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1898530 items=0 ppid=296 pid=650 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.943:193): table=security family=10 entries=10 +type=SYSCALL msg=audit(1481076985.943:193): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=234af90 items=0 ppid=296 pid=651 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.945:194): table=security family=10 entries=12 +type=SYSCALL msg=audit(1481076985.945:194): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=22bf960 items=0 ppid=296 pid=652 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.946:195): table=mangle family=10 entries=6 +type=SYSCALL msg=audit(1481076985.946:195): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=22cc9e0 items=0 ppid=296 pid=653 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.948:196): table=mangle family=10 entries=8 +type=SYSCALL msg=audit(1481076985.948:196): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=a873b0 items=0 ppid=296 pid=654 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.949:197): table=mangle family=10 entries=9 +type=SYSCALL msg=audit(1481076985.949:197): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=22a2e10 items=0 ppid=296 pid=655 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.951:198): table=mangle family=10 entries=11 +type=SYSCALL msg=audit(1481076985.951:198): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=14c6060 items=0 ppid=296 pid=656 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.952:199): table=mangle family=10 entries=13 +type=SYSCALL msg=audit(1481076985.952:199): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2549a30 items=0 ppid=296 pid=657 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.954:200): table=mangle family=10 entries=14 +type=SYSCALL msg=audit(1481076985.954:200): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=25b7c20 items=0 ppid=296 pid=658 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.955:201): table=mangle family=10 entries=15 +type=SYSCALL msg=audit(1481076985.955:201): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2434680 items=0 ppid=296 pid=659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.957:202): table=mangle family=10 entries=17 +type=SYSCALL msg=audit(1481076985.957:202): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=22ff060 items=0 ppid=296 pid=660 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.959:203): table=mangle family=10 entries=18 +type=SYSCALL msg=audit(1481076985.959:203): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1f54ac0 items=0 ppid=296 pid=661 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.960:204): table=mangle family=10 entries=20 +type=SYSCALL msg=audit(1481076985.960:204): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=12c7490 items=0 ppid=296 pid=662 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.962:205): table=mangle family=10 entries=21 +type=SYSCALL msg=audit(1481076985.962:205): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=22e0ef0 items=0 ppid=296 pid=663 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.963:206): table=mangle family=10 entries=23 +type=SYSCALL msg=audit(1481076985.963:206): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=113d8d0 items=0 ppid=296 pid=664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.965:207): table=mangle family=10 entries=24 +type=SYSCALL msg=audit(1481076985.965:207): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1f65330 items=0 ppid=296 pid=665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.966:208): table=mangle family=10 entries=26 +type=SYSCALL msg=audit(1481076985.966:208): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=a85d00 items=0 ppid=296 pid=666 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.968:209): table=nat family=10 entries=5 +type=SYSCALL msg=audit(1481076985.968:209): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2227880 items=0 ppid=296 pid=667 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.969:210): table=nat family=10 entries=7 +type=SYSCALL msg=audit(1481076985.969:210): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2646250 items=0 ppid=296 pid=668 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.971:211): table=nat family=10 entries=8 +type=SYSCALL msg=audit(1481076985.971:211): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=15a4cb0 items=0 ppid=296 pid=669 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.972:212): table=nat family=10 entries=10 +type=SYSCALL msg=audit(1481076985.972:212): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=ea5f00 items=0 ppid=296 pid=670 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.974:213): table=nat family=10 entries=12 +type=SYSCALL msg=audit(1481076985.974:213): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1e798d0 items=0 ppid=296 pid=671 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.975:214): table=nat family=10 entries=13 +type=SYSCALL msg=audit(1481076985.975:214): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=25cdac0 items=0 ppid=296 pid=672 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.977:215): table=nat family=10 entries=14 +type=SYSCALL msg=audit(1481076985.977:215): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=ff1520 items=0 ppid=296 pid=673 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.978:216): table=nat family=10 entries=16 +type=SYSCALL msg=audit(1481076985.978:216): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=22bbf00 items=0 ppid=296 pid=674 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.980:217): table=nat family=10 entries=17 +type=SYSCALL msg=audit(1481076985.980:217): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1f83960 items=0 ppid=296 pid=675 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.981:218): table=nat family=10 entries=19 +type=SYSCALL msg=audit(1481076985.981:218): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=23b2ba0 items=0 ppid=296 pid=676 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.983:219): table=nat family=10 entries=21 +type=SYSCALL msg=audit(1481076985.983:219): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1530580 items=0 ppid=296 pid=677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.984:220): table=nat family=10 entries=22 +type=SYSCALL msg=audit(1481076985.984:220): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=cc6770 items=0 ppid=296 pid=678 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.986:221): table=nat family=10 entries=23 +type=SYSCALL msg=audit(1481076985.986:221): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=8f01d0 items=0 ppid=296 pid=679 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.988:222): table=nat family=10 entries=25 +type=SYSCALL msg=audit(1481076985.988:222): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=d86ba0 items=0 ppid=296 pid=680 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.991:223): table=raw family=10 entries=9 +type=SYSCALL msg=audit(1481076985.991:223): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1bcd460 items=0 ppid=296 pid=681 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076985.993:224): table=raw family=10 entries=10 +type=SYSCALL msg=audit(1481076985.993:224): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1c49390 items=0 ppid=296 pid=682 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.085:225): table=filter family=2 entries=39 +type=SYSCALL msg=audit(1481076986.085:225): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=24492c0 items=0 ppid=296 pid=685 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.086:226): table=filter family=2 entries=41 +type=SYSCALL msg=audit(1481076986.086:226): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=19a6490 items=0 ppid=296 pid=686 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.088:227): table=filter family=2 entries=43 +type=SYSCALL msg=audit(1481076986.088:227): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=23ab670 items=0 ppid=296 pid=687 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.089:228): table=filter family=2 entries=45 +type=SYSCALL msg=audit(1481076986.089:228): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2614840 items=0 ppid=296 pid=688 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.091:229): table=filter family=10 entries=39 +type=SYSCALL msg=audit(1481076986.091:229): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=995fa0 items=0 ppid=296 pid=689 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.092:230): table=filter family=10 entries=41 +type=SYSCALL msg=audit(1481076986.092:230): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1a801f0 items=0 ppid=296 pid=690 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.094:231): table=filter family=10 entries=43 +type=SYSCALL msg=audit(1481076986.094:231): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=b38430 items=0 ppid=296 pid=691 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.095:232): table=filter family=10 entries=45 +type=SYSCALL msg=audit(1481076986.095:232): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=9c4680 items=0 ppid=296 pid=692 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.097:233): table=filter family=2 entries=47 +type=SYSCALL msg=audit(1481076986.097:233): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1094180 items=0 ppid=296 pid=693 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.099:234): table=filter family=2 entries=48 +type=SYSCALL msg=audit(1481076986.099:234): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1ba92f0 items=0 ppid=296 pid=694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.101:235): table=filter family=2 entries=49 +type=SYSCALL msg=audit(1481076986.101:235): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1c63470 items=0 ppid=296 pid=695 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.102:236): table=filter family=2 entries=50 +type=SYSCALL msg=audit(1481076986.102:236): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=d97600 items=0 ppid=296 pid=696 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.104:237): table=filter family=10 entries=47 +type=SYSCALL msg=audit(1481076986.104:237): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1b49050 items=0 ppid=296 pid=697 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.105:238): table=filter family=10 entries=48 +type=SYSCALL msg=audit(1481076986.105:238): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=c5f240 items=0 ppid=296 pid=698 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.107:239): table=filter family=10 entries=49 +type=SYSCALL msg=audit(1481076986.107:239): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=b6b430 items=0 ppid=296 pid=699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.108:240): table=filter family=10 entries=50 +type=SYSCALL msg=audit(1481076986.108:240): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=a30650 items=0 ppid=296 pid=700 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.110:241): table=filter family=2 entries=51 +type=SYSCALL msg=audit(1481076986.110:241): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1217000 items=0 ppid=296 pid=701 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.112:242): table=filter family=2 entries=53 +type=SYSCALL msg=audit(1481076986.112:242): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=abd1d0 items=0 ppid=296 pid=702 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.113:243): table=filter family=2 entries=55 +type=SYSCALL msg=audit(1481076986.113:243): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=21ab3b0 items=0 ppid=296 pid=703 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.115:244): table=filter family=2 entries=57 +type=SYSCALL msg=audit(1481076986.115:244): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1afb580 items=0 ppid=296 pid=704 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.116:245): table=filter family=10 entries=51 +type=SYSCALL msg=audit(1481076986.116:245): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=17f0080 items=0 ppid=296 pid=705 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.118:246): table=filter family=10 entries=53 +type=SYSCALL msg=audit(1481076986.118:246): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=246d2d0 items=0 ppid=296 pid=706 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.120:247): table=filter family=10 entries=55 +type=SYSCALL msg=audit(1481076986.120:247): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=f29510 items=0 ppid=296 pid=707 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.121:248): table=filter family=10 entries=57 +type=SYSCALL msg=audit(1481076986.121:248): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=266c760 items=0 ppid=296 pid=708 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.123:249): table=filter family=2 entries=59 +type=SYSCALL msg=audit(1481076986.123:249): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=e2fec0 items=0 ppid=296 pid=709 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.125:250): table=filter family=2 entries=60 +type=SYSCALL msg=audit(1481076986.125:250): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=d73030 items=0 ppid=296 pid=710 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.126:251): table=filter family=2 entries=61 +type=SYSCALL msg=audit(1481076986.126:251): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1cbc1b0 items=0 ppid=296 pid=711 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.128:252): table=filter family=2 entries=62 +type=SYSCALL msg=audit(1481076986.128:252): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=ead340 items=0 ppid=296 pid=712 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.129:253): table=filter family=10 entries=59 +type=SYSCALL msg=audit(1481076986.129:253): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1467130 items=0 ppid=296 pid=713 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.131:254): table=filter family=10 entries=60 +type=SYSCALL msg=audit(1481076986.131:254): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1a2b320 items=0 ppid=296 pid=714 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.133:255): table=filter family=10 entries=61 +type=SYSCALL msg=audit(1481076986.133:255): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1602510 items=0 ppid=296 pid=715 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.134:256): table=filter family=10 entries=62 +type=SYSCALL msg=audit(1481076986.134:256): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=ced730 items=0 ppid=296 pid=716 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.136:257): table=filter family=2 entries=63 +type=SYSCALL msg=audit(1481076986.136:257): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=10d7d40 items=0 ppid=296 pid=717 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.138:258): table=filter family=2 entries=65 +type=SYSCALL msg=audit(1481076986.138:258): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=743f10 items=0 ppid=296 pid=718 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.139:259): table=filter family=2 entries=67 +type=SYSCALL msg=audit(1481076986.139:259): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=e910f0 items=0 ppid=296 pid=719 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.141:260): table=filter family=2 entries=69 +type=SYSCALL msg=audit(1481076986.141:260): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=112d2c0 items=0 ppid=296 pid=720 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.142:261): table=filter family=10 entries=63 +type=SYSCALL msg=audit(1481076986.142:261): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1f11160 items=0 ppid=296 pid=721 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.144:262): table=filter family=10 entries=65 +type=SYSCALL msg=audit(1481076986.144:262): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=14633b0 items=0 ppid=296 pid=722 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.145:263): table=filter family=10 entries=67 +type=SYSCALL msg=audit(1481076986.145:263): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1e9b5f0 items=0 ppid=296 pid=723 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.147:264): table=filter family=10 entries=69 +type=SYSCALL msg=audit(1481076986.147:264): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=164c840 items=0 ppid=296 pid=724 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.149:265): table=filter family=2 entries=71 +type=SYSCALL msg=audit(1481076986.149:265): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1306c00 items=0 ppid=296 pid=725 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.151:266): table=filter family=2 entries=72 +type=SYSCALL msg=audit(1481076986.151:266): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=d35d70 items=0 ppid=296 pid=726 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.152:267): table=filter family=2 entries=73 +type=SYSCALL msg=audit(1481076986.152:267): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1bacef0 items=0 ppid=296 pid=727 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.154:268): table=filter family=2 entries=74 +type=SYSCALL msg=audit(1481076986.154:268): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=206f080 items=0 ppid=296 pid=728 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.156:269): table=filter family=10 entries=71 +type=SYSCALL msg=audit(1481076986.156:269): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1820210 items=0 ppid=296 pid=729 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.157:270): table=filter family=10 entries=72 +type=SYSCALL msg=audit(1481076986.157:270): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1f21400 items=0 ppid=296 pid=730 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.159:271): table=filter family=10 entries=73 +type=SYSCALL msg=audit(1481076986.159:271): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=19f55f0 items=0 ppid=296 pid=731 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.161:272): table=filter family=10 entries=74 +type=SYSCALL msg=audit(1481076986.161:272): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=c19810 items=0 ppid=296 pid=732 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.162:273): table=mangle family=2 entries=27 +type=SYSCALL msg=audit(1481076986.162:273): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=13b5f80 items=0 ppid=296 pid=733 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.164:274): table=mangle family=2 entries=29 +type=SYSCALL msg=audit(1481076986.164:274): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1cd1150 items=0 ppid=296 pid=734 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.166:275): table=mangle family=2 entries=31 +type=SYSCALL msg=audit(1481076986.166:275): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1d07330 items=0 ppid=296 pid=735 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.167:276): table=mangle family=2 entries=33 +type=SYSCALL msg=audit(1481076986.167:276): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2113500 items=0 ppid=296 pid=736 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.169:277): table=mangle family=10 entries=27 +type=SYSCALL msg=audit(1481076986.169:277): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=132b760 items=0 ppid=296 pid=737 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.171:278): table=mangle family=10 entries=29 +type=SYSCALL msg=audit(1481076986.171:278): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=14479b0 items=0 ppid=296 pid=738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.172:279): table=mangle family=10 entries=31 +type=SYSCALL msg=audit(1481076986.172:279): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=250dbf0 items=0 ppid=296 pid=739 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.174:280): table=mangle family=10 entries=33 +type=SYSCALL msg=audit(1481076986.174:280): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=214fe40 items=0 ppid=296 pid=740 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.175:281): table=mangle family=2 entries=35 +type=SYSCALL msg=audit(1481076986.175:281): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=100ce40 items=0 ppid=296 pid=741 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.177:282): table=mangle family=2 entries=36 +type=SYSCALL msg=audit(1481076986.177:282): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2627fb0 items=0 ppid=296 pid=742 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.178:283): table=mangle family=2 entries=37 +type=SYSCALL msg=audit(1481076986.178:283): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=ed9130 items=0 ppid=296 pid=743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.180:284): table=mangle family=10 entries=35 +type=SYSCALL msg=audit(1481076986.180:284): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=deb810 items=0 ppid=296 pid=744 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.182:285): table=mangle family=10 entries=36 +type=SYSCALL msg=audit(1481076986.182:285): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=10efa00 items=0 ppid=296 pid=745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.183:286): table=mangle family=10 entries=37 +type=SYSCALL msg=audit(1481076986.183:286): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=7b3bf0 items=0 ppid=296 pid=746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.185:287): table=nat family=2 entries=26 +type=SYSCALL msg=audit(1481076986.185:287): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1a05e50 items=0 ppid=296 pid=747 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.186:288): table=nat family=2 entries=28 +type=SYSCALL msg=audit(1481076986.186:288): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=14fe030 items=0 ppid=296 pid=748 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.188:289): table=nat family=2 entries=30 +type=SYSCALL msg=audit(1481076986.188:289): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=c35200 items=0 ppid=296 pid=749 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.189:290): table=nat family=2 entries=32 +type=SYSCALL msg=audit(1481076986.189:290): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1cb13e0 items=0 ppid=296 pid=750 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.191:291): table=nat family=10 entries=26 +type=SYSCALL msg=audit(1481076986.191:291): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2499600 items=0 ppid=296 pid=751 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.193:292): table=nat family=10 entries=28 +type=SYSCALL msg=audit(1481076986.193:292): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=243b850 items=0 ppid=296 pid=752 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.194:293): table=nat family=10 entries=30 +type=SYSCALL msg=audit(1481076986.194:293): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=13d5a90 items=0 ppid=296 pid=753 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.196:294): table=nat family=10 entries=32 +type=SYSCALL msg=audit(1481076986.196:294): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1dc2ce0 items=0 ppid=296 pid=754 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.197:295): table=nat family=2 entries=34 +type=SYSCALL msg=audit(1481076986.197:295): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1a7ad10 items=0 ppid=296 pid=755 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.199:296): table=nat family=2 entries=35 +type=SYSCALL msg=audit(1481076986.199:296): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=ba0e90 items=0 ppid=296 pid=756 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.200:297): table=nat family=2 entries=36 +type=SYSCALL msg=audit(1481076986.200:297): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=cd1000 items=0 ppid=296 pid=757 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.202:298): table=nat family=10 entries=34 +type=SYSCALL msg=audit(1481076986.202:298): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1e5d6b0 items=0 ppid=296 pid=758 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.204:299): table=nat family=10 entries=35 +type=SYSCALL msg=audit(1481076986.204:299): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=7a08a0 items=0 ppid=296 pid=759 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.205:300): table=nat family=10 entries=36 +type=SYSCALL msg=audit(1481076986.205:300): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=dc7a90 items=0 ppid=296 pid=760 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.207:301): table=nat family=2 entries=37 +type=SYSCALL msg=audit(1481076986.207:301): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=eeea20 items=0 ppid=296 pid=761 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.208:302): table=nat family=2 entries=39 +type=SYSCALL msg=audit(1481076986.208:302): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1d06bf0 items=0 ppid=296 pid=762 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.210:303): table=nat family=2 entries=41 +type=SYSCALL msg=audit(1481076986.210:303): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=210cdd0 items=0 ppid=296 pid=763 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.211:304): table=nat family=2 entries=43 +type=SYSCALL msg=audit(1481076986.211:304): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=17c2fa0 items=0 ppid=296 pid=764 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.213:305): table=nat family=10 entries=37 +type=SYSCALL msg=audit(1481076986.213:305): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1b954f0 items=0 ppid=296 pid=765 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.215:306): table=nat family=10 entries=39 +type=SYSCALL msg=audit(1481076986.215:306): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=15c1740 items=0 ppid=296 pid=766 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.216:307): table=nat family=10 entries=41 +type=SYSCALL msg=audit(1481076986.216:307): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1306980 items=0 ppid=296 pid=767 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.218:308): table=nat family=10 entries=43 +type=SYSCALL msg=audit(1481076986.218:308): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=214ebd0 items=0 ppid=296 pid=768 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.219:309): table=nat family=2 entries=45 +type=SYSCALL msg=audit(1481076986.219:309): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=cc78e0 items=0 ppid=296 pid=769 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.221:310): table=nat family=2 entries=46 +type=SYSCALL msg=audit(1481076986.221:310): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1bf7a50 items=0 ppid=296 pid=770 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.222:311): table=nat family=2 entries=47 +type=SYSCALL msg=audit(1481076986.222:311): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=183bbd0 items=0 ppid=296 pid=771 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.224:312): table=nat family=10 entries=45 +type=SYSCALL msg=audit(1481076986.224:312): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=10d95a0 items=0 ppid=296 pid=772 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.226:313): table=nat family=10 entries=46 +type=SYSCALL msg=audit(1481076986.226:313): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=c8b790 items=0 ppid=296 pid=773 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.227:314): table=nat family=10 entries=47 +type=SYSCALL msg=audit(1481076986.227:314): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1c65980 items=0 ppid=296 pid=774 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.229:315): table=filter family=2 entries=75 +type=SYSCALL msg=audit(1481076986.229:315): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=25d21e0 items=0 ppid=296 pid=775 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.231:316): table=filter family=10 entries=75 +type=SYSCALL msg=audit(1481076986.231:316): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=24e79d0 items=0 ppid=296 pid=776 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.232:317): table=filter family=2 entries=76 +type=SYSCALL msg=audit(1481076986.232:317): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=9f0350 items=0 ppid=296 pid=777 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.234:318): table=filter family=10 entries=76 +type=SYSCALL msg=audit(1481076986.234:318): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=12d2bc0 items=0 ppid=296 pid=778 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.236:319): table=filter family=2 entries=77 +type=SYSCALL msg=audit(1481076986.236:319): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=ff24d0 items=0 ppid=296 pid=779 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.237:320): table=filter family=10 entries=77 +type=SYSCALL msg=audit(1481076986.237:320): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=d73db0 items=0 ppid=296 pid=780 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.239:321): table=mangle family=2 entries=38 +type=SYSCALL msg=audit(1481076986.239:321): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1b2f2a0 items=0 ppid=296 pid=781 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.241:322): table=mangle family=10 entries=38 +type=SYSCALL msg=audit(1481076986.241:322): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1bc1de0 items=0 ppid=296 pid=782 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.242:323): table=nat family=2 entries=48 +type=SYSCALL msg=audit(1481076986.242:323): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2486d40 items=0 ppid=296 pid=783 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.244:324): table=nat family=10 entries=48 +type=SYSCALL msg=audit(1481076986.244:324): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1744b70 items=0 ppid=296 pid=784 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.246:325): table=nat family=2 entries=49 +type=SYSCALL msg=audit(1481076986.246:325): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=933ec0 items=0 ppid=296 pid=785 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.247:326): table=nat family=10 entries=49 +type=SYSCALL msg=audit(1481076986.247:326): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=24aed60 items=0 ppid=296 pid=786 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.278:327): table=filter family=2 entries=78 +type=SYSCALL msg=audit(1481076986.278:327): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1cc7640 items=0 ppid=296 pid=788 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.279:328): table=filter family=10 entries=78 +type=SYSCALL msg=audit(1481076986.279:328): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=777fa0 items=0 ppid=296 pid=789 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.281:329): table=filter family=2 entries=79 +type=SYSCALL msg=audit(1481076986.281:329): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1e787c0 items=0 ppid=296 pid=790 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.283:330): table=filter family=10 entries=79 +type=SYSCALL msg=audit(1481076986.283:330): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1bc4190 items=0 ppid=296 pid=791 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.284:331): table=filter family=2 entries=80 +type=SYSCALL msg=audit(1481076986.284:331): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=195d930 items=0 ppid=296 pid=792 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.286:332): table=filter family=10 entries=80 +type=SYSCALL msg=audit(1481076986.286:332): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=252d380 items=0 ppid=296 pid=793 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.288:333): table=mangle family=2 entries=39 +type=SYSCALL msg=audit(1481076986.288:333): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1645420 items=0 ppid=296 pid=794 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.289:334): table=mangle family=10 entries=39 +type=SYSCALL msg=audit(1481076986.289:334): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=123efd0 items=0 ppid=296 pid=795 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.291:335): table=nat family=2 entries=50 +type=SYSCALL msg=audit(1481076986.291:335): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=2157030 items=0 ppid=296 pid=796 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.292:336): table=nat family=10 entries=50 +type=SYSCALL msg=audit(1481076986.292:336): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1e74f50 items=0 ppid=296 pid=797 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.294:337): table=nat family=2 entries=51 +type=SYSCALL msg=audit(1481076986.294:337): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=f221b0 items=0 ppid=296 pid=798 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076986.296:338): table=nat family=10 entries=51 +type=SYSCALL msg=audit(1481076986.296:338): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=13a2140 items=0 ppid=296 pid=799 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076986.412:339): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076986.515:340): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ntpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076986.526:341): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ntpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076990.762:342): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076990.762:343): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-wait-online comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076991.152:344): table=filter family=2 entries=81 +type=SYSCALL msg=audit(1481076991.152:344): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=25f0900 items=0 ppid=296 pid=1008 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.158:345): table=filter family=10 entries=81 +type=SYSCALL msg=audit(1481076991.158:345): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=9a6340 items=0 ppid=296 pid=1010 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.160:346): table=filter family=2 entries=80 +type=SYSCALL msg=audit(1481076991.160:346): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=acf780 items=0 ppid=296 pid=1013 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.168:347): table=filter family=10 entries=80 +type=SYSCALL msg=audit(1481076991.168:347): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=9e3150 items=0 ppid=296 pid=1015 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.170:348): table=filter family=2 entries=79 +type=SYSCALL msg=audit(1481076991.170:348): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=174b610 items=0 ppid=296 pid=1016 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.175:349): table=filter family=10 entries=79 +type=SYSCALL msg=audit(1481076991.175:349): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1ba8f60 items=0 ppid=296 pid=1019 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.177:350): table=mangle family=2 entries=40 +type=SYSCALL msg=audit(1481076991.177:350): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=121c3e0 items=0 ppid=296 pid=1021 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.182:351): table=mangle family=10 entries=40 +type=SYSCALL msg=audit(1481076991.182:351): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=17d9f90 items=0 ppid=296 pid=1025 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.184:352): table=nat family=2 entries=52 +type=SYSCALL msg=audit(1481076991.184:352): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=16d7170 items=0 ppid=296 pid=1028 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.187:353): table=nat family=10 entries=52 +type=SYSCALL msg=audit(1481076991.187:353): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1028100 items=0 ppid=296 pid=1030 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.195:354): table=nat family=2 entries=51 +type=SYSCALL msg=audit(1481076991.195:354): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1954000 items=0 ppid=296 pid=1032 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.197:355): table=nat family=10 entries=51 +type=SYSCALL msg=audit(1481076991.197:355): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1fd2f10 items=0 ppid=296 pid=1034 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.202:356): table=filter family=2 entries=78 +type=SYSCALL msg=audit(1481076991.202:356): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=d53640 items=0 ppid=296 pid=1036 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.204:357): table=filter family=10 entries=78 +type=SYSCALL msg=audit(1481076991.204:357): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=2435fa0 items=0 ppid=296 pid=1038 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.209:358): table=filter family=2 entries=79 +type=SYSCALL msg=audit(1481076991.209:358): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=b1b7c0 items=0 ppid=296 pid=1043 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.212:359): table=filter family=10 entries=79 +type=SYSCALL msg=audit(1481076991.212:359): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=15aa190 items=0 ppid=296 pid=1045 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.217:360): table=filter family=2 entries=80 +type=SYSCALL msg=audit(1481076991.217:360): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1dda930 items=0 ppid=296 pid=1049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.220:361): table=filter family=10 entries=80 +type=SYSCALL msg=audit(1481076991.220:361): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=132c380 items=0 ppid=296 pid=1050 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=SERVICE_STOP msg=audit(1481076991.233:362): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ntpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076991.233:363): table=mangle family=2 entries=39 +type=SYSCALL msg=audit(1481076991.233:363): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=68c420 items=0 ppid=296 pid=1052 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.239:364): table=mangle family=10 entries=39 +type=SYSCALL msg=audit(1481076991.239:364): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=22c9fd0 items=0 ppid=296 pid=1056 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076991.243:365): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ntpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=NETFILTER_CFG msg=audit(1481076991.245:366): table=nat family=2 entries=50 +type=SYSCALL msg=audit(1481076991.245:366): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1396030 items=0 ppid=296 pid=1058 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.250:367): table=nat family=10 entries=50 +type=SYSCALL msg=audit(1481076991.250:367): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=13b0f50 items=0 ppid=296 pid=1061 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.254:368): table=nat family=2 entries=51 +type=SYSCALL msg=audit(1481076991.254:368): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1cb11b0 items=0 ppid=296 pid=1062 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=NETFILTER_CFG msg=audit(1481076991.256:369): table=nat family=10 entries=51 +type=SYSCALL msg=audit(1481076991.256:369): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=29 a2=40 a3=1dc1140 items=0 ppid=296 pid=1063 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip6tables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:iptables_t:s0 key=(null) +type=SERVICE_START msg=audit(1481076991.354:370): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=network comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076991.483:371): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ntpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076991.501:372): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ntpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076991.789:373): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tuned comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076991.991:374): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-instance-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076991.991:375): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-instance-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.078:376): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-network-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076992.078:377): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-network-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.078:378): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-ip-forwarding-daemon comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.079:379): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-accounts-daemon comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.080:380): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sshd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.080:381): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-clock-skew-daemon comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.155:382): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-shutdown-scripts comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.398:383): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-startup-scripts comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076992.398:384): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=google-startup-scripts comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=ADD_GROUP msg=audit(1481076992.414:385): pid=1235 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-group id=1000 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' +type=GRP_MGMT msg=audit(1481076992.419:386): pid=1235 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-shadow-group id=1000 exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=success' +type=ADD_GROUP msg=audit(1481076992.467:387): pid=1264 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-group acct="some_user" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.481:388): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=postfix comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=ADD_USER msg=audit(1481076992.488:389): pid=1264 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user id=1000 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' +type=SYSTEM_RUNLEVEL msg=audit(1481076992.492:390): pid=1279 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='old-level=N new-level=3 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success' +type=SERVICE_START msg=audit(1481076992.492:391): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481076992.493:392): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.521:393): pid=1264 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-home-dir id=1000 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.534:394): pid=1285 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user-to-group grp="adm" acct="some_user" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.534:395): pid=1285 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user-to-group grp="video" acct="some_user" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.534:396): pid=1285 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user-to-group grp="dip" acct="some_user" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.534:397): pid=1285 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user-to-group grp="google-sudoers" acct="some_user" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.534:398): pid=1285 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user-to-shadow-group grp="adm" acct="some_user" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.534:399): pid=1285 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user-to-shadow-group grp="video" acct="some_user" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.534:400): pid=1285 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user-to-shadow-group grp="dip" acct="some_user" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' +type=USER_MGMT msg=audit(1481076992.534:401): pid=1285 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user-to-shadow-group grp="google-sudoers" acct="some_user" exe="/usr/sbin/usermod" hostname=? addr=? terminal=? res=success' +type=USYS_CONFIG msg=audit(1481076993.000:402): pid=1232 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='changing system time exe="/usr/sbin/hwclock" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481077001.763:403): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077041.497:404): pid=1299 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1299 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077041.497:405): pid=1299 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1299 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_SESSION msg=audit(1481077041.515:406): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1299 suid=74 rport=63927 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_SESSION msg=audit(1481077041.515:407): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1299 suid=74 rport=63927 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077043.046:408): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=63927 acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077043.046:409): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ea:4e:a7:19:2a:35:b9:0f:ee:6c:76:f3:3f:52:e4:73 rport=63927 acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_ACCT msg=audit(1481077043.052:410): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077043.053:411): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1299 suid=74 rport=63927 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077043.054:412): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=ssh res=success' +type=CRED_ACQ msg=audit(1481077043.057:413): pid=1298 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=LOGIN msg=audit(1481077043.057:414): pid=1298 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 old-ses=4294967295 ses=1 res=1 +type=USER_ROLE_CHANGE msg=audit(1481077043.140:415): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_START msg=audit(1481077043.170:416): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077043.170:417): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1298 suid=0 rport=63927 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077043.171:418): pid=1301 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1301 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077043.171:419): pid=1301 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1301 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRED_ACQ msg=audit(1481077043.172:420): pid=1301 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_LOGIN msg=audit(1481077043.193:421): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481077043.194:422): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=/dev/pts/0 res=success' +type=USER_END msg=audit(1481077049.033:423): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_LOGOUT msg=audit(1481077049.033:424): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRYPTO_KEY_USER msg=audit(1481077049.054:425): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1301 suid=1000 rport=63927 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_END msg=audit(1481077049.057:426): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRED_DISP msg=audit(1481077049.058:427): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077049.058:428): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1298 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077049.058:429): pid=1298 uid=0 auid=1000 ses=1 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1298 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077072.307:430): pid=1325 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1325 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077072.307:431): pid=1325 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1325 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_SESSION msg=audit(1481077072.328:432): pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1325 suid=74 rport=63929 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_SESSION msg=audit(1481077072.328:433): pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1325 suid=74 rport=63929 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077072.487:434): pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=63929 acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077072.487:435): pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ea:4e:a7:19:2a:35:b9:0f:ee:6c:76:f3:3f:52:e4:73 rport=63929 acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_ACCT msg=audit(1481077072.491:436): pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077072.493:437): pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1325 suid=74 rport=63929 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077072.493:438): pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=ssh res=success' +type=CRED_ACQ msg=audit(1481077072.494:439): pid=1324 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=LOGIN msg=audit(1481077072.495:440): pid=1324 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 old-ses=4294967295 ses=2 res=1 +type=USER_ROLE_CHANGE msg=audit(1481077072.564:441): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_START msg=audit(1481077072.589:442): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077072.590:443): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1324 suid=0 rport=63929 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077072.591:444): pid=1327 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1327 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077072.591:445): pid=1327 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1327 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRED_ACQ msg=audit(1481077072.592:446): pid=1327 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_LOGIN msg=audit(1481077072.611:447): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_START msg=audit(1481077072.612:448): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077074.324:449): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1327 suid=1000 rport=63929 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_END msg=audit(1481077074.326:450): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRED_DISP msg=audit(1481077074.327:451): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_END msg=audit(1481077074.329:452): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_LOGOUT msg=audit(1481077074.329:453): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077074.329:454): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1324 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077074.329:455): pid=1324 uid=0 auid=1000 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1324 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077083.100:456): pid=1340 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1340 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077083.100:457): pid=1340 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1340 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_SESSION msg=audit(1481077083.118:458): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1340 suid=74 rport=63931 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_SESSION msg=audit(1481077083.118:459): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1340 suid=74 rport=63931 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077083.282:460): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=63931 acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077083.282:461): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ea:4e:a7:19:2a:35:b9:0f:ee:6c:76:f3:3f:52:e4:73 rport=63931 acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_ACCT msg=audit(1481077083.287:462): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077083.288:463): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1340 suid=74 rport=63931 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077083.289:464): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=ssh res=success' +type=CRED_ACQ msg=audit(1481077083.290:465): pid=1339 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=LOGIN msg=audit(1481077083.290:466): pid=1339 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 old-ses=4294967295 ses=3 res=1 +type=USER_ROLE_CHANGE msg=audit(1481077083.358:467): pid=1339 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_START msg=audit(1481077083.388:468): pid=1339 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077083.389:469): pid=1339 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1339 suid=0 rport=63931 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077083.390:470): pid=1342 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1342 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077083.390:471): pid=1342 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1342 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRED_ACQ msg=audit(1481077083.391:472): pid=1342 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_LOGIN msg=audit(1481077083.414:473): pid=1339 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481077083.414:474): pid=1339 uid=0 auid=1000 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=/dev/pts/0 res=success' +type=USER_CMD msg=audit(1481077231.363:475): pid=1382 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=2E2F676F2D6175646974202D636F6E6669672061756469742E79616D6C terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481077231.363:476): pid=1382 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481077231.364:477): pid=1382 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CONFIG_CHANGE msg=audit(1481077231.371:478): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="add_rule" key=(null) list=4 res=1 +type=SYSCALL msg=audit(1481077231.371:479): arch=c000003e syscall=59 success=yes exit=0 a0=c4201249d0 a1=c42003cbc0 a2=c420064480 a3=0 items=2 ppid=1383 pid=1391 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077231.371:479): argc=7 a0="auditctl" a1="-a" a2="exit,always" a3="-F" a4="arch=b32" a5="-S" a6="execve" +type=CWD msg=audit(1481077231.371:479): cwd="/home/some_user" +type=PATH msg=audit(1481077231.371:479): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077231.371:479): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481077231.372:480): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="add_rule" key=(null) list=4 res=1 +type=SYSCALL msg=audit(1481077231.372:481): arch=c000003e syscall=59 success=yes exit=0 a0=c420124b50 a1=c42012a1e0 a2=c4200645a0 a3=0 items=2 ppid=1383 pid=1393 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077231.372:481): argc=3 a0="auditctl" a1="-e" a2="1" +type=CWD msg=audit(1481077231.372:481): cwd="/home/some_user" +type=PATH msg=audit(1481077231.372:481): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077231.372:481): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481077231.373:482): audit_enabled=1 old=1 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=1 +type=UNKNOWN[1329] msg=g +type=SYSCALL msg=audit(1481077232.471:483): arch=c000003e syscall=59 success=no exit=-2 a0=1325fc0 a1=133b250 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077232.471:483): cwd="/" +type=PATH msg=audit(1481077232.471:483): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077232.471:484): arch=c000003e syscall=59 success=no exit=-2 a0=1325fc0 a1=133b250 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077232.471:484): cwd="/" +type=PATH msg=audit(1481077232.471:484): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077232.471:485): arch=c000003e syscall=59 success=yes exit=0 a0=1325fc0 a1=133b250 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077232.471:485): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077232.471:485): cwd="/" +type=PATH msg=audit(1481077232.471:485): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077232.471:485): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=g +type=UNKNOWN[1329] msg=g +type=UNKNOWN[1329] msg=g +type=UNKNOWN[1329] msg=g +type=SYSCALL msg=audit(1481077253.941:486): arch=c000003e syscall=59 success=yes exit=0 a0=7f4e7a34ba60 a1=7f4e7a34a280 a2=7f4e7a3497c0 a3=a items=2 ppid=1223 pid=1397 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077253.941:486): argc=3 a0="/usr/sbin/sshd" a1="-D" a2="-R" +type=CWD msg=audit(1481077253.941:486): cwd="/" +type=PATH msg=audit(1481077253.941:486): item=0 name="/usr/sbin/sshd" inode=17367919 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sshd_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077253.941:486): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CRYPTO_KEY_USER msg=audit(1481077253.949:487): pid=1398 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1398 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077253.949:488): pid=1398 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1398 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_SESSION msg=audit(1481077253.969:489): pid=1397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1398 suid=74 rport=63973 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_SESSION msg=audit(1481077253.969:490): pid=1397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac= pfs=curve25519-sha256@libssh.org spid=1398 suid=74 rport=63973 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077254.134:491): pid=1397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth rport=63973 acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077254.134:492): pid=1397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=key algo=ssh-rsa size=2048 fp=ea:4e:a7:19:2a:35:b9:0f:ee:6c:76:f3:3f:52:e4:73 rport=63973 acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=SYSCALL msg=audit(1481077254.135:493): arch=c000003e syscall=59 success=yes exit=0 a0=7f01f14443ed a1=7ffc04ef9a80 a2=7f01f1647388 a3=2 items=2 ppid=1397 pid=1399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=system_u:system_r:chkpwd_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.135:493): argc=3 a0="/usr/sbin/unix_chkpwd" a1="some_user" a2="chkexpiry" +type=CWD msg=audit(1481077254.135:493): cwd="/" +type=PATH msg=audit(1481077254.135:493): item=0 name="/usr/sbin/unix_chkpwd" inode=16781526 dev=08:01 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.135:493): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=USER_ACCT msg=audit(1481077254.138:494): pid=1397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077254.139:495): pid=1397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1398 suid=74 rport=63973 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=USER_AUTH msg=audit(1481077254.139:496): pid=1397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=success acct="some_user" exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=ssh res=success' +type=CRED_ACQ msg=audit(1481077254.140:497): pid=1397 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=LOGIN msg=audit(1481077254.140:498): pid=1397 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 old-ses=4294967295 ses=4 res=1 +type=USER_ROLE_CHANGE msg=audit(1481077254.211:499): pid=1397 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_START msg=audit(1481077254.230:500): pid=1397 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=CRYPTO_KEY_USER msg=audit(1481077254.230:501): pid=1397 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1397 suid=0 rport=63973 laddr=10.142.0.2 lport=22 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077254.232:502): pid=1400 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=6d:a3:7f:ed:de:4a:79:f2:aa:49:ec:d1:75:36:97:a3 direction=? spid=1400 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRYPTO_KEY_USER msg=audit(1481077254.232:503): pid=1400 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=ce:96:0e:51:3e:14:4e:e8:be:d1:0f:f0:0c:f5:63:a0 direction=? spid=1400 suid=0 exe="/usr/sbin/sshd" hostname=? addr=96.241.146.97 terminal=? res=success' +type=CRED_ACQ msg=audit(1481077254.233:504): pid=1400 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="some_user" exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=ssh res=success' +type=USER_LOGIN msg=audit(1481077254.255:505): pid=1397 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=/dev/pts/1 res=success' +type=USER_START msg=audit(1481077254.255:506): pid=1397 uid=0 auid=1000 ses=4 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=pool-96-241-146-97.washdc.fios.verizon.net addr=96.241.146.97 terminal=/dev/pts/1 res=success' +type=SYSCALL msg=audit(1481077254.258:507): arch=c000003e syscall=59 success=yes exit=0 a0=7f01f7181960 a1=7ffc04ef9280 a2=7f01f717f0c0 a3=8 items=2 ppid=1400 pid=1401 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="bash" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.258:507): argc=1 a0="-bash" +type=CWD msg=audit(1481077254.258:507): cwd="/home/some_user" +type=PATH msg=audit(1481077254.258:507): item=0 name="/bin/bash" inode=1429 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.258:507): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.261:508): arch=c000003e syscall=59 success=yes exit=0 a0=21fbee0 a1=21fc1e0 a2=21f8b30 a3=7ffd20e9bc00 items=2 ppid=1402 pid=1403 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="id" exe="/usr/bin/id" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.261:508): argc=2 a0="id" a1="-un" +type=CWD msg=audit(1481077254.261:508): cwd="/home/some_user" +type=PATH msg=audit(1481077254.261:508): item=0 name="/usr/bin/id" inode=4717 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.261:508): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.264:509): arch=c000003e syscall=59 success=yes exit=0 a0=21fa270 a1=21f9f40 a2=21fc810 a3=7ffd20e9c140 items=2 ppid=1404 pid=1405 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="hostname" exe="/usr/bin/hostname" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.264:509): argc=1 a0="/usr/bin/hostname" +type=CWD msg=audit(1481077254.264:509): cwd="/home/some_user" +type=PATH msg=audit(1481077254.264:509): item=0 name="/usr/bin/hostname" inode=3832 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:hostname_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.264:509): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.265:510): arch=c000003e syscall=59 success=yes exit=0 a0=21fcec0 a1=21fd190 a2=21fcb40 a3=7ffd20e9bf10 items=2 ppid=1406 pid=1407 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="id" exe="/usr/bin/id" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.265:510): argc=2 a0="id" a1="-gn" +type=CWD msg=audit(1481077254.265:510): cwd="/home/some_user" +type=PATH msg=audit(1481077254.265:510): item=0 name="/usr/bin/id" inode=4717 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.265:510): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.266:511): arch=c000003e syscall=59 success=yes exit=0 a0=21fcf00 a1=21fd1d0 a2=21fcb40 a3=7ffd20e9bf10 items=2 ppid=1408 pid=1409 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="id" exe="/usr/bin/id" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.266:511): argc=2 a0="id" a1="-un" +type=CWD msg=audit(1481077254.266:511): cwd="/home/some_user" +type=PATH msg=audit(1481077254.266:511): item=0 name="/usr/bin/id" inode=4717 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.266:511): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.268:512): arch=c000003e syscall=59 success=yes exit=0 a0=21fdfe0 a1=21fe010 a2=21fcb40 a3=7ffd20e9be20 items=3 ppid=1401 pid=1410 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="grepconf.sh" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.268:512): argc=3 a0="/bin/sh" a1="/usr/libexec/grepconf.sh" a2="-c" +type=CWD msg=audit(1481077254.268:512): cwd="/home/some_user" +type=PATH msg=audit(1481077254.268:512): item=0 name="/usr/libexec/grepconf.sh" inode=16779035 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.268:512): item=1 name="/bin/sh" inode=1429 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.268:512): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.269:513): arch=c000003e syscall=59 success=yes exit=0 a0=17616d0 a1=175fc30 a2=175f600 a3=7ffc3c283e00 items=2 ppid=1410 pid=1411 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="grep" exe="/usr/bin/grep" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.269:513): argc=4 a0="grep" a1="-qsi" a2="^COLOR.*none" a3="/etc/GREP_COLORS" +type=CWD msg=audit(1481077254.269:513): cwd="/home/some_user" +type=PATH msg=audit(1481077254.269:513): item=0 name="/usr/bin/grep" inode=2512 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.269:513): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.270:514): arch=c000003e syscall=59 success=yes exit=0 a0=2202d40 a1=2202f20 a2=21fcb40 a3=7ffd20e9aef0 items=2 ppid=1412 pid=1413 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="tty" exe="/usr/bin/tty" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.270:514): argc=2 a0="/usr/bin/tty" a1="-s" +type=CWD msg=audit(1481077254.270:514): cwd="/home/some_user" +type=PATH msg=audit(1481077254.270:514): item=0 name="/usr/bin/tty" inode=4775 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.270:514): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.271:515): arch=c000003e syscall=59 success=yes exit=0 a0=2202e40 a1=2202ee0 a2=21fcb40 a3=7ffd20e9aef0 items=2 ppid=1412 pid=1414 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="tput" exe="/usr/bin/tput" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.271:515): argc=2 a0="/usr/bin/tput" a1="colors" +type=CWD msg=audit(1481077254.271:515): cwd="/home/some_user" +type=PATH msg=audit(1481077254.271:515): item=0 name="/usr/bin/tput" inode=4609 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.271:515): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.273:516): arch=c000003e syscall=59 success=yes exit=0 a0=2202000 a1=21fde10 a2=21fcb40 a3=7ffd20e9b440 items=2 ppid=1415 pid=1416 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="dircolors" exe="/usr/bin/dircolors" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.273:516): argc=3 a0="/usr/bin/dircolors" a1="--sh" a2="/etc/DIR_COLORS.256color" +type=CWD msg=audit(1481077254.273:516): cwd="/home/some_user" +type=PATH msg=audit(1481077254.273:516): item=0 name="/usr/bin/dircolors" inode=4703 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.273:516): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.274:517): arch=c000003e syscall=59 success=yes exit=0 a0=2202360 a1=2201f90 a2=21fcb40 a3=7ffd20e9bc20 items=2 ppid=1401 pid=1417 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="grep" exe="/usr/bin/grep" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.274:517): argc=4 a0="/usr/bin/grep" a1="-qi" a2="^COLOR.*none" a3="/etc/DIR_COLORS.256color" +type=CWD msg=audit(1481077254.274:517): cwd="/home/some_user" +type=PATH msg=audit(1481077254.274:517): item=0 name="/usr/bin/grep" inode=2512 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.274:517): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077254.276:518): arch=c000003e syscall=59 success=yes exit=0 a0=21f90b0 a1=22094b0 a2=21fcb40 a3=7ffd20e9b560 items=2 ppid=1418 pid=1419 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="id" exe="/usr/bin/id" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077254.276:518): argc=2 a0="/usr/bin/id" a1="-u" +type=CWD msg=audit(1481077254.276:518): cwd="/home/some_user" +type=PATH msg=audit(1481077254.276:518): item=0 name="/usr/bin/id" inode=4717 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077254.276:518): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=g +type=UNKNOWN[1329] msg=g +type=UNKNOWN[1329] msg=g +type=SYSCALL msg=audit(1481077267.546:519): arch=c000003e syscall=59 success=yes exit=0 a0=1e7e880 a1=1d074b0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1420 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077267.546:519): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077267.546:519): cwd="/" +type=PATH msg=audit(1481077267.546:519): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077267.546:519): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077267.553:520): arch=c000003e syscall=59 success=yes exit=0 a0=1e7e880 a1=1d074b0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1421 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077267.553:520): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077267.553:520): cwd="/" +type=PATH msg=audit(1481077267.553:520): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077267.553:520): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077267.557:521): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1e7e880 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1422 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077267.557:521): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077267.557:521): cwd="/" +type=PATH msg=audit(1481077267.557:521): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077267.557:521): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077267.561:522): arch=c000003e syscall=59 success=yes exit=0 a0=1e7e880 a1=1d074b0 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1423 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077267.561:522): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077267.561:522): cwd="/" +type=PATH msg=audit(1481077267.561:522): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077267.561:522): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=g +type=USER_END msg=audit(1481077275.343:523): pid=1382 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRED_DISP msg=audit(1481077275.343:524): pid=1382 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481077278.176:525): arch=c000003e syscall=59 success=yes exit=0 a0=a32d70 a1=a2db60 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1425 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077278.176:525): argc=2 a0="vim" a1="audit.yaml" +type=CWD msg=audit(1481077278.176:525): cwd="/home/some_user" +type=PATH msg=audit(1481077278.176:525): item=0 name="/usr/bin/vim" inode=196663 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077278.176:525): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077292.487:526): arch=c000003e syscall=59 success=no exit=-2 a0=134a2c0 a1=132e110 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1426 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077292.487:526): cwd="/" +type=PATH msg=audit(1481077292.487:526): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077292.487:527): arch=c000003e syscall=59 success=no exit=-2 a0=134a2c0 a1=126f4b0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1426 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077292.487:527): cwd="/" +type=PATH msg=audit(1481077292.487:527): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077292.487:528): arch=c000003e syscall=59 success=yes exit=0 a0=134a2c0 a1=10d45a0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1426 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077292.487:528): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077292.487:528): cwd="/" +type=PATH msg=audit(1481077292.487:528): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077292.487:528): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077308.360:529): arch=c000003e syscall=59 success=yes exit=0 a0=a30250 a1=a35ae0 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1427 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481077308.360:529): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481077308.360:529): argc=4 a0="sudo" a1="./go-audit" a2="-config" a3="audit.yaml" +type=CWD msg=audit(1481077308.360:529): cwd="/home/some_user" +type=PATH msg=audit(1481077308.360:529): item=0 name="/usr/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077308.360:529): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481077308.366:530): pid=1427 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=2E2F676F2D6175646974202D636F6E6669672061756469742E79616D6C terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481077308.367:531): pid=1427 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481077308.368:532): pid=1427 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481077308.371:533): arch=c000003e syscall=59 success=yes exit=0 a0=7fb905da05d8 a1=7fb905da5d38 a2=7fb905da9ad0 a3=6 items=1 ppid=1427 pid=1428 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="go-audit" exe="/home/some_user/go-audit" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077308.371:533): argc=3 a0="./go-audit" a1="-config" a2="audit.yaml" +type=CWD msg=audit(1481077308.371:533): cwd="/home/some_user" +type=PATH msg=audit(1481077308.371:533): item=0 name="./go-audit" inode=33600792 dev=08:01 mode=0100755 ouid=1000 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077308.376:534): arch=c000003e syscall=59 success=yes exit=0 a0=c42011e580 a1=c4200a7a80 a2=c420064240 a3=0 items=2 ppid=1428 pid=1431 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077308.376:534): argc=2 a0="auditctl" a1="-D" +type=CWD msg=audit(1481077308.376:534): cwd="/home/some_user" +type=PATH msg=audit(1481077308.376:534): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077308.376:534): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481077308.377:535): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="remove_rule" key=(null) list=4 res=1 +type=CONFIG_CHANGE msg=audit(1481077308.377:536): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="remove_rule" key=(null) list=4 res=1 +type=CONFIG_CHANGE msg=audit(1481077308.378:537): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="add_rule" key=(null) list=4 res=1 +type=SYSCALL msg=audit(1481077308.378:538): arch=c000003e syscall=59 success=yes exit=0 a0=c42011e890 a1=c42003cb40 a2=c420064480 a3=0 items=2 ppid=1428 pid=1436 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077308.378:538): argc=7 a0="auditctl" a1="-a" a2="exit,always" a3="-F" a4="arch=b32" a5="-S" a6="execve" +type=CWD msg=audit(1481077308.378:538): cwd="/home/some_user" +type=PATH msg=audit(1481077308.378:538): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077308.378:538): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481077308.379:539): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="add_rule" key=(null) list=4 res=1 +type=SYSCALL msg=audit(1481077308.379:540): arch=c000003e syscall=59 success=yes exit=0 a0=c42011ea10 a1=c4200a7fe0 a2=c4200645a0 a3=0 items=2 ppid=1428 pid=1438 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077308.379:540): argc=3 a0="auditctl" a1="-e" a2="1" +type=CWD msg=audit(1481077308.379:540): cwd="/home/some_user" +type=PATH msg=audit(1481077308.379:540): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077308.379:540): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481077308.379:541): audit_enabled=1 old=1 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=1 +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077317.921:542): arch=c000003e syscall=59 success=yes exit=0 a0=21fb380 a1=21fd630 a2=21fffd0 a3=7ffd20e9c940 items=1 ppid=1401 pid=1441 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="go-audit" exe="/home/some_user/go-audit" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077317.921:542): argc=2 a0="./go-audit" a1="-h" +type=CWD msg=audit(1481077317.921:542): cwd="/home/some_user" +type=PATH msg=audit(1481077317.921:542): item=0 name="./go-audit" inode=33600792 dev=08:01 mode=0100755 ouid=1000 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077334.297:543): arch=c000003e syscall=59 success=yes exit=0 a0=21fd7f0 a1=21fba60 a2=21fffd0 a3=7ffd20e9c940 items=2 ppid=1401 pid=1444 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=4 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481077334.297:543): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481077334.297:543): argc=2 a0="sudo" a1="su" +type=CWD msg=audit(1481077334.297:543): cwd="/home/some_user" +type=PATH msg=audit(1481077334.297:543): item=0 name="/usr/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.297:543): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481077334.302:544): pid=1444 uid=1000 auid=1000 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd="su" terminal=pts/1 res=success' +type=CRED_ACQ msg=audit(1481077334.302:545): pid=1444 uid=0 auid=1000 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success' +type=USER_START msg=audit(1481077334.303:546): pid=1444 uid=0 auid=1000 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success' +type=SYSCALL msg=audit(1481077334.304:547): arch=c000003e syscall=59 success=yes exit=0 a0=7f683953a5d8 a1=7f683953fd38 a2=7f6839543a90 a3=6 items=2 ppid=1444 pid=1445 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="su" exe="/usr/bin/su" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.304:547): argc=1 a0="su" +type=CWD msg=audit(1481077334.304:547): cwd="/home/some_user" +type=PATH msg=audit(1481077334.304:547): item=0 name="/bin/su" inode=5026 dev=08:01 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:su_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.304:547): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=USER_AUTH msg=audit(1481077334.322:548): pid=1445 uid=0 auid=1000 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=pts/1 res=success' +type=USER_ACCT msg=audit(1481077334.323:549): pid=1445 uid=0 auid=1000 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_succeed_if acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=pts/1 res=success' +type=CRED_ACQ msg=audit(1481077334.323:550): pid=1445 uid=0 auid=1000 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=pts/1 res=success' +type=USER_START msg=audit(1481077334.329:551): pid=1445 uid=0 auid=1000 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=pts/1 res=success' +type=SYSCALL msg=audit(1481077334.330:552): arch=c000003e syscall=59 success=yes exit=0 a0=7f6305e237d0 a1=7f6305e41300 a2=7f6305e41260 a3=2 items=2 ppid=1445 pid=1446 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="bash" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.330:552): argc=1 a0="bash" +type=CWD msg=audit(1481077334.330:552): cwd="/home/some_user" +type=PATH msg=audit(1481077334.330:552): item=0 name="/bin/bash" inode=1429 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.330:552): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077334.334:553): arch=c000003e syscall=59 success=yes exit=0 a0=17189c0 a1=1718050 a2=1717320 a3=7ffcb116f5f0 items=3 ppid=1446 pid=1447 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="grepconf.sh" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.334:553): argc=3 a0="/bin/sh" a1="/usr/libexec/grepconf.sh" a2="-c" +type=CWD msg=audit(1481077334.334:553): cwd="/home/some_user" +type=PATH msg=audit(1481077334.334:553): item=0 name="/usr/libexec/grepconf.sh" inode=16779035 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.334:553): item=1 name="/bin/sh" inode=1429 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.334:553): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077334.335:554): arch=c000003e syscall=59 success=yes exit=0 a0=1389770 a1=1387cc0 a2=13870b0 a3=7ffdff49a5c0 items=2 ppid=1447 pid=1448 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="grep" exe="/usr/bin/grep" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.335:554): argc=4 a0="grep" a1="-qsi" a2="^COLOR.*none" a3="/etc/GREP_COLORS" +type=CWD msg=audit(1481077334.335:554): cwd="/home/some_user" +type=PATH msg=audit(1481077334.335:554): item=0 name="/bin/grep" inode=2512 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.335:554): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077334.336:555): arch=c000003e syscall=59 success=yes exit=0 a0=172df20 a1=172e100 a2=1717320 a3=7ffcb116e6c0 items=2 ppid=1449 pid=1450 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="tty" exe="/usr/bin/tty" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.336:555): argc=2 a0="/usr/bin/tty" a1="-s" +type=CWD msg=audit(1481077334.336:555): cwd="/home/some_user" +type=PATH msg=audit(1481077334.336:555): item=0 name="/usr/bin/tty" inode=4775 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.336:555): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077334.337:556): arch=c000003e syscall=59 success=yes exit=0 a0=172e020 a1=172e0c0 a2=1717320 a3=7ffcb116e6c0 items=2 ppid=1449 pid=1451 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="tput" exe="/usr/bin/tput" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.337:556): argc=2 a0="/usr/bin/tput" a1="colors" +type=CWD msg=audit(1481077334.337:556): cwd="/home/some_user" +type=PATH msg=audit(1481077334.337:556): item=0 name="/usr/bin/tput" inode=4609 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.337:556): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077334.338:557): arch=c000003e syscall=59 success=yes exit=0 a0=172d260 a1=1718330 a2=1717320 a3=7ffcb116ec10 items=2 ppid=1452 pid=1453 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="dircolors" exe="/usr/bin/dircolors" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.338:557): argc=3 a0="/usr/bin/dircolors" a1="--sh" a2="/etc/DIR_COLORS.256color" +type=CWD msg=audit(1481077334.338:557): cwd="/home/some_user" +type=PATH msg=audit(1481077334.338:557): item=0 name="/usr/bin/dircolors" inode=4703 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.338:557): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077334.339:558): arch=c000003e syscall=59 success=yes exit=0 a0=1717c80 a1=172d200 a2=172ced0 a3=7ffcb116f3f0 items=2 ppid=1446 pid=1454 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="grep" exe="/usr/bin/grep" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.339:558): argc=4 a0="/usr/bin/grep" a1="-qi" a2="^COLOR.*none" a3="/etc/DIR_COLORS.256color" +type=CWD msg=audit(1481077334.339:558): cwd="/home/some_user" +type=PATH msg=audit(1481077334.339:558): item=0 name="/usr/bin/grep" inode=2512 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.339:558): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077334.341:559): arch=c000003e syscall=59 success=yes exit=0 a0=172f220 a1=172e1b0 a2=172ced0 a3=7ffcb116ed30 items=2 ppid=1455 pid=1456 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="id" exe="/usr/bin/id" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077334.341:559): argc=2 a0="/usr/bin/id" a1="-u" +type=CWD msg=audit(1481077334.341:559): cwd="/home/some_user" +type=PATH msg=audit(1481077334.341:559): item=0 name="/usr/bin/id" inode=4717 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077334.341:559): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077336.705:560): arch=c000003e syscall=59 success=yes exit=0 a0=1715420 a1=17182e0 a2=172ced0 a3=7ffcb1170ad0 items=1 ppid=1446 pid=1457 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="go-audit" exe="/home/some_user/go-audit" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077336.705:560): argc=2 a0="./go-audit" a1="-h" +type=CWD msg=audit(1481077336.705:560): cwd="/home/some_user" +type=PATH msg=audit(1481077336.705:560): item=0 name="./go-audit" inode=33600792 dev=08:01 mode=0100755 ouid=1000 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077352.504:561): arch=c000003e syscall=59 success=no exit=-2 a0=11eb200 a1=11d6480 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1460 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077352.504:561): cwd="/" +type=PATH msg=audit(1481077352.504:561): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077352.504:562): arch=c000003e syscall=59 success=no exit=-2 a0=11eb200 a1=f76340 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1460 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077352.504:562): cwd="/" +type=PATH msg=audit(1481077352.504:562): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077352.504:563): arch=c000003e syscall=59 success=yes exit=0 a0=11eb200 a1=132e110 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1460 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077352.504:563): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077352.504:563): cwd="/" +type=PATH msg=audit(1481077352.504:563): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077352.504:563): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077356.580:564): arch=c000003e syscall=59 success=yes exit=0 a0=1e7e880 a1=1e97ef0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1461 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077356.580:564): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077356.580:564): cwd="/" +type=PATH msg=audit(1481077356.580:564): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077356.580:564): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077356.585:565): arch=c000003e syscall=59 success=yes exit=0 a0=1e7e880 a1=1e97ef0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1462 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077356.585:565): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077356.585:565): cwd="/" +type=PATH msg=audit(1481077356.585:565): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077356.585:565): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077356.590:566): arch=c000003e syscall=59 success=yes exit=0 a0=1e7e880 a1=1e9c500 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077356.590:566): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077356.590:566): cwd="/" +type=PATH msg=audit(1481077356.590:566): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077356.590:566): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077356.593:567): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1e9f8a0 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1464 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077356.593:567): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077356.593:567): cwd="/" +type=PATH msg=audit(1481077356.593:567): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077356.593:567): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077412.521:568): arch=c000003e syscall=59 success=no exit=-2 a0=12c6d90 a1=13361a0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1465 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077412.521:568): cwd="/" +type=PATH msg=audit(1481077412.521:568): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077412.521:569): arch=c000003e syscall=59 success=no exit=-2 a0=12c6d90 a1=13361a0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1465 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077412.521:569): cwd="/" +type=PATH msg=audit(1481077412.521:569): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077412.521:570): arch=c000003e syscall=59 success=yes exit=0 a0=12c6d90 a1=13361a0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1465 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077412.521:570): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077412.521:570): cwd="/" +type=PATH msg=audit(1481077412.521:570): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077412.521:570): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077445.611:571): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b330 a1=1e7e880 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1466 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077445.611:571): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077445.611:571): cwd="/" +type=PATH msg=audit(1481077445.611:571): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077445.611:571): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077445.615:572): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b330 a1=1e7e880 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1467 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077445.615:572): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077445.615:572): cwd="/" +type=PATH msg=audit(1481077445.615:572): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077445.615:572): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077445.619:573): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1e9b330 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1468 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077445.619:573): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077445.619:573): cwd="/" +type=PATH msg=audit(1481077445.619:573): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077445.619:573): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077445.622:574): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b330 a1=1e7e880 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1469 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077445.622:574): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077445.622:574): cwd="/" +type=PATH msg=audit(1481077445.622:574): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077445.622:574): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077472.536:575): arch=c000003e syscall=59 success=no exit=-2 a0=1054ab0 a1=13bb240 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1470 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077472.536:575): cwd="/" +type=PATH msg=audit(1481077472.536:575): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077472.536:576): arch=c000003e syscall=59 success=no exit=-2 a0=1054ab0 a1=13bb240 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1470 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077472.536:576): cwd="/" +type=PATH msg=audit(1481077472.536:576): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077472.536:577): arch=c000003e syscall=59 success=yes exit=0 a0=1054ab0 a1=13bb240 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1470 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077472.536:577): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077472.536:577): cwd="/" +type=PATH msg=audit(1481077472.536:577): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077472.536:577): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077532.552:578): arch=c000003e syscall=59 success=no exit=-2 a0=1184a10 a1=13934c0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1471 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077532.552:578): cwd="/" +type=PATH msg=audit(1481077532.552:578): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077532.552:579): arch=c000003e syscall=59 success=no exit=-2 a0=1184a10 a1=13934c0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1471 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077532.552:579): cwd="/" +type=PATH msg=audit(1481077532.552:579): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077532.552:580): arch=c000003e syscall=59 success=yes exit=0 a0=1184a10 a1=13934c0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1471 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077532.552:580): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077532.552:580): cwd="/" +type=PATH msg=audit(1481077532.552:580): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077532.552:580): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077534.641:581): arch=c000003e syscall=59 success=yes exit=0 a0=1e9ed80 a1=1e9b330 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1472 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077534.641:581): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077534.641:581): cwd="/" +type=PATH msg=audit(1481077534.641:581): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077534.641:581): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077534.645:582): arch=c000003e syscall=59 success=yes exit=0 a0=1e9ed80 a1=1e9b330 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1473 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077534.645:582): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077534.645:582): cwd="/" +type=PATH msg=audit(1481077534.645:582): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077534.645:582): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077534.648:583): arch=c000003e syscall=59 success=yes exit=0 a0=1e9a3c0 a1=1cfad80 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1474 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077534.648:583): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077534.648:583): cwd="/" +type=PATH msg=audit(1481077534.648:583): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077534.648:583): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077534.652:584): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1e9ed80 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1475 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077534.652:584): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077534.652:584): cwd="/" +type=PATH msg=audit(1481077534.652:584): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077534.652:584): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077592.568:585): arch=c000003e syscall=59 success=no exit=-2 a0=1330170 a1=1259340 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1476 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077592.568:585): cwd="/" +type=PATH msg=audit(1481077592.568:585): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077592.568:586): arch=c000003e syscall=59 success=no exit=-2 a0=1330170 a1=1259340 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1476 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077592.568:586): cwd="/" +type=PATH msg=audit(1481077592.568:586): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077592.568:587): arch=c000003e syscall=59 success=yes exit=0 a0=1330170 a1=1259340 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1476 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077592.568:587): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077592.568:587): cwd="/" +type=PATH msg=audit(1481077592.568:587): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077592.568:587): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077623.670:588): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b330 a1=1e9a3c0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1477 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077623.670:588): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077623.670:588): cwd="/" +type=PATH msg=audit(1481077623.670:588): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077623.670:588): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077623.674:589): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b330 a1=1e9a3c0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1478 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077623.674:589): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077623.674:589): cwd="/" +type=PATH msg=audit(1481077623.674:589): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077623.674:589): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077623.678:590): arch=c000003e syscall=59 success=yes exit=0 a0=1ea1660 a1=1e9b1f0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1479 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077623.678:590): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077623.678:590): cwd="/" +type=PATH msg=audit(1481077623.678:590): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077623.678:590): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077623.681:591): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b1f0 a1=1d54cd0 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1480 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077623.681:591): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077623.681:591): cwd="/" +type=PATH msg=audit(1481077623.681:591): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077623.681:591): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481077652.584:592): arch=c000003e syscall=59 success=no exit=-2 a0=12c6d90 a1=12c9cb0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077652.584:592): cwd="/" +type=PATH msg=audit(1481077652.584:592): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077652.585:593): arch=c000003e syscall=59 success=no exit=-2 a0=12c6d90 a1=12c9cb0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077652.585:593): cwd="/" +type=PATH msg=audit(1481077652.585:593): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077652.585:594): arch=c000003e syscall=59 success=yes exit=0 a0=12c6d90 a1=12c9cb0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077652.585:594): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077652.585:594): cwd="/" +type=PATH msg=audit(1481077652.585:594): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077652.585:594): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=USER_END msg=audit(1481077706.089:595): pid=1427 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRED_DISP msg=audit(1481077706.089:596): pid=1427 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481077708.279:597): arch=c000003e syscall=59 success=yes exit=0 a0=a35a40 a1=a35ad0 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1482 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="vim" exe="/usr/bin/vim" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481077708.279:597): argc=2 a0="vim" a1="audit.yaml" +type=CWD msg=audit(1481077708.279:597): cwd="/home/some_user" +type=PATH msg=audit(1481077708.279:597): item=0 name="/usr/bin/vim" inode=196663 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077708.279:597): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077712.602:598): arch=c000003e syscall=59 success=no exit=-2 a0=13a3350 a1=133b250 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1483 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077712.602:598): cwd="/" +type=PATH msg=audit(1481077712.602:598): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077712.602:599): arch=c000003e syscall=59 success=no exit=-2 a0=13a3350 a1=133b250 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1483 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077712.602:599): cwd="/" +type=PATH msg=audit(1481077712.602:599): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077712.602:600): arch=c000003e syscall=59 success=yes exit=0 a0=13a3350 a1=133b250 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1483 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077712.602:600): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077712.602:600): cwd="/" +type=PATH msg=audit(1481077712.602:600): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077712.602:600): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077712.699:601): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b1f0 a1=1ea39a0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1484 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077712.699:601): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077712.699:601): cwd="/" +type=PATH msg=audit(1481077712.699:601): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077712.699:601): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077712.703:602): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b1f0 a1=1ea39a0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1485 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077712.703:602): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077712.703:602): cwd="/" +type=PATH msg=audit(1481077712.703:602): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077712.703:602): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077712.707:603): arch=c000003e syscall=59 success=yes exit=0 a0=1ce5cc0 a1=1e9b330 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1486 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077712.707:603): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077712.707:603): cwd="/" +type=PATH msg=audit(1481077712.707:603): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077712.707:603): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077712.710:604): arch=c000003e syscall=59 success=yes exit=0 a0=1e9b330 a1=1ce24c0 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1487 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077712.710:604): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077712.710:604): cwd="/" +type=PATH msg=audit(1481077712.710:604): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077712.710:604): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077772.619:605): arch=c000003e syscall=59 success=no exit=-2 a0=12c6d90 a1=11849b0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1488 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077772.619:605): cwd="/" +type=PATH msg=audit(1481077772.619:605): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077772.619:606): arch=c000003e syscall=59 success=no exit=-2 a0=12c6d90 a1=11849b0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1488 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077772.619:606): cwd="/" +type=PATH msg=audit(1481077772.619:606): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077772.619:607): arch=c000003e syscall=59 success=yes exit=0 a0=12c6d90 a1=11849b0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1488 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077772.619:607): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077772.619:607): cwd="/" +type=PATH msg=audit(1481077772.619:607): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077772.619:607): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077801.729:608): arch=c000003e syscall=59 success=yes exit=0 a0=1e22b30 a1=1d074b0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1489 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077801.729:608): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077801.729:608): cwd="/" +type=PATH msg=audit(1481077801.729:608): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077801.729:608): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077801.733:609): arch=c000003e syscall=59 success=yes exit=0 a0=1e22b30 a1=1d074b0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1490 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077801.733:609): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077801.733:609): cwd="/" +type=PATH msg=audit(1481077801.733:609): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077801.733:609): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077801.737:610): arch=c000003e syscall=59 success=yes exit=0 a0=1d65350 a1=1d50010 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1491 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077801.737:610): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077801.737:610): cwd="/" +type=PATH msg=audit(1481077801.737:610): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077801.737:610): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077801.740:611): arch=c000003e syscall=59 success=yes exit=0 a0=1d50010 a1=1d53010 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1492 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077801.740:611): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077801.740:611): cwd="/" +type=PATH msg=audit(1481077801.740:611): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077801.740:611): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077832.635:612): arch=c000003e syscall=59 success=no exit=-2 a0=10dae20 a1=1338d40 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077832.635:612): cwd="/" +type=PATH msg=audit(1481077832.635:612): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077832.635:613): arch=c000003e syscall=59 success=no exit=-2 a0=10dae20 a1=1338d40 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077832.635:613): cwd="/" +type=PATH msg=audit(1481077832.635:613): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077832.635:614): arch=c000003e syscall=59 success=yes exit=0 a0=10dae20 a1=1338d40 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077832.635:614): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077832.635:614): cwd="/" +type=PATH msg=audit(1481077832.635:614): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077832.635:614): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077889.545:615): arch=c000003e syscall=59 success=yes exit=0 a0=7f9dcde12c60 a1=7f9dcddc50e0 a2=7f9dcddc21c0 a3=2 items=2 ppid=1 pid=1494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-tmpfile" exe="/usr/bin/systemd-tmpfiles" subj=system_u:system_r:systemd_tmpfiles_t:s0 key=(null) +type=EXECVE msg=audit(1481077889.545:615): argc=2 a0="/usr/bin/systemd-tmpfiles" a1="--clean" +type=CWD msg=audit(1481077889.545:615): cwd="/" +type=PATH msg=audit(1481077889.545:615): item=0 name="/usr/bin/systemd-tmpfiles" inode=11160 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_tmpfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077889.545:615): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SERVICE_START msg=audit(1481077889.581:616): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-clean comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SERVICE_STOP msg=audit(1481077889.581:617): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-clean comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' +type=SYSCALL msg=audit(1481077890.759:618): arch=c000003e syscall=59 success=yes exit=0 a0=1d074b0 a1=1cfad80 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1496 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077890.759:618): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077890.759:618): cwd="/" +type=PATH msg=audit(1481077890.759:618): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077890.759:618): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077890.765:619): arch=c000003e syscall=59 success=yes exit=0 a0=1d074b0 a1=1cfad80 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1497 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077890.765:619): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077890.765:619): cwd="/" +type=PATH msg=audit(1481077890.765:619): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077890.765:619): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077890.769:620): arch=c000003e syscall=59 success=yes exit=0 a0=1d65350 a1=1e79ef0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1498 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077890.769:620): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077890.769:620): cwd="/" +type=PATH msg=audit(1481077890.769:620): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077890.769:620): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077890.772:621): arch=c000003e syscall=59 success=yes exit=0 a0=1e79ef0 a1=1d50010 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1499 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077890.772:621): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077890.772:621): cwd="/" +type=PATH msg=audit(1481077890.772:621): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077890.772:621): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077892.652:622): arch=c000003e syscall=59 success=no exit=-2 a0=11eb1c0 a1=13bd560 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1500 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077892.652:622): cwd="/" +type=PATH msg=audit(1481077892.652:622): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077892.652:623): arch=c000003e syscall=59 success=no exit=-2 a0=11eb1c0 a1=13bd560 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1500 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077892.652:623): cwd="/" +type=PATH msg=audit(1481077892.652:623): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077892.652:624): arch=c000003e syscall=59 success=yes exit=0 a0=11eb1c0 a1=13bd560 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1500 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077892.652:624): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077892.652:624): cwd="/" +type=PATH msg=audit(1481077892.652:624): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077892.652:624): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077952.668:625): arch=c000003e syscall=59 success=no exit=-2 a0=10dae20 a1=125b320 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1501 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077952.668:625): cwd="/" +type=PATH msg=audit(1481077952.668:625): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077952.668:626): arch=c000003e syscall=59 success=no exit=-2 a0=10dae20 a1=125b320 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1501 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481077952.668:626): cwd="/" +type=PATH msg=audit(1481077952.668:626): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481077952.668:627): arch=c000003e syscall=59 success=yes exit=0 a0=10dae20 a1=125b320 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1501 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077952.668:627): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481077952.668:627): cwd="/" +type=PATH msg=audit(1481077952.668:627): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077952.668:627): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077979.791:628): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1ea39a0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1502 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077979.791:628): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481077979.791:628): cwd="/" +type=PATH msg=audit(1481077979.791:628): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077979.791:628): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077979.795:629): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1ea39a0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1503 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077979.795:629): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481077979.795:629): cwd="/" +type=PATH msg=audit(1481077979.795:629): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077979.795:629): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077979.799:630): arch=c000003e syscall=59 success=yes exit=0 a0=1d65350 a1=1e79ef0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1504 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077979.799:630): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481077979.799:630): cwd="/" +type=PATH msg=audit(1481077979.799:630): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077979.799:630): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481077979.802:631): arch=c000003e syscall=59 success=yes exit=0 a0=1e79ef0 a1=1ea7f60 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1505 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481077979.802:631): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481077979.802:631): cwd="/" +type=PATH msg=audit(1481077979.802:631): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481077979.802:631): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078012.684:632): arch=c000003e syscall=59 success=no exit=-2 a0=12c6d90 a1=134dc40 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1506 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078012.684:632): cwd="/" +type=PATH msg=audit(1481078012.684:632): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078012.684:633): arch=c000003e syscall=59 success=no exit=-2 a0=12c6d90 a1=134dc40 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1506 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078012.684:633): cwd="/" +type=PATH msg=audit(1481078012.684:633): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078012.684:634): arch=c000003e syscall=59 success=yes exit=0 a0=12c6d90 a1=134dc40 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1506 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078012.684:634): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078012.684:634): cwd="/" +type=PATH msg=audit(1481078012.684:634): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078012.684:634): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078068.821:635): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1e938e0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1507 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078068.821:635): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481078068.821:635): cwd="/" +type=PATH msg=audit(1481078068.821:635): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078068.821:635): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078068.825:636): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1e938e0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1508 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078068.825:636): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481078068.825:636): cwd="/" +type=PATH msg=audit(1481078068.825:636): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078068.825:636): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078068.829:637): arch=c000003e syscall=59 success=yes exit=0 a0=1ea39a0 a1=1ce5cc0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1509 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078068.829:637): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481078068.829:637): cwd="/" +type=PATH msg=audit(1481078068.829:637): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078068.829:637): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078068.832:638): arch=c000003e syscall=59 success=yes exit=0 a0=1ce5cc0 a1=1d65350 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1510 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078068.832:638): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481078068.832:638): cwd="/" +type=PATH msg=audit(1481078068.832:638): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078068.832:638): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078072.700:639): arch=c000003e syscall=59 success=no exit=-2 a0=13a3350 a1=13bd560 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1511 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078072.700:639): cwd="/" +type=PATH msg=audit(1481078072.700:639): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078072.700:640): arch=c000003e syscall=59 success=no exit=-2 a0=13a3350 a1=13bd560 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1511 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078072.700:640): cwd="/" +type=PATH msg=audit(1481078072.700:640): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078072.700:641): arch=c000003e syscall=59 success=yes exit=0 a0=13a3350 a1=13bd560 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1511 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078072.700:641): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078072.700:641): cwd="/" +type=PATH msg=audit(1481078072.700:641): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078072.700:641): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078132.715:642): arch=c000003e syscall=59 success=no exit=-2 a0=134a2c0 a1=125b320 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078132.715:642): cwd="/" +type=PATH msg=audit(1481078132.715:642): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078132.715:643): arch=c000003e syscall=59 success=no exit=-2 a0=134a2c0 a1=125b320 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078132.715:643): cwd="/" +type=PATH msg=audit(1481078132.715:643): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078132.715:644): arch=c000003e syscall=59 success=yes exit=0 a0=134a2c0 a1=125b320 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078132.715:644): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078132.715:644): cwd="/" +type=PATH msg=audit(1481078132.715:644): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078132.715:644): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078157.850:645): arch=c000003e syscall=59 success=yes exit=0 a0=1e22b30 a1=1d074b0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1513 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078157.850:645): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481078157.850:645): cwd="/" +type=PATH msg=audit(1481078157.850:645): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078157.850:645): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078157.854:646): arch=c000003e syscall=59 success=yes exit=0 a0=1e22b30 a1=1d074b0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078157.854:646): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481078157.854:646): cwd="/" +type=PATH msg=audit(1481078157.854:646): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078157.854:646): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078157.858:647): arch=c000003e syscall=59 success=yes exit=0 a0=1e9a580 a1=1cfad80 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1515 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078157.858:647): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481078157.858:647): cwd="/" +type=PATH msg=audit(1481078157.858:647): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078157.858:647): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078157.862:648): arch=c000003e syscall=59 success=yes exit=0 a0=1cfad80 a1=1e938e0 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078157.862:648): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481078157.862:648): cwd="/" +type=PATH msg=audit(1481078157.862:648): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078157.862:648): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078192.730:649): arch=c000003e syscall=59 success=no exit=-2 a0=134a930 a1=13c8730 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1517 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078192.730:649): cwd="/" +type=PATH msg=audit(1481078192.730:649): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078192.730:650): arch=c000003e syscall=59 success=no exit=-2 a0=134a930 a1=13c8730 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1517 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078192.730:650): cwd="/" +type=PATH msg=audit(1481078192.730:650): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078192.730:651): arch=c000003e syscall=59 success=yes exit=0 a0=134a930 a1=13c8730 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1517 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078192.730:651): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078192.730:651): cwd="/" +type=PATH msg=audit(1481078192.730:651): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078192.730:651): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078246.880:652): arch=c000003e syscall=59 success=yes exit=0 a0=1ea39a0 a1=1e95970 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1518 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078246.880:652): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481078246.880:652): cwd="/" +type=PATH msg=audit(1481078246.880:652): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078246.880:652): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078246.884:653): arch=c000003e syscall=59 success=yes exit=0 a0=1ea39a0 a1=1e95970 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1519 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078246.884:653): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481078246.884:653): cwd="/" +type=PATH msg=audit(1481078246.884:653): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078246.884:653): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078246.888:654): arch=c000003e syscall=59 success=yes exit=0 a0=1e79ef0 a1=1e22b30 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1520 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078246.888:654): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481078246.888:654): cwd="/" +type=PATH msg=audit(1481078246.888:654): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078246.888:654): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078246.891:655): arch=c000003e syscall=59 success=yes exit=0 a0=1e22b30 a1=1d074b0 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1521 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078246.891:655): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481078246.891:655): cwd="/" +type=PATH msg=audit(1481078246.891:655): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078246.891:655): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078252.745:656): arch=c000003e syscall=59 success=no exit=-2 a0=126cbc0 a1=13c8730 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1522 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078252.745:656): cwd="/" +type=PATH msg=audit(1481078252.745:656): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078252.745:657): arch=c000003e syscall=59 success=no exit=-2 a0=126cbc0 a1=13c8730 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1522 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078252.745:657): cwd="/" +type=PATH msg=audit(1481078252.745:657): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078252.745:658): arch=c000003e syscall=59 success=yes exit=0 a0=126cbc0 a1=13c8730 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1522 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078252.745:658): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078252.745:658): cwd="/" +type=PATH msg=audit(1481078252.745:658): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078252.745:658): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078312.761:659): arch=c000003e syscall=59 success=no exit=-2 a0=134dca0 a1=12cddf0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1523 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078312.761:659): cwd="/" +type=PATH msg=audit(1481078312.761:659): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078312.761:660): arch=c000003e syscall=59 success=no exit=-2 a0=134dca0 a1=12cddf0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1523 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078312.761:660): cwd="/" +type=PATH msg=audit(1481078312.761:660): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078312.761:661): arch=c000003e syscall=59 success=yes exit=0 a0=134dca0 a1=12cddf0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1523 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078312.761:661): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078312.761:661): cwd="/" +type=PATH msg=audit(1481078312.761:661): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078312.761:661): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078335.910:662): arch=c000003e syscall=59 success=yes exit=0 a0=1ce5cc0 a1=1e96d00 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1524 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078335.910:662): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481078335.910:662): cwd="/" +type=PATH msg=audit(1481078335.910:662): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078335.910:662): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078335.914:663): arch=c000003e syscall=59 success=yes exit=0 a0=1ce5cc0 a1=1e96d00 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1525 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078335.914:663): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481078335.914:663): cwd="/" +type=PATH msg=audit(1481078335.914:663): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078335.914:663): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078335.917:664): arch=c000003e syscall=59 success=yes exit=0 a0=1ea39a0 a1=1e95970 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1526 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078335.917:664): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481078335.917:664): cwd="/" +type=PATH msg=audit(1481078335.917:664): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078335.917:664): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078335.921:665): arch=c000003e syscall=59 success=yes exit=0 a0=1e95970 a1=1cfad80 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1527 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078335.921:665): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481078335.921:665): cwd="/" +type=PATH msg=audit(1481078335.921:665): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078335.921:665): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078372.776:666): arch=c000003e syscall=59 success=no exit=-2 a0=1394bf0 a1=13977b0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078372.776:666): cwd="/" +type=PATH msg=audit(1481078372.776:666): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078372.776:667): arch=c000003e syscall=59 success=no exit=-2 a0=1394bf0 a1=13977b0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078372.776:667): cwd="/" +type=PATH msg=audit(1481078372.776:667): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078372.776:668): arch=c000003e syscall=59 success=yes exit=0 a0=1394bf0 a1=13977b0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078372.776:668): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078372.776:668): cwd="/" +type=PATH msg=audit(1481078372.776:668): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078372.776:668): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078413.210:669): arch=c000003e syscall=59 success=yes exit=0 a0=a2ee20 a1=a340b0 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1529 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481078413.210:669): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481078413.210:669): argc=4 a0="sudo" a1="./go-audit" a2="-config" a3="audit.yaml" +type=CWD msg=audit(1481078413.210:669): cwd="/home/some_user" +type=PATH msg=audit(1481078413.210:669): item=0 name="/usr/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078413.210:669): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481078413.216:670): pid=1529 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=2E2F676F2D6175646974202D636F6E6669672061756469742E79616D6C terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481078413.216:671): pid=1529 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481078413.217:672): pid=1529 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078413.219:673): arch=c000003e syscall=59 success=yes exit=0 a0=7f80c28925d8 a1=7f80c2897d38 a2=7f80c289bad0 a3=6 items=1 ppid=1529 pid=1530 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="go-audit" exe="/home/some_user/go-audit" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078413.219:673): argc=3 a0="./go-audit" a1="-config" a2="audit.yaml" +type=CWD msg=audit(1481078413.219:673): cwd="/home/some_user" +type=PATH msg=audit(1481078413.219:673): item=0 name="./go-audit" inode=33600792 dev=08:01 mode=0100755 ouid=1000 ogid=1001 rdev=00:00 obj=unconfined_u:object_r:user_home_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078413.223:674): arch=c000003e syscall=59 success=yes exit=0 a0=c42011e5c0 a1=c4200a7ae0 a2=c420064240 a3=0 items=2 ppid=1530 pid=1533 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078413.223:674): argc=2 a0="auditctl" a1="-D" +type=CWD msg=audit(1481078413.223:674): cwd="/home/some_user" +type=PATH msg=audit(1481078413.223:674): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078413.223:674): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481078413.223:675): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="remove_rule" key=(null) list=4 res=1 +type=CONFIG_CHANGE msg=audit(1481078413.223:676): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="remove_rule" key=(null) list=4 res=1 +type=CONFIG_CHANGE msg=audit(1481078413.224:677): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="add_rule" key=(null) list=4 res=1 +type=SYSCALL msg=audit(1481078413.224:678): arch=c000003e syscall=59 success=yes exit=0 a0=c42011e8d0 a1=c42003cb80 a2=c420064480 a3=0 items=2 ppid=1530 pid=1538 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078413.224:678): argc=7 a0="auditctl" a1="-a" a2="exit,always" a3="-F" a4="arch=b32" a5="-S" a6="execve" +type=CWD msg=audit(1481078413.224:678): cwd="/home/some_user" +type=PATH msg=audit(1481078413.224:678): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078413.224:678): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481078413.225:679): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="add_rule" key=(null) list=4 res=1 +type=SYSCALL msg=audit(1481078413.225:680): arch=c000003e syscall=59 success=yes exit=0 a0=c42011ea50 a1=c420120930 a2=c4200645a0 a3=0 items=2 ppid=1530 pid=1540 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078413.225:680): argc=5 a0="auditctl" a1="-a" a2="exit,always" a3="-S" a4="connect" +type=CWD msg=audit(1481078413.225:680): cwd="/home/some_user" +type=PATH msg=audit(1481078413.225:680): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078413.225:680): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481078413.226:681): auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 op="add_rule" key=(null) list=4 res=1 +type=SYSCALL msg=audit(1481078413.226:682): arch=c000003e syscall=59 success=yes exit=0 a0=c42011ebc0 a1=c4201261e0 a2=c4200646c0 a3=0 items=2 ppid=1530 pid=1542 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="auditctl" exe="/usr/sbin/auditctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078413.226:682): argc=3 a0="auditctl" a1="-e" a2="1" +type=CWD msg=audit(1481078413.226:682): cwd="/home/some_user" +type=PATH msg=audit(1481078413.226:682): item=0 name="/sbin/auditctl" inode=17367907 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:auditctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078413.226:682): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=CONFIG_CHANGE msg=audit(1481078413.227:683): audit_enabled=1 old=1 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=1 +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481078424.939:684): arch=c000003e syscall=59 success=yes exit=0 a0=1e98040 a1=1e215c0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1546 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078424.939:684): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481078424.939:684): cwd="/" +type=PATH msg=audit(1481078424.939:684): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078424.939:684): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078424.943:685): arch=c000003e syscall=59 success=yes exit=0 a0=1e98040 a1=1e215c0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078424.943:685): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481078424.943:685): cwd="/" +type=PATH msg=audit(1481078424.943:685): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078424.943:685): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078424.947:686): arch=c000003e syscall=59 success=yes exit=0 a0=1ce5cc0 a1=1e96d00 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1548 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078424.947:686): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481078424.947:686): cwd="/" +type=PATH msg=audit(1481078424.947:686): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078424.947:686): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078424.950:687): arch=c000003e syscall=59 success=yes exit=0 a0=1e96d00 a1=1e9a580 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1549 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078424.950:687): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481078424.950:687): cwd="/" +type=PATH msg=audit(1481078424.950:687): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078424.950:687): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078424.953:688): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffeb9b2b770 a2=10 a3=fe items=0 ppid=1 pid=1222 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_accounts" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078424.953:688): saddr=02000050A9FEA9FE0000000000000000 +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481078430.028:689): arch=c000003e syscall=59 success=yes exit=0 a0=1718db0 a1=1714870 a2=172ced0 a3=7ffcb1170ad0 items=2 ppid=1446 pid=1550 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078430.028:689): argc=2 a0="curl" a1="elastic.co" +type=CWD msg=audit(1481078430.028:689): cwd="/home/some_user" +type=PATH msg=audit(1481078430.028:689): item=0 name="/bin/curl" inode=3961 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078430.028:689): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078430.068:690): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7efe1aab7610 a2=6e a3=7efe1aab7b20 items=1 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.068:690): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078430.068:690): cwd="/home/some_user" +type=PATH msg=audit(1481078430.068:690): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078430.068:691): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7efe1aab77a0 a2=6e a3=7efe1aab7b20 items=1 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.068:691): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078430.068:691): cwd="/home/some_user" +type=PATH msg=audit(1481078430.068:691): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078430.068:692): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe14000ac0 a2=10 a3=7efe1aab5ae0 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.068:692): saddr=02000035A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078430.127:693): arch=c000003e syscall=42 success=no exit=-101 a0=3 a1=7efe14001ec0 a2=1c a3=7efe1aab680c items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:693): saddr=0A000050000000002406DA00FF00000000000000171569CC00000000 +type=SYSCALL msg=audit(1481078430.127:694): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:694): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:695): arch=c000003e syscall=42 success=no exit=-101 a0=3 a1=7efe14001f20 a2=1c a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:695): saddr=0A000050000000002406DA00FF00000000000000B849AB0E00000000 +type=SYSCALL msg=audit(1481078430.127:696): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:696): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:697): arch=c000003e syscall=42 success=no exit=-101 a0=3 a1=7efe14001f80 a2=1c a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:697): saddr=0A000050000000002406DA00FF000000000000006B16F08600000000 +type=SYSCALL msg=audit(1481078430.127:698): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:698): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:699): arch=c000003e syscall=42 success=no exit=-101 a0=3 a1=7efe14001fe0 a2=1c a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:699): saddr=0A000050000000002406DA00FF00000000000000CCECD96C00000000 +type=SYSCALL msg=audit(1481078430.127:700): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:700): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:701): arch=c000003e syscall=42 success=no exit=-101 a0=3 a1=7efe14002040 a2=1c a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:701): saddr=0A000050000000002406DA00FF00000000000000171569C100000000 +type=SYSCALL msg=audit(1481078430.127:702): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:702): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:703): arch=c000003e syscall=42 success=no exit=-101 a0=3 a1=7efe140020a0 a2=1c a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:703): saddr=0A000050000000002406DA00FF00000000000000B848DAB200000000 +type=SYSCALL msg=audit(1481078430.127:704): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:704): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:705): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe14002100 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:705): saddr=020000503418E8030000000000000000 +type=SYSCALL msg=audit(1481078430.127:706): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:706): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:707): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe14002150 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:707): saddr=0200005023A0FE0E0000000000000000 +type=SYSCALL msg=audit(1481078430.127:708): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:708): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:709): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe140021a0 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:709): saddr=02000050342844160000000000000000 +type=SYSCALL msg=audit(1481078430.127:710): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe1aab7c80 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:710): saddr=00000000000000000000000000000000 +type=SYSCALL msg=audit(1481078430.127:711): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7efe140021f0 a2=10 a3=10 items=0 ppid=1446 pid=1551 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.127:711): saddr=020000503646B34B0000000000000000 +type=SYSCALL msg=audit(1481078430.128:712): arch=c000003e syscall=42 success=no exit=-115 a0=3 a1=7ffc2ebe3e70 a2=10 a3=7ffc2ebe3a90 items=0 ppid=1446 pid=1550 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4 comm="curl" exe="/usr/bin/curl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078430.128:712): saddr=020000503418E8030000000000000000 +type=SYSCALL msg=audit(1481078432.792:713): arch=c000003e syscall=59 success=no exit=-2 a0=12593a0 a1=13ca3c0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1552 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078432.792:713): cwd="/" +type=PATH msg=audit(1481078432.792:713): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078432.792:714): arch=c000003e syscall=59 success=no exit=-2 a0=12593a0 a1=13ca3c0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1552 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078432.792:714): cwd="/" +type=PATH msg=audit(1481078432.792:714): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078432.792:715): arch=c000003e syscall=59 success=yes exit=0 a0=12593a0 a1=13ca3c0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1552 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078432.792:715): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078432.792:715): cwd="/" +type=PATH msg=audit(1481078432.792:715): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078432.792:715): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078432.794:716): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffc08f67860 a2=10 a3=fe items=0 ppid=1 pid=1220 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078432.794:716): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078432.896:717): arch=c000003e syscall=42 success=yes exit=0 a0=15 a1=7ffc4d9dc980 a2=6e a3=ea60 items=1 ppid=1 pid=1276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078432.896:717): saddr=01007075626C69632F7069636B75700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078432.896:717): cwd="/var/spool/postfix" +type=PATH msg=audit(1481078432.896:717): item=0 name="public/pickup" inode=34151428 dev=08:01 mode=0140666 ouid=89 ogid=89 rdev=00:00 obj=system_u:object_r:postfix_public_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481078433.320:718): arch=c000003e syscall=42 success=no exit=-115 a0=5 a1=7ffc6ea4e240 a2=10 a3=fe items=0 ppid=1 pid=1224 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_clock_sk" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078433.320:718): saddr=02000050A9FEA9FE0000000000000000 +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481078492.523:719): arch=c000003e syscall=42 success=yes exit=0 a0=4 a1=7ff9fe0b9408 a2=10 a3=0 items=0 ppid=1 pid=1135 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 sgid=38 fsgid=38 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078492.523:719): saddr=0200007BA9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078492.807:720): arch=c000003e syscall=59 success=no exit=-2 a0=134dca0 a1=13cb9a0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1553 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078492.807:720): cwd="/" +type=PATH msg=audit(1481078492.807:720): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078492.807:721): arch=c000003e syscall=59 success=no exit=-2 a0=134dca0 a1=13cb9a0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1553 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078492.807:721): cwd="/" +type=PATH msg=audit(1481078492.807:721): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078492.807:722): arch=c000003e syscall=59 success=yes exit=0 a0=134dca0 a1=13cb9a0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1553 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078492.807:722): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078492.807:722): cwd="/" +type=PATH msg=audit(1481078492.807:722): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078492.807:722): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078492.809:723): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffc08f67860 a2=10 a3=fe items=0 ppid=1 pid=1220 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078492.809:723): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078492.956:724): arch=c000003e syscall=42 success=yes exit=0 a0=15 a1=7ffc4d9dc980 a2=6e a3=ea60 items=1 ppid=1 pid=1276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078492.956:724): saddr=01007075626C69632F716D677200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078492.956:724): cwd="/var/spool/postfix" +type=PATH msg=audit(1481078492.956:724): item=0 name="public/qmgr" inode=34151432 dev=08:01 mode=0140666 ouid=89 ogid=89 rdev=00:00 obj=system_u:object_r:postfix_public_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078492.956:725): arch=c000003e syscall=42 success=yes exit=0 a0=1c a1=7ffc4d9dc980 a2=6e a3=7ffc4d9dc9f0 items=1 ppid=1 pid=1276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078492.956:725): saddr=01007075626C69632F7069636B75700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078492.956:725): cwd="/var/spool/postfix" +type=PATH msg=audit(1481078492.956:725): item=0 name="public/pickup" inode=34151428 dev=08:01 mode=0140666 ouid=89 ogid=89 rdev=00:00 obj=system_u:object_r:postfix_public_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481078493.333:726): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffc6ea4e240 a2=10 a3=fe items=0 ppid=1 pid=1224 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_clock_sk" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078493.333:726): saddr=02000050A9FEA9FE0000000000000000 +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481078513.968:727): arch=c000003e syscall=59 success=yes exit=0 a0=1e79ef0 a1=1e98040 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1554 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078513.968:727): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481078513.968:727): cwd="/" +type=PATH msg=audit(1481078513.968:727): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078513.968:727): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078513.972:728): arch=c000003e syscall=59 success=yes exit=0 a0=1e79ef0 a1=1e98040 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1555 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078513.972:728): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481078513.972:728): cwd="/" +type=PATH msg=audit(1481078513.972:728): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078513.972:728): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078513.976:729): arch=c000003e syscall=59 success=yes exit=0 a0=1e215c0 a1=1e9ffb0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078513.976:729): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481078513.976:729): cwd="/" +type=PATH msg=audit(1481078513.976:729): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078513.976:729): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078513.980:730): arch=c000003e syscall=59 success=yes exit=0 a0=1e9ffb0 a1=1e96d00 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1557 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078513.980:730): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481078513.980:730): cwd="/" +type=PATH msg=audit(1481078513.980:730): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078513.980:730): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078513.983:731): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffeb9b2b770 a2=10 a3=fe items=0 ppid=1 pid=1222 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_accounts" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078513.983:731): saddr=02000050A9FEA9FE0000000000000000 +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481078552.823:732): arch=c000003e syscall=59 success=no exit=-2 a0=13c5290 a1=12d12f0 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078552.823:732): cwd="/" +type=PATH msg=audit(1481078552.823:732): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078552.823:733): arch=c000003e syscall=59 success=no exit=-2 a0=13c5290 a1=12d12f0 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078552.823:733): cwd="/" +type=PATH msg=audit(1481078552.823:733): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078552.823:734): arch=c000003e syscall=59 success=yes exit=0 a0=13c5290 a1=12d12f0 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078552.823:734): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078552.823:734): cwd="/" +type=PATH msg=audit(1481078552.823:734): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078552.823:734): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078552.825:735): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffc08f67860 a2=10 a3=fe items=0 ppid=1 pid=1220 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078552.825:735): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078552.966:736): arch=c000003e syscall=42 success=yes exit=0 a0=15 a1=7ffc4d9dc980 a2=6e a3=ea60 items=1 ppid=1 pid=1276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078552.966:736): saddr=01007075626C69632F7069636B75700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078552.966:736): cwd="/var/spool/postfix" +type=PATH msg=audit(1481078552.966:736): item=0 name="public/pickup" inode=34151428 dev=08:01 mode=0140666 ouid=89 ogid=89 rdev=00:00 obj=system_u:object_r:postfix_public_t:s0 objtype=NORMAL +type=UNKNOWN[1329] msg=� +type=SYSCALL msg=audit(1481078553.346:737): arch=c000003e syscall=42 success=no exit=-115 a0=5 a1=7ffc6ea4e240 a2=10 a3=fe items=0 ppid=1 pid=1224 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_clock_sk" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078553.346:737): saddr=02000050A9FEA9FE0000000000000000 +type=UNKNOWN[1329] msg=� +type=USER_END msg=audit(1481078562.609:738): pid=1529 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRED_DISP msg=audit(1481078562.609:739): pid=1529 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078565.928:740): arch=c000003e syscall=59 success=yes exit=0 a0=a33280 a1=a30250 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1559 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481078565.928:740): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481078565.928:740): argc=4 a0="sudo" a1="systemctl" a2="stop" a3="auditd.service" +type=CWD msg=audit(1481078565.928:740): cwd="/home/some_user" +type=PATH msg=audit(1481078565.928:740): item=0 name="/usr/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078565.928:740): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078565.929:741): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffcda014d50 a2=6e a3=40 items=1 ppid=1343 pid=1559 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078565.929:741): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078565.929:741): cwd="/home/some_user" +type=PATH msg=audit(1481078565.929:741): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078565.929:742): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffcda014ee0 a2=6e a3=40 items=1 ppid=1343 pid=1559 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078565.929:742): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078565.929:742): cwd="/home/some_user" +type=PATH msg=audit(1481078565.929:742): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078565.931:743): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffcda015870 a2=6e a3=22 items=1 ppid=1343 pid=1559 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078565.931:743): saddr=01002F7661722F72756E2F6E7363642F736F636B657400001000000000000000605A01DAFC7F0000205C01DAFC7F0000E09F240A8D7F00002F00000000000000D05E01DAFC7F00001000000000000000805C01DAFC7F0000F05801DAFC7F00000003000000000000E09F240A8D7F +type=CWD msg=audit(1481078565.931:743): cwd="/home/some_user" +type=PATH msg=audit(1481078565.931:743): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078565.931:744): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffcda015a00 a2=6e a3=22 items=1 ppid=1343 pid=1559 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078565.931:744): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000EDA7240A8D7F0000FEA7240A8D7F000007A8240A8D7F000018A8240A8D7F000022A8240A8D7F000033A8240A8D7F00003DA8240A8D7F00004EA8240A8D7F000056A8240A8D7F00001800000030000000106101DAFC7F +type=CWD msg=audit(1481078565.931:744): cwd="/home/some_user" +type=PATH msg=audit(1481078565.931:744): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078565.932:745): arch=c000003e syscall=42 success=yes exit=0 a0=6 a1=7f8d08cf7740 a2=6e a3=68 items=1 ppid=1343 pid=1559 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078565.932:745): saddr=01002F6465762F6C6F6700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078565.932:745): cwd="/home/some_user" +type=PATH msg=audit(1481078565.932:745): item=0 name="/dev/log" inode=6529 dev=00:05 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:devlog_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481078565.932:746): pid=1559 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=73797374656D63746C2073746F70206175646974642E73657276696365 terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481078565.932:747): pid=1559 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481078565.933:748): pid=1559 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078565.934:749): arch=c000003e syscall=59 success=yes exit=0 a0=7f8d0a2505d8 a1=7f8d0a255d38 a2=7f8d0a259ad0 a3=6 items=2 ppid=1559 pid=1560 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078565.934:749): argc=3 a0="systemctl" a1="stop" a2="auditd.service" +type=CWD msg=audit(1481078565.934:749): cwd="/home/some_user" +type=PATH msg=audit(1481078565.934:749): item=0 name="/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078565.934:749): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078565.937:750): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7f0fe5855118 a2=16 a3=7fffb6ad3580 items=1 ppid=1559 pid=1560 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078565.937:750): saddr=01002F72756E2F73797374656D642F70726976617465 +type=CWD msg=audit(1481078565.937:750): cwd="/home/some_user" +type=PATH msg=audit(1481078565.937:750): item=0 name="/run/systemd/private" inode=10228 dev=00:13 mode=0140777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:init_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078565.940:751): arch=c000003e syscall=59 success=yes exit=0 a0=7f0fe447cbd8 a1=7fffb6ad34e0 a2=7fffb6ad3b68 a3=7fffb6ad36b0 items=2 ppid=1560 pid=1561 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemd-tty-ask" exe="/usr/bin/systemd-tty-ask-password-agent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078565.940:751): argc=2 a0="/usr/bin/systemd-tty-ask-password-agent" a1="--watch" +type=CWD msg=audit(1481078565.940:751): cwd="/home/some_user" +type=PATH msg=audit(1481078565.940:751): item=0 name="/usr/bin/systemd-tty-ask-password-agent" inode=11161 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_passwd_agent_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078565.940:751): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078565.940:752): arch=c000003e syscall=59 success=yes exit=0 a0=7f0fe4472bee a1=7fffb6ad3460 a2=7fffb6ad3b68 a3=7fffb6ad3640 items=2 ppid=1560 pid=1562 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078565.940:752): argc=4 a0="/usr/bin/pkttyagent" a1="--notify-fd" a2="5" a3="--fallback" +type=CWD msg=audit(1481078565.940:752): cwd="/home/some_user" +type=PATH msg=audit(1481078565.940:752): item=0 name="/usr/bin/pkttyagent" inode=11479 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078565.940:752): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078565.948:753): arch=c000003e syscall=42 success=yes exit=0 a0=4 a1=7ffe4bae1fa0 a2=6e a3=7ffe4bae1d20 items=1 ppid=1560 pid=1562 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078565.948:753): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B65740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078565.948:753): cwd="/home/some_user" +type=PATH msg=audit(1481078565.948:753): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=USER_END msg=audit(1481078565.960:754): pid=1559 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRED_DISP msg=audit(1481078565.960:755): pid=1559 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078569.392:756): arch=c000003e syscall=59 success=yes exit=0 a0=a302b0 a1=a37210 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1565 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481078569.392:756): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481078569.392:756): argc=5 a0="sudo" a1="sudo" a2="systemctl" a3="stop" a4="auditd.service" +type=CWD msg=audit(1481078569.392:756): cwd="/home/some_user" +type=PATH msg=audit(1481078569.392:756): item=0 name="/usr/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078569.392:756): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078569.392:757): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffdf3190210 a2=6e a3=40 items=1 ppid=1343 pid=1565 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.392:757): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078569.392:757): cwd="/home/some_user" +type=PATH msg=audit(1481078569.392:757): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078569.392:758): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffdf31903a0 a2=6e a3=40 items=1 ppid=1343 pid=1565 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.392:758): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078569.392:758): cwd="/home/some_user" +type=PATH msg=audit(1481078569.392:758): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078569.394:759): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffdf3190d30 a2=6e a3=22 items=1 ppid=1343 pid=1565 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.394:759): saddr=01002F7661722F72756E2F6E7363642F736F636B657400001000000000000000200F19F3FD7F0000E01019F3FD7F0000E0CFAD7E3A7F00002F00000000000000901319F3FD7F00001000000000000000401119F3FD7F0000B00D19F3FD7F00000003000000000000E0CFAD7E3A7F +type=CWD msg=audit(1481078569.394:759): cwd="/home/some_user" +type=PATH msg=audit(1481078569.394:759): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078569.394:760): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffdf3190ec0 a2=6e a3=22 items=1 ppid=1343 pid=1565 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.394:760): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000EDD7AD7E3A7F0000FED7AD7E3A7F000007D8AD7E3A7F000018D8AD7E3A7F000022D8AD7E3A7F000033D8AD7E3A7F00003DD8AD7E3A7F00004ED8AD7E3A7F000056D8AD7E3A7F00001800000030000000D01519F3FD7F +type=CWD msg=audit(1481078569.394:760): cwd="/home/some_user" +type=PATH msg=audit(1481078569.394:760): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078569.395:761): arch=c000003e syscall=42 success=yes exit=0 a0=6 a1=7f3a7c1d5740 a2=6e a3=6d items=1 ppid=1343 pid=1565 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.395:761): saddr=01002F6465762F6C6F6700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078569.395:761): cwd="/home/some_user" +type=PATH msg=audit(1481078569.395:761): item=0 name="/dev/log" inode=6529 dev=00:05 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:devlog_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481078569.395:762): pid=1565 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=7375646F2073797374656D63746C2073746F70206175646974642E73657276696365 terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481078569.396:763): pid=1565 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481078569.396:764): pid=1565 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078569.397:765): arch=c000003e syscall=59 success=yes exit=0 a0=7f3a7eae35d8 a1=7f3a7eae8d38 a2=7f3a7eaecb40 a3=6 items=2 ppid=1565 pid=1566 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078569.397:765): argc=4 a0="sudo" a1="systemctl" a2="stop" a3="auditd.service" +type=CWD msg=audit(1481078569.397:765): cwd="/home/some_user" +type=PATH msg=audit(1481078569.397:765): item=0 name="/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078569.397:765): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078569.398:766): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffed9c9eb10 a2=6e a3=40 items=1 ppid=1565 pid=1566 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.398:766): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078569.398:766): cwd="/home/some_user" +type=PATH msg=audit(1481078569.398:766): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078569.398:767): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffed9c9eca0 a2=6e a3=40 items=1 ppid=1565 pid=1566 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.398:767): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078569.398:767): cwd="/home/some_user" +type=PATH msg=audit(1481078569.398:767): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078569.400:768): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffed9c9f920 a2=6e a3=40 items=1 ppid=1565 pid=1566 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.400:768): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000D064DA2C297F000000FAC9D9FE7F0000F42C6836297F0000A000CAD9FE7F00001067DA2C297F0000F43DDB2C297F000000E8E265D57DBF3B482B6836297F0000050000000000000080F9FB2C297F0000F42C6836297F +type=CWD msg=audit(1481078569.400:768): cwd="/home/some_user" +type=PATH msg=audit(1481078569.400:768): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078569.400:769): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffed9c9fab0 a2=6e a3=ffffffffffffffff items=1 ppid=1565 pid=1566 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.400:769): saddr=01002F7661722F72756E2F6E7363642F736F636B6574000000000000297F0000000000000000000000000000297F0000000000000000000000000000000000005E96931C000000008BAB9B34297F0000FFFFFFFF0000000040FBC9D9FE7F0000E8FAD933297F0000E8BFDA33297F +type=CWD msg=audit(1481078569.400:769): cwd="/home/some_user" +type=PATH msg=audit(1481078569.400:769): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078569.401:770): arch=c000003e syscall=42 success=yes exit=0 a0=6 a1=7f293415a740 a2=6e a3=65 items=1 ppid=1565 pid=1566 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.401:770): saddr=01002F6465762F6C6F6700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078569.401:770): cwd="/home/some_user" +type=PATH msg=audit(1481078569.401:770): item=0 name="/dev/log" inode=6529 dev=00:05 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:devlog_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481078569.401:771): pid=1566 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=73797374656D63746C2073746F70206175646974642E73657276696365 terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481078569.401:772): pid=1566 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481078569.401:773): pid=1566 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078569.402:774): arch=c000003e syscall=59 success=yes exit=0 a0=7f293667d488 a1=7f2936682be8 a2=7f2936686880 a3=6 items=2 ppid=1566 pid=1567 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078569.402:774): argc=3 a0="systemctl" a1="stop" a2="auditd.service" +type=CWD msg=audit(1481078569.402:774): cwd="/home/some_user" +type=PATH msg=audit(1481078569.402:774): item=0 name="/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078569.402:774): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078569.403:775): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7feab5a24118 a2=16 a3=7ffd87294b00 items=1 ppid=1566 pid=1567 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.403:775): saddr=01002F72756E2F73797374656D642F70726976617465 +type=CWD msg=audit(1481078569.403:775): cwd="/home/some_user" +type=PATH msg=audit(1481078569.403:775): item=0 name="/run/systemd/private" inode=10228 dev=00:13 mode=0140777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:init_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078569.404:776): arch=c000003e syscall=59 success=yes exit=0 a0=7feab407dbd8 a1=7ffd87294a60 a2=7ffd872950e8 a3=7ffd87294c30 items=2 ppid=1567 pid=1568 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemd-tty-ask" exe="/usr/bin/systemd-tty-ask-password-agent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078569.404:776): argc=2 a0="/usr/bin/systemd-tty-ask-password-agent" a1="--watch" +type=CWD msg=audit(1481078569.404:776): cwd="/home/some_user" +type=PATH msg=audit(1481078569.404:776): item=0 name="/usr/bin/systemd-tty-ask-password-agent" inode=11161 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_passwd_agent_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078569.404:776): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078569.405:777): arch=c000003e syscall=59 success=yes exit=0 a0=7feab4073bee a1=7ffd872949e0 a2=7ffd872950e8 a3=7ffd87294bc0 items=2 ppid=1567 pid=1569 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078569.405:777): argc=4 a0="/usr/bin/pkttyagent" a1="--notify-fd" a2="5" a3="--fallback" +type=CWD msg=audit(1481078569.405:777): cwd="/home/some_user" +type=PATH msg=audit(1481078569.405:777): item=0 name="/usr/bin/pkttyagent" inode=11479 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078569.405:777): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078569.407:778): arch=c000003e syscall=42 success=yes exit=0 a0=4 a1=7ffc2bf2d1c0 a2=6e a3=7ffc2bf2cf40 items=1 ppid=1567 pid=1569 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078569.407:778): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B65740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078569.407:778): cwd="/home/some_user" +type=PATH msg=audit(1481078569.407:778): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=USER_END msg=audit(1481078569.413:779): pid=1566 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRED_DISP msg=audit(1481078569.413:780): pid=1566 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_END msg=audit(1481078569.414:781): pid=1565 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRED_DISP msg=audit(1481078569.414:782): pid=1565 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078575.368:783): arch=c000003e syscall=59 success=yes exit=0 a0=a302b0 a1=a35de0 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1572 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481078575.368:783): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481078575.368:783): argc=4 a0="sudo" a1="systemctl" a2="stop" a3="auditd.service" +type=CWD msg=audit(1481078575.368:783): cwd="/home/some_user" +type=PATH msg=audit(1481078575.368:783): item=0 name="/usr/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078575.368:783): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078575.368:784): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffdc4c2a690 a2=6e a3=40 items=1 ppid=1343 pid=1572 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078575.368:784): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078575.368:784): cwd="/home/some_user" +type=PATH msg=audit(1481078575.368:784): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078575.368:785): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffdc4c2a820 a2=6e a3=40 items=1 ppid=1343 pid=1572 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078575.368:785): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078575.368:785): cwd="/home/some_user" +type=PATH msg=audit(1481078575.368:785): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078575.370:786): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffdc4c2b1b0 a2=6e a3=22 items=1 ppid=1343 pid=1572 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078575.370:786): saddr=01002F7661722F72756E2F6E7363642F736F636B657400001000000000000000A0B3C2C4FD7F000060B5C2C4FD7F0000E09FFE27197F00002F0000000000000010B8C2C4FD7F00001000000000000000C0B5C2C4FD7F000030B2C2C4FD7F00000003000000000000E09FFE27197F +type=CWD msg=audit(1481078575.370:786): cwd="/home/some_user" +type=PATH msg=audit(1481078575.370:786): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078575.370:787): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffdc4c2b340 a2=6e a3=22 items=1 ppid=1343 pid=1572 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078575.370:787): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000EDA7FE27197F0000FEA7FE27197F000007A8FE27197F000018A8FE27197F000022A8FE27197F000033A8FE27197F00003DA8FE27197F00004EA8FE27197F000056A8FE27197F0000180000003000000050BAC2C4FD7F +type=CWD msg=audit(1481078575.370:787): cwd="/home/some_user" +type=PATH msg=audit(1481078575.370:787): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078575.371:788): arch=c000003e syscall=42 success=yes exit=0 a0=6 a1=7f19257c9740 a2=6e a3=68 items=1 ppid=1343 pid=1572 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078575.371:788): saddr=01002F6465762F6C6F6700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078575.371:788): cwd="/home/some_user" +type=PATH msg=audit(1481078575.371:788): item=0 name="/dev/log" inode=6529 dev=00:05 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:devlog_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481078575.372:789): pid=1572 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=73797374656D63746C2073746F70206175646974642E73657276696365 terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481078575.372:790): pid=1572 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481078575.372:791): pid=1572 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078575.373:792): arch=c000003e syscall=59 success=yes exit=0 a0=7f1927ff05d8 a1=7f1927ff5d38 a2=7f1927ff9ad0 a3=6 items=2 ppid=1572 pid=1573 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078575.373:792): argc=3 a0="systemctl" a1="stop" a2="auditd.service" +type=CWD msg=audit(1481078575.373:792): cwd="/home/some_user" +type=PATH msg=audit(1481078575.373:792): item=0 name="/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078575.373:792): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078575.374:793): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7f8e5463b118 a2=16 a3=7ffe8d0b1a90 items=1 ppid=1572 pid=1573 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078575.374:793): saddr=01002F72756E2F73797374656D642F70726976617465 +type=CWD msg=audit(1481078575.374:793): cwd="/home/some_user" +type=PATH msg=audit(1481078575.374:793): item=0 name="/run/systemd/private" inode=10228 dev=00:13 mode=0140777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:init_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078575.375:794): arch=c000003e syscall=59 success=yes exit=0 a0=7f8e52829bd8 a1=7ffe8d0b19f0 a2=7ffe8d0b2078 a3=7ffe8d0b1bc0 items=2 ppid=1573 pid=1574 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemd-tty-ask" exe="/usr/bin/systemd-tty-ask-password-agent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078575.375:794): argc=2 a0="/usr/bin/systemd-tty-ask-password-agent" a1="--watch" +type=CWD msg=audit(1481078575.375:794): cwd="/home/some_user" +type=PATH msg=audit(1481078575.375:794): item=0 name="/usr/bin/systemd-tty-ask-password-agent" inode=11161 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_passwd_agent_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078575.375:794): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078575.376:795): arch=c000003e syscall=59 success=yes exit=0 a0=7f8e5281fbee a1=7ffe8d0b1970 a2=7ffe8d0b2078 a3=7ffe8d0b1b50 items=2 ppid=1573 pid=1575 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078575.376:795): argc=4 a0="/usr/bin/pkttyagent" a1="--notify-fd" a2="5" a3="--fallback" +type=CWD msg=audit(1481078575.376:795): cwd="/home/some_user" +type=PATH msg=audit(1481078575.376:795): item=0 name="/usr/bin/pkttyagent" inode=11479 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078575.376:795): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078575.378:796): arch=c000003e syscall=42 success=yes exit=0 a0=4 a1=7fff31c7c520 a2=6e a3=7fff31c7c2a0 items=1 ppid=1573 pid=1575 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078575.378:796): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B65740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078575.378:796): cwd="/home/some_user" +type=PATH msg=audit(1481078575.378:796): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=USER_END msg=audit(1481078575.384:797): pid=1572 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRED_DISP msg=audit(1481078575.384:798): pid=1572 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078582.640:799): arch=c000003e syscall=59 success=yes exit=0 a0=a30aa0 a1=a377f0 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1578 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078582.640:799): argc=2 a0="systemctl" a1="list" +type=CWD msg=audit(1481078582.640:799): cwd="/home/some_user" +type=PATH msg=audit(1481078582.640:799): item=0 name="/usr/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078582.640:799): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078582.640:800): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7f73106aa118 a2=21 a3=7fffb6b46b20 items=1 ppid=1343 pid=1578 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078582.640:800): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B6574 +type=CWD msg=audit(1481078582.640:800): cwd="/home/some_user" +type=PATH msg=audit(1481078582.640:800): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078588.360:801): arch=c000003e syscall=59 success=yes exit=0 a0=a2db40 a1=a341f0 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1579 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078588.360:801): argc=2 a0="systemctl" a1="-l" +type=CWD msg=audit(1481078588.360:801): cwd="/home/some_user" +type=PATH msg=audit(1481078588.360:801): item=0 name="/usr/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078588.360:801): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078588.360:802): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7f40d16ea118 a2=21 a3=7ffc6fa17270 items=1 ppid=1343 pid=1579 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078588.360:802): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B6574 +type=CWD msg=audit(1481078588.360:802): cwd="/home/some_user" +type=PATH msg=audit(1481078588.360:802): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078588.365:803): arch=c000003e syscall=59 success=no exit=-2 a0=7ffc6fa15296 a1=7ffc6fa15380 a2=7f40d16ebe70 a3=0 items=1 ppid=1579 pid=1580 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=CWD msg=audit(1481078588.365:803): cwd="/home/some_user" +type=PATH msg=audit(1481078588.365:803): item=0 name="/usr/local/bin/pager" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078588.365:804): arch=c000003e syscall=59 success=no exit=-2 a0=7ffc6fa1529c a1=7ffc6fa15380 a2=7f40d16ebe70 a3=0 items=1 ppid=1579 pid=1580 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=CWD msg=audit(1481078588.365:804): cwd="/home/some_user" +type=PATH msg=audit(1481078588.365:804): item=0 name="/usr/bin/pager" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078588.365:805): arch=c000003e syscall=59 success=no exit=-2 a0=7ffc6fa15295 a1=7ffc6fa15380 a2=7f40d16ebe70 a3=0 items=1 ppid=1579 pid=1580 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=CWD msg=audit(1481078588.365:805): cwd="/home/some_user" +type=PATH msg=audit(1481078588.365:805): item=0 name="/usr/local/sbin/pager" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078588.365:806): arch=c000003e syscall=59 success=no exit=-2 a0=7ffc6fa1529b a1=7ffc6fa15380 a2=7f40d16ebe70 a3=0 items=1 ppid=1579 pid=1580 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=CWD msg=audit(1481078588.365:806): cwd="/home/some_user" +type=PATH msg=audit(1481078588.365:806): item=0 name="/usr/sbin/pager" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078588.365:807): arch=c000003e syscall=59 success=no exit=-2 a0=7ffc6fa15288 a1=7ffc6fa15380 a2=7f40d16ebe70 a3=0 items=1 ppid=1579 pid=1580 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=CWD msg=audit(1481078588.365:807): cwd="/home/some_user" +type=PATH msg=audit(1481078588.365:807): item=0 name="/home/some_user/.local/bin/pager" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078588.365:808): arch=c000003e syscall=59 success=no exit=-2 a0=7ffc6fa1528f a1=7ffc6fa15380 a2=7f40d16ebe70 a3=0 items=1 ppid=1579 pid=1580 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=CWD msg=audit(1481078588.365:808): cwd="/home/some_user" +type=PATH msg=audit(1481078588.365:808): item=0 name="/home/some_user/bin/pager" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078588.365:809): arch=c000003e syscall=59 success=no exit=-2 a0=7ffc6fa15296 a1=7ffc6fa15380 a2=7f40d16ebe70 a3=0 items=1 ppid=1579 pid=1580 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=CWD msg=audit(1481078588.365:809): cwd="/home/some_user" +type=PATH msg=audit(1481078588.365:809): item=0 name="/usr/local/bin/less" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078588.366:810): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc6fa1529c a1=7ffc6fa15380 a2=7f40d16ebe70 a3=0 items=2 ppid=1579 pid=1580 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="less" exe="/usr/bin/less" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078588.366:810): argc=1 a0="less" +type=CWD msg=audit(1481078588.366:810): cwd="/home/some_user" +type=PATH msg=audit(1481078588.366:810): item=0 name="/usr/bin/less" inode=345679 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078588.366:810): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078597.785:811): arch=c000003e syscall=59 success=yes exit=0 a0=a2eea0 a1=a30040 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1581 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078597.785:811): argc=3 a0="systemctl" a1="-l" a2="audit" +type=CWD msg=audit(1481078597.785:811): cwd="/home/some_user" +type=PATH msg=audit(1481078597.785:811): item=0 name="/usr/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078597.785:811): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078597.786:812): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7f1ddecf2118 a2=21 a3=7ffc3f53d430 items=1 ppid=1343 pid=1581 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078597.786:812): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B6574 +type=CWD msg=audit(1481078597.786:812): cwd="/home/some_user" +type=PATH msg=audit(1481078597.786:812): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078602.208:813): arch=c000003e syscall=59 success=yes exit=0 a0=a377f0 a1=a30110 a2=a34fd0 a3=7ffdde1f23c0 items=2 ppid=1343 pid=1583 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="grep" exe="/usr/bin/grep" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078602.208:813): argc=3 a0="grep" a1="--color=auto" a2="audit" +type=CWD msg=audit(1481078602.208:813): cwd="/home/some_user" +type=PATH msg=audit(1481078602.208:813): item=0 name="/usr/bin/grep" inode=2512 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078602.208:813): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078602.209:814): arch=c000003e syscall=59 success=yes exit=0 a0=a2ee00 a1=a377d0 a2=a34fd0 a3=7ffdde1f23c0 items=2 ppid=1343 pid=1582 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078602.209:814): argc=2 a0="systemctl" a1="-l" +type=CWD msg=audit(1481078602.209:814): cwd="/home/some_user" +type=PATH msg=audit(1481078602.209:814): item=0 name="/usr/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078602.209:814): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078602.210:815): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7f35a8e1d118 a2=21 a3=7ffeecb75320 items=1 ppid=1343 pid=1582 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078602.210:815): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B6574 +type=CWD msg=audit(1481078602.210:815): cwd="/home/some_user" +type=PATH msg=audit(1481078602.210:815): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078602.998:816): arch=c000003e syscall=59 success=yes exit=0 a0=1e79ef0 a1=1e98040 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1584 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078602.998:816): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481078602.998:816): cwd="/" +type=PATH msg=audit(1481078602.998:816): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078602.998:816): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078603.002:817): arch=c000003e syscall=59 success=yes exit=0 a0=1e79ef0 a1=1e98040 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1585 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078603.002:817): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481078603.002:817): cwd="/" +type=PATH msg=audit(1481078603.002:817): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078603.002:817): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078603.006:818): arch=c000003e syscall=59 success=yes exit=0 a0=1e95970 a1=1e215c0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1586 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078603.006:818): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481078603.006:818): cwd="/" +type=PATH msg=audit(1481078603.006:818): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078603.006:818): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078603.009:819): arch=c000003e syscall=59 success=yes exit=0 a0=1e215c0 a1=1ea90d0 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1587 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078603.009:819): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481078603.009:819): cwd="/" +type=PATH msg=audit(1481078603.009:819): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078603.009:819): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078603.012:820): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffeb9b2b770 a2=10 a3=fe items=0 ppid=1 pid=1222 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_accounts" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078603.012:820): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078612.837:821): arch=c000003e syscall=59 success=no exit=-2 a0=13934c0 a1=12e0e10 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1588 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078612.837:821): cwd="/" +type=PATH msg=audit(1481078612.837:821): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078612.837:822): arch=c000003e syscall=59 success=no exit=-2 a0=13934c0 a1=12e0e10 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1588 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078612.837:822): cwd="/" +type=PATH msg=audit(1481078612.837:822): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078612.837:823): arch=c000003e syscall=59 success=yes exit=0 a0=13934c0 a1=12e0e10 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1588 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078612.837:823): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078612.837:823): cwd="/" +type=PATH msg=audit(1481078612.837:823): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078612.837:823): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078612.839:824): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffc08f67860 a2=10 a3=fe items=0 ppid=1 pid=1220 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078612.839:824): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078612.976:825): arch=c000003e syscall=42 success=yes exit=0 a0=15 a1=7ffc4d9dc980 a2=6e a3=ea60 items=1 ppid=1 pid=1276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078612.976:825): saddr=01007075626C69632F7069636B75700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078612.976:825): cwd="/var/spool/postfix" +type=PATH msg=audit(1481078612.976:825): item=0 name="public/pickup" inode=34151428 dev=08:01 mode=0140666 ouid=89 ogid=89 rdev=00:00 obj=system_u:object_r:postfix_public_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078613.359:826): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffc6ea4e240 a2=10 a3=fe items=0 ppid=1 pid=1224 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_clock_sk" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078613.359:826): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078619.593:827): arch=c000003e syscall=59 success=yes exit=0 a0=a3e1a0 a1=a35ce0 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1589 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481078619.593:827): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481078619.593:827): argc=4 a0="sudo" a1="systemctl" a2="stop" a3="auditd.service" +type=CWD msg=audit(1481078619.593:827): cwd="/home/some_user" +type=PATH msg=audit(1481078619.593:827): item=0 name="/usr/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078619.593:827): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078619.594:828): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7fffbda957a0 a2=6e a3=40 items=1 ppid=1343 pid=1589 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078619.594:828): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078619.594:828): cwd="/home/some_user" +type=PATH msg=audit(1481078619.594:828): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078619.594:829): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7fffbda95930 a2=6e a3=40 items=1 ppid=1343 pid=1589 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078619.594:829): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078619.594:829): cwd="/home/some_user" +type=PATH msg=audit(1481078619.594:829): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078619.596:830): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7fffbda962c0 a2=6e a3=22 items=1 ppid=1343 pid=1589 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078619.596:830): saddr=01002F7661722F72756E2F6E7363642F736F636B657400001000000000000000B064A9BDFF7F00007066A9BDFF7F0000E05FB2C6507F00002F000000000000002069A9BDFF7F00001000000000000000D066A9BDFF7F00004063A9BDFF7F00000003000000000000E05FB2C6507F +type=CWD msg=audit(1481078619.596:830): cwd="/home/some_user" +type=PATH msg=audit(1481078619.596:830): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078619.596:831): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7fffbda96450 a2=6e a3=22 items=1 ppid=1343 pid=1589 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078619.596:831): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000ED67B2C6507F0000FE67B2C6507F00000768B2C6507F00001868B2C6507F00002268B2C6507F00003368B2C6507F00003D68B2C6507F00004E68B2C6507F00005668B2C6507F00001800000030000000606BA9BDFF7F +type=CWD msg=audit(1481078619.596:831): cwd="/home/some_user" +type=PATH msg=audit(1481078619.596:831): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078619.597:832): arch=c000003e syscall=42 success=yes exit=0 a0=6 a1=7f50c4ffc740 a2=6e a3=68 items=1 ppid=1343 pid=1589 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078619.597:832): saddr=01002F6465762F6C6F6700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078619.597:832): cwd="/home/some_user" +type=PATH msg=audit(1481078619.597:832): item=0 name="/dev/log" inode=6529 dev=00:05 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:devlog_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481078619.597:833): pid=1589 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=73797374656D63746C2073746F70206175646974642E73657276696365 terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481078619.597:834): pid=1589 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481078619.597:835): pid=1589 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078619.598:836): arch=c000003e syscall=59 success=yes exit=0 a0=7f50c6b2c5d8 a1=7f50c6b31d38 a2=7f50c6b35ad0 a3=6 items=2 ppid=1589 pid=1590 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078619.598:836): argc=3 a0="systemctl" a1="stop" a2="auditd.service" +type=CWD msg=audit(1481078619.598:836): cwd="/home/some_user" +type=PATH msg=audit(1481078619.598:836): item=0 name="/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078619.598:836): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078619.599:837): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7fac5f739118 a2=16 a3=7ffde628df80 items=1 ppid=1589 pid=1590 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078619.599:837): saddr=01002F72756E2F73797374656D642F70726976617465 +type=CWD msg=audit(1481078619.599:837): cwd="/home/some_user" +type=PATH msg=audit(1481078619.599:837): item=0 name="/run/systemd/private" inode=10228 dev=00:13 mode=0140777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:init_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078619.600:838): arch=c000003e syscall=59 success=yes exit=0 a0=7fac5f30dbd8 a1=7ffde628dee0 a2=7ffde628e568 a3=7ffde628e0b0 items=2 ppid=1590 pid=1591 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="systemd-tty-ask" exe="/usr/bin/systemd-tty-ask-password-agent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078619.600:838): argc=2 a0="/usr/bin/systemd-tty-ask-password-agent" a1="--watch" +type=CWD msg=audit(1481078619.600:838): cwd="/home/some_user" +type=PATH msg=audit(1481078619.600:838): item=0 name="/usr/bin/systemd-tty-ask-password-agent" inode=11161 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_passwd_agent_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078619.600:838): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078619.601:839): arch=c000003e syscall=59 success=yes exit=0 a0=7fac5f303bee a1=7ffde628de60 a2=7ffde628e568 a3=7ffde628e040 items=2 ppid=1590 pid=1592 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078619.601:839): argc=4 a0="/usr/bin/pkttyagent" a1="--notify-fd" a2="5" a3="--fallback" +type=CWD msg=audit(1481078619.601:839): cwd="/home/some_user" +type=PATH msg=audit(1481078619.601:839): item=0 name="/usr/bin/pkttyagent" inode=11479 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078619.601:839): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078619.603:840): arch=c000003e syscall=42 success=yes exit=0 a0=4 a1=7fff1b79e450 a2=6e a3=7fff1b79e1d0 items=1 ppid=1590 pid=1592 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078619.603:840): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B65740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078619.603:840): cwd="/home/some_user" +type=PATH msg=audit(1481078619.603:840): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=USER_END msg=audit(1481078619.609:841): pid=1589 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=CRED_DISP msg=audit(1481078619.610:842): pid=1589 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078672.853:843): arch=c000003e syscall=59 success=no exit=-2 a0=1255f40 a1=13cd530 a2=7ffc08f6aa80 a3=7ffc08f687a0 items=1 ppid=1220 pid=1595 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078672.853:843): cwd="/" +type=PATH msg=audit(1481078672.853:843): item=0 name="/usr/local/sbin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078672.853:844): arch=c000003e syscall=59 success=no exit=-2 a0=1255f40 a1=13cd530 a2=7ffc08f6aa80 a3=0 items=1 ppid=1220 pid=1595 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=CWD msg=audit(1481078672.853:844): cwd="/" +type=PATH msg=audit(1481078672.853:844): item=0 name="/usr/local/bin/ip" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078672.853:845): arch=c000003e syscall=59 success=yes exit=0 a0=1255f40 a1=13cd530 a2=7ffc08f6aa80 a3=0 items=2 ppid=1220 pid=1595 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/usr/sbin/ip" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078672.853:845): argc=13 a0="ip" a1="route" a2="ls" a3="table" a4="local" a5="type" a6="local" a7="scope" a8="host" a9="dev" a10="eth0" a11="proto" a12="66" +type=CWD msg=audit(1481078672.853:845): cwd="/" +type=PATH msg=audit(1481078672.853:845): item=0 name="/usr/sbin/ip" inode=16779846 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ifconfig_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078672.853:845): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078672.855:846): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffc08f67860 a2=10 a3=fe items=0 ppid=1 pid=1220 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_ip_forwa" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078672.855:846): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078672.986:847): arch=c000003e syscall=42 success=yes exit=0 a0=15 a1=7ffc4d9dc980 a2=6e a3=ea60 items=1 ppid=1 pid=1276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078672.986:847): saddr=01007075626C69632F7069636B75700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078672.986:847): cwd="/var/spool/postfix" +type=PATH msg=audit(1481078672.986:847): item=0 name="public/pickup" inode=34151428 dev=08:01 mode=0140666 ouid=89 ogid=89 rdev=00:00 obj=system_u:object_r:postfix_public_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078673.373:848): arch=c000003e syscall=42 success=no exit=-115 a0=5 a1=7ffc6ea4e240 a2=10 a3=fe items=0 ppid=1 pid=1224 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_clock_sk" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078673.373:848): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078692.027:849): arch=c000003e syscall=59 success=yes exit=0 a0=1e98040 a1=1ce5cc0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1596 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078692.027:849): argc=2 a0="/sbin/restorecon" a1="/home/some_user" +type=CWD msg=audit(1481078692.027:849): cwd="/" +type=PATH msg=audit(1481078692.027:849): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078692.027:849): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078692.031:850): arch=c000003e syscall=59 success=yes exit=0 a0=1e98040 a1=1ce5cc0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1597 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078692.031:850): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh" +type=CWD msg=audit(1481078692.031:850): cwd="/" +type=PATH msg=audit(1481078692.031:850): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078692.031:850): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078692.035:851): arch=c000003e syscall=59 success=yes exit=0 a0=1e95970 a1=1e9ffb0 a2=7ffeb9b2e990 a3=7ffeb9b2c1f0 items=2 ppid=1222 pid=1598 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078692.035:851): argc=2 a0="/sbin/restorecon" a1="/home/some_user/.ssh/authorized_keys" +type=CWD msg=audit(1481078692.035:851): cwd="/" +type=PATH msg=audit(1481078692.035:851): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078692.035:851): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078692.038:852): arch=c000003e syscall=59 success=yes exit=0 a0=1e9ffb0 a1=1e215c0 a2=7ffeb9b2e990 a3=7ffeb9b2c4b0 items=2 ppid=1222 pid=1599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=EXECVE msg=audit(1481078692.038:852): argc=2 a0="/sbin/restorecon" a1="/var/lib/google/google_users" +type=CWD msg=audit(1481078692.038:852): cwd="/" +type=PATH msg=audit(1481078692.038:852): item=0 name="/sbin/restorecon" inode=16782036 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:setfiles_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078692.038:852): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078692.042:853): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7ffeb9b2b770 a2=10 a3=fe items=0 ppid=1 pid=1222 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="google_accounts" exe="/usr/bin/python2.7" subj=system_u:system_r:unconfined_service_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078692.042:853): saddr=02000050A9FEA9FE0000000000000000 +type=SYSCALL msg=audit(1481078693.422:854): arch=c000003e syscall=59 success=yes exit=0 a0=a30aa0 a1=a340e0 a2=a34fd0 a3=7ffdde1f2620 items=3 ppid=1343 pid=1600 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="service" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.422:854): argc=4 a0="/bin/sh" a1="/usr/sbin/service" a2="auditd" a3="stop" +type=CWD msg=audit(1481078693.422:854): cwd="/home/some_user" +type=PATH msg=audit(1481078693.422:854): item=0 name="/usr/sbin/service" inode=16784574 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.422:854): item=1 name="/bin/sh" inode=1429 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.422:854): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.430:855): arch=c000003e syscall=59 success=yes exit=0 a0=26f61a0 a1=26f5450 a2=26eeb80 a3=7ffe13340100 items=2 ppid=1601 pid=1602 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="mountpoint" exe="/usr/bin/mountpoint" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.430:855): argc=3 a0="/bin/mountpoint" a1="-q" a2="/cgroup/systemd" +type=CWD msg=audit(1481078693.430:855): cwd="/home/some_user" +type=PATH msg=audit(1481078693.430:855): item=0 name="/bin/mountpoint" inode=11077 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.430:855): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.431:856): arch=c000003e syscall=59 success=yes exit=0 a0=26f57c0 a1=26f5420 a2=26eeb80 a3=7ffe13340100 items=2 ppid=1601 pid=1603 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="mountpoint" exe="/usr/bin/mountpoint" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.431:856): argc=3 a0="/bin/mountpoint" a1="-q" a2="/sys/fs/cgroup/systemd" +type=CWD msg=audit(1481078693.431:856): cwd="/home/some_user" +type=PATH msg=audit(1481078693.431:856): item=0 name="/bin/mountpoint" inode=11077 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.431:856): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.433:857): arch=c000003e syscall=59 success=yes exit=0 a0=26f5e30 a1=26ee660 a2=26fa130 a3=7ffe1333fb80 items=2 ppid=1604 pid=1605 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="consoletype" exe="/usr/sbin/consoletype" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.433:857): argc=1 a0="/sbin/consoletype" +type=CWD msg=audit(1481078693.433:857): cwd="/home/some_user" +type=PATH msg=audit(1481078693.433:857): item=0 name="/sbin/consoletype" inode=16784566 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.433:857): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.437:858): arch=c000003e syscall=59 success=yes exit=0 a0=271c010 a1=271c750 a2=26fa130 a3=7ffe13340230 items=2 ppid=1600 pid=1606 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="basename" exe="/usr/bin/basename" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.437:858): argc=2 a0="basename" a1="/usr/sbin/service" +type=CWD msg=audit(1481078693.437:858): cwd="/home/some_user" +type=PATH msg=audit(1481078693.437:858): item=0 name="/bin/basename" inode=3839 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.437:858): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.438:859): arch=c000003e syscall=59 success=yes exit=0 a0=271c410 a1=271cc00 a2=26fa130 a3=7ffe13340230 items=2 ppid=1600 pid=1607 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="basename" exe="/usr/bin/basename" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.438:859): argc=2 a0="basename" a1="/usr/sbin/service" +type=CWD msg=audit(1481078693.438:859): cwd="/home/some_user" +type=PATH msg=audit(1481078693.438:859): item=0 name="/bin/basename" inode=3839 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.438:859): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.440:860): arch=c000003e syscall=59 success=yes exit=0 a0=271d2a0 a1=271bca0 a2=26fa130 a3=7ffe1333fff0 items=3 ppid=1608 pid=1610 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="egrep" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.440:860): argc=4 a0="/bin/sh" a1="/bin/egrep" a2="-qw" a3="start|stop|restart|try-restart|reload|force-reload|status|condrestart" +type=CWD msg=audit(1481078693.440:860): cwd="/" +type=PATH msg=audit(1481078693.440:860): item=0 name="/bin/egrep" inode=8006 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.440:860): item=1 name="/bin/sh" inode=1429 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.440:860): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.441:861): arch=c000003e syscall=59 success=yes exit=0 a0=1490100 a1=148a460 a2=148db00 a3=7ffe92eb47e0 items=2 ppid=1608 pid=1610 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="grep" exe="/usr/bin/grep" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.441:861): argc=4 a0="grep" a1="-E" a2="-qw" a3="start|stop|restart|try-restart|reload|force-reload|status|condrestart" +type=CWD msg=audit(1481078693.441:861): cwd="/" +type=PATH msg=audit(1481078693.441:861): item=0 name="/bin/grep" inode=2512 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.441:861): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.442:862): arch=c000003e syscall=59 success=yes exit=0 a0=26f4e30 a1=271cb50 a2=26f12f0 a3=7ffe13340570 items=2 ppid=1343 pid=1600 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.442:862): argc=3 a0="/bin/systemctl" a1="stop" a2="auditd.service" +type=CWD msg=audit(1481078693.442:862): cwd="/" +type=PATH msg=audit(1481078693.442:862): item=0 name="/bin/systemctl" inode=5203 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_systemctl_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.442:862): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.443:863): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7ff47b483118 a2=21 a3=7ffc86257c80 items=1 ppid=1343 pid=1600 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemctl" exe="/usr/bin/systemctl" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078693.443:863): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B6574 +type=CWD msg=audit(1481078693.443:863): cwd="/" +type=PATH msg=audit(1481078693.443:863): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.443:864): arch=c000003e syscall=59 success=yes exit=0 a0=7ff479545bd8 a1=7ffc86257c20 a2=7ffc862582a8 a3=7ffc86257df0 items=2 ppid=1600 pid=1611 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="systemd-tty-ask" exe="/usr/bin/systemd-tty-ask-password-agent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.443:864): argc=2 a0="/usr/bin/systemd-tty-ask-password-agent" a1="--watch" +type=CWD msg=audit(1481078693.443:864): cwd="/" +type=PATH msg=audit(1481078693.443:864): item=0 name="/usr/bin/systemd-tty-ask-password-agent" inode=11161 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:systemd_passwd_agent_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.443:864): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.444:865): arch=c000003e syscall=59 success=yes exit=0 a0=7ff47953bbee a1=7ffc86257ba0 a2=7ffc862582a8 a3=7ffc86257d80 items=2 ppid=1600 pid=1612 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.444:865): argc=4 a0="/usr/bin/pkttyagent" a1="--notify-fd" a2="5" a3="--fallback" +type=CWD msg=audit(1481078693.444:865): cwd="/" +type=PATH msg=audit(1481078693.444:865): item=0 name="/usr/bin/pkttyagent" inode=11479 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.444:865): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.447:866): arch=c000003e syscall=42 success=yes exit=0 a0=4 a1=7ffd6d46d650 a2=6e a3=7ffd6d46d3d0 items=1 ppid=1600 pid=1612 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078693.447:866): saddr=01002F7661722F72756E2F646275732F73797374656D5F6275735F736F636B65740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078693.447:866): cwd="/" +type=PATH msg=audit(1481078693.447:866): item=0 name="/var/run/dbus/system_bus_socket" inode=11914 dev=00:13 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_dbusd_var_run_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.459:867): arch=c000003e syscall=59 success=yes exit=0 a0=7f618eb3edd0 a1=7f618eb85cd0 a2=7ffe19235950 a3=7ffe19234560 items=2 ppid=547 pid=1615 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm="pkla-check-auth" exe="/usr/bin/pkla-check-authorization" subj=system_u:system_r:policykit_auth_t:s0 key=(null) +type=EXECVE msg=audit(1481078693.459:867): argc=5 a0="/usr/bin/pkla-check-authorization" a1="some_user" a2="false" a3="true" a4="org.freedesktop.systemd1.manage-units" +type=CWD msg=audit(1481078693.459:867): cwd="/" +type=PATH msg=audit(1481078693.459:867): item=0 name="/usr/bin/pkla-check-authorization" inode=11484 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:policykit_auth_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.459:867): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.472:868): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffd2df48a60 a2=6e a3=7ffd2df48c30 items=1 ppid=547 pid=1615 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm="pkla-check-auth" exe="/usr/bin/pkla-check-authorization" subj=system_u:system_r:policykit_auth_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078693.472:868): saddr=01002F7661722F72756E2F6E7363642F736F636B6574000054A47F31747F0000000000000000000018CD6F30747F000006000000000000001B00000000000000BB95931C0000000089A37F31747F0000000000000000000070A3CD30747F000004000000000000001B0000000000 +type=CWD msg=audit(1481078693.472:868): cwd="/" +type=PATH msg=audit(1481078693.472:868): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.472:869): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffd2df48bf0 a2=6e a3=7ffd2df48c30 items=1 ppid=547 pid=1615 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm="pkla-check-auth" exe="/usr/bin/pkla-check-authorization" subj=system_u:system_r:policykit_auth_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078693.472:869): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000F82B7030747F0000408DF42DFD7F0000308DF42DFD7F00003F000000747F00002C000000747F0000000000000000000050BB9D31747F000000A0A031747F000034BFCE30747F0000089D7030747F000038A8CD30747F +type=CWD msg=audit(1481078693.472:869): cwd="/" +type=PATH msg=audit(1481078693.472:869): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.472:870): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffd2df48820 a2=6e a3=50 items=1 ppid=547 pid=1615 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm="pkla-check-auth" exe="/usr/bin/pkla-check-authorization" subj=system_u:system_r:policykit_auth_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078693.472:870): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000D35C2731747F0000704ECE30747F0000F8532631747F0000000000000500000089A37F31747F00000000000000000000E0EE0031747F000003000000000000001B00000000000000338D2C9E000000008BAB7F31747F +type=CWD msg=audit(1481078693.472:870): cwd="/" +type=PATH msg=audit(1481078693.472:870): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.473:871): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7ffd2df489b0 a2=6e a3=50 items=1 ppid=547 pid=1615 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm="pkla-check-auth" exe="/usr/bin/pkla-check-authorization" subj=system_u:system_r:policykit_auth_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078693.473:871): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000000000000000000000000000000000000000000000000000003DB632747F00000A000000000000000000000000000000C5187730747F0000003DB632747F000077F97630747F00008036AB30747F0000C0097730747F +type=CWD msg=audit(1481078693.473:871): cwd="/" +type=PATH msg=audit(1481078693.473:871): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.488:872): arch=c000003e syscall=59 success=yes exit=0 a0=7f618eaf1f90 a1=7f618eb2cdd0 a2=7ffe19235950 a3=7ffe19234660 items=2 ppid=547 pid=1617 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm="pkla-admin-iden" exe="/usr/bin/pkla-admin-identities" subj=system_u:system_r:policykit_t:s0 key=(null) +type=EXECVE msg=audit(1481078693.488:872): argc=1 a0="/usr/bin/pkla-admin-identities" +type=CWD msg=audit(1481078693.488:872): cwd="/" +type=PATH msg=audit(1481078693.488:872): item=0 name="/usr/bin/pkla-admin-identities" inode=11483 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.488:872): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.491:873): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffdf74b3db0 a2=6e a3=7ffdf74b3f80 items=1 ppid=547 pid=1617 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm="pkla-admin-iden" exe="/usr/bin/pkla-admin-identities" subj=system_u:system_r:policykit_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078693.491:873): saddr=01002F7661722F72756E2F6E7363642F736F636B657400008983B330BE7F0000000000000000000070830130BE7F000004000000000000001B00000000000000D128B7ED000000008B8BB330BE7F00003B00000000000000403E4BF7FD7F0000447F0130BE7F000080150230BE7F +type=CWD msg=audit(1481078693.491:873): cwd="/" +type=PATH msg=audit(1481078693.491:873): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.491:874): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffdf74b3f40 a2=6e a3=7ffdf74b3f80 items=1 ppid=547 pid=1617 auid=4294967295 uid=999 gid=998 euid=999 suid=999 fsuid=999 egid=998 sgid=998 fsgid=998 tty=(none) ses=4294967295 comm="pkla-admin-iden" exe="/usr/bin/pkla-admin-identities" subj=system_u:system_r:policykit_t:s0 key=(null) +type=SOCKADDR msg=audit(1481078693.491:874): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000F80BA42FBE7F000090404BF7FD7F000080404BF7FD7F00003F000000000000001B000000000000000000000000000000389BD130BE7F00000080D430BE7F0000349F0230BE7F0000087DA42FBE7F000038880130BE7F +type=CWD msg=audit(1481078693.491:874): cwd="/" +type=PATH msg=audit(1481078693.491:874): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.504:875): arch=c000003e syscall=42 success=no exit=-2 a0=5 a1=7f4dc96cdde0 a2=6e a3=7f4dbc002cf0 items=1 ppid=1600 pid=1614 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078693.504:875): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078693.504:875): cwd="/" +type=PATH msg=audit(1481078693.504:875): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.504:876): arch=c000003e syscall=42 success=no exit=-2 a0=5 a1=7f4dc96cdf70 a2=6e a3=7f4dbc002cf0 items=1 ppid=1600 pid=1614 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="pkttyagent" exe="/usr/bin/pkttyagent" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078693.504:876): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078693.504:876): cwd="/" +type=PATH msg=audit(1481078693.504:876): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.504:877): arch=c000003e syscall=59 success=yes exit=0 a0=7f4dcd6e5270 a1=7f4dc96cea50 a2=7ffd6d46dea0 a3=7f4dc96ce520 items=2 ppid=1612 pid=1619 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="polkit-agent-he" exe="/usr/lib/polkit-1/polkit-agent-helper-1" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481078693.504:877): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481078693.504:877): argc=3 a0="/usr/lib/polkit-1/polkit-agent-helper-1" a1="root" a2="cookie0" +type=CWD msg=audit(1481078693.504:877): cwd="/" +type=PATH msg=audit(1481078693.504:877): item=0 name="/usr/lib/polkit-1/polkit-agent-helper-1" inode=33602468 dev=08:01 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:policykit_auth_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.504:877): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.511:878): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffc4c3bafd0 a2=6e a3=7ffc4c3bb190 items=1 ppid=1612 pid=1619 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="polkit-agent-he" exe="/usr/lib/polkit-1/polkit-agent-helper-1" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078693.511:878): saddr=01002F7661722F72756E2F6E7363642F736F636B6574000010EE687BD77F000050B03B4CFC7F000000000000FC7F000000000000D77F000040B03B4CFC7F0000000000000000000001000000000000004F191179D77F00003CB03B4CFC7F00000000000000000000000000000000 +type=CWD msg=audit(1481078693.511:878): cwd="/" +type=PATH msg=audit(1481078693.511:878): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.511:879): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffc4c3bb160 a2=6e a3=7ffc4c3bb190 items=1 ppid=1612 pid=1619 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="polkit-agent-he" exe="/usr/lib/polkit-1/polkit-agent-helper-1" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078693.511:879): saddr=01002F7661722F72756E2F6E7363642F736F636B6574000090B23B4CFC7F0000390000000000000000000000000000000000000000000000700E5079D77F000000F05279D77F0000AF811079D77F0000085D3978D77F000048781079D77F00000000000001000000B50500000100 +type=CWD msg=audit(1481078693.511:879): cwd="/" +type=PATH msg=audit(1481078693.511:879): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.512:880): arch=c000003e syscall=59 success=yes exit=0 a0=7fd7752cc3ed a1=7ffc4c3bb340 a2=7fd7754d33c0 a3=2 items=2 ppid=1619 pid=1620 auid=1000 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078693.512:880): argc=3 a0="/usr/sbin/unix_chkpwd" a1="root" a2="nullok" +type=CWD msg=audit(1481078693.512:880): cwd="/" +type=PATH msg=audit(1481078693.512:880): item=0 name="/usr/sbin/unix_chkpwd" inode=16781526 dev=08:01 mode=0104755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:chkpwd_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078693.512:880): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078693.512:881): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffcccb57610 a2=6e a3=40 items=1 ppid=1619 pid=1620 auid=1000 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078693.512:881): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000000000000000000002000000060000000000000000000000E50100005600000060AD02A15A7F0000000020F96A99F9FF01000000000000002077B5CCFC7F000000A051A25A7F00002381E1A05A7F00000000E0EB6A99 +type=CWD msg=audit(1481078693.512:881): cwd="/" +type=PATH msg=audit(1481078693.512:881): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078693.512:882): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7ffcccb577a0 a2=6e a3=40 items=1 ppid=1619 pid=1620 auid=1000 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="unix_chkpwd" exe="/usr/sbin/unix_chkpwd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078693.512:882): saddr=01002F7661722F72756E2F6E7363642F736F636B657400FE00000000000000007079B5CCFC7F000000B051A25A7F00003C9C45A15A7F00000000A0EE6A99F9FF000030236244B5FE04000000000000007079B5CCFC7F0000202B52A25A7F000069A2EAA15A7F0000000000EF6A99 +type=CWD msg=audit(1481078693.512:882): cwd="/" +type=PATH msg=audit(1481078693.512:882): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078697.852:883): arch=c000003e syscall=59 success=yes exit=0 a0=a3e2b0 a1=a35a20 a2=a34fd0 a3=7ffdde1f2620 items=2 ppid=1343 pid=1621 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=BPRM_FCAPS msg=audit(1481078697.852:883): fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000000000000000 old_pi=0000000000000000 old_pe=0000000000000000 new_pp=0000001fffffffff new_pi=0000000000000000 new_pe=0000001fffffffff +type=EXECVE msg=audit(1481078697.852:883): argc=4 a0="sudo" a1="service" a2="auditd" a3="stop" +type=CWD msg=audit(1481078697.852:883): cwd="/home/some_user" +type=PATH msg=audit(1481078697.852:883): item=0 name="/usr/bin/sudo" inode=345659 dev=08:01 mode=0104111 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sudo_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.852:883): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.853:884): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7fff4080ee70 a2=6e a3=40 items=1 ppid=1343 pid=1621 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078697.853:884): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078697.853:884): cwd="/home/some_user" +type=PATH msg=audit(1481078697.853:884): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078697.853:885): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7fff4080f000 a2=6e a3=40 items=1 ppid=1343 pid=1621 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078697.853:885): saddr=01002F7661722F72756E2F6E7363642F736F636B657400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078697.853:885): cwd="/home/some_user" +type=PATH msg=audit(1481078697.853:885): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078697.855:886): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7fff4080f990 a2=6e a3=22 items=1 ppid=1343 pid=1621 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078697.855:886): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000100000000000000080FB8040FF7F000040FD8040FF7F0000E05FFA9D917F00002F00000000000000F0FF8040FF7F00001000000000000000A0FD8040FF7F000010FA8040FF7F00000003000000000000E05FFA9D917F +type=CWD msg=audit(1481078697.855:886): cwd="/home/some_user" +type=PATH msg=audit(1481078697.855:886): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078697.856:887): arch=c000003e syscall=42 success=no exit=-2 a0=6 a1=7fff4080fb20 a2=6e a3=22 items=1 ppid=1343 pid=1621 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=0 sgid=1001 fsgid=0 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078697.856:887): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000ED67FA9D917F0000FE67FA9D917F00000768FA9D917F00001868FA9D917F00002268FA9D917F00003368FA9D917F00003D68FA9D917F00004E68FA9D917F00005668FA9D917F0000180000003000000030028140FF7F +type=CWD msg=audit(1481078697.856:887): cwd="/home/some_user" +type=PATH msg=audit(1481078697.856:887): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078697.857:888): arch=c000003e syscall=42 success=yes exit=0 a0=6 a1=7f919ca33740 a2=6e a3=5f items=1 ppid=1343 pid=1621 auid=1000 uid=1000 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=3 comm="sudo" exe="/usr/bin/sudo" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078697.857:888): saddr=01002F6465762F6C6F6700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +type=CWD msg=audit(1481078697.857:888): cwd="/home/some_user" +type=PATH msg=audit(1481078697.857:888): item=0 name="/dev/log" inode=6529 dev=00:05 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:devlog_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1481078697.857:889): pid=1621 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=73657276696365206175646974642073746F70 terminal=pts/0 res=success' +type=CRED_ACQ msg=audit(1481078697.857:890): pid=1621 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=USER_START msg=audit(1481078697.857:891): pid=1621 uid=0 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' +type=SYSCALL msg=audit(1481078697.858:892): arch=c000003e syscall=59 success=yes exit=0 a0=7f919dfac5d8 a1=7f919dfb1d38 a2=7f919dfb5ad0 a3=6 items=3 ppid=1621 pid=1622 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="service" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.858:892): argc=4 a0="/bin/sh" a1="/sbin/service" a2="auditd" a3="stop" +type=CWD msg=audit(1481078697.858:892): cwd="/home/some_user" +type=PATH msg=audit(1481078697.858:892): item=0 name="/sbin/service" inode=16784574 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.858:892): item=1 name="/bin/sh" inode=1429 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.858:892): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.860:893): arch=c000003e syscall=59 success=yes exit=0 a0=18e7a40 a1=18dfe10 a2=18e0420 a3=7ffcf56f3000 items=2 ppid=1623 pid=1624 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="mountpoint" exe="/usr/bin/mountpoint" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.860:893): argc=3 a0="/bin/mountpoint" a1="-q" a2="/cgroup/systemd" +type=CWD msg=audit(1481078697.860:893): cwd="/home/some_user" +type=PATH msg=audit(1481078697.860:893): item=0 name="/bin/mountpoint" inode=11077 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.860:893): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.861:894): arch=c000003e syscall=59 success=yes exit=0 a0=18e6cb0 a1=18e7020 a2=18e0420 a3=7ffcf56f3000 items=2 ppid=1623 pid=1625 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="mountpoint" exe="/usr/bin/mountpoint" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.861:894): argc=3 a0="/bin/mountpoint" a1="-q" a2="/sys/fs/cgroup/systemd" +type=CWD msg=audit(1481078697.861:894): cwd="/home/some_user" +type=PATH msg=audit(1481078697.861:894): item=0 name="/bin/mountpoint" inode=11077 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.861:894): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.863:895): arch=c000003e syscall=59 success=yes exit=0 a0=18e0000 a1=18eb7e0 a2=18eba50 a3=7ffcf56f2a80 items=2 ppid=1626 pid=1627 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="consoletype" exe="/usr/sbin/consoletype" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.863:895): argc=1 a0="/sbin/consoletype" +type=CWD msg=audit(1481078697.863:895): cwd="/home/some_user" +type=PATH msg=audit(1481078697.863:895): item=0 name="/sbin/consoletype" inode=16784566 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.863:895): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.866:896): arch=c000003e syscall=59 success=yes exit=0 a0=190d9c0 a1=190e100 a2=18eba50 a3=7ffcf56f3130 items=2 ppid=1622 pid=1628 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="basename" exe="/usr/bin/basename" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.866:896): argc=2 a0="basename" a1="/sbin/service" +type=CWD msg=audit(1481078697.866:896): cwd="/home/some_user" +type=PATH msg=audit(1481078697.866:896): item=0 name="/bin/basename" inode=3839 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.866:896): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.867:897): arch=c000003e syscall=59 success=yes exit=0 a0=190ddc0 a1=190e5b0 a2=18eba50 a3=7ffcf56f3130 items=2 ppid=1622 pid=1629 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="basename" exe="/usr/bin/basename" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.867:897): argc=2 a0="basename" a1="/sbin/service" +type=CWD msg=audit(1481078697.867:897): cwd="/home/some_user" +type=PATH msg=audit(1481078697.867:897): item=0 name="/bin/basename" inode=3839 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.867:897): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.868:898): arch=c000003e syscall=59 success=yes exit=0 a0=18e66f0 a1=18e52f0 a2=18eba50 a3=7ffcf56f3700 items=2 ppid=1622 pid=1630 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="env" exe="/usr/bin/env" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.868:898): argc=7 a0="env" a1="-i" a2="PATH=/sbin:/usr/sbin:/bin:/usr/bin" a3="TERM=xterm-256color" a4="SYSTEMCTL_IGNORE_DEPENDENCIES=" a5="SYSTEMCTL_SKIP_REDIRECT=" a6="/usr/libexec/initscripts/legacy-actions/auditd/stop" +type=CWD msg=audit(1481078697.868:898): cwd="/" +type=PATH msg=audit(1481078697.868:898): item=0 name="/bin/env" inode=4707 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.868:898): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.875:899): arch=c000003e syscall=59 success=yes exit=0 a0=7ffc89bc37ab a1=7ffc89bc1858 a2=c11030 a3=7ffc89bc1480 items=3 ppid=1622 pid=1630 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="stop" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.875:899): argc=2 a0="/bin/sh" a1="/usr/libexec/initscripts/legacy-actions/auditd/stop" +type=CWD msg=audit(1481078697.875:899): cwd="/" +type=PATH msg=audit(1481078697.875:899): item=0 name="/usr/libexec/initscripts/legacy-actions/auditd/stop" inode=33670350 dev=08:01 mode=0100750 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.875:899): item=1 name="/bin/sh" inode=1429 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.875:899): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.881:900): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7fff8361b770 a2=6e a3=40 items=1 ppid=1622 pid=1630 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="stop" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078697.881:900): saddr=01002F7661722F72756E2F6E7363642F736F636B657400006FBE14B03B7F00000000000000000000C0C535B03B7F00000100000000000000000000000000000001000000FF7F0000085236B03B7F000020C06183FF7F000040030000000000007F454C4602010103000000000000 +type=CWD msg=audit(1481078697.881:900): cwd="/" +type=PATH msg=audit(1481078697.881:900): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078697.881:901): arch=c000003e syscall=42 success=no exit=-2 a0=3 a1=7fff8361b900 a2=6e a3=40 items=1 ppid=1622 pid=1630 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="stop" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=SOCKADDR msg=audit(1481078697.881:901): saddr=01002F7661722F72756E2F6E7363642F736F636B65740000185D95AF3B7F000003000000000000000500000000000000CE4AAEFF000000008BBB14B03B7F00003C4695AF3B7F000080B96183FF7F0000543F95AF3B7F0000707A95AF3B7F000090BA6183FF7F000080BA6183FF7F +type=CWD msg=audit(1481078697.881:901): cwd="/" +type=PATH msg=audit(1481078697.881:901): item=0 name="/var/run/nscd/socket" objtype=UNKNOWN +type=SYSCALL msg=audit(1481078697.881:902): arch=c000003e syscall=59 success=yes exit=0 a0=1c7b2f0 a1=1c7a320 a2=1c7b7c0 a3=7fff8361afa0 items=2 ppid=1631 pid=1632 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="mountpoint" exe="/usr/bin/mountpoint" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.881:902): argc=3 a0="/bin/mountpoint" a1="-q" a2="/cgroup/systemd" +type=CWD msg=audit(1481078697.881:902): cwd="/" +type=PATH msg=audit(1481078697.881:902): item=0 name="/bin/mountpoint" inode=11077 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.881:902): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.882:903): arch=c000003e syscall=59 success=yes exit=0 a0=1c7b220 a1=1c75a80 a2=1c7b7c0 a3=7fff8361afa0 items=2 ppid=1631 pid=1633 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="mountpoint" exe="/usr/bin/mountpoint" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.882:903): argc=3 a0="/bin/mountpoint" a1="-q" a2="/sys/fs/cgroup/systemd" +type=CWD msg=audit(1481078697.882:903): cwd="/" +type=PATH msg=audit(1481078697.882:903): item=0 name="/bin/mountpoint" inode=11077 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 objtype=NORMAL +type=PATH msg=audit(1481078697.882:903): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=16778495 dev=08:01 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL +type=SYSCALL msg=audit(1481078697.884:904): arch=c000003e syscall=59 success=yes exit=0 a0=1c7b080 a1=1c7aee0 a2=1c7df40 a3=7fff8361aa20 items=2 ppid=1634 pid=1635 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="consoletype" exe="/usr/sbin/consoletype" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) +type=EXECVE msg=audit(1481078697.884:904): argc=1 a0="/sbin/consoletype" +type=DAEMON_END msg=audit(1481078697.892:7799): auditd normal halt, sending auid=? pid=? subj=? res=success +type=CWD msg=audit(1489639811.480:451): cwd="/home/some_user" +type=PATH msg=audit(1489639811.480:451): item=0 name="/etc/ssh/sshd_config" inode=34485109 dev=08:01 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 objtype=NORMAL +type=USER_CMD msg=audit(1489639825.595:452): pid=1325 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/some_user" cmd=7461696C202D3230202F7661722F6C6F672F61756469742F61756469742E6C6F67 terminal=pts/0 res=success' diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/log/test/test.log b/vendor/github.com/elastic/beats/filebeat/module/auditd/log/test/test.log new file mode 100644 index 00000000..6ee88f1a --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/log/test/test.log @@ -0,0 +1,2 @@ +type=MAC_IPSEC_EVENT msg=audit(1485893834.891:18877201): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.2.0 src_prefixlen=24 dst=192.168.0.0 dst_prefixlen=16 +type=SYSCALL msg=audit(1485893834.891:18877199): arch=c000003e syscall=44 success=yes exit=184 a0=9 a1=7f564b2672a0 a2=b8 a3=0 items=0 ppid=1240 pid=1281 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="charon" exe=2F7573722F6C6962657865632F7374726F6E677377616E2F636861726F6E202864656C6574656429 key=(null) diff --git a/vendor/github.com/elastic/beats/filebeat/module/auditd/log/test/test.log-expected.json b/vendor/github.com/elastic/beats/filebeat/module/auditd/log/test/test.log-expected.json new file mode 100644 index 00000000..a0a661eb --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/auditd/log/test/test.log-expected.json @@ -0,0 +1,94 @@ +[ + { + "_index": "test-filebeat-modules", + "_type": "log", + "_id": "AVrNfcrUJruQA3hgXR1I", + "_version": 1, + "_score": null, + "_source": { + "offset": 172, + "input_type": "log", + "source": "/Users/me/go/src/github.com/elastic/beats/filebeat/module/auditd/log/test/test.log", + "fileset": { + "module": "auditd", + "name": "log" + }, + "type": "log", + "error": "", + "@timestamp": "2017-01-31T20:18:46.912Z", + "auditd": { + "log": { + "ses": "4294967295", + "op": "SPD-delete", + "res": "1", + "auid": "4294967295", + "dst": "192.168.0.0", + "src": "192.168.2.0", + "sequence": 18877201, + "src_prefixlen": "24", + "record_type": "MAC_IPSEC_EVENT", + "dst_prefixlen": "16" + } + }, + "beat": { + "hostname": "macbook.local", + "name": "macbook.local", + "version": "6.0.0-alpha1" + } + } + }, + { + "_index": "test-filebeat-modules", + "_type": "log", + "_id": "AVrNfcrUJruQA3hgXR1J", + "_version": 1, + "_score": null, + "_source": { + "offset": 534, + "input_type": "log", + "source": "/Users/me/go/src/github.com/elastic/beats/filebeat/module/auditd/log/test/test.log", + "fileset": { + "module": "auditd", + "name": "log" + }, + "type": "log", + "error": "", + "@timestamp": "2017-01-31T20:18:46.912Z", + "auditd": { + "log": { + "syscall": "44", + "gid": "0", + "fsgid": "0", + "pid": "1281", + "suid": "0", + "record_type": "SYSCALL", + "uid": "0", + "egid": "0", + "exe": "/usr/libexec/strongswan/charon (deleted)", + "sgid": "0", + "ses": "4294967295", + "auid": "4294967295", + "comm": "charon", + "euid": "0", + "sequence": 18877199, + "a0": "9", + "ppid": "1240", + "a1": "7f564b2672a0", + "fsuid": "0", + "exit": "184", + "a2": "b8", + "a3": "0", + "success": "yes", + "tty": "(none)", + "arch": "x86_64", + "items": "0" + } + }, + "beat": { + "hostname": "macbook.local", + "name": "macbook.local", + "version": "6.0.0-alpha1" + } + } + } +] diff --git a/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/docs.asciidoc b/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/docs.asciidoc index cc55e179..7cd68969 100644 --- a/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/docs.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/docs.asciidoc @@ -2,12 +2,14 @@ This module collects and parses the slow logs and error logs created by https://www.mysql.com/[MySQL]. +[float] === Compatibility The MySQL module was tested with logs from versions 5.5 and 5.7. On Windows, the module was tested with MySQL installed from the Chocolatey repository. +[float] === Dashboard This module comes with a sample dashboard. diff --git a/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/dashboard/Filebeat-MySQL-Dashboard.json b/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/5.x/dashboard/Filebeat-MySQL-Dashboard.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/dashboard/Filebeat-MySQL-Dashboard.json rename to vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/5.x/dashboard/Filebeat-MySQL-Dashboard.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/search/Filebeat-MySQL-Slow-log.json b/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/5.x/search/Filebeat-MySQL-Slow-log.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/search/Filebeat-MySQL-Slow-log.json rename to vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/5.x/search/Filebeat-MySQL-Slow-log.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/search/Filebeat-MySQL-error-log.json b/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/5.x/search/Filebeat-MySQL-error-log.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/search/Filebeat-MySQL-error-log.json rename to vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/5.x/search/Filebeat-MySQL-error-log.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/visualization/MySQL-Error-logs-levels.json b/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/5.x/visualization/MySQL-Error-logs-levels.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/visualization/MySQL-Error-logs-levels.json rename to vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/5.x/visualization/MySQL-Error-logs-levels.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/visualization/MySQL-Slow-logs-by-count.json b/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/5.x/visualization/MySQL-Slow-logs-by-count.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/visualization/MySQL-Slow-logs-by-count.json rename to vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/5.x/visualization/MySQL-Slow-logs-by-count.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/visualization/MySQL-Slow-queries-over-time.json b/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/5.x/visualization/MySQL-Slow-queries-over-time.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/visualization/MySQL-Slow-queries-over-time.json rename to vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/5.x/visualization/MySQL-Slow-queries-over-time.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/visualization/MySQL-error-logs.json b/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/5.x/visualization/MySQL-error-logs.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/visualization/MySQL-error-logs.json rename to vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/5.x/visualization/MySQL-error-logs.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/visualization/MySQL-slowest-queries.json b/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/5.x/visualization/MySQL-slowest-queries.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/visualization/MySQL-slowest-queries.json rename to vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/5.x/visualization/MySQL-slowest-queries.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/default/dashboard/Filebeat-mysql.json b/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/default/dashboard/Filebeat-mysql.json new file mode 100644 index 00000000..29d19fe7 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/mysql/_meta/kibana/default/dashboard/Filebeat-mysql.json @@ -0,0 +1,146 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Filebeat-MySQL-Slow-log", + "title": "MySQL slowest queries", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"MySQL slowest queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"mysql.slowlog.query_time.sec\",\"customLabel\":\"Query time\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.slowlog.query\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.slowlog.user\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User\"}}],\"listeners\":{}}" + }, + "id": "MySQL-slowest-queries", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Filebeat-MySQL-Slow-log", + "title": "MySQL Slow queries over time", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Slow queries\":\"#EF843C\"}}}", + "version": 1, + "visState": "{\"title\":\"MySQL Slow queries over time\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Slow queries\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "MySQL-Slow-queries-over-time", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Filebeat-MySQL-error-log", + "title": "MySQL error logs", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Count\":\"#447EBC\",\"Error logs\":\"#1F78C1\"}}}", + "version": 1, + "visState": "{\"title\":\"MySQL error logs\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Error logs\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "MySQL-error-logs", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "columns": [ + "mysql.error.level", + "mysql.error.message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"_exists_:mysql.error\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Filebeat MySQL error log", + "version": 1 + }, + "id": "Filebeat-MySQL-error-log", + "type": "search", + "version": 12 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Filebeat-MySQL-error-log", + "title": "MySQL Error logs levels", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Note\":\"#9AC48A\",\"Warning\":\"#F9934E\",\"ERROR\":\"#E24D42\"}}}", + "version": 1, + "visState": "{\"title\":\"MySQL Error logs levels\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql.error.level\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "MySQL-Error-logs-levels", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Filebeat-MySQL-Slow-log", + "title": "MySQL Slow logs by count", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MySQL Slow logs by count\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql.slowlog.query\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "MySQL-Slow-logs-by-count", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"_exists_:mysql.slowlog\"}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Filebeat MySQL Slow log", + "version": 1 + }, + "id": "Filebeat-MySQL-Slow-log", + "type": "search", + "version": 12 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"MySQL-slowest-queries\",\"panelIndex\":1,\"row\":8,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"MySQL-Slow-queries-over-time\",\"panelIndex\":2,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"MySQL-error-logs\",\"panelIndex\":3,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"columns\":[\"mysql.error.level\",\"mysql.error.message\"],\"id\":\"Filebeat-MySQL-error-log\",\"panelIndex\":4,\"row\":8,\"size_x\":6,\"size_y\":5,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":7,\"id\":\"MySQL-Error-logs-levels\",\"panelIndex\":5,\"row\":4,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"MySQL-Slow-logs-by-count\",\"panelIndex\":6,\"row\":4,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"}]", + "timeRestore": false, + "title": "Filebeat MySQL Dashboard", + "uiStateJSON": "{\"P-1\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "version": 1 + }, + "id": "Filebeat-MySQL-Dashboard", + "type": "dashboard", + "version": 4 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/mysql/slowlog/ingest/pipeline.json b/vendor/github.com/elastic/beats/filebeat/module/mysql/slowlog/ingest/pipeline.json index f943ec68..ef099c14 100644 --- a/vendor/github.com/elastic/beats/filebeat/module/mysql/slowlog/ingest/pipeline.json +++ b/vendor/github.com/elastic/beats/filebeat/module/mysql/slowlog/ingest/pipeline.json @@ -4,7 +4,7 @@ "grok": { "field": "message", "patterns":[ - "^# User@Host: %{USER:mysql.slowlog.user}(\\[[^\\]]+\\])? @ %{HOSTNAME:mysql.slowlog.host} \\[(IP:mysql.slowlog.ip)?\\](\\s*Id:\\s* %{NUMBER:mysql.slowlog.id})?\n# Query_time: %{NUMBER:mysql.slowlog.query_time.sec}\\s* Lock_time: %{NUMBER:mysql.slowlog.lock_time.sec}\\s* Rows_sent: %{NUMBER:mysql.slowlog.rows_sent}\\s* Rows_examined: %{NUMBER:mysql.slowlog.rows_examined}\n(SET timestamp=%{NUMBER:mysql.slowlog.timestamp};\n)?%{GREEDYMULTILINE:mysql.slowlog.query}" + "^# User@Host: %{USER:mysql.slowlog.user}(\\[[^\\]]+\\])? @ %{HOSTNAME:mysql.slowlog.host} \\[(%{IP:mysql.slowlog.ip})?\\](\\s*Id:\\s* %{NUMBER:mysql.slowlog.id})?\n# Query_time: %{NUMBER:mysql.slowlog.query_time.sec}\\s* Lock_time: %{NUMBER:mysql.slowlog.lock_time.sec}\\s* Rows_sent: %{NUMBER:mysql.slowlog.rows_sent}\\s* Rows_examined: %{NUMBER:mysql.slowlog.rows_examined}\n(SET timestamp=%{NUMBER:mysql.slowlog.timestamp};\n)?%{GREEDYMULTILINE:mysql.slowlog.query}" ], "pattern_definitions" : { "GREEDYMULTILINE" : "(.|\n)*" diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/dashboard/Filebeat-Nginx-Dashboard.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/dashboard/Filebeat-Nginx-Dashboard.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/dashboard/Filebeat-Nginx-Dashboard.json rename to vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/dashboard/Filebeat-Nginx-Dashboard.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/dashboard/ML-Nginx-Access-Remote-IP-Count-Explorer.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/dashboard/ML-Nginx-Access-Remote-IP-Count-Explorer.json new file mode 100644 index 00000000..28683287 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/dashboard/ML-Nginx-Access-Remote-IP-Count-Explorer.json @@ -0,0 +1,13 @@ +{ + "hits": 0, + "timeRestore": false, + "description": "", + "title": "ML Nginx Access Remote IP Count Explorer", + "uiStateJSON": "{\"P-3\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "panelsJSON": "[{\"size_x\":6,\"size_y\":3,\"panelIndex\":1,\"type\":\"visualization\",\"id\":\"ML-Nginx-Access-Remote-IP-Timechart\",\"col\":1,\"row\":1},{\"size_x\":6,\"size_y\":3,\"panelIndex\":2,\"type\":\"visualization\",\"id\":\"ML-Nginx-Access-Response-Code-Timechart\",\"col\":7,\"row\":1},{\"size_x\":6,\"size_y\":3,\"panelIndex\":3,\"type\":\"visualization\",\"id\":\"ML-Nginx-Access-Top-Remote-IPs-Table\",\"col\":1,\"row\":4},{\"size_x\":6,\"size_y\":3,\"panelIndex\":4,\"type\":\"visualization\",\"id\":\"ML-Nginx-Access-Map\",\"col\":7,\"row\":4},{\"size_x\":12,\"size_y\":9,\"panelIndex\":5,\"type\":\"visualization\",\"id\":\"ML-Nginx-Access-Top-URLs-Table\",\"col\":1,\"row\":7}]", + "optionsJSON": "{\"darkTheme\":false}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/dashboard/ML-Nginx-Remote-IP-URL-Explorer.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/dashboard/ML-Nginx-Remote-IP-URL-Explorer.json new file mode 100644 index 00000000..24a4a33f --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/dashboard/ML-Nginx-Remote-IP-URL-Explorer.json @@ -0,0 +1,13 @@ +{ + "hits": 0, + "timeRestore": false, + "description": "", + "title": "ML Nginx Access Remote IP URL Explorer", + "uiStateJSON": "{\"P-2\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-3\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "panelsJSON": "[{\"col\":1,\"id\":\"ML-Nginx-Access-Unique-Count-URL-Timechart\",\"panelIndex\":1,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"ML-Nginx-Access-Response-Code-Timechart\",\"panelIndex\":2,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"ML-Nginx-Access-Top-Remote-IPs-Table\",\"panelIndex\":3,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"ML-Nginx-Access-Map\",\"panelIndex\":4,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":8,\"panelIndex\":5,\"type\":\"visualization\",\"id\":\"ML-Nginx-Access-Top-URLs-Table\",\"col\":1,\"row\":7}]", + "optionsJSON": "{\"darkTheme\":false}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/search/Filebeat-Nginx-module.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/search/Filebeat-Nginx-module.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/search/Filebeat-Nginx-module.json rename to vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/search/Filebeat-Nginx-module.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/search/ML-Filebeat-Nginx-Access.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/search/ML-Filebeat-Nginx-Access.json new file mode 100644 index 00000000..b97183fe --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/search/ML-Filebeat-Nginx-Access.json @@ -0,0 +1,16 @@ +{ + "sort": [ + "@timestamp", + "desc" + ], + "hits": 0, + "description": "Filebeat Nginx Access Data", + "title": "ML Nginx Access Data", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"_exists_:nginx.access\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "columns": [ + "_source" + ] +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/visualization/Errors-over-time.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/Errors-over-time.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/visualization/Errors-over-time.json rename to vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/Errors-over-time.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Map.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Map.json new file mode 100644 index 00000000..f341e7f6 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Map.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"autoPrecision\":true,\"field\":\"nginx.access.geoip.location\"},\"schema\":\"segment\",\"type\":\"geohash_grid\"}],\"listeners\":{},\"params\":{\"addTooltip\":true,\"heatBlur\":15,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatNormalizeData\":true,\"heatRadius\":25,\"isDesaturated\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[15,5],\"mapType\":\"Scaled Circle Markers\",\"mapZoom\":2,\"wms\":{\"enabled\":false,\"options\":{\"attribution\":\"Maps provided by USGS\",\"format\":\"image/png\",\"layers\":\"0\",\"styles\":\"\",\"transparent\":true,\"version\":\"1.3.0\"},\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"}},\"title\":\"ML Nginx Access Map\",\"type\":\"tile_map\"}", + "description": "", + "title": "ML Nginx Access Map", + "uiStateJSON": "{\n \"mapCenter\": [\n 12.039320557540572,\n -0.17578125\n ]\n}", + "version": 1, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Remote-IP-Timechart.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Remote-IP-Timechart.json new file mode 100644 index 00000000..0635b3dd --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Remote-IP-Timechart.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"ML Nginx Access Remote IP Timechart\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"@timestamp per 5 minutes\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"nginx.access.remote_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "ML Nginx Access Remote IP Timechart", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "version": 1, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Response-Code-Timechart.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Response-Code-Timechart.json new file mode 100644 index 00000000..7266db3e --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Response-Code-Timechart.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"ML Nginx Access Response Code Timechart\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"nginx.access.response_code\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "ML Nginx Access Response Code Timechart", + "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"200\": \"#7EB26D\",\n \"404\": \"#614D93\"\n }\n }\n}", + "version": 1, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Top-Remote-IPs-Table.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Top-Remote-IPs-Table.json new file mode 100644 index 00000000..7d616666 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Top-Remote-IPs-Table.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"ML Nginx Access Top Remote IPs Table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"nginx.access.remote_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "ML Nginx Access Top Remote IPs Table", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Top-URLs-Table.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Top-URLs-Table.json new file mode 100644 index 00000000..e5336a19 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Top-URLs-Table.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"ML Nginx Access Top URLs Table\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"nginx.access.url\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "ML Nginx Access Top URLs Table", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Unique-Count-URL-Timechart.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Unique-Count-URL-Timechart.json new file mode 100644 index 00000000..d663f45a --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/ML-Nginx-Access-Unique-Count-URL-Timechart.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"ML Nginx Access Unique Count URL Timechart\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per day\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Unique count of nginx.access.url\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Unique count of nginx.access.url\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"nginx.access.url\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}", + "description": "", + "title": "ML Nginx Access Unique Count URL Timechart", + "uiStateJSON": "{}", + "version": 1, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/visualization/New-Visualization.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/New-Visualization.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/visualization/New-Visualization.json rename to vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/New-Visualization.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/visualization/Nginx-Access-Browsers.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/Nginx-Access-Browsers.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/visualization/Nginx-Access-Browsers.json rename to vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/Nginx-Access-Browsers.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/visualization/Nginx-Access-Map.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/Nginx-Access-Map.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/visualization/Nginx-Access-Map.json rename to vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/Nginx-Access-Map.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/visualization/Nginx-Access-OSes.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/Nginx-Access-OSes.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/visualization/Nginx-Access-OSes.json rename to vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/Nginx-Access-OSes.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/visualization/Nginx-Access-Response-codes-by-top-URLs.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/Nginx-Access-Response-codes-by-top-URLs.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/visualization/Nginx-Access-Response-codes-by-top-URLs.json rename to vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/Nginx-Access-Response-codes-by-top-URLs.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/visualization/Sent-sizes.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/Sent-sizes.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/visualization/Sent-sizes.json rename to vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/5.x/visualization/Sent-sizes.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/default/dashboard/Filebeat-nginx-overview.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/default/dashboard/Filebeat-nginx-overview.json new file mode 100644 index 00000000..59e53a9f --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/default/dashboard/Filebeat-nginx-overview.json @@ -0,0 +1,151 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" + }, + "title": "Nginx Errors over time", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\n \"title\": \"Errors over time\",\n \"type\": \"area\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"smoothLines\": false,\n \"scale\": \"linear\",\n \"interpolate\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"nginx.error.level\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "Errors-over-time", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Nginx Access Browsers", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Nginx Access Browsers\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.user_agent.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.user_agent.major\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Nginx-Access-Browsers", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Nginx Access OSes", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Nginx Access OSes\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.user_agent.os_name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.user_agent.os_major\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Nginx-Access-OSes", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": []\n}" + }, + "savedSearchId": "Filebeat-Nginx-module", + "title": "Nginx Access over time", + "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"200\": \"#7EB26D\",\n \"404\": \"#614D93\"\n }\n }\n}", + "version": 1, + "visState": "{\n \"title\": \"New Visualization\",\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"nginx.access.response_code\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "New-Visualization", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Nginx Access Response codes by top URLs", + "uiStateJSON": "{\"vis\":{\"colors\":{\"200\":\"#629E51\",\"404\":\"#0A50A1\"}}}", + "version": 1, + "visState": "{\"title\":\"Nginx Access Response codes by top URLs\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"nginx.access.url\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"row\":false}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nginx.access.response_code\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Nginx-Access-Response-codes-by-top-URLs", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": [],\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"_exists_:nginx.access\",\n \"analyze_wildcard\": true\n }\n },\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n }\n}" + }, + "title": "Nginx Sent Byte Size", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\n \"title\": \"Sent sizes\",\n \"type\": \"line\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"showCircles\": true,\n \"smoothLines\": true,\n \"interpolate\": \"linear\",\n \"scale\": \"linear\",\n \"drawLinesBetweenPoints\": true,\n \"radiusRatio\": \"17\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"sum\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"nginx.access.body_sent.bytes\",\n \"customLabel\": \"Data sent\"\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"radius\",\n \"params\": {}\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "Sent-sizes", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Filebeat-Nginx-module", + "title": "Nginx Access Map", + "uiStateJSON": "{\"mapCenter\":[12.039320557540572,-0.17578125]}", + "version": 1, + "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"autoPrecision\":true,\"field\":\"nginx.access.geoip.location\"},\"schema\":\"segment\",\"type\":\"geohash_grid\"}],\"listeners\":{},\"params\":{\"addTooltip\":true,\"heatBlur\":15,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatNormalizeData\":true,\"heatRadius\":25,\"isDesaturated\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[15,5],\"mapType\":\"Scaled Circle Markers\",\"mapZoom\":2,\"wms\":{\"enabled\":false,\"options\":{\"attribution\":\"Maps provided by USGS\",\"format\":\"image/png\",\"layers\":\"0\",\"styles\":\"\",\"transparent\":true,\"version\":\"1.3.0\"},\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"}},\"title\":\"Nginx Access Map\",\"type\":\"tile_map\"}" + }, + "id": "Nginx-Access-Map", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"_exists_:nginx\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Filebeat Nginx module", + "version": 1 + }, + "id": "Filebeat-Nginx-module", + "type": "search", + "version": 3 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":9,\"id\":\"Errors-over-time\",\"panelIndex\":2,\"row\":4,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Nginx-Access-Browsers\",\"panelIndex\":3,\"row\":10,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Nginx-Access-OSes\",\"panelIndex\":4,\"row\":10,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"New-Visualization\",\"panelIndex\":5,\"row\":4,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Nginx-Access-Response-codes-by-top-URLs\",\"panelIndex\":6,\"row\":7,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Sent-sizes\",\"panelIndex\":7,\"row\":10,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"id\":\"Nginx-Access-Map\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":1}]", + "timeRestore": false, + "title": "Filebeat Nginx Dashboard", + "uiStateJSON": "{\"P-4\":{\"vis\":{\"legendOpen\":true}},\"P-8\":{\"mapCenter\":[50.51342652633956,-0.17578125]}}", + "version": 1 + }, + "id": "Filebeat-Nginx-Dashboard", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/default/dashboard/ml-nginx-access-remote-ip-count-explorer.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/default/dashboard/ml-nginx-access-remote-ip-count-explorer.json new file mode 100644 index 00000000..991232f1 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/default/dashboard/ml-nginx-access-remote-ip-count-explorer.json @@ -0,0 +1,124 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "ML Nginx Access Remote IP Timechart", + "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", + "version": 1, + "visState": "{\"title\":\"ML Nginx Access Remote IP Timechart\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"@timestamp per 5 minutes\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"nginx.access.remote_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "ML-Nginx-Access-Remote-IP-Timechart", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "ML Nginx Access Response Code Timechart", + "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"200\": \"#7EB26D\",\n \"404\": \"#614D93\"\n }\n }\n}", + "version": 1, + "visState": "{\"title\":\"ML Nginx Access Response Code Timechart\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"nginx.access.response_code\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "ML-Nginx-Access-Response-Code-Timechart", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "ML Nginx Access Top Remote IPs Table", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"ML Nginx Access Top Remote IPs Table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"nginx.access.remote_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "ML-Nginx-Access-Top-Remote-IPs-Table", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "ML Nginx Access Map", + "uiStateJSON": "{\n \"mapCenter\": [\n 12.039320557540572,\n -0.17578125\n ]\n}", + "version": 1, + "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"autoPrecision\":true,\"field\":\"nginx.access.geoip.location\"},\"schema\":\"segment\",\"type\":\"geohash_grid\"}],\"listeners\":{},\"params\":{\"addTooltip\":true,\"heatBlur\":15,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatNormalizeData\":true,\"heatRadius\":25,\"isDesaturated\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[15,5],\"mapType\":\"Scaled Circle Markers\",\"mapZoom\":2,\"wms\":{\"enabled\":false,\"options\":{\"attribution\":\"Maps provided by USGS\",\"format\":\"image/png\",\"layers\":\"0\",\"styles\":\"\",\"transparent\":true,\"version\":\"1.3.0\"},\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"}},\"title\":\"ML Nginx Access Map\",\"type\":\"tile_map\"}" + }, + "id": "ML-Nginx-Access-Map", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "ML Nginx Access Top URLs Table", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"ML Nginx Access Top URLs Table\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"nginx.access.url\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "ML-Nginx-Access-Top-URLs-Table", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "Filebeat Nginx Access Data", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"_exists_:nginx.access\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "ML Nginx Access Data", + "version": 1 + }, + "id": "ML-Filebeat-Nginx-Access", + "type": "search", + "version": 1 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"size_x\":6,\"size_y\":3,\"panelIndex\":1,\"type\":\"visualization\",\"id\":\"ML-Nginx-Access-Remote-IP-Timechart\",\"col\":1,\"row\":1},{\"size_x\":6,\"size_y\":3,\"panelIndex\":2,\"type\":\"visualization\",\"id\":\"ML-Nginx-Access-Response-Code-Timechart\",\"col\":7,\"row\":1},{\"size_x\":6,\"size_y\":3,\"panelIndex\":3,\"type\":\"visualization\",\"id\":\"ML-Nginx-Access-Top-Remote-IPs-Table\",\"col\":1,\"row\":4},{\"size_x\":6,\"size_y\":3,\"panelIndex\":4,\"type\":\"visualization\",\"id\":\"ML-Nginx-Access-Map\",\"col\":7,\"row\":4},{\"size_x\":12,\"size_y\":9,\"panelIndex\":5,\"type\":\"visualization\",\"id\":\"ML-Nginx-Access-Top-URLs-Table\",\"col\":1,\"row\":7}]", + "timeRestore": false, + "title": "ML Nginx Access Remote IP Count Explorer", + "uiStateJSON": "{\"P-3\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "version": 1 + }, + "id": "ML-Nginx-Access-Remote-IP-Count-Explorer", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/default/dashboard/ml-nginx-remote-ip-url-explorer.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/default/dashboard/ml-nginx-remote-ip-url-explorer.json new file mode 100644 index 00000000..97d67683 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/_meta/kibana/default/dashboard/ml-nginx-remote-ip-url-explorer.json @@ -0,0 +1,124 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "ML Nginx Access Unique Count URL Timechart", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"ML Nginx Access Unique Count URL Timechart\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per day\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Unique count of nginx.access.url\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Unique count of nginx.access.url\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"nginx.access.url\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "ML-Nginx-Access-Unique-Count-URL-Timechart", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "ML Nginx Access Response Code Timechart", + "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"200\": \"#7EB26D\",\n \"404\": \"#614D93\"\n }\n }\n}", + "version": 1, + "visState": "{\"title\":\"ML Nginx Access Response Code Timechart\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"nginx.access.response_code\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "ML-Nginx-Access-Response-Code-Timechart", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "ML Nginx Access Top Remote IPs Table", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"ML Nginx Access Top Remote IPs Table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"nginx.access.remote_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "ML-Nginx-Access-Top-Remote-IPs-Table", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "ML Nginx Access Map", + "uiStateJSON": "{\n \"mapCenter\": [\n 12.039320557540572,\n -0.17578125\n ]\n}", + "version": 1, + "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"autoPrecision\":true,\"field\":\"nginx.access.geoip.location\"},\"schema\":\"segment\",\"type\":\"geohash_grid\"}],\"listeners\":{},\"params\":{\"addTooltip\":true,\"heatBlur\":15,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatNormalizeData\":true,\"heatRadius\":25,\"isDesaturated\":true,\"legendPosition\":\"bottomright\",\"mapCenter\":[15,5],\"mapType\":\"Scaled Circle Markers\",\"mapZoom\":2,\"wms\":{\"enabled\":false,\"options\":{\"attribution\":\"Maps provided by USGS\",\"format\":\"image/png\",\"layers\":\"0\",\"styles\":\"\",\"transparent\":true,\"version\":\"1.3.0\"},\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"}},\"title\":\"ML Nginx Access Map\",\"type\":\"tile_map\"}" + }, + "id": "ML-Nginx-Access-Map", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{}" + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "ML Nginx Access Top URLs Table", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"ML Nginx Access Top URLs Table\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"nginx.access.url\",\"size\":1000,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "ML-Nginx-Access-Top-URLs-Table", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "Filebeat Nginx Access Data", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query_string\":{\"query\":\"_exists_:nginx.access\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "ML Nginx Access Data", + "version": 1 + }, + "id": "ML-Filebeat-Nginx-Access", + "type": "search", + "version": 1 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"ML-Nginx-Access-Unique-Count-URL-Timechart\",\"panelIndex\":1,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"ML-Nginx-Access-Response-Code-Timechart\",\"panelIndex\":2,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"ML-Nginx-Access-Top-Remote-IPs-Table\",\"panelIndex\":3,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"ML-Nginx-Access-Map\",\"panelIndex\":4,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":8,\"panelIndex\":5,\"type\":\"visualization\",\"id\":\"ML-Nginx-Access-Top-URLs-Table\",\"col\":1,\"row\":7}]", + "timeRestore": false, + "title": "ML Nginx Access Remote IP URL Explorer", + "uiStateJSON": "{\"P-2\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-3\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "version": 1 + }, + "id": "ML-Nginx-Remote-IP-URL-Explorer", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/_meta/fields.yml b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/_meta/fields.yml index ca8e9282..6c694b0a 100644 --- a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/_meta/fields.yml +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/_meta/fields.yml @@ -3,10 +3,17 @@ description: > Contains fields for the Nginx access logs. fields: + - name: remote_ip_list + type: list + description: > + An array of remote IP addresses. It is a list because it is common to include, besides the client + IP address, IP addresses from headers like `X-Forwarded-For`. See also the `remote_ip` field. - name: remote_ip type: keyword description: > - Client IP address. + Client IP address. The first public IP address from the `remote_ip_list` array. If no public IP + addresses are present, this field contains the first private IP address from the `remote_ip_list` + array. - name: user_name type: keyword description: > @@ -61,7 +68,7 @@ description: > The minor version of the user agent. - name: patch - type: long + type: keyword description: > The patch version of the user agent. - name: name @@ -104,4 +111,12 @@ type: geo_point description: > The longitude and latitude. + - name: region_name + type: keyword + description: > + The region name. + - name: city_name + type: keyword + description: > + The city name. diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/ingest/default.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/ingest/default.json index cf0441d5..c1ddbda2 100644 --- a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/ingest/default.json +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/ingest/default.json @@ -4,11 +4,24 @@ "grok": { "field": "message", "patterns":[ - "%{IPORHOST:nginx.access.remote_ip} - %{DATA:nginx.access.user_name} \\[%{HTTPDATE:nginx.access.time}\\] \"%{WORD:nginx.access.method} %{DATA:nginx.access.url} HTTP/%{NUMBER:nginx.access.http_version}\" %{NUMBER:nginx.access.response_code} %{NUMBER:nginx.access.body_sent.bytes} \"%{DATA:nginx.access.referrer}\" \"%{DATA:nginx.access.agent}\"" + "\"?%{IP_LIST:nginx.access.remote_ip_list} - %{DATA:nginx.access.user_name} \\[%{HTTPDATE:nginx.access.time}\\] \"%{WORD:nginx.access.method} %{DATA:nginx.access.url} HTTP/%{NUMBER:nginx.access.http_version}\" %{NUMBER:nginx.access.response_code} %{NUMBER:nginx.access.body_sent.bytes} \"%{DATA:nginx.access.referrer}\" \"%{DATA:nginx.access.agent}\"" ], + "pattern_definitions": { + "IP_LIST": "%{IP}(\"?,?\\s*%{IP})*" + }, "ignore_missing": true } - },{ + }, { + "split": { + "field": "nginx.access.remote_ip_list", + "separator": "\"?,?\\s+" + } + }, { + "script": { + "lang": "painless", + "inline": "boolean isPrivate(def ip) { try { StringTokenizer tok = new StringTokenizer(ip, '.'); int firstByte = Integer.parseInt(tok.nextToken()); int secondByte = Integer.parseInt(tok.nextToken()); if (firstByte == 10) { return true; } if (firstByte == 192 && secondByte == 168) { return true; } if (firstByte == 172 && secondByte >= 16 && secondByte <= 31) { return true; } if (firstByte == 127) { return true; } return false; } catch (Exception e) { return false; } } def found = false; for (def item : ctx.nginx.access.remote_ip_list) { if (!isPrivate(item)) { ctx.nginx.access.remote_ip = item; found = true; break; } } if (!found) { ctx.nginx.access.remote_ip = ctx.nginx.access.remote_ip_list[0]; }" + } + }, { "remove":{ "field": "message" } diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/datafeed_low_request_rate.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/datafeed_low_request_rate.json new file mode 100644 index 00000000..591c7826 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/datafeed_low_request_rate.json @@ -0,0 +1,37 @@ +{ + "job_id": "JOB_ID", + "query_delay": "60s", + "frequency": "450s", + "indexes": [ + "filebeat-*" + ], + "query": { + "bool": { + "filter": [ + { "term": { "fileset.module": "nginx" } }, + { "term": { "fileset.name": "access" } } + ] + } + }, + "aggregations": { + "buckets": { + "date_histogram": { + "field": "@timestamp", + "interval": 900000, + "offset": 0, + "order": { + "_key": "asc" + }, + "keyed": false, + "min_doc_count": 0 + }, + "aggregations": { + "@timestamp": { + "max": { + "field": "@timestamp" + } + } + } + } + } +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/datafeed_remote_ip_request_rate.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/datafeed_remote_ip_request_rate.json new file mode 100644 index 00000000..6647957e --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/datafeed_remote_ip_request_rate.json @@ -0,0 +1,16 @@ +{ + "job_id": "JOB_ID", + "query_delay": "60s", + "frequency": "600s", + "indexes": [ + "filebeat-*" + ], + "query": { + "bool": { + "filter": [ + { "term": { "fileset.module": "nginx" } }, + { "term": { "fileset.name": "access" } } + ] + } + } +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/datafeed_remote_ip_url_count.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/datafeed_remote_ip_url_count.json new file mode 100644 index 00000000..6647957e --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/datafeed_remote_ip_url_count.json @@ -0,0 +1,16 @@ +{ + "job_id": "JOB_ID", + "query_delay": "60s", + "frequency": "600s", + "indexes": [ + "filebeat-*" + ], + "query": { + "bool": { + "filter": [ + { "term": { "fileset.module": "nginx" } }, + { "term": { "fileset.name": "access" } } + ] + } + } +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/datafeed_response_code.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/datafeed_response_code.json new file mode 100644 index 00000000..b51fdbe1 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/datafeed_response_code.json @@ -0,0 +1,16 @@ +{ + "job_id": "JOB_ID", + "query_delay": "60s", + "frequency": "450s", + "indexes": [ + "filebeat-*" + ], + "query": { + "bool": { + "filter": [ + { "term": { "fileset.module": "nginx" } }, + { "term": { "fileset.name": "access" } } + ] + } + } +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/datafeed_visitor_rate.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/datafeed_visitor_rate.json new file mode 100644 index 00000000..468e7a81 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/datafeed_visitor_rate.json @@ -0,0 +1,42 @@ +{ + "job_id": "JOB_ID", + "query_delay": "60s", + "frequency": "450s", + "indexes": [ + "filebeat-*" + ], + "query": { + "bool": { + "filter": [ + { "term": { "fileset.module": "nginx" } }, + { "term": { "fileset.name": "access" } } + ] + } + }, + "aggregations": { + "buckets": { + "date_histogram": { + "field": "@timestamp", + "interval": 900000, + "offset": 0, + "order": { + "_key": "asc" + }, + "keyed": false, + "min_doc_count": 0 + }, + "aggregations": { + "@timestamp": { + "max": { + "field": "@timestamp" + } + }, + "dc_remote_ips": { + "cardinality": { + "field": "nginx.access.remote_ip" + } + } + } + } + } +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/low_request_rate.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/low_request_rate.json new file mode 100644 index 00000000..74fe31b2 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/low_request_rate.json @@ -0,0 +1,30 @@ +{ + "description": "Nginx Access Logs: Detect low request rate", + "analysis_config" : { + "bucket_span": "15m", + "summary_count_field_name": "doc_count", + "detectors": [ + { + "detector_description": "nginx_access_low_request_rate", + "function": "low_count", + "detector_rules": [] + } + ], + "influencers": [] + }, + "data_description": { + "time_field": "@timestamp", + "time_format": "epoch_ms" + }, + "model_plot_config": { + "enabled": true + }, + "custom_settings": { + "custom_urls": [ + { + "url_name": "Raw Data", + "url_value": "kibana#/discover/ML-Filebeat-Nginx-Access?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(columns:!(_source),filters:!(),index:\u0027filebeat-*\u0027,interval:auto,query:(query_string:(analyze_wildcard:!t,query:\u0027*\u0027)),sort:!(\u0027@timestamp\u0027,desc))" + } + ] + } +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/remote_ip_request_rate.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/remote_ip_request_rate.json new file mode 100644 index 00000000..53ea56c2 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/remote_ip_request_rate.json @@ -0,0 +1,33 @@ +{ + "description": "Nginx Access Logs: Detect unusual remote_ips - high request rates", + "analysis_config" : { + "bucket_span": "1h", + "detectors": [ + { + "detector_description": "nginx_access_remote_ip_high_count", + "function": "high_count", + "over_field_name": "nginx.access.remote_ip", + "detector_rules": [] + } + ], + "influencers": [ + "nginx.access.remote_ip" + ] + }, + "data_description": { + "time_field": "@timestamp", + "time_format": "epoch_ms" + }, + "custom_settings": { + "custom_urls": [ + { + "url_name": "Count Explorer", + "url_value": "kibana#/dashboard/ML-Nginx-Access-Remote-IP-Count-Explorer?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(description:\u0027\u0027,filters:!((\u0027$state\u0027:(store:appState),meta:(alias:!n,disabled:!f,index:\u0027filebeat-*\u0027,key:nginx.access.remote_ip,negate:!f,type:phrase,value:\u0027$nginx.access.remote_ip$\u0027),query:(match:(nginx.access.remote_ip:(query:\u0027$nginx.access.remote_ip$\u0027,type:phrase))))),options:(darkTheme:!f),panels:!((col:1,id:ML-Nginx-Access-Remote-IP-Timechart,panelIndex:1,row:1,size_x:6,size_y:3,type:visualization),(col:7,id:ML-Nginx-Access-Response-Code-Timechart,panelIndex:2,row:1,size_x:6,size_y:3,type:visualization),(col:1,id:ML-Nginx-Access-Top-Remote-IPs-Table,panelIndex:3,row:4,size_x:6,size_y:3,type:visualization),(col:7,id:ML-Nginx-Access-Map,panelIndex:4,row:4,size_x:6,size_y:3,type:visualization),(col:1,id:ML-Nginx-Access-Top-URLs-Table,panelIndex:5,row:7,size_x:12,size_y:9,type:visualization)),query:(query_string:(analyze_wildcard:!t,query:\u0027*\u0027)),timeRestore:!f,title:\u0027ML%20Nginx%20Access%20Remote%20IP%20Count%20Explorer\u0027,uiState:(P-3:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),P-5:(vis:(params:(sort:(columnIndex:!n,direction:!n))))),viewMode:view)" + }, + { + "url_name": "Raw Data", + "url_value": "kibana#/discover/ML-Filebeat-Nginx-Access?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(columns:!(_source),filters:!((\u0027$state\u0027:(store:appState),meta:(alias:!n,disabled:!f,index:\u0027filebeat-*\u0027,key:nginx.access.remote_ip,negate:!f,type:phrase,value:\u0027$nginx.access.remote_ip$\u0027),query:(match:(nginx.access.remote_ip:(query:\u0027$nginx.access.remote_ip$\u0027,type:phrase))))),index:\u0027filebeat-*\u0027,interval:auto,query:(query_string:(analyze_wildcard:!t,query:\u0027*\u0027)),sort:!(\u0027@timestamp\u0027,desc))" + } + ] + } +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/remote_ip_url_count.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/remote_ip_url_count.json new file mode 100644 index 00000000..28ccd5a1 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/remote_ip_url_count.json @@ -0,0 +1,34 @@ +{ + "description": "Nginx Access Logs: Detect unusual remote_ips - high distinct count of urls", + "analysis_config" : { + "bucket_span": "1h", + "detectors": [ + { + "detector_description": "nginx_access_remote_ip_high_dc_url", + "function": "high_distinct_count", + "field_name": "nginx.access.url", + "over_field_name": "nginx.access.remote_ip", + "detector_rules": [] + } + ], + "influencers": [ + "nginx.access.remote_ip" + ] + }, + "data_description": { + "time_field": "@timestamp", + "time_format": "epoch_ms" + }, + "custom_settings": { + "custom_urls": [ + { + "url_name": "URL Explorer", + "url_value": "kibana#/dashboard/ML-Nginx-Remote-IP-URL-Explorer?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(description:\u0027\u0027,filters:!((\u0027$state\u0027:(store:appState),meta:(alias:!n,disabled:!f,index:\u0027filebeat-*\u0027,key:nginx.access.remote_ip,negate:!f,type:phrase,value:\u0027$nginx.access.remote_ip$\u0027),query:(match:(nginx.access.remote_ip:(query:\u0027$nginx.access.remote_ip$\u0027,type:phrase))))),options:(darkTheme:!f),panels:!((col:1,id:ML-Nginx-Access-Unique-Count-URL-Timechart,panelIndex:1,row:1,size_x:6,size_y:3,type:visualization),(col:7,id:ML-Nginx-Access-Response-Code-Timechart,panelIndex:2,row:1,size_x:6,size_y:3,type:visualization),(col:1,id:ML-Nginx-Access-Top-Remote-IPs-Table,panelIndex:3,row:4,size_x:6,size_y:3,type:visualization),(col:7,id:ML-Nginx-Access-Map,panelIndex:4,row:4,size_x:6,size_y:3,type:visualization),(col:1,id:ML-Nginx-Access-Top-URLs-Table,panelIndex:5,row:7,size_x:12,size_y:8,type:visualization)),query:(query_string:(analyze_wildcard:!t,query:\u0027*\u0027)),timeRestore:!f,title:\u0027ML%20Nginx%20Access%20Remote%20IP%20URL%20Explorer\u0027,uiState:(P-2:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),P-3:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),P-5:(vis:(params:(sort:(columnIndex:!n,direction:!n))))),viewMode:view)" + }, + { + "url_name": "Raw Data", + "url_value": "kibana#/discover/ML-Filebeat-Nginx-Access?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(columns:!(_source),filters:!((\u0027$state\u0027:(store:appState),meta:(alias:!n,disabled:!f,index:\u0027filebeat-*\u0027,key:nginx.access.remote_ip,negate:!f,type:phrase,value:\u0027$nginx.access.remote_ip$\u0027),query:(match:(nginx.access.remote_ip:(query:\u0027$nginx.access.remote_ip$\u0027,type:phrase))))),index:\u0027filebeat-*\u0027,interval:auto,query:(query_string:(analyze_wildcard:!t,query:\u0027*\u0027)),sort:!(\u0027@timestamp\u0027,desc))" + } + ] + } +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/response_code.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/response_code.json new file mode 100644 index 00000000..ee4a71cd --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/response_code.json @@ -0,0 +1,37 @@ +{ + "description": "Nginx Access Logs: Detect unusual response_code rates", + "analysis_config" : { + "bucket_span": "15m", + "detectors": [ + { + "detector_description": "nginx_access_response_code_rate", + "function": "count", + "partition_field_name": "nginx.access.response_code", + "detector_rules": [] + } + ], + "influencers": [ + "nginx.access.response_code", + "nginx.access.remote_ip" + ] + }, + "data_description": { + "time_field": "@timestamp", + "time_format": "epoch_ms" + }, + "model_plot_config": { + "enabled": true + }, + "custom_settings": { + "custom_urls": [ + { + "url_name": "Count Explorer", + "url_value": "kibana#/dashboard/ML-Nginx-Access-Remote-IP-Count-Explorer?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(description:\u0027\u0027,filters:!((\u0027$state\u0027:(store:appState),meta:(alias:!n,disabled:!f,index:\u0027filebeat-*\u0027,key:nginx.access.response_code,negate:!f,type:phrase,value:\u0027$nginx.access.response_code$\u0027),query:(match:(nginx.access.response_code:(query:\u0027$nginx.access.response_code$\u0027,type:phrase))))),options:(darkTheme:!f),panels:!((col:1,id:ML-Nginx-Access-Remote-IP-Timechart,panelIndex:1,row:1,size_x:6,size_y:3,type:visualization),(col:7,id:ML-Nginx-Access-Response-Code-Timechart,panelIndex:2,row:1,size_x:6,size_y:3,type:visualization),(col:1,id:ML-Nginx-Access-Top-Remote-IPs-Table,panelIndex:3,row:4,size_x:6,size_y:3,type:visualization),(col:7,id:ML-Nginx-Access-Map,panelIndex:4,row:4,size_x:6,size_y:3,type:visualization),(col:1,id:ML-Nginx-Access-Top-URLs-Table,panelIndex:5,row:7,size_x:12,size_y:9,type:visualization)),query:(query_string:(analyze_wildcard:!t,query:\u0027*\u0027)),timeRestore:!f,title:\u0027ML%20Nginx%20Access%20Remote%20IP%20Count%20Explorer\u0027,uiState:(P-3:(vis:(params:(sort:(columnIndex:!n,direction:!n)))),P-5:(vis:(params:(sort:(columnIndex:!n,direction:!n))))),viewMode:view)" + }, + { + "url_name": "Raw Data", + "url_value": "kibana#/discover/ML-Filebeat-Nginx-Access?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(columns:!(_source),filters:!((\u0027$state\u0027:(store:appState),meta:(alias:!n,disabled:!f,index:\u0027filebeat-*\u0027,key:nginx.access.response_code,negate:!f,type:phrase,value:\u0027$nginx.access.response_code$\u0027),query:(match:(nginx.access.response_code:(query:\u0027$nginx.access.response_code$\u0027,type:phrase))))),index:\u0027filebeat-*\u0027,interval:auto,query:(query_string:(analyze_wildcard:!t,query:\u0027_exists_:nginx.access\u0027)),sort:!(\u0027@timestamp\u0027,desc))" + } + ] + } +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/visitor_rate.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/visitor_rate.json new file mode 100644 index 00000000..bc5341e5 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/machine_learning/visitor_rate.json @@ -0,0 +1,30 @@ +{ + "description": "Nginx Access Logs: Detect unusual visitor rate", + "analysis_config" : { + "bucket_span": "15m", + "summary_count_field_name": "dc_remote_ips", + "detectors": [ + { + "detector_description": "nginx_access_visitor_rate", + "function": "non_zero_count", + "detector_rules": [] + } + ], + "influencers": [] + }, + "data_description": { + "time_field": "@timestamp", + "time_format": "epoch_ms" + }, + "model_plot_config": { + "enabled": true + }, + "custom_settings": { + "custom_urls": [ + { + "url_name": "Raw Data", + "url_value": "kibana#/discover/ML-Filebeat-Nginx-Access?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(columns:!(_source),filters:!(),index:\u0027filebeat-*\u0027,interval:auto,query:(query_string:(analyze_wildcard:!t,query:\u0027*\u0027)),sort:!(\u0027@timestamp\u0027,desc))" + } + ] + } +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/manifest.yml b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/manifest.yml index b6dc8463..b7686b9d 100644 --- a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/manifest.yml +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/manifest.yml @@ -12,6 +12,28 @@ var: ingest_pipeline: ingest/default.json prospector: config/nginx-access.yml +machine_learning: +- name: response_code + job: machine_learning/response_code.json + datafeed: machine_learning/datafeed_response_code.json + min_version: 5.5.0 +- name: low_request_rate + job: machine_learning/low_request_rate.json + datafeed: machine_learning/datafeed_low_request_rate.json + min_version: 5.5.0 +- name: remote_ip_url_count + job: machine_learning/remote_ip_url_count.json + datafeed: machine_learning/datafeed_remote_ip_url_count.json + min_version: 5.5.0 +- name: remote_ip_request_rate + job: machine_learning/remote_ip_request_rate.json + datafeed: machine_learning/datafeed_remote_ip_request_rate.json + min_version: 5.5.0 +- name: visitor_rate + job: machine_learning/visitor_rate.json + datafeed: machine_learning/datafeed_visitor_rate.json + min_version: 5.5.0 + requires.processors: - name: user_agent plugin: ingest-user-agent diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/test/test.log b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/test/test.log new file mode 100644 index 00000000..e303a6d5 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/test/test.log @@ -0,0 +1,6 @@ +10.0.0.2, 10.0.0.1, 127.0.0.1 - - [07/Dec/2016:11:05:07 +0100] "GET /ocelot HTTP/1.1" 200 571 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0" +172.17.0.1 - - [29/May/2017:19:02:48 +0000] "GET /stringpatch HTTP/1.1" 404 612 "-" "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2" "-" +10.0.0.2, 10.0.0.1, 85.181.35.98 - - [07/Dec/2016:11:05:07 +0100] "GET /ocelot HTTP/1.1" 200 571 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0" +85.181.35.98 - - [07/Dec/2016:11:05:07 +0100] "GET /ocelot HTTP/1.1" 200 571 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0" +"10.5.102.222, 199.96.1.1, 204.246.1.1" 10.2.1.185 - - [22/Jan/2016:13:18:29 +0000] "GET /assets/xxxx?q=100 HTTP/1.1" 200 25507 "-" "Amazon CloudFront" +2a03:0000:10ff:f00f:0000:0000:0:8000, 10.225.192.17 10.2.2.121 - - [30/Dec/2016:06:47:09 +0000] "GET /test.html HTTP/1.1" 404 8571 "-" "Mozilla/5.0 (compatible; Facebot 1.0; https://developers.facebook.com/docs/sharing/webmasters/crawler)" diff --git a/vendor/github.com/elastic/beats/filebeat/module/nginx/access/test/test.log-expected.json b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/test/test.log-expected.json new file mode 100644 index 00000000..9b31bf3f --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/nginx/access/test/test.log-expected.json @@ -0,0 +1,344 @@ +[ + { + "_index" : "filebeat-6.0.0-alpha2-2017.05.30", + "_type" : "doc", + "_id" : "AVxWUuZ8OMOtQBaTipsE", + "_score" : 1.0, + "_source" : { + "@timestamp" : "2016-12-07T10:05:07.000Z", + "offset" : 527, + "nginx" : { + "access" : { + "referrer" : "-", + "response_code" : "200", + "remote_ip" : "85.181.35.98", + "geoip" : { + "continent_name" : "Europe", + "country_iso_code" : "DE", + "location" : { + "lon" : 9.0, + "lat" : 51.0 + } + }, + "method" : "GET", + "user_name" : "-", + "http_version" : "1.1", + "body_sent" : { + "bytes" : "571" + }, + "remote_ip_list" : [ + "10.0.0.2", + "10.0.0.1", + "85.181.35.98" + ], + "url" : "/ocelot", + "user_agent" : { + "major" : "49", + "minor" : "0", + "os" : "Mac OS X 10.12", + "os_minor" : "12", + "os_major" : "10", + "name" : "Firefox", + "os_name" : "Mac OS X", + "device" : "Other" + } + } + }, + "beat" : { + "hostname" : "a-mac-with-esc-key-2.local", + "name" : "a-mac-with-esc-key-2.local", + "version" : "6.0.0-alpha2" + }, + "prospector" : { + "type" : "log" + }, + "read_timestamp" : "2017-05-29T22:28:06.246Z", + "source" : "/Users/tsg/src/github.com/elastic/beats/filebeat/module/nginx/access/test/test.log", + "fileset" : { + "module" : "nginx", + "name" : "access" + } + } + }, + { + "_index" : "filebeat-6.0.0-alpha2-2017.05.30", + "_type" : "doc", + "_id" : "AVxWUuZ8OMOtQBaTipsD", + "_score" : 1.0, + "_source" : { + "@timestamp" : "2017-05-29T19:02:48.000Z", + "offset" : 341, + "nginx" : { + "access" : { + "referrer" : "-", + "response_code" : "404", + "remote_ip" : "172.17.0.1", + "method" : "GET", + "user_name" : "-", + "http_version" : "1.1", + "body_sent" : { + "bytes" : "612" + }, + "remote_ip_list" : [ + "172.17.0.1" + ], + "url" : "/stringpatch", + "user_agent" : { + "patch" : "a2", + "major" : "15", + "minor" : "0", + "os" : "Windows 7", + "name" : "Firefox Alpha", + "os_name" : "Windows 7", + "device" : "Other" + } + } + }, + "beat" : { + "hostname" : "a-mac-with-esc-key-2.local", + "name" : "a-mac-with-esc-key-2.local", + "version" : "6.0.0-alpha2" + }, + "prospector" : { + "type" : "log" + }, + "read_timestamp" : "2017-05-29T22:28:06.246Z", + "source" : "/Users/tsg/src/github.com/elastic/beats/filebeat/module/nginx/access/test/test.log", + "fileset" : { + "module" : "nginx", + "name" : "access" + } + } + }, + { + "_index" : "filebeat-6.0.0-alpha2-2017.05.30", + "_type" : "doc", + "_id" : "AVxWUuZ8OMOtQBaTipsF", + "_score" : 1.0, + "_source" : { + "@timestamp" : "2016-12-07T10:05:07.000Z", + "offset" : 693, + "nginx" : { + "access" : { + "referrer" : "-", + "response_code" : "200", + "remote_ip" : "85.181.35.98", + "geoip" : { + "continent_name" : "Europe", + "country_iso_code" : "DE", + "location" : { + "lon" : 9.0, + "lat" : 51.0 + } + }, + "method" : "GET", + "user_name" : "-", + "http_version" : "1.1", + "body_sent" : { + "bytes" : "571" + }, + "remote_ip_list" : [ + "85.181.35.98" + ], + "url" : "/ocelot", + "user_agent" : { + "major" : "49", + "minor" : "0", + "os" : "Mac OS X 10.12", + "os_minor" : "12", + "os_major" : "10", + "name" : "Firefox", + "os_name" : "Mac OS X", + "device" : "Other" + } + } + }, + "beat" : { + "hostname" : "a-mac-with-esc-key-2.local", + "name" : "a-mac-with-esc-key-2.local", + "version" : "6.0.0-alpha2" + }, + "prospector" : { + "type" : "log" + }, + "read_timestamp" : "2017-05-29T22:28:06.246Z", + "source" : "/Users/tsg/src/github.com/elastic/beats/filebeat/module/nginx/access/test/test.log", + "fileset" : { + "module" : "nginx", + "name" : "access" + } + } + }, + { + "_index" : "filebeat-6.0.0-alpha2-2017.05.30", + "_type" : "doc", + "_id" : "AVxWUuZ8OMOtQBaTipsC", + "_score" : 1.0, + "_source" : { + "@timestamp" : "2016-12-07T10:05:07.000Z", + "offset" : 183, + "nginx" : { + "access" : { + "referrer" : "-", + "response_code" : "200", + "remote_ip" : "10.0.0.2", + "method" : "GET", + "user_name" : "-", + "http_version" : "1.1", + "body_sent" : { + "bytes" : "571" + }, + "remote_ip_list" : [ + "10.0.0.2", + "10.0.0.1", + "127.0.0.1" + ], + "url" : "/ocelot", + "user_agent" : { + "major" : "49", + "minor" : "0", + "os" : "Mac OS X 10.12", + "os_minor" : "12", + "os_major" : "10", + "name" : "Firefox", + "os_name" : "Mac OS X", + "device" : "Other" + } + } + }, + "beat" : { + "hostname" : "a-mac-with-esc-key-2.local", + "name" : "a-mac-with-esc-key-2.local", + "version" : "6.0.0-alpha2" + }, + "prospector" : { + "type" : "log" + }, + "read_timestamp" : "2017-05-29T22:28:06.245Z", + "source" : "/Users/tsg/src/github.com/elastic/beats/filebeat/module/nginx/access/test/test.log", + "fileset" : { + "module" : "nginx", + "name" : "access" + } + } + }, + { + "_index" : "filebeat-6.0.0-alpha2-2017.05.30", + "_type" : "doc", + "_id" : "AVxWUuZ8OMOtQBaTipsG", + "_score" : 1.0, + "_source" : { + "@timestamp" : "2016-01-22T13:18:29.000Z", + "offset" : 845, + "nginx" : { + "access" : { + "referrer" : "-", + "response_code" : "200", + "remote_ip" : "199.96.1.1", + "geoip" : { + "continent_name" : "North America", + "city_name" : "Springfield", + "country_iso_code" : "US", + "region_name" : "Illinois", + "location" : { + "lon" : -89.6859, + "lat" : 39.772 + } + }, + "method" : "GET", + "user_name" : "-", + "http_version" : "1.1", + "body_sent" : { + "bytes" : "25507" + }, + "remote_ip_list" : [ + "10.5.102.222", + "199.96.1.1", + "204.246.1.1", + "10.2.1.185" + ], + "url" : "/assets/xxxx?q=100", + "user_agent" : { + "os" : "Other", + "name" : "Other", + "os_name" : "Other", + "device" : "Other" + } + } + }, + "beat" : { + "hostname" : "a-mac-with-esc-key-2.local", + "name" : "a-mac-with-esc-key-2.local", + "version" : "6.0.0-alpha2" + }, + "prospector" : { + "type" : "log" + }, + "read_timestamp" : "2017-05-29T22:28:06.246Z", + "source" : "/Users/tsg/src/github.com/elastic/beats/filebeat/module/nginx/access/test/test.log", + "fileset" : { + "module" : "nginx", + "name" : "access" + } + } + }, + { + "_index" : "filebeat-6.0.0-alpha2-2017.05.30", + "_type" : "doc", + "_id" : "AVxWUuZ8OMOtQBaTipsH", + "_score" : 1.0, + "_source" : { + "@timestamp" : "2016-12-30T06:47:09.000Z", + "offset" : 1085, + "nginx" : { + "access" : { + "referrer" : "-", + "response_code" : "404", + "remote_ip" : "2a03:0000:10ff:f00f:0000:0000:0:8000", + "geoip" : { + "continent_name" : "Europe", + "country_iso_code" : "PT", + "location" : { + "lon" : -8.13057, + "lat" : 39.6945 + } + }, + "method" : "GET", + "user_name" : "-", + "http_version" : "1.1", + "body_sent" : { + "bytes" : "8571" + }, + "remote_ip_list" : [ + "2a03:0000:10ff:f00f:0000:0000:0:8000", + "10.225.192.17", + "10.2.2.121" + ], + "url" : "/test.html", + "user_agent" : { + "major" : "1", + "minor" : "0", + "os" : "Other", + "name" : "Facebot", + "os_name" : "Other", + "device" : "Spider" + } + } + }, + "beat" : { + "hostname" : "a-mac-with-esc-key-2.local", + "name" : "a-mac-with-esc-key-2.local", + "version" : "6.0.0-alpha2" + }, + "prospector" : { + "type" : "log" + }, + "read_timestamp" : "2017-05-29T22:28:06.246Z", + "source" : "/Users/tsg/src/github.com/elastic/beats/filebeat/module/nginx/access/test/test.log", + "fileset" : { + "module" : "nginx", + "name" : "access" + } + } + } +] diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/docs.asciidoc b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/docs.asciidoc index b4ac86b3..a0d4d813 100644 --- a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/docs.asciidoc +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/docs.asciidoc @@ -1,17 +1,20 @@ == System module -This module collects and parses logs created by system logging server of common Unix/Linux based -distributions. +This module collects and parses logs created by system logging server of common +Unix/Linux based distributions. +[float] === Compatibility -This module was tested with logs from OSes like Ubuntu 12.04, Centos 7, macOS Sierra, and others. +This module was tested with logs from OSes like Ubuntu 12.04, Centos 7, and +macOS Sierra. This module is not available for Windows. +[float] === Dashboard -This module comes with a sample dashboard. +This module comes with a sample dashboard showing syslog data. image::./images/kibana-system.png[] diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab.json new file mode 100644 index 00000000..1c8a61fb --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab.json @@ -0,0 +1,13 @@ +{ + "hits": 0, + "timeRestore": false, + "description": "", + "title": "Filebeat New users and groups", + "uiStateJSON": "{\"P-1\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "panelsJSON": "[{\"col\":1,\"id\":\"f398d2f0-fa77-11e6-ae9b-81e5311e8cab\",\"panelIndex\":1,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"5dd15c00-fa78-11e6-ae9b-81e5311e8cab\",\"panelIndex\":2,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"e121b140-fa78-11e6-a1df-a78bd7504d38\",\"panelIndex\":3,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"d56ee420-fa79-11e6-a1df-a78bd7504d38\",\"panelIndex\":4,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"12667040-fa80-11e6-a1df-a78bd7504d38\",\"panelIndex\":5,\"row\":7,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"size_x\":6,\"size_y\":3,\"panelIndex\":6,\"type\":\"visualization\",\"id\":\"346bb290-fa80-11e6-a1df-a78bd7504d38\",\"col\":7,\"row\":7}]", + "optionsJSON": "{\"darkTheme\":false}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a.json new file mode 100644 index 00000000..eba0e698 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a.json @@ -0,0 +1,13 @@ +{ + "hits": 0, + "timeRestore": false, + "description": "", + "title": "Filebeat Auth - Sudo commands", + "uiStateJSON": "{\"P-3\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "panelsJSON": "[{\"col\":1,\"id\":\"5c7af030-fa2a-11e6-bbd3-29c986c96e5a\",\"panelIndex\":1,\"row\":5,\"size_x\":12,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"51164310-fa2b-11e6-bbd3-29c986c96e5a\",\"panelIndex\":2,\"row\":9,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"dc589770-fa2b-11e6-bbd3-29c986c96e5a\",\"panelIndex\":3,\"row\":1,\"size_x\":12,\"size_y\":4,\"type\":\"visualization\"}]", + "optionsJSON": "{\"darkTheme\":false}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a.json new file mode 100644 index 00000000..0b0fcb67 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a.json @@ -0,0 +1,13 @@ +{ + "hits": 0, + "timeRestore": false, + "description": "", + "title": "Filebeat SSH login attempts", + "uiStateJSON": "{\"P-4\":{\"mapCenter\":[39.774769485295465,23.203125],\"mapZoom\":3}}", + "panelsJSON": "[{\"col\":1,\"id\":\"d16bb400-f9cc-11e6-8115-a7c18106d86a\",\"panelIndex\":1,\"row\":4,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"78b74f30-f9cd-11e6-8115-a7c18106d86a\",\"panelIndex\":2,\"row\":1,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"341ffe70-f9ce-11e6-8115-a7c18106d86a\",\"panelIndex\":3,\"row\":7,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":7,\"id\":\"3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d\",\"panelIndex\":4,\"row\":7,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":3,\"panelIndex\":5,\"type\":\"search\",\"id\":\"62439dc0-f9c9-11e6-a747-6121780e0414\",\"col\":1,\"row\":11,\"columns\":[\"system.auth.ssh.event\",\"system.auth.ssh.method\",\"system.auth.user\",\"system.auth.ssh.ip\",\"system.auth.ssh.geoip.country_iso_code\"],\"sort\":[\"@timestamp\",\"desc\"]}]", + "optionsJSON": "{\"darkTheme\":false}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/dashboard/Filebeat-syslog-dashboard.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/dashboard/Filebeat-syslog-dashboard.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/dashboard/Filebeat-syslog-dashboard.json rename to vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/dashboard/Filebeat-syslog-dashboard.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/search/62439dc0-f9c9-11e6-a747-6121780e0414.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/search/62439dc0-f9c9-11e6-a747-6121780e0414.json new file mode 100644 index 00000000..8f1b5915 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/search/62439dc0-f9c9-11e6-a747-6121780e0414.json @@ -0,0 +1,20 @@ +{ + "sort": [ + "@timestamp", + "desc" + ], + "hits": 0, + "description": "", + "title": "SSH login attempts", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"_exists_:system.auth.ssh.event\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "columns": [ + "system.auth.ssh.event", + "system.auth.ssh.method", + "system.auth.user", + "system.auth.ssh.ip", + "system.auth.ssh.geoip.country_iso_code" + ] +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/search/8030c1b0-fa77-11e6-ae9b-81e5311e8cab.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/search/8030c1b0-fa77-11e6-ae9b-81e5311e8cab.json new file mode 100644 index 00000000..1f9a9492 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/search/8030c1b0-fa77-11e6-ae9b-81e5311e8cab.json @@ -0,0 +1,20 @@ +{ + "sort": [ + "@timestamp", + "desc" + ], + "hits": 0, + "description": "", + "title": "useradd logs", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"_exists_:system.auth.useradd\"}},\"filter\":[]}" + }, + "columns": [ + "system.auth.useradd.name", + "system.auth.useradd.uid", + "system.auth.useradd.gid", + "system.auth.useradd.home", + "system.auth.useradd.shell" + ] +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/search/Syslog-system-logs.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/search/Syslog-system-logs.json similarity index 81% rename from vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/search/Syslog-system-logs.json rename to vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/search/Syslog-system-logs.json index 7ca969c1..0de99f3c 100644 --- a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/search/Syslog-system-logs.json +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/search/Syslog-system-logs.json @@ -8,11 +8,11 @@ "title": "Syslog system logs", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}" + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"_exists_:system.syslog\",\"analyze_wildcard\":true}},\"highlightAll\":true}" }, "columns": [ "system.syslog.hostname", "system.syslog.program", "system.syslog.message" ] -} +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/search/b6f321e0-fa25-11e6-bbd3-29c986c96e5a.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/search/b6f321e0-fa25-11e6-bbd3-29c986c96e5a.json new file mode 100644 index 00000000..2f788c43 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/search/b6f321e0-fa25-11e6-bbd3-29c986c96e5a.json @@ -0,0 +1,19 @@ +{ + "sort": [ + "@timestamp", + "desc" + ], + "hits": 0, + "description": "", + "title": "Sudo commands", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"_exists_:system.auth.sudo\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "columns": [ + "system.auth.user", + "system.auth.sudo.user", + "system.auth.sudo.pwd", + "system.auth.sudo.command" + ] +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/search/eb0039f0-fa7f-11e6-a1df-a78bd7504d38.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/search/eb0039f0-fa7f-11e6-a1df-a78bd7504d38.json new file mode 100644 index 00000000..84c212ce --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/search/eb0039f0-fa7f-11e6-a1df-a78bd7504d38.json @@ -0,0 +1,17 @@ +{ + "sort": [ + "@timestamp", + "desc" + ], + "hits": 0, + "description": "", + "title": "groupadd logs", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"_exists_:system.auth.groupadd\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "columns": [ + "system.auth.groupadd.name", + "system.auth.groupadd.gid" + ] +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/12667040-fa80-11e6-a1df-a78bd7504d38.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/12667040-fa80-11e6-a1df-a78bd7504d38.json new file mode 100644 index 00000000..f4d5de26 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/12667040-fa80-11e6-a1df-a78bd7504d38.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"New groups\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.groupadd.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.groupadd.gid\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "New groups", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "savedSearchId": "eb0039f0-fa7f-11e6-a1df-a78bd7504d38", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/341ffe70-f9ce-11e6-8115-a7c18106d86a.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/341ffe70-f9ce-11e6-8115-a7c18106d86a.json new file mode 100644 index 00000000..63cb8aab --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/341ffe70-f9ce-11e6-8115-a7c18106d86a.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"SSH users of failed login attempts\",\"type\":\"tagcloud\",\"params\":{\"maxFontSize\":72,\"minFontSize\":18,\"orientation\":\"single\",\"scale\":\"linear\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"system.auth.user\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "SSH users of failed login attempts", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"system.auth.ssh.event:Failed OR system.auth.ssh.event:Invalid\",\"analyze_wildcard\":true}}}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/346bb290-fa80-11e6-a1df-a78bd7504d38.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/346bb290-fa80-11e6-a1df-a78bd7504d38.json new file mode 100644 index 00000000..f91a6a09 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/346bb290-fa80-11e6-a1df-a78bd7504d38.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"New groups over time\",\"type\":\"histogram\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"system.auth.groupadd.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "New groups over time", + "uiStateJSON": "{}", + "version": 1, + "savedSearchId": "eb0039f0-fa7f-11e6-a1df-a78bd7504d38", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d.json new file mode 100644 index 00000000..abfe842e --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"SSH failed login attempts source locations\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[15,5],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"system.auth.ssh.geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}", + "description": "", + "title": "SSH failed login attempts source locations", + "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[17.602139123350838,69.697265625]}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"system.auth.ssh.event:Failed OR system.auth.ssh.event:Invalid\",\"analyze_wildcard\":true}}}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/51164310-fa2b-11e6-bbd3-29c986c96e5a.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/51164310-fa2b-11e6-bbd3-29c986c96e5a.json new file mode 100644 index 00000000..20668b48 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/51164310-fa2b-11e6-bbd3-29c986c96e5a.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"Sudo errors\",\"type\":\"histogram\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"system.auth.sudo.error\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "Sudo errors", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"_exists_:system.auth.sudo.error\",\"analyze_wildcard\":true}}}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/5c7af030-fa2a-11e6-bbd3-29c986c96e5a.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/5c7af030-fa2a-11e6-bbd3-29c986c96e5a.json new file mode 100644 index 00000000..eddbc197 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/5c7af030-fa2a-11e6-bbd3-29c986c96e5a.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"Sudo commands by user\",\"type\":\"histogram\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"system.auth.user\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "Sudo commands by user", + "uiStateJSON": "{}", + "version": 1, + "savedSearchId": "b6f321e0-fa25-11e6-bbd3-29c986c96e5a", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/5dd15c00-fa78-11e6-ae9b-81e5311e8cab.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/5dd15c00-fa78-11e6-ae9b-81e5311e8cab.json new file mode 100644 index 00000000..d11a2798 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/5dd15c00-fa78-11e6-ae9b-81e5311e8cab.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"New users over time\",\"type\":\"histogram\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"system.auth.useradd.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "New users over time", + "uiStateJSON": "{}", + "version": 1, + "savedSearchId": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/78b74f30-f9cd-11e6-8115-a7c18106d86a.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/78b74f30-f9cd-11e6-8115-a7c18106d86a.json new file mode 100644 index 00000000..5de09335 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/78b74f30-f9cd-11e6-8115-a7c18106d86a.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customInterval\":\"2h\",\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"system.auth.ssh.event\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"legendPosition\":\"right\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"times\":[]},\"title\":\"SSH login attempts\",\"type\":\"histogram\"}", + "description": "", + "title": "SSH login attempts", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Accepted\":\"#3F6833\",\"Failed\":\"#F9934E\",\"Invalid\":\"#447EBC\"}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"index\":\"filebeat-*\",\"highlightAll\":true}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/visualization/Syslog-events-by-hostname.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/Syslog-events-by-hostname.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/visualization/Syslog-events-by-hostname.json rename to vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/Syslog-events-by-hostname.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/visualization/Syslog-hostnames-and-processes.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/Syslog-hostnames-and-processes.json similarity index 100% rename from vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/visualization/Syslog-hostnames-and-processes.json rename to vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/Syslog-hostnames-and-processes.json diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/d16bb400-f9cc-11e6-8115-a7c18106d86a.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/d16bb400-f9cc-11e6-8115-a7c18106d86a.json new file mode 100644 index 00000000..78aaeb26 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/d16bb400-f9cc-11e6-8115-a7c18106d86a.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"Successful SSH logins\",\"type\":\"histogram\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"system.auth.ssh.method\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "Successful SSH logins", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Accepted\":\"#3F6833\",\"Failed\":\"#F9934E\",\"Invalid\":\"#447EBC\",\"publickey\":\"#629E51\",\"password\":\"#BF1B00\"}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"system.auth.ssh.event:Accepted\",\"analyze_wildcard\":true}}}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/d56ee420-fa79-11e6-a1df-a78bd7504d38.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/d56ee420-fa79-11e6-a1df-a78bd7504d38.json new file mode 100644 index 00000000..ad1478a1 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/d56ee420-fa79-11e6-a1df-a78bd7504d38.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"New users by home directory\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"system.auth.useradd.home\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"system.auth.useradd.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "New users by home directory", + "uiStateJSON": "{\"vis\":{\"colors\":{\"/bin/bash\":\"#E24D42\",\"/bin/false\":\"#508642\",\"/sbin/nologin\":\"#7EB26D\",\"/nonexistent\":\"#629E51\"},\"legendOpen\":true}}", + "version": 1, + "savedSearchId": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/dc589770-fa2b-11e6-bbd3-29c986c96e5a.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/dc589770-fa2b-11e6-bbd3-29c986c96e5a.json new file mode 100644 index 00000000..79e4e50a --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/dc589770-fa2b-11e6-bbd3-29c986c96e5a.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"Top sudo commands\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.sudo.command\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.user\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "Top sudo commands", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "savedSearchId": "b6f321e0-fa25-11e6-bbd3-29c986c96e5a", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/e121b140-fa78-11e6-a1df-a78bd7504d38.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/e121b140-fa78-11e6-a1df-a78bd7504d38.json new file mode 100644 index 00000000..18dfd0ce --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/e121b140-fa78-11e6-a1df-a78bd7504d38.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"New users by shell\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"system.auth.useradd.shell\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"system.auth.useradd.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "New users by shell", + "uiStateJSON": "{\"vis\":{\"colors\":{\"/bin/bash\":\"#E24D42\",\"/bin/false\":\"#508642\",\"/sbin/nologin\":\"#7EB26D\"},\"legendOpen\":true}}", + "version": 1, + "savedSearchId": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/f398d2f0-fa77-11e6-ae9b-81e5311e8cab.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/f398d2f0-fa77-11e6-ae9b-81e5311e8cab.json new file mode 100644 index 00000000..fbd2c683 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/5.x/visualization/f398d2f0-fa77-11e6-ae9b-81e5311e8cab.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"New users\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Host\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.useradd.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.useradd.uid\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"UID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.useradd.gid\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"GID\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.useradd.home\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Home\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.useradd.shell\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Shell\"}}],\"listeners\":{}}", + "description": "", + "title": "New users", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "savedSearchId": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/default/dashboard/Filebeat-auth-sudo-commands.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/default/dashboard/Filebeat-auth-sudo-commands.json new file mode 100644 index 00000000..a3dfa348 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/default/dashboard/Filebeat-auth-sudo-commands.json @@ -0,0 +1,94 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "b6f321e0-fa25-11e6-bbd3-29c986c96e5a", + "title": "Sudo commands by user", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Sudo commands by user\",\"type\":\"histogram\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"system.auth.user\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "5c7af030-fa2a-11e6-bbd3-29c986c96e5a", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"_exists_:system.auth.sudo.error\",\"analyze_wildcard\":true}}}" + }, + "title": "Sudo errors", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Sudo errors\",\"type\":\"histogram\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"system.auth.sudo.error\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "51164310-fa2b-11e6-bbd3-29c986c96e5a", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "b6f321e0-fa25-11e6-bbd3-29c986c96e5a", + "title": "Top sudo commands", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"Top sudo commands\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.sudo.command\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.user\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "dc589770-fa2b-11e6-bbd3-29c986c96e5a", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "system.auth.user", + "system.auth.sudo.user", + "system.auth.sudo.pwd", + "system.auth.sudo.command" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"_exists_:system.auth.sudo\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Sudo commands", + "version": 1 + }, + "id": "b6f321e0-fa25-11e6-bbd3-29c986c96e5a", + "type": "search", + "version": 3 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"5c7af030-fa2a-11e6-bbd3-29c986c96e5a\",\"panelIndex\":1,\"row\":5,\"size_x\":12,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"51164310-fa2b-11e6-bbd3-29c986c96e5a\",\"panelIndex\":2,\"row\":9,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"dc589770-fa2b-11e6-bbd3-29c986c96e5a\",\"panelIndex\":3,\"row\":1,\"size_x\":12,\"size_y\":4,\"type\":\"visualization\"}]", + "timeRestore": false, + "title": "Filebeat Auth - Sudo commands", + "uiStateJSON": "{\"P-3\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "version": 1 + }, + "id": "277876d0-fa2c-11e6-bbd3-29c986c96e5a", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/default/dashboard/Filebeat-new-users-and-groups.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/default/dashboard/Filebeat-new-users-and-groups.json new file mode 100644 index 00000000..c0fbe963 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/default/dashboard/Filebeat-new-users-and-groups.json @@ -0,0 +1,166 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", + "title": "New users", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"New users\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Host\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.useradd.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.useradd.uid\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"UID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.useradd.gid\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"GID\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.useradd.home\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Home\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.useradd.shell\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Shell\"}}],\"listeners\":{}}" + }, + "id": "f398d2f0-fa77-11e6-ae9b-81e5311e8cab", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", + "title": "New users over time", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"New users over time\",\"type\":\"histogram\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"system.auth.useradd.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "5dd15c00-fa78-11e6-ae9b-81e5311e8cab", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", + "title": "New users by shell", + "uiStateJSON": "{\"vis\":{\"colors\":{\"/bin/bash\":\"#E24D42\",\"/bin/false\":\"#508642\",\"/sbin/nologin\":\"#7EB26D\"},\"legendOpen\":true}}", + "version": 1, + "visState": "{\"title\":\"New users by shell\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"system.auth.useradd.shell\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"system.auth.useradd.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "e121b140-fa78-11e6-a1df-a78bd7504d38", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", + "title": "New users by home directory", + "uiStateJSON": "{\"vis\":{\"colors\":{\"/bin/bash\":\"#E24D42\",\"/bin/false\":\"#508642\",\"/sbin/nologin\":\"#7EB26D\",\"/nonexistent\":\"#629E51\"},\"legendOpen\":true}}", + "version": 1, + "visState": "{\"title\":\"New users by home directory\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"system.auth.useradd.home\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"system.auth.useradd.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "d56ee420-fa79-11e6-a1df-a78bd7504d38", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "eb0039f0-fa7f-11e6-a1df-a78bd7504d38", + "title": "New groups", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"New groups\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.groupadd.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.auth.groupadd.gid\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "12667040-fa80-11e6-a1df-a78bd7504d38", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "eb0039f0-fa7f-11e6-a1df-a78bd7504d38", + "title": "New groups over time", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"New groups over time\",\"type\":\"histogram\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"system.auth.groupadd.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "346bb290-fa80-11e6-a1df-a78bd7504d38", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "system.auth.useradd.name", + "system.auth.useradd.uid", + "system.auth.useradd.gid", + "system.auth.useradd.home", + "system.auth.useradd.shell" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"_exists_:system.auth.useradd\"}},\"filter\":[]}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "useradd logs", + "version": 1 + }, + "id": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", + "type": "search", + "version": 4 + }, + { + "attributes": { + "columns": [ + "system.auth.groupadd.name", + "system.auth.groupadd.gid" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"_exists_:system.auth.groupadd\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "groupadd logs", + "version": 1 + }, + "id": "eb0039f0-fa7f-11e6-a1df-a78bd7504d38", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"f398d2f0-fa77-11e6-ae9b-81e5311e8cab\",\"panelIndex\":1,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"5dd15c00-fa78-11e6-ae9b-81e5311e8cab\",\"panelIndex\":2,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"e121b140-fa78-11e6-a1df-a78bd7504d38\",\"panelIndex\":3,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"d56ee420-fa79-11e6-a1df-a78bd7504d38\",\"panelIndex\":4,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"12667040-fa80-11e6-a1df-a78bd7504d38\",\"panelIndex\":5,\"row\":7,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"size_x\":6,\"size_y\":3,\"panelIndex\":6,\"type\":\"visualization\",\"id\":\"346bb290-fa80-11e6-a1df-a78bd7504d38\",\"col\":7,\"row\":7}]", + "timeRestore": false, + "title": "Filebeat New users and groups", + "uiStateJSON": "{\"P-1\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "version": 1 + }, + "id": "0d3f2380-fa78-11e6-ae9b-81e5311e8cab", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/default/dashboard/Filebeat-ssh-login-attempts.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/default/dashboard/Filebeat-ssh-login-attempts.json new file mode 100644 index 00000000..96d6377e --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/default/dashboard/Filebeat-ssh-login-attempts.json @@ -0,0 +1,108 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"system.auth.ssh.event:Accepted\",\"analyze_wildcard\":true}}}" + }, + "title": "Successful SSH logins", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Accepted\":\"#3F6833\",\"Failed\":\"#F9934E\",\"Invalid\":\"#447EBC\",\"publickey\":\"#629E51\",\"password\":\"#BF1B00\"}}}", + "version": 1, + "visState": "{\"title\":\"Successful SSH logins\",\"type\":\"histogram\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"system.auth.ssh.method\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "d16bb400-f9cc-11e6-8115-a7c18106d86a", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"index\":\"filebeat-*\",\"highlightAll\":true}" + }, + "title": "SSH login attempts", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Accepted\":\"#3F6833\",\"Failed\":\"#F9934E\",\"Invalid\":\"#447EBC\"}}}", + "version": 1, + "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customInterval\":\"2h\",\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"system.auth.ssh.event\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"legendPosition\":\"right\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"times\":[]},\"title\":\"SSH login attempts\",\"type\":\"histogram\"}" + }, + "id": "78b74f30-f9cd-11e6-8115-a7c18106d86a", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"system.auth.ssh.event:Failed OR system.auth.ssh.event:Invalid\",\"analyze_wildcard\":true}}}" + }, + "title": "SSH users of failed login attempts", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"SSH users of failed login attempts\",\"type\":\"tagcloud\",\"params\":{\"maxFontSize\":72,\"minFontSize\":18,\"orientation\":\"single\",\"scale\":\"linear\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"system.auth.user\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "341ffe70-f9ce-11e6-8115-a7c18106d86a", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"system.auth.ssh.event:Failed OR system.auth.ssh.event:Invalid\",\"analyze_wildcard\":true}}}" + }, + "title": "SSH failed login attempts source locations", + "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[17.602139123350838,69.697265625]}", + "version": 1, + "visState": "{\"title\":\"SSH failed login attempts source locations\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[15,5],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"system.auth.ssh.geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}" + }, + "id": "3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "system.auth.ssh.event", + "system.auth.ssh.method", + "system.auth.user", + "system.auth.ssh.ip", + "system.auth.ssh.geoip.country_iso_code" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"_exists_:system.auth.ssh.event\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "SSH login attempts", + "version": 1 + }, + "id": "62439dc0-f9c9-11e6-a747-6121780e0414", + "type": "search", + "version": 1 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"d16bb400-f9cc-11e6-8115-a7c18106d86a\",\"panelIndex\":1,\"row\":4,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"78b74f30-f9cd-11e6-8115-a7c18106d86a\",\"panelIndex\":2,\"row\":1,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"341ffe70-f9ce-11e6-8115-a7c18106d86a\",\"panelIndex\":3,\"row\":7,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":7,\"id\":\"3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d\",\"panelIndex\":4,\"row\":7,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":3,\"panelIndex\":5,\"type\":\"search\",\"id\":\"62439dc0-f9c9-11e6-a747-6121780e0414\",\"col\":1,\"row\":11,\"columns\":[\"system.auth.ssh.event\",\"system.auth.ssh.method\",\"system.auth.user\",\"system.auth.ssh.ip\",\"system.auth.ssh.geoip.country_iso_code\"],\"sort\":[\"@timestamp\",\"desc\"]}]", + "timeRestore": false, + "title": "Filebeat SSH login attempts", + "uiStateJSON": "{\"P-4\":{\"mapCenter\":[39.774769485295465,23.203125],\"mapZoom\":3}}", + "version": 1 + }, + "id": "5517a150-f9ce-11e6-8115-a7c18106d86a", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/default/dashboard/Filebeat-syslog.json b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/default/dashboard/Filebeat-syslog.json new file mode 100644 index 00000000..6562d08a --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/_meta/kibana/default/dashboard/Filebeat-syslog.json @@ -0,0 +1,78 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Syslog-system-logs", + "title": "Syslog events by hostname", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Syslog events by hostname\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"system.syslog.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Syslog-events-by-hostname", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Syslog-system-logs", + "title": "Syslog hostnames and processes", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Syslog hostnames and processes\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"system.syslog.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"system.syslog.program\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Syslog-hostnames-and-processes", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "system.syslog.hostname", + "system.syslog.program", + "system.syslog.message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"filebeat-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"_exists_:system.syslog\",\"analyze_wildcard\":true}},\"highlightAll\":true}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Syslog system logs", + "version": 1 + }, + "id": "Syslog-system-logs", + "type": "search", + "version": 3 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"id\":\"Syslog-events-by-hostname\",\"type\":\"visualization\",\"panelIndex\":1,\"size_x\":8,\"size_y\":4,\"col\":1,\"row\":1},{\"id\":\"Syslog-hostnames-and-processes\",\"type\":\"visualization\",\"panelIndex\":2,\"size_x\":4,\"size_y\":4,\"col\":9,\"row\":1},{\"id\":\"Syslog-system-logs\",\"type\":\"search\",\"panelIndex\":3,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":5,\"columns\":[\"system.syslog.hostname\",\"system.syslog.program\",\"system.syslog.message\"],\"sort\":[\"@timestamp\",\"desc\"]}]", + "timeRestore": false, + "title": "Filebeat syslog dashboard", + "uiStateJSON": "{}", + "version": 1 + }, + "id": "Filebeat-syslog-dashboard", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/auth/_meta/fields.yml b/vendor/github.com/elastic/beats/filebeat/module/system/auth/_meta/fields.yml new file mode 100644 index 00000000..bf43509a --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/auth/_meta/fields.yml @@ -0,0 +1,139 @@ +- name: auth + type: group + description: > + Fields from the Linux authorization logs. + fields: + - name: timestamp + description: > + The timestamp as read from the auth message. + - name: hostname + description: > + The hostname as read from the auth message. + - name: program + description: > + The process name as read from the auth message. + - name: pid + type: long + description: > + The PID of the process that sent the auth message. + - name: message + description: > + The message in the log line. + - name: user + description: > + The Unix user that this event refers to. + + - name: ssh + type: group + description: > + Fields specific to SSH login events. + fields: + - name: event + description: > + The SSH login event. Can be one of "Accepted", "Failed", or "Invalid". "Accepted" + means a successful login. "Invalid" means that the user is not configured on the + system. "Failed" means that the SSH login attempt has failed. + - name: method + description: > + The SSH authentication method. Can be one of "password" or "publickey". + - name: ip + type: ip + description: > + The client IP from where the login attempt was made. + - name: dropped_ip + type: ip + description: > + The client IP from SSH connections that are open and immediately dropped. + - name: port + type: long + description: > + The client port from where the login attempt was made. + - name: signature + description: > + The signature of the client public key. + - name: geoip + type: group + description: > + Contains GeoIP information gathered based on the `system.auth.ip` field. + Only present if the GeoIP Elasticsearch plugin is available and + used. + fields: + - name: continent_name + type: keyword + description: > + The name of the continent. + - name: city_name + type: keyword + description: > + The name of the city. + - name: region_name + type: keyword + description: > + The name of the region. + - name: country_iso_code + type: keyword + description: > + Country ISO code. + - name: location + type: geo_point + description: > + The longitude and latitude. + + - name: sudo + type: group + description: > + Fields specific to events created by the `sudo` command. + fields: + - name: error + example: user NOT in sudoers + description: > + The error message in case the sudo command failed. + - name: tty + description: > + The TTY where the sudo command is executed. + - name: pwd + description: > + The current directory where the sudo command is executed. + - name: user + example: root + description: > + The target user to which the sudo command is switching. + - name: command + description: > + The command executed via sudo. + + - name: useradd + type: group + description: > + Fields specific to events created by the `useradd` command. + fields: + - name: name + description: > + The user name being added. + - name: uid + type: long + description: + The user ID. + - name: gid + type: long + description: + The group ID. + - name: home + description: + The home folder for the new user. + - name: shell + description: + The default shell for the new user. + + - name: groupadd + type: group + description: > + Fields specific to events created by the `groupadd` command. + fields: + - name: name + description: > + The name of the new group. + - name: gid + type: long + description: > + The ID of the new group. diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/auth/config/auth.yml b/vendor/github.com/elastic/beats/filebeat/module/system/auth/config/auth.yml new file mode 100644 index 00000000..1af7dee5 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/auth/config/auth.yml @@ -0,0 +1,9 @@ +input_type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +multiline: + pattern: "^\\s" + match: after diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/auth/ingest/pipeline.json b/vendor/github.com/elastic/beats/filebeat/module/system/auth/ingest/pipeline.json new file mode 100644 index 00000000..94f23952 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/auth/ingest/pipeline.json @@ -0,0 +1,52 @@ +{ + "description": "Pipeline for parsing system authorisation/secure logs", + "processors": [ + { + "grok": { + "field": "message", + "ignore_missing": true, + "pattern_definitions" : { + "GREEDYMULTILINE" : "(.|\n)*" + }, + "patterns": [ + "%{SYSLOGTIMESTAMP:system.auth.timestamp} %{SYSLOGHOST:system.auth.hostname} sshd(?:\\[%{POSINT:system.auth.pid}\\])?: %{DATA:system.auth.ssh.event} %{DATA:system.auth.ssh.method} for (invalid user )?%{DATA:system.auth.user} from %{IPORHOST:system.auth.ssh.ip} port %{NUMBER:system.auth.ssh.port} ssh2(: %{GREEDYDATA:system.auth.ssh.signature})?", + "%{SYSLOGTIMESTAMP:system.auth.timestamp} %{SYSLOGHOST:system.auth.hostname} sshd(?:\\[%{POSINT:system.auth.pid}\\])?: %{DATA:system.auth.ssh.event} user %{DATA:system.auth.user} from %{IPORHOST:system.auth.ssh.ip}", + "%{SYSLOGTIMESTAMP:system.auth.timestamp} %{SYSLOGHOST:system.auth.hostname} sshd(?:\\[%{POSINT:system.auth.pid}\\])?: Did not receive identification string from %{IPORHOST:system.auth.ssh.dropped_ip}", + "%{SYSLOGTIMESTAMP:system.auth.timestamp} %{SYSLOGHOST:system.auth.hostname} sudo(?:\\[%{POSINT:system.auth.pid}\\])?: \\s*%{DATA:system.auth.user} :( %{DATA:system.auth.sudo.error} ;)? TTY=%{DATA:system.auth.sudo.tty} ; PWD=%{DATA:system.auth.sudo.pwd} ; USER=%{DATA:system.auth.sudo.user} ; COMMAND=%{GREEDYDATA:system.auth.sudo.command}", + "%{SYSLOGTIMESTAMP:system.auth.timestamp} %{SYSLOGHOST:system.auth.hostname} groupadd(?:\\[%{POSINT:system.auth.pid}\\])?: new group: name=%{DATA:system.auth.groupadd.name}, GID=%{NUMBER:system.auth.groupadd.gid}", + "%{SYSLOGTIMESTAMP:system.auth.timestamp} %{SYSLOGHOST:system.auth.hostname} useradd(?:\\[%{POSINT:system.auth.pid}\\])?: new user: name=%{DATA:system.auth.useradd.name}, UID=%{NUMBER:system.auth.useradd.uid}, GID=%{NUMBER:system.auth.useradd.gid}, home=%{DATA:system.auth.useradd.home}, shell=%{DATA:system.auth.useradd.shell}$", + "%{SYSLOGTIMESTAMP:system.auth.timestamp} %{SYSLOGHOST:system.auth.hostname}? %{DATA:system.auth.program}(?:\\[%{POSINT:system.auth.pid}\\])?: %{GREEDYMULTILINE:system.auth.message}" + ] + } + }, + { + "remove": { + "field": "message" + } + }, + { + "date": { + "field": "system.auth.timestamp", + "target_field": "@timestamp", + "formats": [ + "MMM d HH:mm:ss", + "MMM dd HH:mm:ss" + ], + "ignore_failure": true + } + }, + { + "geoip": { + "field": "system.auth.ssh.ip", + "target_field": "system.auth.ssh.geoip", + "ignore_failure": true + } + } + ], + "on_failure" : [{ + "set" : { + "field" : "error", + "value" : "{{ _ingest.on_failure_message }}" + } + }] +} diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/auth/manifest.yml b/vendor/github.com/elastic/beats/filebeat/module/system/auth/manifest.yml new file mode 100644 index 00000000..bb391be0 --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/auth/manifest.yml @@ -0,0 +1,15 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/auth.log* + - /var/log/secure* + os.darwin: + # this works in OS X < 10.8. Newer darwin versions don't write + # ssh logs to files + - /var/log/secure.log* + os.windows: [] + +ingest_pipeline: ingest/pipeline.json +prospector: config/auth.yml diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/auth/test/auth-ubuntu1204.log b/vendor/github.com/elastic/beats/filebeat/module/system/auth/test/auth-ubuntu1204.log new file mode 100644 index 00000000..ad36017c --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/auth/test/auth-ubuntu1204.log @@ -0,0 +1,1000 @@ +Feb 9 21:19:40 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:19:40 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-lhspyyxxlfzpytwsebjoegenjxyjombo; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675177.72-26828938879074/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675177.72-26828938879074/ >/dev/null 2>&1 +Feb 9 21:19:40 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:19:41 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:19:41 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:19:48 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-xspkubktopzqiwiofvdhqaglconkrgwp; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675181.24-158548606882799/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675181.24-158548606882799/ >/dev/null 2>&1 +Feb 9 21:19:48 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:19:53 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:20:02 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:20:03 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-vxcrqvczsrjrrsjcokculalhrgfsxqzl; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675202.4-199750250589919/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675202.4-199750250589919/ >/dev/null 2>&1 +Feb 9 21:20:03 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:20:03 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:20:03 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:20:03 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-gruorqbeefuuhfprfoqzsftalatgwwvf; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675203.3-59927285912173/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675203.3-59927285912173/ >/dev/null 2>&1 +Feb 9 21:20:03 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:20:03 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:20:05 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:20:05 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-fnthqelgspkbnpnxlsknzcbyxbqqxpmt; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675204.07-135388534337396/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675204.07-135388534337396/ >/dev/null 2>&1 +Feb 9 21:20:05 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:20:05 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:20:06 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:20:08 sshd[8317]: last message repeated 2 times +Feb 9 21:20:08 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-wagdvfiuqxtryvmyrqlfcwoxeqqrxejt; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675206.28-198308747142204/async_wrapper 321853834469 45 /home/vagrant/.ansible/tmp/ansible-tmp-1486675206.28-198308747142204/command /home/vagrant/.ansible/tmp/ansible-tmp-1486675206.28-198308747142204/arguments; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675206.28-198308747142204/ >/dev/null 2>&1 +Feb 9 21:20:08 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:20:09 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:20:12 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:20:12 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-lkgydmrwiywdfvxfoxmgntufiumtzpmq; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675212.66-81790186240643/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675212.66-81790186240643/ >/dev/null 2>&1 +Feb 9 21:20:12 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:20:13 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:20:19 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:20:19 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-mjsapklbglujaoktlsyytirwygexdily; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675218.96-234174787135180/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675218.96-234174787135180/ >/dev/null 2>&1 +Feb 9 21:20:19 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:20:19 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:20:19 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:20:19 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-kvmafqtdnnvnyfyqlnoovickcavkqwdy; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675219.83-99205535237718/setup; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675219.83-99205535237718/ >/dev/null 2>&1 +Feb 9 21:20:19 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:20:20 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:20:24 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:20:24 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-nhrnwbdpypmsmvcstuihfqfbcvpxrmys; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675224.58-12467498973476/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675224.58-12467498973476/ >/dev/null 2>&1 +Feb 9 21:20:24 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:20:25 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:20:28 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:20:28 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-buzartmsbrirxgcoibjpsqjkldihhexh; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675228.25-195852789001210/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675228.25-195852789001210/ >/dev/null 2>&1 +Feb 9 21:20:28 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:20:31 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:20:47 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:20:47 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-swwkpvmnxhcuduxerfbgclhsmgbhwzie; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675247.78-128146395950020/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675247.78-128146395950020/ >/dev/null 2>&1 +Feb 9 21:20:47 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:20:48 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:20:50 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:20:50 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-raffykohamlcbnpxzipksbvfpjbfpagy; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675250.82-190689706060358/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675250.82-190689706060358/ >/dev/null 2>&1 +Feb 9 21:20:50 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:20:51 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:20:51 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:20:51 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-dfoxiractbmtavfiwfnhzfkftipjumph; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675251.6-137767038423665/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675251.6-137767038423665/ >/dev/null 2>&1 +Feb 9 21:20:51 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:20:53 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:21:01 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:21:01 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-jveaoynmhsmeodakzfhhaodihyroxobu; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675261.29-208287411335817/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675261.29-208287411335817/ >/dev/null 2>&1 +Feb 9 21:21:01 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:21:01 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:21:02 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-lwzhcvorajmjyxsrqydafzapoeescwaf; rc=flag; [ -r /etc/metricbeat/metricbeat.yml ] || rc=2; [ -f /etc/metricbeat/metricbeat.yml ] || rc=1; [ -d /etc/metricbeat/metricbeat.yml ] && rc=3; python -V 2>/dev/null || rc=4; [ x"$rc" != "xflag" ] && echo "${rc} "/etc/metricbeat/metricbeat.yml && exit 0; (python -c 'import hashlib; BLOCKSIZE = 65536; hasher = hashlib.sha1();#012afile = open("'/etc/metricbeat/metricbeat.yml'", "rb")#012buf = afile.read(BLOCKSIZE)#012while len(buf) > 0:#012#011hasher.update(buf)#012#011buf = afile.read(BLOCKSIZE)#012afile.close()#012print(hasher.hexdigest())' 2>/dev/null) || (python -c 'import sha; BLOCKSIZE = 65536; hasher = sha.sha();#012afile = open("'/etc/metricbeat/metricbeat.yml'", "rb")#012buf = afile.read(BLOCKSIZE)#012while len(buf) > 0:#012#011hasher.update(buf)#012#011buf = afile.read(BLOCKSIZE)#012afile.close()#012print(hasher.hexdigest())' 2>/dev/null) || (echo '0 +Feb 9 21:21:02 precise32 sudo: vagrant : (command continued) '/etc/metricbeat/metricbeat.yml) +Feb 9 21:21:02 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:21:02 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:21:02 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:21:02 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:21:02 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-yesyhegdrhiolusidthffdemrxphqdfm; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675262.15-83340738940485/copy; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675262.15-83340738940485/ >/dev/null 2>&1 +Feb 9 21:21:02 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:21:02 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:21:03 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:21:03 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-vqbyiylfjufyxlwvxcwusklrtmiekpia; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675263.16-15325827909434/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675263.16-15325827909434/ >/dev/null 2>&1 +Feb 9 21:21:03 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:21:03 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:21:04 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:21:05 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-osrbplljwskuafamtjuanhwfxqdxmfbj; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675264.47-179299683847940/wait_for; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675264.47-179299683847940/ >/dev/null 2>&1 +Feb 9 21:21:05 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:21:05 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:21:05 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:21:05 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-xqypdfdxashhaekghbfnpdlcgsmfarmy; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675265.39-273766954542007/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675265.39-273766954542007/ >/dev/null 2>&1 +Feb 9 21:21:05 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:21:05 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:21:06 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:21:06 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-ktkmpxhjivossxngupfgrqfobhopruzp; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675266.58-47565152594552/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675266.58-47565152594552/ >/dev/null 2>&1 +Feb 9 21:21:06 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:21:08 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:21:15 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:21:15 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-erpqyqrmifxazcclvbqytjwxgdplhtpy; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675275.74-155140815824587/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675275.74-155140815824587/ >/dev/null 2>&1 +Feb 9 21:21:15 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:21:15 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:21:16 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:21:16 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-cfqjebskszjdqpksprlbjpbttastwzyp; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675276.62-248748589735433/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675276.62-248748589735433/ >/dev/null 2>&1 +Feb 9 21:21:16 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:21:17 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:21:20 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:21:30 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-oxbowrzvfhsebemuiblilqwvdxvnwztv; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675280.28-272460786101534/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675280.28-272460786101534/ >/dev/null 2>&1 +Feb 9 21:21:30 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:21:33 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:21:42 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:21:42 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-ohlhhhazvtawqawluadjlxglowwenmyc; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675302.51-201837201796085/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675302.51-201837201796085/ >/dev/null 2>&1 +Feb 9 21:21:42 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:21:42 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:21:43 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:21:43 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-fxkkbzmbdrxgbhejuievvukihnyxxqru; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675303.65-64589423443234/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675303.65-64589423443234/ >/dev/null 2>&1 +Feb 9 21:21:43 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:21:43 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:21:46 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:21:46 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-teszjmcjmewxckcimdrpzexuffcbqxao; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675304.47-137831346757512/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675304.47-137831346757512/ >/dev/null 2>&1 +Feb 9 21:21:46 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:21:46 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:21:46 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:21:47 sshd[8317]: last message repeated 2 times +Feb 9 21:21:47 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-pcgidnbwkzuhorearmbjkeyqhxbtoryr; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675306.84-180653352879797/async_wrapper 40788874474 45 /home/vagrant/.ansible/tmp/ansible-tmp-1486675306.84-180653352879797/command /home/vagrant/.ansible/tmp/ansible-tmp-1486675306.84-180653352879797/arguments; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675306.84-180653352879797/ >/dev/null 2>&1 +Feb 9 21:21:47 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:21:48 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:21:52 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:21:52 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-uiafyjflnjoezymltalnhkurjonjaxsb; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675312.77-162101214367573/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675312.77-162101214367573/ >/dev/null 2>&1 +Feb 9 21:21:52 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:21:53 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:21:58 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:21:59 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-awdbaonvfappmyhngzuxzbnrgrvmxxmq; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675318.92-83212533004754/wait_for; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675318.92-83212533004754/ >/dev/null 2>&1 +Feb 9 21:21:59 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:21:59 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:22:00 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:22:00 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-epglqzpqtvukjkntkhcypzqakykknrhq; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675319.97-182898557012273/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675319.97-182898557012273/ >/dev/null 2>&1 +Feb 9 21:22:00 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:22:00 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:22:01 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:22:01 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-adsulhhhqeihfgdctumfajchfpykjanw; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675320.85-143796414377457/setup; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675320.85-143796414377457/ >/dev/null 2>&1 +Feb 9 21:22:01 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:22:02 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:22:06 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:22:07 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-ikwqsmlxlzbtrcfoklcfexlshzphvbqf; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675326.05-203247712855500/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675326.05-203247712855500/ >/dev/null 2>&1 +Feb 9 21:22:07 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:22:07 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:22:09 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:22:09 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-xhyimrwqolspqnrwuvixgrnmbeceaozk; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675329.7-68540523481235/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675329.7-68540523481235/ >/dev/null 2>&1 +Feb 9 21:22:09 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:22:13 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:22:29 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:22:29 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-dlbnvyqsiivzagpchvvbtwvxmwqxphun; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675349.52-51181422479289/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675349.52-51181422479289/ >/dev/null 2>&1 +Feb 9 21:22:29 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:22:29 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:22:32 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:22:32 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-mpdyxmjmnedlqsbagcvkhcqtilemaxnj; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675352.75-31376555221975/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675352.75-31376555221975/ >/dev/null 2>&1 +Feb 9 21:22:32 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:22:33 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:22:33 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:22:34 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-fjfnzqcwaxwyrarfaquhblztpezkynfm; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675353.58-232202092763250/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675353.58-232202092763250/ >/dev/null 2>&1 +Feb 9 21:22:34 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:22:36 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:22:43 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:22:43 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-hjkoqjulpizhatgojelxjvwmqmeqebpo; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675362.92-74451552200205/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675362.92-74451552200205/ >/dev/null 2>&1 +Feb 9 21:22:43 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:22:43 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:22:44 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-qlixydmzekacecpiurdomusznjsqtvvp; rc=flag; [ -r /etc/heartbeat/heartbeat.yml ] || rc=2; [ -f /etc/heartbeat/heartbeat.yml ] || rc=1; [ -d /etc/heartbeat/heartbeat.yml ] && rc=3; python -V 2>/dev/null || rc=4; [ x"$rc" != "xflag" ] && echo "${rc} "/etc/heartbeat/heartbeat.yml && exit 0; (python -c 'import hashlib; BLOCKSIZE = 65536; hasher = hashlib.sha1();#012afile = open("'/etc/heartbeat/heartbeat.yml'", "rb")#012buf = afile.read(BLOCKSIZE)#012while len(buf) > 0:#012#011hasher.update(buf)#012#011buf = afile.read(BLOCKSIZE)#012afile.close()#012print(hasher.hexdigest())' 2>/dev/null) || (python -c 'import sha; BLOCKSIZE = 65536; hasher = sha.sha();#012afile = open("'/etc/heartbeat/heartbeat.yml'", "rb")#012buf = afile.read(BLOCKSIZE)#012while len(buf) > 0:#012#011hasher.update(buf)#012#011buf = afile.read(BLOCKSIZE)#012afile.close()#012print(hasher.hexdigest())' 2>/dev/null) || (echo '0 +Feb 9 21:22:44 precise32 sudo: vagrant : (command continued) '/etc/heartbeat/heartbeat.yml) +Feb 9 21:22:44 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:22:44 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:22:44 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:22:44 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:22:44 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-ajqomrxbnhudtprtcsrbntwrkcjeibxi; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675364.45-217362589658234/copy; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675364.45-217362589658234/ >/dev/null 2>&1 +Feb 9 21:22:44 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:22:44 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:22:45 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:22:45 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-acvwapcldjqoeakolbpynaqpoldxbjxn; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675365.11-82479565966466/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675365.11-82479565966466/ >/dev/null 2>&1 +Feb 9 21:22:45 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:22:45 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:22:46 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:22:46 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-ovavtenadmsuwjadjpdzgnzkzcrdtcrl; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675366.39-91454860430660/wait_for; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675366.39-91454860430660/ >/dev/null 2>&1 +Feb 9 21:22:46 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:22:47 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:22:48 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:22:48 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-lcouezrlyawlsxyxqtteptekjflkxgvl; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675368.21-115041673323332/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675368.21-115041673323332/ >/dev/null 2>&1 +Feb 9 21:22:48 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:22:48 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:22:49 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:22:51 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-dlvojyckxrrunoxvzdtrrjnasqwvhrir; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675369.58-23315001061866/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675369.58-23315001061866/ >/dev/null 2>&1 +Feb 9 21:22:51 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:22:52 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:22:58 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:22:58 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-yiotgcbibvnhentlusjejfibawiojokv; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675378.05-28330678876735/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675378.05-28330678876735/ >/dev/null 2>&1 +Feb 9 21:22:58 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:22:58 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:22:59 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:22:59 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-cujnxfaprouklabmdpyojwiswgtknxyr; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675379.11-115543127564480/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675379.11-115543127564480/ >/dev/null 2>&1 +Feb 9 21:22:59 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:22:59 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:23:02 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:23:02 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-lbfdybsgwoexbttukdvmqdqeihvyivds; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675382.79-175899445627464/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675382.79-175899445627464/ >/dev/null 2>&1 +Feb 9 21:23:02 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:23:06 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:23:22 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:23:22 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-htlyhfgwucqsaucceyrodskdpmmkdste; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675401.72-28086953836565/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675401.72-28086953836565/ >/dev/null 2>&1 +Feb 9 21:23:22 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:23:22 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:23:22 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:23:22 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-dcfnygpdavffrbrogmsybfxkhccsnqqw; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675402.55-52286886998725/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675402.55-52286886998725/ >/dev/null 2>&1 +Feb 9 21:23:22 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:23:22 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:23:23 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:23:23 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-ggpdimpxsyacqevtqfkprmzbmlzzrkan; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675403.27-231673287482858/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675403.27-231673287482858/ >/dev/null 2>&1 +Feb 9 21:23:23 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:23:23 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:23:25 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:23:25 sshd[8317]: last message repeated 2 times +Feb 9 21:23:25 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-fumdsdwhnsyqdpxdtlguuplqfqgcsayx; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675405.35-15951944312742/async_wrapper 669982207445 45 /home/vagrant/.ansible/tmp/ansible-tmp-1486675405.35-15951944312742/command /home/vagrant/.ansible/tmp/ansible-tmp-1486675405.35-15951944312742/arguments; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675405.35-15951944312742/ >/dev/null 2>&1 +Feb 9 21:23:25 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:23:26 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:23:31 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:23:34 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-jiaetvfxpwjlomrcorahxgplhvzrubfa; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675411.21-151981974783794/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675411.21-151981974783794/ >/dev/null 2>&1 +Feb 9 21:23:34 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:23:35 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:23:37 precise32 sshd[8317]: subsystem request for sftp by user vagrant +Feb 9 21:23:37 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-mguewlrhhlvqjpdmsutqaqmchdrsuidz; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486675417.39-200931953942031/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1486675417.39-200931953942031/ >/dev/null 2>&1 +Feb 9 21:23:37 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 9 21:23:37 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 9 21:24:37 precise32 sshd[8317]: Received disconnect from 10.0.2.2: 11: disconnected by user +Feb 9 21:24:37 precise32 sshd[8302]: pam_unix(sshd:session): session closed for user vagrant +Feb 9 22:17:01 precise32 CRON[9966]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 9 22:17:01 precise32 CRON[9966]: pam_unix(cron:session): session closed for user root +Feb 9 23:17:01 precise32 CRON[9979]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 9 23:17:01 precise32 CRON[9979]: pam_unix(cron:session): session closed for user root +Feb 10 08:29:29 precise32 sshd[9987]: Accepted publickey for vagrant from 10.0.2.2 port 52776 ssh2 +Feb 10 08:29:29 precise32 sshd[9987]: pam_unix(sshd:session): session opened for user vagrant by (uid=0) +Feb 10 08:29:40 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/vi /etc/apt/sources.list +Feb 10 08:29:40 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 10 08:29:43 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 10 08:29:56 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/vi /etc/apt/sources.list.d/elastic +Feb 10 08:29:56 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 10 08:30:07 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 10 08:30:11 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/apt-get update +Feb 10 08:30:11 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 10 08:30:18 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 10 08:30:40 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/mv /etc/apt/sources.list.d/elastic /etc/apt/sources.list.d/elastic.list +Feb 10 08:30:40 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 10 08:30:40 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 10 08:30:41 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/apt-get update +Feb 10 08:30:41 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 10 08:30:52 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 10 08:31:03 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/apt-get install filebeat +Feb 10 08:31:03 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 10 08:31:19 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 10 08:31:43 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/apt-get install filebeat=5.2.0 +Feb 10 08:31:43 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 10 08:31:43 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 10 08:31:51 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/apt-get install metricbeat=5.2.0 +Feb 10 08:31:51 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 10 08:31:51 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 10 08:37:00 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/apt-get install metricbeat +Feb 10 08:37:00 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 10 08:37:08 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 10 08:37:09 precise32 sshd[10002]: Received disconnect from 10.0.2.2: 11: disconnected by user +Feb 10 08:37:09 precise32 sshd[9987]: pam_unix(sshd:session): session closed for user vagrant +Feb 10 09:17:01 precise32 CRON[10439]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 10 09:17:01 precise32 CRON[10439]: pam_unix(cron:session): session closed for user root +Feb 10 10:17:01 precise32 CRON[10454]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 10 10:17:01 precise32 CRON[10454]: pam_unix(cron:session): session closed for user root +Feb 10 11:17:01 precise32 CRON[10469]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 10 11:17:01 precise32 CRON[10469]: pam_unix(cron:session): session closed for user root +Feb 10 12:17:01 precise32 CRON[10488]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 10 12:17:01 precise32 CRON[10488]: pam_unix(cron:session): session closed for user root +Feb 10 13:17:01 precise32 CRON[10503]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 10 13:17:01 precise32 CRON[10503]: pam_unix(cron:session): session closed for user root +Feb 10 14:17:01 precise32 CRON[10537]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 10 14:17:01 precise32 CRON[10537]: pam_unix(cron:session): session closed for user root +Feb 10 17:17:01 precise32 CRON[10553]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 10 17:17:01 precise32 CRON[10553]: pam_unix(cron:session): session closed for user root +Feb 10 18:17:01 precise32 CRON[10570]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 10 18:17:01 precise32 CRON[10570]: pam_unix(cron:session): session closed for user root +Feb 10 19:17:01 precise32 CRON[10588]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 10 19:17:01 precise32 CRON[10588]: pam_unix(cron:session): session closed for user root +Feb 10 20:17:01 precise32 CRON[10606]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 10 20:17:01 precise32 CRON[10606]: pam_unix(cron:session): session closed for user root +Feb 10 21:17:01 precise32 CRON[10623]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 10 21:17:01 precise32 CRON[10623]: pam_unix(cron:session): session closed for user root +Feb 11 09:17:01 precise32 CRON[10641]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 11 09:17:01 precise32 CRON[10641]: pam_unix(cron:session): session closed for user root +Feb 11 10:17:01 precise32 CRON[10658]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 11 10:17:01 precise32 CRON[10658]: pam_unix(cron:session): session closed for user root +Feb 11 11:17:01 precise32 CRON[10673]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 11 11:17:01 precise32 CRON[10673]: pam_unix(cron:session): session closed for user root +Feb 11 12:17:01 precise32 CRON[10693]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 11 12:17:01 precise32 CRON[10693]: pam_unix(cron:session): session closed for user root +Feb 11 13:17:01 precise32 CRON[10711]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 11 13:17:01 precise32 CRON[10711]: pam_unix(cron:session): session closed for user root +Feb 11 14:17:01 precise32 CRON[10807]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 11 14:17:01 precise32 CRON[10807]: pam_unix(cron:session): session closed for user root +Feb 11 15:17:01 precise32 CRON[10825]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 11 15:17:01 precise32 CRON[10825]: pam_unix(cron:session): session closed for user root +Feb 11 16:17:01 precise32 CRON[10841]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 11 16:17:01 precise32 CRON[10841]: pam_unix(cron:session): session closed for user root +Feb 11 17:17:01 precise32 CRON[10858]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 11 17:17:01 precise32 CRON[10858]: pam_unix(cron:session): session closed for user root +Feb 11 18:17:01 precise32 CRON[10875]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 11 18:17:01 precise32 CRON[10875]: pam_unix(cron:session): session closed for user root +Feb 11 19:17:01 precise32 CRON[10893]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 11 19:17:01 precise32 CRON[10893]: pam_unix(cron:session): session closed for user root +Feb 11 20:17:01 precise32 CRON[10909]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 11 20:17:01 precise32 CRON[10909]: pam_unix(cron:session): session closed for user root +Feb 11 21:17:01 precise32 CRON[10923]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 11 21:17:01 precise32 CRON[10923]: pam_unix(cron:session): session closed for user root +Feb 11 22:17:01 precise32 CRON[10941]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 11 22:17:01 precise32 CRON[10941]: pam_unix(cron:session): session closed for user root +Feb 12 16:17:01 precise32 CRON[10952]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 12 16:17:01 precise32 CRON[10952]: pam_unix(cron:session): session closed for user root +Feb 12 17:17:01 precise32 CRON[10971]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 12 17:17:01 precise32 CRON[10971]: pam_unix(cron:session): session closed for user root +Feb 12 18:17:01 precise32 CRON[11064]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 12 18:17:01 precise32 CRON[11064]: pam_unix(cron:session): session closed for user root +Feb 12 19:17:01 precise32 CRON[11082]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 12 19:17:01 precise32 CRON[11082]: pam_unix(cron:session): session closed for user root +Feb 12 20:17:01 precise32 CRON[11101]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 12 20:17:01 precise32 CRON[11101]: pam_unix(cron:session): session closed for user root +Feb 12 21:17:01 precise32 CRON[11118]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 12 21:17:01 precise32 CRON[11118]: pam_unix(cron:session): session closed for user root +Feb 12 22:17:01 precise32 CRON[11137]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 12 22:17:01 precise32 CRON[11137]: pam_unix(cron:session): session closed for user root +Feb 13 08:17:01 precise32 CRON[11153]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 13 08:17:01 precise32 CRON[11153]: pam_unix(cron:session): session closed for user root +Feb 13 09:17:01 precise32 CRON[11170]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 13 09:17:01 precise32 CRON[11170]: pam_unix(cron:session): session closed for user root +Feb 13 10:17:01 precise32 CRON[11185]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 13 10:17:01 precise32 CRON[11185]: pam_unix(cron:session): session closed for user root +Feb 13 11:17:01 precise32 CRON[11199]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 13 11:17:01 precise32 CRON[11199]: pam_unix(cron:session): session closed for user root +Feb 13 12:17:01 precise32 CRON[11214]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 13 12:17:01 precise32 CRON[11214]: pam_unix(cron:session): session closed for user root +Feb 13 13:17:01 precise32 CRON[11228]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 13 13:17:01 precise32 CRON[11228]: pam_unix(cron:session): session closed for user root +Feb 13 14:17:01 precise32 CRON[11262]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 13 14:17:01 precise32 CRON[11262]: pam_unix(cron:session): session closed for user root +Feb 13 15:17:01 precise32 CRON[11276]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 13 15:17:01 precise32 CRON[11276]: pam_unix(cron:session): session closed for user root +Feb 13 16:17:01 precise32 CRON[11283]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 13 16:17:01 precise32 CRON[11283]: pam_unix(cron:session): session closed for user root +Feb 13 17:17:01 precise32 CRON[11295]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 13 17:17:01 precise32 CRON[11295]: pam_unix(cron:session): session closed for user root +Feb 13 18:17:01 precise32 CRON[11308]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 13 18:17:01 precise32 CRON[11308]: pam_unix(cron:session): session closed for user root +Feb 13 19:17:01 precise32 CRON[11326]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 13 19:17:01 precise32 CRON[11326]: pam_unix(cron:session): session closed for user root +Feb 13 20:17:01 precise32 CRON[11341]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 13 20:17:01 precise32 CRON[11341]: pam_unix(cron:session): session closed for user root +Feb 13 21:17:01 precise32 CRON[11359]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 13 21:17:01 precise32 CRON[11359]: pam_unix(cron:session): session closed for user root +Feb 13 22:17:01 precise32 CRON[11375]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 13 22:17:01 precise32 CRON[11375]: pam_unix(cron:session): session closed for user root +Feb 14 07:17:01 precise32 CRON[11385]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 14 07:17:01 precise32 CRON[11385]: pam_unix(cron:session): session closed for user root +Feb 14 08:17:01 precise32 CRON[11401]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 14 08:17:01 precise32 CRON[11401]: pam_unix(cron:session): session closed for user root +Feb 14 09:17:01 precise32 CRON[11417]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 14 09:17:01 precise32 CRON[11417]: pam_unix(cron:session): session closed for user root +Feb 14 10:17:01 precise32 CRON[11453]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 14 10:17:01 precise32 CRON[11453]: pam_unix(cron:session): session closed for user root +Feb 14 11:17:01 precise32 CRON[11466]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 14 11:17:01 precise32 CRON[11466]: pam_unix(cron:session): session closed for user root +Feb 14 12:17:01 precise32 CRON[11480]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 14 12:17:01 precise32 CRON[11480]: pam_unix(cron:session): session closed for user root +Feb 14 13:17:01 precise32 CRON[11495]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 14 13:17:01 precise32 CRON[11495]: pam_unix(cron:session): session closed for user root +Feb 14 14:17:01 precise32 CRON[11510]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 14 14:17:02 precise32 CRON[11510]: pam_unix(cron:session): session closed for user root +Feb 14 15:17:01 precise32 CRON[11527]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 14 15:17:01 precise32 CRON[11527]: pam_unix(cron:session): session closed for user root +Feb 14 16:17:01 precise32 CRON[11542]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 14 16:17:01 precise32 CRON[11542]: pam_unix(cron:session): session closed for user root +Feb 14 17:17:01 precise32 CRON[11558]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 14 17:17:01 precise32 CRON[11558]: pam_unix(cron:session): session closed for user root +Feb 14 18:17:01 precise32 CRON[11574]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 14 18:17:01 precise32 CRON[11574]: pam_unix(cron:session): session closed for user root +Feb 14 19:17:01 precise32 CRON[11586]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 14 19:17:01 precise32 CRON[11586]: pam_unix(cron:session): session closed for user root +Feb 15 09:17:01 precise32 CRON[11627]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 15 09:17:01 precise32 CRON[11627]: pam_unix(cron:session): session closed for user root +Feb 15 10:17:01 precise32 CRON[11639]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 15 10:17:01 precise32 CRON[11639]: pam_unix(cron:session): session closed for user root +Feb 15 11:17:01 precise32 CRON[11656]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 15 11:17:01 precise32 CRON[11656]: pam_unix(cron:session): session closed for user root +Feb 15 12:17:01 precise32 CRON[11671]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 15 12:17:01 precise32 CRON[11671]: pam_unix(cron:session): session closed for user root +Feb 15 13:17:01 precise32 CRON[11685]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 15 13:17:01 precise32 CRON[11685]: pam_unix(cron:session): session closed for user root +Feb 15 14:17:01 precise32 CRON[11700]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 15 14:17:01 precise32 CRON[11700]: pam_unix(cron:session): session closed for user root +Feb 15 15:17:01 precise32 CRON[11713]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 15 15:17:01 precise32 CRON[11713]: pam_unix(cron:session): session closed for user root +Feb 15 16:17:01 precise32 CRON[11728]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 15 16:17:01 precise32 CRON[11728]: pam_unix(cron:session): session closed for user root +Feb 15 17:17:01 precise32 CRON[11743]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 15 17:17:01 precise32 CRON[11743]: pam_unix(cron:session): session closed for user root +Feb 15 18:17:01 precise32 CRON[11784]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 15 18:17:01 precise32 CRON[11784]: pam_unix(cron:session): session closed for user root +Feb 15 19:17:01 precise32 CRON[11797]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 15 19:17:01 precise32 CRON[11797]: pam_unix(cron:session): session closed for user root +Feb 15 20:17:01 precise32 CRON[11838]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 15 20:17:01 precise32 CRON[11838]: pam_unix(cron:session): session closed for user root +Feb 16 06:04:36 precise32 sshd[11846]: Accepted publickey for vagrant from 10.0.2.2 port 57698 ssh2 +Feb 16 06:04:36 precise32 sshd[11846]: pam_unix(sshd:session): session opened for user vagrant by (uid=0) +Feb 16 06:04:36 precise32 sudo: vagrant : TTY=unknown ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/bash -l +Feb 16 06:04:36 precise32 sudo: pam_unix(sudo:session): session opened for user root by (uid=1000) +Feb 16 06:04:36 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 21 20:53:59 precise32 sshd[524]: Received signal 15; terminating. +Feb 21 20:53:59 precise32 sshd[786]: Server listening on 0.0.0.0 port 22. +Feb 21 20:53:59 precise32 sshd[786]: Server listening on :: port 22. +Feb 21 20:54:05 precise32 sshd[1049]: Accepted publickey for vagrant from 10.0.2.2 port 63645 ssh2 +Feb 21 20:54:05 precise32 sshd[1049]: pam_unix(sshd:session): session opened for user vagrant by (uid=0) +Feb 21 20:54:07 precise32 sudo: vagrant : TTY=unknown ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/bash -l +Feb 21 20:54:07 precise32 sudo: pam_unix(sudo:session): session opened for user root by (uid=1000) +Feb 21 20:54:07 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 21 20:54:07 precise32 sudo: vagrant : TTY=unknown ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/bash -l +Feb 21 20:54:07 precise32 sudo: pam_unix(sudo:session): session opened for user root by (uid=1000) +Feb 21 20:54:07 precise32 sshd[786]: Received signal 15; terminating. +Feb 21 20:54:07 precise32 sshd[1173]: Server listening on 0.0.0.0 port 22. +Feb 21 20:54:07 precise32 sshd[1173]: Server listening on :: port 22. +Feb 21 20:54:07 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 21 20:54:08 precise32 sudo: vagrant : TTY=unknown ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/bash -l +Feb 21 20:54:08 precise32 sudo: pam_unix(sudo:session): session opened for user root by (uid=1000) +Feb 21 20:54:08 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 21 20:54:08 precise32 sudo: vagrant : TTY=unknown ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/bash -l +Feb 21 20:54:08 precise32 sudo: pam_unix(sudo:session): session opened for user root by (uid=1000) +Feb 21 20:54:08 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 21 20:54:08 precise32 sudo: vagrant : TTY=unknown ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/bash -l +Feb 21 20:54:08 precise32 sudo: pam_unix(sudo:session): session opened for user root by (uid=1000) +Feb 21 20:54:08 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 21 20:54:08 precise32 sudo: vagrant : TTY=unknown ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/bash -l +Feb 21 20:54:08 precise32 sudo: pam_unix(sudo:session): session opened for user root by (uid=1000) +Feb 21 20:54:08 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 21 20:54:08 precise32 sshd[1049]: pam_unix(sshd:session): session closed for user vagrant +Feb 21 20:54:10 precise32 sshd[1235]: Did not receive identification string from 10.0.2.2 +Feb 21 21:17:01 precise32 CRON[1264]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 21 21:17:01 precise32 CRON[1264]: pam_unix(cron:session): session closed for user root +Feb 21 22:17:01 precise32 CRON[1278]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 21 22:17:01 precise32 CRON[1278]: pam_unix(cron:session): session closed for user root +Feb 22 09:17:01 precise32 CRON[1298]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 22 09:17:01 precise32 CRON[1298]: pam_unix(cron:session): session closed for user root +Feb 22 10:17:01 precise32 CRON[1313]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 22 10:17:01 precise32 CRON[1313]: pam_unix(cron:session): session closed for user root +Feb 22 10:17:35 precise32 sshd[1317]: Accepted publickey for vagrant from 10.0.2.2 port 50649 ssh2 +Feb 22 10:17:35 precise32 sshd[1317]: pam_unix(sshd:session): session opened for user vagrant by (uid=0) +Feb 22 10:17:36 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:17:36 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-xssosunoadzrupbslukboshizrdrioxa; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758643.54-191473960698523/setup; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758643.54-191473960698523/ >/dev/null 2>&1 +Feb 22 10:17:36 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:17:36 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:17:37 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:17:37 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-hxipbwbkxeioyitdwspukfecshzmmznq; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758657.4-158751358978750/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758657.4-158751358978750/ >/dev/null 2>&1 +Feb 22 10:17:37 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:17:38 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:17:57 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:17:57 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-emhyhjenolvqmuddzjsrvdrlshuozvbt; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758673.45-1328499317378/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758673.45-1328499317378/ >/dev/null 2>&1 +Feb 22 10:17:57 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:18:02 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:18:07 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:18:07 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-tnuospsrbdizfiuhbtlkwjlthrsmjllm; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758687.19-221944793882694/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758687.19-221944793882694/ >/dev/null 2>&1 +Feb 22 10:18:07 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:18:07 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:18:14 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:18:15 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-glkfubgvldbatmtdrtbyjplvhybyetdi; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758694.65-96114020740224/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758694.65-96114020740224/ >/dev/null 2>&1 +Feb 22 10:18:15 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:18:15 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:18:15 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:18:15 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-ijzrnnvvtrdgpaulzxwvpwlvokztvosi; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758695.82-89251362907242/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758695.82-89251362907242/ >/dev/null 2>&1 +Feb 22 10:18:15 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:18:17 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:18:37 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:18:37 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-pogpznvhgeqrtzlcudaddelhakmqzyvc; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758717.06-179621344002611/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758717.06-179621344002611/ >/dev/null 2>&1 +Feb 22 10:18:37 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:18:37 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:18:38 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-cgnuoyhpluwhkezwnsqvydawomlfskny; rc=flag; [ -r /etc/packetbeat/packetbeat.yml ] || rc=2; [ -f /etc/packetbeat/packetbeat.yml ] || rc=1; [ -d /etc/packetbeat/packetbeat.yml ] && rc=3; python -V 2>/dev/null || rc=4; [ x"$rc" != "xflag" ] && echo "${rc} "/etc/packetbeat/packetbeat.yml && exit 0; (python -c 'import hashlib; BLOCKSIZE = 65536; hasher = hashlib.sha1();#012afile = open("'/etc/packetbeat/packetbeat.yml'", "rb")#012buf = afile.read(BLOCKSIZE)#012while len(buf) > 0:#012#011hasher.update(buf)#012#011buf = afile.read(BLOCKSIZE)#012afile.close()#012print(hasher.hexdigest())' 2>/dev/null) || (python -c 'import sha; BLOCKSIZE = 65536; hasher = sha.sha();#012afile = open("'/etc/packetbeat/packetbeat.yml'", "rb")#012buf = afile.read(BLOCKSIZE)#012while len(buf) > 0:#012#011hasher.update(buf)#012#011buf = afile.read(BLOCKSIZE)#012afile.close()#012print(hasher.hexdigest())' 2>/dev/null) || (echo '0 +Feb 22 10:18:38 precise32 sudo: vagrant : (command continued) '/etc/packetbeat/packetbeat.yml) +Feb 22 10:18:38 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:18:38 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:18:38 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:18:38 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:18:38 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-vxlqeahufmmmbvyqklrzqgkjctmdkgus; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758717.91-56384930409930/copy; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758717.91-56384930409930/ >/dev/null 2>&1 +Feb 22 10:18:38 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:18:38 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:18:39 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:18:39 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-xakfsqpdonqkzaedehbsdzszbbyertxw; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758719.2-243819058722243/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758719.2-243819058722243/ >/dev/null 2>&1 +Feb 22 10:18:39 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:18:40 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:18:46 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:18:46 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-dytuqoopxigowdsexoxljahexcrgrusl; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758721.63-238019605938202/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758721.63-238019605938202/ >/dev/null 2>&1 +Feb 22 10:18:46 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:18:47 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:18:47 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:18:47 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-yyxjqzypwilthsoesuioieestjumujju; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758727.59-206889470588032/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758727.59-206889470588032/ >/dev/null 2>&1 +Feb 22 10:18:47 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:18:48 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:18:50 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:18:50 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-ntvmfwclgszgjkggyrefquijrpduwmgb; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758730.11-121092091456552/wait_for; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758730.11-121092091456552/ >/dev/null 2>&1 +Feb 22 10:18:50 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:18:50 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:18:51 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:18:51 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-ibplwyrudxqiewtnazajakyxfkkcptyq; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758731.03-34005853522249/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758731.03-34005853522249/ >/dev/null 2>&1 +Feb 22 10:18:51 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:18:52 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:18:55 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:18:55 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-dgeumohveckrnbwermrtgsjoarogauts; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758735.15-203882260553837/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758735.15-203882260553837/ >/dev/null 2>&1 +Feb 22 10:18:55 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:18:57 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:19:04 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:19:05 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-ojjhntgihxndnhavcctzukxgjofssmzd; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758744.84-77760196415518/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758744.84-77760196415518/ >/dev/null 2>&1 +Feb 22 10:19:05 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:19:05 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:19:05 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:19:05 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-pmqqiowsxeslareuueooxspvwjhjemfb; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758745.72-98459850115685/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758745.72-98459850115685/ >/dev/null 2>&1 +Feb 22 10:19:05 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:19:06 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:19:10 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:19:14 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-qwihjodhuysbsmpziijlzwshyltrzcyq; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758750.05-149759005698820/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758750.05-149759005698820/ >/dev/null 2>&1 +Feb 22 10:19:14 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:19:18 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:19:29 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:19:30 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-yvxsufrhkjpmpjrppduubympcvtrkvaj; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758769.71-145821006475810/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758769.71-145821006475810/ >/dev/null 2>&1 +Feb 22 10:19:30 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:19:30 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:19:30 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:19:31 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-aiqgiatpajrwljvsshlnkgevpbpsklww; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758770.86-179475170836781/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758770.86-179475170836781/ >/dev/null 2>&1 +Feb 22 10:19:31 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:19:31 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:19:33 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:19:33 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-pgdnhbifitnqwakjzgmcvkqmnzsrpfco; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758771.76-102255502158149/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758771.76-102255502158149/ >/dev/null 2>&1 +Feb 22 10:19:33 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:19:34 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:19:34 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:19:34 sshd[1332]: last message repeated 2 times +Feb 22 10:19:34 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-xgucwwayjxcvonkbqpgxmfyjenwzyeoe; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758774.27-3510546063127/async_wrapper 237258794263 45 /home/vagrant/.ansible/tmp/ansible-tmp-1487758774.27-3510546063127/command /home/vagrant/.ansible/tmp/ansible-tmp-1487758774.27-3510546063127/arguments; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758774.27-3510546063127/ >/dev/null 2>&1 +Feb 22 10:19:34 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:19:35 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:19:40 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:19:41 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-qaweqylanyknzgjbwefkqyrvqyqoxndl; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758780.79-49892349010220/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758780.79-49892349010220/ >/dev/null 2>&1 +Feb 22 10:19:41 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:19:42 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:19:47 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:19:48 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-khughpifzkpjcrntbljswmyirtsjrxvi; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758787.81-128455052873531/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758787.81-128455052873531/ >/dev/null 2>&1 +Feb 22 10:19:48 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:19:48 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:19:51 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:19:51 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-mzzvwtfwbwzduvdadylfesruqyisjvbn; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758790.9-209098267326353/wait_for; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758790.9-209098267326353/ >/dev/null 2>&1 +Feb 22 10:19:51 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:19:51 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:19:52 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:19:53 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-mrirjjotfyalxyssrfyxzwlvqgfsxwif; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758792.57-141403876569108/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758792.57-141403876569108/ >/dev/null 2>&1 +Feb 22 10:19:53 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:19:54 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:19:55 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:19:55 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-mgndoeogsbwbiiyommokxzrgcviyurzn; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758795.11-164059807202479/setup; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758795.11-164059807202479/ >/dev/null 2>&1 +Feb 22 10:19:55 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:19:56 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:20:01 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:20:02 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-nqcissdyplqbywhbdgliygpmcvsntqyr; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758801.05-59435378275017/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758801.05-59435378275017/ >/dev/null 2>&1 +Feb 22 10:20:02 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:20:03 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:20:12 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:20:16 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-chgutesiryamamuplkzptdzlruibkljn; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758805.06-177283137429784/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758805.06-177283137429784/ >/dev/null 2>&1 +Feb 22 10:20:16 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:20:24 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:20:28 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:20:28 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-xsijqxjrtjsvhsdapgoggsglqpduyjsl; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758828.17-30183388747526/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758828.17-30183388747526/ >/dev/null 2>&1 +Feb 22 10:20:28 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:20:28 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:20:33 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:20:33 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-heeyxwtdvgnuzqrqrjbklxakhrzdqivd; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758832.98-8399030937476/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758832.98-8399030937476/ >/dev/null 2>&1 +Feb 22 10:20:33 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:20:35 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:20:35 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:20:36 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-fjjvrhktdnfgkbduajrjfghkenlxixng; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758835.24-68380542949187/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758835.24-68380542949187/ >/dev/null 2>&1 +Feb 22 10:20:36 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:20:37 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:20:45 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:20:46 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-pekyfcnfxapysvffjjsmdqlzamplbxjl; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758845.87-75931053700416/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758845.87-75931053700416/ >/dev/null 2>&1 +Feb 22 10:20:46 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:20:46 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:20:46 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-jzemhvdzpkifymfzmttbqlyjwovpxren; rc=flag; [ -r /etc/filebeat/filebeat.yml ] || rc=2; [ -f /etc/filebeat/filebeat.yml ] || rc=1; [ -d /etc/filebeat/filebeat.yml ] && rc=3; python -V 2>/dev/null || rc=4; [ x"$rc" != "xflag" ] && echo "${rc} "/etc/filebeat/filebeat.yml && exit 0; (python -c 'import hashlib; BLOCKSIZE = 65536; hasher = hashlib.sha1();#012afile = open("'/etc/filebeat/filebeat.yml'", "rb")#012buf = afile.read(BLOCKSIZE)#012while len(buf) > 0:#012#011hasher.update(buf)#012#011buf = afile.read(BLOCKSIZE)#012afile.close()#012print(hasher.hexdigest())' 2>/dev/null) || (python -c 'import sha; BLOCKSIZE = 65536; hasher = sha.sha();#012afile = open("'/etc/filebeat/filebeat.yml'", "rb")#012buf = afile.read(BLOCKSIZE)#012while len(buf) > 0:#012#011hasher.update(buf)#012#011buf = afile.read(BLOCKSIZE)#012afile.close()#012print(hasher.hexdigest())' 2>/dev/null) || (echo '0 '/etc/filebeat/filebeat.yml) +Feb 22 10:20:46 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:20:47 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:20:47 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:20:47 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:20:47 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-kfdqplikbqzasatjrfslxlhvxtweqxmu; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758846.86-111987636158347/copy; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758846.86-111987636158347/ >/dev/null 2>&1 +Feb 22 10:20:47 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:20:47 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:20:48 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:20:48 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-hvjvjngqzsnarkdzeeyddqgydgglplgl; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758848.05-64229506558727/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758848.05-64229506558727/ >/dev/null 2>&1 +Feb 22 10:20:48 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:20:49 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:20:49 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:20:49 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-awoeidxghevopktwtjfwfmwtaubmgrtn; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758849.45-216653274395348/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758849.45-216653274395348/ >/dev/null 2>&1 +Feb 22 10:20:49 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:20:49 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:20:50 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:21:05 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-gpodhiipyobwmtxzmxkandqienviezld; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758850.57-165808785745658/wait_for; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758850.57-165808785745658/ >/dev/null 2>&1 +Feb 22 10:21:05 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:21:05 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:21:06 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:21:06 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-dshvmkemikwrmprtjacyfujniswtlwqg; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758865.79-222508069804943/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758865.79-222508069804943/ >/dev/null 2>&1 +Feb 22 10:21:06 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:21:06 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:21:07 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:21:07 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-mjkqieqkbjnymontbyhkepipbfaghuid; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758866.98-253775251408361/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758866.98-253775251408361/ >/dev/null 2>&1 +Feb 22 10:21:07 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:21:08 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:21:16 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:21:16 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-hjteklymrhtjicprfxpjqlvxlhxxyymg; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758875.97-141490377689356/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758875.97-141490377689356/ >/dev/null 2>&1 +Feb 22 10:21:16 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:21:16 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:21:16 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:21:18 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-csrtpqzzmibovgmwoajbfboolghcicgv; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758876.86-158843529685187/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758876.86-158843529685187/ >/dev/null 2>&1 +Feb 22 10:21:18 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:21:19 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:21:31 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:21:35 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-kymwttnnegazqcmshnjhsnxvaqtrgcpp; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758880.63-176357803389666/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758880.63-176357803389666/ >/dev/null 2>&1 +Feb 22 10:21:35 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:21:38 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:21:38 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:21:38 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-mxfzdolrqsdlmbcwaifuskpzfjruulee; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758898.33-12314181836482/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758898.33-12314181836482/ >/dev/null 2>&1 +Feb 22 10:21:38 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:21:38 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:21:39 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:21:39 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-umsywgtorqzclqkpsvatkxyykcxkdkgs; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758899.33-192709141415230/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758899.33-192709141415230/ >/dev/null 2>&1 +Feb 22 10:21:39 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:21:39 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:21:40 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:21:42 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-eakxsbfxjrmdsismhvfyyvvztecejoyc; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758900.34-189990522471438/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758900.34-189990522471438/ >/dev/null 2>&1 +Feb 22 10:21:42 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:21:42 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:21:42 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:21:43 sshd[1332]: last message repeated 2 times +Feb 22 10:21:43 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-dgadmykrlzraqgkcmnphakuguadntfsl; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758902.74-199509623193790/async_wrapper 816499674548 45 /home/vagrant/.ansible/tmp/ansible-tmp-1487758902.74-199509623193790/command /home/vagrant/.ansible/tmp/ansible-tmp-1487758902.74-199509623193790/arguments; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758902.74-199509623193790/ >/dev/null 2>&1 +Feb 22 10:21:43 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:21:44 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:21:49 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:21:53 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-vwfooorrnflwboszxctmeqzeclcqwqzb; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758908.96-210248164703691/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758908.96-210248164703691/ >/dev/null 2>&1 +Feb 22 10:21:53 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:21:54 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:21:56 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:21:56 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-nnyixufntvdqvskhwuonusiivtsvojgh; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758915.44-145306896810131/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758915.44-145306896810131/ >/dev/null 2>&1 +Feb 22 10:21:56 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:21:56 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:21:57 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:21:58 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-mrcsndxoihslbpebrbhcnfgjqwsmlhpe; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758916.36-254700287237800/setup; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758916.36-254700287237800/ >/dev/null 2>&1 +Feb 22 10:21:58 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:21:58 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:22:01 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:22:01 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-dwxuhfbnbmpewdwihojqgkaxemyudefv; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758921.44-15417091956419/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758921.44-15417091956419/ >/dev/null 2>&1 +Feb 22 10:22:01 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:22:02 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:22:06 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:22:06 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-vorqpnjghsoyipiylridtecbdkjbjggj; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758926.16-63625452155831/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758926.16-63625452155831/ >/dev/null 2>&1 +Feb 22 10:22:06 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:22:11 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:22:28 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:22:28 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-sjnzdfvhlkhghuekfrjxtciyfkfofhbw; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758948.07-151612679899505/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758948.07-151612679899505/ >/dev/null 2>&1 +Feb 22 10:22:28 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:22:29 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:22:31 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:22:31 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-bqghhittgonzjreztgtrovtgvjuthyll; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758951.62-253778658902595/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758951.62-253778658902595/ >/dev/null 2>&1 +Feb 22 10:22:31 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:22:33 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:22:34 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:22:35 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-zzdubdcrvzdozuqntajprljngcjihspk; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758954.0-200796609083801/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758954.0-200796609083801/ >/dev/null 2>&1 +Feb 22 10:22:35 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:22:36 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:22:47 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:22:47 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-nkaglrldajapqdielsancxfiszgsoljk; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758966.88-266261809895740/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758966.88-266261809895740/ >/dev/null 2>&1 +Feb 22 10:22:47 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:22:47 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:22:48 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-hkcqwojfpwljfelfdpzhmyvrudplkhav; rc=flag; [ -r /etc/metricbeat/metricbeat.yml ] || rc=2; [ -f /etc/metricbeat/metricbeat.yml ] || rc=1; [ -d /etc/metricbeat/metricbeat.yml ] && rc=3; python -V 2>/dev/null || rc=4; [ x"$rc" != "xflag" ] && echo "${rc} "/etc/metricbeat/metricbeat.yml && exit 0; (python -c 'import hashlib; BLOCKSIZE = 65536; hasher = hashlib.sha1();#012afile = open("'/etc/metricbeat/metricbeat.yml'", "rb")#012buf = afile.read(BLOCKSIZE)#012while len(buf) > 0:#012#011hasher.update(buf)#012#011buf = afile.read(BLOCKSIZE)#012afile.close()#012print(hasher.hexdigest())' 2>/dev/null) || (python -c 'import sha; BLOCKSIZE = 65536; hasher = sha.sha();#012afile = open("'/etc/metricbeat/metricbeat.yml'", "rb")#012buf = afile.read(BLOCKSIZE)#012while len(buf) > 0:#012#011hasher.update(buf)#012#011buf = afile.read(BLOCKSIZE)#012afile.close()#012print(hasher.hexdigest())' 2>/dev/null) || (echo '0 +Feb 22 10:22:48 precise32 sudo: vagrant : (command continued) '/etc/metricbeat/metricbeat.yml) +Feb 22 10:22:48 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:22:48 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:22:48 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:22:48 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:22:48 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-qeeogyaubusemwuivumoknkyllgqifqc; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758967.93-2413198329354/copy; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758967.93-2413198329354/ >/dev/null 2>&1 +Feb 22 10:22:48 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:22:49 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:22:49 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:22:49 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-wleytkdmeuzrrfocyjqnlnrnhvvmqnhj; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758969.36-189021904374208/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758969.36-189021904374208/ >/dev/null 2>&1 +Feb 22 10:22:49 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:22:49 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:22:51 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:22:52 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-xzgycnxdoiaxjliycnakgwtiediaqskc; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758971.32-235095819876869/wait_for; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758971.32-235095819876869/ >/dev/null 2>&1 +Feb 22 10:22:52 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:22:52 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:22:52 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:22:52 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-upihslyxhlhsmolzjezjcbfgfdyudqea; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758972.67-153306624674709/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758972.67-153306624674709/ >/dev/null 2>&1 +Feb 22 10:22:52 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:22:53 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:22:54 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:22:54 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-mezdvjkbyixfajeijestjexjbusaqrhb; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758974.47-274076590596000/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758974.47-274076590596000/ >/dev/null 2>&1 +Feb 22 10:22:54 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:22:56 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:23:08 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:23:08 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-wycmwfzcoiymnuhdymorxjysksrmjqcd; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758988.59-114925555291248/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758988.59-114925555291248/ >/dev/null 2>&1 +Feb 22 10:23:08 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:23:08 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:23:09 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:23:11 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-uuaaiyzwzwvpgjxsrvpuldxursddupwu; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758989.68-236755099981530/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758989.68-236755099981530/ >/dev/null 2>&1 +Feb 22 10:23:11 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:23:12 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:23:13 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:23:29 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-fdkxeotnfawfmixnoetubimwvktnuney; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487758993.69-243714943255957/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487758993.69-243714943255957/ >/dev/null 2>&1 +Feb 22 10:23:29 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:23:32 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:23:33 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:23:33 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-pzligihucshudlaypravoqhwbyszpwzm; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759013.13-207637999650885/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759013.13-207637999650885/ >/dev/null 2>&1 +Feb 22 10:23:33 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:23:34 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:23:34 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:23:34 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-sapsykckcxjjfkdyewlufthenwbjlreq; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759014.33-250741217844628/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759014.33-250741217844628/ >/dev/null 2>&1 +Feb 22 10:23:34 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:23:34 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:23:35 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:23:36 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-ujkefpwcuprdzgvxmqsttcaduitzpreb; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759015.32-255004096786183/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759015.32-255004096786183/ >/dev/null 2>&1 +Feb 22 10:23:36 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:23:37 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:23:38 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:23:38 sshd[1332]: last message repeated 2 times +Feb 22 10:23:38 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-wzvgaupyzevaqpewfanpzwbbjbrgjyxa; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759018.34-224146594813589/async_wrapper 410374908727 45 /home/vagrant/.ansible/tmp/ansible-tmp-1487759018.34-224146594813589/command /home/vagrant/.ansible/tmp/ansible-tmp-1487759018.34-224146594813589/arguments; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759018.34-224146594813589/ >/dev/null 2>&1 +Feb 22 10:23:38 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:23:39 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:23:44 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:23:44 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-wsxswpmqlawotxhiuihospylbndtqluo; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759024.5-136675909330225/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759024.5-136675909330225/ >/dev/null 2>&1 +Feb 22 10:23:44 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:23:45 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:23:51 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:23:51 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-vorifscmganfsjedaedjhlnokfdqyuyt; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759031.38-273404504950212/wait_for; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759031.38-273404504950212/ >/dev/null 2>&1 +Feb 22 10:23:51 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:23:51 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:23:53 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:23:53 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-dfyhnziutzyjkxvgaszqbncngwzfmbkj; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759032.63-195213430058226/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759032.63-195213430058226/ >/dev/null 2>&1 +Feb 22 10:23:53 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:23:53 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:23:53 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:23:54 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-oshlszshpobiexosodofiliquogpcrch; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759033.86-259824119157880/setup; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759033.86-259824119157880/ >/dev/null 2>&1 +Feb 22 10:23:54 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:23:54 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:24:03 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:24:05 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-bnsprfojytndjkrmmatjbhdmhmknbjcw; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759043.64-230997147212314/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759043.64-230997147212314/ >/dev/null 2>&1 +Feb 22 10:24:05 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:24:06 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:24:07 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:24:15 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-zjgvfvohclzccihbhkjmgsceoysdgsuk; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759047.85-178830207294016/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759047.85-178830207294016/ >/dev/null 2>&1 +Feb 22 10:24:15 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:24:20 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:24:29 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:24:30 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-tzhedkhxrmostbfutqxrioqpnhfxbfov; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759069.42-32472306062955/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759069.42-32472306062955/ >/dev/null 2>&1 +Feb 22 10:24:30 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:24:30 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:24:33 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:24:34 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-eeszonjwbylnqtvgspsxyxozxljkepff; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759073.89-12256629657244/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759073.89-12256629657244/ >/dev/null 2>&1 +Feb 22 10:24:34 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:24:34 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:24:35 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:24:35 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-pawilqhuoycqyksktjsmxumuwbmuywvr; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759074.92-98763948895300/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759074.92-98763948895300/ >/dev/null 2>&1 +Feb 22 10:24:35 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:24:36 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:24:48 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:24:48 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-fpcrlnvrjfuuwjvlqbvjknuguatdrkdt; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759088.08-95836653427652/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759088.08-95836653427652/ >/dev/null 2>&1 +Feb 22 10:24:48 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:24:48 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:24:49 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-ippzqmywwjlstxlqlpyxbnzzgeigarma; rc=flag; [ -r /etc/heartbeat/heartbeat.yml ] || rc=2; [ -f /etc/heartbeat/heartbeat.yml ] || rc=1; [ -d /etc/heartbeat/heartbeat.yml ] && rc=3; python -V 2>/dev/null || rc=4; [ x"$rc" != "xflag" ] && echo "${rc} "/etc/heartbeat/heartbeat.yml && exit 0; (python -c 'import hashlib; BLOCKSIZE = 65536; hasher = hashlib.sha1();#012afile = open("'/etc/heartbeat/heartbeat.yml'", "rb")#012buf = afile.read(BLOCKSIZE)#012while len(buf) > 0:#012#011hasher.update(buf)#012#011buf = afile.read(BLOCKSIZE)#012afile.close()#012print(hasher.hexdigest())' 2>/dev/null) || (python -c 'import sha; BLOCKSIZE = 65536; hasher = sha.sha();#012afile = open("'/etc/heartbeat/heartbeat.yml'", "rb")#012buf = afile.read(BLOCKSIZE)#012while len(buf) > 0:#012#011hasher.update(buf)#012#011buf = afile.read(BLOCKSIZE)#012afile.close()#012print(hasher.hexdigest())' 2>/dev/null) || (echo '0 +Feb 22 10:24:49 precise32 sudo: vagrant : (command continued) '/etc/heartbeat/heartbeat.yml) +Feb 22 10:24:49 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:24:49 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:24:49 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:24:49 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:24:50 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-lmkcndbwyqwirrupuyaoxvjpcgqrspjv; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759089.25-13919817848020/copy; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759089.25-13919817848020/ >/dev/null 2>&1 +Feb 22 10:24:50 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:24:50 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:24:50 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:24:51 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-lmimwtwvnahmfimdjcpxecnaxkikqzkb; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759090.54-208394951526157/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759090.54-208394951526157/ >/dev/null 2>&1 +Feb 22 10:24:51 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:24:51 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:24:52 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:24:53 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-hnjbwpwylotrkdvltxlvqwqjnzenlieh; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759092.2-167518908535129/wait_for; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759092.2-167518908535129/ >/dev/null 2>&1 +Feb 22 10:24:53 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:24:54 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:24:54 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:24:54 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-wlhgjrshdmicpsqhmvnzqsoekdwxwfao; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759094.19-57829294311136/service; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759094.19-57829294311136/ >/dev/null 2>&1 +Feb 22 10:24:54 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:24:54 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:24:55 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:24:57 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-czztgxumavfzugnaxrzgsdrxilpkbflz; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759095.85-211164222926167/apt; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759095.85-211164222926167/ >/dev/null 2>&1 +Feb 22 10:24:57 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:25:00 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:25:07 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:25:08 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-hkjwhgysjpvjcknmpwicwmnijuwmxafv; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759107.52-210302790044830/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759107.52-210302790044830/ >/dev/null 2>&1 +Feb 22 10:25:08 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:25:08 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:25:08 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:25:08 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-tfvrkyzdcfjxhusybnzxkcmuwxblfoti; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759108.49-234130386314936/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759108.49-234130386314936/ >/dev/null 2>&1 +Feb 22 10:25:08 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:25:09 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:25:13 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:25:13 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-gnjtaevjcrhacnacvsvihakgsyhqcwod; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759113.81-179783319147604/get_url; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759113.81-179783319147604/ >/dev/null 2>&1 +Feb 22 10:25:13 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:25:18 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:25:35 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:25:35 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-bahevnlzztjypsgntszgstmvovuabxfg; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759135.03-159695980315135/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759135.03-159695980315135/ >/dev/null 2>&1 +Feb 22 10:25:35 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:25:35 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:25:36 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:25:36 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-obuzxrxcfsypdbeutjpxvvbpmqcadysb; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759135.97-154168175733053/file; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759135.97-154168175733053/ >/dev/null 2>&1 +Feb 22 10:25:36 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:25:36 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:25:36 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:25:37 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-rfqorfecrhqenaiihbafxqgzxukylnmv; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759136.82-129523565034232/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759136.82-129523565034232/ >/dev/null 2>&1 +Feb 22 10:25:37 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:25:38 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:25:39 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:25:43 sshd[1332]: last message repeated 2 times +Feb 22 10:25:43 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-zjvdsaammnhugthzrjdbretryqmrvulm; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759139.04-250524005502190/async_wrapper 442060242590 45 /home/vagrant/.ansible/tmp/ansible-tmp-1487759139.04-250524005502190/command /home/vagrant/.ansible/tmp/ansible-tmp-1487759139.04-250524005502190/arguments; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759139.04-250524005502190/ >/dev/null 2>&1 +Feb 22 10:25:43 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:25:44 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:25:47 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:25:48 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-igtduwziazbzcigerpdstpbubtijpoha; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759145.15-69304479737447/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759145.15-69304479737447/ >/dev/null 2>&1 +Feb 22 10:25:48 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:25:49 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:25:51 precise32 sshd[1332]: subsystem request for sftp by user vagrant +Feb 22 10:25:52 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-fwvsibdnrdsafikdwkihqdaavmthawfo; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1487759151.73-135710032587634/command; rm -rf /home/vagrant/.ansible/tmp/ansible-tmp-1487759151.73-135710032587634/ >/dev/null 2>&1 +Feb 22 10:25:52 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:25:52 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:26:52 precise32 sshd[1332]: Received disconnect from 10.0.2.2: 11: disconnected by user +Feb 22 10:26:52 precise32 sshd[1317]: pam_unix(sshd:session): session closed for user vagrant +Feb 22 10:49:54 precise32 sshd[3007]: Accepted publickey for vagrant from 10.0.2.2 port 52059 ssh2 +Feb 22 10:49:54 precise32 sshd[3007]: pam_unix(sshd:session): session opened for user vagrant by (uid=0) +Feb 22 10:50:01 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/vi /etc/apt/sources.list.d/elastic.list +Feb 22 10:50:01 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:50:14 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:50:17 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/apt-get update +Feb 22 10:50:17 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:50:28 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:50:42 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/apt-get install filebeat +Feb 22 10:50:42 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:50:50 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:51:05 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/vi /etc/filebeat/filebeat.yml +Feb 22 10:51:05 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:51:26 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:51:31 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/etc/init.d/filebeat start +Feb 22 10:51:31 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:51:31 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:51:35 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/vi /etc/filebeat/filebeat.yml +Feb 22 10:51:35 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:51:39 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 10:51:40 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/etc/init.d/filebeat start +Feb 22 10:51:40 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 10:51:40 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 11:04:28 precise32 sshd[3403]: Accepted publickey for vagrant from 10.0.2.2 port 52321 ssh2 +Feb 22 11:04:28 precise32 sshd[3403]: pam_unix(sshd:session): session opened for user vagrant by (uid=0) +Feb 22 11:04:32 precise32 sshd[3418]: Received disconnect from 10.0.2.2: 11: disconnected by user +Feb 22 11:04:32 precise32 sshd[3403]: pam_unix(sshd:session): session closed for user vagrant +Feb 22 11:17:01 precise32 CRON[3448]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 22 11:17:01 precise32 CRON[3448]: pam_unix(cron:session): session closed for user root +Feb 22 11:21:21 precise32 sshd[3452]: Accepted publickey for vagrant from 10.0.2.2 port 52747 ssh2 +Feb 22 11:21:21 precise32 sshd[3452]: pam_unix(sshd:session): session opened for user vagrant by (uid=0) +Feb 22 11:21:24 precise32 sshd[3467]: Received disconnect from 10.0.2.2: 11: disconnected by user +Feb 22 11:21:24 precise32 sshd[3452]: pam_unix(sshd:session): session closed for user vagrant +Feb 22 11:24:38 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/vi /etc/apt/sources.list +Feb 22 11:24:38 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 11:24:39 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 11:24:43 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/vi /etc/filebeat/filebeat.full.yml +Feb 22 11:24:43 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 22 12:17:01 precise32 CRON[3561]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 22 12:17:01 precise32 CRON[3561]: pam_unix(cron:session): session closed for user root +Feb 22 13:17:01 precise32 CRON[3578]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 22 13:17:01 precise32 CRON[3578]: pam_unix(cron:session): session closed for user root +Feb 22 14:17:01 precise32 CRON[3594]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 22 14:17:01 precise32 CRON[3594]: pam_unix(cron:session): session closed for user root +Feb 22 15:17:01 precise32 CRON[3610]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 22 15:17:01 precise32 CRON[3610]: pam_unix(cron:session): session closed for user root +Feb 22 16:17:01 precise32 CRON[3648]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 22 16:17:01 precise32 CRON[3648]: pam_unix(cron:session): session closed for user root +Feb 22 17:17:01 precise32 CRON[3663]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 22 17:17:01 precise32 CRON[3663]: pam_unix(cron:session): session closed for user root +Feb 22 18:17:01 precise32 CRON[3679]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 22 18:17:01 precise32 CRON[3679]: pam_unix(cron:session): session closed for user root +Feb 22 19:17:01 precise32 CRON[3697]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 22 19:17:01 precise32 CRON[3697]: pam_unix(cron:session): session closed for user root +Feb 22 20:17:01 precise32 CRON[3712]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 22 20:17:01 precise32 CRON[3712]: pam_unix(cron:session): session closed for user root +Feb 22 21:17:01 precise32 CRON[3729]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 22 21:17:01 precise32 CRON[3729]: pam_unix(cron:session): session closed for user root +Feb 22 22:17:01 precise32 CRON[3744]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 22 22:17:01 precise32 CRON[3744]: pam_unix(cron:session): session closed for user root +Feb 22 23:17:01 precise32 CRON[3760]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 22 23:17:01 precise32 CRON[3760]: pam_unix(cron:session): session closed for user root +Feb 22 23:29:50 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 22 23:29:50 precise32 sshd[3007]: pam_unix(sshd:session): session closed for user vagrant +Feb 23 09:17:02 precise32 CRON[3779]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 23 09:17:02 precise32 CRON[3779]: pam_unix(cron:session): session closed for user root +Feb 23 10:17:01 precise32 CRON[3815]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 23 10:17:01 precise32 CRON[3815]: pam_unix(cron:session): session closed for user root +Feb 23 11:17:01 precise32 CRON[3828]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 23 11:17:01 precise32 CRON[3828]: pam_unix(cron:session): session closed for user root +Feb 23 12:17:01 precise32 CRON[3845]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 23 12:17:01 precise32 CRON[3845]: pam_unix(cron:session): session closed for user root +Feb 23 13:17:01 precise32 CRON[3860]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 23 13:17:01 precise32 CRON[3860]: pam_unix(cron:session): session closed for user root +Feb 23 14:17:01 precise32 CRON[3875]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 23 14:17:01 precise32 CRON[3875]: pam_unix(cron:session): session closed for user root +Feb 23 15:17:01 precise32 CRON[3890]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 23 15:17:01 precise32 CRON[3890]: pam_unix(cron:session): session closed for user root +Feb 23 17:17:01 precise32 CRON[3908]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 23 17:17:01 precise32 CRON[3908]: pam_unix(cron:session): session closed for user root +Feb 23 18:17:01 precise32 CRON[3923]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 23 18:17:01 precise32 CRON[3923]: pam_unix(cron:session): session closed for user root +Feb 23 19:17:01 precise32 CRON[3938]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 23 19:17:01 precise32 CRON[3938]: pam_unix(cron:session): session closed for user root +Feb 23 19:26:35 precise32 sshd[3945]: Accepted publickey for vagrant from 10.0.2.2 port 58363 ssh2 +Feb 23 19:26:35 precise32 sshd[3945]: pam_unix(sshd:session): session opened for user vagrant by (uid=0) +Feb 23 20:05:18 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/less /var/log/auth.log +Feb 23 20:05:18 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 23 20:15:04 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 23 20:15:09 precise32 sshd[3960]: Received disconnect from 10.0.2.2: 11: disconnected by user +Feb 23 20:15:09 precise32 sshd[3945]: pam_unix(sshd:session): session closed for user vagrant +Feb 23 20:17:01 precise32 CRON[4104]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 23 20:17:01 precise32 CRON[4104]: pam_unix(cron:session): session closed for user root +Feb 23 21:17:01 precise32 CRON[4140]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 23 21:17:01 precise32 CRON[4140]: pam_unix(cron:session): session closed for user root +Feb 23 22:17:01 precise32 CRON[4155]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 23 22:17:01 precise32 CRON[4155]: pam_unix(cron:session): session closed for user root +Feb 23 23:17:01 precise32 CRON[4170]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 23 23:17:01 precise32 CRON[4170]: pam_unix(cron:session): session closed for user root +Feb 24 00:11:15 precise32 sshd[4185]: Accepted publickey for vagrant from 10.0.2.2 port 60839 ssh2 +Feb 24 00:11:15 precise32 sshd[4185]: pam_unix(sshd:session): session opened for user vagrant by (uid=0) +Feb 24 00:11:24 precise32 sshd[4302]: Accepted publickey for vagrant from 10.0.2.2 port 60840 ssh2 +Feb 24 00:11:24 precise32 sshd[4302]: pam_unix(sshd:session): session opened for user vagrant by (uid=0) +Feb 24 00:11:26 precise32 sudo: vagrant : TTY=pts/1 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/bash +Feb 24 00:11:26 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 24 00:12:02 precise32 groupadd[4480]: group added to /etc/group: name=tsg, GID=1003 +Feb 24 00:12:02 precise32 groupadd[4480]: group added to /etc/gshadow: name=tsg +Feb 24 00:12:02 precise32 groupadd[4480]: new group: name=tsg, GID=1003 +Feb 24 00:12:02 precise32 useradd[4484]: new user: name=tsg, UID=1001, GID=1003, home=/home/tsg, shell=/bin/bash +Feb 24 00:12:07 precise32 passwd[4491]: pam_unix(passwd:chauthtok): password changed for tsg +Feb 24 00:12:10 precise32 chfn[4492]: changed user 'tsg' information +Feb 24 00:12:14 precise32 su[4496]: Successful su for tsg by root +Feb 24 00:12:14 precise32 su[4496]: + /dev/pts/1 root:tsg +Feb 24 00:12:14 precise32 su[4496]: pam_unix(su:session): session opened for user tsg by vagrant(uid=0) +Feb 24 00:12:20 precise32 sudo: pam_unix(sudo:auth): authentication failure; logname=vagrant uid=1001 euid=0 tty=/dev/pts/1 ruser=tsg rhost= user=tsg +Feb 24 00:12:37 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/cat /var/log/auth.log +Feb 24 00:12:37 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 24 00:12:37 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 24 00:12:42 precise32 sudo: tsg : 3 incorrect password attempts ; TTY=pts/1 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/ls +Feb 24 00:12:42 precise32 sudo: unable to execute /usr/sbin/sendmail: No such file or directory +Feb 24 00:12:50 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/cat /var/log/auth.log +Feb 24 00:12:50 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 24 00:12:50 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 24 00:13:02 precise32 sudo: tsg : user NOT in sudoers ; TTY=pts/1 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/ls +Feb 24 00:13:02 precise32 sudo: unable to execute /usr/sbin/sendmail: No such file or directory +Feb 24 00:13:06 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/cat /var/log/auth.log +Feb 24 00:13:06 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 24 00:13:06 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 24 00:17:01 precise32 CRON[4588]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 24 00:17:01 precise32 CRON[4588]: pam_unix(cron:session): session closed for user root +Feb 24 00:45:47 precise32 su[4496]: pam_unix(su:session): session closed for user tsg +Feb 24 00:45:48 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 24 00:45:49 precise32 sshd[4317]: Received disconnect from 10.0.2.2: 11: disconnected by user +Feb 24 00:45:49 precise32 sshd[4302]: pam_unix(sshd:session): session closed for user vagrant +Feb 24 00:46:32 precise32 sshd[4598]: Accepted publickey for vagrant from 10.0.2.2 port 61852 ssh2 +Feb 24 00:46:32 precise32 sshd[4598]: pam_unix(sshd:session): session opened for user vagrant by (uid=0) +Feb 24 00:46:32 precise32 sshd[4613]: Received disconnect from 10.0.2.2: 11: disconnected by user +Feb 24 00:46:32 precise32 sshd[4598]: pam_unix(sshd:session): session closed for user vagrant +Feb 24 01:05:42 precise32 sshd[4185]: pam_unix(sshd:session): session closed for user vagrant +Feb 24 08:17:01 precise32 CRON[4626]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 24 08:17:01 precise32 CRON[4626]: pam_unix(cron:session): session closed for user root +Feb 24 09:17:01 precise32 CRON[4642]: pam_unix(cron:session): session opened for user root by (uid=0) +Feb 24 09:17:01 precise32 CRON[4642]: pam_unix(cron:session): session closed for user root +Feb 24 09:18:35 precise32 sshd[4645]: Accepted publickey for vagrant from 10.0.2.2 port 53513 ssh2 +Feb 24 09:18:35 precise32 sshd[4645]: pam_unix(sshd:session): session opened for user vagrant by (uid=0) +Feb 24 09:18:40 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/apt-get install nginx +Feb 24 09:18:40 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 24 09:18:46 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 24 09:18:53 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/cat /var/log/auth.log +Feb 24 09:18:53 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 24 09:18:53 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 24 09:19:04 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/cat /var/log/auth.log +Feb 24 09:19:04 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 24 09:19:04 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 24 09:19:09 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/cat /var/log/auth.log +Feb 24 09:19:09 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 24 09:19:09 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 24 09:19:29 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/usr/bin/apt-get install mysql-server +Feb 24 09:19:29 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 24 09:19:55 precise32 groupadd[7996]: group added to /etc/group: name=mysql, GID=111 +Feb 24 09:19:55 precise32 groupadd[7996]: group added to /etc/gshadow: name=mysql +Feb 24 09:19:55 precise32 groupadd[7996]: new group: name=mysql, GID=111 +Feb 24 09:19:55 precise32 useradd[8002]: new user: name=mysql, UID=106, GID=111, home=/nonexistent, shell=/bin/false +Feb 24 09:19:55 precise32 chage[8007]: changed password expiry for mysql +Feb 24 09:19:55 precise32 chfn[8010]: changed user 'mysql' information +Feb 24 09:20:08 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 24 09:20:10 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/cat /var/log/auth.log +Feb 24 09:20:10 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 24 09:20:10 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 24 09:26:29 precise32 sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/cat /var/log/auth.log +Feb 24 09:26:29 precise32 sudo: pam_unix(sudo:session): session opened for user root by vagrant(uid=1000) +Feb 24 09:26:29 precise32 sudo: pam_unix(sudo:session): session closed for user root +Feb 24 09:26:59 precise32 sshd[10535]: Accepted publickey for vagrant from 10.0.2.2 port 58988 ssh2 +Feb 24 09:26:59 precise32 sshd[10535]: pam_unix(sshd:session): session opened for user vagrant by (uid=0) diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/auth/test/secure-rhel7.log b/vendor/github.com/elastic/beats/filebeat/module/system/auth/test/secure-rhel7.log new file mode 100644 index 00000000..2b3bfe5f --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/auth/test/secure-rhel7.log @@ -0,0 +1,1000 @@ +Feb 22 16:45:20 slave22 sshd[2738]: Failed password for root from 202.109.143.106 port 1786 ssh2 +Feb 22 16:45:20 slave22 sshd[2738]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:45:22 slave22 sshd[2738]: Failed password for root from 202.109.143.106 port 1786 ssh2 +Feb 22 16:45:23 slave22 sshd[2738]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:45:26 slave22 sshd[2738]: Failed password for root from 202.109.143.106 port 1786 ssh2 +Feb 22 16:45:26 slave22 sshd[2738]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:45:26 slave22 sshd[2738]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:45:26 slave22 sshd[2738]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:45:32 slave22 sshd[2742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:45:32 slave22 sshd[2742]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:45:34 slave22 sshd[2742]: Failed password for root from 202.109.143.106 port 3576 ssh2 +Feb 22 16:45:34 slave22 sshd[2742]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:45:36 slave22 sshd[2742]: Failed password for root from 202.109.143.106 port 3576 ssh2 +Feb 22 16:45:37 slave22 sshd[2742]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:45:39 slave22 sshd[2742]: Failed password for root from 202.109.143.106 port 3576 ssh2 +Feb 22 16:45:39 slave22 sshd[2742]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:45:41 slave22 sshd[2742]: Failed password for root from 202.109.143.106 port 3576 ssh2 +Feb 22 16:45:41 slave22 sshd[2742]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:45:44 slave22 sshd[2742]: Failed password for root from 202.109.143.106 port 3576 ssh2 +Feb 22 16:45:44 slave22 sshd[2742]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:45:44 slave22 sshd[2742]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:45:44 slave22 sshd[2742]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:45:54 slave22 sshd[2754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:45:54 slave22 sshd[2754]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:45:56 slave22 sshd[2758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:45:56 slave22 sshd[2758]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:45:57 slave22 sshd[2754]: Failed password for root from 202.109.143.106 port 1996 ssh2 +Feb 22 16:45:57 slave22 sshd[2754]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:45:57 slave22 sshd[2758]: Failed password for root from 116.31.116.27 port 26714 ssh2 +Feb 22 16:45:58 slave22 sshd[2758]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:45:59 slave22 sshd[2754]: Failed password for root from 202.109.143.106 port 1996 ssh2 +Feb 22 16:45:59 slave22 sshd[2754]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:46:00 slave22 sshd[2758]: Failed password for root from 116.31.116.27 port 26714 ssh2 +Feb 22 16:46:00 slave22 sshd[2758]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:46:01 slave22 sshd[2754]: Failed password for root from 202.109.143.106 port 1996 ssh2 +Feb 22 16:46:02 slave22 sshd[2754]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:46:03 slave22 sshd[2758]: Failed password for root from 116.31.116.27 port 26714 ssh2 +Feb 22 16:46:03 slave22 sshd[2758]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 16:46:03 slave22 sshd[2758]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:46:04 slave22 sshd[2754]: Failed password for root from 202.109.143.106 port 1996 ssh2 +Feb 22 16:46:04 slave22 sshd[2754]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:46:06 slave22 sshd[2754]: Failed password for root from 202.109.143.106 port 1996 ssh2 +Feb 22 16:46:06 slave22 sshd[2754]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:46:06 slave22 sshd[2754]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:46:06 slave22 sshd[2754]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:46:16 slave22 sshd[2762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:46:16 slave22 sshd[2762]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:46:18 slave22 sshd[2762]: Failed password for root from 202.109.143.106 port 1605 ssh2 +Feb 22 16:46:18 slave22 sshd[2762]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:46:21 slave22 sshd[2762]: Failed password for root from 202.109.143.106 port 1605 ssh2 +Feb 22 16:46:21 slave22 sshd[2762]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:46:23 slave22 sshd[2762]: Failed password for root from 202.109.143.106 port 1605 ssh2 +Feb 22 16:46:24 slave22 sshd[2762]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:46:26 slave22 sshd[2762]: Failed password for root from 202.109.143.106 port 1605 ssh2 +Feb 22 16:46:26 slave22 sshd[2762]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:46:28 slave22 sshd[2762]: Failed password for root from 202.109.143.106 port 1605 ssh2 +Feb 22 16:46:29 slave22 sshd[2762]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:46:29 slave22 sshd[2762]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:46:29 slave22 sshd[2762]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:46:41 slave22 sshd[2766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:46:41 slave22 sshd[2766]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:46:44 slave22 sshd[2766]: Failed password for root from 202.109.143.106 port 1166 ssh2 +Feb 22 16:46:44 slave22 sshd[2766]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:46:46 slave22 sshd[2766]: Failed password for root from 202.109.143.106 port 1166 ssh2 +Feb 22 16:46:46 slave22 sshd[2766]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:46:48 slave22 sshd[2766]: Failed password for root from 202.109.143.106 port 1166 ssh2 +Feb 22 16:46:48 slave22 sshd[2766]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:46:51 slave22 sshd[2766]: Failed password for root from 202.109.143.106 port 1166 ssh2 +Feb 22 16:46:51 slave22 sshd[2766]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:46:53 slave22 sshd[2766]: Failed password for root from 202.109.143.106 port 1166 ssh2 +Feb 22 16:46:53 slave22 sshd[2766]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:46:53 slave22 sshd[2766]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:46:53 slave22 sshd[2766]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:46:57 slave22 sshd[2778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:46:57 slave22 sshd[2778]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:46:59 slave22 sshd[2778]: Failed password for root from 116.31.116.27 port 13996 ssh2 +Feb 22 16:46:59 slave22 sshd[2778]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:47:02 slave22 sshd[2778]: Failed password for root from 116.31.116.27 port 13996 ssh2 +Feb 22 16:47:03 slave22 sshd[2778]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:47:05 slave22 sshd[2778]: Failed password for root from 116.31.116.27 port 13996 ssh2 +Feb 22 16:47:05 slave22 sshd[2778]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 16:47:05 slave22 sshd[2778]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:47:32 slave22 sshd[2785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:47:32 slave22 sshd[2785]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:47:34 slave22 sshd[2785]: Failed password for root from 202.109.143.106 port 3300 ssh2 +Feb 22 16:47:35 slave22 sshd[2785]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:47:36 slave22 sshd[2785]: Failed password for root from 202.109.143.106 port 3300 ssh2 +Feb 22 16:47:37 slave22 sshd[2785]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:47:38 slave22 sshd[2785]: Failed password for root from 202.109.143.106 port 3300 ssh2 +Feb 22 16:47:39 slave22 sshd[2785]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:47:41 slave22 sshd[2785]: Failed password for root from 202.109.143.106 port 3300 ssh2 +Feb 22 16:47:42 slave22 sshd[2785]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:47:44 slave22 sshd[2785]: Failed password for root from 202.109.143.106 port 3300 ssh2 +Feb 22 16:47:44 slave22 sshd[2785]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:47:44 slave22 sshd[2785]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:47:44 slave22 sshd[2785]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:47:52 slave22 sshd[2797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:47:52 slave22 sshd[2797]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:47:54 slave22 sshd[2797]: Failed password for root from 202.109.143.106 port 1347 ssh2 +Feb 22 16:47:54 slave22 sshd[2797]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:47:56 slave22 sshd[2797]: Failed password for root from 202.109.143.106 port 1347 ssh2 +Feb 22 16:47:56 slave22 sshd[2797]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:47:58 slave22 sshd[2801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:47:58 slave22 sshd[2801]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:47:59 slave22 sshd[2797]: Failed password for root from 202.109.143.106 port 1347 ssh2 +Feb 22 16:47:59 slave22 sshd[2797]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:00 slave22 sshd[2801]: Failed password for root from 116.31.116.27 port 50793 ssh2 +Feb 22 16:48:00 slave22 sshd[2801]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:01 slave22 sshd[2797]: Failed password for root from 202.109.143.106 port 1347 ssh2 +Feb 22 16:48:01 slave22 sshd[2797]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:02 slave22 sshd[2801]: Failed password for root from 116.31.116.27 port 50793 ssh2 +Feb 22 16:48:03 slave22 sshd[2801]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:03 slave22 sshd[2797]: Failed password for root from 202.109.143.106 port 1347 ssh2 +Feb 22 16:48:04 slave22 sshd[2805]: Accepted publickey for drewr from 69.245.39.97 port 34202 ssh2: RSA 01:67:32:d9:b3:20:5d:2d:5f:b4:35:c5:a5:8b:0a:5e +Feb 22 16:48:04 slave22 sshd[2805]: pam_unix(sshd:session): session opened for user drewr by (uid=0) +Feb 22 16:48:04 slave22 sshd[2797]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:48:04 slave22 sshd[2797]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:48:04 slave22 sshd[2797]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:48:04 slave22 sshd[2809]: Received disconnect from 69.245.39.97: 11: disconnected by user +Feb 22 16:48:04 slave22 sshd[2805]: pam_unix(sshd:session): session closed for user drewr +Feb 22 16:48:05 slave22 sshd[2801]: Failed password for root from 116.31.116.27 port 50793 ssh2 +Feb 22 16:48:05 slave22 sshd[2801]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 16:48:05 slave22 sshd[2801]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:48:08 slave22 sshd[2817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:48:08 slave22 sshd[2817]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:10 slave22 sshd[2817]: Failed password for root from 202.109.143.106 port 4450 ssh2 +Feb 22 16:48:10 slave22 sshd[2817]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:12 slave22 sshd[2817]: Failed password for root from 202.109.143.106 port 4450 ssh2 +Feb 22 16:48:12 slave22 sshd[2817]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:14 slave22 sshd[2817]: Failed password for root from 202.109.143.106 port 4450 ssh2 +Feb 22 16:48:15 slave22 sshd[2817]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:17 slave22 sshd[2817]: Failed password for root from 202.109.143.106 port 4450 ssh2 +Feb 22 16:48:17 slave22 sshd[2817]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:19 slave22 sshd[2817]: Failed password for root from 202.109.143.106 port 4450 ssh2 +Feb 22 16:48:20 slave22 sshd[2817]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:48:20 slave22 sshd[2817]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:48:20 slave22 sshd[2817]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:48:28 slave22 sshd[2821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:48:28 slave22 sshd[2821]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:30 slave22 sshd[2821]: Failed password for root from 202.109.143.106 port 3346 ssh2 +Feb 22 16:48:31 slave22 sshd[2821]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:32 slave22 sshd[2821]: Failed password for root from 202.109.143.106 port 3346 ssh2 +Feb 22 16:48:33 slave22 sshd[2821]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:34 slave22 sshd[2821]: Failed password for root from 202.109.143.106 port 3346 ssh2 +Feb 22 16:48:35 slave22 sshd[2821]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:37 slave22 sshd[2821]: Failed password for root from 202.109.143.106 port 3346 ssh2 +Feb 22 16:48:37 slave22 sshd[2821]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:39 slave22 sshd[2821]: Failed password for root from 202.109.143.106 port 3346 ssh2 +Feb 22 16:48:39 slave22 sshd[2821]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:48:39 slave22 sshd[2821]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:48:39 slave22 sshd[2821]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:48:52 slave22 sshd[2825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:48:52 slave22 sshd[2825]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:53 slave22 sshd[2837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:48:53 slave22 sshd[2837]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:54 slave22 sshd[2825]: Failed password for root from 116.31.116.27 port 30743 ssh2 +Feb 22 16:48:54 slave22 sshd[2825]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:55 slave22 sshd[2837]: Failed password for root from 202.109.143.106 port 1074 ssh2 +Feb 22 16:48:55 slave22 sshd[2837]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:56 slave22 sshd[2825]: Failed password for root from 116.31.116.27 port 30743 ssh2 +Feb 22 16:48:57 slave22 sshd[2837]: Failed password for root from 202.109.143.106 port 1074 ssh2 +Feb 22 16:48:57 slave22 sshd[2825]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:57 slave22 sshd[2837]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:48:59 slave22 sshd[2825]: Failed password for root from 116.31.116.27 port 30743 ssh2 +Feb 22 16:48:59 slave22 sshd[2837]: Failed password for root from 202.109.143.106 port 1074 ssh2 +Feb 22 16:49:00 slave22 sshd[2837]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:49:00 slave22 sshd[2825]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 16:49:00 slave22 sshd[2825]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:49:02 slave22 sshd[2837]: Failed password for root from 202.109.143.106 port 1074 ssh2 +Feb 22 16:49:02 slave22 sshd[2837]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:49:04 slave22 sshd[2837]: Failed password for root from 202.109.143.106 port 1074 ssh2 +Feb 22 16:49:05 slave22 sshd[2837]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:49:05 slave22 sshd[2837]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:49:05 slave22 sshd[2837]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:49:07 slave22 sshd[2841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:49:07 slave22 sshd[2841]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:49:08 slave22 sshd[2841]: Failed password for root from 202.109.143.106 port 4014 ssh2 +Feb 22 16:49:09 slave22 sshd[2841]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:49:10 slave22 sshd[2841]: Failed password for root from 202.109.143.106 port 4014 ssh2 +Feb 22 16:49:11 slave22 sshd[2841]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:49:13 slave22 sshd[2841]: Failed password for root from 202.109.143.106 port 4014 ssh2 +Feb 22 16:49:13 slave22 sshd[2841]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:49:15 slave22 sshd[2841]: Failed password for root from 202.109.143.106 port 4014 ssh2 +Feb 22 16:49:15 slave22 sshd[2841]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:49:17 slave22 sshd[2841]: Failed password for root from 202.109.143.106 port 4014 ssh2 +Feb 22 16:49:17 slave22 sshd[2841]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:49:17 slave22 sshd[2841]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:49:17 slave22 sshd[2841]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:49:47 slave22 sshd[2846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:49:47 slave22 sshd[2846]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:49:49 slave22 sshd[2846]: Failed password for root from 116.31.116.27 port 40854 ssh2 +Feb 22 16:49:49 slave22 sshd[2846]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:49:51 slave22 sshd[2846]: Failed password for root from 116.31.116.27 port 40854 ssh2 +Feb 22 16:49:51 slave22 sshd[2846]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:49:53 slave22 sshd[2846]: Failed password for root from 116.31.116.27 port 40854 ssh2 +Feb 22 16:49:55 slave22 sshd[2846]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 16:49:55 slave22 sshd[2846]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:50:06 slave22 sshd[2865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:50:06 slave22 sshd[2865]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:50:08 slave22 sshd[2865]: Failed password for root from 202.109.143.106 port 1208 ssh2 +Feb 22 16:50:08 slave22 sshd[2865]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:50:10 slave22 sshd[2865]: Failed password for root from 202.109.143.106 port 1208 ssh2 +Feb 22 16:50:10 slave22 sshd[2865]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:50:13 slave22 sshd[2865]: Failed password for root from 202.109.143.106 port 1208 ssh2 +Feb 22 16:50:13 slave22 sshd[2865]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:50:14 slave22 sshd[2865]: Failed password for root from 202.109.143.106 port 1208 ssh2 +Feb 22 16:50:15 slave22 sshd[2865]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:50:16 slave22 sshd[2865]: Failed password for root from 202.109.143.106 port 1208 ssh2 +Feb 22 16:50:17 slave22 sshd[2865]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:50:17 slave22 sshd[2865]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:50:17 slave22 sshd[2865]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:50:27 slave22 sshd[2869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:50:27 slave22 sshd[2869]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:50:29 slave22 sshd[2869]: Failed password for root from 202.109.143.106 port 2112 ssh2 +Feb 22 16:50:30 slave22 sshd[2869]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:50:32 slave22 sshd[2869]: Failed password for root from 202.109.143.106 port 2112 ssh2 +Feb 22 16:50:32 slave22 sshd[2869]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:50:34 slave22 sshd[2869]: Failed password for root from 202.109.143.106 port 2112 ssh2 +Feb 22 16:50:34 slave22 sshd[2869]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:50:37 slave22 sshd[2869]: Failed password for root from 202.109.143.106 port 2112 ssh2 +Feb 22 16:50:37 slave22 sshd[2869]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:50:38 slave22 sshd[2869]: Failed password for root from 202.109.143.106 port 2112 ssh2 +Feb 22 16:50:38 slave22 sshd[2869]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:50:38 slave22 sshd[2869]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:50:38 slave22 sshd[2869]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:50:42 slave22 sshd[2873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:50:42 slave22 sshd[2873]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:50:44 slave22 sshd[2873]: Failed password for root from 116.31.116.27 port 33827 ssh2 +Feb 22 16:50:46 slave22 sshd[2873]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:50:48 slave22 sshd[2873]: Failed password for root from 116.31.116.27 port 33827 ssh2 +Feb 22 16:50:49 slave22 sshd[2873]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:50:50 slave22 sshd[2873]: Failed password for root from 116.31.116.27 port 33827 ssh2 +Feb 22 16:50:50 slave22 sshd[2873]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 16:50:50 slave22 sshd[2873]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:51:35 slave22 sshd[2885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:51:35 slave22 sshd[2885]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:51:37 slave22 sshd[2885]: Failed password for root from 116.31.116.27 port 22460 ssh2 +Feb 22 16:51:37 slave22 sshd[2885]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:51:39 slave22 sshd[2885]: Failed password for root from 116.31.116.27 port 22460 ssh2 +Feb 22 16:51:39 slave22 sshd[2885]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:51:41 slave22 sshd[2885]: Failed password for root from 116.31.116.27 port 22460 ssh2 +Feb 22 16:51:42 slave22 sshd[2885]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 16:51:42 slave22 sshd[2885]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:52:07 slave22 sshd[2897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:52:07 slave22 sshd[2897]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:09 slave22 sshd[2897]: Failed password for root from 202.109.143.106 port 4097 ssh2 +Feb 22 16:52:09 slave22 sshd[2897]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:11 slave22 sshd[2897]: Failed password for root from 202.109.143.106 port 4097 ssh2 +Feb 22 16:52:11 slave22 sshd[2897]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:14 slave22 sshd[2897]: Failed password for root from 202.109.143.106 port 4097 ssh2 +Feb 22 16:52:14 slave22 sshd[2897]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:16 slave22 sshd[2897]: Failed password for root from 202.109.143.106 port 4097 ssh2 +Feb 22 16:52:16 slave22 sshd[2897]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:18 slave22 sshd[2897]: Failed password for root from 202.109.143.106 port 4097 ssh2 +Feb 22 16:52:19 slave22 sshd[2897]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:52:19 slave22 sshd[2897]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:52:19 slave22 sshd[2897]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:52:27 slave22 sshd[2901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:52:27 slave22 sshd[2901]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:29 slave22 sshd[2901]: Failed password for root from 202.109.143.106 port 3046 ssh2 +Feb 22 16:52:29 slave22 sshd[2901]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:32 slave22 sshd[2901]: Failed password for root from 202.109.143.106 port 3046 ssh2 +Feb 22 16:52:32 slave22 sshd[2905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:52:32 slave22 sshd[2905]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:32 slave22 sshd[2901]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:34 slave22 sshd[2905]: Failed password for root from 116.31.116.27 port 16865 ssh2 +Feb 22 16:52:34 slave22 sshd[2901]: Failed password for root from 202.109.143.106 port 3046 ssh2 +Feb 22 16:52:34 slave22 sshd[2901]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:35 slave22 sshd[2905]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:36 slave22 sshd[2901]: Failed password for root from 202.109.143.106 port 3046 ssh2 +Feb 22 16:52:37 slave22 sshd[2901]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:37 slave22 sshd[2905]: Failed password for root from 116.31.116.27 port 16865 ssh2 +Feb 22 16:52:38 slave22 sshd[2905]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:38 slave22 sshd[2901]: Failed password for root from 202.109.143.106 port 3046 ssh2 +Feb 22 16:52:38 slave22 sshd[2901]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:52:38 slave22 sshd[2901]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:52:38 slave22 sshd[2901]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:52:40 slave22 sshd[2905]: Failed password for root from 116.31.116.27 port 16865 ssh2 +Feb 22 16:52:40 slave22 sshd[2905]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 16:52:40 slave22 sshd[2905]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:52:45 slave22 sshd[2909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:52:45 slave22 sshd[2909]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:47 slave22 sshd[2909]: Failed password for root from 202.109.143.106 port 2078 ssh2 +Feb 22 16:52:47 slave22 sshd[2909]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:50 slave22 sshd[2909]: Failed password for root from 202.109.143.106 port 2078 ssh2 +Feb 22 16:52:50 slave22 sshd[2909]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:52 slave22 sshd[2909]: Failed password for root from 202.109.143.106 port 2078 ssh2 +Feb 22 16:52:52 slave22 sshd[2909]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:54 slave22 sshd[2909]: Failed password for root from 202.109.143.106 port 2078 ssh2 +Feb 22 16:52:55 slave22 sshd[2909]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:52:57 slave22 sshd[2909]: Failed password for root from 202.109.143.106 port 2078 ssh2 +Feb 22 16:52:57 slave22 sshd[2909]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:52:57 slave22 sshd[2909]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:52:57 slave22 sshd[2909]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:53:21 slave22 sshd[2921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:53:21 slave22 sshd[2921]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:53:23 slave22 sshd[2921]: Failed password for root from 202.109.143.106 port 2283 ssh2 +Feb 22 16:53:23 slave22 sshd[2921]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:53:24 slave22 sshd[2925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:53:24 slave22 sshd[2925]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:53:26 slave22 sshd[2921]: Failed password for root from 202.109.143.106 port 2283 ssh2 +Feb 22 16:53:26 slave22 sshd[2925]: Failed password for root from 116.31.116.27 port 64169 ssh2 +Feb 22 16:53:26 slave22 sshd[2921]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:53:26 slave22 sshd[2925]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:53:28 slave22 sshd[2921]: Failed password for root from 202.109.143.106 port 2283 ssh2 +Feb 22 16:53:28 slave22 sshd[2921]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:53:28 slave22 sshd[2925]: Failed password for root from 116.31.116.27 port 64169 ssh2 +Feb 22 16:53:28 slave22 sshd[2925]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:53:30 slave22 sshd[2921]: Failed password for root from 202.109.143.106 port 2283 ssh2 +Feb 22 16:53:30 slave22 sshd[2921]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:53:30 slave22 sshd[2925]: Failed password for root from 116.31.116.27 port 64169 ssh2 +Feb 22 16:53:30 slave22 sshd[2925]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 16:53:30 slave22 sshd[2925]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:53:33 slave22 sshd[2921]: Failed password for root from 202.109.143.106 port 2283 ssh2 +Feb 22 16:53:33 slave22 sshd[2921]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:53:33 slave22 sshd[2921]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:53:33 slave22 sshd[2921]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:54:08 slave22 sshd[2937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:54:08 slave22 sshd[2937]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:10 slave22 sshd[2937]: Failed password for root from 202.109.143.106 port 1864 ssh2 +Feb 22 16:54:12 slave22 sshd[2937]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:14 slave22 sshd[2937]: Failed password for root from 202.109.143.106 port 1864 ssh2 +Feb 22 16:54:14 slave22 sshd[2937]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:15 slave22 sshd[2937]: Failed password for root from 202.109.143.106 port 1864 ssh2 +Feb 22 16:54:15 slave22 sshd[2937]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:17 slave22 sshd[2937]: Failed password for root from 202.109.143.106 port 1864 ssh2 +Feb 22 16:54:17 slave22 sshd[2937]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:20 slave22 sshd[2937]: Failed password for root from 202.109.143.106 port 1864 ssh2 +Feb 22 16:54:20 slave22 sshd[2937]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:54:20 slave22 sshd[2937]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:54:20 slave22 sshd[2937]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:54:21 slave22 sshd[2941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:54:21 slave22 sshd[2941]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:23 slave22 sshd[2945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:54:23 slave22 sshd[2945]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:23 slave22 sshd[2941]: Failed password for root from 116.31.116.27 port 59778 ssh2 +Feb 22 16:54:23 slave22 sshd[2941]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:25 slave22 sshd[2945]: Failed password for root from 202.109.143.106 port 1750 ssh2 +Feb 22 16:54:25 slave22 sshd[2945]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:25 slave22 sshd[2941]: Failed password for root from 116.31.116.27 port 59778 ssh2 +Feb 22 16:54:25 slave22 sshd[2941]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:27 slave22 sshd[2945]: Failed password for root from 202.109.143.106 port 1750 ssh2 +Feb 22 16:54:27 slave22 sshd[2945]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:27 slave22 sshd[2941]: Failed password for root from 116.31.116.27 port 59778 ssh2 +Feb 22 16:54:28 slave22 sshd[2941]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 16:54:28 slave22 sshd[2941]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:54:29 slave22 sshd[2945]: Failed password for root from 202.109.143.106 port 1750 ssh2 +Feb 22 16:54:29 slave22 sshd[2945]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:31 slave22 sshd[2945]: Failed password for root from 202.109.143.106 port 1750 ssh2 +Feb 22 16:54:32 slave22 sshd[2945]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:34 slave22 sshd[2945]: Failed password for root from 202.109.143.106 port 1750 ssh2 +Feb 22 16:54:34 slave22 sshd[2945]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:54:34 slave22 sshd[2945]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:54:34 slave22 sshd[2945]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:54:37 slave22 sshd[2949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:54:37 slave22 sshd[2949]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:38 slave22 sshd[2949]: Failed password for root from 202.109.143.106 port 4014 ssh2 +Feb 22 16:54:38 slave22 sshd[2949]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:40 slave22 sshd[2949]: Failed password for root from 202.109.143.106 port 4014 ssh2 +Feb 22 16:54:40 slave22 sshd[2949]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:42 slave22 sshd[2949]: Failed password for root from 202.109.143.106 port 4014 ssh2 +Feb 22 16:54:42 slave22 sshd[2949]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:45 slave22 sshd[2949]: Failed password for root from 202.109.143.106 port 4014 ssh2 +Feb 22 16:54:45 slave22 sshd[2949]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:47 slave22 sshd[2949]: Failed password for root from 202.109.143.106 port 4014 ssh2 +Feb 22 16:54:47 slave22 sshd[2949]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:54:47 slave22 sshd[2949]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:54:47 slave22 sshd[2949]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:54:51 slave22 sshd[2953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:54:51 slave22 sshd[2953]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:53 slave22 sshd[2953]: Failed password for root from 202.109.143.106 port 4817 ssh2 +Feb 22 16:54:53 slave22 sshd[2953]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:56 slave22 sshd[2953]: Failed password for root from 202.109.143.106 port 4817 ssh2 +Feb 22 16:54:56 slave22 sshd[2953]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:57 slave22 sshd[2953]: Failed password for root from 202.109.143.106 port 4817 ssh2 +Feb 22 16:54:58 slave22 sshd[2953]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:54:59 slave22 sshd[2953]: Failed password for root from 202.109.143.106 port 4817 ssh2 +Feb 22 16:54:59 slave22 sshd[2953]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:55:01 slave22 sshd[2953]: Failed password for root from 202.109.143.106 port 4817 ssh2 +Feb 22 16:55:02 slave22 sshd[2953]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:55:02 slave22 sshd[2953]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:55:02 slave22 sshd[2953]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:55:04 slave22 sshd[2965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:55:04 slave22 sshd[2965]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:55:06 slave22 sshd[2965]: Failed password for root from 202.109.143.106 port 4413 ssh2 +Feb 22 16:55:06 slave22 sshd[2965]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:55:09 slave22 sshd[2965]: Failed password for root from 202.109.143.106 port 4413 ssh2 +Feb 22 16:55:09 slave22 sshd[2965]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:55:10 slave22 sshd[2965]: Failed password for root from 202.109.143.106 port 4413 ssh2 +Feb 22 16:55:11 slave22 sshd[2965]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:55:13 slave22 sshd[2965]: Failed password for root from 202.109.143.106 port 4413 ssh2 +Feb 22 16:55:13 slave22 sshd[2965]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:55:15 slave22 sshd[2965]: Failed password for root from 202.109.143.106 port 4413 ssh2 +Feb 22 16:55:16 slave22 sshd[2965]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:55:16 slave22 sshd[2965]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:55:16 slave22 sshd[2965]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:55:28 slave22 sshd[2969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:55:28 slave22 sshd[2969]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:55:30 slave22 sshd[2969]: Failed password for root from 116.31.116.27 port 58195 ssh2 +Feb 22 16:55:30 slave22 sshd[2969]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 16:55:35 slave22 sshd[2973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:55:35 slave22 sshd[2973]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:55:37 slave22 sshd[2973]: Failed password for root from 202.109.143.106 port 3222 ssh2 +Feb 22 16:55:37 slave22 sshd[2973]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:55:39 slave22 sshd[2973]: Failed password for root from 202.109.143.106 port 3222 ssh2 +Feb 22 16:55:39 slave22 sshd[2973]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:55:42 slave22 sshd[2973]: Failed password for root from 202.109.143.106 port 3222 ssh2 +Feb 22 16:55:42 slave22 sshd[2973]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:55:45 slave22 sshd[2973]: Failed password for root from 202.109.143.106 port 3222 ssh2 +Feb 22 16:55:45 slave22 sshd[2973]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:55:47 slave22 sshd[2973]: Failed password for root from 202.109.143.106 port 3222 ssh2 +Feb 22 16:55:47 slave22 sshd[2973]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:55:47 slave22 sshd[2973]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:55:47 slave22 sshd[2973]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:55:50 slave22 sshd[2977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:55:50 slave22 sshd[2977]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:55:52 slave22 sshd[2977]: Failed password for root from 202.109.143.106 port 2455 ssh2 +Feb 22 16:55:52 slave22 sshd[2977]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:55:54 slave22 sshd[2977]: Failed password for root from 202.109.143.106 port 2455 ssh2 +Feb 22 16:55:54 slave22 sshd[2977]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:55:56 slave22 sshd[2977]: Failed password for root from 202.109.143.106 port 2455 ssh2 +Feb 22 16:55:56 slave22 sshd[2977]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:55:58 slave22 sshd[2977]: Failed password for root from 202.109.143.106 port 2455 ssh2 +Feb 22 16:55:58 slave22 sshd[2977]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:56:00 slave22 sshd[2977]: Failed password for root from 202.109.143.106 port 2455 ssh2 +Feb 22 16:56:00 slave22 sshd[2977]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:56:00 slave22 sshd[2977]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:56:00 slave22 sshd[2977]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:56:03 slave22 sshd[2989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:56:03 slave22 sshd[2989]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:56:05 slave22 sshd[2989]: Failed password for root from 202.109.143.106 port 3616 ssh2 +Feb 22 16:56:05 slave22 sshd[2989]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:56:07 slave22 sshd[2989]: Failed password for root from 202.109.143.106 port 3616 ssh2 +Feb 22 16:56:07 slave22 sshd[2989]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:56:09 slave22 sshd[2989]: Failed password for root from 202.109.143.106 port 3616 ssh2 +Feb 22 16:56:10 slave22 sshd[2989]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:56:11 slave22 sshd[2989]: Failed password for root from 202.109.143.106 port 3616 ssh2 +Feb 22 16:56:12 slave22 sshd[2989]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:56:13 slave22 sshd[2993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:56:13 slave22 sshd[2993]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:56:14 slave22 sshd[2989]: Failed password for root from 202.109.143.106 port 3616 ssh2 +Feb 22 16:56:14 slave22 sshd[2989]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:56:14 slave22 sshd[2989]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:56:14 slave22 sshd[2989]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:56:15 slave22 sshd[2993]: Failed password for root from 116.31.116.27 port 54178 ssh2 +Feb 22 16:56:16 slave22 sshd[2993]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:56:17 slave22 sshd[2993]: Failed password for root from 116.31.116.27 port 54178 ssh2 +Feb 22 16:56:18 slave22 sshd[2993]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:56:19 slave22 sshd[2993]: Failed password for root from 116.31.116.27 port 54178 ssh2 +Feb 22 16:56:21 slave22 sshd[2993]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 16:56:21 slave22 sshd[2993]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:56:53 slave22 sshd[3005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:56:53 slave22 sshd[3005]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:56:55 slave22 sshd[3005]: Failed password for root from 202.109.143.106 port 2757 ssh2 +Feb 22 16:56:55 slave22 sshd[3005]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:56:57 slave22 sshd[3005]: Failed password for root from 202.109.143.106 port 2757 ssh2 +Feb 22 16:56:58 slave22 sshd[3005]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:57:00 slave22 sshd[3005]: Failed password for root from 202.109.143.106 port 2757 ssh2 +Feb 22 16:57:01 slave22 sshd[3005]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:57:03 slave22 sshd[3005]: Failed password for root from 202.109.143.106 port 2757 ssh2 +Feb 22 16:57:05 slave22 sshd[3009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:57:05 slave22 sshd[3009]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:57:06 slave22 sshd[3005]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:57:07 slave22 sshd[3009]: Failed password for root from 116.31.116.27 port 47019 ssh2 +Feb 22 16:57:07 slave22 sshd[3009]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:57:08 slave22 sshd[3005]: Failed password for root from 202.109.143.106 port 2757 ssh2 +Feb 22 16:57:09 slave22 sshd[3005]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:57:09 slave22 sshd[3005]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:57:09 slave22 sshd[3005]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:57:10 slave22 sshd[3009]: Failed password for root from 116.31.116.27 port 47019 ssh2 +Feb 22 16:57:10 slave22 sshd[3009]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:57:12 slave22 sshd[3009]: Failed password for root from 116.31.116.27 port 47019 ssh2 +Feb 22 16:57:12 slave22 sshd[3009]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 16:57:12 slave22 sshd[3009]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:57:42 slave22 sshd[3013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:57:42 slave22 sshd[3013]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:57:44 slave22 sshd[3013]: Failed password for root from 202.109.143.106 port 4016 ssh2 +Feb 22 16:57:45 slave22 sshd[3013]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:57:47 slave22 sshd[3013]: Failed password for root from 202.109.143.106 port 4016 ssh2 +Feb 22 16:57:47 slave22 sshd[3013]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:57:49 slave22 sshd[3013]: Failed password for root from 202.109.143.106 port 4016 ssh2 +Feb 22 16:57:50 slave22 sshd[3013]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:57:51 slave22 sshd[3013]: Failed password for root from 202.109.143.106 port 4016 ssh2 +Feb 22 16:57:51 slave22 sshd[3013]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:57:53 slave22 sshd[3013]: Failed password for root from 202.109.143.106 port 4016 ssh2 +Feb 22 16:57:53 slave22 sshd[3013]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:57:53 slave22 sshd[3013]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:57:53 slave22 sshd[3013]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:58:01 slave22 sshd[3025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:58:01 slave22 sshd[3025]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:03 slave22 sshd[3025]: Failed password for root from 202.109.143.106 port 1650 ssh2 +Feb 22 16:58:03 slave22 sshd[3025]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:03 slave22 sshd[3033]: Accepted publickey for drewr from 69.245.39.97 port 42136 ssh2: RSA 01:67:32:d9:b3:20:5d:2d:5f:b4:35:c5:a5:8b:0a:5e +Feb 22 16:58:03 slave22 sshd[3033]: pam_unix(sshd:session): session opened for user drewr by (uid=0) +Feb 22 16:58:04 slave22 sshd[3037]: Received disconnect from 69.245.39.97: 11: disconnected by user +Feb 22 16:58:04 slave22 sshd[3033]: pam_unix(sshd:session): session closed for user drewr +Feb 22 16:58:04 slave22 sshd[3029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:58:04 slave22 sshd[3029]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:06 slave22 sshd[3025]: Failed password for root from 202.109.143.106 port 1650 ssh2 +Feb 22 16:58:06 slave22 sshd[3025]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:07 slave22 sshd[3029]: Failed password for root from 116.31.116.27 port 53314 ssh2 +Feb 22 16:58:07 slave22 sshd[3029]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:08 slave22 sshd[3025]: Failed password for root from 202.109.143.106 port 1650 ssh2 +Feb 22 16:58:08 slave22 sshd[3025]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:09 slave22 sshd[3029]: Failed password for root from 116.31.116.27 port 53314 ssh2 +Feb 22 16:58:09 slave22 sshd[3029]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:10 slave22 sshd[3025]: Failed password for root from 202.109.143.106 port 1650 ssh2 +Feb 22 16:58:11 slave22 sshd[3025]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:11 slave22 sshd[3029]: Failed password for root from 116.31.116.27 port 53314 ssh2 +Feb 22 16:58:12 slave22 sshd[3029]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 16:58:12 slave22 sshd[3029]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:58:13 slave22 sshd[3025]: Failed password for root from 202.109.143.106 port 1650 ssh2 +Feb 22 16:58:13 slave22 sshd[3025]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:58:13 slave22 sshd[3025]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:58:13 slave22 sshd[3025]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:58:34 slave22 sshd[3044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:58:34 slave22 sshd[3044]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:37 slave22 sshd[3044]: Failed password for root from 202.109.143.106 port 3023 ssh2 +Feb 22 16:58:38 slave22 sshd[3044]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:41 slave22 sshd[3044]: Failed password for root from 202.109.143.106 port 3023 ssh2 +Feb 22 16:58:41 slave22 sshd[3044]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:43 slave22 sshd[3044]: Failed password for root from 202.109.143.106 port 3023 ssh2 +Feb 22 16:58:43 slave22 sshd[3044]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:45 slave22 sshd[3044]: Failed password for root from 202.109.143.106 port 3023 ssh2 +Feb 22 16:58:46 slave22 sshd[3044]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:48 slave22 sshd[3044]: Failed password for root from 202.109.143.106 port 3023 ssh2 +Feb 22 16:58:48 slave22 sshd[3044]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:58:48 slave22 sshd[3044]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:58:48 slave22 sshd[3044]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:58:52 slave22 sshd[3056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:58:52 slave22 sshd[3056]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:54 slave22 sshd[3056]: Failed password for root from 202.109.143.106 port 4898 ssh2 +Feb 22 16:58:54 slave22 sshd[3056]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:56 slave22 sshd[3056]: Failed password for root from 202.109.143.106 port 4898 ssh2 +Feb 22 16:58:57 slave22 sshd[3056]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:59 slave22 sshd[3060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:58:59 slave22 sshd[3060]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:58:59 slave22 sshd[3056]: Failed password for root from 202.109.143.106 port 4898 ssh2 +Feb 22 16:58:59 slave22 sshd[3056]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:01 slave22 sshd[3060]: Failed password for root from 116.31.116.27 port 49903 ssh2 +Feb 22 16:59:01 slave22 sshd[3060]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:01 slave22 sshd[3056]: Failed password for root from 202.109.143.106 port 4898 ssh2 +Feb 22 16:59:02 slave22 sshd[3056]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:03 slave22 sshd[3060]: Failed password for root from 116.31.116.27 port 49903 ssh2 +Feb 22 16:59:03 slave22 sshd[3056]: Failed password for root from 202.109.143.106 port 4898 ssh2 +Feb 22 16:59:04 slave22 sshd[3056]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:59:04 slave22 sshd[3056]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:59:04 slave22 sshd[3056]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:59:05 slave22 sshd[3060]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:07 slave22 sshd[3060]: Failed password for root from 116.31.116.27 port 49903 ssh2 +Feb 22 16:59:08 slave22 sshd[3060]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 16:59:08 slave22 sshd[3060]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:59:15 slave22 sshd[3064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 16:59:15 slave22 sshd[3064]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:17 slave22 sshd[3064]: Failed password for root from 223.99.60.46 port 43257 ssh2 +Feb 22 16:59:21 slave22 sshd[3064]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:21 slave22 sshd[3068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:59:21 slave22 sshd[3068]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:24 slave22 sshd[3064]: Failed password for root from 223.99.60.46 port 43257 ssh2 +Feb 22 16:59:24 slave22 sshd[3068]: Failed password for root from 202.109.143.106 port 3101 ssh2 +Feb 22 16:59:24 slave22 sshd[3068]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:24 slave22 sshd[3064]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:26 slave22 sshd[3068]: Failed password for root from 202.109.143.106 port 3101 ssh2 +Feb 22 16:59:27 slave22 sshd[3068]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:27 slave22 sshd[3064]: Failed password for root from 223.99.60.46 port 43257 ssh2 +Feb 22 16:59:27 slave22 sshd[3064]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:29 slave22 sshd[3068]: Failed password for root from 202.109.143.106 port 3101 ssh2 +Feb 22 16:59:29 slave22 sshd[3068]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:30 slave22 sshd[3064]: Failed password for root from 223.99.60.46 port 43257 ssh2 +Feb 22 16:59:30 slave22 sshd[3064]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:31 slave22 sshd[3068]: Failed password for root from 202.109.143.106 port 3101 ssh2 +Feb 22 16:59:31 slave22 sshd[3068]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:32 slave22 sshd[3064]: Failed password for root from 223.99.60.46 port 43257 ssh2 +Feb 22 16:59:33 slave22 sshd[3068]: Failed password for root from 202.109.143.106 port 3101 ssh2 +Feb 22 16:59:33 slave22 sshd[3064]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:33 slave22 sshd[3068]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 16:59:33 slave22 sshd[3068]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:59:33 slave22 sshd[3068]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 16:59:35 slave22 sshd[3064]: Failed password for root from 223.99.60.46 port 43257 ssh2 +Feb 22 16:59:35 slave22 sshd[3064]: Disconnecting: Too many authentication failures for root [preauth] +Feb 22 16:59:35 slave22 sshd[3064]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 16:59:35 slave22 sshd[3064]: PAM service(sshd) ignoring max retries; 6 > 3 +Feb 22 16:59:38 slave22 sshd[3072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 16:59:38 slave22 sshd[3072]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:40 slave22 sshd[3072]: Failed password for root from 223.99.60.46 port 4679 ssh2 +Feb 22 16:59:41 slave22 sshd[3072]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:42 slave22 sshd[3072]: Failed password for root from 223.99.60.46 port 4679 ssh2 +Feb 22 16:59:43 slave22 sshd[3072]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:45 slave22 sshd[3072]: Failed password for root from 223.99.60.46 port 4679 ssh2 +Feb 22 16:59:46 slave22 sshd[3072]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:48 slave22 sshd[3072]: Failed password for root from 223.99.60.46 port 4679 ssh2 +Feb 22 16:59:54 slave22 sshd[3084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 16:59:54 slave22 sshd[3084]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:56 slave22 sshd[3072]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:56 slave22 sshd[3084]: Failed password for root from 116.31.116.27 port 43528 ssh2 +Feb 22 16:59:56 slave22 sshd[3084]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:56 slave22 sshd[3088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 16:59:56 slave22 sshd[3088]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:58 slave22 sshd[3072]: Failed password for root from 223.99.60.46 port 4679 ssh2 +Feb 22 16:59:58 slave22 sshd[3084]: Failed password for root from 116.31.116.27 port 43528 ssh2 +Feb 22 16:59:59 slave22 sshd[3088]: Failed password for root from 202.109.143.106 port 4450 ssh2 +Feb 22 16:59:59 slave22 sshd[3084]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:59 slave22 sshd[3072]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 16:59:59 slave22 sshd[3088]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:01 slave22 sshd[3084]: Failed password for root from 116.31.116.27 port 43528 ssh2 +Feb 22 17:00:01 slave22 sshd[3072]: Failed password for root from 223.99.60.46 port 4679 ssh2 +Feb 22 17:00:01 slave22 sshd[3072]: Disconnecting: Too many authentication failures for root [preauth] +Feb 22 17:00:01 slave22 sshd[3072]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:00:01 slave22 sshd[3072]: PAM service(sshd) ignoring max retries; 6 > 3 +Feb 22 17:00:01 slave22 sshd[3088]: Failed password for root from 202.109.143.106 port 4450 ssh2 +Feb 22 17:00:01 slave22 sshd[3084]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 17:00:01 slave22 sshd[3084]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 17:00:01 slave22 sshd[3088]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:03 slave22 sshd[3088]: Failed password for root from 202.109.143.106 port 4450 ssh2 +Feb 22 17:00:04 slave22 sshd[3088]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:04 slave22 sshd[3099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:00:04 slave22 sshd[3099]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:06 slave22 sshd[3088]: Failed password for root from 202.109.143.106 port 4450 ssh2 +Feb 22 17:00:06 slave22 sshd[3099]: Failed password for root from 223.99.60.46 port 31185 ssh2 +Feb 22 17:00:06 slave22 sshd[3088]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:07 slave22 sshd[3099]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:08 slave22 sshd[3088]: Failed password for root from 202.109.143.106 port 4450 ssh2 +Feb 22 17:00:08 slave22 sshd[3088]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 17:00:08 slave22 sshd[3088]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:00:08 slave22 sshd[3088]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 17:00:09 slave22 sshd[3099]: Failed password for root from 223.99.60.46 port 31185 ssh2 +Feb 22 17:00:10 slave22 sshd[3099]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:13 slave22 sshd[3099]: Failed password for root from 223.99.60.46 port 31185 ssh2 +Feb 22 17:00:14 slave22 sshd[3099]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:15 slave22 sshd[3103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:00:15 slave22 sshd[3103]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:15 slave22 sshd[3099]: Failed password for root from 223.99.60.46 port 31185 ssh2 +Feb 22 17:00:16 slave22 sshd[3099]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:17 slave22 sshd[3103]: Failed password for root from 202.109.143.106 port 1807 ssh2 +Feb 22 17:00:17 slave22 sshd[3103]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:18 slave22 sshd[3099]: Failed password for root from 223.99.60.46 port 31185 ssh2 +Feb 22 17:00:18 slave22 sshd[3103]: Failed password for root from 202.109.143.106 port 1807 ssh2 +Feb 22 17:00:19 slave22 sshd[3103]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:19 slave22 sshd[3099]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:21 slave22 sshd[3103]: Failed password for root from 202.109.143.106 port 1807 ssh2 +Feb 22 17:00:21 slave22 sshd[3099]: Failed password for root from 223.99.60.46 port 31185 ssh2 +Feb 22 17:00:21 slave22 sshd[3099]: Disconnecting: Too many authentication failures for root [preauth] +Feb 22 17:00:21 slave22 sshd[3099]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:00:21 slave22 sshd[3099]: PAM service(sshd) ignoring max retries; 6 > 3 +Feb 22 17:00:21 slave22 sshd[3103]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:23 slave22 sshd[3103]: Failed password for root from 202.109.143.106 port 1807 ssh2 +Feb 22 17:00:24 slave22 sshd[3103]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:24 slave22 sshd[3107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:00:24 slave22 sshd[3107]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:25 slave22 sshd[3103]: Failed password for root from 202.109.143.106 port 1807 ssh2 +Feb 22 17:00:26 slave22 sshd[3103]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 17:00:26 slave22 sshd[3103]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:00:26 slave22 sshd[3103]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 17:00:26 slave22 sshd[3107]: Failed password for root from 223.99.60.46 port 56365 ssh2 +Feb 22 17:00:27 slave22 sshd[3107]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:29 slave22 sshd[3107]: Failed password for root from 223.99.60.46 port 56365 ssh2 +Feb 22 17:00:30 slave22 sshd[3107]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:32 slave22 sshd[3107]: Failed password for root from 223.99.60.46 port 56365 ssh2 +Feb 22 17:00:33 slave22 sshd[3107]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:35 slave22 sshd[3107]: Failed password for root from 223.99.60.46 port 56365 ssh2 +Feb 22 17:00:36 slave22 sshd[3107]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:38 slave22 sshd[3107]: Failed password for root from 223.99.60.46 port 56365 ssh2 +Feb 22 17:00:38 slave22 sshd[3107]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:40 slave22 sshd[3107]: Failed password for root from 223.99.60.46 port 56365 ssh2 +Feb 22 17:00:40 slave22 sshd[3107]: Disconnecting: Too many authentication failures for root [preauth] +Feb 22 17:00:40 slave22 sshd[3107]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:00:40 slave22 sshd[3107]: PAM service(sshd) ignoring max retries; 6 > 3 +Feb 22 17:00:46 slave22 sshd[3115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:00:46 slave22 sshd[3115]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:48 slave22 sshd[3119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 17:00:48 slave22 sshd[3119]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:49 slave22 sshd[3115]: Failed password for root from 202.109.143.106 port 3310 ssh2 +Feb 22 17:00:49 slave22 sshd[3115]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:50 slave22 sshd[3119]: Failed password for root from 116.31.116.27 port 26757 ssh2 +Feb 22 17:00:50 slave22 sshd[3119]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:51 slave22 sshd[3115]: Failed password for root from 202.109.143.106 port 3310 ssh2 +Feb 22 17:00:52 slave22 sshd[3119]: Failed password for root from 116.31.116.27 port 26757 ssh2 +Feb 22 17:00:52 slave22 sshd[3119]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:53 slave22 sshd[3115]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:53 slave22 sshd[3111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:00:53 slave22 sshd[3111]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:54 slave22 sshd[3119]: Failed password for root from 116.31.116.27 port 26757 ssh2 +Feb 22 17:00:54 slave22 sshd[3115]: Failed password for root from 202.109.143.106 port 3310 ssh2 +Feb 22 17:00:54 slave22 sshd[3119]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 17:00:54 slave22 sshd[3119]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 17:00:54 slave22 sshd[3115]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:55 slave22 sshd[3111]: Failed password for root from 223.99.60.46 port 6597 ssh2 +Feb 22 17:00:56 slave22 sshd[3111]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:56 slave22 sshd[3115]: Failed password for root from 202.109.143.106 port 3310 ssh2 +Feb 22 17:00:57 slave22 sshd[3115]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:00:58 slave22 sshd[3111]: Failed password for root from 223.99.60.46 port 6597 ssh2 +Feb 22 17:00:58 slave22 sshd[3111]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:00 slave22 sshd[3115]: Failed password for root from 202.109.143.106 port 3310 ssh2 +Feb 22 17:01:00 slave22 sshd[3115]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 17:01:00 slave22 sshd[3115]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:01:00 slave22 sshd[3115]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 17:01:01 slave22 sshd[3111]: Failed password for root from 223.99.60.46 port 6597 ssh2 +Feb 22 17:01:02 slave22 sshd[3111]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:03 slave22 sshd[3111]: Failed password for root from 223.99.60.46 port 6597 ssh2 +Feb 22 17:01:04 slave22 sshd[3111]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:06 slave22 sshd[3111]: Failed password for root from 223.99.60.46 port 6597 ssh2 +Feb 22 17:01:07 slave22 sshd[3111]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:09 slave22 sshd[3111]: Failed password for root from 223.99.60.46 port 6597 ssh2 +Feb 22 17:01:09 slave22 sshd[3111]: Disconnecting: Too many authentication failures for root [preauth] +Feb 22 17:01:09 slave22 sshd[3111]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:01:09 slave22 sshd[3111]: PAM service(sshd) ignoring max retries; 6 > 3 +Feb 22 17:01:12 slave22 sshd[3192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:01:12 slave22 sshd[3192]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:14 slave22 sshd[3192]: Failed password for root from 202.109.143.106 port 4288 ssh2 +Feb 22 17:01:15 slave22 sshd[3192]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:17 slave22 sshd[3192]: Failed password for root from 202.109.143.106 port 4288 ssh2 +Feb 22 17:01:17 slave22 sshd[3192]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:19 slave22 sshd[3188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:01:19 slave22 sshd[3188]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:19 slave22 sshd[3192]: Failed password for root from 202.109.143.106 port 4288 ssh2 +Feb 22 17:01:21 slave22 sshd[3192]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:21 slave22 sshd[3188]: Failed password for root from 223.99.60.46 port 37514 ssh2 +Feb 22 17:01:22 slave22 sshd[3188]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:23 slave22 sshd[3192]: Failed password for root from 202.109.143.106 port 4288 ssh2 +Feb 22 17:01:23 slave22 sshd[3192]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:24 slave22 sshd[3188]: Failed password for root from 223.99.60.46 port 37514 ssh2 +Feb 22 17:01:25 slave22 sshd[3188]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:25 slave22 sshd[3192]: Failed password for root from 202.109.143.106 port 4288 ssh2 +Feb 22 17:01:25 slave22 sshd[3192]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 17:01:25 slave22 sshd[3192]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:01:25 slave22 sshd[3192]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 17:01:26 slave22 sshd[3188]: Failed password for root from 223.99.60.46 port 37514 ssh2 +Feb 22 17:01:27 slave22 sshd[3188]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:29 slave22 sshd[3188]: Failed password for root from 223.99.60.46 port 37514 ssh2 +Feb 22 17:01:29 slave22 sshd[3188]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:31 slave22 sshd[3188]: Failed password for root from 223.99.60.46 port 37514 ssh2 +Feb 22 17:01:32 slave22 sshd[3188]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:34 slave22 sshd[3188]: Failed password for root from 223.99.60.46 port 37514 ssh2 +Feb 22 17:01:34 slave22 sshd[3188]: Disconnecting: Too many authentication failures for root [preauth] +Feb 22 17:01:34 slave22 sshd[3188]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:01:34 slave22 sshd[3188]: PAM service(sshd) ignoring max retries; 6 > 3 +Feb 22 17:01:46 slave22 sshd[3200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 17:01:46 slave22 sshd[3200]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:47 slave22 sshd[3196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:01:47 slave22 sshd[3196]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:47 slave22 sshd[3200]: Failed password for root from 116.31.116.27 port 36880 ssh2 +Feb 22 17:01:48 slave22 sshd[3200]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:49 slave22 sshd[3196]: Failed password for root from 223.99.60.46 port 55116 ssh2 +Feb 22 17:01:49 slave22 sshd[3200]: Failed password for root from 116.31.116.27 port 36880 ssh2 +Feb 22 17:01:49 slave22 sshd[3196]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:49 slave22 sshd[3200]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:49 slave22 sshd[3204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:01:49 slave22 sshd[3204]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:51 slave22 sshd[3196]: Failed password for root from 223.99.60.46 port 55116 ssh2 +Feb 22 17:01:51 slave22 sshd[3200]: Failed password for root from 116.31.116.27 port 36880 ssh2 +Feb 22 17:01:51 slave22 sshd[3204]: Failed password for root from 202.109.143.106 port 3480 ssh2 +Feb 22 17:01:51 slave22 sshd[3204]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:52 slave22 sshd[3196]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:53 slave22 sshd[3204]: Failed password for root from 202.109.143.106 port 3480 ssh2 +Feb 22 17:01:53 slave22 sshd[3204]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:53 slave22 sshd[3200]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 17:01:53 slave22 sshd[3200]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 17:01:54 slave22 sshd[3196]: Failed password for root from 223.99.60.46 port 55116 ssh2 +Feb 22 17:01:55 slave22 sshd[3196]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:55 slave22 sshd[3204]: Failed password for root from 202.109.143.106 port 3480 ssh2 +Feb 22 17:01:56 slave22 sshd[3204]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:57 slave22 sshd[3196]: Failed password for root from 223.99.60.46 port 55116 ssh2 +Feb 22 17:01:57 slave22 sshd[3204]: Failed password for root from 202.109.143.106 port 3480 ssh2 +Feb 22 17:01:58 slave22 sshd[3204]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:58 slave22 sshd[3196]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:01:59 slave22 sshd[3204]: Failed password for root from 202.109.143.106 port 3480 ssh2 +Feb 22 17:02:00 slave22 sshd[3204]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 17:02:00 slave22 sshd[3204]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:02:00 slave22 sshd[3204]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 17:02:00 slave22 sshd[3196]: Failed password for root from 223.99.60.46 port 55116 ssh2 +Feb 22 17:02:01 slave22 sshd[3196]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:03 slave22 sshd[3196]: Failed password for root from 223.99.60.46 port 55116 ssh2 +Feb 22 17:02:03 slave22 sshd[3196]: Disconnecting: Too many authentication failures for root [preauth] +Feb 22 17:02:03 slave22 sshd[3196]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:02:03 slave22 sshd[3196]: PAM service(sshd) ignoring max retries; 6 > 3 +Feb 22 17:02:14 slave22 sshd[3216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:02:14 slave22 sshd[3216]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:16 slave22 sshd[3216]: Failed password for root from 223.99.60.46 port 22291 ssh2 +Feb 22 17:02:17 slave22 sshd[3216]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:18 slave22 sshd[3216]: Failed password for root from 223.99.60.46 port 22291 ssh2 +Feb 22 17:02:19 slave22 sshd[3216]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:21 slave22 sshd[3216]: Failed password for root from 223.99.60.46 port 22291 ssh2 +Feb 22 17:02:22 slave22 sshd[3216]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:24 slave22 sshd[3216]: Failed password for root from 223.99.60.46 port 22291 ssh2 +Feb 22 17:02:24 slave22 sshd[3216]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:26 slave22 sshd[3216]: Failed password for root from 223.99.60.46 port 22291 ssh2 +Feb 22 17:02:27 slave22 sshd[3216]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:27 slave22 sshd[3220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:02:27 slave22 sshd[3220]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:29 slave22 sshd[3216]: Failed password for root from 223.99.60.46 port 22291 ssh2 +Feb 22 17:02:29 slave22 sshd[3216]: Disconnecting: Too many authentication failures for root [preauth] +Feb 22 17:02:29 slave22 sshd[3216]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:02:29 slave22 sshd[3216]: PAM service(sshd) ignoring max retries; 6 > 3 +Feb 22 17:02:29 slave22 sshd[3220]: Failed password for root from 202.109.143.106 port 1203 ssh2 +Feb 22 17:02:29 slave22 sshd[3220]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:31 slave22 sshd[3220]: Failed password for root from 202.109.143.106 port 1203 ssh2 +Feb 22 17:02:31 slave22 sshd[3220]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:33 slave22 sshd[3220]: Failed password for root from 202.109.143.106 port 1203 ssh2 +Feb 22 17:02:33 slave22 sshd[3220]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:36 slave22 sshd[3220]: Failed password for root from 202.109.143.106 port 1203 ssh2 +Feb 22 17:02:36 slave22 sshd[3220]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:37 slave22 sshd[3220]: Failed password for root from 202.109.143.106 port 1203 ssh2 +Feb 22 17:02:38 slave22 sshd[3220]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 17:02:38 slave22 sshd[3220]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:02:38 slave22 sshd[3220]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 17:02:38 slave22 sshd[3224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:02:38 slave22 sshd[3224]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:39 slave22 sshd[3232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:02:39 slave22 sshd[3232]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:39 slave22 sshd[3228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 17:02:39 slave22 sshd[3228]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:39 slave22 sshd[3224]: Failed password for root from 223.99.60.46 port 46820 ssh2 +Feb 22 17:02:40 slave22 sshd[3224]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:42 slave22 sshd[3232]: Failed password for root from 202.109.143.106 port 1140 ssh2 +Feb 22 17:02:42 slave22 sshd[3232]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:42 slave22 sshd[3228]: Failed password for root from 116.31.116.27 port 30327 ssh2 +Feb 22 17:02:42 slave22 sshd[3224]: Failed password for root from 223.99.60.46 port 46820 ssh2 +Feb 22 17:02:42 slave22 sshd[3228]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:43 slave22 sshd[3224]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:43 slave22 sshd[3232]: Failed password for root from 202.109.143.106 port 1140 ssh2 +Feb 22 17:02:44 slave22 sshd[3232]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:44 slave22 sshd[3228]: Failed password for root from 116.31.116.27 port 30327 ssh2 +Feb 22 17:02:44 slave22 sshd[3228]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:44 slave22 sshd[3224]: Failed password for root from 223.99.60.46 port 46820 ssh2 +Feb 22 17:02:45 slave22 sshd[3224]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:46 slave22 sshd[3232]: Failed password for root from 202.109.143.106 port 1140 ssh2 +Feb 22 17:02:46 slave22 sshd[3232]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:46 slave22 sshd[3228]: Failed password for root from 116.31.116.27 port 30327 ssh2 +Feb 22 17:02:47 slave22 sshd[3228]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 17:02:47 slave22 sshd[3228]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 17:02:47 slave22 sshd[3224]: Failed password for root from 223.99.60.46 port 46820 ssh2 +Feb 22 17:02:48 slave22 sshd[3224]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:48 slave22 sshd[3232]: Failed password for root from 202.109.143.106 port 1140 ssh2 +Feb 22 17:02:49 slave22 sshd[3232]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:49 slave22 sshd[3224]: Failed password for root from 223.99.60.46 port 46820 ssh2 +Feb 22 17:02:50 slave22 sshd[3224]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:51 slave22 sshd[3232]: Failed password for root from 202.109.143.106 port 1140 ssh2 +Feb 22 17:02:51 slave22 sshd[3232]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 17:02:51 slave22 sshd[3232]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:02:51 slave22 sshd[3232]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 17:02:52 slave22 sshd[3224]: Failed password for root from 223.99.60.46 port 46820 ssh2 +Feb 22 17:02:52 slave22 sshd[3224]: Disconnecting: Too many authentication failures for root [preauth] +Feb 22 17:02:52 slave22 sshd[3224]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:02:52 slave22 sshd[3224]: PAM service(sshd) ignoring max retries; 6 > 3 +Feb 22 17:02:52 slave22 sshd[3244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:02:52 slave22 sshd[3244]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:54 slave22 sshd[3244]: Failed password for root from 202.109.143.106 port 1140 ssh2 +Feb 22 17:02:54 slave22 sshd[3244]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:55 slave22 sshd[3248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:02:55 slave22 sshd[3248]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:56 slave22 sshd[3244]: Failed password for root from 202.109.143.106 port 1140 ssh2 +Feb 22 17:02:56 slave22 sshd[3244]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:02:57 slave22 sshd[3248]: Failed password for root from 223.99.60.46 port 1676 ssh2 +Feb 22 17:02:58 slave22 sshd[3244]: Failed password for root from 202.109.143.106 port 1140 ssh2 +Feb 22 17:02:59 slave22 sshd[3244]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:00 slave22 sshd[3244]: Failed password for root from 202.109.143.106 port 1140 ssh2 +Feb 22 17:03:00 slave22 sshd[3244]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:02 slave22 sshd[3244]: Failed password for root from 202.109.143.106 port 1140 ssh2 +Feb 22 17:03:02 slave22 sshd[3244]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 17:03:02 slave22 sshd[3244]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:03:02 slave22 sshd[3244]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 17:03:07 slave22 sshd[3248]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:09 slave22 sshd[3248]: Failed password for root from 223.99.60.46 port 1676 ssh2 +Feb 22 17:03:10 slave22 sshd[3248]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:12 slave22 sshd[3248]: Failed password for root from 223.99.60.46 port 1676 ssh2 +Feb 22 17:03:12 slave22 sshd[3248]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:14 slave22 sshd[3248]: Failed password for root from 223.99.60.46 port 1676 ssh2 +Feb 22 17:03:15 slave22 sshd[3248]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:18 slave22 sshd[3248]: Failed password for root from 223.99.60.46 port 1676 ssh2 +Feb 22 17:03:18 slave22 sshd[3248]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:20 slave22 sshd[3252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:03:20 slave22 sshd[3252]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:20 slave22 sshd[3248]: Failed password for root from 223.99.60.46 port 1676 ssh2 +Feb 22 17:03:20 slave22 sshd[3248]: Disconnecting: Too many authentication failures for root [preauth] +Feb 22 17:03:20 slave22 sshd[3248]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:03:20 slave22 sshd[3248]: PAM service(sshd) ignoring max retries; 6 > 3 +Feb 22 17:03:21 slave22 sshd[3252]: Failed password for root from 202.109.143.106 port 4411 ssh2 +Feb 22 17:03:22 slave22 sshd[3252]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:22 slave22 sshd[3260]: Accepted publickey for tsg from 78.52.112.222 port 57936 ssh2: RSA 7c:28:53:4b:dd:5d:1e:07:77:0e:98:01:96:0d:c5:95 +Feb 22 17:03:22 slave22 sshd[3260]: pam_unix(sshd:session): session opened for user tsg by (uid=0) +Feb 22 17:03:23 slave22 sshd[3252]: Failed password for root from 202.109.143.106 port 4411 ssh2 +Feb 22 17:03:24 slave22 sshd[3252]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:26 slave22 sshd[3252]: Failed password for root from 202.109.143.106 port 4411 ssh2 +Feb 22 17:03:26 slave22 sshd[3252]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:28 slave22 sshd[3252]: Failed password for root from 202.109.143.106 port 4411 ssh2 +Feb 22 17:03:28 slave22 sshd[3252]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:31 slave22 sshd[3252]: Failed password for root from 202.109.143.106 port 4411 ssh2 +Feb 22 17:03:31 slave22 sshd[3252]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 17:03:31 slave22 sshd[3252]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:03:31 slave22 sshd[3252]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 17:03:33 slave22 sshd[3256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:03:33 slave22 sshd[3256]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:35 slave22 sshd[3256]: Failed password for root from 223.99.60.46 port 30094 ssh2 +Feb 22 17:03:35 slave22 sudo: tsg : TTY=pts/0 ; PWD=/home/tsg ; USER=root ; COMMAND=/bin/cat /var/log/secure +Feb 22 17:03:36 slave22 sshd[3256]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:37 slave22 sshd[3298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 17:03:37 slave22 sshd[3298]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:37 slave22 sshd[3256]: Failed password for root from 223.99.60.46 port 30094 ssh2 +Feb 22 17:03:38 slave22 sshd[3256]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:38 slave22 sshd[3298]: Failed password for root from 116.31.116.27 port 52640 ssh2 +Feb 22 17:03:39 slave22 sshd[3298]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:40 slave22 sshd[3256]: Failed password for root from 223.99.60.46 port 30094 ssh2 +Feb 22 17:03:41 slave22 sshd[3298]: Failed password for root from 116.31.116.27 port 52640 ssh2 +Feb 22 17:03:41 slave22 sshd[3256]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:41 slave22 sshd[3298]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:42 slave22 sshd[3256]: Failed password for root from 223.99.60.46 port 30094 ssh2 +Feb 22 17:03:42 slave22 sshd[3298]: Failed password for root from 116.31.116.27 port 52640 ssh2 +Feb 22 17:03:43 slave22 sshd[3256]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:43 slave22 sshd[3298]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 17:03:43 slave22 sshd[3298]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 17:03:45 slave22 sshd[3256]: Failed password for root from 223.99.60.46 port 30094 ssh2 +Feb 22 17:03:46 slave22 sshd[3256]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:48 slave22 sshd[3256]: Failed password for root from 223.99.60.46 port 30094 ssh2 +Feb 22 17:03:48 slave22 sshd[3256]: Disconnecting: Too many authentication failures for root [preauth] +Feb 22 17:03:48 slave22 sshd[3256]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:03:48 slave22 sshd[3256]: PAM service(sshd) ignoring max retries; 6 > 3 +Feb 22 17:03:53 slave22 sshd[3317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:03:53 slave22 sshd[3317]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:55 slave22 sshd[3317]: Failed password for root from 202.109.143.106 port 4037 ssh2 +Feb 22 17:03:55 slave22 sshd[3317]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:03:57 slave22 sshd[3317]: Failed password for root from 202.109.143.106 port 4037 ssh2 +Feb 22 17:03:57 slave22 sshd[3317]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:00 slave22 sshd[3317]: Failed password for root from 202.109.143.106 port 4037 ssh2 +Feb 22 17:04:00 slave22 sshd[3317]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:01 slave22 sshd[3317]: Failed password for root from 202.109.143.106 port 4037 ssh2 +Feb 22 17:04:02 slave22 sshd[3313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:04:02 slave22 sshd[3313]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:02 slave22 sshd[3317]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:04 slave22 sshd[3313]: Failed password for root from 223.99.60.46 port 57812 ssh2 +Feb 22 17:04:04 slave22 sshd[3317]: Failed password for root from 202.109.143.106 port 4037 ssh2 +Feb 22 17:04:04 slave22 sshd[3317]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 17:04:04 slave22 sshd[3317]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:04:04 slave22 sshd[3317]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 17:04:04 slave22 sshd[3313]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:07 slave22 sshd[3313]: Failed password for root from 223.99.60.46 port 57812 ssh2 +Feb 22 17:04:08 slave22 sshd[3313]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:10 slave22 sshd[3313]: Failed password for root from 223.99.60.46 port 57812 ssh2 +Feb 22 17:04:10 slave22 sshd[3313]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:11 slave22 sshd[3321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:04:11 slave22 sshd[3321]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:12 slave22 sshd[3321]: Failed password for root from 202.109.143.106 port 2592 ssh2 +Feb 22 17:04:12 slave22 sshd[3321]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:13 slave22 sshd[3313]: Failed password for root from 223.99.60.46 port 57812 ssh2 +Feb 22 17:04:13 slave22 sshd[3313]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:14 slave22 sshd[3321]: Failed password for root from 202.109.143.106 port 2592 ssh2 +Feb 22 17:04:14 slave22 sshd[3321]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:15 slave22 sshd[3313]: Failed password for root from 223.99.60.46 port 57812 ssh2 +Feb 22 17:04:16 slave22 sshd[3321]: Failed password for root from 202.109.143.106 port 2592 ssh2 +Feb 22 17:04:16 slave22 sshd[3313]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:16 slave22 sshd[3321]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:18 slave22 sshd[3313]: Failed password for root from 223.99.60.46 port 57812 ssh2 +Feb 22 17:04:18 slave22 sshd[3313]: Disconnecting: Too many authentication failures for root [preauth] +Feb 22 17:04:18 slave22 sshd[3313]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:04:18 slave22 sshd[3313]: PAM service(sshd) ignoring max retries; 6 > 3 +Feb 22 17:04:19 slave22 sshd[3321]: Failed password for root from 202.109.143.106 port 2592 ssh2 +Feb 22 17:04:19 slave22 sshd[3321]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:21 slave22 sshd[3321]: Failed password for root from 202.109.143.106 port 2592 ssh2 +Feb 22 17:04:21 slave22 sshd[3321]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 17:04:21 slave22 sshd[3321]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:04:21 slave22 sshd[3321]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 17:04:29 slave22 sshd[3325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:04:29 slave22 sshd[3325]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:30 slave22 sshd[3325]: Failed password for root from 223.99.60.46 port 33646 ssh2 +Feb 22 17:04:31 slave22 sshd[3325]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:33 slave22 sshd[3325]: Failed password for root from 223.99.60.46 port 33646 ssh2 +Feb 22 17:04:34 slave22 sshd[3325]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:35 slave22 sshd[3333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 17:04:35 slave22 sshd[3333]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:35 slave22 sshd[3329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:04:35 slave22 sshd[3329]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:36 slave22 sshd[3325]: Failed password for root from 223.99.60.46 port 33646 ssh2 +Feb 22 17:04:36 slave22 sshd[3333]: Failed password for root from 116.31.116.27 port 37886 ssh2 +Feb 22 17:04:36 slave22 sshd[3329]: Failed password for root from 202.109.143.106 port 3203 ssh2 +Feb 22 17:04:37 slave22 sshd[3333]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:37 slave22 sshd[3329]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:37 slave22 sshd[3325]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:39 slave22 sshd[3333]: Failed password for root from 116.31.116.27 port 37886 ssh2 +Feb 22 17:04:39 slave22 sshd[3329]: Failed password for root from 202.109.143.106 port 3203 ssh2 +Feb 22 17:04:39 slave22 sshd[3325]: Failed password for root from 223.99.60.46 port 33646 ssh2 +Feb 22 17:04:39 slave22 sshd[3333]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:39 slave22 sshd[3325]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:40 slave22 sshd[3329]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:41 slave22 sshd[3333]: Failed password for root from 116.31.116.27 port 37886 ssh2 +Feb 22 17:04:42 slave22 sshd[3325]: Failed password for root from 223.99.60.46 port 33646 ssh2 +Feb 22 17:04:42 slave22 sshd[3333]: Received disconnect from 116.31.116.27: 11: [preauth] +Feb 22 17:04:42 slave22 sshd[3333]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.27 user=root +Feb 22 17:04:42 slave22 sshd[3325]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:42 slave22 sshd[3329]: Failed password for root from 202.109.143.106 port 3203 ssh2 +Feb 22 17:04:44 slave22 sshd[3325]: Failed password for root from 223.99.60.46 port 33646 ssh2 +Feb 22 17:04:44 slave22 sshd[3325]: Disconnecting: Too many authentication failures for root [preauth] +Feb 22 17:04:44 slave22 sshd[3325]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.99.60.46 user=root +Feb 22 17:04:44 slave22 sshd[3325]: PAM service(sshd) ignoring max retries; 6 > 3 +Feb 22 17:04:44 slave22 sshd[3329]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:46 slave22 sshd[3329]: Failed password for root from 202.109.143.106 port 3203 ssh2 +Feb 22 17:04:47 slave22 sshd[3329]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" +Feb 22 17:04:48 slave22 sshd[3329]: Failed password for root from 202.109.143.106 port 3203 ssh2 +Feb 22 17:04:49 slave22 sshd[3329]: fatal: Read from socket failed: Connection reset by peer [preauth] +Feb 22 17:04:49 slave22 sshd[3329]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.143.106 user=root +Feb 22 17:04:49 slave22 sshd[3329]: PAM service(sshd) ignoring max retries; 5 > 3 +Feb 22 17:04:51 slave22 sudo: tsg : TTY=pts/0 ; PWD=/home/tsg ; USER=root ; COMMAND=/bin/cp /var/log/secure . diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/auth/test/test.log b/vendor/github.com/elastic/beats/filebeat/module/system/auth/test/test.log new file mode 100644 index 00000000..d1bea07e --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/auth/test/test.log @@ -0,0 +1,10 @@ +Feb 21 21:54:44 localhost sshd[3402]: Accepted publickey for vagrant from 10.0.2.2 port 63673 ssh2: RSA 39:33:99:e9:a0:dc:f2:33:a3:e5:72:3b:7c:3a:56:84 +Feb 23 00:13:35 localhost sshd[7483]: Accepted password for vagrant from 192.168.33.1 port 58803 ssh2 +Feb 21 21:56:12 localhost sshd[3430]: Invalid user test from 10.0.2.2 +Feb 20 08:35:22 slave22 sshd[5774]: Failed password for root from 116.31.116.24 port 29160 ssh2 +Feb 21 23:35:33 localhost sudo: vagrant : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/ls +Feb 19 15:30:04 slave22 sshd[18406]: Did not receive identification string from 123.57.245.163 +Feb 23 00:08:48 localhost sudo: vagrant : TTY=pts/1 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/cat /var/log/secure +Feb 24 00:13:02 precise32 sudo: tsg : user NOT in sudoers ; TTY=pts/1 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/ls +Feb 22 11:47:05 localhost groupadd[6991]: new group: name=apache, GID=48 +Feb 22 11:47:05 localhost useradd[6995]: new user: name=apache, UID=48, GID=48, home=/usr/share/httpd, shell=/sbin/nologin diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/auth/test/test.log-expected.json b/vendor/github.com/elastic/beats/filebeat/module/system/auth/test/test.log-expected.json new file mode 100644 index 00000000..9d24032c --- /dev/null +++ b/vendor/github.com/elastic/beats/filebeat/module/system/auth/test/test.log-expected.json @@ -0,0 +1,362 @@ +[ + { + "_index" : "test-filebeat-modules", + "_type" : "log", + "_id" : "AVpwYhxbd3MQAzSWoGjF", + "_score" : 1.0, + "_source" : { + "@timestamp" : "2017-02-23T00:13:35.000Z", + "system" : { + "auth" : { + "hostname" : "localhost", + "ssh" : { + "method" : "password", + "port" : "58803", + "ip" : "192.168.33.1", + "event" : "Accepted" + }, + "pid" : "7483", + "user" : "vagrant", + "timestamp" : "Feb 23 00:13:35" + } + }, + "offset" : 254, + "beat" : { + "hostname" : "a-mac-with-esc-key.local", + "name" : "a-mac-with-esc-key.local", + "version" : "6.0.0-alpha1" + }, + "input_type" : "log", + "source" : "/Users/tsg/src/github.com/elastic/beats/filebeat/module/system/auth/test/test.log", + "fileset" : { + "module" : "system", + "name" : "auth" + }, + "type" : "log" + } + }, + { + "_index" : "test-filebeat-modules", + "_type" : "log", + "_id" : "AVpwYhxbd3MQAzSWoGjK", + "_score" : 1.0, + "_source" : { + "@timestamp" : "2017-02-23T00:08:48.000Z", + "system" : { + "auth" : { + "hostname" : "localhost", + "sudo" : { + "tty" : "pts/1", + "pwd" : "/home/vagrant", + "user" : "root", + "command" : "/bin/cat /var/log/secure" + }, + "user" : "vagrant", + "timestamp" : "Feb 23 00:08:48" + } + }, + "offset" : 736, + "beat" : { + "hostname" : "a-mac-with-esc-key.local", + "name" : "a-mac-with-esc-key.local", + "version" : "6.0.0-alpha1" + }, + "input_type" : "log", + "source" : "/Users/tsg/src/github.com/elastic/beats/filebeat/module/system/auth/test/test.log", + "fileset" : { + "module" : "system", + "name" : "auth" + }, + "type" : "log" + } + }, + { + "_index" : "test-filebeat-modules", + "_type" : "log", + "_id" : "AVpwYhxbd3MQAzSWoGjG", + "_score" : 1.0, + "_source" : { + "@timestamp" : "2017-02-21T21:56:12.000Z", + "system" : { + "auth" : { + "hostname" : "localhost", + "ssh" : { + "ip" : "10.0.2.2", + "event" : "Invalid" + }, + "pid" : "3430", + "user" : "test", + "timestamp" : "Feb 21 21:56:12" + } + }, + "offset" : 324, + "beat" : { + "hostname" : "a-mac-with-esc-key.local", + "name" : "a-mac-with-esc-key.local", + "version" : "6.0.0-alpha1" + }, + "input_type" : "log", + "source" : "/Users/tsg/src/github.com/elastic/beats/filebeat/module/system/auth/test/test.log", + "fileset" : { + "module" : "system", + "name" : "auth" + }, + "type" : "log" + } + }, + { + "_index" : "test-filebeat-modules", + "_type" : "log", + "_id" : "AVpwYhxbd3MQAzSWoGjJ", + "_score" : 1.0, + "_source" : { + "@timestamp" : "2017-02-19T15:30:04.000Z", + "system" : { + "auth" : { + "hostname" : "slave22", + "ssh" : { + "dropped_ip" : "123.57.245.163" + }, + "pid" : "18406", + "timestamp" : "Feb 19 15:30:04" + } + }, + "offset" : 617, + "beat" : { + "hostname" : "a-mac-with-esc-key.local", + "name" : "a-mac-with-esc-key.local", + "version" : "6.0.0-alpha1" + }, + "input_type" : "log", + "source" : "/Users/tsg/src/github.com/elastic/beats/filebeat/module/system/auth/test/test.log", + "fileset" : { + "module" : "system", + "name" : "auth" + }, + "type" : "log" + } + }, + { + "_index" : "test-filebeat-modules", + "_type" : "log", + "_id" : "AVpwYhxbd3MQAzSWoGjL", + "_score" : 1.0, + "_source" : { + "@timestamp" : "2017-02-24T00:13:02.000Z", + "system" : { + "auth" : { + "hostname" : "precise32", + "sudo" : { + "tty" : "pts/1", + "pwd" : "/home/vagrant", + "error" : "user NOT in sudoers", + "user" : "root", + "command" : "/bin/ls" + }, + "user" : "tsg", + "timestamp" : "Feb 24 00:13:02" + } + }, + "offset" : 861, + "beat" : { + "hostname" : "a-mac-with-esc-key.local", + "name" : "a-mac-with-esc-key.local", + "version" : "6.0.0-alpha1" + }, + "input_type" : "log", + "source" : "/Users/tsg/src/github.com/elastic/beats/filebeat/module/system/auth/test/test.log", + "fileset" : { + "module" : "system", + "name" : "auth" + }, + "type" : "log" + } + }, + { + "_index" : "test-filebeat-modules", + "_type" : "log", + "_id" : "AVpwYhxbd3MQAzSWoGjM", + "_score" : 1.0, + "_source" : { + "@timestamp" : "2017-02-22T11:47:05.000Z", + "system" : { + "auth" : { + "hostname" : "localhost", + "pid" : "6991", + "groupadd" : { + "gid" : "48", + "name" : "apache" + }, + "timestamp" : "Feb 22 11:47:05" + } + }, + "offset" : 934, + "beat" : { + "hostname" : "a-mac-with-esc-key.local", + "name" : "a-mac-with-esc-key.local", + "version" : "6.0.0-alpha1" + }, + "input_type" : "log", + "source" : "/Users/tsg/src/github.com/elastic/beats/filebeat/module/system/auth/test/test.log", + "fileset" : { + "module" : "system", + "name" : "auth" + }, + "type" : "log" + } + }, + { + "_index" : "test-filebeat-modules", + "_type" : "log", + "_id" : "AVpwYhxbd3MQAzSWoGjN", + "_score" : 1.0, + "_source" : { + "@timestamp" : "2017-02-22T11:47:05.000Z", + "system" : { + "auth" : { + "hostname" : "localhost", + "pid" : "6995", + "useradd" : { + "uid" : "48", + "gid" : "48", + "shell" : "/sbin/nologin", + "name" : "apache", + "home" : "/usr/share/httpd" + }, + "timestamp" : "Feb 22 11:47:05" + } + }, + "offset" : 1057, + "beat" : { + "hostname" : "a-mac-with-esc-key.local", + "name" : "a-mac-with-esc-key.local", + "version" : "6.0.0-alpha1" + }, + "input_type" : "log", + "source" : "/Users/tsg/src/github.com/elastic/beats/filebeat/module/system/auth/test/test.log", + "fileset" : { + "module" : "system", + "name" : "auth" + }, + "type" : "log" + } + }, + { + "_index" : "test-filebeat-modules", + "_type" : "log", + "_id" : "AVpwYhxbd3MQAzSWoGjE", + "_score" : 1.0, + "_source" : { + "@timestamp" : "2017-02-21T21:54:44.000Z", + "system" : { + "auth" : { + "hostname" : "localhost", + "ssh" : { + "method" : "publickey", + "signature" : "RSA 39:33:99:e9:a0:dc:f2:33:a3:e5:72:3b:7c:3a:56:84", + "port" : "63673", + "ip" : "10.0.2.2", + "event" : "Accepted" + }, + "pid" : "3402", + "user" : "vagrant", + "timestamp" : "Feb 21 21:54:44" + } + }, + "offset" : 152, + "beat" : { + "hostname" : "a-mac-with-esc-key.local", + "name" : "a-mac-with-esc-key.local", + "version" : "6.0.0-alpha1" + }, + "input_type" : "log", + "source" : "/Users/tsg/src/github.com/elastic/beats/filebeat/module/system/auth/test/test.log", + "fileset" : { + "module" : "system", + "name" : "auth" + }, + "type" : "log" + } + }, + { + "_index" : "test-filebeat-modules", + "_type" : "log", + "_id" : "AVpwYhxbd3MQAzSWoGjH", + "_score" : 1.0, + "_source" : { + "@timestamp" : "2017-02-20T08:35:22.000Z", + "system" : { + "auth" : { + "hostname" : "slave22", + "ssh" : { + "geoip" : { + "continent_name" : "Asia", + "city_name" : "Guangzhou", + "country_iso_code" : "CN", + "region_name" : "Guangdong", + "location" : { + "lon" : 113.25, + "lat" : 23.1167 + } + }, + "method" : "password", + "port" : "29160", + "ip" : "116.31.116.24", + "event" : "Failed" + }, + "pid" : "5774", + "user" : "root", + "timestamp" : "Feb 20 08:35:22" + } + }, + "offset" : 420, + "beat" : { + "hostname" : "a-mac-with-esc-key.local", + "name" : "a-mac-with-esc-key.local", + "version" : "6.0.0-alpha1" + }, + "input_type" : "log", + "source" : "/Users/tsg/src/github.com/elastic/beats/filebeat/module/system/auth/test/test.log", + "fileset" : { + "module" : "system", + "name" : "auth" + }, + "type" : "log" + } + }, + { + "_index" : "test-filebeat-modules", + "_type" : "log", + "_id" : "AVpwYhxbd3MQAzSWoGjI", + "_score" : 1.0, + "_source" : { + "@timestamp" : "2017-02-21T23:35:33.000Z", + "system" : { + "auth" : { + "hostname" : "localhost", + "sudo" : { + "tty" : "pts/0", + "pwd" : "/home/vagrant", + "user" : "root", + "command" : "/bin/ls" + }, + "user" : "vagrant", + "timestamp" : "Feb 21 23:35:33" + } + }, + "offset" : 522, + "beat" : { + "hostname" : "a-mac-with-esc-key.local", + "name" : "a-mac-with-esc-key.local", + "version" : "6.0.0-alpha1" + }, + "input_type" : "log", + "source" : "/Users/tsg/src/github.com/elastic/beats/filebeat/module/system/auth/test/test.log", + "fileset" : { + "module" : "system", + "name" : "auth" + }, + "type" : "log" + } + } +] diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/syslog/ingest/pipeline.json b/vendor/github.com/elastic/beats/filebeat/module/system/syslog/ingest/pipeline.json index b6f099c9..12190509 100644 --- a/vendor/github.com/elastic/beats/filebeat/module/system/syslog/ingest/pipeline.json +++ b/vendor/github.com/elastic/beats/filebeat/module/system/syslog/ingest/pipeline.json @@ -5,7 +5,8 @@ "grok": { "field": "message", "patterns": [ - "%{SYSLOGTIMESTAMP:system.syslog.timestamp} %{SYSLOGHOST:system.syslog.hostname} %{DATA:system.syslog.program}(?:\\[%{POSINT:system.syslog.pid}\\])?: %{GREEDYMULTILINE:system.syslog.message}" + "%{SYSLOGTIMESTAMP:system.syslog.timestamp} %{SYSLOGHOST:system.syslog.hostname} %{DATA:system.syslog.program}(?:\\[%{POSINT:system.syslog.pid}\\])?: %{GREEDYMULTILINE:system.syslog.message}", + "%{SYSLOGTIMESTAMP:system.syslog.timestamp} %{GREEDYMULTILINE:system.syslog.message}" ], "pattern_definitions" : { "GREEDYMULTILINE" : "(.|\n)*" diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/syslog/test/darwin-syslog-sample.log b/vendor/github.com/elastic/beats/filebeat/module/system/syslog/test/darwin-syslog-sample.log index 55e44c52..ec5b4bd6 100644 --- a/vendor/github.com/elastic/beats/filebeat/module/system/syslog/test/darwin-syslog-sample.log +++ b/vendor/github.com/elastic/beats/filebeat/module/system/syslog/test/darwin-syslog-sample.log @@ -18,3 +18,4 @@ Dec 13 11:35:28 a-mac-with-esc-key GoogleSoftwareUpdateAgent[21412]: 2016-12-13 errors=0 > Dec 13 11:35:28 a-mac-with-esc-key GoogleSoftwareUpdateAgent[21412]: 2016-12-13 11:35:28.421 GoogleSoftwareUpdateAgent[21412/0x700007399000] [lvl=2] -[KSUpdateEngine updateAllExceptProduct:] KSUpdateEngine updating all installed products, except:'com.google.Keystone'. +Apr 4 03:39:57 --- last message repeated 1 time --- diff --git a/vendor/github.com/elastic/beats/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json b/vendor/github.com/elastic/beats/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json index 5bb4fa92..cf6e1ae6 100644 --- a/vendor/github.com/elastic/beats/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json +++ b/vendor/github.com/elastic/beats/filebeat/module/system/syslog/test/darwin-syslog-sample.log-expected.json @@ -58,5 +58,33 @@ }, "type" : "log" } + }, + { + "_index": "test-filebeat-modules", + "_type": "doc", + "_id": "AVtFVFY1nbkdi71WgGxo", + "_score": 1, + "_source": { + "@timestamp": "2017-04-04T03:39:57.000Z", + "system": { + "syslog": { + "message": "--- last message repeated 1 time ---", + "timestamp": "Apr 4 03:39:57" + } + }, + "offset": 1228, + "beat": { + "hostname": "a-mac-with-esc-key-2.local", + "name": "a-mac-with-esc-key-2.local", + "version": "6.0.0-alpha1" + }, + "input_type": "log", + "source": "/Users/tsg/src/github.com/elastic/beats/filebeat/module/system/syslog/test/darwin-syslog-sample.log", + "fileset": { + "module": "system", + "name": "syslog" + }, + "type": "log" + } } ] diff --git a/vendor/github.com/elastic/beats/filebeat/prospector/factory.go b/vendor/github.com/elastic/beats/filebeat/prospector/factory.go index df4d3e80..1dd00456 100644 --- a/vendor/github.com/elastic/beats/filebeat/prospector/factory.go +++ b/vendor/github.com/elastic/beats/filebeat/prospector/factory.go @@ -32,7 +32,8 @@ func (r *Factory) Create(c *common.Config) (cfgfile.Runner, error) { err = p.LoadStates(r.registrar.GetStates()) if err != nil { logp.Err("Error loading states for prospector %v: %v", p.ID(), err) - return nil, err + // In case of error with loading state, prospector is still returne + return p, err } return p, nil diff --git a/vendor/github.com/elastic/beats/filebeat/scripts/docs_collector.py b/vendor/github.com/elastic/beats/filebeat/scripts/docs_collector.py index 50f7711d..7acf154a 100644 --- a/vendor/github.com/elastic/beats/filebeat/scripts/docs_collector.py +++ b/vendor/github.com/elastic/beats/filebeat/scripts/docs_collector.py @@ -44,6 +44,7 @@ This file is generated! See scripts/docs_collector.py module_file += """ +[float] === Fields For a description of each field in the metricset, see the diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/config/filebeat.yml.j2 b/vendor/github.com/elastic/beats/filebeat/tests/system/config/filebeat.yml.j2 index b2b5c4c0..64435dd7 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/config/filebeat.yml.j2 +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/config/filebeat.yml.j2 @@ -82,11 +82,14 @@ filebeat.registry_file: {{ beat.working_dir + '/' }}{{ registryFile|default("reg {%endif%} filebeat.publish_async: {{publish_async}} -{% if reload -%} +{% if reload or reload_path -%} filebeat.config.prospectors: + enabled: true path: {{ reload_path }} + {% if reload -%} reload.period: 1s reload.enabled: true + {% endif -%} {% endif -%} #================================ General ===================================== diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/test_modules.py b/vendor/github.com/elastic/beats/filebeat/tests/system/test_modules.py index ab3554d0..7939b968 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/test_modules.py +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/test_modules.py @@ -74,6 +74,8 @@ class Test(BaseTest): "-e", "-d", "*", "-once", "-c", cfgfile, "-modules={}".format(module), + "-M", "{module}.*.enabled=false".format(module=module), + "-M", "{module}.{fileset}.enabled=true".format(module=module, fileset=fileset), "-M", "{module}.{fileset}.var.paths=[{test_file}]".format( module=module, fileset=fileset, test_file=test_file), "-M", "*.*.prospector.close_eof=true", @@ -95,14 +97,21 @@ class Test(BaseTest): objects = [o["_source"] for o in res["hits"]["hits"]] assert len(objects) > 0 for obj in objects: - self.assert_fields_are_documented(obj) - # assert "error" not in obj # no parsing errors - assert obj["fileset"]["module"] == module + assert obj["fileset"]["module"] == module, "expected fileset.module={} but got {}".format( + module, obj["fileset"]["module"]) + + if not (module == "mysql" and fileset == "slowlog"): + # TODO: There are errors parsing the test logs from these modules. + assert "error" not in obj, "not error expected but got: {}".format(obj) + + if module != "auditd" and fileset != "log": + # There are dynamic fields in audit logs that are not documented. + self.assert_fields_are_documented(obj) if os.path.exists(test_file + "-expected.json"): with open(test_file + "-expected.json", "r") as f: expected = json.load(f) - assert len(expected) == len(objects) + assert len(expected) == len(objects), "expected {} but got {}".format(len(expected), len(objects)) for ev in expected: found = False for obj in objects: @@ -174,3 +183,49 @@ class Test(BaseTest): assert len(objects) == 1 o = objects[0] assert o["x-pipeline"] == "test-pipeline" + + @unittest.skipIf(not INTEGRATION_TESTS or + os.getenv("TESTING_ENVIRONMENT") == "2x", + "integration test not available on 2.x") + def test_setup_machine_learning_nginx(self): + """ + Tests that setup works and loads nginx dashboards. + """ + self.init() + + # generate a minimal configuration + cfgfile = os.path.join(self.working_dir, "filebeat.yml") + self.render_config_template( + template="filebeat_modules.yml.j2", + output=cfgfile, + index_name=self.index_name, + elasticsearch_url=self.elasticsearch_url) + + os.mkdir(self.working_dir + "/log/") + self.copy_files(["logs/nginx.log"], + source_dir="../files", + target_dir="log") + + cmd = [ + self.filebeat, "-systemTest", + "-e", "-d", "*", "-once", + "-c", cfgfile, + "-setup", "-modules=nginx", + "-E", "dashboards.directory=../../_meta/kibana", + "-M", "*.*.prospector.close_eof=true", + "-M", "nginx.error.enabled=false", + "-M", "nginx.access.var.paths=[{}/log/nginx.log]".format(self.working_dir)] + + output = open(os.path.join(self.working_dir, "output.log"), "ab") + output.write(" ".join(cmd) + "\n") + subprocess.Popen(cmd, + stdin=None, + stdout=output, + stderr=subprocess.STDOUT, + bufsize=0).wait() + + jobs = self.es.transport.perform_request("GET", "/_xpack/ml/anomaly_detectors/") + assert "filebeat-nginx-access-response_code" in (job["job_id"] for job in jobs["jobs"]) + + datafeeds = self.es.transport.perform_request("GET", "/_xpack/ml/datafeeds/") + assert "filebeat-nginx-access-response_code" in (df["job_id"] for df in datafeeds["datafeeds"]) diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/test_multiline.py b/vendor/github.com/elastic/beats/filebeat/tests/system/test_multiline.py index 064d2f46..2bf67391 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/test_multiline.py +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/test_multiline.py @@ -336,3 +336,19 @@ SetAdCodeMiddleware.default_ad_code route """ output = self.read_output_json() output[0]["message"] = logentry1 output[1]["message"] = logentry2 + + def test_invalid_config(self): + """ + Test that filebeat errors if pattern is missing config + """ + self.render_config_template( + path=os.path.abspath(self.working_dir + "/log/") + "*", + multiline=True, + match="after", + ) + + proc = self.start_beat() + + self.wait_until(lambda: self.log_contains("missing required field accessing") == 1) + + proc.check_kill_and_wait(exit_code=1) diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/test_prospector.py b/vendor/github.com/elastic/beats/filebeat/tests/system/test_prospector.py index 1184673d..8280bee7 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/test_prospector.py +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/test_prospector.py @@ -276,14 +276,8 @@ class Test(BaseTest): filebeat = self.start_beat() - # wait for first "Start next scan" log message self.wait_until( - lambda: self.log_contains( - "No prospectors defined"), - max_timeout=10) - - self.wait_until( - lambda: self.log_contains("No prospectors defined"), + lambda: self.log_contains("No modules or prospectors enabled"), max_timeout=10) filebeat.check_wait(exit_code=1) @@ -485,22 +479,23 @@ class Test(BaseTest): filebeat.check_kill_and_wait() - def test_close_inactive_file_rotation_and_removal_while_new_file_created(self): + def test_close_inactive_file_rotation_and_removal2(self): """ Test that close_inactive still applies also if file was rotated, new file created, and rotated file removed. """ + log_path = os.path.abspath(os.path.join(self.working_dir, "log")) + os.mkdir(log_path) + testfile = os.path.join(log_path, "a.log") + renamed_file = os.path.join(log_path, "b.log") + self.render_config_template( - path=os.path.abspath(self.working_dir) + "/log/test.log", + path=testfile, ignore_older="1h", close_inactive="3s", scan_frequency="0.1s", ) - os.mkdir(self.working_dir + "/log/") - testfile = self.working_dir + "/log/test.log" - renamed_file = self.working_dir + "/log/test_renamed.log" - filebeat = self.start_beat() # wait for first "Start next scan" log message diff --git a/vendor/github.com/elastic/beats/filebeat/tests/system/test_reload.py b/vendor/github.com/elastic/beats/filebeat/tests/system/test_reload.py index 02eb2112..d6fdc3a7 100644 --- a/vendor/github.com/elastic/beats/filebeat/tests/system/test_reload.py +++ b/vendor/github.com/elastic/beats/filebeat/tests/system/test_reload.py @@ -201,3 +201,144 @@ class Test(BaseTest): assert output[1]["message"] == second_line # assert that fields are added assert output[1]["fields.hello"] == "world" + + def test_load_configs(self): + """ + Test loading separate prospectors configs + """ + self.render_config_template( + reload_path=self.working_dir + "/configs/*.yml", + prospectors=False, + ) + + os.mkdir(self.working_dir + "/logs/") + logfile = self.working_dir + "/logs/test.log" + os.mkdir(self.working_dir + "/configs/") + + first_line = "First log file" + second_line = "Second log file" + + config = prospectorConfigTemplate.format(self.working_dir + "/logs/test.log") + config = config + """ + close_eof: true +""" + with open(self.working_dir + "/configs/prospector.yml", 'w') as f: + f.write(config) + + with open(logfile, 'w') as f: + f.write(first_line + "\n") + + proc = self.start_beat() + + self.wait_until(lambda: self.output_lines() == 1) + + # Update both log files, only 1 change should be picke dup + with open(logfile, 'a') as f: + f.write(second_line + "\n") + + self.wait_until(lambda: self.output_lines() == 2) + + proc.check_kill_and_wait() + + output = self.read_output() + + # Reloading stopped. + self.wait_until( + lambda: self.log_contains("Loading of config files completed."), + max_timeout=15) + + # Make sure the correct lines were picked up + assert self.output_lines() == 2 + assert output[0]["message"] == first_line + assert output[1]["message"] == second_line + + def test_reload_same_config(self): + """ + Test reload same config with same file but different config. Makes sure reloading also works on conflicts. + """ + self.render_config_template( + reload=True, + reload_path=self.working_dir + "/configs/*.yml", + prospectors=False, + ) + + os.mkdir(self.working_dir + "/logs/") + logfile = self.working_dir + "/logs/test.log" + os.mkdir(self.working_dir + "/configs/") + + with open(self.working_dir + "/configs/prospector.yml", 'w') as f: + f.write(prospectorConfigTemplate.format(self.working_dir + "/logs/*")) + + proc = self.start_beat() + + with open(logfile, 'w') as f: + f.write("Hello world1\n") + + self.wait_until(lambda: self.output_lines() > 0) + + # New config with same config file but a bit different to make it reload + # Add it intentionally when other prospector is still running to cause an error + with open(self.working_dir + "/configs/prospector.yml", 'w') as f: + f.write(prospectorConfigTemplate.format(self.working_dir + "/logs/test.log")) + + # Make sure error shows up in log file + self.wait_until( + lambda: self.log_contains("Can only start a prospector when all related states are finished"), + max_timeout=15) + + # Wait until old runner is stopped + self.wait_until( + lambda: self.log_contains("Runner stopped:"), + max_timeout=15) + + # Add new log line and see if it is picked up = new prospector is running + with open(logfile, 'a') as f: + f.write("Hello world2\n") + + self.wait_until(lambda: self.output_lines() > 1) + + proc.check_kill_and_wait() + + def test_reload_add(self): + """ + Test adding a prospector and makes sure both are still running + """ + self.render_config_template( + reload=True, + reload_path=self.working_dir + "/configs/*.yml", + prospectors=False, + ) + + os.mkdir(self.working_dir + "/logs/") + logfile1 = self.working_dir + "/logs/test1.log" + logfile2 = self.working_dir + "/logs/test2.log" + os.mkdir(self.working_dir + "/configs/") + + with open(self.working_dir + "/configs/prospector1.yml", 'w') as f: + f.write(prospectorConfigTemplate.format(self.working_dir + "/logs/test1.log")) + + proc = self.start_beat() + + with open(logfile1, 'w') as f: + f.write("Hello world1\n") + + self.wait_until(lambda: self.output_lines() > 0) + + with open(self.working_dir + "/configs/prospector2.yml", 'w') as f: + f.write(prospectorConfigTemplate.format(self.working_dir + "/logs/test2.log")) + + self.wait_until( + lambda: self.log_contains_count("New runner started") == 2, + max_timeout=15) + + # Add new log line and see if it is picked up = new prospector is running + with open(logfile1, 'a') as f: + f.write("Hello world2\n") + + # Add new log line and see if it is picked up = new prospector is running + with open(logfile2, 'a') as f: + f.write("Hello world3\n") + + self.wait_until(lambda: self.output_lines() == 3) + + proc.check_kill_and_wait() diff --git a/vendor/github.com/elastic/beats/glide.yaml b/vendor/github.com/elastic/beats/glide.yaml index 7d3248c4..4ce9691a 100644 --- a/vendor/github.com/elastic/beats/glide.yaml +++ b/vendor/github.com/elastic/beats/glide.yaml @@ -25,7 +25,7 @@ import: subpackages: - /difflib - package: github.com/elastic/gosigar - version: v0.2.0 + version: v0.2.1 - package: github.com/elastic/procfs version: abf152e5f3e97f2fafac028d2cc06c1feb87ffa5 - package: github.com/samuel/go-parser diff --git a/vendor/github.com/elastic/beats/heartbeat/Makefile b/vendor/github.com/elastic/beats/heartbeat/Makefile index c02f2a26..fef9ab77 100644 --- a/vendor/github.com/elastic/beats/heartbeat/Makefile +++ b/vendor/github.com/elastic/beats/heartbeat/Makefile @@ -1,6 +1,6 @@ BEAT_NAME=heartbeat BEAT_DESCRIPTION?=Ping remote services for availability and log results to Elasticsearch or send to Logstash. -SYSTEM_TESTS=false +SYSTEM_TESTS=true TEST_ENVIRONMENT=false # Path to the libbeat Makefile diff --git a/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/dashboard/f3e771c0-eb19-11e6-be20-559646f8b9ba.json b/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/5.x/dashboard/f3e771c0-eb19-11e6-be20-559646f8b9ba.json similarity index 100% rename from vendor/github.com/elastic/beats/heartbeat/_meta/kibana/dashboard/f3e771c0-eb19-11e6-be20-559646f8b9ba.json rename to vendor/github.com/elastic/beats/heartbeat/_meta/kibana/5.x/dashboard/f3e771c0-eb19-11e6-be20-559646f8b9ba.json diff --git a/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/search/c49bd160-eb17-11e6-be20-559646f8b9ba.json b/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/5.x/search/c49bd160-eb17-11e6-be20-559646f8b9ba.json similarity index 100% rename from vendor/github.com/elastic/beats/heartbeat/_meta/kibana/search/c49bd160-eb17-11e6-be20-559646f8b9ba.json rename to vendor/github.com/elastic/beats/heartbeat/_meta/kibana/5.x/search/c49bd160-eb17-11e6-be20-559646f8b9ba.json diff --git a/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/visualization/091c3a90-eb1e-11e6-be20-559646f8b9ba.json b/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/5.x/visualization/091c3a90-eb1e-11e6-be20-559646f8b9ba.json similarity index 100% rename from vendor/github.com/elastic/beats/heartbeat/_meta/kibana/visualization/091c3a90-eb1e-11e6-be20-559646f8b9ba.json rename to vendor/github.com/elastic/beats/heartbeat/_meta/kibana/5.x/visualization/091c3a90-eb1e-11e6-be20-559646f8b9ba.json diff --git a/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/visualization/0f4c0560-eb20-11e6-9f11-159ff202874a.json b/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/5.x/visualization/0f4c0560-eb20-11e6-9f11-159ff202874a.json similarity index 100% rename from vendor/github.com/elastic/beats/heartbeat/_meta/kibana/visualization/0f4c0560-eb20-11e6-9f11-159ff202874a.json rename to vendor/github.com/elastic/beats/heartbeat/_meta/kibana/5.x/visualization/0f4c0560-eb20-11e6-9f11-159ff202874a.json diff --git a/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/visualization/1738dbc0-eb1d-11e6-be20-559646f8b9ba.json b/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/5.x/visualization/1738dbc0-eb1d-11e6-be20-559646f8b9ba.json similarity index 100% rename from vendor/github.com/elastic/beats/heartbeat/_meta/kibana/visualization/1738dbc0-eb1d-11e6-be20-559646f8b9ba.json rename to vendor/github.com/elastic/beats/heartbeat/_meta/kibana/5.x/visualization/1738dbc0-eb1d-11e6-be20-559646f8b9ba.json diff --git a/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/visualization/920e8140-eb1a-11e6-be20-559646f8b9ba.json b/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/5.x/visualization/920e8140-eb1a-11e6-be20-559646f8b9ba.json similarity index 100% rename from vendor/github.com/elastic/beats/heartbeat/_meta/kibana/visualization/920e8140-eb1a-11e6-be20-559646f8b9ba.json rename to vendor/github.com/elastic/beats/heartbeat/_meta/kibana/5.x/visualization/920e8140-eb1a-11e6-be20-559646f8b9ba.json diff --git a/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/visualization/c65ef340-eb19-11e6-be20-559646f8b9ba.json b/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/5.x/visualization/c65ef340-eb19-11e6-be20-559646f8b9ba.json similarity index 100% rename from vendor/github.com/elastic/beats/heartbeat/_meta/kibana/visualization/c65ef340-eb19-11e6-be20-559646f8b9ba.json rename to vendor/github.com/elastic/beats/heartbeat/_meta/kibana/5.x/visualization/c65ef340-eb19-11e6-be20-559646f8b9ba.json diff --git a/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/default/dashboard/Heartbeat-http-monitor.json b/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/default/dashboard/Heartbeat-http-monitor.json new file mode 100644 index 00000000..f1a4b09b --- /dev/null +++ b/vendor/github.com/elastic/beats/heartbeat/_meta/kibana/default/dashboard/Heartbeat-http-monitor.json @@ -0,0 +1,132 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": []\n}" + }, + "savedSearchId": "02014c80-29d2-11e7-a68f-bfaa2341cc52", + "title": "HTTP ping times", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\n \"title\": \"HTTP ping times\",\n \"type\": \"area\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"interpolate\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"max\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"resolve.rtt.us\",\n \"customLabel\": \"\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"max\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"tcp.rtt.connect.us\"\n }\n },\n {\n \"id\": \"5\",\n \"enabled\": true,\n \"type\": \"max\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"tls.rtt.handshake.us\"\n }\n },\n {\n \"id\": \"4\",\n \"enabled\": true,\n \"type\": \"max\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"http.rtt.response_header.us\"\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "c65ef340-eb19-11e6-be20-559646f8b9ba", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": []\n}" + }, + "savedSearchId": "02014c80-29d2-11e7-a68f-bfaa2341cc52", + "title": "HTTP monitors status", + "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"200\": \"#B7DBAB\",\n \"monitor.status: up\": \"#629E51\",\n \"monitor.status: down\": \"#E24D42\"\n },\n \"legendOpen\": true\n }\n}", + "version": 1, + "visState": "{\n \"title\": \"HTTP monitors status\",\n \"type\": \"pie\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"bottom\",\n \"isDonut\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"monitor.id\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"filters\",\n \"schema\": \"segment\",\n \"params\": {\n \"filters\": [\n {\n \"input\": {\n \"query\": {\n \"query_string\": {\n \"query\": \"monitor.status: up\",\n \"analyze_wildcard\": true\n }\n }\n },\n \"label\": \"\"\n },\n {\n \"input\": {\n \"query\": {\n \"query_string\": {\n \"query\": \"monitor.status: down\",\n \"analyze_wildcard\": true\n }\n }\n }\n }\n ]\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"http.response.status\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "920e8140-eb1a-11e6-be20-559646f8b9ba", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": []\n}" + }, + "savedSearchId": "02014c80-29d2-11e7-a68f-bfaa2341cc52", + "title": "HTTP monitors", + "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", + "version": 1, + "visState": "{\n \"title\": \"HTTP monitors\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMeticsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"max\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"monitor.duration.us\"\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"monitor.id\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"5\",\n \"enabled\": true,\n \"type\": \"max\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"resolve.rtt.us\"\n }\n },\n {\n \"id\": \"6\",\n \"enabled\": true,\n \"type\": \"max\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"tcp.rtt.connect.us\"\n }\n },\n {\n \"id\": \"7\",\n \"enabled\": true,\n \"type\": \"max\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"tls.rtt.handshake.us\"\n }\n },\n {\n \"id\": \"8\",\n \"enabled\": true,\n \"type\": \"max\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"http.rtt.response_header.us\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "1738dbc0-eb1d-11e6-be20-559646f8b9ba", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": []\n}" + }, + "savedSearchId": "02014c80-29d2-11e7-a68f-bfaa2341cc52", + "title": "HTTP up status", + "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"monitor.status: up\": \"#629E51\",\n \"monitor.status: down\": \"#E24D42\"\n }\n }\n}", + "version": 1, + "visState": "{\n \"title\": \"HTTP up status\",\n \"type\": \"area\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"interpolate\": \"linear\",\n \"mode\": \"percentage\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": true,\n \"yAxis\": {\n \"max\": 100,\n \"min\": 0\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"filters\",\n \"schema\": \"group\",\n \"params\": {\n \"filters\": [\n {\n \"input\": {\n \"query\": {\n \"query_string\": {\n \"query\": \"monitor.status: down\",\n \"analyze_wildcard\": true\n }\n }\n },\n \"label\": \"\"\n },\n {\n \"input\": {\n \"query\": {\n \"query_string\": {\n \"query\": \"monitor.status: up\",\n \"analyze_wildcard\": true\n }\n }\n }\n }\n ]\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "091c3a90-eb1e-11e6-be20-559646f8b9ba", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": []\n}" + }, + "savedSearchId": "02014c80-29d2-11e7-a68f-bfaa2341cc52", + "title": "HTTP duration heatmap", + "uiStateJSON": "{\n \"vis\": {\n \"defaultColors\": {\n \"0 - 2\": \"rgb(247,251,255)\",\n \"2 - 3\": \"rgb(227,238,249)\",\n \"3 - 4\": \"rgb(208,225,242)\",\n \"4 - 5\": \"rgb(182,212,233)\",\n \"5 - 6\": \"rgb(148,196,223)\",\n \"6 - 8\": \"rgb(107,174,214)\",\n \"8 - 9\": \"rgb(74,152,201)\",\n \"9 - 10\": \"rgb(46,126,188)\",\n \"10 - 11\": \"rgb(23,100,171)\",\n \"11 - 12\": \"rgb(8,74,145)\"\n }\n }\n}", + "version": 1, + "visState": "{\n \"title\": \"HTTP duration heatmap\",\n \"type\": \"heatmap\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"enableHover\": false,\n \"legendPosition\": \"right\",\n \"times\": [],\n \"colorsNumber\": 10,\n \"colorSchema\": \"Blues\",\n \"setColorRange\": false,\n \"colorsRange\": [],\n \"invertColors\": false,\n \"percentageMode\": false,\n \"valueAxes\": [\n {\n \"show\": false,\n \"id\": \"ValueAxis-1\",\n \"type\": \"value\",\n \"scale\": {\n \"type\": \"linear\",\n \"defaultYExtents\": false\n },\n \"labels\": {\n \"show\": false,\n \"rotate\": 0,\n \"color\": \"#555\"\n }\n }\n ]\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"histogram\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"monitor.duration.us\",\n \"interval\": 50000,\n \"extended_bounds\": {}\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "0f4c0560-eb20-11e6-9f11-159ff202874a", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "monitor.id", + "http.url", + "monitor.status", + "http.response.status", + "monitor.duration.us", + "tcp.rtt.connect.us", + "tls.rtt.handshake.us", + "resolve.rtt.us", + "http.rtt.content.us" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"index\": \"heartbeat-*\",\n \"highlightAll\": true,\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"*\"\n }\n },\n \"filter\": [\n {\n \"$state\": {\n \"store\": \"appState\"\n },\n \"meta\": {\n \"alias\": null,\n \"disabled\": false,\n \"index\": \"heartbeat-*\",\n \"key\": \"monitor.name\",\n \"negate\": false,\n \"value\": \"http\"\n },\n \"query\": {\n \"match\": {\n \"monitor.name\": {\n \"query\": \"http\",\n \"type\": \"phrase\"\n }\n }\n }\n }\n ]\n}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Heartbeat HTTP pings", + "version": 1 + }, + "id": "02014c80-29d2-11e7-a68f-bfaa2341cc52", + "type": "search", + "version": 5 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"c65ef340-eb19-11e6-be20-559646f8b9ba\",\"panelIndex\":1,\"row\":7,\"size_x\":12,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"920e8140-eb1a-11e6-be20-559646f8b9ba\",\"panelIndex\":2,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"1738dbc0-eb1d-11e6-be20-559646f8b9ba\",\"panelIndex\":3,\"row\":1,\"size_x\":8,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"091c3a90-eb1e-11e6-be20-559646f8b9ba\",\"panelIndex\":4,\"row\":5,\"size_x\":12,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"0f4c0560-eb20-11e6-9f11-159ff202874a\",\"panelIndex\":5,\"row\":11,\"size_x\":12,\"size_y\":5,\"type\":\"visualization\"}]", + "timeRestore": false, + "title": "Heartbeat HTTP monitoring", + "uiStateJSON": "{\"P-3\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-5\":{\"vis\":{\"defaultColors\":{\"0 - 2\":\"rgb(247,251,255)\",\"2 - 3\":\"rgb(227,238,249)\",\"3 - 4\":\"rgb(208,225,242)\",\"4 - 5\":\"rgb(182,212,233)\",\"5 - 6\":\"rgb(148,196,223)\",\"6 - 8\":\"rgb(107,174,214)\",\"8 - 9\":\"rgb(74,152,201)\",\"9 - 10\":\"rgb(46,126,188)\",\"10 - 11\":\"rgb(23,100,171)\",\"11 - 12\":\"rgb(8,74,145)\"}}}}", + "version": 1 + }, + "id": "f3e771c0-eb19-11e6-be20-559646f8b9ba", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/heartbeat/docs/command-line.asciidoc b/vendor/github.com/elastic/beats/heartbeat/docs/command-line.asciidoc index e04b9337..4e3fb5a7 100644 --- a/vendor/github.com/elastic/beats/heartbeat/docs/command-line.asciidoc +++ b/vendor/github.com/elastic/beats/heartbeat/docs/command-line.asciidoc @@ -1,4 +1,4 @@ -[[heartbeat-command-line]] +[[command-line-options]] === Command Line Options Heartbeat does not have any Heartbeat-specific command line options. diff --git a/vendor/github.com/elastic/beats/heartbeat/docs/getting-started.asciidoc b/vendor/github.com/elastic/beats/heartbeat/docs/getting-started.asciidoc index 08a35e86..f0f76a0b 100644 --- a/vendor/github.com/elastic/beats/heartbeat/docs/getting-started.asciidoc +++ b/vendor/github.com/elastic/beats/heartbeat/docs/getting-started.asciidoc @@ -18,7 +18,7 @@ install, configure, and run Heartbeat: * <> * <> * <> -* <> +* <> * <> @@ -32,17 +32,7 @@ monitor are running. //TODO: Add a separate topic that explores deployment scenarios in more detail (like installing on a sub-network where there's a firewall etc. -To download and install Heartbeat, use the commands that work with your -system (<> for Debian/Ubuntu, <> for Redhat/Centos/Fedora, -<> for OS X, and <> for Windows). - -[NOTE] -================================================== -If you use Apt or Yum, you can <> to update to the newest version more easily. - -See our https://www.elastic.co/downloads/beats/heartbeat[download page] for other installation options, such as 32-bit images. - -================================================== +include::../../libbeat/docs/shared-download-and-install.asciidoc[] [[deb]] *deb:* @@ -101,6 +91,25 @@ tar xzvf heartbeat-{version}-darwin-x86_64.tar.gz endif::[] + +[[docker]] +*docker:* + +ifeval::["{release-state}"=="unreleased"] + +Version {stack-version} of {beatname_uc} has not yet been released. + +endif::[] + +ifeval::["{release-state}"!="unreleased"] + +["source", "shell", subs="attributes"] +------------------------------------------------ +docker pull {dockerimage} +------------------------------------------------ + +endif::[] + [[win]] *win:* @@ -123,7 +132,8 @@ https://www.elastic.co/downloads/beats/heartbeat[downloads page]. and select *Run As Administrator*). If you are running Windows XP, you may need to download and install PowerShell. -. Run the following commands to install Heartbeat as a Windows service: +. From the PowerShell prompt, run the following commands to install Heartbeat as +a Windows service: + ["source","sh",subs="attributes"] ---------------------------------------------------------------------- @@ -146,15 +156,7 @@ options, see <>. [[heartbeat-configuration]] === Step 2: Configuring Heartbeat -To configure Heartbeat, you edit the configuration file. For rpm and deb, -you'll find the configuration file at +/etc/heartbeat/heartbeat.yml+. -For mac and win, look in the archive that you just extracted. There’s also a -full example configuration file called `heartbeat.full.yml` that shows all -non-deprecated options. - -See the -{libbeat}/config-file-format.html[Config File Format] section of the -_Beats Platform Reference_ for more about the structure of the config file. +include::../../libbeat/docs/shared-configuring.asciidoc[] Heartbeat provides monitors to check the status of hosts at set intervals. You configure each monitor individually. Heartbeat currently provides monitors @@ -232,7 +234,7 @@ include::../../libbeat/docs/shared-template-load.asciidoc[] Start Heartbeat by issuing the appropriate command for your platform. NOTE: If you use an init.d script to start Heartbeat on deb or rpm, you can't -specify command line flags (see <>). To specify flags, +specify command line flags (see <>). To specify flags, start Heartbeat in the foreground. *deb:* diff --git a/vendor/github.com/elastic/beats/heartbeat/docs/index.asciidoc b/vendor/github.com/elastic/beats/heartbeat/docs/index.asciidoc index 680217e1..ef8420fa 100644 --- a/vendor/github.com/elastic/beats/heartbeat/docs/index.asciidoc +++ b/vendor/github.com/elastic/beats/heartbeat/docs/index.asciidoc @@ -15,6 +15,7 @@ include::../../libbeat/docs/version.asciidoc[] :beatname_lc: heartbeat :beatname_uc: Heartbeat :security: X-Pack Security +:dockerimage: docker.elastic.co/beats/{beatname_lc}:{version} include::./overview.asciidoc[] @@ -26,6 +27,8 @@ include::../../libbeat/docs/shared-directory-layout.asciidoc[] include::../../libbeat/docs/repositories.asciidoc[] +include::./running-on-docker.asciidoc[] + // //include::./upgrading.asciidoc[] @@ -41,6 +44,7 @@ include::../../libbeat/docs/shared-config-ingest.asciidoc[] //points to shared topic because configuring-logstash.asciidoc is just a wrapper include::./configuring-logstash.asciidoc[] +:standalone: include::../../libbeat/docs/shared-env-vars.asciidoc[] :standalone: @@ -57,5 +61,5 @@ include::./troubleshooting.asciidoc[] include::./faq.asciidoc[] -// +// //include::./heartbeat-devguide.asciidoc[] diff --git a/vendor/github.com/elastic/beats/heartbeat/docs/running-on-docker.asciidoc b/vendor/github.com/elastic/beats/heartbeat/docs/running-on-docker.asciidoc new file mode 100644 index 00000000..6bbc976a --- /dev/null +++ b/vendor/github.com/elastic/beats/heartbeat/docs/running-on-docker.asciidoc @@ -0,0 +1 @@ +include::../../libbeat/docs/shared-docker.asciidoc[] diff --git a/vendor/github.com/elastic/beats/heartbeat/heartbeat.full.yml b/vendor/github.com/elastic/beats/heartbeat/heartbeat.full.yml index 61f5874a..1eb14106 100644 --- a/vendor/github.com/elastic/beats/heartbeat/heartbeat.full.yml +++ b/vendor/github.com/elastic/beats/heartbeat/heartbeat.full.yml @@ -358,6 +358,14 @@ output.elasticsearch: # Path to the Elasticsearch 2.x version of the template file. #template.versions.2x.path: "${path.config}/heartbeat.template-es2x.json" + # If set to true, heartbeat checks the Elasticsearch version at connect time, and if it + # is 6.x, it loads the file specified by the template.versions.6x.path setting. The + # default is true. + #template.versions.6x.enabled: true + + # Path to the Elasticsearch 6.x version of the template file. + #template.versions.6x.path: "${path.config}/heartbeat.template-es6x.json" + # Use SSL settings for HTTPS. Default is true. #ssl.enabled: true @@ -390,6 +398,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #----------------------------- Logstash output --------------------------------- #output.logstash: @@ -412,6 +424,11 @@ output.elasticsearch: # new batches. #pipelining: 0 + # If enabled only a subset of events in a batch of events is transferred per + # transaction. The number of events to be sent increases up to `bulk_max_size` + # if no error is encountered. + #slow_start: false + # Optional index name. The default index name is set to name of the beat # in all lowercase. #index: 'heartbeat' @@ -454,6 +471,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- Kafka output ---------------------------------- #output.kafka: # Boolean flag to enable or disable the output module. @@ -589,6 +610,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- Redis output ---------------------------------- #output.redis: # Boolean flag to enable or disable the output module. @@ -686,6 +711,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- File output ----------------------------------- #output.file: @@ -828,3 +857,6 @@ logging.files: # Number of rotated log files to keep. Oldest files will be deleted first. #keepfiles: 7 + # The permissions mask to apply when rotating log files. The default value is 0600. + # Must be a valid Unix-style file permissions mask expressed in octal notation. + #permissions: 0600 diff --git a/vendor/github.com/elastic/beats/heartbeat/heartbeat.template-es2x.json b/vendor/github.com/elastic/beats/heartbeat/heartbeat.template-es2x.json index 7de56893..3a036ce3 100644 --- a/vendor/github.com/elastic/beats/heartbeat/heartbeat.template-es2x.json +++ b/vendor/github.com/elastic/beats/heartbeat/heartbeat.template-es2x.json @@ -7,7 +7,7 @@ } }, "_meta": { - "version": "5.3.2" + "version": "5.6.6" }, "date_detection": false, "dynamic_templates": [ @@ -68,9 +68,6 @@ } } }, - "fields": { - "properties": {} - }, "host": { "ignore_above": 1024, "index": "not_analyzed", diff --git a/vendor/github.com/elastic/beats/heartbeat/heartbeat.template-es6x.json b/vendor/github.com/elastic/beats/heartbeat/heartbeat.template-es6x.json new file mode 100644 index 00000000..52774c42 --- /dev/null +++ b/vendor/github.com/elastic/beats/heartbeat/heartbeat.template-es6x.json @@ -0,0 +1,189 @@ +{ + "mappings": { + "_default_": { + "_meta": { + "version": "5.6.6" + }, + "date_detection": false, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "beat": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "duration": { + "properties": { + "us": { + "type": "long" + } + } + }, + "error": { + "properties": { + "message": { + "norms": false, + "type": "text" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "host": { + "ignore_above": 1024, + "type": "keyword" + }, + "http_rtt": { + "properties": { + "us": { + "type": "long" + } + } + }, + "icmp_rtt": { + "properties": { + "us": { + "type": "long" + } + } + }, + "ip": { + "ignore_above": 1024, + "type": "keyword" + }, + "meta": { + "properties": { + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "instance_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "project_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "monitor": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "resolve_rtt": { + "properties": { + "us": { + "type": "long" + } + } + }, + "response": { + "properties": { + "status": { + "type": "long" + } + } + }, + "scheme": { + "ignore_above": 1024, + "type": "keyword" + }, + "socks5_connect_rtt": { + "properties": { + "us": { + "type": "long" + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "tcp_connect_rtt": { + "properties": { + "us": { + "type": "long" + } + } + }, + "tls_handshake_rtt": { + "properties": { + "us": { + "type": "long" + } + } + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "up": { + "type": "boolean" + }, + "url": { + "norms": false, + "type": "text" + }, + "validate_rtt": { + "properties": { + "us": { + "type": "long" + } + } + } + } + } + }, + "order": 0, + "settings": { + "index.mapping.total_fields.limit": 10000, + "index.refresh_interval": "5s" + }, + "template": "heartbeat-*" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/heartbeat/heartbeat.template.json b/vendor/github.com/elastic/beats/heartbeat/heartbeat.template.json index 84b5fe5e..52774c42 100644 --- a/vendor/github.com/elastic/beats/heartbeat/heartbeat.template.json +++ b/vendor/github.com/elastic/beats/heartbeat/heartbeat.template.json @@ -1,11 +1,8 @@ { "mappings": { "_default_": { - "_all": { - "norms": false - }, "_meta": { - "version": "5.3.2" + "version": "5.6.6" }, "date_detection": false, "dynamic_templates": [ @@ -58,9 +55,6 @@ } } }, - "fields": { - "properties": {} - }, "host": { "ignore_above": 1024, "type": "keyword" diff --git a/vendor/github.com/elastic/beats/heartbeat/monitors/active/http/simple_transp.go b/vendor/github.com/elastic/beats/heartbeat/monitors/active/http/simple_transp.go index 87f970f2..ca0a7d0f 100644 --- a/vendor/github.com/elastic/beats/heartbeat/monitors/active/http/simple_transp.go +++ b/vendor/github.com/elastic/beats/heartbeat/monitors/active/http/simple_transp.go @@ -14,6 +14,13 @@ import ( "github.com/elastic/beats/libbeat/outputs/transport" ) +const ( + gzipEncoding = "gzip" + urlSchemaHTTP = "http" + urlSchemaHTTPS = "https" +) + +// SimpleTransport contains the dialer and read/write callbacks type SimpleTransport struct { Dialer transport.Dialer DisableCompression bool @@ -32,7 +39,7 @@ func (t *SimpleTransport) checkRequest(req *http.Request) error { } scheme := req.URL.Scheme - isHTTP := scheme == "http" || scheme == "https" + isHTTP := scheme == urlSchemaHTTP || scheme == urlSchemaHTTPS if !isHTTP { return fmt.Errorf("http: unsupported scheme %v", scheme) } @@ -43,6 +50,7 @@ func (t *SimpleTransport) checkRequest(req *http.Request) error { return nil } +// RoundTrip sets up goroutines to write the request and read the responses func (t *SimpleTransport) RoundTrip(req *http.Request) (*http.Response, error) { type readReturn struct { resp *http.Response @@ -68,7 +76,7 @@ func (t *SimpleTransport) RoundTrip(req *http.Request) (*http.Response, error) { req.Method != "HEAD" { requestedGzip = true - req.Header.Add("Accept-Encoding", "gzip") + req.Header.Add("Accept-Encoding", gzipEncoding) defer req.Header.Del("Accept-Encoding") } @@ -132,7 +140,7 @@ func (t *SimpleTransport) readResponse( } t.sigStartRead() - if requestedGzip && resp.Header.Get("Content-Encoding") == "gzip" { + if requestedGzip && resp.Header.Get("Content-Encoding") == gzipEncoding { resp.Header.Del("Content-Encoding") resp.Header.Del("Content-Length") resp.ContentLength = -1 diff --git a/vendor/github.com/elastic/beats/heartbeat/monitors/active/http/task.go b/vendor/github.com/elastic/beats/heartbeat/monitors/active/http/task.go index b3dcd604..a22d1d8b 100644 --- a/vendor/github.com/elastic/beats/heartbeat/monitors/active/http/task.go +++ b/vendor/github.com/elastic/beats/heartbeat/monitors/active/http/task.go @@ -213,16 +213,24 @@ func execPing( } func splitHostnamePort(requ *http.Request) (string, uint16, error) { - host, port, err := net.SplitHostPort(requ.URL.Host) + host := requ.URL.Host + // Try to add a default port if needed + if strings.LastIndex(host, ":") == -1 { + switch requ.URL.Scheme { + case urlSchemaHTTP: + host += ":80" + case urlSchemaHTTPS: + host += ":443" + } + } + host, port, err := net.SplitHostPort(host) if err != nil { return "", 0, err } - p, err := strconv.ParseUint(port, 10, 16) if err != nil { return "", 0, fmt.Errorf("'%v' is no valid port number in '%v'", port, requ.URL.Host) } - return host, uint16(p), nil } diff --git a/vendor/github.com/elastic/beats/heartbeat/monitors/active/http/task_test.go b/vendor/github.com/elastic/beats/heartbeat/monitors/active/http/task_test.go new file mode 100644 index 00000000..1d26fdf5 --- /dev/null +++ b/vendor/github.com/elastic/beats/heartbeat/monitors/active/http/task_test.go @@ -0,0 +1,93 @@ +package http + +import ( + "net" + "net/http" + "net/url" + "reflect" + "testing" +) + +func TestSplitHostnamePort(t *testing.T) { + var urlTests = []struct { + scheme string + host string + expectedHost string + expectedPort uint16 + expectedError error + }{ + { + "http", + "foo", + "foo", + 80, + nil, + }, + { + "http", + "www.foo.com", + "www.foo.com", + 80, + nil, + }, + { + "http", + "www.foo.com:8080", + "www.foo.com", + 8080, + nil, + }, + { + "https", + "foo", + "foo", + 443, + nil, + }, + { + "http", + "foo:81", + "foo", + 81, + nil, + }, + { + "https", + "foo:444", + "foo", + 444, + nil, + }, + { + "httpz", + "foo", + "foo", + 81, + &net.AddrError{}, + }, + } + for _, test := range urlTests { + url := &url.URL{ + Scheme: test.scheme, + Host: test.host, + } + request := &http.Request{ + URL: url, + } + host, port, err := splitHostnamePort(request) + if err != nil { + if test.expectedError == nil { + t.Error(err) + } else if reflect.TypeOf(err) != reflect.TypeOf(test.expectedError) { + t.Errorf("Expected %T but got %T", err, test.expectedError) + } + continue + } + if host != test.expectedHost { + t.Errorf("Unexpected host for %#v: expected %q, got %q", request, test.expectedHost, host) + } + if port != test.expectedPort { + t.Errorf("Unexpected port for %#v: expected %q, got %q", request, test.expectedPort, port) + } + } +} diff --git a/vendor/github.com/elastic/beats/heartbeat/tests/system/config/heartbeat.yml.j2 b/vendor/github.com/elastic/beats/heartbeat/tests/system/config/heartbeat.yml.j2 index 3af9f003..17143375 100644 --- a/vendor/github.com/elastic/beats/heartbeat/tests/system/config/heartbeat.yml.j2 +++ b/vendor/github.com/elastic/beats/heartbeat/tests/system/config/heartbeat.yml.j2 @@ -1,78 +1,8 @@ -################### Beat Configuration ######################### +heartbeat.monitors: +- type: icmp + hosts: ["localhost"] + schedule: '@every 10s' - - -############################# Output ########################################## - -# Configure what outputs to use when sending the data collected by the beat. -# You can enable one or multiple outputs by setting enabled option to true. -output: - - ### File as output - file: - # Enabling file output - enabled: true - - # Path to the directory where to save the generated files. The option is mandatory. - path: {{ output_file_path|default(beat.working_dir + "/output") }} - - - # Name of the generated files. The default is `heartbeat` and it generates - # files: `heartbeat`, `heartbeat.1`, `heartbeat.2`, etc. - filename: "{{ output_file_filename|default("heartbeat") }}" - - # Maximum size in kilobytes of each file. When this size is reached, the files are - # rotated. The default value is 10 MB. - #rotate_every_kb: 10000 - - # Maximum number of files under path. When this number of files is reached, the - # oldest file is deleted and the rest are shifted from last to first. The default - # is 7 files. - #number_of_files: 7 - - - -############################# Beat ######################################### - -# The name of the shipper that publishes the network data. It can be used to group -# all the transactions sent by a single shipper in the web interface. -# If this options is not defined, the hostname is used. -#name: - -# The tags of the shipper are included in their own field with each -# transaction published. Tags make it easy to group servers by different -# logical properties. -#tags: ["service-X", "web-tier"] - - - -############################# Logging ######################################### - -#logging: - # Send all logging output to syslog. On Windows default is false, otherwise - # default is true. - #to_syslog: true - - # Write all logging output to files. Beats automatically rotate files if configurable - # limit is reached. - #to_files: false - - # Enable debug output for selected components. - #selectors: [] - - # Set log level - #level: error - - #files: - # The directory where the log files will written to. - #path: /var/log/heartbeat - - # The name of the files where the logs are written to. - #name: heartbeat - - # Configure log file size limit. If limit is reached, log file will be - # automatically rotated - #rotateeverybytes: 10485760 # = 10MB - - # Number of rotated log files to keep. Oldest files will be deleted first. - #keepfiles: 7 +output.file: + path: {{ output_file_path|default(beat.working_dir + "/output") }} + filename: "{{ output_file_filename|default("heartbeat") }}" diff --git a/vendor/github.com/elastic/beats/heartbeat/tests/system/heartbeat.py b/vendor/github.com/elastic/beats/heartbeat/tests/system/heartbeat.py index 6d175f9f..6467ac91 100644 --- a/vendor/github.com/elastic/beats/heartbeat/tests/system/heartbeat.py +++ b/vendor/github.com/elastic/beats/heartbeat/tests/system/heartbeat.py @@ -1,12 +1,13 @@ +import os import sys -sys.path.append('../../vendor/github.com/elastic/beats/libbeat/tests/system') + +sys.path.append(os.path.join(os.path.dirname(__file__), '../../../libbeat/tests/system')) + from beat.beat import TestCase class BaseTest(TestCase): - @classmethod def setUpClass(self): self.beat_name = "heartbeat" - self.build_path = "../../build/system-tests/" - self.beat_path = "../../heartbeat.test" + super(BaseTest, self).setUpClass() diff --git a/vendor/github.com/elastic/beats/heartbeat/tests/system/test_base.py b/vendor/github.com/elastic/beats/heartbeat/tests/system/test_base.py index b71650b9..758fa108 100644 --- a/vendor/github.com/elastic/beats/heartbeat/tests/system/test_base.py +++ b/vendor/github.com/elastic/beats/heartbeat/tests/system/test_base.py @@ -1,10 +1,9 @@ -from heartbeat import BaseTest - import os +from heartbeat import BaseTest + class Test(BaseTest): - def test_base(self): """ Basic test with exiting Heartbeat normally @@ -15,5 +14,4 @@ class Test(BaseTest): heartbeat_proc = self.start_beat() self.wait_until(lambda: self.log_contains("heartbeat is running")) - exit_code = heartbeat_proc.kill_and_wait() - assert exit_code == 0 + heartbeat_proc.check_kill_and_wait() diff --git a/vendor/github.com/elastic/beats/libbeat/Dockerfile b/vendor/github.com/elastic/beats/libbeat/Dockerfile index 00f00464..90dc34da 100644 --- a/vendor/github.com/elastic/beats/libbeat/Dockerfile +++ b/vendor/github.com/elastic/beats/libbeat/Dockerfile @@ -1,5 +1,5 @@ # Beats dockerfile used for testing -FROM golang:1.7.4 +FROM golang:1.7.6 MAINTAINER Nicolas Ruflin RUN set -x && \ diff --git a/vendor/github.com/elastic/beats/libbeat/_meta/config.full.yml b/vendor/github.com/elastic/beats/libbeat/_meta/config.full.yml index f2e3b09c..2e31f861 100644 --- a/vendor/github.com/elastic/beats/libbeat/_meta/config.full.yml +++ b/vendor/github.com/elastic/beats/libbeat/_meta/config.full.yml @@ -160,6 +160,14 @@ output.elasticsearch: # Path to the Elasticsearch 2.x version of the template file. #template.versions.2x.path: "${path.config}/beatname.template-es2x.json" + # If set to true, beatname checks the Elasticsearch version at connect time, and if it + # is 6.x, it loads the file specified by the template.versions.6x.path setting. The + # default is true. + #template.versions.6x.enabled: true + + # Path to the Elasticsearch 6.x version of the template file. + #template.versions.6x.path: "${path.config}/beatname.template-es6x.json" + # Use SSL settings for HTTPS. Default is true. #ssl.enabled: true @@ -192,6 +200,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #----------------------------- Logstash output --------------------------------- #output.logstash: @@ -214,6 +226,11 @@ output.elasticsearch: # new batches. #pipelining: 0 + # If enabled only a subset of events in a batch of events is transferred per + # transaction. The number of events to be sent increases up to `bulk_max_size` + # if no error is encountered. + #slow_start: false + # Optional index name. The default index name is set to name of the beat # in all lowercase. #index: 'beatname' @@ -256,6 +273,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- Kafka output ---------------------------------- #output.kafka: # Boolean flag to enable or disable the output module. @@ -391,6 +412,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- Redis output ---------------------------------- #output.redis: # Boolean flag to enable or disable the output module. @@ -488,6 +513,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- File output ----------------------------------- #output.file: @@ -630,3 +659,6 @@ logging.files: # Number of rotated log files to keep. Oldest files will be deleted first. #keepfiles: 7 + # The permissions mask to apply when rotating log files. The default value is 0600. + # Must be a valid Unix-style file permissions mask expressed in octal notation. + #permissions: 0600 diff --git a/vendor/github.com/elastic/beats/libbeat/beat/beat.go b/vendor/github.com/elastic/beats/libbeat/beat/beat.go index 2d9d2a35..ceb14cb5 100644 --- a/vendor/github.com/elastic/beats/libbeat/beat/beat.go +++ b/vendor/github.com/elastic/beats/libbeat/beat/beat.go @@ -46,7 +46,6 @@ import ( "github.com/elastic/beats/libbeat/common" "github.com/elastic/beats/libbeat/dashboards/dashboards" "github.com/elastic/beats/libbeat/logp" - "github.com/elastic/beats/libbeat/outputs/elasticsearch" "github.com/elastic/beats/libbeat/paths" "github.com/elastic/beats/libbeat/plugin" "github.com/elastic/beats/libbeat/processors" @@ -84,6 +83,10 @@ type Beater interface { // the beat its run-loop. type Creator func(*Beat, *common.Config) (Beater, error) +// SetupMLCallback can be used by the Beat to register MachineLearning configurations +// for the enabled modules. +type SetupMLCallback func(*Beat) error + // Beat contains the basic beat data and the publisher client used to publish // events. type Beat struct { @@ -93,6 +96,9 @@ type Beat struct { RawConfig *common.Config // Raw config that can be unpacked to get Beat specific config data. Config BeatConfig // Common Beat configuration data. Publisher publisher.Publisher // Publisher + + SetupMLCallback SetupMLCallback // setup callback for ML job configs + InSetupCmd bool // this is set to true when the `setup` command is called } // BeatConfig struct contains the basic configuration of every beat @@ -217,6 +223,12 @@ func (b *Beat) launch(bt Creator) error { if err != nil { return err } + if b.SetupMLCallback != nil && *setup { + err = b.SetupMLCallback(b) + if err != nil { + return err + } + } logp.Info("%s start running.", b.Name) defer logp.Info("%s stopped.", b.Name) @@ -311,13 +323,8 @@ func (b *Beat) loadDashboards() error { if esConfig == nil || !esConfig.Enabled() { return fmt.Errorf("Dashboard loading requested but the Elasticsearch output is not configured/enabled") } - esClient, err := elasticsearch.NewConnectedClient(esConfig) - if err != nil { - return fmt.Errorf("Error creating ES client: %v", err) - } - defer esClient.Close() - err = dashboards.ImportDashboards(b.Name, b.Version, esClient, b.Config.Dashboards) + err := dashboards.ImportDashboards(b.Name, b.Version, nil, esConfig, b.Config.Dashboards) if err != nil { return fmt.Errorf("Error importing Kibana dashboards: %v", err) } diff --git a/vendor/github.com/elastic/beats/libbeat/beat/version.go b/vendor/github.com/elastic/beats/libbeat/beat/version.go index b2af4d88..b594af3e 100644 --- a/vendor/github.com/elastic/beats/libbeat/beat/version.go +++ b/vendor/github.com/elastic/beats/libbeat/beat/version.go @@ -1,3 +1,3 @@ package beat -const defaultBeatVersion = "5.3.2" +const defaultBeatVersion = "5.6.6" diff --git a/vendor/github.com/elastic/beats/libbeat/cfgfile/reload.go b/vendor/github.com/elastic/beats/libbeat/cfgfile/reload.go index 2618858b..83a1d559 100644 --- a/vendor/github.com/elastic/beats/libbeat/cfgfile/reload.go +++ b/vendor/github.com/elastic/beats/libbeat/cfgfile/reload.go @@ -87,6 +87,13 @@ func (rl *Reloader) Run(runnerFactory RunnerFactory) { gw := NewGlobWatcher(path) + // If reloading is disable, config files should be loaded immidiately + if !rl.config.Reload.Enabled { + rl.config.Reload.Period = 0 + } + + overwriteUpate := true + for { select { case <-rl.done: @@ -105,7 +112,8 @@ func (rl *Reloader) Run(runnerFactory RunnerFactory) { } // no file changes - if !updated { + if !updated && !overwriteUpate { + overwriteUpate = false continue } @@ -135,6 +143,14 @@ func (rl *Reloader) Run(runnerFactory RunnerFactory) { runner, err := runnerFactory.Create(c) if err != nil { + // Make sure the next run also updates because some runners were not properly loaded + overwriteUpate = true + + // In case prospector already is running, do not stop it + if runner != nil && rl.registry.Has(runner.ID()) { + debugf("Remove module from stoplist: %v", runner.ID()) + delete(stopList, runner.ID()) + } logp.Err("Error creating module: %s", err) continue } @@ -153,6 +169,16 @@ func (rl *Reloader) Run(runnerFactory RunnerFactory) { rl.stopRunners(stopList) rl.startRunners(startList) } + + // Path loading is enabled but not reloading. Loads files only once and then stops. + if !rl.config.Reload.Enabled { + logp.Info("Loading of config files completed.") + select { + case <-rl.done: + logp.Info("Dynamic config reloader stopped") + return + } + } } } diff --git a/vendor/github.com/elastic/beats/libbeat/common/datetime.go b/vendor/github.com/elastic/beats/libbeat/common/datetime.go index b36d9170..f464aa30 100644 --- a/vendor/github.com/elastic/beats/libbeat/common/datetime.go +++ b/vendor/github.com/elastic/beats/libbeat/common/datetime.go @@ -43,6 +43,10 @@ func ParseTime(timespec string) (Time, error) { return Time(t), err } +func (t Time) String() string { + return time.Time(t).Format(TsLayout) +} + // MustParseTime is a convenience equivalent of the ParseTime function // that panics in case of errors. func MustParseTime(timespec string) Time { @@ -50,5 +54,6 @@ func MustParseTime(timespec string) Time { if err != nil { panic(err) } + return ts } diff --git a/vendor/github.com/elastic/beats/libbeat/common/event.go b/vendor/github.com/elastic/beats/libbeat/common/event.go index 28b36209..24addc3b 100644 --- a/vendor/github.com/elastic/beats/libbeat/common/event.go +++ b/vendor/github.com/elastic/beats/libbeat/common/event.go @@ -7,6 +7,7 @@ import ( "reflect" "strconv" "strings" + "time" "github.com/elastic/beats/libbeat/logp" @@ -118,6 +119,26 @@ func normalizeValue(value interface{}, keys ...string) (interface{}, []error) { return nil, nil } + // Normalize time values to a common.Time with UTC time zone. + switch v := value.(type) { + case time.Time: + value = Time(v.UTC()) + case []time.Time: + times := make([]Time, 0, len(v)) + for _, t := range v { + times = append(times, Time(t.UTC())) + } + value = times + case Time: + value = Time(time.Time(v).UTC()) + case []Time: + times := make([]Time, 0, len(v)) + for _, t := range v { + times = append(times, Time(time.Time(t).UTC())) + } + value = times + } + switch value.(type) { case encoding.TextMarshaler: text, err := value.(encoding.TextMarshaler).MarshalText() diff --git a/vendor/github.com/elastic/beats/libbeat/common/event_test.go b/vendor/github.com/elastic/beats/libbeat/common/event_test.go index 6a8a7fa6..59e41afc 100644 --- a/vendor/github.com/elastic/beats/libbeat/common/event_test.go +++ b/vendor/github.com/elastic/beats/libbeat/common/event_test.go @@ -3,6 +3,7 @@ package common import ( "encoding/json" "testing" + "time" "github.com/elastic/beats/libbeat/logp" "github.com/stretchr/testify/assert" @@ -315,6 +316,27 @@ func TestMarshalFloatValues(t *testing.T) { assert.Equal(string(b), "{\"f\":5.000000}") } +func TestNormalizeTime(t *testing.T) { + ny, err := time.LoadLocation("America/New_York") + if err != nil { + t.Fatal(err) + } + + now := time.Now().In(ny) + v, errs := normalizeValue(now, "@timestamp") + if len(errs) > 0 { + t.Fatal(errs) + } + + utcCommonTime, ok := v.(Time) + if !ok { + t.Fatalf("expected common.Time, but got %T (%v)", v, v) + } + + assert.Equal(t, time.UTC, time.Time(utcCommonTime).Location()) + assert.True(t, now.Equal(time.Time(utcCommonTime))) +} + // Uses TextMarshaler interface. func BenchmarkConvertToGenericEventNetString(b *testing.B) { for i := 0; i < b.N; i++ { diff --git a/vendor/github.com/elastic/beats/libbeat/common/fmtstr/formatevents.go b/vendor/github.com/elastic/beats/libbeat/common/fmtstr/formatevents.go index 494480d9..06f2f589 100644 --- a/vendor/github.com/elastic/beats/libbeat/common/fmtstr/formatevents.go +++ b/vendor/github.com/elastic/beats/libbeat/common/fmtstr/formatevents.go @@ -408,6 +408,7 @@ func fieldString(event common.MapStr, field string) (string, error) { if err != nil { logp.Warn("Can not convert key '%v' value to string", v) } + return s, err } @@ -419,6 +420,8 @@ func tryConvString(v interface{}) (string, error) { switch s := v.(type) { case string: return s, nil + case common.Time: + return s.String(), nil case []byte: return string(s), nil case stringer: diff --git a/vendor/github.com/elastic/beats/libbeat/common/fmtstr/formatevents_test.go b/vendor/github.com/elastic/beats/libbeat/common/fmtstr/formatevents_test.go index 43e79a0c..53eb1135 100644 --- a/vendor/github.com/elastic/beats/libbeat/common/fmtstr/formatevents_test.go +++ b/vendor/github.com/elastic/beats/libbeat/common/fmtstr/formatevents_test.go @@ -91,6 +91,18 @@ func TestEventFormatString(t *testing.T) { "timestamp: 2015.05.01", []string{"key"}, }, + { + "test timestamp formatter", + "%{[@timestamp]}: %{+YYYY.MM.dd}", + common.MapStr{ + "@timestamp": common.Time( + time.Date(2015, 5, 1, 20, 12, 34, 0, time.Local), + ), + "key": "timestamp", + }, + "2015-05-01T20:12:34.000Z: 2015.05.01", + []string{"@timestamp"}, + }, } for i, test := range tests { diff --git a/vendor/github.com/elastic/beats/libbeat/common/geolite.go b/vendor/github.com/elastic/beats/libbeat/common/geolite.go index 38abad3c..914c2eb7 100644 --- a/vendor/github.com/elastic/beats/libbeat/common/geolite.go +++ b/vendor/github.com/elastic/beats/libbeat/common/geolite.go @@ -30,6 +30,7 @@ func LoadGeoIPData(config Geoip) *libgeo.GeoIP { // look for the first existing path var geoipPath string for _, path := range geoipPaths { + path = filepath.Clean(path) fi, err := os.Lstat(path) if err != nil { logp.Err("GeoIP path could not be loaded: %s", path) diff --git a/vendor/github.com/elastic/beats/libbeat/common/url.go b/vendor/github.com/elastic/beats/libbeat/common/url.go new file mode 100644 index 00000000..6cd402ad --- /dev/null +++ b/vendor/github.com/elastic/beats/libbeat/common/url.go @@ -0,0 +1,70 @@ +package common + +import ( + "fmt" + "net" + "net/url" + "regexp" + "strconv" + "strings" +) + +var hasScheme = regexp.MustCompile(`^([a-z][a-z0-9+\-.]*)://`) + +// MakeURL creates the url based on the url configuration. +// Adds missing parts with defaults (scheme, host, port) +func MakeURL(defaultScheme string, defaultPath string, rawURL string, defaultPort int) (string, error) { + + if defaultScheme == "" { + defaultScheme = "http" + } + + if !hasScheme.MatchString(rawURL) { + rawURL = fmt.Sprintf("%v://%v", defaultScheme, rawURL) + } + + addr, err := url.Parse(rawURL) + if err != nil { + return "", err + } + + scheme := addr.Scheme + host := addr.Host + port := strconv.Itoa(defaultPort) + + if host == "" { + host = "localhost" + } else { + + // split host and optional port + if splitHost, splitPort, err := net.SplitHostPort(host); err == nil { + host = splitHost + port = splitPort + } + + // Check if ipv6 + if strings.Count(host, ":") > 1 && strings.Count(host, "]") == 0 { + host = "[" + host + "]" + } + } + + // Assign default path if not set + if addr.Path == "" { + addr.Path = defaultPath + } + + // reconstruct url + addr.Scheme = scheme + addr.Host = host + ":" + port + + return addr.String(), nil +} + +func EncodeURLParams(url string, params url.Values) string { + + if len(params) == 0 { + return url + } + + return strings.Join([]string{url, "?", params.Encode()}, "") +} diff --git a/vendor/github.com/elastic/beats/libbeat/common/url_test.go b/vendor/github.com/elastic/beats/libbeat/common/url_test.go new file mode 100644 index 00000000..37cb8a5e --- /dev/null +++ b/vendor/github.com/elastic/beats/libbeat/common/url_test.go @@ -0,0 +1,103 @@ +// +build !integration + +package common + +import ( + "fmt" + "net/url" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestGetUrl(t *testing.T) { + + // List of inputs / outputs that must match after fetching url + // Setting a path without a scheme is not allowed. Example: 192.168.1.1:9200/hello + inputOutput := map[string]string{ + + "": "http://localhost:9200", + "http://localhost": "http://localhost:9200", + "http://localhost:80": "http://localhost:80", + "http://localhost:80/": "http://localhost:80/", + "http://localhost/": "http://localhost:9200/", + + // no schema + hostname + "33f3600fd5c1bb599af557c36a4efb08.host": "http://33f3600fd5c1bb599af557c36a4efb08.host:9200", + "33f3600fd5c1bb599af557c36a4efb08.host:12345": "http://33f3600fd5c1bb599af557c36a4efb08.host:12345", + "localhost": "http://localhost:9200", + "localhost:80": "http://localhost:80", + "localhost:80/": "http://localhost:80/", + "localhost/": "http://localhost:9200/", + "localhost/mypath": "http://localhost:9200/mypath", + + // shema + ipv4 + "http://192.168.1.1:80": "http://192.168.1.1:80", + "https://192.168.1.1:80/hello": "https://192.168.1.1:80/hello", + "http://192.168.1.1": "http://192.168.1.1:9200", + "http://192.168.1.1/hello": "http://192.168.1.1:9200/hello", + + // no schema + ipv4 + "192.168.1.1": "http://192.168.1.1:9200", + "192.168.1.1:80": "http://192.168.1.1:80", + "192.168.1.1/hello": "http://192.168.1.1:9200/hello", + "192.168.1.1:80/hello": "http://192.168.1.1:80/hello", + + // schema + ipv6 + "http://[2001:db8::1]:80": "http://[2001:db8::1]:80", + "http://[2001:db8::1]": "http://[2001:db8::1]:9200", + "https://[2001:db8::1]:9200": "https://[2001:db8::1]:9200", + "http://FE80:0000:0000:0000:0202:B3FF:FE1E:8329": "http://[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]:9200", + "http://[2001:db8::1]:80/hello": "http://[2001:db8::1]:80/hello", + "http://[2001:db8::1]/hello": "http://[2001:db8::1]:9200/hello", + "https://[2001:db8::1]:9200/hello": "https://[2001:db8::1]:9200/hello", + "http://FE80:0000:0000:0000:0202:B3FF:FE1E:8329/hello": "http://[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]:9200/hello", + + // no schema + ipv6 + "2001:db8::1": "http://[2001:db8::1]:9200", + "[2001:db8::1]:80": "http://[2001:db8::1]:80", + "[2001:db8::1]": "http://[2001:db8::1]:9200", + "2001:db8::1/hello": "http://[2001:db8::1]:9200/hello", + "[2001:db8::1]:80/hello": "http://[2001:db8::1]:80/hello", + "[2001:db8::1]/hello": "http://[2001:db8::1]:9200/hello", + } + + for input, output := range inputOutput { + urlNew, err := MakeURL("", "", input, 9200) + assert.Nil(t, err) + assert.Equal(t, output, urlNew, fmt.Sprintf("input: %v", input)) + } + + inputOutputWithDefaults := map[string]string{ + "http://localhost": "http://localhost:9200/hello", + "http://localhost/test": "http://localhost:9200/test", + "192.156.4.5": "https://192.156.4.5:9200/hello", + "http://username:password@es.found.io:9324": "http://username:password@es.found.io:9324/hello", + } + + for input, output := range inputOutputWithDefaults { + urlNew, err := MakeURL("https", "/hello", input, 9200) + assert.Nil(t, err) + assert.Equal(t, output, urlNew) + } + +} + +func TestURLParamsEncode(t *testing.T) { + + inputOutputWithParams := map[string]string{ + "http://localhost": "http://localhost:5601?dashboard=first&dashboard=second", + } + + params := url.Values{} + params.Add("dashboard", "first") + params.Add("dashboard", "second") + + for input, output := range inputOutputWithParams { + urlNew, err := MakeURL("", "", input, 5601) + urlWithParams := EncodeURLParams(urlNew, params) + assert.Nil(t, err) + assert.Equal(t, output, urlWithParams) + } + +} diff --git a/vendor/github.com/elastic/beats/libbeat/common/version.go b/vendor/github.com/elastic/beats/libbeat/common/version.go new file mode 100644 index 00000000..ceccac80 --- /dev/null +++ b/vendor/github.com/elastic/beats/libbeat/common/version.go @@ -0,0 +1,79 @@ +package common + +import ( + "fmt" + "strconv" + "strings" +) + +type Version struct { + version string + Major int + Minor int + Bugfix int + Meta string +} + +// NewVersion expects a string in the format: +// major.minor.bugfix(-meta) +func NewVersion(version string) (*Version, error) { + + v := Version{ + version: version, + } + + // Check for meta info + if strings.Contains(version, "-") { + tmp := strings.Split(version, "-") + version = tmp[0] + v.Meta = tmp[1] + } + + versions := strings.Split(version, ".") + if len(versions) != 3 { + return nil, fmt.Errorf("Passed version is not semver: %s", version) + } + + var err error + v.Major, err = strconv.Atoi(versions[0]) + if err != nil { + return nil, fmt.Errorf("Could not convert major to integer: %s", versions[0]) + } + + v.Minor, err = strconv.Atoi(versions[1]) + if err != nil { + return nil, fmt.Errorf("Could not convert minor to integer: %s", versions[1]) + } + + v.Bugfix, err = strconv.Atoi(versions[2]) + if err != nil { + return nil, fmt.Errorf("Could not convert bugfix to integer: %s", versions[2]) + } + + return &v, nil +} + +func (v *Version) IsMajor(major int) bool { + return major == v.Major +} + +// LessThan returns true if v is strictly smaller than v1. When comparing, the major, +// minor and bugfix numbers are compared in order. The meta part is not taken into account. +func (v *Version) LessThan(v1 *Version) bool { + if v.Major < v1.Major { + return true + } else if v.Major == v1.Major { + if v.Minor < v1.Minor { + return true + } else if v.Minor == v1.Minor { + if v.Bugfix < v1.Bugfix { + return true + } + } + } + return false +} + +func (v *Version) String() string { + return v.version +} diff --git a/vendor/github.com/elastic/beats/libbeat/common/version_test.go b/vendor/github.com/elastic/beats/libbeat/common/version_test.go new file mode 100644 index 00000000..ae03fc6c --- /dev/null +++ b/vendor/github.com/elastic/beats/libbeat/common/version_test.go @@ -0,0 +1,96 @@ +package common + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestVersion(t *testing.T) { + + tests := []struct { + version string + err bool + result Version + }{ + { + version: "1.2.3", + err: false, + result: Version{Major: 1, Minor: 2, Bugfix: 3, version: "1.2.3"}, + }, + { + version: "1.3.3", + err: false, + result: Version{Major: 1, Minor: 3, Bugfix: 3, version: "1.3.3"}, + }, + { + version: "1.3.2-alpha1", + err: false, + result: Version{Major: 1, Minor: 3, Bugfix: 2, version: "1.3.2-alpha1", Meta: "alpha1"}, + }, + { + version: "alpha1", + err: true, + }, + } + + for _, test := range tests { + v, err := NewVersion(test.version) + if test.err { + assert.Error(t, err) + continue + } else { + assert.NoError(t, err) + } + assert.Equal(t, *v, test.result) + } +} + +func TestVersionLessThan(t *testing.T) { + tests := []struct { + name string + version string + version1 string + result bool + }{ + { + name: "1.2.3 < 2.0.0", + version: "1.2.3", + version1: "2.0.0", + result: true, + }, + { + name: "1.2.3 = 1.2.3-beta1", + version: "1.2.3", + version1: "1.2.3-beta1", + result: false, + }, + { + name: "5.4.1 < 5.4.2", + version: "5.4.1", + version1: "5.4.2", + result: true, + }, + { + name: "5.5.1 > 5.4.2", + version: "5.5.1", + version1: "5.4.2", + result: false, + }, + { + name: "6.1.1-alpha3 < 6.2.0", + version: "6.1.1-alpha3", + version1: "6.2.0", + result: true, + }, + } + + for _, test := range tests { + v, err := NewVersion(test.version) + assert.NoError(t, err) + v1, err := NewVersion(test.version1) + assert.NoError(t, err) + + assert.Equal(t, v.LessThan(v1), test.result, test.name) + } +} diff --git a/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/config.go b/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/config.go index d3abebf3..6c793804 100644 --- a/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/config.go +++ b/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/config.go @@ -1,6 +1,6 @@ package dashboards -type DashboardsConfig struct { +type Config struct { Enabled bool `config:"enabled"` KibanaIndex string `config:"kibana_index"` Index string `config:"index"` @@ -14,10 +14,10 @@ type DashboardsConfig struct { SnapshotURL string `config:"snapshot_url"` } -var defaultDashboardsConfig = DashboardsConfig{ +var defaultConfig = Config{ KibanaIndex: ".kibana", } var ( defaultURLPattern = "https://artifacts.elastic.co/downloads/beats/beats-dashboards/beats-dashboards-%s.zip" - snapshotURLPattern = "https://beats-nightlies.s3.amazonaws.com/dashboards/beats-dashboards-%s-SNAPSHOT.zip" + snapshotURLPattern = "https://snapshots.elastic.co/downloads/beats/beats-dashboards/beats-dashboards-%s-SNAPSHOT.zip" ) diff --git a/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/dashboards.go b/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/dashboards.go index 734413e5..f1534bb2 100644 --- a/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/dashboards.go +++ b/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/dashboards.go @@ -2,41 +2,150 @@ package dashboards import ( "fmt" + "strconv" + "strings" "github.com/elastic/beats/libbeat/common" - "github.com/elastic/beats/libbeat/outputs/elasticsearch" ) -// DashboardLoader is a subset of the Elasticsearch client API capable of -// loading the dashboards. -type DashboardLoader interface { - LoadJSON(path string, json map[string]interface{}) ([]byte, error) - CreateIndex(index string, body interface{}) (int, *elasticsearch.QueryResult, error) -} +func ImportDashboards(beatName, beatVersion string, + kibanaConfig *common.Config, esConfig *common.Config, + dashboardsConfig *common.Config) error { -func ImportDashboards(beatName, beatVersion string, esClient DashboardLoader, cfg *common.Config) error { - if cfg == nil || !cfg.Enabled() { + if dashboardsConfig == nil || !dashboardsConfig.Enabled() { return nil } - dashConfig := defaultDashboardsConfig + dashConfig := defaultConfig dashConfig.Beat = beatName dashConfig.URL = fmt.Sprintf(defaultURLPattern, beatVersion) dashConfig.SnapshotURL = fmt.Sprintf(snapshotURLPattern, beatVersion) - err := cfg.Unpack(&dashConfig) + err := dashboardsConfig.Unpack(&dashConfig) if err != nil { return err } - importer, err := NewImporter(&dashConfig, esClient, nil) - if err != nil { - return nil + if esConfig != nil { + status, err := ImportDashboardsViaElasticsearch(esConfig, &dashConfig, nil) + if err != nil { + return err + } + if status { + // the dashboards were imported via Elasticsearch + return nil + } } - if err := importer.Import(); err != nil { + err = ImportDashboardsViaKibana(kibanaConfig, &dashConfig, nil) + if err != nil { return err } return nil } + +func ImportDashboardsViaKibana(config *common.Config, dashConfig *Config, msgOutputter MessageOutputter) error { + if config == nil { + config = common.NewConfig() + } + if !config.Enabled() { + return nil + } + + kibanaLoader, err := NewKibanaLoader(config, dashConfig, msgOutputter) + if err != nil { + return fmt.Errorf("fail to create the Kibana loader: %v", err) + } + + defer kibanaLoader.Close() + + if !isKibanaAPIavailable(kibanaLoader.version) { + return fmt.Errorf("Kibana API is not available in Kibana version %s", kibanaLoader.version) + } + + importer, err := NewImporter("default", dashConfig, *kibanaLoader) + if err != nil { + return fmt.Errorf("fail to create a Kibana importer for loading the dashboards: %v", err) + } + + if err := importer.Import(); err != nil { + return fmt.Errorf("fail to import the dashboards in Kibana: %v", err) + } + + return nil +} + +func ImportDashboardsViaElasticsearch(config *common.Config, dashConfig *Config, msgOutputter MessageOutputter) (bool, error) { + esLoader, err := NewElasticsearchLoader(config, dashConfig, msgOutputter) + if err != nil { + return false, fmt.Errorf("fail to create the Elasticsearch loader: %v", err) + } + defer esLoader.Close() + + esLoader.statusMsg("Elasticsearch URL %v", esLoader.client.Connection.URL) + + majorVersion, _, err := getMajorAndMinorVersion(esLoader.version) + if err != nil { + return false, fmt.Errorf("wrong Elasticsearch version: %v", err) + } + + if majorVersion >= 6 { + esLoader.statusMsg("For Elasticsearch version >= 6.0.0, the Kibana dashboards need to be imported via the Kibana API.") + return false, nil + } + + if err := esLoader.CreateKibanaIndex(); err != nil { + return false, fmt.Errorf("fail to create the kibana index: %v", err) + } + + importer, err := NewImporter("5.x", dashConfig, *esLoader) + if err != nil { + return false, fmt.Errorf("fail to create an Elasticsearch importer for loading the dashboards: %v", err) + } + + if err := importer.Import(); err != nil { + return false, fmt.Errorf("fail to import the dashboards in Elasticsearch: %v", err) + } + + return true, nil +} + +func getMajorAndMinorVersion(version string) (int, int, error) { + fields := strings.Split(version, ".") + if len(fields) != 3 { + return 0, 0, fmt.Errorf("wrong version %s", version) + } + majorVersion := fields[0] + minorVersion := fields[1] + + majorVersionInt, err := strconv.Atoi(majorVersion) + if err != nil { + return 0, 0, err + } + + minorVersionInt, err := strconv.Atoi(minorVersion) + if err != nil { + return 0, 0, err + } + + return majorVersionInt, minorVersionInt, nil +} + +func isKibanaAPIavailable(version string) bool { + + majorVersion, minorVersion, err := getMajorAndMinorVersion(version) + if err != nil { + return false + } + + if majorVersion == 5 && minorVersion >= 6 { + return true + } + + if majorVersion >= 6 { + return true + } + + return false +} diff --git a/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/es_loader.go b/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/es_loader.go new file mode 100644 index 00000000..f1439466 --- /dev/null +++ b/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/es_loader.go @@ -0,0 +1,288 @@ +package dashboards + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "path" + "path/filepath" + "strings" + + "github.com/elastic/beats/libbeat/common" + "github.com/elastic/beats/libbeat/logp" + "github.com/elastic/beats/libbeat/outputs/elasticsearch" +) + +type ElasticsearchLoader struct { + client *elasticsearch.Client + config *Config + version string + msgOutputter MessageOutputter +} + +func NewElasticsearchLoader(cfg *common.Config, dashboardsConfig *Config, msgOutputter MessageOutputter) (*ElasticsearchLoader, error) { + if cfg == nil || !cfg.Enabled() { + return nil, fmt.Errorf("Elasticsearch output is not configured/enabled") + } + + esClient, err := elasticsearch.NewConnectedClient(cfg) + if err != nil { + return nil, fmt.Errorf("Error creating Elasticsearch client: %v", err) + } + + version := esClient.GetVersion() + + loader := ElasticsearchLoader{ + client: esClient, + config: dashboardsConfig, + version: version, + msgOutputter: msgOutputter, + } + + loader.statusMsg("Initialize the Elasticsearch %s loader", version) + + return &loader, nil +} + +// CreateKibanaIndex creates the kibana index if it doesn't exists and sets +// some index properties which are needed as a workaround for: +// https://github.com/elastic/beats-dashboards/issues/94 +func (loader ElasticsearchLoader) CreateKibanaIndex() error { + status, err := loader.client.IndexExists(loader.config.KibanaIndex) + + if err != nil { + if status != 404 { + return err + } + + _, _, err = loader.client.CreateIndex(loader.config.KibanaIndex, nil) + if err != nil { + return fmt.Errorf("Failed to create index: %v", err) + } + + _, _, err = loader.client.CreateIndex(loader.config.KibanaIndex+"/_mapping/search", + common.MapStr{ + "search": common.MapStr{ + "properties": common.MapStr{ + "hits": common.MapStr{ + "type": "integer", + }, + "version": common.MapStr{ + "type": "integer", + }, + }, + }, + }) + if err != nil { + return fmt.Errorf("Failed to set the mapping: %v", err) + } + } + + return nil +} + +func (loader ElasticsearchLoader) ImportIndex(file string) error { + reader, err := ioutil.ReadFile(file) + if err != nil { + return err + } + var indexContent common.MapStr + json.Unmarshal(reader, &indexContent) + + indexName, ok := indexContent["title"].(string) + if !ok { + return fmt.Errorf("Missing title in the index-pattern file at %s", file) + } + + if loader.config.Index != "" { + // change index pattern name + loader.statusMsg("Change index in index-pattern %s", indexName) + indexContent["title"] = loader.config.Index + } + + path := "/" + loader.config.KibanaIndex + "/index-pattern/" + indexName + + if _, err = loader.client.LoadJSON(path, indexContent); err != nil { + return err + } + + return nil +} + +func (loader ElasticsearchLoader) importJSONFile(fileType string, file string) error { + path := "/" + loader.config.KibanaIndex + "/" + fileType + + reader, err := ioutil.ReadFile(file) + if err != nil { + return fmt.Errorf("Failed to read %s. Error: %s", file, err) + } + var jsonContent map[string]interface{} + json.Unmarshal(reader, &jsonContent) + fileBase := strings.TrimSuffix(filepath.Base(file), filepath.Ext(file)) + + body, err := loader.client.LoadJSON(path+"/"+fileBase, jsonContent) + if err != nil { + return fmt.Errorf("Failed to load %s under %s/%s: %s. Response body: %s", file, path, fileBase, err, body) + } + + return nil +} + +func (loader ElasticsearchLoader) importPanelsFromDashboard(file string) (err error) { + // directory with the dashboards + dir := filepath.Dir(file) + + // main directory with dashboard, search, visualizations directories + mainDir := filepath.Dir(dir) + + reader, err := ioutil.ReadFile(file) + if err != nil { + return + } + type record struct { + Title string `json:"title"` + PanelsJSON string `json:"panelsJSON"` + } + type panel struct { + ID string `json:"id"` + Type string `json:"type"` + } + + var jsonContent record + json.Unmarshal(reader, &jsonContent) + + var widgets []panel + json.Unmarshal([]byte(jsonContent.PanelsJSON), &widgets) + + for _, widget := range widgets { + if widget.Type == "visualization" { + err = loader.importVisualization(path.Join(mainDir, "visualization", widget.ID+".json")) + if err != nil { + return err + } + } else if widget.Type == "search" { + err = loader.importSearch(path.Join(mainDir, "search", widget.ID+".json")) + if err != nil { + return err + } + } else { + loader.statusMsg("Widgets: %v", widgets) + return fmt.Errorf("Unknown panel type %s in %s", widget.Type, file) + } + } + return +} + +func (loader ElasticsearchLoader) importVisualization(file string) error { + loader.statusMsg("Import visualization %s", file) + if err := loader.importJSONFile("visualization", file); err != nil { + return err + } + + return loader.importSearchFromVisualization(file) +} + +func (loader ElasticsearchLoader) importSearch(file string) error { + reader, err := ioutil.ReadFile(file) + if err != nil { + return err + } + searchName := strings.TrimSuffix(filepath.Base(file), filepath.Ext(file)) + + var searchContent common.MapStr + err = json.Unmarshal(reader, &searchContent) + if err != nil { + return fmt.Errorf("Failed to unmarshal search content %s: %v", searchName, err) + } + + if loader.config.Index != "" { + // change index pattern name + if savedObject, ok := searchContent["kibanaSavedObjectMeta"].(map[string]interface{}); ok { + if source, ok := savedObject["searchSourceJSON"].(string); ok { + var record common.MapStr + err = json.Unmarshal([]byte(source), &record) + if err != nil { + return fmt.Errorf("Failed to unmarshal searchSourceJSON from search %s: %v", searchName, err) + } + + if _, ok := record["index"]; ok { + record["index"] = loader.config.Index + } + searchSourceJSON, err := json.Marshal(record) + if err != nil { + return fmt.Errorf("Failed to marshal searchSourceJSON: %v", err) + } + + savedObject["searchSourceJSON"] = string(searchSourceJSON) + } + } + } + + path := "/" + loader.config.KibanaIndex + "/search/" + searchName + loader.statusMsg("Import search %s", file) + + if _, err = loader.client.LoadJSON(path, searchContent); err != nil { + return err + } + + return nil +} + +func (loader ElasticsearchLoader) importSearchFromVisualization(file string) error { + type record struct { + Title string `json:"title"` + SavedSearchID string `json:"savedSearchId"` + } + + reader, err := ioutil.ReadFile(file) + if err != nil { + return nil + } + + var jsonContent record + json.Unmarshal(reader, &jsonContent) + id := jsonContent.SavedSearchID + if len(id) == 0 { + // no search used + return nil + } + + // directory with the visualizations + dir := filepath.Dir(file) + + // main directory + mainDir := filepath.Dir(dir) + + searchFile := path.Join(mainDir, "search", id+".json") + + if searchFile != "" { + // visualization depends on search + if err := loader.importSearch(searchFile); err != nil { + return err + } + } + return nil +} + +func (loader ElasticsearchLoader) ImportDashboard(file string) error { + /* load dashboard */ + err := loader.importJSONFile("dashboard", file) + if err != nil { + return err + } + + /* load the visualizations and searches that depend on the dashboard */ + return loader.importPanelsFromDashboard(file) +} + +func (loader ElasticsearchLoader) Close() error { + return loader.client.Close() +} + +func (loader ElasticsearchLoader) statusMsg(msg string, a ...interface{}) { + if loader.msgOutputter != nil { + loader.msgOutputter(msg, a...) + } else { + logp.Debug("dashboards", msg, a...) + } +} diff --git a/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/importer_integration_test.go b/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/es_loader_test.go similarity index 64% rename from vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/importer_integration_test.go rename to vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/es_loader_test.go index 15938668..7c8cd078 100644 --- a/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/importer_integration_test.go +++ b/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/es_loader_test.go @@ -3,6 +3,7 @@ package dashboards import ( + "strings" "testing" "github.com/elastic/beats/libbeat/logp" @@ -15,13 +16,27 @@ func TestImporter(t *testing.T) { logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"*"}) } - client := elasticsearch.GetTestingElasticsearch() - - imp, err := NewImporter(&DashboardsConfig{ + dashboardsConfig := Config{ KibanaIndex: ".kibana-test", File: "testdata/testbeat-dashboards.zip", Beat: "testbeat", - }, client, nil) + } + + client := elasticsearch.GetTestingElasticsearch() + if strings.HasPrefix(client.Connection.GetVersion(), "6.") { + t.Skip("Skipping tests for Elasticsearch 6.x releases") + } + + loader := ElasticsearchLoader{ + client: client, + config: &dashboardsConfig, + } + + err := loader.CreateKibanaIndex() + + assert.NoError(t, err) + + imp, err := NewImporter("5.x", &dashboardsConfig, loader) assert.NoError(t, err) @@ -37,13 +52,23 @@ func TestImporterEmptyBeat(t *testing.T) { logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"*"}) } - client := elasticsearch.GetTestingElasticsearch() - - imp, err := NewImporter(&DashboardsConfig{ + dashboardsConfig := Config{ KibanaIndex: ".kibana-test-nobeat", File: "testdata/testbeat-dashboards.zip", Beat: "", - }, client, nil) + } + + client := elasticsearch.GetTestingElasticsearch() + if strings.HasPrefix(client.Connection.GetVersion(), "6.") { + t.Skip("Skipping tests for Elasticsearch 6.x releases") + } + + loader := ElasticsearchLoader{ + client: client, + config: &dashboardsConfig, + } + + imp, err := NewImporter("5.x", &dashboardsConfig, loader) assert.NoError(t, err) diff --git a/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/importer.go b/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/importer.go index 7ce1b577..5bde305a 100644 --- a/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/importer.go +++ b/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/importer.go @@ -2,7 +2,6 @@ package dashboards import ( "archive/zip" - "encoding/json" "errors" "fmt" "io" @@ -12,9 +11,6 @@ import ( "path" "path/filepath" "strings" - - "github.com/elastic/beats/libbeat/common" - "github.com/elastic/beats/libbeat/logp" ) // MessageOutputter is a function type for injecting status logging @@ -22,43 +18,37 @@ import ( type MessageOutputter func(msg string, a ...interface{}) type Importer struct { - cfg *DashboardsConfig - client DashboardLoader - msgOutputter *MessageOutputter + cfg *Config + version string + + loader Loader } -func NewImporter(cfg *DashboardsConfig, client DashboardLoader, msgOutputter *MessageOutputter) (*Importer, error) { +type Loader interface { + ImportIndex(file string) error + ImportDashboard(file string) error + statusMsg(msg string, a ...interface{}) + Close() error +} + +func NewImporter(version string, cfg *Config, loader Loader) (*Importer, error) { return &Importer{ - cfg: cfg, - client: client, - msgOutputter: msgOutputter, + cfg: cfg, + version: version, + loader: loader, }, nil } -func (imp Importer) statusMsg(msg string, a ...interface{}) { - if imp.msgOutputter != nil { - (*imp.msgOutputter)(msg, a...) - } else { - logp.Debug("dashboards", msg, a...) - } -} - // Import imports the Kibana dashboards according to the configuration options. func (imp Importer) Import() error { - - err := imp.CreateKibanaIndex() - if err != nil { - return fmt.Errorf("Error creating Kibana index: %v", err) - } - if imp.cfg.Dir != "" { - err = imp.ImportKibana(imp.cfg.Dir) + err := imp.ImportKibanaDir(imp.cfg.Dir) if err != nil { return fmt.Errorf("Error importing directory %s: %v", imp.cfg.Dir, err) } } else { if imp.cfg.URL != "" || imp.cfg.Snapshot || imp.cfg.File != "" { - err = imp.ImportArchive() + err := imp.ImportArchive() if err != nil { return fmt.Errorf("Error importing URL/file: %v", err) } @@ -69,271 +59,38 @@ func (imp Importer) Import() error { return nil } -// CreateKibanaIndex creates the kibana index if it doesn't exists and sets -// some index properties which are needed as a workaround for: -// https://github.com/elastic/beats-dashboards/issues/94 -func (imp Importer) CreateKibanaIndex() error { - imp.client.CreateIndex(imp.cfg.KibanaIndex, nil) - _, _, err := imp.client.CreateIndex(imp.cfg.KibanaIndex+"/_mapping/search", - common.MapStr{ - "search": common.MapStr{ - "properties": common.MapStr{ - "hits": common.MapStr{ - "type": "integer", - }, - "version": common.MapStr{ - "type": "integer", - }, - }, - }, - }) - if err != nil { - fmt.Fprintln(os.Stderr, fmt.Sprintf("Failed to set the mapping - %s", err)) - } - return nil -} - -func (imp Importer) ImportJSONFile(fileType string, file string) error { - - path := "/" + imp.cfg.KibanaIndex + "/" + fileType - - reader, err := ioutil.ReadFile(file) - if err != nil { - return fmt.Errorf("Failed to read %s. Error: %s", file, err) - } - var jsonContent map[string]interface{} - json.Unmarshal(reader, &jsonContent) - fileBase := strings.TrimSuffix(filepath.Base(file), filepath.Ext(file)) - - body, err := imp.client.LoadJSON(path+"/"+fileBase, jsonContent) - if err != nil { - return fmt.Errorf("Failed to load %s under %s/%s: %s. Response body: %s", file, path, fileBase, err, body) - } - - return nil -} - func (imp Importer) ImportDashboard(file string) error { + imp.loader.statusMsg("Import dashboard %s", file) - imp.statusMsg("Import dashboard %s", file) - - /* load dashboard */ - err := imp.ImportJSONFile("dashboard", file) - if err != nil { - return err - } - - /* load the visualizations and searches that depend on the dashboard */ - err = imp.importPanelsFromDashboard(file) - if err != nil { - return err - } - - return nil -} - -func (imp Importer) importPanelsFromDashboard(file string) (err error) { - - // directory with the dashboards - dir := filepath.Dir(file) - - // main directory with dashboard, search, visualizations directories - mainDir := filepath.Dir(dir) - - reader, err := ioutil.ReadFile(file) - if err != nil { - return - } - type record struct { - Title string `json:"title"` - PanelsJSON string `json:"panelsJSON"` - } - type panel struct { - ID string `json:"id"` - Type string `json:"type"` - } - - var jsonContent record - json.Unmarshal(reader, &jsonContent) - - var widgets []panel - json.Unmarshal([]byte(jsonContent.PanelsJSON), &widgets) - - for _, widget := range widgets { - - if widget.Type == "visualization" { - err = imp.ImportVisualization(path.Join(mainDir, "visualization", widget.ID+".json")) - if err != nil { - return err - } - } else if widget.Type == "search" { - err = imp.ImportSearch(path.Join(mainDir, "search", widget.ID+".json")) - if err != nil { - return err - } - } else { - imp.statusMsg("Widgets: %v", widgets) - return fmt.Errorf("Unknown panel type %s in %s", widget.Type, file) - } - } - return -} - -func (imp Importer) importSearchFromVisualization(file string) error { - type record struct { - Title string `json:"title"` - SavedSearchID string `json:"savedSearchId"` - } - - reader, err := ioutil.ReadFile(file) - if err != nil { - return nil - } - - var jsonContent record - json.Unmarshal(reader, &jsonContent) - id := jsonContent.SavedSearchID - if len(id) == 0 { - // no search used - return nil - } - - // directory with the visualizations - dir := filepath.Dir(file) - - // main directory - mainDir := filepath.Dir(dir) - - searchFile := path.Join(mainDir, "search", id+".json") - - if searchFile != "" { - // visualization depends on search - if err := imp.ImportSearch(searchFile); err != nil { - return err - } - } - return nil -} - -func (imp Importer) ImportVisualization(file string) error { - - imp.statusMsg("Import visualization %s", file) - if err := imp.ImportJSONFile("visualization", file); err != nil { - return err - } - - err := imp.importSearchFromVisualization(file) - if err != nil { - return err - } - return nil -} - -func (imp Importer) ImportSearch(file string) error { - - reader, err := ioutil.ReadFile(file) - if err != nil { - return err - } - searchName := strings.TrimSuffix(filepath.Base(file), filepath.Ext(file)) - - var searchContent common.MapStr - err = json.Unmarshal(reader, &searchContent) - if err != nil { - return fmt.Errorf("Failed to unmarshal search content %s: %v", searchName, err) - } - - if imp.cfg.Index != "" { - - // change index pattern name - if savedObject, ok := searchContent["kibanaSavedObjectMeta"].(map[string]interface{}); ok { - if source, ok := savedObject["searchSourceJSON"].(string); ok { - var record common.MapStr - err = json.Unmarshal([]byte(source), &record) - if err != nil { - return fmt.Errorf("Failed to unmarshal searchSourceJSON from search %s: %v", searchName, err) - } - - if _, ok := record["index"]; ok { - record["index"] = imp.cfg.Index - } - searchSourceJSON, err := json.Marshal(record) - if err != nil { - return fmt.Errorf("Failed to marshal searchSourceJSON: %v", err) - } - - savedObject["searchSourceJSON"] = string(searchSourceJSON) - } - } - - } - - path := "/" + imp.cfg.KibanaIndex + "/search/" + searchName - imp.statusMsg("Import search %s", file) - - if _, err = imp.client.LoadJSON(path, searchContent); err != nil { - return err - } - - return nil -} - -func (imp Importer) ImportIndex(file string) error { - - reader, err := ioutil.ReadFile(file) - if err != nil { - return err - } - var indexContent common.MapStr - json.Unmarshal(reader, &indexContent) - - indexName, ok := indexContent["title"].(string) - if !ok { - return errors.New(fmt.Sprintf("Missing title in the index-pattern file at %s", file)) - } - - if imp.cfg.Index != "" { - // change index pattern name - imp.statusMsg("Change index in index-pattern %s", indexName) - indexContent["title"] = imp.cfg.Index - } - - path := "/" + imp.cfg.KibanaIndex + "/index-pattern/" + indexName - imp.statusMsg("Import index to %s from %s\n", path, file) - - if _, err = imp.client.LoadJSON(path, indexContent); err != nil { - return err - } - return nil - + return imp.loader.ImportDashboard(file) } func (imp Importer) ImportFile(fileType string, file string) error { + imp.loader.statusMsg("Import %s from %s\n", fileType, file) if fileType == "dashboard" { - return imp.ImportDashboard(file) + return imp.loader.ImportDashboard(file) } else if fileType == "index-pattern" { - return imp.ImportIndex(file) + return imp.loader.ImportIndex(file) } return fmt.Errorf("Unexpected file type %s", fileType) } func (imp Importer) ImportDir(dirType string, dir string) error { + imp.loader.statusMsg("Import directory %s", dir) dir = path.Join(dir, dirType) - - imp.statusMsg("Import directory %s", dir) - errors := []string{} + var errors []string files, err := filepath.Glob(path.Join(dir, "*.json")) if err != nil { return fmt.Errorf("Failed to read directory %s. Error: %s", dir, err) } + if len(files) == 0 { return fmt.Errorf("The directory %s is empty, nothing to import", dir) } for _, file := range files { - err = imp.ImportFile(dirType, file) if err != nil { errors = append(errors, fmt.Sprintf(" error loading %s: %s", file, err)) @@ -343,24 +100,22 @@ func (imp Importer) ImportDir(dirType string, dir string) error { return fmt.Errorf("Failed to load directory %s:\n%s", dir, strings.Join(errors, "\n")) } return nil - } func (imp Importer) unzip(archive, target string) error { - - imp.statusMsg("Unzip archive %s", target) + imp.loader.statusMsg("Unzip archive %s", target) reader, err := zip.OpenReader(archive) if err != nil { return err } - for _, file := range reader.File { + // Closure to close the files on each iteration + unzipFile := func(file *zip.File) error { filePath := filepath.Join(target, file.Name) if file.FileInfo().IsDir() { - os.MkdirAll(filePath, file.Mode()) - continue + return os.MkdirAll(filePath, file.Mode()) } fileReader, err := file.Open() if err != nil { @@ -377,26 +132,33 @@ func (imp Importer) unzip(archive, target string) error { if _, err := io.Copy(targetFile, fileReader); err != nil { return err } + return nil + } + + for _, file := range reader.File { + err := unzipFile(file) + if err != nil { + return err + } } return nil } func (imp Importer) ImportArchive() error { - var archive string target, err := ioutil.TempDir("", "tmp") if err != nil { - return errors.New("Failed to generate a temporary directory name") + return fmt.Errorf("Failed to generate a temporary directory name: %v", err) } if err = os.MkdirAll(target, 0755); err != nil { - return fmt.Errorf("Failed to create a temporary directory: %v", target) + return fmt.Errorf("Failed to create a temporary directory %s: %v", target, err) } defer os.RemoveAll(target) // clean up - imp.statusMsg("Create temporary directory %s", target) + imp.loader.statusMsg("Created temporary directory %s", target) if imp.cfg.File != "" { archive = imp.cfg.File } else if imp.cfg.Snapshot { @@ -404,12 +166,12 @@ func (imp Importer) ImportArchive() error { url := imp.cfg.SnapshotURL archive, err = imp.downloadFile(url, target) if err != nil { - return fmt.Errorf("Failed to download snapshot file: %s", url) + return fmt.Errorf("Failed to download snapshot file: %s. Error: %v", url, err) } } else if imp.cfg.URL != "" { archive, err = imp.downloadFile(imp.cfg.URL, target) if err != nil { - return fmt.Errorf("Failed to download file: %s", imp.cfg.URL) + return fmt.Errorf("Failed to download file: %s. Error: %v", imp.cfg.URL, err) } } else { return errors.New("No archive file or URL is set - please use -file or -url option") @@ -417,7 +179,7 @@ func (imp Importer) ImportArchive() error { err = imp.unzip(archive, target) if err != nil { - return fmt.Errorf("Failed to unzip the archive: %s", archive) + return fmt.Errorf("Failed to unzip the archive: %s: %v", archive, err) } dirs, err := getDirectories(target) if err != nil { @@ -433,9 +195,9 @@ func (imp Importer) ImportArchive() error { } for _, dir := range dirs { - imp.statusMsg("Importing Kibana from %s", dir) + imp.loader.statusMsg("Importing Kibana from %s", dir) if imp.cfg.Beat == "" || filepath.Base(dir) == imp.cfg.Beat { - err = imp.ImportKibana(dir) + err = imp.ImportKibanaDir(dir) if err != nil { return err } @@ -445,7 +207,6 @@ func (imp Importer) ImportArchive() error { } func getDirectories(target string) ([]string, error) { - files, err := ioutil.ReadDir(target) if err != nil { return nil, err @@ -461,10 +222,9 @@ func getDirectories(target string) ([]string, error) { } func (imp Importer) downloadFile(url string, target string) (string, error) { - fileName := filepath.Base(url) targetPath := path.Join(target, fileName) - imp.statusMsg("Downloading %s", url) + imp.loader.statusMsg("Downloading %s", url) // Create the file out, err := os.Create(targetPath) @@ -478,6 +238,9 @@ func (imp Importer) downloadFile(url string, target string) (string, error) { if err != nil { return targetPath, err } + if resp.StatusCode != 200 { + return targetPath, fmt.Errorf("Server returned: %s", resp.Status) + } defer resp.Body.Close() // Writer the body to file @@ -490,10 +253,13 @@ func (imp Importer) downloadFile(url string, target string) (string, error) { } // import Kibana dashboards and index-pattern or only one of these -func (imp Importer) ImportKibana(dir string) error { - +func (imp Importer) ImportKibanaDir(dir string) error { var err error + dir = path.Join(dir, imp.version) + + imp.loader.statusMsg("Importing directory %v", dir) + if _, err := os.Stat(dir); err != nil { return fmt.Errorf("No directory %s", dir) } @@ -517,7 +283,6 @@ func (imp Importer) ImportKibana(dir string) error { return fmt.Errorf("The directory %s does not contain the %s subdirectory."+ " There is nothing to import into Kibana.", dir, strings.Join(check, " or ")) } - for _, t := range types { err = imp.ImportDir(t, dir) if err != nil { diff --git a/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/kibana_loader.go b/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/kibana_loader.go new file mode 100644 index 00000000..952f927e --- /dev/null +++ b/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/kibana_loader.go @@ -0,0 +1,78 @@ +package dashboards + +import ( + "bytes" + "fmt" + "io/ioutil" + "net/url" + + "github.com/elastic/beats/libbeat/common" + "github.com/elastic/beats/libbeat/logp" + "github.com/elastic/beats/libbeat/setup/kibana" +) + +var importAPI = "/api/kibana/dashboards/import" + +type KibanaLoader struct { + client *kibana.Client + config *Config + version string + msgOutputter MessageOutputter +} + +func NewKibanaLoader(cfg *common.Config, dashboardsConfig *Config, msgOutputter MessageOutputter) (*KibanaLoader, error) { + client, err := kibana.NewKibanaClient(cfg) + if err != nil { + return nil, fmt.Errorf("Error creating Kibana client: %v", err) + } + + loader := KibanaLoader{ + client: client, + config: dashboardsConfig, + version: client.GetVersion(), + msgOutputter: msgOutputter, + } + + loader.statusMsg("Initialize the Kibana %s loader", client.GetVersion()) + + return &loader, nil +} + +func (loader KibanaLoader) ImportIndex(file string) error { + params := url.Values{} + params.Set("force", "true") //overwrite the existing dashboards + + // read json file + content, err := ioutil.ReadFile(file) + if err != nil { + return fmt.Errorf("fail to read index-pattern: %v", err) + } + + return loader.client.ImportJSON(importAPI, params, bytes.NewBuffer(content)) +} + +func (loader KibanaLoader) ImportDashboard(file string) error { + params := url.Values{} + params.Set("force", "true") //overwrite the existing dashboards + params.Add("exclude", "index-pattern") //don't import the index pattern from the dashboards + + // read json file + content, err := ioutil.ReadFile(file) + if err != nil { + return fmt.Errorf("fail to read index-pattern: %v", err) + } + + return loader.client.ImportJSON(importAPI, params, bytes.NewBuffer(content)) +} + +func (loader KibanaLoader) Close() error { + return loader.client.Close() +} + +func (loader KibanaLoader) statusMsg(msg string, a ...interface{}) { + if loader.msgOutputter != nil { + loader.msgOutputter(msg, a...) + } else { + logp.Debug("dashboards", msg, a...) + } +} diff --git a/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/testdata/testbeat-dashboards.zip b/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/testdata/testbeat-dashboards.zip index 010cb96b..5c7ac9b5 100644 Binary files a/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/testdata/testbeat-dashboards.zip and b/vendor/github.com/elastic/beats/libbeat/dashboards/dashboards/testdata/testbeat-dashboards.zip differ diff --git a/vendor/github.com/elastic/beats/libbeat/dashboards/import_dashboards.go b/vendor/github.com/elastic/beats/libbeat/dashboards/import_dashboards.go index d81de51b..63b37450 100644 --- a/vendor/github.com/elastic/beats/libbeat/dashboards/import_dashboards.go +++ b/vendor/github.com/elastic/beats/libbeat/dashboards/import_dashboards.go @@ -5,15 +5,11 @@ import ( "flag" "fmt" "os" - "time" lbeat "github.com/elastic/beats/libbeat/beat" - "github.com/elastic/beats/libbeat/common/fmtstr" + "github.com/elastic/beats/libbeat/common" "github.com/elastic/beats/libbeat/dashboards/dashboards" - "github.com/elastic/beats/libbeat/outputs" "github.com/elastic/beats/libbeat/outputs/elasticsearch" - "github.com/elastic/beats/libbeat/outputs/outil" - "github.com/elastic/beats/libbeat/outputs/transport" ) var usage = fmt.Sprintf(` @@ -37,6 +33,7 @@ var beat string type Options struct { KibanaIndex string + Kibana string ES string Index string Dir string @@ -76,10 +73,11 @@ func DefineCommandLine() (*CommandLine, error) { cl.flagSet.PrintDefaults() } - cl.flagSet.StringVar(&cl.opt.KibanaIndex, "k", ".kibana", "Kibana index") - cl.flagSet.StringVar(&cl.opt.ES, "es", "http://127.0.0.1:9200", "Elasticsearch URL") - cl.flagSet.StringVar(&cl.opt.User, "user", "", "Username to connect to Elasticsearch. By default no username is passed.") - cl.flagSet.StringVar(&cl.opt.Pass, "pass", "", "Password to connect to Elasticsearch. By default no password is passed.") + cl.flagSet.StringVar(&cl.opt.KibanaIndex, "k", ".kibana", "Kibana index where to store the dashboards in Elasticsearch. This is set only in case the dashboards are loaded to Elasticsearch.") + cl.flagSet.StringVar(&cl.opt.Kibana, "kibana", "", "Kibana URL") + cl.flagSet.StringVar(&cl.opt.ES, "es", "http://127.0.0.1:9200", "Elasticsearch URL. The dashboards are loaded by default to Elasticsearch.") + cl.flagSet.StringVar(&cl.opt.User, "user", "", "Username to connect to Elasticsearch or Kibana API. By default no username is passed.") + cl.flagSet.StringVar(&cl.opt.Pass, "pass", "", "Password to connect to Elasticsearch or Kibana API. By default no password is passed.") cl.flagSet.StringVar(&cl.opt.Index, "i", "", "The Elasticsearch index name. This overwrites the index name defined in the dashboards and index pattern. Example: metricbeat-*") cl.flagSet.StringVar(&cl.opt.Dir, "dir", "", "Directory containing the subdirectories: dashboard, visualization, search, index-pattern. Example: etc/kibana/") cl.flagSet.StringVar(&cl.opt.File, "file", "", "Zip archive file containing the Beats dashboards. The archive contains a directory for each Beat.") @@ -122,20 +120,28 @@ func (cl *CommandLine) ParseCommandLine() error { return nil } -func New() (*dashboards.Importer, error) { +func ImportDashboards() error { /* define the command line arguments */ cl, err := DefineCommandLine() if err != nil { cl.flagSet.Usage() - return nil, err + return err } /* parse command line arguments */ err = cl.ParseCommandLine() if err != nil { - return nil, err + return err } - cfg := dashboards.DashboardsConfig{ + /* prepare the Elasticsearch index pattern */ + //fmtstr, err := fmtstr.CompileEvent(cl.opt.Index) + //if err != nil { + // return fmt.Errorf("Failed to build the Elasticsearch index pattern: %s", err) + //} + //indexSel := outil.MakeSelector(outil.FmtSelectorExpr(fmtstr, "")) + + /* Dashboards config */ + cfg := dashboards.Config{ Enabled: true, KibanaIndex: cl.opt.KibanaIndex, Index: cl.opt.Index, @@ -149,50 +155,51 @@ func New() (*dashboards.Importer, error) { SnapshotURL: fmt.Sprintf("https://beats-nightlies.s3.amazonaws.com/dashboards/beats-dashboards-%s-SNAPSHOT.zip", lbeat.GetDefaultVersion()), } - /* prepare the Elasticsearch index pattern */ - fmtstr, err := fmtstr.CompileEvent(cl.opt.Index) - if err != nil { - return nil, fmt.Errorf("Failed to build the Elasticsearch index pattern: %s", err) - } - indexSel := outil.MakeSelector(outil.FmtSelectorExpr(fmtstr, "")) - - var tlsConfig outputs.TLSConfig - var tls *transport.TLSConfig - + /* TLS config */ + tlsConfig := common.MapStr{} if cl.opt.Insecure { - tlsConfig.VerificationMode = transport.VerifyNone + tlsConfig["verification_mode"] = "none" } if len(cl.opt.Certificate) > 0 && len(cl.opt.CertificateKey) > 0 { - tlsConfig.Certificate = outputs.CertificateConfig{ - Certificate: cl.opt.Certificate, - Key: cl.opt.CertificateKey, - } + tlsConfig["certificate"] = cl.opt.Certificate + tlsConfig["key"] = cl.opt.CertificateKey } if len(cl.opt.CertificateAuthority) > 0 { - tlsConfig.CAs = []string{cl.opt.CertificateAuthority} + tlsConfig["certificate_authorities"] = fmt.Sprintf("[%s]", cl.opt.CertificateAuthority) } - tls, err = outputs.LoadTLSConfig(&tlsConfig) - if err != nil { - return nil, fmt.Errorf("Failed to load the SSL certificate: %s", err) + if len(tlsConfig) > 0 { + tlsConfig["enabled"] = "true" } - /* connect to Elasticsearch */ - client, err := elasticsearch.NewClient( - elasticsearch.ClientSettings{ - URL: cl.opt.ES, - Index: indexSel, - TLS: tls, - Username: cl.opt.User, - Password: cl.opt.Pass, - Timeout: 60 * time.Second, - }, - nil, - ) - if err != nil { - return nil, fmt.Errorf("Failed to connect to Elasticsearch: %s", err) + optionsES := struct { + Hosts []string `config:"hosts"` + + Username string `config:"username"` + Password string `config:"password"` + + TLS common.MapStr `config:"ssl"` + }{ + Hosts: []string{cl.opt.ES}, + Username: cl.opt.User, + Password: cl.opt.Pass, + TLS: tlsConfig, + } + + optionsKibana := struct { + Host string `config:"host"` + + Username string `config:"username"` + Password string `config:"password"` + + TLS common.MapStr `config:"ssl"` + }{ + Host: cl.opt.Kibana, + Username: cl.opt.User, + Password: cl.opt.Pass, + TLS: tlsConfig, } statusMsg := dashboards.MessageOutputter(func(msg string, a ...interface{}) { @@ -206,19 +213,32 @@ func New() (*dashboards.Importer, error) { fmt.Println(fmt.Sprintf(msg, a...)) } }) + cfgKibana, err := common.NewConfigFrom(optionsKibana) + if err != nil { + return fmt.Errorf("Fail to create a common.Config from the Kibana options: %v", err) + } + cfgES, err := common.NewConfigFrom(optionsES) + if err != nil { + return fmt.Errorf("Fail to create a common.Config from the Elasticsearch options: %v", err) + } - return dashboards.NewImporter(&cfg, client, &statusMsg) + if cl.opt.Kibana != "" { + return dashboards.ImportDashboardsViaKibana(cfgKibana, &cfg, statusMsg) + } + + if cl.opt.ES != "" { + _, err = dashboards.ImportDashboardsViaElasticsearch(cfgES, &cfg, statusMsg) + if err != nil { + return err + + } + } + return nil } func main() { - importer, err := New() - if err != nil { - fmt.Fprintln(os.Stderr, err) - fmt.Fprintln(os.Stderr, "Exiting") - os.Exit(1) - } - err = importer.Import() + err := ImportDashboards() if err != nil { fmt.Fprintln(os.Stderr, err) fmt.Fprintln(os.Stderr, "Exiting") diff --git a/vendor/github.com/elastic/beats/libbeat/docs/communitybeats.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/communitybeats.asciidoc index ee0e930e..b60201ce 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/communitybeats.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/communitybeats.asciidoc @@ -13,16 +13,22 @@ https://github.com/verticle-io/apexbeat[apexbeat]:: Extracts configurable contex https://github.com/goomzee/burrowbeat[burrowbeat]:: Monitors Kafka consumer lag using Burrow. https://github.com/goomzee/cassandrabeat[cassandrabeat]:: Uses Cassandra's nodetool cfstats utility to monitor Cassandra database nodes and lag. https://github.com/hartfordfive/cloudflarebeat[cloudflarebeat]:: Indexes log entries from the Cloudflare Enterprise Log Share API. +https://github.com/jarl-tornroos/cloudfrontbeat[cloudfrontbeat]:: Reads log events from Amazon Web Services https://aws.amazon.com/cloudfront/[CloudFront]. https://github.com/aidan-/cloudtrailbeat[cloudtrailbeat]:: Reads events from Amazon Web Services' https://aws.amazon.com/cloudtrail/[CloudTrail]. +https://github.com/narmitech/cloudwatchmetricbeat[cloudwatchmetricbeat]:: A beat for Amazon Web Services' https://aws.amazon.com/cloudwatch/details/#other-aws-resource-monitoring[CloudWatch Metrics]. +https://github.com/e-travel/cloudwatchlogsbeat[cloudwatchlogsbeat]:: Reads log events from Amazon Web Services' https://aws.amazon.com/cloudwatch/details/#log-monitoring[CloudWatch Logs]. https://github.com/raboof/connbeat[connbeat]:: Exposes metadata about TCP connections. https://github.com/Pravoru/consulbeat[consulbeat]:: Reads services health checks from consul and pushes them to Elastic. https://github.com/Ingensi/dockbeat[dockbeat]:: Reads Docker container statistics and indexes them in Elasticsearch. https://github.com/radoondas/elasticbeat[elasticbeat]:: Reads status from an Elasticsearch cluster and indexes them in Elasticsearch. +https://github.com/gamegos/etcdbeat[etcdbeat]:: Reads stats from the Etcd v2 API and indexes them into Elasticsearch. https://github.com/christiangalsterer/execbeat[execbeat]:: Periodically executes shell commands and sends the standard output and standard error to Logstash or Elasticsearch. https://github.com/jarpy/factbeat[factbeat]:: Collects facts from https://puppetlabs.com/facter[Facter]. https://github.com/FStelzer/flowbeat[flowbeat]:: Collects, parses, and indexes http://www.sflow.org/index.php[sflow] samples. +https://github.com/GeneralElectric/GABeat[gabeat]:: Collects data from Google Analytics Realtime API. +https://github.com/jlevesy/githubbeat[githubbeat]:: Easily monitors GitHub repository activity. https://github.com/hpcugent/gpfsbeat[gpfsbeat]:: Collects GPFS metric and quota information. https://github.com/YaSuenag/hsbeat[hsbeat]:: Reads all performance counters in Java HotSpot VM. https://github.com/christiangalsterer/httpbeat[httpbeat]:: Polls multiple HTTP(S) endpoints and sends the data to @@ -32,11 +38,12 @@ https://github.com/icinga/icingabeat[icingabeat]:: Icingabeat ships events and s https://github.com/devopsmakers/iobeat[iobeat]:: Reads IO stats from /proc/diskstats on Linux. https://github.com/radoondas/jmxproxybeat[jmxproxybeat]:: Reads Tomcat JMX metrics exposed over 'JMX Proxy Servlet' to HTTP. https://github.com/mheese/journalbeat[journalbeat]:: Used for log shipping from systemd/journald based Linux systems. -https://github.com/dearcode/kafkabeat[kafkabeat]:: read data from kafka with Consumer-groups. +https://github.com/dearcode/kafkabeat[kafkabeat]:: read data from kafka with Consumer-groups. https://github.com/eskibars/lmsensorsbeat[lmsensorsbeat]:: Collects data from lm-sensors (such as CPU temperatures, fan speeds, and voltages from i2c and smbus). https://github.com/consulthys/logstashbeat[logstashbeat]:: Collects data from Logstash monitoring API (v5 onwards) and indexes them in Elasticsearch. https://github.com/yedamao/mcqbeat[mcqbeat]:: Reads the status of queues from memcacheq. https://github.com/scottcrespo/mongobeat[mongobeat]:: Monitors MongoDB instances and can be configured to send multiple document types to Elasticsearch. +https://github.com/nathan-K-/mqttbeat[mqttbeat]:: Add messages from mqtt topics to Elasticsearch. https://github.com/adibendahan/mysqlbeat[mysqlbeat]:: Run any query on MySQL and send results to Elasticsearch. https://github.com/PhaedrusTheGreek/nagioscheckbeat[nagioscheckbeat]:: For Nagios checks and performance data. https://github.com/mrkschan/nginxbeat[nginxbeat]:: Reads status from Nginx. @@ -49,9 +56,12 @@ https://github.com/kozlice/phpfpmbeat[phpfpmbeat]:: Reads status from PHP-FPM. https://github.com/joshuar/pingbeat[pingbeat]:: Sends ICMP pings to a list of targets and stores the round trip time (RTT) in Elasticsearch. https://github.com/carlpett/prombeat[prombeat]:: Indexes https://prometheus.io[Prometheus] metrics. +https://github.com/infonova/prometheusbeat[prometheusbeat]:: Send Prometheus metrics to Elasticsearch via the remote write feature. +https://github.com/hartfordfive/protologbeat[protologbeat]:: Accepts structured and unstructured logs via UDP or TCP. Can also be used to receive syslog messages or GELF formatted messages. (To be used as a successor to udplogbeat) https://github.com/voigt/redditbeat[redditbeat]:: Collects new Reddit Submissions of one or multiple Subreddits. https://github.com/chrsblck/redisbeat[redisbeat]:: Used for Redis monitoring. https://github.com/consulthys/retsbeat[retsbeat]:: Collects counts of http://www.reso.org[RETS] resource/class records from https://en.wikipedia.org/wiki/Multiple_listing_service[Multiple Listing Service] (MLS) servers. +https://github.com/yourdream/rsbeat[rsbeat]:: Ships redis slow logs to elasticsearch and anlyze by Kibana. https://github.com/martinhoefling/saltbeat[saltbeat]:: Reads events from salt master event bus. https://github.com/consulthys/springbeat[springbeat]:: Collects health and metrics data from Spring Boot applications running with the actuator module. https://github.com/buehler/go-elastic-twitterbeat[twitterbeat]:: Reads tweets for specified screen names. @@ -60,8 +70,9 @@ https://github.com/hartfordfive/udplogbeat[udplogbeat]:: Accept events via local https://github.com/cleesmith/unifiedbeat[unifiedbeat]:: Reads records from Unified2 binary files generated by network intrusion detection software and indexes the records in Elasticsearch. https://github.com/mrkschan/uwsgibeat[uwsgibeat]:: Reads stats from uWSGI. -https://github.com/eskibars/wmibeat[wmibeat]:: Uses WMI to grab your favorite, configurable Windows metrics. - +https://github.com/phenomenes/varnishlogbeat[varnishlogbeat]:: Reads log data from a Varnish instance and ships it to Elasticsearch. +https://github.com/phenomenes/varnishstatbeat[varnishstatbeat]:: Reads stats data from a Varnish instance and ships it to Elasticsearch. +https://github.com/eskibars/wmibeat[wmibeat]:: Uses WMI to grab your favorite, configurable Windows metrics. Have you created a Beat that's not listed? If so, add the name and description of your Beat to the source document for https://github.com/elastic/beats/blob/master/libbeat/docs/communitybeats.asciidoc[Community Beats] and https://help.github.com/articles/using-pull-requests[open a pull request] in the https://github.com/elastic/beats[Beats GitHub repository] to get your change merged. When you're ready, go ahead and https://discuss.elastic.co/c/annoucements[announce] your new Beat in the Elastic diff --git a/vendor/github.com/elastic/beats/libbeat/docs/config-file-format.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/config-file-format.asciidoc index 9a08649d..4d0ca428 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/config-file-format.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/config-file-format.asciidoc @@ -110,7 +110,7 @@ Simple filebeat example with partially collapsed setting names and use of compac filebeat.prospectors: - input_type: log - paths: ["/var/log/*.log"] + paths: ["/var/log/*.log"] multiline.pattern: '^[' multiline.match: after @@ -213,44 +213,7 @@ format-string-with-date: '%{[fieldname]}-%{+yyyy.MM.dd}' [[config-file-format-env-vars]] === Environment Variables -Beats support use of environment variables in config files to set values that -need to be configurable during deployment. Environment variable expansion is -introduced using `${VAR}`, where `VAR` is the name of the environment variable. - -Note: Only values can be set using environment variables. Environment variables -usage in namespace and setting names are not supported. - -Variable references are replaced when settings are read by beats. The -replacement is case-sensitive and occurs after the YAML file itself has been -parsed. References to undefined variables will lead to errors when dereferenced -and no default value is specified. To specify a default value, use: - -`${VAR:default_value}` - -Where `default_value` is the value to use if the environment variable is -undefined. - -If you need to use a literal `${` in your configuration file then you can write -`$${` to escape the expansion. The `$` symbol can be used to escape other -characters in the default_value like using `$}` in order to generate a `}` -character without closing the variable expansion. - -After changing the value of an environment variable, the beat needs to be -restarted to pick up the new value. - -[float] -==== Examples - -Here are some examples of configurations that use environment variables -and what each configuration looks like after replacement: - -[options="header"] -|================================== -|Config source |Environment setting |Config after replacement -|`name: ${NAME}` |`export NAME=elastic` |`name: elastic` -|`name: ${NAME:beats}` |no setting |`name: beats` -|`name: ${NAME:beats}` |`export NAME=elastic` |`name: elastic` -|================================== +include::shared-env-vars.asciidoc[] [[config-gile-format-refs]] === Reference Variables @@ -333,7 +296,7 @@ When installed via an RPM or DEB package, the config file at `/etc/{beatname}/{beatname}.yml` will have the proper owner and permissions. The file is owned by `root` and has file permissions of `0644` (`-rw-r--r--`). -You may encounter the following errors if your config file fails these checks: +You may encounter the following errors if your config file fails these checks: ["source","sh"] -------------------------------------------------------------------------------- @@ -341,7 +304,7 @@ Exiting: error loading config file: config file ("{beatname}.yml") must be owned by the beat user (uid=501) or root -------------------------------------------------------------------------------- -To correct this problem you can use either `chown root {beatname}.yml` or +To correct this problem you can use either `chown root {beatname}.yml` or `chown 501 {beatname}.yml` to change the owner of the configuration file. ["source","sh"] @@ -351,7 +314,7 @@ writable by the owner but the permissions are "-rw-rw-r--" (to fix the permissions use: 'chmod go-w /etc/{beatname}/{beatname}.yml') -------------------------------------------------------------------------------- -To correct this problem, use `chown go-w /etc/{beatname}/{beatname}.yml` to +To correct this problem, use `chmod go-w /etc/{beatname}/{beatname}.yml` to remove write privileges from anyone other than the owner. ==== Disabling Strict Permission Checks @@ -370,7 +333,43 @@ use this, for example, for setting defaults in a base configuration file, and overwrite settings via local configuration files. In addition to overwriting settings using multiple configuration files, -individual settings can be overwritten using `-E =`. +individual settings can be overwritten using `-E =`. The +`` can be either a single value or a complex object, such as a list or +dictionary. + +For example, given the following configuration: + +["source","yaml"] +-------------------------------------------------------------------------------- +output.elasticsearch: + hosts: ["http://localhost:9200"] + username: username + password: password +-------------------------------------------------------------------------------- + +You can disable the Elasticsearch output and write all events to the console by +setting: + +["source","sh"] +-------------------------------------------------------------------------------- +-E output='{elasticsearch.enabled: false, console.pretty: true}' +-------------------------------------------------------------------------------- + +Any complex objects that you specify at the command line are merged with the +original configuration, and the following configuration is passed to the Beat: + +["source","yaml"] +-------------------------------------------------------------------------------- +output.elasticsearch: + enabled: false + hosts: ["http://localhost:9200"] + username: username + password: password + +output.console: + pretty: true +-------------------------------------------------------------------------------- + [[config-file-format-tips]] === YAML Tips and Gotchas diff --git a/vendor/github.com/elastic/beats/libbeat/docs/dashboards.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/dashboards.asciidoc index 88427870..d4ac6e26 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/dashboards.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/dashboards.asciidoc @@ -16,7 +16,7 @@ {beatname_uc} comes packaged with the `scripts/import_dashboards` script that you can use to import the example dashboards, visualizations, and searches for {beatname_uc}. The script also creates an index pattern, -+{beatname_lc}-*+, for {beatname_uc}. ++{beatname_lc}-*+, for {beatname_uc}. The steps in this section show how to import {beatname_uc} dashboards. You may want to import dashboards for more than one Beat or specify import options that aren't described here. See {libbeat}/import-dashboards.html[Importing Existing Beat Dashboards] @@ -28,21 +28,28 @@ ifdef::allplatforms[] *deb, rpm, and mac:* -From the directory where you installed {beatname_uc}, run the `import_dashboards` script. +From the directory where you installed {beatname_uc}, run the `import_dashboards` script. ["source","sh",subs="attributes,callouts"] ---------------------------------------------------------------------- ./scripts/import_dashboards ---------------------------------------------------------------------- -On deb and rpm, the `scripts` folder is located under the home path, which is +/usr/share/{beatname_lc}/+ unless you change it. +*docker:* + +["source","sh",subs="attributes"] +---------------------------------------------------------------------- +docker run {dockerimage} ./scripts/import_dashboards +---------------------------------------------------------------------- + +On deb, rpm, and docker, the `scripts` folder is located under the home path, which is +/usr/share/{beatname_lc}/+ unless you change it. By default, the script assumes that you are running Elasticsearch on `127.0.0.1:9200`. Use the `-es` option -to specify a different location. For example: +to specify a different location. For example: ["source","sh",subs="attributes,callouts"] ---------------------------------------------------------------------- -./scripts/import_dashboards -es http://192.168.33.60:9200 +./scripts/import_dashboards -es http://192.168.33.60:9200 ---------------------------------------------------------------------- Use the `-user` option to specify the username and password to use for Elasticsearch authentication. There are a few ways to pass @@ -51,7 +58,7 @@ in the username and password. For example: ["source","sh",subs="attributes,callouts"] ----------------------------------------------------------------------- ./scripts/import_dashboards -es https://xyz.found.io -user user -pass password <1> -./scripts/import_dashboards -es https://xyz.found.io -user admin -pass $(cat ~/pass-file) <2> +./scripts/import_dashboards -es https://xyz.found.io -user admin -pass $(cat ~/pass-file) <2> ----------------------------------------------------------------------- <1> Specify the username and password as options. @@ -63,9 +70,10 @@ endif::allplatforms[] Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select *Run As Administrator*). If you are running Windows XP, you may need -to download and install PowerShell. +to download and install PowerShell. -From the directory where you installed {beatname_uc}, run the `import_dashboards.exe` script: +From the PowerShell prompt, change to the directory where you installed {beatname_uc}, and run the +`import_dashboards.exe` script: ["source","sh",subs="attributes,callouts"] ---------------------------------------------------------------------- @@ -102,6 +110,6 @@ pattern is selected to see {beatname_uc} data. image:./images/kibana-created-indexes.png[Discover tab with index selected] To open the loaded dashboards, go to the *Dashboard* page and select the -dashboard that you want to open. +dashboard that you want to open. image:./images/kibana-navigation-vis.png[Navigation widget in Kibana] diff --git a/vendor/github.com/elastic/beats/libbeat/docs/gettingstarted.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/gettingstarted.asciidoc index e508c5fe..fd10d933 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/gettingstarted.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/gettingstarted.asciidoc @@ -1,5 +1,5 @@ [[getting-started]] -== Getting Started with Beats and the Elastic Stack +== Getting Started with Beats and the Elastic Stack Looking for an "ELK tutorial" that shows how to set up the Elastic stack for Beats? You've come to the right place. The topics in this section describe how to install and configure @@ -12,8 +12,8 @@ A regular _Beats setup_ consists of: * Kibana for the UI. See <>. * One or more Beats. You install the Beats on your servers to capture operational data. See <>. * Kibana dashboards for visualizing the data. - -See the https://www.elastic.co/support/matrix[Elastic Support Matrix] for information + +See the https://www.elastic.co/support/matrix[Elastic Support Matrix] for information about supported operating systems and product compatibility. NOTE: To get started, you can install Elasticsearch and Kibana on a @@ -173,10 +173,10 @@ The simplest architecture for the Beats platform setup consists of one or more B Elasticsearch, and Kibana. This architecture is easy to get started with and sufficient for networks with low traffic. It also uses the minimum amount of servers: a single machine running Elasticsearch and Kibana. The Beats -insert the transactions directly into the Elasticsearch instance. +insert the transactions directly into the Elasticsearch instance. If you want to perform additional processing or buffering on the data, however, -you'll want to install Logstash. +you'll want to install Logstash. An important advantage to this approach is that you can use Logstash to modify the data captured by Beats in any way you like. You can also @@ -267,44 +267,17 @@ endif::[] ==== Setting Up Logstash In this setup, the Beat sends events to Logstash. Logstash receives -these events by using the {logstashdoc}/plugins-inputs-beats.html[Beats input plugin for Logstash] and then sends the transaction to Elasticsearch by using the -{logstashdoc}/plugins-outputs-elasticsearch.html[Elasticsearch -output plugin for Logstash]. The Elasticsearch output plugin uses the bulk API, making -indexing very efficient. +these events by using the +{logstashdoc}/plugins-inputs-beats.html[Beats input plugin for Logstash] +and then sends the transaction to Elasticsearch by using the +{logstashdoc}/plugins-outputs-elasticsearch.html[Elasticsearch output plugin for Logstash]. +The Elasticsearch output plugin uses the bulk API, making indexing very efficient. -To set up Logstash: +To set up Logstash, you create a Logstash pipeline configuration file that +configures Logstash to listen on port 5044 for incoming Beats connections +and to index into Elasticsearch. For example, you can save the following +example configuration to a file called `logstash.conf`: -. Make sure you have the latest compatible version of the Beats input plugin for -Logstash installed. -+ -The Beats input plugin requires Logstash 1.5.4 or later. If you are using -Logstash 1.5.4, you must install the Beats input plugin before applying this -configuration because the plugin is not shipped with 1.5.4. -+ -To install -the required plugin, run the following command inside the logstash directory -(for deb and rpm installs, the directory is `/opt/logstash`). -+ -*deb, rpm, and mac:* -+ -["source","sh",subs="attributes,callouts"] ----------------------------------------------------------------------- -./bin/logstash-plugin install logstash-input-beats ----------------------------------------------------------------------- -+ -*win:* -+ -["source","sh",subs="attributes,callouts"] ----------------------------------------------------------------------- -bin\logstash-plugin install logstash-input-beats ----------------------------------------------------------------------- - -. Configure Logstash to listen on port 5044 for incoming Beats connections -and to index into Elasticsearch. You configure Logstash by creating a -configuration file. For example, you can save the following example configuration -to a file called `logstash.conf`: -+ --- [source,ruby] ------------------------------------------------------------------------------ input { @@ -313,6 +286,12 @@ input { } } +# The filter part of this file is commented out to indicate that it is +# optional. +# filter { +# +# } + output { elasticsearch { hosts => "localhost:9200" @@ -329,19 +308,21 @@ name to a date based on the Logstash `@timestamp` field. For example: <2> `%{[@metadata][type]}` sets the document type based on the value of the `type` metadata field. -Logstash uses this configuration to index events in Elasticsearch in the same -way that the Beat would, but you get additional buffering and other capabilities -provided by Logstash. --- +When you run Logstash with this configuration, it indexes events into +Elasticsearch in the same way that the Beat would, but you get access to other +capabilities provided by Logstash for collecting, enriching, and transforming +data. See the {logstashdoc}/introduction.html[Logstash introduction] for more +information about these capabilities. -To use this setup, you'll also need to configure your Beat to use Logstash. For more information, see the documentation for the Beat. +To use this setup, you'll also need to configure your Beat to use Logstash. +For more information, see the documentation for the Beat. [[logstash-input-update]] -==== Updating the Beats Input Plugin for Logstash +===== Updating the Beats Input Plugin for Logstash Plugins have their own release cycle and are often released independent of Logstash’s core release cycle. To ensure that you have the latest version of -the https://www.elastic.co/guide/en/logstash/current/plugins-inputs-beats.html[Beats input plugin for Logstash], +the https://www.elastic.co/guide/en/logstash/current/plugins-inputs-beats.html[Beats input plugin for Logstash], run the following command from your Logstash installation: *deb, rpm, and mac:* diff --git a/vendor/github.com/elastic/beats/libbeat/docs/loggingconfig.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/loggingconfig.asciidoc index df7d7e11..62c8691d 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/loggingconfig.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/loggingconfig.asciidoc @@ -15,8 +15,8 @@ The `logging` section of the +{beatname_lc}.yml+ config file contains options for configuring the Beats logging output. The logging system can write logs to -syslog or rotate log files. If logging is not explicitly configured, file output -is used on Windows systems, and syslog output is used on Linux and OS X. +the syslog or rotate log files. If logging is not explicitly configured, file +output is used on Windows systems, and syslog output is used on Linux and OS X. [source,yaml] ------------------------------------------------------------------------------ @@ -27,10 +27,12 @@ logging.files: path: /var/log/mybeat name: mybeat.log keepfiles: 7 + permissions: 0600 ------------------------------------------------------------------------------ -In addition to the logging system, the logging output configuration can be -modified from the command line. +TIP: In addition to setting logging options in the config file, you can modify +the logging output configuration from the command line. See +<>. ==== Logging Options @@ -38,20 +40,40 @@ You can specify the following options in the `logging` section of the +{beatname ===== to_syslog -If enabled, sends all logging output to syslog. The default -value is false. +When true, writes all logging output to the syslog. ===== to_files -Writes all logging output to files subject to file rotation. The -default value is true. +When true, writes all logging output to files. The log files are automatically +rotated when the log file size limit is reached. +NOTE: {beatname_uc} only creates a log file if there is logging output. For +example, if you set the log <> to `error` and there are no errors, +there will be no log file in the directory specified for logs. + +[[level]] ===== level -Minimum log level. One of debug, info, warning, error or critical. If debug is -used, but no selectors are configured, the `*` selector will be used. -The default log level is "info". +Minimum log level. One of `debug`, `info`, `warning`, `error`, or `critical`. +The default log level is `info`. +`debug`:: Logs debug messages, including a detailed printout of all events +flushed by the Beat. Also logs informational messages, warnings, errors, and +critical errors. When the log level is `debug`, you can specify a list of +<> to display debug messages for specific components. +If no selectors are specified, the `*` selector is used to display debug +messages for all components. + +`info`:: Logs informational messages, including the number of events +that are published. Also logs any warnings, errors, or critical errors. + +`warning`:: Logs warnings, errors, and critical errors. + +`error`:: Logs errors and critical errors. + +`critical`:: Logs critical errors only. + +[[selectors]] ===== selectors The list of debugging-only selector tags used by different Beats components. Use `*` @@ -103,6 +125,21 @@ The number of most recent rotated log files to keep on disk. Older files are deleted during log rotation. The default value is 7. The `keepfiles` options has to be in the range of 2 to 1024 files. +===== files.permissions + +The permissions mask to apply when rotating log files. The default value is 0600. The +`permissions` value must be a valid Unix-style file permissions mask expressed +in octal notation. In YAML, numbers in octal notation must start with '0'. + +Examples: + +* 0600: give read and write access to the file owner, and no access to all +others (default). +* 0644: give read and write access to the file owner, and read access to all +others. +* 0664: give read and write access to the file owner and members of the group +associated with the file, as well as read access to all other users. + ==== Logging Format The logging format is different for each logging type: diff --git a/vendor/github.com/elastic/beats/libbeat/docs/newbeat.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/newbeat.asciidoc index 7a6a7b71..952402d6 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/newbeat.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/newbeat.asciidoc @@ -352,7 +352,7 @@ countbeat: The config file is generated when you run `make setup` to <>. The file contains basic configuration information. To add configuration options to your Beat, you need to update the Go structures in -`config/config.go` and add the corresponding config options to `etc/beat.yml`. +`config/config.go` and add the corresponding config options to `_meta/beat.yml`. For example, if you add a config option called `path` to the Go structures: @@ -370,7 +370,7 @@ var DefaultConfig = Config{ ---------------------------------------------------------------------- -You also need to add `path` to `etc/beat.yml`: +You also need to add `path` to `_meta/beat.yml`: [source,yml] ---------------------------------------------------------------------- @@ -428,7 +428,7 @@ through the `client` variable. The `event := common.MapStr{}` stores the event in a json format, and `bt.client.PublishEvent(event)` publishes data to Elasticsearch. In the generated Beat, there are three fields in the event: @timestamp, type, and counter. -When you add fields to the event object, you also need to add them to the `etc/fields.yml` file: +When you add fields to the event object, you also need to add them to the `_meta/fields.yml` file: [source,yaml] ---------------------------------------------------------------------- diff --git a/vendor/github.com/elastic/beats/libbeat/docs/outputconfig.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/outputconfig.asciidoc index bc2fb52a..69e3b97c 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/outputconfig.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/outputconfig.asciidoc @@ -234,10 +234,10 @@ output.elasticsearch: pipelines: - pipeline: critical_pipeline when.equals: - type: "critical" + fields.type: "critical" - pipeline: normal_pipeline when.equals: - type: "normal" + fields.type: "normal" ------------------------------------------------------------------------------ ===== template @@ -283,6 +283,12 @@ Elasticsearch versions 2.x.y. The default is +{beatname_lc}.template-es2x.json+. *`2x.enabled`*:: If set to +false+, the +2x.path+ option is ignored and the default template is loaded regardless of the Elasticsearch version. +*`6x.path`*:: The path to the template file to load for +Elasticsearch versions 6.x.y. The default is +{beatname_lc}.template-es6x.json+. + +*`6x.enabled`*:: If set to +false+, the +6x.path+ option is ignored and the +default template is loaded regardless of the Elasticsearch version. + For example: ["source","yaml",subs="attributes,callouts"] @@ -448,11 +454,11 @@ The default value is true. [[hosts]] ===== hosts -The list of known Logstash servers to connect to. If load balancing is disabled, but -mutliple hosts are configured, one host is selected randomly (there is no precedence). +The list of known Logstash servers to connect to. If load balancing is disabled, but +mutliple hosts are configured, one host is selected randomly (there is no precedence). If one host becomes unreachable, another one is selected randomly. -All entries in this list can contain a port number. If no port number is given, the +All entries in this list can contain a port number. If no port number is given, the value specified for <> is used as the default port number. ===== compression_level @@ -574,6 +580,14 @@ Beats that publish single events (such as Packetbeat) send each event directly t Elasticsearch. Beats that publish data in batches (such as Filebeat) send events in batches based on the spooler size. +===== `slow_start` + +If enabled only a subset of events in a batch of events is transferred per transaction. +The number of events to be sent increases up to `bulk_max_size` if no error is encountered. +On error the number of events per transaction is reduced again. + +The default is `false`. + [[kafka-output]] === Kafka Output @@ -1227,6 +1241,15 @@ The following elliptic curve types are available: * P-384 * P-521 +===== renegotiation + +This configures what types of TLS renegotiation are supported. The valid options +are `never`, `once`, and `freely`. The default value is never. + +* `never` - Disables renegotiation. +* `once` - Allows a remote server to request renegotiation once per connection. +* `freely` - Allows a remote server to repeatedly request renegotiation. + [[configuration-output-codec]] === Output Codec diff --git a/vendor/github.com/elastic/beats/libbeat/docs/processors-config.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/processors-config.asciidoc index b7a71bc1..c2385760 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/processors-config.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/processors-config.asciidoc @@ -16,7 +16,7 @@ include::../../libbeat/docs/processors.asciidoc[] To define a processor, you specify the processor name, an optional condition, -and a set of parameters: +and a set of parameters: [source,yaml] ------ @@ -41,7 +41,7 @@ the event. * specifies an optional <>. If the condition is present, then the action is executed only if the condition is fulfilled. If no condition is passed, then the action is always executed. -* is the list of parameters to pass to the processor. +* is the list of parameters to pass to the processor. See <> for specific {beatname_uc} examples. @@ -51,7 +51,7 @@ See <> for specific {beatname_uc} examples. Each condition receives a field to compare. You can specify multiple fields under the same condition by using `AND` between the fields (for example, -`field1 AND field2`). +`field1 AND field2`). For each field, you can specify a simple field name or a nested map, for example `dns.question.name`. @@ -160,7 +160,7 @@ range: [[condition-or]] ==== OR -The `or` operator receives a list of conditions. +The `or` operator receives a list of conditions. [source,yaml] ------- @@ -173,7 +173,7 @@ or: ------- For example, to configure the condition -`http.response.code = 304 OR http.response.code = 404`: +`http.response.code = 304 OR http.response.code = 404`: [source,yaml] ------ @@ -188,7 +188,7 @@ or: [[condition-and]] ==== AND -The `and` operator receives a list of conditions. +The `and` operator receives a list of conditions. [source,yaml] ------- @@ -201,7 +201,7 @@ and: ------- For example, to configure the condition -`http.response.code = 200 AND status = OK`: +`http.response.code = 200 AND status = OK`: [source,yaml] ------ @@ -237,7 +237,7 @@ not: ------- -For example, to configure the condition `NOT status = OK`: +For example, to configure the condition `NOT status = OK`: [source,yaml] ------ @@ -351,9 +351,9 @@ replaces the strings with valid JSON objects. processors: - decode_json_fields: fields: ["field1", "field2", ...] - process_array: false + process_array: false max_depth: 1 - target: + target: "" overwrite_keys: false ----------------------------------------------------- @@ -366,7 +366,8 @@ arrays. The default is false. `target`:: (Optional) The field under which the decoded JSON will be written. By default the decoded JSON object replaces the string field from which it was read. To merge the decoded JSON fields into the root of the event, specify -`target` with an empty value (`target:`). +`target` with an empty string (`target: ""`). Note that the `null` value (`target:`) +is treated as if the field was not set at all. `overwrite_keys`:: (Optional) A boolean that specifies whether keys that already exist in the event are overwritten by keys from the decoded JSON object. The default value is false. @@ -376,7 +377,7 @@ default value is false. The `drop_event` processor drops the entire event if the associated condition is fulfilled. The condition is mandatory, because without one, all the events -are dropped. +are dropped. [source,yaml] ------ @@ -394,7 +395,7 @@ See <> for a list of supported conditions. The `drop_fields` processor specifies which fields to drop if a certain condition is fulfilled. The condition is optional. If it's missing, the specified fields are always dropped. The `@timestamp` and `type` fields cannot -be dropped, even if they show up in the `drop_fields` list. +be dropped, even if they show up in the `drop_fields` list. [source,yaml] ----------------------------------------------------- diff --git a/vendor/github.com/elastic/beats/libbeat/docs/regexp.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/regexp.asciidoc index e8f1777a..37955127 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/regexp.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/regexp.asciidoc @@ -12,7 +12,21 @@ [[regexp-support]] == Regular Expression Support -{beatname_uc} regular expression support is based on https://godoc.org/regexp/syntax[RE2]. +{beatname_uc} regular expression support is based on https://godoc.org/regexp/syntax[RE2]. + +ifeval::["{beatname_lc}"=="filebeat"] + +{beatname_uc} has several configuration options that accept regular expressions. +For example, <>, +<>, <>, and +<> all accept regular expressions. Some options, +however, such as the prospector <> option, accept only +glob-based paths. + +endif::[] + +Before using a regular expression in the config file, refer to the documentation +to verify that the option you are setting accepts a regular expression. NOTE: We recommend that you wrap regular expressions in single quotation marks to work around YAML's string escaping rules. For example, `'^\[?[0-9][0-9]:?[0-9][0-9]|^[[:graph:]]+'`. @@ -33,7 +47,7 @@ The following patterns are supported: [options="header"] |======================= |Pattern |Description -|[[single-characters]]*Single Characters* 1+| +|[[single-characters]]*Single Characters* 1+| |`x` |single character |`.` |any character |`[xyz]` |character class @@ -49,7 +63,7 @@ The following patterns are supported: |[[composites]]*Composites* 1+| |`xy` |`x` followed by `y` |`x\|y` |`x` or `y` (prefer `x`) -|[[repetitions]]*Repetitions* 1+| +|[[repetitions]]*Repetitions* 1+| |`x*` |zero or more `x` |`x+` |one or more `x` |`x?` |zero or one `x` diff --git a/vendor/github.com/elastic/beats/libbeat/docs/release.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/release.asciidoc index 538b364c..4f6073b6 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/release.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/release.asciidoc @@ -6,6 +6,19 @@ -- This section summarizes the changes in each release. +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> * <> * <> * <> diff --git a/vendor/github.com/elastic/beats/libbeat/docs/shared-configuring.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/shared-configuring.asciidoc new file mode 100644 index 00000000..265bbc2b --- /dev/null +++ b/vendor/github.com/elastic/beats/libbeat/docs/shared-configuring.asciidoc @@ -0,0 +1,10 @@ +To configure {beatname_uc}, you edit the configuration file. For rpm and deb, +you'll find the configuration file at +/etc/{beatname_lc}/{beatname_lc}.yml+. Under +Docker, it's located at +/usr/share/{beatname_lc}/{beatname_lc}.yml+. For mac and win, +look in the archive that you just extracted. There’s also a full example +configuration file called +{beatname_lc}.full.yml+ that shows all non-deprecated +options. + +See the +{libbeat}/config-file-format.html[Config File Format] section of the +_Beats Platform Reference_ for more about the structure of the config file. diff --git a/vendor/github.com/elastic/beats/libbeat/docs/shared-directory-layout.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/shared-directory-layout.asciidoc index 1ff50002..0d9b1887 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/shared-directory-layout.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/shared-directory-layout.asciidoc @@ -16,12 +16,12 @@ The directory layout of an installation is as follows: [cols="> in the configuration @@ -29,18 +29,18 @@ file. ==== Default paths -{beatname_uc} uses the following default paths unless you explicitly change them. +{beatname_uc} uses the following default paths unless you explicitly change them. [float] ===== deb and rpm [cols="> for Debian/Ubuntu, <> for Redhat/Centos/Fedora, <> for OS X, <> for any Docker platform, and <> for +Windows). + +[NOTE] +================================================== +If you use Apt or Yum, you can <> to update to the newest version more easily. + +See our https://www.elastic.co/downloads/beats/{beatname_lc}[download page] for +other installation options, such as 32-bit images. +================================================== diff --git a/vendor/github.com/elastic/beats/libbeat/docs/shared-env-vars.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/shared-env-vars.asciidoc index ae55ac7f..8400d54e 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/shared-env-vars.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/shared-env-vars.asciidoc @@ -6,13 +6,20 @@ //// Use the appropriate variables defined in the index.asciidoc file to //// resolve Beat names: beatname_uc and beatname_lc. //// Use the following include to pull this content into a doc file: +//// :standalone: //// include::../../libbeat/docs/shared-env-vars.asciidoc[] +//// Specify :standalone: when this file is pulled into and index. When +//// the file is embedded in another file, do no specify :standalone: ////////////////////////////////////////////////////////////////////////// +ifdef::standalone[] + [[using-environ-vars]] == Using Environment Variables in the Configuration -You can use environment variable references in the +{beatname_lc}.yml+ file to +endif::[] + +You can use environment variable references in the config file to set values that need to be configurable during deployment. To do this, use: `${VAR}` @@ -22,18 +29,36 @@ Where `VAR` is the name of the environment variable. Each variable reference is replaced at startup by the value of the environment variable. The replacement is case-sensitive and occurs before the YAML file is parsed. References to undefined variables are replaced by empty strings unless -you specify a default value. To specify a default value, use: +you specify a default value or custom error text. + +To specify a default value, use: `${VAR:default_value}` Where `default_value` is the value to use if the environment variable is undefined. +To specify custom error text, use: + +`${VAR:?error_text}` + +Where `error_text` is custom text that will be prepended to the error +message if the environment variable cannot be expanded. + If you need to use a literal `${` in your configuration file then you can write `$${` to escape the expansion. After changing the value of an environment variable, you need to restart -{beatname_uc} to pick up the new value. +the Beat to pick up the new value. + +[NOTE] +================================== +You can also specify environment variables when you override a config +setting from the command line by using the `-E` option. For example: + +`-E name=${NAME}` + +================================== [float] === Examples @@ -43,9 +68,43 @@ and what each configuration looks like after replacement: [options="header"] |================================== -|Config source |Environment setting |Config after replacement -|`name: ${NAME}` |`export NAME=elastic` |`name: elastic` -|`name: ${NAME}` |no setting |`name:` -|`name: ${NAME:beats}` |no setting |`name: beats` -|`name: ${NAME:beats}` |`export NAME=elastic` |`name: elastic` +|Config source |Environment setting |Config after replacement +|`name: ${NAME}` |`export NAME=elastic` |`name: elastic` +|`name: ${NAME}` |no setting |`name:` +|`name: ${NAME:beats}` |no setting |`name: beats` +|`name: ${NAME:beats}` |`export NAME=elastic` |`name: elastic` +|`name: ${NAME:?You need to set the NAME environment variable}` |no setting | None. Returns an error message that's prepended with the custom text. +|`name: ${NAME:?You need to set the NAME environment variable}` |`export NAME=elastic` | `name: elastic` |================================== + +[float] +=== Specifying Complex Objects in Environment Variables + +You can specify complex objects, such as lists or dictionaries, in environment +variables by using a JSON-like syntax. + +As with JSON, dictionaries and lists are constructed using `{}` and `[]`. But +unlike JSON, the syntax allows for trailing commas and slightly different string +quotation rules. Strings can be unquoted, single-quoted, or double-quoted, as a +convenience for simple settings and to make it easier for you to mix quotation +usage in the shell. Arrays at the top-level do not require brackets (`[]`). + +For example, the following environment variable is set to a list: + +[source,yaml] +------------------------------------------------------------------------------- +ES_HOSTS="10.45.3.2:9220,10.45.3.1:9230" +------------------------------------------------------------------------------- + +You can reference this variable in the config file: + +[source,yaml] +------------------------------------------------------------------------------- +output.elasticsearch: + hosts: '${ES_HOSTS}' +------------------------------------------------------------------------------- + +When the Beat loads the config file, it resolves the environment variable and +replaces it with the specified list before reading the `hosts` setting. + +NOTE: Do not use double-quotes (`"`) to wrap regular expressions, or the backslash (`\`) will be interpreted as an escape character. diff --git a/vendor/github.com/elastic/beats/libbeat/docs/shared-path-config.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/shared-path-config.asciidoc index eaadea31..b29e5add 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/shared-path-config.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/shared-path-config.asciidoc @@ -26,12 +26,12 @@ Here is an example configuration: [source,yaml] ------------------------------------------------------------------------------ path.home: /usr/share/beat -path.conf: /etc/beat +path.config: /etc/beat path.data: /var/lib/beat path.logs: /var/log/ ------------------------------------------------------------------------------ -Note that it is possible to override these options by using command line flags. +Note that it is possible to override these options by using command line flags. ==== Path Options @@ -51,7 +51,7 @@ Example: path.home: /usr/share/beats ------------------------------------------------------------------------------ -===== conf +===== config The configuration path for the {beatname_uc} installation. This is the default base path for configuration files, including the main YAML configuration file and the @@ -62,7 +62,7 @@ Example: [source,yaml] ------------------------------------------------------------------------------ -path.conf: /usr/share/beats/config +path.config: /usr/share/beats/config ------------------------------------------------------------------------------ ===== data diff --git a/vendor/github.com/elastic/beats/libbeat/docs/shared-ssl-logstash-config.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/shared-ssl-logstash-config.asciidoc index fb008889..2df83022 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/shared-ssl-logstash-config.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/shared-ssl-logstash-config.asciidoc @@ -18,6 +18,9 @@ To use SSL mutual authentication: . Create a certificate authority (CA) and use it to sign the certificates that you plan to use for {beatname_uc} and Logstash. Creating a correct SSL/TLS infrastructure is outside the scope of this document. There are many online resources available that describe how to create certificates. ++ +TIP: If you are using X-Pack, you can use the +{elasticsearch}/certgen.html[certgen tool] to generate certificates. . Configure {beatname_uc} to use SSL. In the +{beatname_lc}.yml+ config file, specify the following settings under `ssl`: @@ -94,7 +97,7 @@ If the test is successful, you'll receive an empty response error: > Host: logs.mycompany.com:5044 > User-Agent: curl/7.43.0 > Accept: */* -> +> * Empty reply from server * Connection #0 to host logs.mycompany.com left intact curl: (52) Empty reply from server @@ -135,4 +138,3 @@ the foreground so you can quickly see any errors that occur: Any errors will be printed to the console. See the <> for info about resolving common errors. - diff --git a/vendor/github.com/elastic/beats/libbeat/docs/shared-template-load.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/shared-template-load.asciidoc index 3ce8def2..6970581d 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/shared-template-load.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/shared-template-load.asciidoc @@ -78,6 +78,13 @@ cd {beatname_lc}-{version}-darwin-x86_64 curl -H 'Content-Type: application/json' -XPUT 'http://localhost:9200/_template/{beatname_lc}' -d@{beatname_lc}.template.json ---------------------------------------------------------------------- +*docker:* + +["source", "sh", subs="attributes"] +---------------------------------------------------------------------- +docker run --rm {dockerimage} curl -H 'Content-Type: application/json' -XPUT 'http://localhost:9200/_template/{beatname_lc}' -d@{beatname_lc}.template.json +---------------------------------------------------------------------- + *win:* endif::allplatforms[] diff --git a/vendor/github.com/elastic/beats/libbeat/docs/version.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/version.asciidoc index 093b64f8..8b15ce2e 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/version.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/version.asciidoc @@ -1,4 +1,4 @@ -:stack-version: 5.3.1 -:doc-branch: 5.3 -:go-version: 1.7.4 +:stack-version: 5.6.5 +:doc-branch: 5.6 +:go-version: 1.7.6 :release-state: released diff --git a/vendor/github.com/elastic/beats/libbeat/docs/yaml.asciidoc b/vendor/github.com/elastic/beats/libbeat/docs/yaml.asciidoc index 7a24bdab..a11e3e38 100644 --- a/vendor/github.com/elastic/beats/libbeat/docs/yaml.asciidoc +++ b/vendor/github.com/elastic/beats/libbeat/docs/yaml.asciidoc @@ -6,7 +6,10 @@ //// Use the appropriate variables defined in the index.asciidoc file to //// resolve Beat names: beatname_uc and beatname_lc. //// Use the following include to pull this content into a doc file: +//// :standalone: //// include::../../libbeat/docs/yaml.asciidoc[] +//// Specify :standalone: when this file is pulled into and index. When +//// the file is embedded in another file, do no specify :standalone: ////////////////////////////////////////////////////////////////////////// ifdef::standalone[] @@ -40,7 +43,7 @@ simply uncomment the line and change the values. You can test your configuration file to verify that the structure is valid. Simply change to the directory where the binary is installed, and run -the Beat in the foreground with the `-configtest` flag specified. For example: +the Beat in the foreground with the `-configtest` flag specified. For example: ifdef::allplatforms[] @@ -65,7 +68,7 @@ You'll see a message if the Beat finds an error in the file. [float] === Wrap Regular Expressions in Single Quotation Marks -If you need to specify a regular expression in a YAML file, it's a good idea to wrap the regular expression in single quotation marks to work around YAML's tricky rules for string escaping. +If you need to specify a regular expression in a YAML file, it's a good idea to wrap the regular expression in single quotation marks to work around YAML's tricky rules for string escaping. For more information about YAML, see http://yaml.org/. @@ -74,9 +77,9 @@ For more information about YAML, see http://yaml.org/. === Wrap Paths in Single Quotation Marks Windows paths in particular sometimes contain spaces or characters, such as drive -letters or triple dots, that may be misinterpreted by the YAML parser. +letters or triple dots, that may be misinterpreted by the YAML parser. -To avoid this problem, it's a good idea to wrap paths in single quotation marks. +To avoid this problem, it's a good idea to wrap paths in single quotation marks. [float] [[avoid-leading-zeros]] @@ -85,7 +88,7 @@ To avoid this problem, it's a good idea to wrap paths in single quotation marks. If you use a leading zero (for example, `09`) in a numeric field without wrapping the value in single quotation marks, the value may be interpreted incorrectly by the YAML parser. If the value is a valid octal, it's converted -to an integer. If not, it's converted to a float. +to an integer. If not, it's converted to a float. To prevent unwanted type conversions, avoid using leading zeros in field values, or wrap the values in single quotation marks. diff --git a/vendor/github.com/elastic/beats/libbeat/fields.yml b/vendor/github.com/elastic/beats/libbeat/fields.yml deleted file mode 100644 index 4ad43c37..00000000 --- a/vendor/github.com/elastic/beats/libbeat/fields.yml +++ /dev/null @@ -1,123 +0,0 @@ - -- key: beat - title: Beat - description: > - Contains common beat fields available in all event types. - fields: - - - name: beat.name - description: > - The name of the Beat sending the log messages. If the Beat name is - set in the configuration file, then that value is used. If it is not - set, the hostname is used. To set the Beat name, use the `name` - option in the configuration file. - - name: beat.hostname - description: > - The hostname as returned by the operating system on which the Beat is - running. - - name: beat.timezone - description: > - The timezone as returned by the operating system on which the Beat is - running. - - name: beat.version - description: > - The version of the beat that generated this event. - - - name: "@timestamp" - type: date - required: true - format: date - example: August 26th 2016, 12:35:53.332 - description: > - The timestamp when the event log record was generated. - - - name: tags - description: > - Arbitrary tags that can be set per Beat and per transaction - type. - - - name: fields - type: object - object_type: keyword - description: > - Contains user configurable fields. - - - name: error - type: group - description: > - Error fields containing additional info in case of errors. - fields: - - name: message - type: text - description: > - Error message. - - name: code - type: long - description: > - Error code. - - name: type - type: keyword - description: > - Error type. -- key: cloud - title: Cloud Provider Metadata - description: > - Metadata from cloud providers added by the add_cloud_metadata processor. - fields: - - - name: meta.cloud.provider - example: ec2 - description: > - Name of the cloud provider. Possible values are ec2, gce, or digitalocean. - - - name: meta.cloud.instance_id - description: > - Instance ID of the host machine. - - - name: meta.cloud.machine_type - example: t2.medium - description: > - Machine type of the host machine. - - - name: meta.cloud.availability_zone - example: us-east-1c - description: > - Availability zone in which this host is running. - - - name: meta.cloud.project_id - example: project-x - description: > - Name of the project in Google Cloud. - - - name: meta.cloud.region - description: > - Region in which this host is running. -- key: kubernetes - title: Kubernetes info - description: > - Kubernetes metadata added by the kubernetes processor - fields: - - name: kubernetes.pod.name - type: keyword - description: > - Kubernetes pod name - - - name: kubernetes.namespace - type: keyword - description: > - Kubernetes namespace - - - name: kubernetes.labels - type: object - description: > - Kubernetes labels map - - - name: kubernetes.annotations - type: object - description: > - Kubernetes annotations map - - - name: kubernetes.container.name - type: keyword - description: > - Kubernetes container name diff --git a/vendor/github.com/elastic/beats/libbeat/libbeat.template-es6x.json b/vendor/github.com/elastic/beats/libbeat/libbeat.template-es6x.json new file mode 100644 index 00000000..2f13e3d1 --- /dev/null +++ b/vendor/github.com/elastic/beats/libbeat/libbeat.template-es6x.json @@ -0,0 +1,84 @@ +{ + "mappings": { + "_default_": { + "_meta": { + "version": "5.6.6" + }, + "date_detection": false, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "beat": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "meta": { + "properties": { + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "instance_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "project_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + }, + "order": 0, + "settings": { + "index.mapping.total_fields.limit": 10000, + "index.refresh_interval": "5s" + }, + "template": "libbeat-*" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/libbeat/logp/file_rotator.go b/vendor/github.com/elastic/beats/libbeat/logp/file_rotator.go index af191d3b..c7db4d7a 100644 --- a/vendor/github.com/elastic/beats/libbeat/logp/file_rotator.go +++ b/vendor/github.com/elastic/beats/libbeat/logp/file_rotator.go @@ -6,6 +6,7 @@ import ( "path/filepath" "strconv" "strings" + "sync" ) const RotatorMaxFiles = 1024 @@ -17,9 +18,11 @@ type FileRotator struct { Name string RotateEveryBytes *uint64 KeepFiles *int + Permissions *uint32 current *os.File currentSize uint64 + currentLock sync.RWMutex } func (rotator *FileRotator) CreateDirectory() error { @@ -42,7 +45,7 @@ func (rotator *FileRotator) CreateDirectory() error { func (rotator *FileRotator) CheckIfConfigSane() error { if len(rotator.Name) == 0 { - return fmt.Errorf("File logging requires a name for the file names") + return fmt.Errorf("file logging requires a name for the file names") } if rotator.KeepFiles == nil { rotator.KeepFiles = new(int) @@ -54,7 +57,11 @@ func (rotator *FileRotator) CheckIfConfigSane() error { } if *rotator.KeepFiles < 2 || *rotator.KeepFiles >= RotatorMaxFiles { - return fmt.Errorf("The number of files to keep should be between 2 and %d", RotatorMaxFiles-1) + return fmt.Errorf("the number of files to keep should be between 2 and %d", RotatorMaxFiles-1) + } + + if rotator.Permissions != nil && (*rotator.Permissions > uint32(os.ModePerm)) { + return fmt.Errorf("the permissions mask %d is invalid", *rotator.Permissions) } return nil } @@ -68,16 +75,26 @@ func (rotator *FileRotator) WriteLine(line []byte) error { } line = append(line, '\n') + + rotator.currentLock.RLock() _, err := rotator.current.Write(line) + rotator.currentLock.RUnlock() + if err != nil { return err } + + rotator.currentLock.Lock() rotator.currentSize += uint64(len(line)) + rotator.currentLock.Unlock() return nil } func (rotator *FileRotator) shouldRotate() bool { + rotator.currentLock.RLock() + defer rotator.currentLock.RUnlock() + if rotator.current == nil { return true } @@ -107,6 +124,8 @@ func (rotator *FileRotator) FileExists(fileNo int) bool { } func (rotator *FileRotator) Rotate() error { + rotator.currentLock.Lock() + defer rotator.currentLock.Unlock() if rotator.current != nil { if err := rotator.current.Close(); err != nil { @@ -134,7 +153,7 @@ func (rotator *FileRotator) Rotate() error { if rotator.FileExists(fileNo + 1) { // next file exists, something is strange - return fmt.Errorf("File %s exists, when rotating would overwrite it", rotator.FilePath(fileNo+1)) + return fmt.Errorf("file %s exists, when rotating would overwrite it", rotator.FilePath(fileNo+1)) } err := os.Rename(path, rotator.FilePath(fileNo+1)) @@ -145,7 +164,7 @@ func (rotator *FileRotator) Rotate() error { // create the new file path := rotator.FilePath(0) - current, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) + current, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, os.FileMode(rotator.getPermissions())) if err != nil { return err } @@ -158,3 +177,10 @@ func (rotator *FileRotator) Rotate() error { return nil } + +func (rotator *FileRotator) getPermissions() uint32 { + if rotator.Permissions == nil { + return 0600 + } + return *rotator.Permissions +} diff --git a/vendor/github.com/elastic/beats/libbeat/logp/file_rotator_test.go b/vendor/github.com/elastic/beats/libbeat/logp/file_rotator_test.go index 6df204bb..898d8e4f 100644 --- a/vendor/github.com/elastic/beats/libbeat/logp/file_rotator_test.go +++ b/vendor/github.com/elastic/beats/libbeat/logp/file_rotator_test.go @@ -160,4 +160,46 @@ func TestConfigSane(t *testing.T) { } assert.NotNil(t, rotator.CheckIfConfigSane()) + perms := uint32(0544) + rotator = FileRotator{ + Name: "test2", + Permissions: &perms, + } + assert.Nil(t, rotator.CheckIfConfigSane()) + + perms = uint32(077777) + rotator = FileRotator{ + Name: "test2", + Permissions: &perms, + } + assert.NotNil(t, rotator.CheckIfConfigSane()) +} + +func TestRaceConditions(t *testing.T) { + // Make sure concurrent `WriteLine` calls don't end up in race conditions around `rotator.current` + if testing.Verbose() { + LogInit(LOG_DEBUG, "", false, true, []string{"rotator"}) + } + + dir, err := ioutil.TempDir("", "test_rotator_") + if err != nil { + t.Errorf("Error: %s", err.Error()) + return + } + + Debug("rotator", "Directory: %s", dir) + + rotateeverybytes := uint64(10) + keepfiles := 20 + + rotator := FileRotator{ + Path: dir, + Name: "testbeat", + RotateEveryBytes: &rotateeverybytes, + KeepFiles: &keepfiles, + } + + for i := 0; i < 1000; i++ { + go rotator.WriteLine([]byte(string(i))) + } } diff --git a/vendor/github.com/elastic/beats/libbeat/ml-importer/importer.go b/vendor/github.com/elastic/beats/libbeat/ml-importer/importer.go new file mode 100644 index 00000000..a95c3961 --- /dev/null +++ b/vendor/github.com/elastic/beats/libbeat/ml-importer/importer.go @@ -0,0 +1,123 @@ +// Package mlimporter contains code for loading Elastic X-Pack Machine Learning job configurations. +package mlimporter + +import ( + "encoding/json" + "fmt" + "io/ioutil" + + "github.com/elastic/beats/libbeat/common" + "github.com/elastic/beats/libbeat/logp" + "github.com/pkg/errors" +) + +// MLConfig contains the required configuration for loading one job and the associated +// datafeed. +type MLConfig struct { + ID string `config:"id"` + JobPath string `config:"job"` + DatafeedPath string `config:"datafeed"` + MinVersion string `config:"min_version"` +} + +// MLLoader is a subset of the Elasticsearch client API capable of +// loading the ML configs. +type MLLoader interface { + Request(method, path string, pipeline string, params map[string]string, body interface{}) (int, []byte, error) + LoadJSON(path string, json map[string]interface{}) ([]byte, error) + GetVersion() string +} + +func readJSONFile(path string) (common.MapStr, error) { + file, err := ioutil.ReadFile(path) + if err != nil { + return nil, err + } + var result common.MapStr + err = json.Unmarshal(file, &result) + return result, err +} + +// ImportMachineLearningJob uploads the job and datafeed configuration to ES/xpack. +func ImportMachineLearningJob(esClient MLLoader, cfg *MLConfig) error { + jobURL := fmt.Sprintf("/_xpack/ml/anomaly_detectors/%s", cfg.ID) + datafeedURL := fmt.Sprintf("/_xpack/ml/datafeeds/datafeed-%s", cfg.ID) + + if len(cfg.MinVersion) > 0 { + esVersion, err := common.NewVersion(esClient.GetVersion()) + if err != nil { + return errors.Errorf("Error parsing ES version: %s: %v", esClient.GetVersion(), err) + } + minVersion, err := common.NewVersion(cfg.MinVersion) + if err != nil { + return errors.Errorf("Error parsing min_version: %s: %v", minVersion, err) + } + + if esVersion.LessThan(minVersion) { + logp.Debug("machine-learning", "Skipping job %s, because ES version (%s) is smaller than min version (%s)", + cfg.ID, esVersion, minVersion) + return nil + } + } + + // We always overwrite ML job configs, so delete them before loading + status, response, err := esClient.Request("GET", jobURL, "", nil, nil) + if status == 200 { + logp.Debug("machine-learning", "Job %s already exists", cfg.ID) + return nil + } + if status != 404 && err != nil { + return errors.Errorf("Error checking that job exists: %v. Response %s", err, response) + } + + job, err := readJSONFile(cfg.JobPath) + if err != nil { + return errors.Errorf("Error reading job file %s: %v", cfg.JobPath, err) + } + + body, err := esClient.LoadJSON(jobURL, job) + if err != nil { + return errors.Wrapf(err, "load job under %s. Response body: %s", jobURL, body) + } + + datafeed, err := readJSONFile(cfg.DatafeedPath) + if err != nil { + return errors.Errorf("Error reading datafeed path %s: %v", cfg.DatafeedPath, err) + } + // set the job ID + datafeed.Put("job_id", cfg.ID) + + body, err = esClient.LoadJSON(datafeedURL, datafeed) + if err != nil { + return errors.Wrapf(err, "load datafeed under %s. Response body: %s", datafeedURL, body) + } + + return nil +} + +// HaveXpackML checks whether X-pack is installed and has Machine Learning enabled. +func HaveXpackML(esClient MLLoader) (bool, error) { + + status, response, err := esClient.Request("GET", "/_xpack", "", nil, nil) + if status == 404 || status == 400 { + return false, nil + } + if err != nil { + return false, errors.Wrapf(err, "Response: %s", response) + } + + type xpackResponse struct { + Features struct { + ML struct { + Available bool `json:"available"` + Enabled bool `json:"enabled"` + } `json:"ml"` + } `json:"features"` + } + var xpack xpackResponse + err = json.Unmarshal(response, &xpack) + if err != nil { + return false, errors.Wrap(err, "unmarshal") + } + return xpack.Features.ML.Available && xpack.Features.ML.Enabled, nil +} diff --git a/vendor/github.com/elastic/beats/libbeat/ml-importer/importer_integration_test.go b/vendor/github.com/elastic/beats/libbeat/ml-importer/importer_integration_test.go new file mode 100644 index 00000000..8f1992ed --- /dev/null +++ b/vendor/github.com/elastic/beats/libbeat/ml-importer/importer_integration_test.go @@ -0,0 +1,177 @@ +// +build integration + +package mlimporter + +import ( + "encoding/json" + "io/ioutil" + "os" + "testing" + + "github.com/elastic/beats/libbeat/logp" + "github.com/elastic/beats/libbeat/outputs/elasticsearch" + "github.com/stretchr/testify/assert" +) + +const sampleJob = ` +{ + "description" : "Anomaly detector for changes in event rates of nginx.access.response_code responses", + "analysis_config" : { + "bucket_span": "1h", + "summary_count_field_name": "doc_count", + "detectors": [ + { + "detector_description": "Event rate for nginx.access.response_code", + "function": "count", + "detector_rules": [], + "partition_field_name": "nginx.access.response_code" + } + ], + "influencers": ["nginx.access.response_code"] + }, + "data_description": { + "time_field": "@timestamp", + "time_format": "epoch_ms" + }, + "model_plot_config": { + "enabled": true + } +} +` + +const sampleDatafeed = ` +{ + "job_id": "PLACEHOLDER", + "query_delay": "60s", + "frequency": "60s", + "indexes": [ + "filebeat-*" + ], + "types": [ + "_default_", + "log" + ], + "query": { + "match_all": { + "boost": 1 + } + }, + "aggregations": { + "buckets": { + "date_histogram": { + "field": "@timestamp", + "interval": 3600000, + "offset": 0, + "order": { + "_key": "asc" + }, + "keyed": false, + "min_doc_count": 0 + }, + "aggregations": { + "@timestamp": { + "max": { + "field": "@timestamp" + } + }, + "nginx.access.response_code": { + "terms": { + "field": "nginx.access.response_code", + "size": 10000 + } + } + } + } + } +} +` + +func TestImportJobs(t *testing.T) { + client := elasticsearch.GetTestingElasticsearch() + + if testing.Verbose() { + logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"*"}) + } + + haveXpack, err := HaveXpackML(client) + assert.NoError(t, err) + if !haveXpack { + t.Skip("Skip ML tests because xpack/ML is not available in Elasticsearch") + } + + workingDir, err := ioutil.TempDir("", "machine-learning") + assert.NoError(t, err) + defer os.RemoveAll(workingDir) + + assert.NoError(t, ioutil.WriteFile(workingDir+"/job.json", []byte(sampleJob), 0644)) + assert.NoError(t, ioutil.WriteFile(workingDir+"/datafeed.json", []byte(sampleDatafeed), 0644)) + + mlconfig := MLConfig{ + ID: "test-ml-config", + JobPath: workingDir + "/job.json", + DatafeedPath: workingDir + "/datafeed.json", + } + + err = ImportMachineLearningJob(client, &mlconfig) + assert.NoError(t, err) + + // check by GETing back + + status, response, err := client.Request("GET", "/_xpack/ml/anomaly_detectors", "", nil, nil) + assert.NoError(t, err) + assert.Equal(t, 200, status) + + logp.Debug("mltest", "Response: %s", response) + + type jobRes struct { + Count int `json:"count"` + Jobs []struct { + JobId string `json:"job_id"` + JobType string `json:"job_type"` + } + } + var res jobRes + + err = json.Unmarshal(response, &res) + assert.NoError(t, err) + assert.True(t, res.Count >= 1) + found := false + for _, job := range res.Jobs { + if job.JobId == "test-ml-config" { + found = true + assert.Equal(t, job.JobType, "anomaly_detector") + } + } + assert.True(t, found) + + status, response, err = client.Request("GET", "/_xpack/ml/datafeeds", "", nil, nil) + assert.NoError(t, err) + assert.Equal(t, 200, status) + + logp.Debug("mltest", "Response: %s", response) + type datafeedRes struct { + Count int `json:"count"` + Datafeeds []struct { + DatafeedId string `json:"datafeed_id"` + JobId string `json:"job_id"` + QueryDelay string `json:"query_delay"` + } + } + var df datafeedRes + err = json.Unmarshal(response, &df) + assert.NoError(t, err) + assert.True(t, df.Count >= 1) + found = false + for _, datafeed := range df.Datafeeds { + if datafeed.DatafeedId == "datafeed-test-ml-config" { + found = true + assert.Equal(t, datafeed.JobId, "test-ml-config") + assert.Equal(t, datafeed.QueryDelay, "60s") + } + } + assert.True(t, found) + + // importing again should not error out + err = ImportMachineLearningJob(client, &mlconfig) + assert.NoError(t, err) +} diff --git a/vendor/github.com/elastic/beats/libbeat/monitoring/adapter/go-metrics.go b/vendor/github.com/elastic/beats/libbeat/monitoring/adapter/go-metrics.go index 2d0b9418..143bb0bf 100644 --- a/vendor/github.com/elastic/beats/libbeat/monitoring/adapter/go-metrics.go +++ b/vendor/github.com/elastic/beats/libbeat/monitoring/adapter/go-metrics.go @@ -3,6 +3,7 @@ package adapter import ( "fmt" "reflect" + "sync" "github.com/elastic/beats/libbeat/logp" "github.com/elastic/beats/libbeat/monitoring" @@ -21,6 +22,8 @@ import ( // It's recommended to not mix go-metrics with other metrics types // in the same namespace. type GoMetricsRegistry struct { + mutex sync.Mutex + reg *monitoring.Registry filters *metricFilters @@ -80,6 +83,12 @@ func (r *GoMetricsRegistry) find(name string) interface{} { // It's recommended to not mix go-metrics with other metrics types in one // namespace. func (r *GoMetricsRegistry) Get(name string) interface{} { + r.mutex.Lock() + defer r.mutex.Unlock() + return r.get(name) +} + +func (r *GoMetricsRegistry) get(name string) interface{} { m := r.find(name) if m == nil { return r.shadow.Get(name) @@ -95,7 +104,10 @@ func (r *GoMetricsRegistry) Get(name string) interface{} { // GetOrRegister retries an existing metric via `Get` or registers a new one // if the metric is unknown. For lazy instantiation metric can be a function. func (r *GoMetricsRegistry) GetOrRegister(name string, metric interface{}) interface{} { - v := r.Get(name) + r.mutex.Lock() + defer r.mutex.Unlock() + + v := r.get(name) if v != nil { return v } @@ -106,7 +118,10 @@ func (r *GoMetricsRegistry) GetOrRegister(name string, metric interface{}) inter // Register adds a new metric. // An error is returned if the metric is already known. func (r *GoMetricsRegistry) Register(name string, metric interface{}) error { - if r.Get(name) != nil { + r.mutex.Lock() + defer r.mutex.Unlock() + + if r.get(name) != nil { return fmt.Errorf("metric '%v' already registered", name) } @@ -139,6 +154,9 @@ func (r *GoMetricsRegistry) RunHealthchecks() {} // Unregister removes a metric. func (r *GoMetricsRegistry) Unregister(name string) { + r.mutex.Lock() + defer r.mutex.Unlock() + st := r.rmState(name) r.reg.Remove(st.name) r.shadow.Unregister(name) @@ -146,6 +164,9 @@ func (r *GoMetricsRegistry) Unregister(name string) { // UnregisterAll calls `Clear` on the underlying monitoring.Registry func (r *GoMetricsRegistry) UnregisterAll() { + r.mutex.Lock() + defer r.mutex.Unlock() + r.shadow.UnregisterAll() err := r.reg.Clear() if err != nil { diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/console/console.go b/vendor/github.com/elastic/beats/libbeat/outputs/console/console.go index 3a62c45c..e149b83d 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/console/console.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/console/console.go @@ -78,6 +78,7 @@ func (c *console) PublishEvent( } op.SigCompleted(s) + return nil fail: if opts.Guaranteed { logp.Critical("Unable to publish events to console: %v", err) diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/api.go b/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/api.go index f38687a8..1f4de9dd 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/api.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/api.go @@ -127,6 +127,14 @@ func (es *Connection) Refresh(index string) (int, *QueryResult, error) { return withQueryResult(es.apiCall("POST", index, "", "_refresh", "", nil, nil)) } +// IndexExists checks if an index exists. +// Implements: https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-exists.html +// +func (es *Connection) IndexExists(index string) (int, error) { + status, _, err := es.apiCall("HEAD", index, "", "", "", nil, nil) + return status, err +} + // CreateIndex creates a new index, optionally with settings and mappings passed in // the body. // Implements: https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/client.go b/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/client.go index fb53519f..d44ef050 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/client.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/client.go @@ -93,6 +93,11 @@ var ( errExcpectedObjectEnd = errors.New("expected end of object") ) +const ( + eventType = "doc" +) + +// NewClient instantiates a new client. func NewClient( s ClientSettings, onConnectCallback connectCallback, @@ -320,7 +325,7 @@ func createEventBulkMeta( return bulkMeta{ Index: bulkMetaIndex{ Index: getIndex(event, index), - DocType: event["type"].(string), + DocType: eventType, }, } } @@ -338,7 +343,7 @@ func createEventBulkMeta( Index: bulkMetaIndex{ Index: getIndex(event, index), Pipeline: pipeline, - DocType: event["type"].(string), + DocType: eventType, }, } } @@ -443,7 +448,7 @@ func bulkCollectPublishFails( continue } - logp.Info("Bulk item insert failed (i=%v, status=%v): %s", i, status, msg) + debugf("Bulk item insert failed (i=%v, status=%v): %s", i, status, msg) failed = append(failed, data[i]) } @@ -535,7 +540,6 @@ func (client *Client) PublishEvent(data outputs.Data) error { event := data.Event index := getIndex(event, client.index) - typ := event["type"].(string) debugf("Publish event: %s", event) @@ -549,9 +553,9 @@ func (client *Client) PublishEvent(data outputs.Data) error { var status int if pipeline == "" { - status, _, err = client.Index(index, typ, "", client.params, event) + status, _, err = client.Index(index, eventType, "", client.params, event) } else { - status, _, err = client.Ingest(index, typ, pipeline, "", client.params, event) + status, _, err = client.Ingest(index, eventType, pipeline, "", client.params, event) } // check indexing error @@ -601,6 +605,11 @@ func (client *Client) LoadJSON(path string, json map[string]interface{}) ([]byte return body, nil } +// GetVersion returns the elasticsearch version the client is connected to +func (client *Client) GetVersion() string { + return client.Connection.version +} + // CheckTemplate checks if a given template already exist. It returns true if // and only if Elasticsearch returns with HTTP status code 200. func (client *Client) CheckTemplate(templateName string) bool { @@ -727,6 +736,10 @@ func (conn *Connection) execHTTPRequest(req *http.Request) (int, []byte, error) return status, obj, retErr } +func (conn *Connection) GetVersion() string { + return conn.version +} + func closing(c io.Closer) { err := c.Close() if err != nil { diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/client_integration_test.go b/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/client_integration_test.go index eedc4272..db51c405 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/client_integration_test.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/client_integration_test.go @@ -48,6 +48,8 @@ func TestLoadTemplate(t *testing.T) { templatePath := absPath + "/libbeat.template.json" if strings.HasPrefix(client.Connection.version, "2.") { templatePath = absPath + "/libbeat.template-es2x.json" + } else if strings.HasPrefix(client.Connection.version, "6.") { + templatePath = absPath + "/libbeat.template-es6x.json" } content, err := readTemplate(templatePath) assert.Nil(t, err) @@ -116,6 +118,8 @@ func TestLoadBeatsTemplate(t *testing.T) { if strings.HasPrefix(client.Connection.version, "2.") { templatePath = absPath + "/" + beat + ".template-es2x.json" + } else if strings.HasPrefix(client.Connection.version, "6.") { + templatePath = absPath + "/" + beat + ".template-es6x.json" } content, err := readTemplate(templatePath) @@ -161,6 +165,8 @@ func TestOutputLoadTemplate(t *testing.T) { if strings.HasPrefix(client.Connection.version, "2.") { templatePath = "../../libbeat.template-es2x.json" + } else if strings.HasPrefix(client.Connection.version, "6.") { + templatePath = "../../libbeat.template-es6x.json" } tPath, err := filepath.Abs(templatePath) @@ -173,6 +179,7 @@ func TestOutputLoadTemplate(t *testing.T) { "name": "libbeat", "path": tPath, "versions.2x.enabled": false, + "versions.6x.enabled": false, }, } diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/config.go b/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/config.go index c30f6870..9fabadfc 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/config.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/config.go @@ -33,6 +33,7 @@ type Template struct { type TemplateVersions struct { Es2x TemplateVersion `config:"2x"` + Es6x TemplateVersion `config:"6x"` } type TemplateVersion struct { @@ -58,8 +59,11 @@ var ( TLS: nil, LoadBalance: true, Template: Template{ - Enabled: true, - Versions: TemplateVersions{Es2x: TemplateVersion{Enabled: true}}, + Enabled: true, + Versions: TemplateVersions{ + Es2x: TemplateVersion{Enabled: true}, + Es6x: TemplateVersion{Enabled: true}, + }, }, } ) diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/output.go b/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/output.go index 20e7e1fe..6b312b0b 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/output.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/output.go @@ -31,6 +31,7 @@ type elasticsearchOutput struct { template map[string]interface{} template2x map[string]interface{} + template6x map[string]interface{} templateMutex sync.Mutex } @@ -248,6 +249,9 @@ func (out *elasticsearchOutput) readTemplate(config *Template) error { if config.Versions.Es2x.Path == "" { config.Versions.Es2x.Path = fmt.Sprintf("%s.template-es2x.json", out.beatName) } + if config.Versions.Es6x.Path == "" { + config.Versions.Es6x.Path = fmt.Sprintf("%s.template-es6x.json", out.beatName) + } // Look for the template in the configuration path, if it's not absolute templatePath := paths.Resolve(paths.Config, config.Path) @@ -270,6 +274,18 @@ func (out *elasticsearchOutput) readTemplate(config *Template) error { } out.template2x = template } + + if config.Versions.Es6x.Enabled { + // Read the version of the template compatible with ES 6.x + templatePath := paths.Resolve(paths.Config, config.Versions.Es6x.Path) + logp.Info("Loading template enabled for Elasticsearch 6.x. Reading template file: %v", templatePath) + + template, err := readTemplate(templatePath) + if err != nil { + return fmt.Errorf("Error loading template %s: %v", templatePath, err) + } + out.template6x = template + } } return nil } @@ -312,6 +328,9 @@ func (out *elasticsearchOutput) loadTemplate(config Template, client *Client) er if config.Versions.Es2x.Enabled && strings.HasPrefix(client.Connection.version, "2.") { logp.Info("Detected Elasticsearch 2.x. Automatically selecting the 2.x version of the template") template = out.template2x + } else if config.Versions.Es6x.Enabled && strings.HasPrefix(client.Connection.version, "6.") { + logp.Info("Detected Elasticsearch 6.x. Automatically selecting the 6.x version of the template") + template = out.template6x } err := client.LoadTemplate(config.Name, template) diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/url.go b/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/url.go index 04c6e8de..117306b4 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/url.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/url.go @@ -4,9 +4,12 @@ import ( "fmt" "net" "net/url" + "regexp" "strings" ) +var hasScheme = regexp.MustCompile(`^([a-z][a-z0-9+\-.]*)://`) + // Creates the url based on the url configuration. // Adds missing parts with defaults (scheme, host, port) func getURL(defaultScheme string, defaultPath string, rawURL string) (string, error) { @@ -15,6 +18,10 @@ func getURL(defaultScheme string, defaultPath string, rawURL string) (string, er defaultScheme = "http" } + if !hasScheme.MatchString(rawURL) { + rawURL = fmt.Sprintf("%v://%v", defaultScheme, rawURL) + } + addr, err := url.Parse(rawURL) if err != nil { return "", err @@ -24,22 +31,6 @@ func getURL(defaultScheme string, defaultPath string, rawURL string) (string, er host := addr.Host port := "9200" - // sanitize parse errors if url does not contain scheme - // if parse url looks funny, prepend schema and try again: - if addr.Scheme == "" || (addr.Host == "" && addr.Path == "" && addr.Opaque != "") { - rawURL = fmt.Sprintf("%v://%v", defaultScheme, rawURL) - if tmpAddr, err := url.Parse(rawURL); err == nil { - addr = tmpAddr - scheme = addr.Scheme - host = addr.Host - } else { - // If url doesn't have a scheme, host is written into path. For example: 192.168.3.7 - scheme = defaultScheme - host = addr.Path - addr.Path = "" - } - } - if host == "" { host = "localhost" } else { diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/url_test.go b/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/url_test.go index 8821f008..2e73aacd 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/url_test.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/elasticsearch/url_test.go @@ -79,6 +79,8 @@ func TestGetUrl(t *testing.T) { "http://localhost/": "http://localhost:9200/", // no schema + hostname + "33f3600fd5c1bb599af557c36a4efb08.host": "http://33f3600fd5c1bb599af557c36a4efb08.host:9200", + "33f3600fd5c1bb599af557c36a4efb08.host:12345": "http://33f3600fd5c1bb599af557c36a4efb08.host:12345", "localhost": "http://localhost:9200", "localhost:80": "http://localhost:80", "localhost:80/": "http://localhost:80/", diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/async.go b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/async.go index a2b4f110..2f637906 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/async.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/async.go @@ -14,12 +14,14 @@ import ( type asyncClient struct { *transport.Client client *v2.AsyncClient - win window + host string + win *window connect func() error } type msgRef struct { + client *asyncClient count int32 batch []outputs.Data err error @@ -30,17 +32,24 @@ type msgRef struct { func newAsyncLumberjackClient( conn *transport.Client, - queueSize int, - compressLevel int, - maxWindowSize int, - timeout time.Duration, - beat string, + addr string, + config *logstashConfig, ) (*asyncClient, error) { - c := &asyncClient{} - c.Client = conn - c.win.init(defaultStartMaxWindowSize, maxWindowSize) + c := &asyncClient{ + Client: conn, + host: addr, + } - enc, err := makeLogstashEventEncoder(beat) + if config.SlowStart { + maxWindowSize := config.BulkMaxSize + c.win = newWindower(defaultStartMaxWindowSize, maxWindowSize) + } + + queueSize := config.Pipelining - 1 + timeout := config.Timeout + compressLevel := config.CompressionLevel + + enc, err := makeLogstashEventEncoder(config.Index) if err != nil { return nil, err } @@ -60,12 +69,12 @@ func newAsyncLumberjackClient( } func (c *asyncClient) Connect(timeout time.Duration) error { - logp.Debug("logstash", "connect") + logp.Debug("logstash", "connect to logstash host %v", c.host) return c.connect() } func (c *asyncClient) Close() error { - logp.Debug("logstash", "close connection") + logp.Debug("logstash", "close connection to logstash host %v", c.host) if c.client != nil { err := c.client.Close() c.client = nil @@ -98,21 +107,24 @@ func (c *asyncClient) AsyncPublishEvents( return nil } - ref := &msgRef{ - count: 1, - batch: data, - batchSize: len(data), - win: &c.win, - cb: cb, - err: nil, - } + ref := newMsgRef(c, data, cb) defer ref.dec() for len(data) > 0 { - n, err := c.publishWindowed(ref, data) + var ( + n int + err error + ) - debug("%v events out of %v events sent to logstash. Continue sending", - n, len(data)) + if c.win == nil { + n = len(data) + err = c.sendEvents(ref, data) + } else { + n, err = c.publishWindowed(ref, data) + } + + debug("%v events out of %v events sent to logstash host %s. Continue sending", + n, len(data), c.host) data = data[n:] if err != nil { @@ -130,8 +142,8 @@ func (c *asyncClient) publishWindowed( ) (int, error) { batchSize := len(data) windowSize := c.win.get() - debug("Try to publish %v events to logstash with window size %v", - batchSize, windowSize) + debug("Try to publish %v events to logstash host %v with window size %v", + batchSize, c.host, windowSize) // prepare message payload if batchSize > windowSize { @@ -151,7 +163,7 @@ func (c *asyncClient) sendEvents(ref *msgRef, data []outputs.Data) error { for i, d := range data { window[i] = d } - atomic.AddInt32(&ref.count, 1) + ref.inc() return c.client.Send(ref.callback, window) } @@ -163,23 +175,58 @@ func (r *msgRef) callback(seq uint32, err error) { } } +func newMsgRef( + client *asyncClient, + data []outputs.Data, + cb func([]outputs.Data, error), +) *msgRef { + r := &msgRef{ + client: client, + count: 1, + batch: data, + batchSize: len(data), + win: client.win, + cb: cb, + err: nil, + } + + debug("msgref(%p) new: batch=%p, cb=%p", r, &r.batch[0], cb) + return r +} + +func (r *msgRef) inc() { + count := atomic.AddInt32(&r.count, 1) + debug("msgref(%p) inc -> %v", r, count) +} + func (r *msgRef) done(n uint32) { + debug("msgref(%p) done(%v)", r, n) + ackedEvents.Add(int64(n)) r.batch = r.batch[n:] - r.win.tryGrowWindow(r.batchSize) + if r.win != nil { + r.win.tryGrowWindow(r.batchSize) + } r.dec() } func (r *msgRef) fail(n uint32, err error) { + debug("msgref(%p) fail(%v, %v)", r, n, err) + ackedEvents.Add(int64(n)) - r.err = err + if r.err == nil { + r.err = err + } r.batch = r.batch[n:] - r.win.shrinkWindow() + if r.win != nil { + r.win.shrinkWindow() + } r.dec() } func (r *msgRef) dec() { i := atomic.AddInt32(&r.count, -1) + debug("msgref(%p) dec -> %v", r, i) if i > 0 { return } @@ -187,9 +234,12 @@ func (r *msgRef) dec() { err := r.err if err != nil { eventsNotAcked.Add(int64(len(r.batch))) - logp.Err("Failed to publish events caused by: %v", err) + logp.Err("Failed to publish events (host: %v) caused by: %v", r.client.host, err) + debug("msgref(%p) exec callback(%p, %v)", r, &r.batch[0], err) r.cb(r.batch, err) - } else { - r.cb(nil, nil) + return } + + debug("msgref(%p) exec callback(nil, nil)", r) + r.cb(nil, nil) } diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/async_test.go b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/async_test.go index 2e2536ef..8a1be2d8 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/async_test.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/async_test.go @@ -3,10 +3,12 @@ package logstash import ( + "fmt" "sync" "testing" "time" + "github.com/elastic/beats/libbeat/common" "github.com/elastic/beats/libbeat/outputs" "github.com/elastic/beats/libbeat/outputs/mode" "github.com/elastic/beats/libbeat/outputs/transport" @@ -19,29 +21,67 @@ type testAsyncDriver struct { wg sync.WaitGroup } -func TestAsyncSendZero(t *testing.T) { - testSendZero(t, makeAsyncTestClient) +func TestAsync(t *testing.T) { + tests := []struct { + name string + runner func(*testing.T, clientFactory) + }{ + {"sendZero", testSendZero}, + {"simpleEvent", testSimpleEvent}, + {"structuredEvent", testStructuredEvent}, + {"multiFailMaxTimeouts", testMultiFailMaxTimeouts}, + } + + settings := []map[string]interface{}{ + nil, + map[string]interface{}{ + "slow_start": false, + }, + map[string]interface{}{ + "slow_start": true, + }, + map[string]interface{}{ + "slow_start": true, + "pipelining": 5, + "bulk_max_size": 8, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + for _, s := range settings { + s := s + t.Run(fmt.Sprintf("%v", s), func(t *testing.T) { + test.runner(t, makeAsyncTestClient(s)) + }) + } + }) + } } -func TestAsyncSimpleEvent(t *testing.T) { - testSimpleEvent(t, makeAsyncTestClient) +func makeAsyncTestClient(settings map[string]interface{}) func(*transport.Client, string) testClientDriver { + return func(conn *transport.Client, host string) testClientDriver { + return newAsyncTestDriver(newAsyncTestClient(conn, host, settings)) + } } -func TestAsyncStructuredEvent(t *testing.T) { - testStructuredEvent(t, makeAsyncTestClient) -} +func newAsyncTestClient(conn *transport.Client, host string, settings map[string]interface{}) *asyncClient { + config, err := common.NewConfigFrom(settings) + if err != nil { + panic(err) + } -func TestAsyncMultiFailMaxTimeouts(t *testing.T) { - testMultiFailMaxTimeouts(t, makeAsyncTestClient) -} + lsCfg := defaultConfig + lsCfg.Index = "testbeat" + lsCfg.BulkMaxSize = testMaxWindowSize + lsCfg.Timeout = 100 * time.Millisecond + lsCfg.Pipelining = 2 + lsCfg.SlowStart = true + if err := config.Unpack(&lsCfg); err != nil { + panic(err) + } -func makeAsyncTestClient(conn *transport.Client) testClientDriver { - return newAsyncTestDriver(newAsyncTestClient(conn)) -} - -func newAsyncTestClient(conn *transport.Client) *asyncClient { - c, err := newAsyncLumberjackClient(conn, - 1, 3, testMaxWindowSize, 100*time.Millisecond, "testbeat") + c, err := newAsyncLumberjackClient(conn, host, &lsCfg) if err != nil { panic(err) } diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/client_test.go b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/client_test.go index cb71287c..edb05cf9 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/client_test.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/client_test.go @@ -32,7 +32,7 @@ type testClientDriver interface { Returns() []testClientReturn } -type clientFactory func(*transport.Client) testClientDriver +type clientFactory func(*transport.Client, string) testClientDriver type testClientReturn struct { n int @@ -44,9 +44,21 @@ type testDriverCommand struct { data []outputs.Data } -func newLumberjackTestClient(conn *transport.Client) *client { - c, err := newLumberjackClient(conn, 3, - testMaxWindowSize, 100*time.Millisecond, "test") +func newLumberjackTestClient(conn *transport.Client, host string, settings map[string]interface{}) *client { + config, err := common.NewConfigFrom(settings) + if err != nil { + panic(err) + } + + lsCfg := defaultConfig + lsCfg.Index = "test" + lsCfg.BulkMaxSize = testMaxWindowSize + lsCfg.Timeout = 100 * time.Millisecond + if err := config.Unpack(&lsCfg); err != nil { + panic(err) + } + + c, err := newLumberjackClient(conn, host, &lsCfg) if err != nil { panic(err) } @@ -66,7 +78,7 @@ func testSendZero(t *testing.T, factory clientFactory) { t.Fatalf("Failed to connect server and client: %v", err) } - client := factory(transp) + client := factory(transp, server.Addr()) defer sock.Close() defer transp.Close() @@ -92,7 +104,7 @@ func testSimpleEvent(t *testing.T, factory clientFactory) { if err != nil { t.Fatalf("Failed to connect: %v", err) } - client := factory(transp) + client := factory(transp, mock.Addr()) defer transp.Close() defer client.Stop() @@ -121,7 +133,7 @@ func testStructuredEvent(t *testing.T, factory clientFactory) { if err != nil { t.Fatalf("Failed to connect: %v", err) } - client := factory(transp) + client := factory(transp, mock.Addr()) defer transp.Close() defer client.Stop() @@ -171,7 +183,7 @@ func testMultiFailMaxTimeouts(t *testing.T, factory clientFactory) { if err != nil { t.Fatalf("Failed to connect: %v", err) } - client := factory(transp) + client := factory(transp, mock.Addr()) defer transp.Close() defer client.Stop() diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/common_test.go b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/common_test.go index 8af2da58..81696e43 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/common_test.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/common_test.go @@ -1,13 +1,18 @@ package logstash import ( + "sync" "testing" "github.com/elastic/beats/libbeat/logp" ) +var enableLoggingOnce sync.Once + func enableLogging(selectors []string) { if testing.Verbose() { - logp.LogInit(logp.LOG_DEBUG, "", false, true, selectors) + enableLoggingOnce.Do(func() { + logp.LogInit(logp.LOG_DEBUG, "", false, true, selectors) + }) } } diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/config.go b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/config.go index c66e3a62..8fade7c8 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/config.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/config.go @@ -12,6 +12,7 @@ type logstashConfig struct { Port int `config:"port"` LoadBalance bool `config:"loadbalance"` BulkMaxSize int `config:"bulk_max_size"` + SlowStart bool `config:"slow_start"` Timeout time.Duration `config:"timeout"` Pipelining int `config:"pipelining" validate:"min=0"` CompressionLevel int `config:"compression_level" validate:"min=0, max=9"` @@ -25,6 +26,7 @@ var ( Port: 10200, LoadBalance: false, BulkMaxSize: 2048, + SlowStart: false, CompressionLevel: 3, Timeout: 30 * time.Second, MaxRetries: 3, diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/logstash.go b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/logstash.go index 04837425..be489516 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/logstash.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/logstash.go @@ -5,6 +5,7 @@ package logstash import ( "expvar" + "fmt" "time" "github.com/elastic/go-lumber/log" @@ -137,16 +138,12 @@ func makeClientFactory( cfg *logstashConfig, tcfg *transport.Config, ) modeutil.ClientFactory { - compressLvl := cfg.CompressionLevel - maxBulkSz := cfg.BulkMaxSize - to := cfg.Timeout - return func(host string) (mode.ProtocolClient, error) { t, err := transport.NewClient(tcfg, "tcp", host, cfg.Port) if err != nil { return nil, err } - return newLumberjackClient(t, compressLvl, maxBulkSz, to, cfg.Index) + return newLumberjackClient(t, fmt.Sprintf("%v:%v", host, cfg.Port), cfg) } } @@ -154,17 +151,12 @@ func makeAsyncClientFactory( cfg *logstashConfig, tcfg *transport.Config, ) modeutil.AsyncClientFactory { - compressLvl := cfg.CompressionLevel - maxBulkSz := cfg.BulkMaxSize - queueSize := cfg.Pipelining - 1 - to := cfg.Timeout - return func(host string) (mode.AsyncProtocolClient, error) { t, err := transport.NewClient(tcfg, "tcp", host, cfg.Port) if err != nil { return nil, err } - return newAsyncLumberjackClient(t, queueSize, compressLvl, maxBulkSz, to, cfg.Index) + return newAsyncLumberjackClient(t, fmt.Sprintf("%v:%v", host, cfg.Port), cfg) } } diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/logstash_integration_test.go b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/logstash_integration_test.go index 56a7ccc9..0087e943 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/logstash_integration_test.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/logstash_integration_test.go @@ -219,15 +219,18 @@ func (es *esConnection) Count() (int, error) { return resp.Count, nil } -func waitUntilTrue(duration time.Duration, fn func() bool) bool { +func waitUntilTrue(duration time.Duration, fn func() bool) (bool, time.Duration) { end := time.Now().Add(duration) + var timeSlept time.Duration + sleepTime := 100 * time.Millisecond for time.Now().Before(end) { if fn() { - return true + return true, timeSlept } - time.Sleep(100 * time.Millisecond) + time.Sleep(sleepTime) + timeSlept += sleepTime } - return false + return false, timeSlept } func checkIndex(reader esCountReader, minValues int) func() bool { @@ -269,10 +272,18 @@ func testSendMessageViaLogstash(t *testing.T, name string, tls bool) { "type": "log", "message": "hello world", }} - ls.PublishEvent(nil, testOptions, event) + err := ls.PublishEvent(nil, testOptions, event) + if err != nil { + t.Fatalf("failed to publish to Logstash: %s", err) + } // wait for logstash event flush + elasticsearch - waitUntilTrue(5*time.Second, checkIndex(ls, 1)) + timeout := 5 * time.Second + if ok, waited := waitUntilTrue(timeout, checkIndex(ls, 1)); !ok { + t.Fatalf("Logstash event flush timed out after %s", timeout) + } else { + t.Logf("Logstash event flushed after %s", waited) + } // search value in logstash elasticsearch index resp, err := ls.Read() @@ -377,8 +388,9 @@ func testSendMultipleBatchesViaLogstash( } // wait for logstash event flush + elasticsearch - ok := waitUntilTrue(5*time.Second, checkIndex(ls, numBatches*batchSize)) + ok, waited := waitUntilTrue(5*time.Second, checkIndex(ls, numBatches*batchSize)) assert.True(t, ok) // check number of events matches total number of events + t.Logf("Logstash event flushed after %s", waited) // search value in logstash elasticsearch index resp, err := ls.Read() diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/sync.go b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/sync.go index 91c437b0..24fe3ba3 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/sync.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/sync.go @@ -18,29 +18,34 @@ const ( type client struct { *transport.Client client *v2.SyncClient - win window + host string + win *window } func newLumberjackClient( conn *transport.Client, - compressLevel int, - maxWindowSize int, - timeout time.Duration, - beat string, + addr string, + config *logstashConfig, ) (*client, error) { - c := &client{} - c.Client = conn - c.win.init(defaultStartMaxWindowSize, maxWindowSize) + c := &client{ + Client: conn, + host: addr, + } - enc, err := makeLogstashEventEncoder(beat) + if config.SlowStart { + maxWindowSize := config.BulkMaxSize + c.win = newWindower(defaultStartMaxWindowSize, maxWindowSize) + } + + enc, err := makeLogstashEventEncoder(config.Index) if err != nil { return nil, err } cl, err := v2.NewSyncClientWithConn(conn, v2.JSONEncoder(enc), - v2.Timeout(timeout), - v2.CompressionLevel(compressLevel)) + v2.Timeout(config.Timeout), + v2.CompressionLevel(config.CompressionLevel)) if err != nil { return nil, err } @@ -50,12 +55,12 @@ func newLumberjackClient( } func (c *client) Connect(timeout time.Duration) error { - logp.Debug("logstash", "connect") + logp.Debug("logstash", "connect to logstash host %v", c.host) return c.Client.Connect() } func (c *client) Close() error { - logp.Debug("logstash", "close connection") + logp.Debug("logstash", "close connection to logstash host %v", c.host) return c.Client.Close() } @@ -71,18 +76,33 @@ func (c *client) PublishEvents( ) ([]outputs.Data, error) { publishEventsCallCount.Add(1) totalNumberOfEvents := len(data) - for len(data) > 0 { - n, err := c.publishWindowed(data) - debug("%v events out of %v events sent to logstash. Continue sending", - n, len(data)) + if len(data) == 0 { + return nil, nil + } + + for len(data) > 0 { + var ( + n int + err error + ) + if c.win == nil { + n, err = c.sendEvents(data) + } else { + n, err = c.publishWindowed(data) + } + + debug("%v events out of %v events sent to logstash host %v. Continue sending", + n, len(data), c.host) data = data[n:] if err != nil { - c.win.shrinkWindow() + if c.win != nil { + c.win.shrinkWindow() + } _ = c.Close() - logp.Err("Failed to publish events caused by: %v", err) + logp.Err("Failed to publish events (host: %v), caused by: %v", c.host, err) eventsNotAcked.Add(int64(len(data))) ackedEvents.Add(int64(totalNumberOfEvents - len(data))) @@ -103,8 +123,8 @@ func (c *client) publishWindowed(data []outputs.Data) (int, error) { batchSize := len(data) windowSize := c.win.get() - debug("Try to publish %v events to logstash with window size %v", - batchSize, windowSize) + debug("Try to publish %v events to logstash host %s with window size %v", + batchSize, c.host, windowSize) // prepare message payload if batchSize > windowSize { diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/sync_test.go b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/sync_test.go index edfd9a5f..8227281e 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/sync_test.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/sync_test.go @@ -25,27 +25,29 @@ type clientServer struct { } func TestClientSendZero(t *testing.T) { - testSendZero(t, makeTestClient) + testSendZero(t, makeTestClient(nil)) } func TestClientSimpleEvent(t *testing.T) { - testSimpleEvent(t, makeTestClient) + testSimpleEvent(t, makeTestClient(nil)) } func TestClientStructuredEvent(t *testing.T) { - testStructuredEvent(t, makeTestClient) + testStructuredEvent(t, makeTestClient(nil)) } func TestClientMultiFailMaxTimeouts(t *testing.T) { - testMultiFailMaxTimeouts(t, makeTestClient) + testMultiFailMaxTimeouts(t, makeTestClient(nil)) } func newClientServerTCP(t *testing.T, to time.Duration) *clientServer { return &clientServer{transptest.NewMockServerTCP(t, to, "", nil)} } -func makeTestClient(conn *transport.Client) testClientDriver { - return newClientTestDriver(newLumberjackTestClient(conn)) +func makeTestClient(settings map[string]interface{}) func(*transport.Client, string) testClientDriver { + return func(conn *transport.Client, host string) testClientDriver { + return newClientTestDriver(newLumberjackTestClient(conn, host, settings)) + } } func newClientTestDriver(client mode.ProtocolClient) *testSyncDriver { diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/window.go b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/window.go index 243b9b04..99c47c8b 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/logstash/window.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/logstash/window.go @@ -11,6 +11,12 @@ type window struct { maxWindowSize int } +func newWindower(start, max int) *window { + w := &window{} + w.init(start, max) + return w +} + func (w *window) init(start, max int) { *w = window{ windowSize: int32(start), diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/mode/lb/async_worker.go b/vendor/github.com/elastic/beats/libbeat/outputs/mode/lb/async_worker.go index ed6cbc39..abd61900 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/mode/lb/async_worker.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/mode/lb/async_worker.go @@ -111,25 +111,10 @@ func (w *asyncWorker) sendLoop() (done bool) { } func (w *asyncWorker) onMessage(msg eventsMessage) error { - var err error if msg.datum.Event != nil { - err = w.client.AsyncPublishEvent(w.handleResult(msg), msg.datum) - } else { - err = w.client.AsyncPublishEvents(w.handleResults(msg), msg.data) + return w.client.AsyncPublishEvent(w.handleResult(msg), msg.datum) } - - if err != nil { - if msg.attemptsLeft > 0 { - msg.attemptsLeft-- - } - - // asynchronously retry to insert message (if attempts left), so worker can not - // deadlock on retries channel if client puts multiple failed outstanding - // events into the pipeline - w.onFail(msg, err) - } - - return err + return w.client.AsyncPublishEvents(w.handleResults(msg), msg.data) } func (w *asyncWorker) handleResult(msg eventsMessage) func(error) { @@ -193,7 +178,7 @@ func (w *asyncWorker) handleResults(msg eventsMessage) func([]outputs.Data, erro } // all events published -> signal success - debugf("async bulk publish success") + debugf("async bulk publish success (signaler=%v)", msg.signaler) op.SigCompleted(msg.signaler) } } diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/mode/modetest/callbacks.go b/vendor/github.com/elastic/beats/libbeat/outputs/mode/modetest/callbacks.go index 245f083c..0693efd2 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/mode/modetest/callbacks.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/mode/modetest/callbacks.go @@ -120,6 +120,7 @@ func AsyncPublishFailStartWith( inc := makeCounter(n, err) return func(cb func([]outputs.Data, error), data []outputs.Data) error { if err := inc(); err != nil { + cb(data, err) return err } return pub(cb, data) diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/tls.go b/vendor/github.com/elastic/beats/libbeat/outputs/tls.go index 79fd297a..ff8ab755 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/tls.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/tls.go @@ -35,6 +35,7 @@ type TLSConfig struct { CAs []string `config:"certificate_authorities"` Certificate CertificateConfig `config:",inline"` CurveTypes []tlsCurveType `config:"curve_types"` + Renegotiation tlsRenegotiationSupport `config:"renegotiation"` } type CertificateConfig struct { @@ -47,6 +48,8 @@ type tlsCipherSuite uint16 type tlsCurveType tls.CurveID +type tlsRenegotiationSupport tls.RenegotiationSupport + var tlsCipherSuites = map[string]tlsCipherSuite{ "ECDHE-ECDSA-AES-128-CBC-SHA": tlsCipherSuite(tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), "ECDHE-ECDSA-AES-128-GCM-SHA256": tlsCipherSuite(tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), @@ -73,6 +76,12 @@ var tlsCurveTypes = map[string]tlsCurveType{ "P-521": tlsCurveType(tls.CurveP521), } +var tlsRenegotiationSupportTypes = map[string]tlsRenegotiationSupport{ + "never": tlsRenegotiationSupport(tls.RenegotiateNever), + "once": tlsRenegotiationSupport(tls.RenegotiateOnceAsClient), + "freely": tlsRenegotiationSupport(tls.RenegotiateFreelyAsClient), +} + func (c *TLSConfig) Validate() error { hasCertificate := c.Certificate.Certificate != "" hasKey := c.Certificate.Key != "" @@ -143,6 +152,7 @@ func LoadTLSConfig(config *TLSConfig) (*transport.TLSConfig, error) { RootCAs: cas, CipherSuites: cipherSuites, CurvePreferences: curves, + Renegotiation: tls.RenegotiationSupport(config.Renegotiation), }, nil } @@ -288,3 +298,13 @@ func (ct *tlsCurveType) Unpack(s string) error { *ct = t return nil } + +func (r *tlsRenegotiationSupport) Unpack(s string) error { + t, found := tlsRenegotiationSupportTypes[s] + if !found { + return fmt.Errorf("invalid tls renegotiation type '%v'", s) + } + + *r = t + return nil +} diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/tls_test.go b/vendor/github.com/elastic/beats/libbeat/outputs/tls_test.go index e65f0a6b..65c7a691 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/tls_test.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/tls_test.go @@ -84,6 +84,7 @@ func TestValuesSet(t *testing.T) { supported_protocols: [TLSv1.1, TLSv1.2] curve_types: - P-521 + renegotiation: freely `) if err != nil { @@ -99,6 +100,9 @@ func TestValuesSet(t *testing.T) { []transport.TLSVersion{transport.TLSVersion11, transport.TLSVersion12}, cfg.Versions) assert.Len(t, cfg.CurveTypes, 1) + assert.Equal(t, + tls.RenegotiateFreelyAsClient, + tls.RenegotiationSupport(cfg.Renegotiation)) } func TestApplyEmptyConfig(t *testing.T) { @@ -168,6 +172,10 @@ func TestCertificateFails(t *testing.T) { "unknown curve type", "curve_types: ['unknown curve type']", }, + { + "unknown renegotiation type", + "renegotiation: always", + }, } for i, test := range tests { diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/transport/tls.go b/vendor/github.com/elastic/beats/libbeat/outputs/transport/tls.go index fff921cc..dfff7e53 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/transport/tls.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/transport/tls.go @@ -37,6 +37,10 @@ type TLSConfig struct { // Types of elliptic curves that will be used in an ECDHE handshake. If empty, // the implementation will choose a default. CurvePreferences []tls.CurveID + + // Renegotiation controls what types of renegotiation are supported. + // The default, never, is correct for the vast majority of applications. + Renegotiation tls.RenegotiationSupport } type TLSVersion uint16 diff --git a/vendor/github.com/elastic/beats/libbeat/outputs/transport/transptest/testing_test.go b/vendor/github.com/elastic/beats/libbeat/outputs/transport/transptest/testing_test.go index 83e51162..5ddef996 100644 --- a/vendor/github.com/elastic/beats/libbeat/outputs/transport/transptest/testing_test.go +++ b/vendor/github.com/elastic/beats/libbeat/outputs/transport/transptest/testing_test.go @@ -54,7 +54,7 @@ func TestTransportReconnectsOnConnect(t *testing.T) { timeout := 2 * time.Second GenCertsForIPIfMIssing(t, net.IP{127, 0, 0, 1}, certName) - run := func(makeServer MockServerFactory, proxy *transport.ProxyConfig) { + testServer(t, &config, func(t *testing.T, makeServer MockServerFactory, proxy *transport.ProxyConfig) { server := makeServer(t, timeout, certName, proxy) defer server.Close() @@ -81,12 +81,7 @@ func TestTransportReconnectsOnConnect(t *testing.T) { } transp.Close() - } - - run(NewMockServerTCP, nil) - run(NewMockServerTLS, nil) - run(NewMockServerTCP, &config) - run(NewMockServerTLS, &config) + }) } func TestTransportFailConnectUnknownAddress(t *testing.T) { @@ -98,21 +93,28 @@ func TestTransportFailConnectUnknownAddress(t *testing.T) { invalidAddr := "invalid.dns.fqdn-unknown.invalid:100" - run := func(makeTransp TransportFactory, proxy *transport.ProxyConfig) { - transp, err := makeTransp(invalidAddr, proxy) - if err != nil { - t.Fatalf("failed to generate transport client: %v", err) - } + run := func(makeTransp TransportFactory, proxy *transport.ProxyConfig) func(*testing.T) { + return func(t *testing.T) { + transp, err := makeTransp(invalidAddr, proxy) + if err != nil { + t.Fatalf("failed to generate transport client: %v", err) + } - err = transp.Connect() - assert.NotNil(t, err) + err = transp.Connect() + assert.NotNil(t, err) + } + } + + factoryTests := func(f TransportFactory) func(*testing.T) { + return func(t *testing.T) { + t.Run("connect", run(f, nil)) + t.Run("socks5", run(f, &config)) + } } timeout := 100 * time.Millisecond - run(connectTCP(timeout), nil) - run(connectTLS(timeout, certName), nil) - run(connectTCP(timeout), &config) - run(connectTLS(timeout, certName), &config) + t.Run("tcp", factoryTests(connectTCP(timeout))) + t.Run("tls", factoryTests(connectTLS(timeout, certName))) } func TestTransportClosedOnWriteReadError(t *testing.T) { @@ -123,7 +125,7 @@ func TestTransportClosedOnWriteReadError(t *testing.T) { timeout := 2 * time.Second GenCertsForIPIfMIssing(t, net.IP{127, 0, 0, 1}, certName) - run := func(makeServer MockServerFactory, proxy *transport.ProxyConfig) { + testServer(t, &config, func(t *testing.T, makeServer MockServerFactory, proxy *transport.ProxyConfig) { server := makeServer(t, timeout, certName, proxy) defer server.Close() @@ -137,10 +139,24 @@ func TestTransportClosedOnWriteReadError(t *testing.T) { transp.Write([]byte("test3")) _, err = transp.Read(buf[:]) assert.NotNil(t, err) + }) +} + +func testServer(t *testing.T, config *transport.ProxyConfig, run func(*testing.T, MockServerFactory, *transport.ProxyConfig)) { + + runner := func(f MockServerFactory, c *transport.ProxyConfig) func(t *testing.T) { + return func(t *testing.T) { + run(t, f, config) + } } - run(NewMockServerTCP, nil) - run(NewMockServerTLS, nil) - run(NewMockServerTCP, &config) - run(NewMockServerTLS, &config) + factoryTests := func(f MockServerFactory) func(t *testing.T) { + return func(t *testing.T) { + t.Run("connect", runner(f, nil)) + t.Run("socks5", runner(f, config)) + } + } + + t.Run("tcp", factoryTests(NewMockServerTCP)) + t.Run("tls", factoryTests(NewMockServerTLS)) } diff --git a/vendor/github.com/elastic/beats/libbeat/paths/paths_test.go b/vendor/github.com/elastic/beats/libbeat/paths/paths_test.go index fbbc3b7a..091a2fd1 100644 --- a/vendor/github.com/elastic/beats/libbeat/paths/paths_test.go +++ b/vendor/github.com/elastic/beats/libbeat/paths/paths_test.go @@ -3,6 +3,7 @@ package paths import ( "os" "path/filepath" + "runtime" "testing" "github.com/stretchr/testify/assert" @@ -12,48 +13,51 @@ func TestHomePath(t *testing.T) { type io struct { Home string // cli flag home setting Path string // requested path - Result string // expected result + ResultHome string // expected home path ResultData string // expected data path } binDir, err := filepath.Abs(filepath.Dir(os.Args[0])) - assert.NoError(t, err) + if err != nil { + t.Fatal(err) + } tests := []io{ { Home: binDir, Path: "test", - Result: filepath.Join(binDir, "test"), + ResultHome: filepath.Join(binDir, "test"), ResultData: filepath.Join(binDir, "data", "test"), }, { - Home: "/tmp", + Home: rootDir("/tmp"), Path: "test", - Result: "/tmp/test", - ResultData: "/tmp/data/test", + ResultHome: rootDir("/tmp/test"), + ResultData: rootDir("/tmp/data/test"), }, { - Home: "/home/", - Path: "/abc/test", - Result: "/abc/test", - ResultData: "/abc/test", + Home: rootDir("/home"), + Path: rootDir("/abc/test"), + ResultHome: rootDir("/abc/test"), + ResultData: rootDir("/abc/test"), }, } for _, test := range tests { - t.Log("Executing test", test) cfg := Path{Home: test.Home} - assert.NoError(t, Paths.initPaths(&cfg)) + if err := Paths.initPaths(&cfg); err != nil { + t.Errorf("error on %+v: %v", test, err) + continue + } - assert.Equal(t, test.Result, Resolve(Home, test.Path)) + assert.Equal(t, test.ResultHome, Resolve(Home, test.Path), "failed on %+v", test) // config path same as home path - assert.Equal(t, test.Result, Resolve(Config, test.Path)) + assert.Equal(t, test.ResultHome, Resolve(Config, test.Path), "failed on %+v", test) // data path under home path - assert.Equal(t, test.ResultData, Resolve(Data, test.Path)) + assert.Equal(t, test.ResultData, Resolve(Data, test.Path), "failed on %+v", test) } - } func TestDataPath(t *testing.T) { @@ -65,7 +69,9 @@ func TestDataPath(t *testing.T) { } binDir, err := filepath.Abs(filepath.Dir(os.Args[0])) - assert.NoError(t, err) + if err != nil { + t.Fatal(err) + } tests := []io{ { @@ -75,25 +81,27 @@ func TestDataPath(t *testing.T) { ResultData: filepath.Join(binDir, "data", "test"), }, { - Home: "/tmp/", - Data: "/root/", + Home: rootDir("/tmp"), + Data: rootDir("/root"), Path: "test", - ResultData: "/root/test", + ResultData: rootDir("/root/test"), }, { - Home: "/tmp/", - Data: "/root/", - Path: "/var/data", - ResultData: "/var/data", + Home: rootDir("/tmp"), + Data: rootDir("root"), + Path: rootDir("/var/data"), + ResultData: rootDir("/var/data"), }, } for _, test := range tests { - t.Log("Executing test", test) cfg := Path{Home: test.Home, Data: test.Data} - assert.NoError(t, Paths.initPaths(&cfg)) + if err := Paths.initPaths(&cfg); err != nil { + t.Errorf("error on %+v: %v", test, err) + continue + } - assert.Equal(t, test.ResultData, Resolve(Data, test.Path)) + assert.Equal(t, test.ResultData, Resolve(Data, test.Path), "failed on %+v", test) } } @@ -107,7 +115,9 @@ func TestLogsPath(t *testing.T) { } binDir, err := filepath.Abs(filepath.Dir(os.Args[0])) - assert.NoError(t, err) + if err != nil { + t.Fatal(err) + } tests := []io{ { @@ -117,25 +127,35 @@ func TestLogsPath(t *testing.T) { ResultLogs: filepath.Join(binDir, "logs", "test"), }, { - Home: "/tmp/", - Logs: "/var/", + Home: rootDir("/tmp"), + Logs: rootDir("/var"), Path: "log", - ResultLogs: "/var/log", + ResultLogs: rootDir("/var/log"), }, { - Home: "/tmp/", - Logs: "/root/", - Path: "/var/log", - ResultLogs: "/var/log", + Home: rootDir("tmp"), + Logs: rootDir("root"), + Path: rootDir("/var/log"), + ResultLogs: rootDir("/var/log"), }, } for _, test := range tests { - t.Log("Executing test", test) cfg := Path{Home: test.Home, Logs: test.Logs} - assert.NoError(t, Paths.initPaths(&cfg)) + if err := Paths.initPaths(&cfg); err != nil { + t.Errorf("error on %+v: %v", test, err) + continue + } assert.Equal(t, test.ResultLogs, Resolve(Logs, test.Path)) } } + +// rootDir builds an OS specific absolute root directory. +func rootDir(path string) string { + if runtime.GOOS == "windows" { + return filepath.Join(`c:\`, path) + } + return filepath.Join("/", path) +} diff --git a/vendor/github.com/elastic/beats/libbeat/processors/condition_test.go b/vendor/github.com/elastic/beats/libbeat/processors/condition_test.go index a643c489..5e92d96d 100644 --- a/vendor/github.com/elastic/beats/libbeat/processors/condition_test.go +++ b/vendor/github.com/elastic/beats/libbeat/processors/condition_test.go @@ -20,7 +20,7 @@ func (c *countFilter) Run(e common.MapStr) (common.MapStr, error) { func (c *countFilter) String() string { return "count" } -func TestBadCondition(t *testing.T) { +func TestConditions(t *testing.T) { if testing.Verbose() { logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"*"}) diff --git a/vendor/github.com/elastic/beats/libbeat/publisher/publish.go b/vendor/github.com/elastic/beats/libbeat/publisher/publish.go index 27c2464e..8031339f 100644 --- a/vendor/github.com/elastic/beats/libbeat/publisher/publish.go +++ b/vendor/github.com/elastic/beats/libbeat/publisher/publish.go @@ -7,12 +7,13 @@ import ( "sync/atomic" "time" + "github.com/nranchev/go-libGeoIP" + "github.com/elastic/beats/libbeat/common" "github.com/elastic/beats/libbeat/common/op" "github.com/elastic/beats/libbeat/logp" "github.com/elastic/beats/libbeat/outputs" "github.com/elastic/beats/libbeat/processors" - "github.com/nranchev/go-libGeoIP" // load supported output plugins _ "github.com/elastic/beats/libbeat/outputs/console" @@ -223,6 +224,10 @@ func (publisher *BeatPublisher) init( publisher.wsPublisher.Init() publisher.wsOutput.Init() + if len(configs) > 1 { + logp.Warn("Support for loading more than one output is deprecated and will not be supported in version 6.0.") + } + if !publisher.disabled { plugins, err := outputs.InitOutputs(beatName, configs, shipper.TopologyExpire) if err != nil { diff --git a/vendor/github.com/elastic/beats/libbeat/scripts/Makefile b/vendor/github.com/elastic/beats/libbeat/scripts/Makefile index e27c87ef..645ccbff 100755 --- a/vendor/github.com/elastic/beats/libbeat/scripts/Makefile +++ b/vendor/github.com/elastic/beats/libbeat/scripts/Makefile @@ -9,6 +9,7 @@ BEAT_LICENSE?=ASL 2.0 ## @packaging Software license of the application BEAT_VENDOR?=Elastic ## @packaging Name of the vendor of the application BEAT_GOPATH=$(firstword $(subst :, ,${GOPATH})) ES_BEATS?=..## @community_beat Must be set to ./vendor/github.com/elastic/beats +BEAT_VERSION=$(shell head -n 1 ${ES_BEATS}/libbeat/docs/version.asciidoc | cut -c 17- ) GOPACKAGES?=${BEAT_PATH}/...## @community_beat Must be set to $(shell glide novendor) PACKER_TEMPLATES_DIR?=${ES_BEATS}/dev-tools/packer ## @Building Directory of templates that are used by "make package" NOTICE_FILE?=../NOTICE @@ -246,14 +247,15 @@ update: python-env collect . ${PYTHON_ENV}/bin/activate && python ${ES_BEATS}/libbeat/scripts/generate_fields_docs.py $(PWD) ${BEAT_NAME} ${ES_BEATS} # Generate index templates - . ${PYTHON_ENV}/bin/activate && python ${ES_BEATS}/libbeat/scripts/generate_template.py $(PWD) ${BEAT_NAME} ${ES_BEATS} . ${PYTHON_ENV}/bin/activate && python ${ES_BEATS}/libbeat/scripts/generate_template.py --es2x $(PWD) ${BEAT_NAME} ${ES_BEATS} + . ${PYTHON_ENV}/bin/activate && python ${ES_BEATS}/libbeat/scripts/generate_template.py --es6x $(PWD) ${BEAT_NAME} ${ES_BEATS} + . ${PYTHON_ENV}/bin/activate && python ${ES_BEATS}/libbeat/scripts/generate_template.py $(PWD) ${BEAT_NAME} ${ES_BEATS} # Generate index-pattern echo "Generate index pattern" - -rm -f $(PWD)/_meta/kibana/index-pattern/${BEAT_NAME}.json - mkdir -p $(PWD)/_meta/kibana/index-pattern - . ${PYTHON_ENV}/bin/activate && python ${ES_BEATS}/libbeat/scripts/generate_index_pattern.py --index '${BEAT_NAME}-*' --libbeat ${ES_BEATS}/libbeat --beat $(PWD) + mkdir -p $(PWD)/_meta/kibana/5.x/index-pattern + mkdir -p $(PWD)/_meta/kibana/default/index-pattern + . ${PYTHON_ENV}/bin/activate && python ${ES_BEATS}/libbeat/scripts/generate_index_pattern.py --index '${BEAT_NAME}-*' --libbeat ${ES_BEATS}/libbeat --beat $(PWD) --version ${BEAT_VERSION} .PHONY: docs docs: ## @build Builds the documents for the beat diff --git a/vendor/github.com/elastic/beats/libbeat/scripts/generate_index_pattern.py b/vendor/github.com/elastic/beats/libbeat/scripts/generate_index_pattern.py index 94c40a67..cd4d8d7f 100644 --- a/vendor/github.com/elastic/beats/libbeat/scripts/generate_index_pattern.py +++ b/vendor/github.com/elastic/beats/libbeat/scripts/generate_index_pattern.py @@ -17,7 +17,11 @@ import sys unique_fields = [] -def fields_to_json(section, path, output): +def fields_to_json(fields, section, path, output): + + # Need in case there are no fields + if section["fields"] is None: + section["fields"] = {} for field in section["fields"]: if path == "": @@ -26,23 +30,21 @@ def fields_to_json(section, path, output): newpath = path + "." + field["name"] if "type" in field and field["type"] == "group": - fields_to_json(field, newpath, output) + fields_to_json(fields, field, newpath, output) else: - field_to_json(field, newpath, output) + field_to_json(fields, field, newpath, output) -def field_to_json(desc, path, output, +def field_to_json(fields, desc, path, output, indexed=True, analyzed=False, doc_values=True, searchable=True, aggregatable=True): - global unique_fields - if path in unique_fields: print("ERROR: Field {} is duplicated. Please delete it and try again. Fields already are {}".format( - path, ", ".join(unique_fields))) + path, ", ".join(fields))) sys.exit(1) else: - unique_fields.append(path) + fields.append(path) field = { "name": path, @@ -77,15 +79,16 @@ def field_to_json(desc, path, output, } -def fields_to_index_pattern(args, input): +def fields_to_index_pattern(version, args, input): docs = yaml.load(input) + fields = [] if docs is None: print("fields.yml is empty. Cannot generate index-pattern") return - output = { + attributes = { "fields": [], "fieldFormatMap": {}, "timeFieldName": "@timestamp", @@ -94,29 +97,47 @@ def fields_to_index_pattern(args, input): } for k, section in enumerate(docs["fields"]): - fields_to_json(section, "", output) + fields_to_json(fields, section, "", attributes) # add meta fields - field_to_json({"name": "_id", "type": "keyword"}, "_id", output, + field_to_json(fields, {"name": "_id", "type": "keyword"}, "_id", + attributes, indexed=False, analyzed=False, doc_values=False, searchable=False, aggregatable=False) - field_to_json({"name": "_type", "type": "keyword"}, "_type", output, + field_to_json(fields, {"name": "_type", "type": "keyword"}, "_type", + attributes, indexed=False, analyzed=False, doc_values=False, searchable=True, aggregatable=True) - field_to_json({"name": "_index", "type": "keyword"}, "_index", output, + field_to_json(fields, {"name": "_index", "type": "keyword"}, "_index", + attributes, indexed=False, analyzed=False, doc_values=False, searchable=False, aggregatable=False) - field_to_json({"name": "_score", "type": "integer"}, "_score", output, + field_to_json(fields, {"name": "_score", "type": "integer"}, "_score", + attributes, indexed=False, analyzed=False, doc_values=False, searchable=False, aggregatable=False) - output["fields"] = json.dumps(output["fields"]) - output["fieldFormatMap"] = json.dumps(output["fieldFormatMap"]) - return output + attributes["fields"] = json.dumps(attributes["fields"]) + attributes["fieldFormatMap"] = json.dumps(attributes["fieldFormatMap"]) + + if version == "5.x": + return attributes + + return { + "version": args.version, + "objects": [{ + "type": "index-pattern", + "id": args.index, + "version": 1, + "attributes": attributes, + }] + + + } def get_index_pattern_name(index): @@ -125,10 +146,32 @@ def get_index_pattern_name(index): return re.sub('[^%s]' % allow, '', index) +def dump_index_pattern(args, version, output): + + fileName = get_index_pattern_name(args.index) + target_dir = os.path.join(args.beat, "_meta", "kibana", version, "index-pattern") + target_file = os.path.join(target_dir, fileName + ".json") + + try: + os.makedirs(target_dir) + except OSError as exception: + if exception.errno != errno.EEXIST: + raise + + output = json.dumps(output, indent=2) + + with open(target_file, 'w') as f: + f.write(output) + + print("The index pattern was created under {}".format(target_file)) + return target_file + + if __name__ == "__main__": parser = argparse.ArgumentParser( description="Generates the index-pattern for a Beat.") + parser.add_argument("--version", help="Beat version") parser.add_argument("--index", help="The name of the index-pattern") parser.add_argument("--beat", help="Local Beat directory") parser.add_argument("--libbeat", help="Libbeat local directory") @@ -145,27 +188,13 @@ if __name__ == "__main__": with open(fields_yml, 'r') as f: fields = f.read() - # Prepend beat fields from libbeat - with open(args.libbeat + "/_meta/fields.generated.yml") as f: - fields = f.read() + fields + # Prepends beat fields from libbeat + with open(args.libbeat + "/_meta/fields.generated.yml") as f: + fields = f.read() + fields - # with open(target, 'w') as output: - output = fields_to_index_pattern(args, fields) + # with open(target, 'w') as output: + output = fields_to_index_pattern("default", args, fields) + dump_index_pattern(args, "default", output) - # dump output to a json file - fileName = get_index_pattern_name(args.index) - target_dir = os.path.join(args.beat, "_meta", "kibana", "index-pattern") - target_file = os.path.join(target_dir, fileName + ".json") - - try: - os.makedirs(target_dir) - except OSError as exception: - if exception.errno != errno.EEXIST: - raise - - output = json.dumps(output, indent=2) - - with open(target_file, 'w') as f: - f.write(output) - - print("The index pattern was created under {}".format(target_file)) + output5x = fields_to_index_pattern("5.x", args, fields) + dump_index_pattern(args, "5.x", output5x) diff --git a/vendor/github.com/elastic/beats/libbeat/scripts/generate_template.py b/vendor/github.com/elastic/beats/libbeat/scripts/generate_template.py index 20b4b5fa..af54df7d 100644 --- a/vendor/github.com/elastic/beats/libbeat/scripts/generate_template.py +++ b/vendor/github.com/elastic/beats/libbeat/scripts/generate_template.py @@ -67,18 +67,11 @@ def fields_to_es_template(args, input, output, index, version): } } else: - # For ES 5.x, increase the limit on the max number of fields. + # For ES >= 5.x, increase the limit on the max number of fields. # In a typical scenario, most fields are not used, so increasing the # limit shouldn't be that bad. template["settings"]["index.mapping.total_fields.limit"] = 10000 - # should be done only for es5x. For es6x, any "_all" setting results - # in an error. - # TODO: https://github.com/elastic/beats/issues/3368 - template["mappings"]["_default_"]["_all"] = { - "norms": False - } - properties = {} dynamic_templates = [] @@ -135,6 +128,10 @@ def dedot(group): fields = [] dedotted = {} + if not group["fields"]: + return + + for field in group["fields"]: if "." in field["name"]: # dedot @@ -169,8 +166,10 @@ def fill_section_properties(args, section, defaults, path): properties = {} dynamic_templates = [] - if "fields" in section: + if "fields" in section and section["fields"]: for field in section["fields"]: + if not field: + continue prop, dynamic = fill_field_properties(args, field, defaults, path) properties.update(prop) dynamic_templates.extend(dynamic) @@ -186,6 +185,9 @@ def fill_field_properties(args, field, defaults, path): properties = {} dynamic_templates = [] + if not field: + return + for key in defaults.keys(): if key not in field: field[key] = defaults[key] @@ -296,13 +298,6 @@ def fill_field_properties(args, field, defaults, path): } }) - - properties[field["name"]] = { - "properties": {} - } - - - elif field.get("type") == "group": if len(path) > 0: path = path + "." + field["name"] @@ -344,6 +339,8 @@ if __name__ == "__main__": description="Generates the templates for a Beat.") parser.add_argument("--es2x", action="store_true", help="Generate template for Elasticsearch 2.x.") + parser.add_argument("--es6x", action="store_true", + help="Generate template for Elasticsearch 6.x.") parser.add_argument("path", help="Path to the beat folder") parser.add_argument("beatname", help="The beat fname") parser.add_argument("es_beats", help="The path to the general beats folder") @@ -353,6 +350,8 @@ if __name__ == "__main__": target = args.path + "/" + args.beatname + ".template" if args.es2x: target += "-es2x" + elif args.es6x: + target += "-es6x" target += ".json" fields_yml = args.path + "/_meta/fields.generated.yml" diff --git a/vendor/github.com/elastic/beats/libbeat/setup/kibana/client.go b/vendor/github.com/elastic/beats/libbeat/setup/kibana/client.go new file mode 100644 index 00000000..8534cc3c --- /dev/null +++ b/vendor/github.com/elastic/beats/libbeat/setup/kibana/client.go @@ -0,0 +1,220 @@ +package kibana + +import ( + "bytes" + "encoding/json" + "fmt" + "io" + "io/ioutil" + "net/http" + "net/url" + "strings" + + "github.com/elastic/beats/libbeat/common" + "github.com/elastic/beats/libbeat/outputs" + "github.com/elastic/beats/libbeat/outputs/transport" +) + +type Connection struct { + URL string + Username string + Password string + Headers map[string]string + + http *http.Client + version string +} + +type Client struct { + Connection +} + +func addToURL(_url, _path string, params url.Values) string { + + if len(params) == 0 { + return _url + _path + } + + return strings.Join([]string{_url, _path, "?", params.Encode()}, "") +} + +func NewKibanaClient(cfg *common.Config) (*Client, error) { + config := defaultKibanaConfig + if err := cfg.Unpack(&config); err != nil { + return nil, err + } + + kibanaURL, err := common.MakeURL(config.Protocol, config.Path, config.Host, 5601) + if err != nil { + return nil, fmt.Errorf("invalid Kibana host: %v", err) + } + + u, err := url.Parse(kibanaURL) + if err != nil { + return nil, fmt.Errorf("failed to parse the Kibana URL: %v", err) + } + + username := config.Username + password := config.Password + + if u.User != nil { + username = u.User.Username() + password, _ = u.User.Password() + u.User = nil + + // Re-write URL without credentials. + kibanaURL = u.String() + } + + var dialer, tlsDialer transport.Dialer + + tlsConfig, err := outputs.LoadTLSConfig(config.TLS) + if err != nil { + return nil, fmt.Errorf("fail to load the TLS config: %v", err) + } + + dialer = transport.NetDialer(config.Timeout) + tlsDialer, err = transport.TLSDialer(dialer, tlsConfig, config.Timeout) + if err != nil { + return nil, err + } + + client := &Client{ + Connection: Connection{ + URL: kibanaURL, + Username: username, + Password: password, + http: &http.Client{ + Transport: &http.Transport{ + Dial: dialer.Dial, + DialTLS: tlsDialer.Dial, + }, + Timeout: config.Timeout, + }, + }, + } + + if err = client.SetVersion(); err != nil { + return nil, fmt.Errorf("fail to get the Kibana version:%v", err) + } + + return client, nil +} + +func (conn *Connection) Request(method, extraPath string, + params url.Values, body io.Reader) (int, []byte, error) { + + reqURL := addToURL(conn.URL, extraPath, params) + + req, err := http.NewRequest(method, reqURL, body) + if err != nil { + return 0, nil, fmt.Errorf("fail to create the HTTP %s request: %v", method, err) + } + + if conn.Username != "" || conn.Password != "" { + req.SetBasicAuth(conn.Username, conn.Password) + } + + req.Header.Set("Content-Type", "application/json") + req.Header.Add("Accept", "application/json") + + if method != "GET" { + req.Header.Set("kbn-version", conn.version) + } + + resp, err := conn.http.Do(req) + if err != nil { + return 0, nil, fmt.Errorf("fail to execute the HTTP %s request: %v", method, err) + } + defer resp.Body.Close() + + var retError error + if resp.StatusCode >= 300 { + retError = fmt.Errorf("%v", resp.Status) + } + + result, err := ioutil.ReadAll(resp.Body) + if err != nil { + return 0, nil, fmt.Errorf("fail to read response %s", err) + } + + return resp.StatusCode, result, retError +} + +func (client *Client) SetVersion() error { + type kibanaVersionResponse struct { + Name string `json:"name"` + Version struct { + Number string `json:"number"` + Snapshot bool `json:"build_snapshot"` + } `json:"version"` + } + + type kibanaVersionResponse5x struct { + Name string `json:"name"` + Version string `json:"version"` + } + _, result, err := client.Connection.Request("GET", "/api/status", nil, nil) + if err != nil { + return fmt.Errorf("HTTP GET request to /api/status fails: %v. Response: %s.", + err, truncateString(result)) + } + + var kibanaVersion kibanaVersionResponse + var kibanaVersion5x kibanaVersionResponse5x + + err = json.Unmarshal(result, &kibanaVersion) + if err != nil { + + // The response returned by /api/status is different in Kibana 5.x than in Kibana 6.x + err5x := json.Unmarshal(result, &kibanaVersion5x) + if err5x != nil { + + return fmt.Errorf("fail to unmarshal the response from GET %s/api/status. Response: %s. Kibana 5.x status api returns: %v. Kibana 6.x status api returns: %v", + client.Connection.URL, truncateString(result), err5x, err) + } + client.version = kibanaVersion5x.Version + + } else { + client.version = kibanaVersion.Version.Number + + if kibanaVersion.Version.Snapshot { + // needed for the tests + client.version = client.version + "-SNAPSHOT" + } + + } + + return nil +} + +func (client *Client) GetVersion() string { return client.version } + +func (client *Client) ImportJSON(url string, params url.Values, body io.Reader) error { + statusCode, response, err := client.Connection.Request("POST", url, params, body) + if err != nil { + return fmt.Errorf("%v. Response: %s", err, truncateString(response)) + } + if statusCode >= 300 { + return fmt.Errorf("returned %d to import file: %v. Response: %s", statusCode, err, response) + } + return nil +} + +func (client *Client) Close() error { return nil } + +// truncateString returns a truncated string if the length is greater than 250 +// runes. If the string is truncated "... (truncated)" is appended. Newlines are +// replaced by spaces in the returned string. +// +// This function is useful for logging raw HTTP responses with errors when those +// responses can be very large (such as an HTML page with CSS content). +func truncateString(b []byte) string { + const maxLength = 250 + runes := bytes.Runes(b) + if len(runes) > maxLength { + runes = append(runes[:maxLength], []rune("... (truncated)")...) + } + + return strings.Replace(string(runes), "\n", " ", -1) +} diff --git a/vendor/github.com/elastic/beats/libbeat/setup/kibana/config.go b/vendor/github.com/elastic/beats/libbeat/setup/kibana/config.go new file mode 100644 index 00000000..24df8a2e --- /dev/null +++ b/vendor/github.com/elastic/beats/libbeat/setup/kibana/config.go @@ -0,0 +1,29 @@ +package kibana + +import ( + "time" + + "github.com/elastic/beats/libbeat/outputs" +) + +type kibanaConfig struct { + Protocol string `config:"protocol"` + Host string `config:"host"` + Path string `config:"path"` + Username string `config:"username"` + Password string `config:"password"` + TLS *outputs.TLSConfig `config:"ssl"` + Timeout time.Duration `config:"timeout"` +} + +var ( + defaultKibanaConfig = kibanaConfig{ + Protocol: "http", + Host: "", + Path: "", + Username: "", + Password: "", + Timeout: 90 * time.Second, + TLS: nil, + } +) diff --git a/vendor/github.com/elastic/beats/libbeat/tests/system/beat/beat.py b/vendor/github.com/elastic/beats/libbeat/tests/system/beat/beat.py index e1eb9f24..96220f3a 100644 --- a/vendor/github.com/elastic/beats/libbeat/tests/system/beat/beat.py +++ b/vendor/github.com/elastic/beats/libbeat/tests/system/beat/beat.py @@ -390,6 +390,10 @@ class TestCase(unittest.TestCase): def extract_fields(doc_list, name): fields = [] dictfields = [] + + if not doc_list: + return fields, dictfields + for field in doc_list: # Chain together names diff --git a/vendor/github.com/elastic/beats/libbeat/tests/system/test_base.py b/vendor/github.com/elastic/beats/libbeat/tests/system/test_base.py index f9f14c2f..cc52d697 100644 --- a/vendor/github.com/elastic/beats/libbeat/tests/system/test_base.py +++ b/vendor/github.com/elastic/beats/libbeat/tests/system/test_base.py @@ -26,7 +26,6 @@ class Test(BaseTest): assert exit_code == 1 assert self.log_contains("error loading config file") is True - assert self.log_contains("no such file or directory") is True def test_invalid_config(self): """ @@ -73,6 +72,8 @@ class Test(BaseTest): f.write('{"template": true}') with open(self.working_dir + "/mockbeat.template-es2x.json", "w") as f: f.write('{"template": true}') + with open(self.working_dir + "/mockbeat.template-es6x.json", "w") as f: + f.write('{"template": true}') exit_code = self.run_beat( config="libbeat.yml", diff --git a/vendor/github.com/elastic/beats/metricbeat/Dockerfile b/vendor/github.com/elastic/beats/metricbeat/Dockerfile index 9de79121..90265f0a 100644 --- a/vendor/github.com/elastic/beats/metricbeat/Dockerfile +++ b/vendor/github.com/elastic/beats/metricbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.7.4 +FROM golang:1.7.6 MAINTAINER Nicolas Ruflin RUN set -x && \ diff --git a/vendor/github.com/elastic/beats/metricbeat/beater/metricbeat.go b/vendor/github.com/elastic/beats/metricbeat/beater/metricbeat.go index 08b7e18d..43672e4b 100644 --- a/vendor/github.com/elastic/beats/metricbeat/beater/metricbeat.go +++ b/vendor/github.com/elastic/beats/metricbeat/beater/metricbeat.go @@ -73,7 +73,7 @@ func (bt *Metricbeat) Run(b *beat.Beat) error { } if bt.config.ReloadModules.Enabled() { - logp.Warn("EXPERIMENTAL feature dynamic configuration reloading is enabled.") + logp.Warn("BETA: feature dynamic configuration reloading is enabled.") moduleReloader := cfgfile.NewReloader(bt.config.ReloadModules) factory := module.NewFactory(b.Publisher) diff --git a/vendor/github.com/elastic/beats/metricbeat/docker-compose.yml b/vendor/github.com/elastic/beats/metricbeat/docker-compose.yml index ff41f656..29a1afc4 100644 --- a/vendor/github.com/elastic/beats/metricbeat/docker-compose.yml +++ b/vendor/github.com/elastic/beats/metricbeat/docker-compose.yml @@ -18,6 +18,7 @@ services: - ceph - couchbase - haproxy + - jolokia - kafka - mongodb - mysql @@ -34,6 +35,7 @@ services: - ${PWD}/module/couchbase/_meta/env - ${PWD}/module/haproxy/_meta/env - ${PWD}/module/kafka/_meta/env + - ${PWD}/module/jolokia/_meta/env - ${PWD}/module/mongodb/_meta/env - ${PWD}/module/mysql/_meta/env - ${PWD}/module/nginx/_meta/env @@ -56,6 +58,9 @@ services: haproxy: build: ${PWD}/module/haproxy/_meta + jolokia: + build: ${PWD}/module/jolokia/_meta + kafka: build: ${PWD}/module/kafka/_meta diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/developer-guide/create-module.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/developer-guide/create-module.asciidoc index d69e4725..135153af 100644 --- a/vendor/github.com/elastic/beats/metricbeat/docs/developer-guide/create-module.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/docs/developer-guide/create-module.asciidoc @@ -15,7 +15,7 @@ metricset by running `make create-metricset`, default versions of these files ar * `docs.asciidoc` * `fields.yml` -After updating any of these files, make sure you run `make collect` in your beat directory so all generated +After updating any of these files, make sure you run `make update` in your beat directory so all generated files are updated. diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/developer-guide/creating-beat-from-metricbeat.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/developer-guide/creating-beat-from-metricbeat.asciidoc index c2b198cd..5bb38424 100644 --- a/vendor/github.com/elastic/beats/metricbeat/docs/developer-guide/creating-beat-from-metricbeat.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/docs/developer-guide/creating-beat-from-metricbeat.asciidoc @@ -66,7 +66,7 @@ make setup This will do the initial setup for your Beat and also run `make create-metricset`, which will ask you for the module name and metricset name of your Beat. -For more details about creating a metricset, see the docs about https://www.elastic.co/guide/en/beats/metricbeat/current/creating-metricsets.html[creating a metricset]. +For more details about creating a metricset, see the docs about creating a metricset. [float] @@ -96,4 +96,4 @@ make package This will fetch the most recent packaging tools and start the packaging of your beat. This can take a little bit longer. -For more details about creating a metricset, see the docs about https://www.elastic.co/guide/en/beats/metricbeat/current/creating-metricsets.html[creating a metricset]. +For more details about creating a metricset, see the docs about creating a metricset. diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/fields.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/fields.asciidoc index b228d9cb..0ddad1a9 100644 --- a/vendor/github.com/elastic/beats/metricbeat/docs/fields.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/docs/fields.asciidoc @@ -20,6 +20,7 @@ grouped in the following categories: * <> * <> * <> +* <> * <> * <> * <> @@ -2634,8 +2635,9 @@ Time in ms that it took to finish the last health check. [float] === haproxy.stat.check.health.last -type: long +type: keyword +The result of the last health check. [float] @@ -2643,6 +2645,7 @@ type: long type: long +Number of failed checks. [float] @@ -2804,6 +2807,20 @@ type: integer The average queue time in ms over the last 1024 requests. +[[exported-fields-jolokia]] +== Jolokia Fields + +[]beta +Jolokia Module + + + +[float] +== jolokia Fields + +jolokia contains metrics exposed via jolokia agent + + [[exported-fields-kafka]] == kafka Fields @@ -5416,7 +5433,7 @@ System status metrics, like CPU and memory usage, that are collected from the op [float] == core Fields -`system-core` contains local CPU core stats. +`system-core` contains CPU metrics for a single core of a multi-core system. @@ -5435,7 +5452,7 @@ type: scaled_float format: percent -The percentage of CPU time spent in user space. On multi-core systems, you can have percentages that are greater than 100%. For example, if 3 cores are at 60% use, then the `cpu.user_p` will be 180%. +The percentage of CPU time spent in user space. [float] @@ -5584,7 +5601,7 @@ The amount of CPU time spent in involuntary wait by the virtual CPU while the hy type: long -The number of CPU cores. +The number of CPU cores. The CPU percentages can range from `[0, 100% * cores]`. [float] @@ -5594,7 +5611,7 @@ type: scaled_float format: percent -The percentage of CPU time spent in user space. On multi-core systems, you can have percentages that are greater than 100%. For example, if 3 cores are at 60% use, then the `cpu.user_p` will be 180%. +The percentage of CPU time spent in user space. On multi-core systems, you can have percentages that are greater than 100%. For example, if 3 cores are at 60% use, then the `system.cpu.user.pct` will be 180%. [float] diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/gettingstarted.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/gettingstarted.asciidoc index cdc415ca..81336491 100644 --- a/vendor/github.com/elastic/beats/metricbeat/docs/gettingstarted.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/docs/gettingstarted.asciidoc @@ -34,19 +34,7 @@ traffic or prevent Metricbeat from collecting metrics when there are network problems. Metrics from multiple Metricbeat instances will be combined on the Elasticsearch server. -To download and install Metricbeat, use the commands that work with your system -(<> for Debian/Ubuntu, <> for Redhat/Centos/Fedora, <> for OS X, and <> for Windows). - -[NOTE] -================================================== -If you use Apt or Yum, you can -<> to -update to the newest version more easily. - -See our https://www.elastic.co/downloads/beats/metricbeat[download page] for -other installation options, such as 32-bit images. -================================================== +include::../../libbeat/docs/shared-download-and-install.asciidoc[] [[deb]] *deb:* @@ -105,6 +93,24 @@ tar xzvf metricbeat-{version}-darwin-x86_64.tar.gz endif::[] +[[docker]] +*docker:* + +ifeval::["{release-state}"=="unreleased"] + +Version {stack-version} of {beatname_uc} has not yet been released. + +endif::[] + +ifeval::["{release-state}"!="unreleased"] + +["source", "shell", subs="attributes"] +------------------------------------------------ +docker pull {dockerimage} +------------------------------------------------ + +endif::[] + [[win]] *win:* @@ -127,7 +133,8 @@ https://www.elastic.co/downloads/beats/metricbeat[downloads page]. and select *Run As Administrator*). If you are running Windows XP, you may need to download and install PowerShell. -. Run the following commands to install Metricbeat as a Windows service: +. From the PowerShell prompt, run the following commands to install Metricbeat +as a Windows service: + [source,shell] ---------------------------------------------------------------------- @@ -150,15 +157,7 @@ For more information about these options, see [[metricbeat-configuration]] === Step 2: Configuring Metricbeat -To configure Metricbeat, you edit the configuration file. For rpm and deb, -you'll find the configuration file at `/etc/metricbeat/metricbeat.yml`. For mac -and win, look in the archive that you just extracted. There’s also a full -example configuration file called `metricbeat.full.yml` that shows all -non-deprecated options. - -See the -{libbeat}/config-file-format.html[Config File Format] section of the -_Beats Platform Reference_ for more about the structure of the config file. +include::../../libbeat/docs/shared-configuring.asciidoc[] Metricbeat uses <> to collect metrics. You configure each module individually. The following example shows the default configuration @@ -248,6 +247,7 @@ start Metricbeat in the foreground. ---------------------------------------------------------------------- sudo /etc/init.d/metricbeat start ---------------------------------------------------------------------- + *rpm:* [source,shell] @@ -255,6 +255,13 @@ sudo /etc/init.d/metricbeat start sudo /etc/init.d/metricbeat start ---------------------------------------------------------------------- +*docker:* + +["source", "shell", subs="attributes"] +---------------------------------------------------------------------- +docker run {dockerimage} +---------------------------------------------------------------------- + *mac:* [source,shell] @@ -308,4 +315,3 @@ image:./images/metricbeat_system_dashboard.png[Metricbeat Dashboard] :allplatforms: include::../../libbeat/docs/dashboards.asciidoc[] - diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/index.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/index.asciidoc index 9454e170..c768252b 100644 --- a/vendor/github.com/elastic/beats/metricbeat/docs/index.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/docs/index.asciidoc @@ -11,6 +11,7 @@ include::../../libbeat/docs/version.asciidoc[] :beatname_lc: metricbeat :beatname_uc: Metricbeat :security: X-Pack Security +:dockerimage: docker.elastic.co/beats/{beatname_lc}:{version} include::./overview.asciidoc[] @@ -22,12 +23,12 @@ include::../../libbeat/docs/shared-directory-layout.asciidoc[] include::../../libbeat/docs/repositories.asciidoc[] +include::./running-on-docker.asciidoc[] + include::./upgrading.asciidoc[] include::./how-metricbeat-works.asciidoc[] -include::./metricbeat-in-a-container.asciidoc[] - include::./configuring-howto.asciidoc[] include::./metricbeat-filtering.asciidoc[] @@ -36,6 +37,7 @@ include::../../libbeat/docs/shared-config-ingest.asciidoc[] include::./configuring-logstash.asciidoc[] +:standalone: include::../../libbeat/docs/shared-env-vars.asciidoc[] :standalone: diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/modules/docker.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/modules/docker.asciidoc index fda384ef..1f654113 100644 --- a/vendor/github.com/elastic/beats/metricbeat/docs/modules/docker.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/docs/modules/docker.asciidoc @@ -9,6 +9,16 @@ beta[] This module fetches metrics from https://www.docker.com/[Docker] containers. +The docker module is currently not tested on Windows. + +[float] +=== Module-Specific Configuration Notes + +It is strongly recommended that you run Docker metricsets with a +<> that is 3 seconds or longer. The request to the +Docker API already takes up to 2 seconds. Specifying less than 3 seconds will +result in requests that timeout, and no data will be reported for those +requests. [float] diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/modules/jolokia.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/modules/jolokia.asciidoc new file mode 100644 index 00000000..ea006397 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/docs/modules/jolokia.asciidoc @@ -0,0 +1,43 @@ +//// +This file is generated! See scripts/docs_collector.py +//// + +[[metricbeat-module-jolokia]] +== Jolokia Module + +beta[] + +This is the Jolokia Module. + + + +[float] +=== Example Configuration + +The Jolokia module supports the standard configuration options that are described +in <>. Here is an example configuration: + +[source,yaml] +---- +metricbeat.modules: +#- module: jolokia +# metricsets: ["jmx"] +# enabled: true +# period: 10s +# hosts: ["localhost"] +# namespace: "metrics" +# path: "/jolokia/?ignoreErrors=true&canonicalNaming=false" +# jmx.mapping: +# jmx.application: +# jmx.instance: +---- + +[float] +=== Metricsets + +The following metricsets are available: + +* <> + +include::jolokia/jmx.asciidoc[] + diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/modules/jolokia/jmx.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/modules/jolokia/jmx.asciidoc new file mode 100644 index 00000000..99290cdf --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/docs/modules/jolokia/jmx.asciidoc @@ -0,0 +1,19 @@ +//// +This file is generated! See scripts/docs_collector.py +//// + +[[metricbeat-metricset-jolokia-jmx]] +include::../../../module/jolokia/jmx/_meta/docs.asciidoc[] + + +==== Fields + +For a description of each field in the metricset, see the +<> section. + +Here is an example document generated by this metricset: + +[source,json] +---- +include::../../../module/jolokia/jmx/_meta/data.json[] +---- diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/modules/redis.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/modules/redis.asciidoc index 86fbb5db..73976145 100644 --- a/vendor/github.com/elastic/beats/metricbeat/docs/modules/redis.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/docs/modules/redis.asciidoc @@ -12,6 +12,7 @@ This module periodically fetches metrics from http://redis.io/[Redis] servers. The Redis module has these additional config options: +*`password`*:: The password to authenticate, by default it's empty. *`idle_timeout`*:: The duration to remain idle before closing connections. If the value is zero, then idle connections are not closed. The default value is 2 times the module period to allow a connection to be reused across diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/modules/system.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/modules/system.asciidoc index bda7bfbe..afbcb259 100644 --- a/vendor/github.com/elastic/beats/metricbeat/docs/modules/system.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/docs/modules/system.asciidoc @@ -49,9 +49,6 @@ metricbeat.modules: cpu_ticks: true ---- -It is strongly recommended to not run docker metricsets with a period smaller then 3 seconds. The request to the docker -API already takes up to 2s seconds. Otherwise all the requests would timeout and no data is reported. - [float] === Dashboard diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/modules_list.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/modules_list.asciidoc index ceecfd51..f56c3d6c 100644 --- a/vendor/github.com/elastic/beats/metricbeat/docs/modules_list.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/docs/modules_list.asciidoc @@ -7,6 +7,7 @@ This file is generated! See scripts/docs_collector.py * <> * <> * <> + * <> * <> * <> * <> @@ -26,6 +27,7 @@ include::modules/ceph.asciidoc[] include::modules/couchbase.asciidoc[] include::modules/docker.asciidoc[] include::modules/haproxy.asciidoc[] +include::modules/jolokia.asciidoc[] include::modules/kafka.asciidoc[] include::modules/mongodb.asciidoc[] include::modules/mysql.asciidoc[] diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/reference/configuration/metricbeat-options.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/reference/configuration/metricbeat-options.asciidoc index 199f4ab4..b76a66b5 100644 --- a/vendor/github.com/elastic/beats/metricbeat/docs/reference/configuration/metricbeat-options.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/docs/reference/configuration/metricbeat-options.asciidoc @@ -44,6 +44,7 @@ A Boolean value that specifies whether the module is enabled. If you use the def the System module is enabled (set to `enabled: true`) by default. If the `enabled` option is missing from the configuration block, the module is enabled by default. +[[metricset-period]] ===== period How often the metricsets are executed. If a system is not reachable, Metricbeat returns an error for each period. This setting is required. diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/reference/configuration/reload-configuration.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/reference/configuration/reload-configuration.asciidoc index 21879e64..e0e37d3e 100644 --- a/vendor/github.com/elastic/beats/metricbeat/docs/reference/configuration/reload-configuration.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/docs/reference/configuration/reload-configuration.asciidoc @@ -1,7 +1,7 @@ [[metricbeat-configuration-reloading]] === Reload Configuration -experimental[] +beta[] You can configure Metricbeat to dynamically reload configuration files when there are changes. To do this, you specify a path diff --git a/vendor/github.com/elastic/beats/metricbeat/docs/metricbeat-in-a-container.asciidoc b/vendor/github.com/elastic/beats/metricbeat/docs/running-on-docker.asciidoc similarity index 76% rename from vendor/github.com/elastic/beats/metricbeat/docs/metricbeat-in-a-container.asciidoc rename to vendor/github.com/elastic/beats/metricbeat/docs/running-on-docker.asciidoc index b4b081be..f9c5c7d5 100644 --- a/vendor/github.com/elastic/beats/metricbeat/docs/metricbeat-in-a-container.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/docs/running-on-docker.asciidoc @@ -1,30 +1,25 @@ -[[running-in-container]] -== Running Metricbeat in a Container - -Elastic does not provide any official container images for Metricbeat. The -examples on this page assume you are using your own Metricbeat container image. +include::../../libbeat/docs/shared-docker.asciidoc[] +[float] +[[monitoring-host]] +=== Monitoring the Host Machine When executing Metricbeat in a container, there are some important things to be aware of if you want to monitor the host machine or other containers. Let's walk-through some examples using Docker as our container orchestration tool. -[float] -[[monitoring-host]] -=== Monitoring the Host Machine - This example highlights the changes required to make the system module work properly inside of a container. This enables Metricbeat to monitor the host machine from within the container. -[source,sh] +["source","sh",subs="attributes"] ---- -sudo docker run \ +docker run \ --volume=/proc:/hostfs/proc:ro \ <1> --volume=/sys/fs/cgroup:/hostfs/sys/fs/cgroup:ro \ <2> --volume=/:/hostfs:ro \ <3> --net=host <4> - my/metricbeat:latest -system.hostfs=/hostfs + {dockerimage} -system.hostfs=/hostfs ---- <1> Metricbeat's <> collects much of its data through the Linux proc @@ -34,8 +29,8 @@ container's `/proc` is different than the host's `/proc`. To account for this, y can mount the host's `/proc` filesystem inside of the container and tell Metricbeat to look inside the `/hostfs` directory when looking for `/proc` by using the `-system.hostfs=/hostfs` CLI flag. -<2> If cgroup reporting is enabled for the -<>, then you need +<2> By default, cgroup reporting is enabled for the +<>, so you need to mount the host's cgroup mountpoints within the container. They need to be mounted inside the directory specified by the `-system.hostfs` CLI flag. <3> If you want to be able to monitor filesystems from the host by using the @@ -47,23 +42,28 @@ to make this file contain the host's network devices is to use the `--net=host` flag. This is due to Linux namespacing; simply bind mounting the host's `/proc` to `/hostfs/proc` is not sufficient. +NOTE: The special filesystems +/proc+ and +/sys+ are only available if the +host system is running Linux. Attempts to bind-mount these filesystems will +fail on Windows and MacOS. + [float] [[monitoring-service]] === Monitoring a Service in Another Container -Next let's look at an example of monitoring a containerized service from a +Next, let's look at an example of monitoring a containerized service from a Metricbeat container. -[source,sh] +["source","sh",subs="attributes"] ---- -sudo docker run \ - --link some-mysql:mysql \ <1> +docker run \ + --network=mysqlnet \ <1> -e MYSQL_PASSWORD=secret \ <2> - my/metricbeat:latest + {dockerimage} ---- -<1> Linking the containers enables Metricbeat access the exposed ports of the -mysql container, and it makes the hostname `mysql` resolvable to Metricbeat. +<1> Placing the Metricbeat and MySQL containers on the same Docker network +allows Metricbeat access to the exposed ports of the MySQL container, and +makes the hostname `mysql` resolvable to Metricbeat. <2> If you do not want to hardcode certain values into your Metricbeat configuration, then you can pass them into the container either as environment variables or as command line flags to Metricbeat (see the `-E` CLI flag in <>). @@ -80,7 +80,7 @@ metricbeat.modules: password: ${MYSQL_PASSWORD} <2> ---- -<1> The `mysql` hostname will resolve to the `some-mysql` container's address. +<1> The `mysql` hostname will resolve to the address of a container +named `mysql` on the `mysqlnet` Docker network. <2> The `MYSQL_PASSWORD` variable will be evaluated at startup. If the variable is not set, this will lead to an error at startup. - diff --git a/vendor/github.com/elastic/beats/metricbeat/helper/http.go b/vendor/github.com/elastic/beats/metricbeat/helper/http.go index f3eb49d5..cc397c5b 100644 --- a/vendor/github.com/elastic/beats/metricbeat/helper/http.go +++ b/vendor/github.com/elastic/beats/metricbeat/helper/http.go @@ -5,9 +5,13 @@ import ( "bytes" "encoding/json" "fmt" + "io" "io/ioutil" "net/http" + "time" + "github.com/elastic/beats/libbeat/outputs" + "github.com/elastic/beats/libbeat/outputs/transport" "github.com/elastic/beats/metricbeat/mb" ) @@ -15,14 +19,50 @@ type HTTP struct { base mb.BaseMetricSet client *http.Client // HTTP client that is reused across requests. headers map[string]string + method string + body []byte } // NewHTTP creates new http helper func NewHTTP(base mb.BaseMetricSet) *HTTP { + config := struct { + TLS *outputs.TLSConfig `config:"ssl"` + Timeout time.Duration `config:"timeout"` + Headers map[string]string `config:"headers"` + }{} + if err := base.Module().UnpackConfig(&config); err != nil { + return nil + } + + if config.Headers == nil { + config.Headers = map[string]string{} + } + + tlsConfig, err := outputs.LoadTLSConfig(config.TLS) + if err != nil { + return nil + } + + var dialer, tlsDialer transport.Dialer + + dialer = transport.NetDialer(config.Timeout) + tlsDialer, err = transport.TLSDialer(dialer, tlsConfig, config.Timeout) + if err != nil { + return nil + } + return &HTTP{ - base: base, - client: &http.Client{Timeout: base.Module().Config().Timeout}, - headers: map[string]string{}, + base: base, + client: &http.Client{ + Transport: &http.Transport{ + Dial: dialer.Dial, + DialTLS: tlsDialer.Dial, + }, + Timeout: config.Timeout, + }, + headers: config.Headers, + method: "GET", + body: nil, } } @@ -30,7 +70,14 @@ func NewHTTP(base mb.BaseMetricSet) *HTTP { // It's important that resp.Body has to be closed if this method is used. Before using this method // check if one of the other Fetch* methods could be used as they ensure that the Body is properly closed. func (h *HTTP) FetchResponse() (*http.Response, error) { - req, err := http.NewRequest("GET", h.base.HostData().SanitizedURI, nil) + + // Create a fresh reader every time + var reader io.Reader + if h.body != nil { + reader = bytes.NewReader(h.body) + } + + req, err := http.NewRequest(h.method, h.base.HostData().SanitizedURI, reader) if h.base.HostData().User != "" || h.base.HostData().Password != "" { req.SetBasicAuth(h.base.HostData().User, h.base.HostData().Password) } @@ -51,6 +98,14 @@ func (h *HTTP) SetHeader(key, value string) { h.headers[key] = value } +func (h *HTTP) SetMethod(method string) { + h.method = method +} + +func (h *HTTP) SetBody(body []byte) { + h.body = body +} + // FetchContent makes an HTTP request to the configured url and returns the body content. func (h *HTTP) FetchContent() ([]byte, error) { resp, err := h.FetchResponse() diff --git a/vendor/github.com/elastic/beats/metricbeat/include/list.go b/vendor/github.com/elastic/beats/metricbeat/include/list.go index 68f6d060..b1deebf7 100644 --- a/vendor/github.com/elastic/beats/metricbeat/include/list.go +++ b/vendor/github.com/elastic/beats/metricbeat/include/list.go @@ -31,6 +31,8 @@ import ( _ "github.com/elastic/beats/metricbeat/module/haproxy" _ "github.com/elastic/beats/metricbeat/module/haproxy/info" _ "github.com/elastic/beats/metricbeat/module/haproxy/stat" + _ "github.com/elastic/beats/metricbeat/module/jolokia" + _ "github.com/elastic/beats/metricbeat/module/jolokia/jmx" _ "github.com/elastic/beats/metricbeat/module/kafka" _ "github.com/elastic/beats/metricbeat/module/kafka/consumergroup" _ "github.com/elastic/beats/metricbeat/module/kafka/partition" diff --git a/vendor/github.com/elastic/beats/metricbeat/mb/mb_test.go b/vendor/github.com/elastic/beats/metricbeat/mb/mb_test.go index cd605d07..59c52800 100644 --- a/vendor/github.com/elastic/beats/metricbeat/mb/mb_test.go +++ b/vendor/github.com/elastic/beats/metricbeat/mb/mb_test.go @@ -3,6 +3,7 @@ package mb import ( + "fmt" "testing" "time" @@ -95,7 +96,7 @@ func TestModuleConfig(t *testing.T) { continue } if test.err != "" && - assert.Error(t, err, "expected '%v' in testcase %d", test.err, i) { + assert.Error(t, err, fmt.Sprintf("expected '%v' in testcase %d", test.err, i)) { assert.Contains(t, err.Error(), test.err, "testcase %d", i) continue } diff --git a/vendor/github.com/elastic/beats/metricbeat/metricbeat.full.yml b/vendor/github.com/elastic/beats/metricbeat/metricbeat.full.yml index 074a8763..690c27c1 100644 --- a/vendor/github.com/elastic/beats/metricbeat/metricbeat.full.yml +++ b/vendor/github.com/elastic/beats/metricbeat/metricbeat.full.yml @@ -64,6 +64,11 @@ metricbeat.modules: # if true, exports the CPU usage in ticks, together with the percentage values #cpu_ticks: false + # A list of filesystem types to ignore. The filesystem metricset will not + # collect data from filesystems matching any of the specified types, and + # fsstats will not include data from these filesystems in its summary stats. + #filesystem.ignore_types: [] + # Enable collection of cgroup metrics from processes on Linux. #process.cgroups.enabled: true @@ -128,6 +133,18 @@ metricbeat.modules: #period: 10s #hosts: ["tcp://127.0.0.1:14567"] +#------------------------------- Jolokia Module ------------------------------ +#- module: jolokia +# metricsets: ["jmx"] +# enabled: true +# period: 10s +# hosts: ["localhost"] +# namespace: "metrics" +# path: "/jolokia/?ignoreErrors=true&canonicalNaming=false" +# jmx.mapping: +# jmx.application: +# jmx.instance: + #-------------------------------- kafka Module ------------------------------- #- module: kafka #metricsets: ["partition"] @@ -454,6 +471,14 @@ output.elasticsearch: # Path to the Elasticsearch 2.x version of the template file. #template.versions.2x.path: "${path.config}/metricbeat.template-es2x.json" + # If set to true, metricbeat checks the Elasticsearch version at connect time, and if it + # is 6.x, it loads the file specified by the template.versions.6x.path setting. The + # default is true. + #template.versions.6x.enabled: true + + # Path to the Elasticsearch 6.x version of the template file. + #template.versions.6x.path: "${path.config}/metricbeat.template-es6x.json" + # Use SSL settings for HTTPS. Default is true. #ssl.enabled: true @@ -486,6 +511,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #----------------------------- Logstash output --------------------------------- #output.logstash: @@ -508,6 +537,11 @@ output.elasticsearch: # new batches. #pipelining: 0 + # If enabled only a subset of events in a batch of events is transferred per + # transaction. The number of events to be sent increases up to `bulk_max_size` + # if no error is encountered. + #slow_start: false + # Optional index name. The default index name is set to name of the beat # in all lowercase. #index: 'metricbeat' @@ -550,6 +584,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- Kafka output ---------------------------------- #output.kafka: # Boolean flag to enable or disable the output module. @@ -685,6 +723,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- Redis output ---------------------------------- #output.redis: # Boolean flag to enable or disable the output module. @@ -782,6 +824,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- File output ----------------------------------- #output.file: @@ -924,3 +970,6 @@ logging.files: # Number of rotated log files to keep. Oldest files will be deleted first. #keepfiles: 7 + # The permissions mask to apply when rotating log files. The default value is 0600. + # Must be a valid Unix-style file permissions mask expressed in octal notation. + #permissions: 0600 diff --git a/vendor/github.com/elastic/beats/metricbeat/metricbeat.template-es2x.json b/vendor/github.com/elastic/beats/metricbeat/metricbeat.template-es2x.json index 40ae3330..f241aec2 100644 --- a/vendor/github.com/elastic/beats/metricbeat/metricbeat.template-es2x.json +++ b/vendor/github.com/elastic/beats/metricbeat/metricbeat.template-es2x.json @@ -7,7 +7,7 @@ } }, "_meta": { - "version": "5.3.2" + "version": "5.6.6" }, "date_detection": false, "dynamic_templates": [ @@ -771,9 +771,6 @@ "index": "not_analyzed", "type": "string" }, - "labels": { - "properties": {} - }, "name": { "ignore_above": 1024, "index": "not_analyzed", @@ -793,9 +790,6 @@ "ignore_above": 1024, "index": "not_analyzed", "type": "string" - }, - "tags": { - "properties": {} } } }, @@ -902,9 +896,6 @@ } } }, - "labels": { - "properties": {} - }, "size": { "properties": { "regular": { @@ -914,9 +905,6 @@ "type": "long" } } - }, - "tags": { - "properties": {} } } }, @@ -1028,9 +1016,6 @@ } } }, - "fields": { - "properties": {} - }, "haproxy": { "properties": { "info": { @@ -1283,7 +1268,9 @@ "type": "long" }, "last": { - "type": "long" + "ignore_above": 1024, + "index": "not_analyzed", + "type": "string" } } }, @@ -1670,9 +1657,6 @@ "insync_replica": { "type": "boolean" }, - "isr": { - "properties": {} - }, "leader": { "type": "long" }, @@ -3639,9 +3623,6 @@ "index": "not_analyzed", "type": "string" }, - "percpu": { - "properties": {} - }, "stats": { "properties": { "system": { @@ -3935,9 +3916,6 @@ } } }, - "env": { - "properties": {} - }, "fd": { "properties": { "limit": { diff --git a/vendor/github.com/elastic/beats/metricbeat/metricbeat.template-es6x.json b/vendor/github.com/elastic/beats/metricbeat/metricbeat.template-es6x.json new file mode 100644 index 00000000..82c668cf --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/metricbeat.template-es6x.json @@ -0,0 +1,4109 @@ +{ + "mappings": { + "_default_": { + "_meta": { + "version": "5.6.6" + }, + "date_detection": false, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + }, + { + "system.process.cgroup.cpuacct.percpu": { + "mapping": { + "type": "long" + }, + "match_mapping_type": "long", + "path_match": "system.process.cgroup.cpuacct.percpu.*" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "apache": { + "properties": { + "status": { + "properties": { + "bytes_per_request": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "bytes_per_sec": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "connections": { + "properties": { + "async": { + "properties": { + "closing": { + "type": "long" + }, + "keep_alive": { + "type": "long" + }, + "writing": { + "type": "long" + } + } + }, + "total": { + "type": "long" + } + } + }, + "cpu": { + "properties": { + "children_system": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "children_user": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "load": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "system": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "user": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "load": { + "properties": { + "1": { + "scaling_factor": 100, + "type": "scaled_float" + }, + "15": { + "scaling_factor": 100, + "type": "scaled_float" + }, + "5": { + "scaling_factor": 100, + "type": "scaled_float" + } + } + }, + "requests_per_sec": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "scoreboard": { + "properties": { + "closing_connection": { + "type": "long" + }, + "dns_lookup": { + "type": "long" + }, + "gracefully_finishing": { + "type": "long" + }, + "idle_cleanup": { + "type": "long" + }, + "keepalive": { + "type": "long" + }, + "logging": { + "type": "long" + }, + "open_slot": { + "type": "long" + }, + "reading_request": { + "type": "long" + }, + "sending_reply": { + "type": "long" + }, + "starting_up": { + "type": "long" + }, + "total": { + "type": "long" + }, + "waiting_for_connection": { + "type": "long" + } + } + }, + "total_accesses": { + "type": "long" + }, + "total_kbytes": { + "type": "long" + }, + "uptime": { + "properties": { + "server_uptime": { + "type": "long" + }, + "uptime": { + "type": "long" + } + } + }, + "workers": { + "properties": { + "busy": { + "type": "long" + }, + "idle": { + "type": "long" + } + } + } + } + } + } + }, + "beat": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ceph": { + "properties": { + "cluster_disk": { + "properties": { + "available": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "total": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "used": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "cluster_health": { + "properties": { + "overall_status": { + "ignore_above": 1024, + "type": "keyword" + }, + "timechecks": { + "properties": { + "epoch": { + "type": "long" + }, + "round": { + "properties": { + "status": { + "ignore_above": 1024, + "type": "keyword" + }, + "value": { + "type": "long" + } + } + } + } + } + } + }, + "monitor_health": { + "properties": { + "available": { + "properties": { + "kb": { + "type": "long" + }, + "pct": { + "type": "long" + } + } + }, + "health": { + "ignore_above": 1024, + "type": "keyword" + }, + "last_updated": { + "type": "date" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "store_stats": { + "properties": { + "last_updated": { + "type": "long" + }, + "log": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "misc": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "sst": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "total": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "total": { + "properties": { + "kb": { + "type": "long" + } + } + }, + "used": { + "properties": { + "kb": { + "type": "long" + } + } + } + } + }, + "pool_disk": { + "properties": { + "id": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "stats": { + "properties": { + "available": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "objects": { + "type": "long" + }, + "used": { + "properties": { + "bytes": { + "type": "long" + }, + "kb": { + "type": "long" + } + } + } + } + } + } + } + } + }, + "couchbase": { + "properties": { + "bucket": { + "properties": { + "data": { + "properties": { + "used": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "disk": { + "properties": { + "fetches": { + "type": "long" + }, + "used": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "item_count": { + "type": "long" + }, + "memory": { + "properties": { + "used": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "ops_per_sec": { + "type": "long" + }, + "quota": { + "properties": { + "ram": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "use": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + } + } + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "cluster": { + "properties": { + "hdd": { + "properties": { + "free": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "quota": { + "properties": { + "total": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "total": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "used": { + "properties": { + "by_data": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "value": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + } + } + }, + "max_bucket_count": { + "type": "long" + }, + "quota": { + "properties": { + "index_memory": { + "properties": { + "mb": { + "type": "long" + } + } + }, + "memory": { + "properties": { + "mb": { + "type": "long" + } + } + } + } + }, + "ram": { + "properties": { + "quota": { + "properties": { + "total": { + "properties": { + "per_node": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "value": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "used": { + "properties": { + "per_node": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "value": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + } + } + }, + "total": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "used": { + "properties": { + "by_data": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "value": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + } + } + } + } + }, + "node": { + "properties": { + "cmd_get": { + "type": "long" + }, + "couch": { + "properties": { + "docs": { + "properties": { + "data_size": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "disk_size": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "spatial": { + "properties": { + "data_size": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "disk_size": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "views": { + "properties": { + "data_size": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "disk_size": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + } + } + }, + "cpu_utilization_rate": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "current_items": { + "properties": { + "total": { + "type": "long" + }, + "value": { + "type": "long" + } + } + }, + "ep_bg_fetched": { + "type": "long" + }, + "get_hits": { + "type": "long" + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "mcd_memory": { + "properties": { + "allocated": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "reserved": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "memory": { + "properties": { + "free": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "total": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "used": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "ops": { + "type": "long" + }, + "swap": { + "properties": { + "total": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "used": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "uptime": { + "properties": { + "sec": { + "type": "long" + } + } + }, + "vb_replica_curr_items": { + "type": "long" + } + } + } + } + }, + "docker": { + "properties": { + "container": { + "properties": { + "command": { + "ignore_above": 1024, + "type": "keyword" + }, + "created": { + "type": "date" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "size": { + "properties": { + "root_fs": { + "type": "long" + }, + "rw": { + "type": "long" + } + } + }, + "status": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "cpu": { + "properties": { + "kernel": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "system": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "total": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "user": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + } + } + }, + "diskio": { + "properties": { + "reads": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "total": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "writes": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "healthcheck": { + "properties": { + "event": { + "properties": { + "end_date": { + "type": "date" + }, + "exit_code": { + "type": "long" + }, + "output": { + "ignore_above": 1024, + "type": "keyword" + }, + "start_date": { + "type": "date" + } + } + }, + "failingstreak": { + "type": "long" + }, + "status": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "image": { + "properties": { + "created": { + "type": "date" + }, + "id": { + "properties": { + "current": { + "ignore_above": 1024, + "type": "keyword" + }, + "parent": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "size": { + "properties": { + "regular": { + "type": "long" + }, + "virtual": { + "type": "long" + } + } + } + } + }, + "info": { + "properties": { + "containers": { + "properties": { + "paused": { + "type": "long" + }, + "running": { + "type": "long" + }, + "stopped": { + "type": "long" + }, + "total": { + "type": "long" + } + } + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "images": { + "type": "long" + } + } + }, + "memory": { + "properties": { + "fail": { + "properties": { + "count": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "limit": { + "type": "long" + }, + "rss": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "total": { + "type": "long" + } + } + }, + "usage": { + "properties": { + "max": { + "type": "long" + }, + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "total": { + "type": "long" + } + } + } + } + }, + "network": { + "properties": { + "in": { + "properties": { + "bytes": { + "type": "long" + }, + "dropped": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "errors": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + }, + "interface": { + "ignore_above": 1024, + "type": "keyword" + }, + "out": { + "properties": { + "bytes": { + "type": "long" + }, + "dropped": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "errors": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + } + } + } + } + }, + "haproxy": { + "properties": { + "info": { + "properties": { + "compress": { + "properties": { + "bps": { + "properties": { + "in": { + "type": "long" + }, + "out": { + "type": "long" + }, + "rate_limit": { + "type": "long" + } + } + } + } + }, + "connection": { + "properties": { + "current": { + "type": "long" + }, + "hard_max": { + "type": "long" + }, + "max": { + "type": "long" + }, + "rate": { + "properties": { + "limit": { + "type": "long" + }, + "max": { + "type": "long" + }, + "value": { + "type": "long" + } + } + }, + "ssl": { + "properties": { + "current": { + "type": "long" + }, + "max": { + "type": "long" + }, + "total": { + "type": "long" + } + } + }, + "total": { + "type": "long" + } + } + }, + "idle": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "memory": { + "properties": { + "max": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "pid": { + "type": "long" + }, + "pipes": { + "properties": { + "free": { + "type": "long" + }, + "max": { + "type": "long" + }, + "used": { + "type": "long" + } + } + }, + "process_num": { + "type": "long" + }, + "processes": { + "type": "long" + }, + "requests": { + "properties": { + "max": { + "type": "long" + }, + "total": { + "type": "long" + } + } + }, + "run_queue": { + "type": "long" + }, + "session": { + "properties": { + "rate": { + "properties": { + "limit": { + "type": "long" + }, + "max": { + "type": "long" + }, + "value": { + "type": "long" + } + } + } + } + }, + "sockets": { + "properties": { + "max": { + "type": "long" + } + } + }, + "ssl": { + "properties": { + "backend": { + "properties": { + "key_rate": { + "properties": { + "max": { + "type": "long" + }, + "value": { + "type": "long" + } + } + } + } + }, + "cache_misses": { + "type": "long" + }, + "cached_lookups": { + "type": "long" + }, + "frontend": { + "properties": { + "key_rate": { + "properties": { + "max": { + "type": "long" + }, + "value": { + "type": "long" + } + } + }, + "session_reuse": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + } + } + }, + "rate": { + "properties": { + "limit": { + "type": "long" + }, + "max": { + "type": "long" + }, + "value": { + "type": "long" + } + } + } + } + }, + "tasks": { + "type": "long" + }, + "ulimit_n": { + "type": "long" + }, + "uptime": { + "properties": { + "sec": { + "type": "long" + } + } + }, + "zlib_mem_usage": { + "properties": { + "max": { + "type": "long" + }, + "value": { + "type": "long" + } + } + } + } + }, + "stat": { + "properties": { + "check": { + "properties": { + "agent": { + "properties": { + "last": { + "type": "long" + } + } + }, + "code": { + "type": "long" + }, + "down": { + "type": "long" + }, + "duration": { + "type": "long" + }, + "failed": { + "type": "long" + }, + "health": { + "properties": { + "fail": { + "type": "long" + }, + "last": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "status": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "client": { + "properties": { + "aborted": { + "type": "long" + } + } + }, + "component_type": { + "type": "long" + }, + "compressor": { + "properties": { + "bypassed": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "in": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "out": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "response": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "connection": { + "properties": { + "retried": { + "type": "long" + }, + "time": { + "properties": { + "avg": { + "type": "long" + } + } + }, + "total": { + "type": "long" + } + } + }, + "downtime": { + "type": "long" + }, + "in": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "last_change": { + "type": "long" + }, + "out": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "process_id": { + "type": "long" + }, + "proxy": { + "properties": { + "id": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "queue": { + "properties": { + "limit": { + "type": "long" + }, + "time": { + "properties": { + "avg": { + "type": "long" + } + } + } + } + }, + "request": { + "properties": { + "connection": { + "properties": { + "errors": { + "type": "long" + } + } + }, + "denied": { + "type": "long" + }, + "errors": { + "type": "long" + }, + "queued": { + "properties": { + "current": { + "type": "long" + }, + "max": { + "type": "long" + } + } + }, + "rate": { + "properties": { + "max": { + "type": "long" + }, + "value": { + "type": "long" + } + } + }, + "redispatched": { + "type": "long" + }, + "total": { + "type": "long" + } + } + }, + "response": { + "properties": { + "denied": { + "type": "long" + }, + "errors": { + "type": "long" + }, + "http": { + "properties": { + "1xx": { + "type": "long" + }, + "2xx": { + "type": "long" + }, + "3xx": { + "type": "long" + }, + "4xx": { + "type": "long" + }, + "5xx": { + "type": "long" + }, + "other": { + "type": "long" + } + } + }, + "time": { + "properties": { + "avg": { + "type": "long" + } + } + } + } + }, + "selected": { + "properties": { + "total": { + "type": "long" + } + } + }, + "server": { + "properties": { + "aborted": { + "type": "long" + }, + "active": { + "type": "long" + }, + "backup": { + "type": "long" + }, + "id": { + "type": "long" + } + } + }, + "service_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "session": { + "properties": { + "current": { + "type": "long" + }, + "limit": { + "type": "long" + }, + "max": { + "type": "long" + }, + "rate": { + "properties": { + "limit": { + "type": "long" + }, + "max": { + "type": "long" + }, + "value": { + "type": "long" + } + } + } + } + }, + "status": { + "ignore_above": 1024, + "type": "keyword" + }, + "throttle": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "tracked": { + "properties": { + "id": { + "type": "long" + } + } + }, + "weight": { + "type": "long" + } + } + } + } + }, + "kafka": { + "properties": { + "consumergroup": { + "properties": { + "broker": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "type": "long" + } + } + }, + "client": { + "properties": { + "host": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "member_id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "error": { + "properties": { + "code": { + "type": "long" + } + } + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "meta": { + "norms": false, + "type": "text" + }, + "offset": { + "type": "long" + }, + "partition": { + "type": "long" + }, + "topic": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "partition": { + "properties": { + "broker": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "type": "long" + } + } + }, + "offset": { + "properties": { + "newest": { + "type": "long" + }, + "oldest": { + "type": "long" + } + } + }, + "partition": { + "properties": { + "error": { + "properties": { + "code": { + "type": "long" + } + } + }, + "id": { + "type": "long" + }, + "insync_replica": { + "type": "boolean" + }, + "leader": { + "type": "long" + }, + "replica": { + "type": "long" + } + } + }, + "topic": { + "properties": { + "error": { + "properties": { + "code": { + "type": "long" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + } + } + }, + "meta": { + "properties": { + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "instance_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "project_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "metricset": { + "properties": { + "host": { + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "namespace": { + "ignore_above": 1024, + "type": "keyword" + }, + "rtt": { + "type": "long" + } + } + }, + "mongodb": { + "properties": { + "dbstats": { + "properties": { + "avg_obj_size": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "collections": { + "type": "long" + }, + "data_file_version": { + "properties": { + "major": { + "type": "long" + }, + "minor": { + "type": "long" + } + } + }, + "data_size": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "db": { + "ignore_above": 1024, + "type": "keyword" + }, + "extent_free_list": { + "properties": { + "num": { + "type": "long" + }, + "size": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "file_size": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "index_size": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "indexes": { + "type": "long" + }, + "ns_size_mb": { + "properties": { + "mb": { + "type": "long" + } + } + }, + "num_extents": { + "type": "long" + }, + "objects": { + "type": "long" + }, + "storage_size": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "status": { + "properties": { + "asserts": { + "properties": { + "msg": { + "type": "long" + }, + "regular": { + "type": "long" + }, + "rollovers": { + "type": "long" + }, + "user": { + "type": "long" + }, + "warning": { + "type": "long" + } + } + }, + "background_flushing": { + "properties": { + "average": { + "properties": { + "ms": { + "type": "long" + } + } + }, + "flushes": { + "type": "long" + }, + "last": { + "properties": { + "ms": { + "type": "long" + } + } + }, + "last_finished": { + "type": "date" + }, + "total": { + "properties": { + "ms": { + "type": "long" + } + } + } + } + }, + "connections": { + "properties": { + "available": { + "type": "long" + }, + "current": { + "type": "long" + }, + "total_created": { + "type": "long" + } + } + }, + "extra_info": { + "properties": { + "heap_usage": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "page_faults": { + "type": "long" + } + } + }, + "journaling": { + "properties": { + "commits": { + "type": "long" + }, + "commits_in_write_lock": { + "type": "long" + }, + "compression": { + "type": "long" + }, + "early_commits": { + "type": "long" + }, + "journaled": { + "properties": { + "mb": { + "type": "long" + } + } + }, + "times": { + "properties": { + "commits": { + "properties": { + "ms": { + "type": "long" + } + } + }, + "commits_in_write_lock": { + "properties": { + "ms": { + "type": "long" + } + } + }, + "dt": { + "properties": { + "ms": { + "type": "long" + } + } + }, + "prep_log_buffer": { + "properties": { + "ms": { + "type": "long" + } + } + }, + "remap_private_view": { + "properties": { + "ms": { + "type": "long" + } + } + }, + "write_to_data_files": { + "properties": { + "ms": { + "type": "long" + } + } + }, + "write_to_journal": { + "properties": { + "ms": { + "type": "long" + } + } + } + } + }, + "write_to_data_files": { + "properties": { + "mb": { + "type": "long" + } + } + } + } + }, + "local_time": { + "type": "date" + }, + "memory": { + "properties": { + "bits": { + "type": "long" + }, + "mapped": { + "properties": { + "mb": { + "type": "long" + } + } + }, + "mapped_with_journal": { + "properties": { + "mb": { + "type": "long" + } + } + }, + "resident": { + "properties": { + "mb": { + "type": "long" + } + } + }, + "virtual": { + "properties": { + "mb": { + "type": "long" + } + } + } + } + }, + "network": { + "properties": { + "in": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "out": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "requests": { + "type": "long" + } + } + }, + "opcounters": { + "properties": { + "command": { + "type": "long" + }, + "delete": { + "type": "long" + }, + "getmore": { + "type": "long" + }, + "insert": { + "type": "long" + }, + "query": { + "type": "long" + }, + "update": { + "type": "long" + } + } + }, + "opcounters_replicated": { + "properties": { + "command": { + "type": "long" + }, + "delete": { + "type": "long" + }, + "getmore": { + "type": "long" + }, + "insert": { + "type": "long" + }, + "query": { + "type": "long" + }, + "update": { + "type": "long" + } + } + }, + "storage_engine": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "uptime": { + "properties": { + "ms": { + "type": "long" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "wired_tiger": { + "properties": { + "cache": { + "properties": { + "dirty": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "maximum": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "pages": { + "properties": { + "evicted": { + "type": "long" + }, + "read": { + "type": "long" + }, + "write": { + "type": "long" + } + } + }, + "used": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "concurrent_transactions": { + "properties": { + "read": { + "properties": { + "available": { + "type": "long" + }, + "out": { + "type": "long" + }, + "total_tickets": { + "type": "long" + } + } + }, + "write": { + "properties": { + "available": { + "type": "long" + }, + "out": { + "type": "long" + }, + "total_tickets": { + "type": "long" + } + } + } + } + }, + "log": { + "properties": { + "flushes": { + "type": "long" + }, + "max_file_size": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "scans": { + "type": "long" + }, + "size": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "syncs": { + "type": "long" + }, + "write": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "writes": { + "type": "long" + } + } + } + } + }, + "write_backs_queued": { + "type": "boolean" + } + } + } + } + }, + "mysql": { + "properties": { + "status": { + "properties": { + "aborted": { + "properties": { + "clients": { + "type": "long" + }, + "connects": { + "type": "long" + } + } + }, + "binlog": { + "properties": { + "cache": { + "properties": { + "disk_use": { + "type": "long" + }, + "use": { + "type": "long" + } + } + } + } + }, + "bytes": { + "properties": { + "received": { + "type": "long" + }, + "sent": { + "type": "long" + } + } + }, + "command": { + "properties": { + "delete": { + "type": "long" + }, + "insert": { + "type": "long" + }, + "select": { + "type": "long" + }, + "update": { + "type": "long" + } + } + }, + "connections": { + "type": "long" + }, + "created": { + "properties": { + "tmp": { + "properties": { + "disk_tables": { + "type": "long" + }, + "files": { + "type": "long" + }, + "tables": { + "type": "long" + } + } + } + } + }, + "delayed": { + "properties": { + "errors": { + "type": "long" + }, + "insert_threads": { + "type": "long" + }, + "writes": { + "type": "long" + } + } + }, + "flush_commands": { + "type": "long" + }, + "max_used_connections": { + "type": "long" + }, + "open": { + "properties": { + "files": { + "type": "long" + }, + "streams": { + "type": "long" + }, + "tables": { + "type": "long" + } + } + }, + "opened_tables": { + "type": "long" + }, + "threads": { + "properties": { + "cached": { + "type": "long" + }, + "connected": { + "type": "long" + }, + "created": { + "type": "long" + }, + "running": { + "type": "long" + } + } + } + } + } + } + }, + "nginx": { + "properties": { + "stubstatus": { + "properties": { + "accepts": { + "type": "long" + }, + "active": { + "type": "long" + }, + "current": { + "type": "long" + }, + "dropped": { + "type": "long" + }, + "handled": { + "type": "long" + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "reading": { + "type": "long" + }, + "requests": { + "type": "long" + }, + "waiting": { + "type": "long" + }, + "writing": { + "type": "long" + } + } + } + } + }, + "php_fpm": { + "properties": { + "pool": { + "properties": { + "connections": { + "properties": { + "accepted": { + "type": "long" + }, + "queued": { + "type": "long" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "processes": { + "properties": { + "active": { + "type": "long" + }, + "idle": { + "type": "long" + } + } + }, + "slow_requests": { + "type": "long" + } + } + } + } + }, + "postgresql": { + "properties": { + "activity": { + "properties": { + "application_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "backend_start": { + "type": "date" + }, + "client": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + } + } + }, + "database": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "oid": { + "type": "long" + } + } + }, + "pid": { + "type": "long" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + }, + "query_start": { + "type": "date" + }, + "state": { + "ignore_above": 1024, + "type": "keyword" + }, + "state_change": { + "type": "date" + }, + "transaction_start": { + "type": "date" + }, + "user": { + "properties": { + "id": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "waiting": { + "type": "boolean" + } + } + }, + "bgwriter": { + "properties": { + "buffers": { + "properties": { + "allocated": { + "type": "long" + }, + "backend": { + "type": "long" + }, + "backend_fsync": { + "type": "long" + }, + "checkpoints": { + "type": "long" + }, + "clean": { + "type": "long" + }, + "clean_full": { + "type": "long" + } + } + }, + "checkpoints": { + "properties": { + "requested": { + "type": "long" + }, + "scheduled": { + "type": "long" + }, + "times": { + "properties": { + "sync": { + "properties": { + "ms": { + "type": "float" + } + } + }, + "write": { + "properties": { + "ms": { + "type": "float" + } + } + } + } + } + } + }, + "stats_reset": { + "type": "date" + } + } + }, + "database": { + "properties": { + "blocks": { + "properties": { + "hit": { + "type": "long" + }, + "read": { + "type": "long" + }, + "time": { + "properties": { + "read": { + "properties": { + "ms": { + "type": "long" + } + } + }, + "write": { + "properties": { + "ms": { + "type": "long" + } + } + } + } + } + } + }, + "conflicts": { + "type": "long" + }, + "deadlocks": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "number_of_backends": { + "type": "long" + }, + "oid": { + "type": "long" + }, + "rows": { + "properties": { + "deleted": { + "type": "long" + }, + "fetched": { + "type": "long" + }, + "inserted": { + "type": "long" + }, + "returned": { + "type": "long" + }, + "updated": { + "type": "long" + } + } + }, + "stats_reset": { + "type": "date" + }, + "temporary": { + "properties": { + "bytes": { + "type": "long" + }, + "files": { + "type": "long" + } + } + }, + "transactions": { + "properties": { + "commit": { + "type": "long" + }, + "rollback": { + "type": "long" + } + } + } + } + } + } + }, + "prometheus": { + "properties": { + "stats": { + "properties": { + "notifications": { + "properties": { + "dropped": { + "type": "long" + }, + "queue_length": { + "type": "long" + } + } + }, + "processes": { + "properties": { + "open_fds": { + "type": "long" + } + } + }, + "storage": { + "properties": { + "chunks_to_persist": { + "type": "long" + } + } + } + } + } + } + }, + "redis": { + "properties": { + "info": { + "properties": { + "clients": { + "properties": { + "biggest_input_buf": { + "type": "long" + }, + "blocked": { + "type": "long" + }, + "connected": { + "type": "long" + }, + "longest_output_list": { + "type": "long" + } + } + }, + "cluster": { + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "cpu": { + "properties": { + "used": { + "properties": { + "sys": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "sys_children": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "user": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "user_children": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + } + } + }, + "memory": { + "properties": { + "allocator": { + "ignore_above": 1024, + "type": "keyword" + }, + "used": { + "properties": { + "lua": { + "type": "long" + }, + "peak": { + "type": "long" + }, + "rss": { + "type": "long" + }, + "value": { + "type": "long" + } + } + } + } + }, + "persistence": { + "properties": { + "aof": { + "properties": { + "bgrewrite": { + "properties": { + "last_status": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "enabled": { + "type": "boolean" + }, + "rewrite": { + "properties": { + "current_time": { + "properties": { + "sec": { + "type": "long" + } + } + }, + "in_progress": { + "type": "boolean" + }, + "last_time": { + "properties": { + "sec": { + "type": "long" + } + } + }, + "scheduled": { + "type": "boolean" + } + } + }, + "write": { + "properties": { + "last_status": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "loading": { + "type": "boolean" + }, + "rdb": { + "properties": { + "bgsave": { + "properties": { + "current_time": { + "properties": { + "sec": { + "type": "long" + } + } + }, + "in_progress": { + "type": "boolean" + }, + "last_status": { + "ignore_above": 1024, + "type": "keyword" + }, + "last_time": { + "properties": { + "sec": { + "type": "long" + } + } + } + } + }, + "last_save": { + "properties": { + "changes_since": { + "type": "long" + }, + "time": { + "type": "long" + } + } + } + } + } + } + }, + "replication": { + "properties": { + "backlog": { + "properties": { + "active": { + "type": "long" + }, + "first_byte_offset": { + "type": "long" + }, + "histlen": { + "type": "long" + }, + "size": { + "type": "long" + } + } + }, + "connected_slaves": { + "type": "long" + }, + "master_offset": { + "type": "long" + }, + "role": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "server": { + "properties": { + "arch_bits": { + "ignore_above": 1024, + "type": "keyword" + }, + "build_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "config_file": { + "ignore_above": 1024, + "type": "keyword" + }, + "gcc_version": { + "ignore_above": 1024, + "type": "keyword" + }, + "git_dirty": { + "ignore_above": 1024, + "type": "keyword" + }, + "git_sha1": { + "ignore_above": 1024, + "type": "keyword" + }, + "hz": { + "type": "long" + }, + "lru_clock": { + "type": "long" + }, + "mode": { + "ignore_above": 1024, + "type": "keyword" + }, + "multiplexing_api": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "ignore_above": 1024, + "type": "keyword" + }, + "process_id": { + "type": "long" + }, + "run_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "tcp_port": { + "type": "long" + }, + "uptime": { + "type": "long" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "stats": { + "properties": { + "commands_processed": { + "type": "long" + }, + "connections": { + "properties": { + "received": { + "type": "long" + }, + "rejected": { + "type": "long" + } + } + }, + "instantaneous": { + "properties": { + "input_kbps": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ops_per_sec": { + "type": "long" + }, + "output_kbps": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "keys": { + "properties": { + "evicted": { + "type": "long" + }, + "expired": { + "type": "long" + } + } + }, + "keyspace": { + "properties": { + "hits": { + "type": "long" + }, + "misses": { + "type": "long" + } + } + }, + "latest_fork_usec": { + "type": "long" + }, + "migrate_cached_sockets": { + "type": "long" + }, + "net": { + "properties": { + "input": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "output": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "pubsub": { + "properties": { + "channels": { + "type": "long" + }, + "patterns": { + "type": "long" + } + } + }, + "sync": { + "properties": { + "full": { + "type": "long" + }, + "partial": { + "properties": { + "err": { + "type": "long" + }, + "ok": { + "type": "long" + } + } + } + } + } + } + } + } + }, + "keyspace": { + "properties": { + "avg_ttl": { + "type": "long" + }, + "expires": { + "type": "long" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "keys": { + "type": "long" + } + } + } + } + }, + "system": { + "properties": { + "core": { + "properties": { + "id": { + "type": "long" + }, + "idle": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "iowait": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "irq": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "nice": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "softirq": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "steal": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "system": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "user": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + } + } + }, + "cpu": { + "properties": { + "cores": { + "type": "long" + }, + "idle": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "iowait": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "irq": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "nice": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "softirq": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "steal": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "system": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "user": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + } + } + }, + "diskio": { + "properties": { + "io": { + "properties": { + "time": { + "type": "long" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "read": { + "properties": { + "bytes": { + "type": "long" + }, + "count": { + "type": "long" + }, + "time": { + "type": "long" + } + } + }, + "serial_number": { + "ignore_above": 1024, + "type": "keyword" + }, + "write": { + "properties": { + "bytes": { + "type": "long" + }, + "count": { + "type": "long" + }, + "time": { + "type": "long" + } + } + } + } + }, + "filesystem": { + "properties": { + "available": { + "type": "long" + }, + "device_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "files": { + "type": "long" + }, + "free": { + "type": "long" + }, + "free_files": { + "type": "long" + }, + "mount_point": { + "ignore_above": 1024, + "type": "keyword" + }, + "total": { + "type": "long" + }, + "used": { + "properties": { + "bytes": { + "type": "long" + }, + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + } + } + }, + "fsstat": { + "properties": { + "count": { + "type": "long" + }, + "total_files": { + "type": "long" + }, + "total_size": { + "properties": { + "free": { + "type": "long" + }, + "total": { + "type": "long" + }, + "used": { + "type": "long" + } + } + } + } + }, + "load": { + "properties": { + "1": { + "scaling_factor": 100, + "type": "scaled_float" + }, + "15": { + "scaling_factor": 100, + "type": "scaled_float" + }, + "5": { + "scaling_factor": 100, + "type": "scaled_float" + }, + "norm": { + "properties": { + "1": { + "scaling_factor": 100, + "type": "scaled_float" + }, + "15": { + "scaling_factor": 100, + "type": "scaled_float" + }, + "5": { + "scaling_factor": 100, + "type": "scaled_float" + } + } + } + } + }, + "memory": { + "properties": { + "actual": { + "properties": { + "free": { + "type": "long" + }, + "used": { + "properties": { + "bytes": { + "type": "long" + }, + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + } + } + }, + "free": { + "type": "long" + }, + "swap": { + "properties": { + "free": { + "type": "long" + }, + "total": { + "type": "long" + }, + "used": { + "properties": { + "bytes": { + "type": "long" + }, + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + } + } + }, + "total": { + "type": "long" + }, + "used": { + "properties": { + "bytes": { + "type": "long" + }, + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + } + } + }, + "network": { + "properties": { + "in": { + "properties": { + "bytes": { + "type": "long" + }, + "dropped": { + "type": "long" + }, + "errors": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "out": { + "properties": { + "bytes": { + "type": "long" + }, + "dropped": { + "type": "long" + }, + "errors": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + } + } + }, + "process": { + "properties": { + "cgroup": { + "properties": { + "blkio": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "total": { + "properties": { + "bytes": { + "type": "long" + }, + "ios": { + "type": "long" + } + } + } + } + }, + "cpu": { + "properties": { + "cfs": { + "properties": { + "period": { + "properties": { + "us": { + "type": "long" + } + } + }, + "quota": { + "properties": { + "us": { + "type": "long" + } + } + }, + "shares": { + "type": "long" + } + } + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "rt": { + "properties": { + "period": { + "properties": { + "us": { + "type": "long" + } + } + }, + "runtime": { + "properties": { + "us": { + "type": "long" + } + } + } + } + }, + "stats": { + "properties": { + "periods": { + "type": "long" + }, + "throttled": { + "properties": { + "ns": { + "type": "long" + }, + "periods": { + "type": "long" + } + } + } + } + } + } + }, + "cpuacct": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "stats": { + "properties": { + "system": { + "properties": { + "ns": { + "type": "long" + } + } + }, + "user": { + "properties": { + "ns": { + "type": "long" + } + } + } + } + }, + "total": { + "properties": { + "ns": { + "type": "long" + } + } + } + } + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "memory": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "kmem": { + "properties": { + "failures": { + "type": "long" + }, + "limit": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "usage": { + "properties": { + "bytes": { + "type": "long" + }, + "max": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + } + } + }, + "kmem_tcp": { + "properties": { + "failures": { + "type": "long" + }, + "limit": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "usage": { + "properties": { + "bytes": { + "type": "long" + }, + "max": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + } + } + }, + "mem": { + "properties": { + "failures": { + "type": "long" + }, + "limit": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "usage": { + "properties": { + "bytes": { + "type": "long" + }, + "max": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + } + } + }, + "memsw": { + "properties": { + "failures": { + "type": "long" + }, + "limit": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "usage": { + "properties": { + "bytes": { + "type": "long" + }, + "max": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + } + } + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "stats": { + "properties": { + "active_anon": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "active_file": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "cache": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "hierarchical_memory_limit": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "hierarchical_memsw_limit": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "inactive_anon": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "inactive_file": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "major_page_faults": { + "type": "long" + }, + "mapped_file": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "page_faults": { + "type": "long" + }, + "pages_in": { + "type": "long" + }, + "pages_out": { + "type": "long" + }, + "rss": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "rss_huge": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "swap": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "unevictable": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + } + } + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "cmdline": { + "ignore_above": 1024, + "type": "keyword" + }, + "cpu": { + "properties": { + "start_time": { + "type": "date" + }, + "system": { + "type": "long" + }, + "total": { + "properties": { + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + }, + "ticks": { + "type": "long" + } + } + }, + "user": { + "type": "long" + } + } + }, + "fd": { + "properties": { + "limit": { + "properties": { + "hard": { + "type": "long" + }, + "soft": { + "type": "long" + } + } + }, + "open": { + "type": "long" + } + } + }, + "memory": { + "properties": { + "rss": { + "properties": { + "bytes": { + "type": "long" + }, + "pct": { + "scaling_factor": 1000, + "type": "scaled_float" + } + } + }, + "share": { + "type": "long" + }, + "size": { + "type": "long" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "pgid": { + "type": "long" + }, + "pid": { + "type": "long" + }, + "ppid": { + "type": "long" + }, + "state": { + "ignore_above": 1024, + "type": "keyword" + }, + "username": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "socket": { + "properties": { + "direction": { + "ignore_above": 1024, + "type": "keyword" + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "local": { + "properties": { + "ip": { + "type": "ip" + }, + "port": { + "type": "long" + } + } + }, + "process": { + "properties": { + "cmdline": { + "ignore_above": 1024, + "type": "keyword" + }, + "command": { + "ignore_above": 1024, + "type": "keyword" + }, + "exe": { + "ignore_above": 1024, + "type": "keyword" + }, + "pid": { + "type": "long" + } + } + }, + "remote": { + "properties": { + "etld_plus_one": { + "ignore_above": 1024, + "type": "keyword" + }, + "host": { + "ignore_above": 1024, + "type": "keyword" + }, + "host_error": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "port": { + "type": "long" + } + } + }, + "user": { + "properties": { + "id": { + "type": "long" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "zookeeper": { + "properties": { + "mntr": { + "properties": { + "approximate_data_size": { + "type": "long" + }, + "ephemerals_count": { + "type": "long" + }, + "followers": { + "type": "long" + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "latency": { + "properties": { + "avg": { + "type": "long" + }, + "max": { + "type": "long" + }, + "min": { + "type": "long" + } + } + }, + "max_file_descriptor_count": { + "type": "long" + }, + "num_alive_connections": { + "type": "long" + }, + "open_file_descriptor_count": { + "type": "long" + }, + "outstanding_requests": { + "type": "long" + }, + "packets": { + "properties": { + "received": { + "type": "long" + }, + "sent": { + "type": "long" + } + } + }, + "pending_syncs": { + "type": "long" + }, + "server_state": { + "ignore_above": 1024, + "type": "keyword" + }, + "synced_followers": { + "type": "long" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + }, + "watch_count": { + "type": "long" + }, + "znode_count": { + "type": "long" + } + } + } + } + } + } + } + }, + "order": 0, + "settings": { + "index.mapping.total_fields.limit": 10000, + "index.refresh_interval": "5s" + }, + "template": "metricbeat-*" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/metricbeat.template.json b/vendor/github.com/elastic/beats/metricbeat/metricbeat.template.json index 3830a613..82c668cf 100644 --- a/vendor/github.com/elastic/beats/metricbeat/metricbeat.template.json +++ b/vendor/github.com/elastic/beats/metricbeat/metricbeat.template.json @@ -1,11 +1,8 @@ { "mappings": { "_default_": { - "_all": { - "norms": false - }, "_meta": { - "version": "5.3.2" + "version": "5.6.6" }, "date_detection": false, "dynamic_templates": [ @@ -766,9 +763,6 @@ "ignore_above": 1024, "type": "keyword" }, - "labels": { - "properties": {} - }, "name": { "ignore_above": 1024, "type": "keyword" @@ -786,9 +780,6 @@ "status": { "ignore_above": 1024, "type": "keyword" - }, - "tags": { - "properties": {} } } }, @@ -898,9 +889,6 @@ } } }, - "labels": { - "properties": {} - }, "size": { "properties": { "regular": { @@ -910,9 +898,6 @@ "type": "long" } } - }, - "tags": { - "properties": {} } } }, @@ -1027,9 +1012,6 @@ } } }, - "fields": { - "properties": {} - }, "haproxy": { "properties": { "info": { @@ -1284,7 +1266,8 @@ "type": "long" }, "last": { - "type": "long" + "ignore_above": 1024, + "type": "keyword" } } }, @@ -1658,9 +1641,6 @@ "insync_replica": { "type": "boolean" }, - "isr": { - "properties": {} - }, "leader": { "type": "long" }, @@ -3607,9 +3587,6 @@ "ignore_above": 1024, "type": "keyword" }, - "percpu": { - "properties": {} - }, "stats": { "properties": { "system": { @@ -3899,9 +3876,6 @@ } } }, - "env": { - "properties": {} - }, "fd": { "properties": { "limit": { diff --git a/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/dashboard/Metricbeat-Apache-HTTPD-server-status.json b/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/dashboard/Metricbeat-Apache-HTTPD-server-status.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/dashboard/Metricbeat-Apache-HTTPD-server-status.json rename to vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/dashboard/Metricbeat-Apache-HTTPD-server-status.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/search/Apache-HTTPD.json b/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/search/Apache-HTTPD.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/search/Apache-HTTPD.json rename to vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/search/Apache-HTTPD.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/visualization/Apache-HTTPD-CPU.json b/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/visualization/Apache-HTTPD-CPU.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/visualization/Apache-HTTPD-CPU.json rename to vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/visualization/Apache-HTTPD-CPU.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/visualization/Apache-HTTPD-Hostname-list.json b/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/visualization/Apache-HTTPD-Hostname-list.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/visualization/Apache-HTTPD-Hostname-list.json rename to vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/visualization/Apache-HTTPD-Hostname-list.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/visualization/Apache-HTTPD-Load1-slash-5-slash-15.json b/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/visualization/Apache-HTTPD-Load1-slash-5-slash-15.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/visualization/Apache-HTTPD-Load1-slash-5-slash-15.json rename to vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/visualization/Apache-HTTPD-Load1-slash-5-slash-15.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/visualization/Apache-HTTPD-Scoreboard.json b/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/visualization/Apache-HTTPD-Scoreboard.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/visualization/Apache-HTTPD-Scoreboard.json rename to vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/visualization/Apache-HTTPD-Scoreboard.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/visualization/Apache-HTTPD-Total-accesses-and-kbytes.json b/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/visualization/Apache-HTTPD-Total-accesses-and-kbytes.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/visualization/Apache-HTTPD-Total-accesses-and-kbytes.json rename to vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/visualization/Apache-HTTPD-Total-accesses-and-kbytes.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/visualization/Apache-HTTPD-Uptime.json b/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/visualization/Apache-HTTPD-Uptime.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/visualization/Apache-HTTPD-Uptime.json rename to vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/visualization/Apache-HTTPD-Uptime.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/visualization/Apache-HTTPD-Workers.json b/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/visualization/Apache-HTTPD-Workers.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/visualization/Apache-HTTPD-Workers.json rename to vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/5.x/visualization/Apache-HTTPD-Workers.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/default/dashboard/Metricbeat-apache.json b/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/default/dashboard/Metricbeat-apache.json new file mode 100644 index 00000000..79cf14d4 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/apache/_meta/kibana/default/dashboard/Metricbeat-apache.json @@ -0,0 +1,156 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": []\n}" + }, + "savedSearchId": "Apache-HTTPD", + "title": "Apache HTTPD - CPU", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\n \"title\": \"Apache HTTPD - CPU\",\n \"type\": \"line\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"showCircles\": true,\n \"smoothLines\": false,\n \"interpolate\": \"linear\",\n \"scale\": \"linear\",\n \"drawLinesBetweenPoints\": true,\n \"radiusRatio\": 9,\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"avg\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"apache.status.cpu.load\",\n \"customLabel\": \"CPU load\"\n }\n },\n {\n \"id\": \"2\",\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"type\": \"terms\",\n \"schema\": \"split\",\n \"params\": {\n \"field\": \"apache.status.hostname\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"row\": true\n }\n },\n {\n \"id\": \"4\",\n \"type\": \"avg\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"apache.status.cpu.user\",\n \"customLabel\": \"CPU user\"\n }\n },\n {\n \"id\": \"5\",\n \"type\": \"avg\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"apache.status.cpu.system\",\n \"customLabel\": \"CPU system\"\n }\n },\n {\n \"id\": \"6\",\n \"type\": \"avg\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"apache.status.cpu.children_user\",\n \"customLabel\": \"CPU children user\"\n }\n },\n {\n \"id\": \"7\",\n \"type\": \"avg\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"apache.status.cpu.children_system\",\n \"customLabel\": \"CPU children system\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "Apache-HTTPD-CPU", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Apache-HTTPD", + "title": "Apache HTTPD - Hostname list", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"Apache HTTPD - Hostname list\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events count\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"apache.status.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Apache HTTD Hostname\"}}],\"listeners\":{}}" + }, + "id": "Apache-HTTPD-Hostname-list", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Apache-HTTPD", + "title": "Apache HTTPD - Load1/5/15", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Apache HTTPD - Load1/5/15\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.load.5\",\"customLabel\":\"Load 5\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.load.1\",\"customLabel\":\"Load 1\"}},{\"id\":\"4\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.load.15\",\"customLabel\":\"Load 15\"}},{\"id\":\"5\",\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"apache.status.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\",\"row\":true}}],\"listeners\":{}}" + }, + "id": "Apache-HTTPD-Load1-slash-5-slash-15", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Apache-HTTPD", + "title": "Apache HTTPD - Scoreboard", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Apache HTTPD - Scoreboard\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.scoreboard.closing_connection\",\"customLabel\":\"Closing connection\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"apache.status.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\",\"row\":true}},{\"id\":\"4\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.scoreboard.dns_lookup\",\"customLabel\":\"DNS lookup\"}},{\"id\":\"5\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.scoreboard.gracefully_finishing\",\"customLabel\":\"Gracefully finishing\"}},{\"id\":\"6\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.scoreboard.idle_cleanup\",\"customLabel\":\"Idle cleanup\"}},{\"id\":\"7\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.scoreboard.keepalive\",\"customLabel\":\"Keepalive\"}},{\"id\":\"8\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.scoreboard.logging\",\"customLabel\":\"Logging\"}},{\"id\":\"9\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.scoreboard.open_slot\",\"customLabel\":\"Open slot\"}},{\"id\":\"10\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.scoreboard.reading_request\",\"customLabel\":\"Reading request\"}},{\"id\":\"11\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.scoreboard.sending_reply\",\"customLabel\":\"Sending reply\"}},{\"id\":\"12\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.scoreboard.starting_up\",\"customLabel\":\"Starting up\"}},{\"id\":\"13\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.scoreboard.total\",\"customLabel\":\"Total\"}},{\"id\":\"14\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.scoreboard.waiting_for_connection\",\"customLabel\":\"Waiting for connection\"}}],\"listeners\":{}}" + }, + "id": "Apache-HTTPD-Scoreboard", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Apache-HTTPD", + "title": "Apache HTTPD - Total accesses and kbytes", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Apache HTTPD - Total accesses and kbytes\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.total_kbytes\",\"customLabel\":\"Total kbytes\"}},{\"id\":\"2\",\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"apache.status.total_accesses\",\"customLabel\":\"Total accesses\"}}],\"listeners\":{}}" + }, + "id": "Apache-HTTPD-Total-accesses-and-kbytes", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": []\n}" + }, + "savedSearchId": "Apache-HTTPD", + "title": "Apache HTTPD - Uptime", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\n \"title\": \"Apache HTTPD - Uptime\",\n \"type\": \"metric\",\n \"params\": {\n \"handleNoResults\": true,\n \"fontSize\": 60\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"max\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"apache.status.uptime.uptime\",\n \"customLabel\": \"Uptime\"\n }\n },\n {\n \"id\": \"2\",\n \"type\": \"max\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"apache.status.uptime.server_uptime\",\n \"customLabel\": \"Server uptime\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "Apache-HTTPD-Uptime", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": []\n}" + }, + "savedSearchId": "Apache-HTTPD", + "title": "Apache HTTPD - Workers", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\n \"title\": \"Apache HTTPD - Workers\",\n \"type\": \"line\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"showCircles\": true,\n \"smoothLines\": false,\n \"interpolate\": \"linear\",\n \"scale\": \"linear\",\n \"drawLinesBetweenPoints\": true,\n \"radiusRatio\": 9,\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"avg\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"apache.status.workers.busy\",\n \"customLabel\": \"Busy workers\"\n }\n },\n {\n \"id\": \"2\",\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"type\": \"terms\",\n \"schema\": \"split\",\n \"params\": {\n \"field\": \"apache.status.hostname\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"customLabel\": \"Hostname\",\n \"row\": true\n }\n },\n {\n \"id\": \"4\",\n \"type\": \"avg\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"apache.status.workers.idle\",\n \"customLabel\": \"Idle workers\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "Apache-HTTPD-Workers", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"query\":\"metricset.module: apache\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Apache HTTPD", + "version": 1 + }, + "id": "Apache-HTTPD", + "type": "search", + "version": 7 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"id\":\"Apache-HTTPD-CPU\",\"type\":\"visualization\",\"panelIndex\":1,\"size_x\":6,\"size_y\":3,\"col\":7,\"row\":10},{\"id\":\"Apache-HTTPD-Hostname-list\",\"type\":\"visualization\",\"panelIndex\":2,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":1},{\"id\":\"Apache-HTTPD-Load1-slash-5-slash-15\",\"type\":\"visualization\",\"panelIndex\":3,\"size_x\":6,\"size_y\":3,\"col\":1,\"row\":10},{\"id\":\"Apache-HTTPD-Scoreboard\",\"type\":\"visualization\",\"panelIndex\":4,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":7},{\"id\":\"Apache-HTTPD-Total-accesses-and-kbytes\",\"type\":\"visualization\",\"panelIndex\":5,\"size_x\":6,\"size_y\":3,\"col\":7,\"row\":1},{\"id\":\"Apache-HTTPD-Uptime\",\"type\":\"visualization\",\"panelIndex\":6,\"size_x\":3,\"size_y\":3,\"col\":4,\"row\":1},{\"id\":\"Apache-HTTPD-Workers\",\"type\":\"visualization\",\"panelIndex\":7,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":4}]", + "timeRestore": false, + "title": "Metricbeat - Apache HTTPD server status", + "uiStateJSON": "{\"P-2\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "version": 1 + }, + "id": "Metricbeat-Apache-HTTPD-server-status", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/ceph/monitor_health/monitor_health.go b/vendor/github.com/elastic/beats/metricbeat/module/ceph/monitor_health/monitor_health.go index c00de44a..79956e6f 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/ceph/monitor_health/monitor_health.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/ceph/monitor_health/monitor_health.go @@ -1,8 +1,6 @@ package monitor_health import ( - "fmt" - "github.com/elastic/beats/libbeat/common" "github.com/elastic/beats/libbeat/logp" "github.com/elastic/beats/metricbeat/helper" @@ -46,15 +44,10 @@ func New(base mb.BaseMetricSet) (mb.MetricSet, error) { } func (m *MetricSet) Fetch() ([]common.MapStr, error) { - content, err := m.HTTP.FetchContent() if err != nil { return nil, err } - fmt.Printf("%+v", string(content)) - fmt.Printf("%+v", eventsMapping(content)) - return eventsMapping(content), nil - } diff --git a/vendor/github.com/elastic/beats/metricbeat/module/ceph/monitor_health/monitor_health_test.go b/vendor/github.com/elastic/beats/metricbeat/module/ceph/monitor_health/monitor_health_test.go index bf78b3a6..5260c8de 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/ceph/monitor_health/monitor_health_test.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/ceph/monitor_health/monitor_health_test.go @@ -32,10 +32,10 @@ func TestFetchEventContents(t *testing.T) { f := mbtest.NewEventsFetcher(t, config) events, err := f.Fetch() - event := events[0] - if !assert.NoError(t, err) { - t.FailNow() + if err != nil { + t.Fatal(err) } + event := events[0] t.Logf("%s/%s event: %+v", f.Module().Name(), f.Name(), event.StringToPrint()) @@ -68,5 +68,4 @@ func TestFetchEventContents(t *testing.T) { total = store_stats["total"].(common.MapStr) assert.EqualValues(t, 8488943, total["bytes"]) - } diff --git a/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/docs.asciidoc b/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/docs.asciidoc index 56abe0cb..5618ca37 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/docs.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/docs.asciidoc @@ -4,3 +4,13 @@ beta[] This module fetches metrics from https://www.docker.com/[Docker] containers. +The docker module is currently not tested on Windows. + +[float] +=== Module-Specific Configuration Notes + +It is strongly recommended that you run Docker metricsets with a +<> that is 3 seconds or longer. The request to the +Docker API already takes up to 2 seconds. Specifying less than 3 seconds will +result in requests that timeout, and no data will be reported for those +requests. diff --git a/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/dashboard/Metricbeat-Docker.json b/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/dashboard/Metricbeat-Docker.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/dashboard/Metricbeat-Docker.json rename to vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/dashboard/Metricbeat-Docker.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/search/Metricbeat-Docker.json b/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/search/Metricbeat-Docker.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/search/Metricbeat-Docker.json rename to vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/search/Metricbeat-Docker.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/visualization/Docker-CPU-usage.json b/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/visualization/Docker-CPU-usage.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/visualization/Docker-CPU-usage.json rename to vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/visualization/Docker-CPU-usage.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/visualization/Docker-Network-IO.json b/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/visualization/Docker-Network-IO.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/visualization/Docker-Network-IO.json rename to vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/visualization/Docker-Network-IO.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/visualization/Docker-Number-of-Containers.json b/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/visualization/Docker-Number-of-Containers.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/visualization/Docker-Number-of-Containers.json rename to vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/visualization/Docker-Number-of-Containers.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/visualization/Docker-containers-per-host.json b/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/visualization/Docker-containers-per-host.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/visualization/Docker-containers-per-host.json rename to vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/visualization/Docker-containers-per-host.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/visualization/Docker-containers.json b/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/visualization/Docker-containers.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/visualization/Docker-containers.json rename to vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/visualization/Docker-containers.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/visualization/Docker-images-and-names.json b/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/visualization/Docker-images-and-names.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/visualization/Docker-images-and-names.json rename to vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/visualization/Docker-images-and-names.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/visualization/Docker-memory-usage.json b/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/visualization/Docker-memory-usage.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/visualization/Docker-memory-usage.json rename to vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/5.x/visualization/Docker-memory-usage.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/default/dashboard/Metricbeat-docker.json b/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/default/dashboard/Metricbeat-docker.json new file mode 100644 index 00000000..ea9b108f --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/docker/_meta/kibana/default/dashboard/Metricbeat-docker.json @@ -0,0 +1,135 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": []\n}" + }, + "savedSearchId": "Metricbeat-Docker", + "title": "Docker containers", + "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": 1,\n \"direction\": \"asc\"\n }\n }\n }\n}", + "version": 1, + "visState": "{\n \"title\": \"Docker containers\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 8,\n \"showMeticsAtAllLevels\": false,\n \"showPartialRows\": false,\n \"showTotal\": true,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"totalFunc\": \"sum\"\n },\n \"aggs\": [\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"docker.container.name\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"customLabel\": \"Name\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"max\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"docker.cpu.total.pct\",\n \"customLabel\": \"CPU usage (%)\"\n }\n },\n {\n \"id\": \"4\",\n \"enabled\": true,\n \"type\": \"max\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"docker.diskio.total\",\n \"customLabel\": \"DiskIO\"\n }\n },\n {\n \"id\": \"5\",\n \"enabled\": true,\n \"type\": \"max\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"docker.memory.usage.pct\",\n \"customLabel\": \"Mem (%)\"\n }\n },\n {\n \"id\": \"6\",\n \"enabled\": true,\n \"type\": \"max\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"docker.memory.rss.total\",\n \"customLabel\": \"Mem RSS\"\n }\n },\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"docker.container.id\",\n \"customLabel\": \"Number of Containers\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "Docker-containers", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Metricbeat-Docker", + "title": "Docker Number of Containers", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Docker Number of Containers\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"36\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"docker.info.containers.running\",\"customLabel\":\"Running\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"docker.info.containers.paused\",\"customLabel\":\"Paused\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"docker.info.containers.stopped\",\"customLabel\":\"Stopped\"}}],\"listeners\":{}}" + }, + "id": "Docker-Number-of-Containers", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Metricbeat-Docker", + "title": "Docker containers per host", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Docker containers per host\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"docker.container.id\",\"customLabel\":\"Number of containers\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"beat.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hosts\"}}],\"listeners\":{}}" + }, + "id": "Docker-containers-per-host", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Metricbeat-Docker", + "title": "Docker images and names", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Docker images and names\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"docker.container.image\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"docker.container.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Docker-images-and-names", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": [],\n \"index\": \"metricbeat-*\",\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n },\n \"query\": {\n \"query_string\": {\n \"query\": \"metricset.module:docker AND metricset.name:cpu\",\n \"analyze_wildcard\": true\n }\n }\n}" + }, + "title": "Docker CPU usage", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\n \"title\": \"Docker CPU usage\",\n \"type\": \"area\",\n \"params\": {\n \"addLegend\": true,\n \"addTimeMarker\": false,\n \"addTooltip\": true,\n \"defaultYExtents\": false,\n \"interpolate\": \"linear\",\n \"legendPosition\": \"top\",\n \"mode\": \"stacked\",\n \"scale\": \"linear\",\n \"setYExtents\": false,\n \"shareYAxis\": true,\n \"smoothLines\": true,\n \"times\": [],\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"percentiles\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"docker.cpu.total.pct\",\n \"percents\": [\n 75\n ],\n \"customLabel\": \"Total CPU time\"\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"docker.container.name\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1.75\",\n \"customLabel\": \"Container name\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "Docker-CPU-usage", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"index\":\"metricbeat-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"metricset.module:docker AND metricset.name:memory\",\"analyze_wildcard\":true}}}" + }, + "title": "Docker memory usage", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Docker memory usage\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"docker.memory.usage.total\",\"customLabel\":\"Memory\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"docker.container.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Container name\"}}],\"listeners\":{}}" + }, + "id": "Docker-memory-usage", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"index\":\"metricbeat-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"metricset.module:docker AND metricset.name:network\",\"analyze_wildcard\":true}}}" + }, + "title": "Docker Network IO", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Docker Network IO\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"interpolate\":\"linear\",\"legendPosition\":\"top\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"smoothLines\":true,\"times\":[],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"docker.network.in.bytes\",\"customLabel\":\"IN bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"docker.container.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Container name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"docker.network.out.bytes\",\"customLabel\":\"OUT bytes\"}}],\"listeners\":{}}" + }, + "id": "Docker-Network-IO", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"metricset.module:docker\",\"analyze_wildcard\":true}}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Metricbeat Docker", + "version": 1 + }, + "id": "Metricbeat-Docker", + "type": "search", + "version": 4 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/docker/diskio/diskio_test.go b/vendor/github.com/elastic/beats/metricbeat/module/docker/diskio/diskio_test.go index 461a1fdf..dca77799 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/docker/diskio/diskio_test.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/docker/diskio/diskio_test.go @@ -1,14 +1,129 @@ package diskio import ( + "encoding/json" "testing" "time" + + "github.com/elastic/beats/metricbeat/module/docker" + + dc "github.com/fsouza/go-dockerclient" ) var blkioService BLkioService var oldBlkioRaw = make([]BlkioRaw, 3) var newBlkioRaw = make([]BlkioRaw, 3) +func TestDeltaMultipleContainers(t *testing.T) { + var apiContainer1 docker.Stat + var apiContainer2 docker.Stat + metrics := dc.BlkioStatsEntry{ + Major: 123, + Minor: 123, + Op: "Total", + Value: 123, + } + jsonContainers := `[ + { + "Id": "8dfafdbc3a40", + "Names": ["container"] + },{ + "Id": "8dfafdbc3a41", + "Names": ["container1"] + }]` + var containers []dc.APIContainers + err := json.Unmarshal([]byte(jsonContainers), &containers) + if err != nil { + t.Fatal(err) + } + + apiContainer1.Stats.Read = time.Now() + apiContainer1.Container = containers[0] + apiContainer1.Stats.BlkioStats.IOServicedRecursive = append(apiContainer1.Stats.BlkioStats.IOServicedRecursive, metrics) + apiContainer2.Stats.Read = time.Now() + apiContainer2.Container = containers[1] + apiContainer2.Stats.BlkioStats.IOServicedRecursive = append(apiContainer2.Stats.BlkioStats.IOServicedRecursive, metrics) + dockerStats := []docker.Stat{apiContainer1, apiContainer2} + stats := blkioService.getBlkioStatsList(dockerStats) + totals := make([]float64, 2) + for _, stat := range stats { + totals[0] = stat.totals + } + + dockerStats[0].Stats.BlkioStats.IOServicedRecursive[0].Value = 1000 + dockerStats[0].Stats.Read = dockerStats[0].Stats.Read.Add(time.Second * 10) + dockerStats[1].Stats.BlkioStats.IOServicedRecursive[0].Value = 1000 + dockerStats[1].Stats.Read = dockerStats[0].Stats.Read.Add(time.Second * 10) + stats = blkioService.getBlkioStatsList(dockerStats) + for _, stat := range stats { + totals[1] = stat.totals + if stat.totals < totals[0] { + t.Errorf("getBlkioStatsList(%v) => %v, want value bigger than %v", dockerStats, stat.totals, totals[0]) + } + } + + dockerStats[0].Stats.Read = dockerStats[0].Stats.Read.Add(time.Second * 15) + dockerStats[0].Stats.BlkioStats.IOServicedRecursive[0].Value = 2000 + dockerStats[1].Stats.BlkioStats.IOServicedRecursive[0].Value = 2000 + dockerStats[1].Stats.Read = dockerStats[0].Stats.Read.Add(time.Second * 15) + stats = blkioService.getBlkioStatsList(dockerStats) + for _, stat := range stats { + if stat.totals < totals[1] || stat.totals < totals[0] { + t.Errorf("getBlkioStatsList(%v) => %v, want value bigger than %v", dockerStats, stat.totals, totals[1]) + } + } + +} + +func TestDeltaOneContainer(t *testing.T) { + var apiContainer docker.Stat + metrics := dc.BlkioStatsEntry{ + Major: 123, + Minor: 123, + Op: "Total", + Value: 123, + } + jsonContainers := ` + { + "Id": "8dfafdbc3a40", + "Names": ["container"] + }` + var containers dc.APIContainers + err := json.Unmarshal([]byte(jsonContainers), &containers) + if err != nil { + t.Fatal(err) + } + + apiContainer.Stats.Read = time.Now() + apiContainer.Container = containers + apiContainer.Stats.BlkioStats.IOServicedRecursive = append(apiContainer.Stats.BlkioStats.IOServicedRecursive, metrics) + dockerStats := []docker.Stat{apiContainer} + stats := blkioService.getBlkioStatsList(dockerStats) + totals := make([]float64, 2) + for _, stat := range stats { + totals[0] = stat.totals + } + + dockerStats[0].Stats.BlkioStats.IOServicedRecursive[0].Value = 1000 + dockerStats[0].Stats.Read = dockerStats[0].Stats.Read.Add(time.Second * 10) + stats = blkioService.getBlkioStatsList(dockerStats) + for _, stat := range stats { + if stat.totals < totals[0] { + t.Errorf("getBlkioStatsList(%v) => %v, want value bigger than %v", dockerStats, stat.totals, totals[0]) + } + } + + dockerStats[0].Stats.BlkioStats.IOServicedRecursive[0].Value = 2000 + dockerStats[0].Stats.Read = dockerStats[0].Stats.Read.Add(time.Second * 15) + stats = blkioService.getBlkioStatsList(dockerStats) + for _, stat := range stats { + if stat.totals < totals[1] || stat.totals < totals[0] { + t.Errorf("getBlkioStatsList(%v) => %v, want value bigger than %v", dockerStats, stat.totals, totals[1]) + } + } + +} + func TestWritePs(t *testing.T) { oldWritePs := []uint64{220, 951, 0} newWritePs := []uint64{120, 2951, 0} diff --git a/vendor/github.com/elastic/beats/metricbeat/module/docker/diskio/helper.go b/vendor/github.com/elastic/beats/metricbeat/module/docker/diskio/helper.go index ff1831e2..6f71c6fd 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/docker/diskio/helper.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/docker/diskio/helper.go @@ -35,7 +35,9 @@ type BLkioService struct { func (io *BLkioService) getBlkioStatsList(rawStats []docker.Stat) []BlkioStats { formattedStats := []BlkioStats{} - + if io.BlkioSTatsPerContainer == nil { + io.BlkioSTatsPerContainer = make(map[string]BlkioRaw) + } for _, myRawStats := range rawStats { formattedStats = append(formattedStats, io.getBlkioStats(&myRawStats)) } @@ -55,9 +57,7 @@ func (io *BLkioService) getBlkioStats(myRawStat *docker.Stat) BlkioStats { if exist { myBlkioStats.reads = io.getReadPs(&oldBlkioStats, &newBlkioStats) myBlkioStats.writes = io.getWritePs(&oldBlkioStats, &newBlkioStats) - myBlkioStats.totals = io.getReadPs(&oldBlkioStats, &newBlkioStats) - } else { - io.BlkioSTatsPerContainer = make(map[string]BlkioRaw) + myBlkioStats.totals = io.getTotalPs(&oldBlkioStats, &newBlkioStats) } io.BlkioSTatsPerContainer[myRawStat.Container.ID] = newBlkioStats diff --git a/vendor/github.com/elastic/beats/metricbeat/module/haproxy/stat/_meta/fields.yml b/vendor/github.com/elastic/beats/metricbeat/module/haproxy/stat/_meta/fields.yml index 98b90c3a..2788f72c 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/haproxy/stat/_meta/fields.yml +++ b/vendor/github.com/elastic/beats/metricbeat/module/haproxy/stat/_meta/fields.yml @@ -298,12 +298,14 @@ Time in ms that it took to finish the last health check. - name: health.last - type: long + type: keyword description: > + The result of the last health check. - name: health.fail type: long description: > + Number of failed checks. - name: agent.last type: integer diff --git a/vendor/github.com/elastic/beats/metricbeat/module/haproxy/stat/data.go b/vendor/github.com/elastic/beats/metricbeat/module/haproxy/stat/data.go index 89579931..68892716 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/haproxy/stat/data.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/haproxy/stat/data.go @@ -49,12 +49,12 @@ var ( "time.avg": c.Int("Rtime", s.Optional), "denied": c.Int("Dresp"), "http": s.Object{ - "1xx": c.Int("Hrsp1xx"), - "2xx": c.Int("Hrsp2xx"), - "3xx": c.Int("Hrsp3xx"), - "4xx": c.Int("Hrsp4xx"), - "5xx": c.Int("Hrsp5xx"), - "other": c.Int("HrspOther"), + "1xx": c.Int("Hrsp1xx", s.Optional), + "2xx": c.Int("Hrsp2xx", s.Optional), + "3xx": c.Int("Hrsp3xx", s.Optional), + "4xx": c.Int("Hrsp4xx", s.Optional), + "5xx": c.Int("Hrsp5xx", s.Optional), + "other": c.Int("HrspOther", s.Optional), }, }, diff --git a/vendor/github.com/elastic/beats/metricbeat/module/jolokia/_meta/Dockerfile b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/_meta/Dockerfile new file mode 100644 index 00000000..7d0fa83c --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/_meta/Dockerfile @@ -0,0 +1,11 @@ +# Tomcat is started to fetch Jolokia metrics from it +FROM jolokia/java-jolokia:7 +ENV TOMCAT_VERSION 7.0.55 +ENV TC apache-tomcat-${TOMCAT_VERSION} + +HEALTHCHECK CMD curl -f curl localhost:8778/jolokia/ +EXPOSE 8778 +RUN wget http://archive.apache.org/dist/tomcat/tomcat-7/v${TOMCAT_VERSION}/bin/${TC}.tar.gz +RUN tar xzf ${TC}.tar.gz -C /opt + +CMD env CATALINA_OPTS=$(jolokia_opts) /opt/${TC}/bin/catalina.sh run diff --git a/vendor/github.com/elastic/beats/metricbeat/module/jolokia/_meta/config.yml b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/_meta/config.yml new file mode 100644 index 00000000..8658d1f2 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/_meta/config.yml @@ -0,0 +1,10 @@ +#- module: jolokia +# metricsets: ["jmx"] +# enabled: true +# period: 10s +# hosts: ["localhost"] +# namespace: "metrics" +# path: "/jolokia/?ignoreErrors=true&canonicalNaming=false" +# jmx.mapping: +# jmx.application: +# jmx.instance: diff --git a/vendor/github.com/elastic/beats/metricbeat/module/jolokia/_meta/docs.asciidoc b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/_meta/docs.asciidoc new file mode 100644 index 00000000..af59ed28 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/_meta/docs.asciidoc @@ -0,0 +1,6 @@ +== Jolokia Module + +beta[] + +This is the Jolokia Module. + diff --git a/vendor/github.com/elastic/beats/metricbeat/module/jolokia/_meta/env b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/_meta/env new file mode 100644 index 00000000..9c0340b6 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/_meta/env @@ -0,0 +1,2 @@ +JOLOKIA_HOST=jolokia +JOLOKIA_PORT=8778 diff --git a/vendor/github.com/elastic/beats/metricbeat/module/jolokia/_meta/fields.yml b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/_meta/fields.yml new file mode 100644 index 00000000..dde458c4 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/_meta/fields.yml @@ -0,0 +1,13 @@ +- key: jolokia + title: "Jolokia" + description: > + []beta + + Jolokia Module + short_config: false + fields: + - name: jolokia + type: group + description: > + jolokia contains metrics exposed via jolokia agent + fields: diff --git a/vendor/github.com/elastic/beats/metricbeat/module/jolokia/doc.go b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/doc.go new file mode 100644 index 00000000..149effe7 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/doc.go @@ -0,0 +1,4 @@ +/* +Package jolokia is a Metricbeat module that contains MetricSets. +*/ +package jolokia diff --git a/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/_meta/data.json b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/_meta/data.json new file mode 100644 index 00000000..2405a1c4 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/_meta/data.json @@ -0,0 +1,34 @@ +{ + "@timestamp": "2016-05-23T08:05:34.853Z", + "beat": { + "hostname": "host.example.com", + "name": "host.example.com" + }, + "jolokia": { + "testnamespace": { + "memory": { + "heap_usage": { + "committed": 1.09051904e+08, + "init": 3.2753408e+07, + "max": 6.20756992e+08, + "used": 5.8796168e+07 + }, + "non_heap_usage": { + "committed": 3.244032e+07, + "init": 2.4576e+07, + "max": 2.24395264e+08, + "used": 1.7975176e+07 + } + }, + "uptime": 6.1802139e+07 + } + }, + "metricset": { + "host": "127.0.0.1:8778", + "module": "jolokia", + "name": "jmx", + "namespace": "testnamespace", + "rtt": 115 + }, + "type": "metricsets" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/_meta/docs.asciidoc b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/_meta/docs.asciidoc new file mode 100644 index 00000000..0e44cea5 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/_meta/docs.asciidoc @@ -0,0 +1,50 @@ +=== Jolokia jmx Metricset + +This is the jmx metricset of the module jolokia. + +[float] +=== Features and configuration +Tested with Jolokia 1.3.4. + +Metrics to be collected from each Jolokia instance are defined in the mapping section with an MBean ObjectName and +an array of Attributes to be requested with Elastic field names under which the return values should be saved. + +For example: to get the "Uptime" attribute from the "java.lang:type=Runtime" MBean and map it to something like +"uptime" (actually "jolokia.jmx.uptime", the prexif is added by beats framework) you have to configure following +mapping: + +[source,yaml] +--- +- module: jolokia + metricsets: ["jmx"] + hosts: ["localhost:8778"] + namespace: "metrics" + jmx.mappings: + - mbean: 'java.lang:type=Runtime' + attributes: + - attr: Uptime + field: uptime +--- + +In case the underlying attribute is an object (e.g. see HeapMemoryUsage attribute in java.lang:type=Memory) its +structure will be published to Elastic "as is". + +It is possible to configure nested metric aliases by using dots in the mapping name (e.g. gc.cms_collection_time). For examples please refer to the +https://github.com/elastic/beats/blob/{doc-branch}/metricbeat/module/jolokia/jmx/_meta/test/config.yml[/jolokia/jmx/test/config.yml]. + +All metrics from a single mapping will be POSTed to the defined host/port and sent to Elastic as a single event. +To make it possible to differentiate between metrics from multiple similar applications running on the same host, +please configure multiple modules. + +It is required to set a namespace in the general module config section. + +[float] +=== Limitations +No authentication against Jolokia is supported yet. No wildcards in Jolokia requests supported yet. +All Jolokia requests have canonicalNaming set to false (details see here: https://jolokia.org/reference/html/protocol.html). + + +[float] +=== Exposed fields, Dashboards, Indexes, etc. +Since this is a very general module that can be tailored for any application that exposes its metrics over Jolokia, it +comes with no exposed fields description, dashboards or index patterns. diff --git a/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/_meta/fields.yml b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/_meta/fields.yml new file mode 100644 index 00000000..e69de29b diff --git a/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/_meta/test/config.yml b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/_meta/test/config.yml new file mode 100644 index 00000000..97ccd8f6 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/_meta/test/config.yml @@ -0,0 +1,68 @@ +###################### Metricbeat Configuration Example ####################### + +#========================== Modules configuration ============================ +metricbeat.modules: + +#------------------------------ jolokia Module ----------------------------- +- module: jolokia + metricsets: ["jmx"] + enabled: true + period: 10s + namespace: "jolokia_metrics" + hosts: ["localhost:4008"] + jmx.mappings: + - mbean: 'java.lang:type=Runtime' + attributes: + - attr: Uptime + field: uptime + - mbean: 'java.lang:type=GarbageCollector,name=ConcurrentMarkSweep' + attributes: + - attr: CollectionTime + field: gc.cms_collection_time + - attr: CollectionCount + field: gc.cms_collection_count + - mbean: 'java.lang:type=Memory' + attributes: + - attr: HeapMemoryUsage + field: memory.heap_usage + - attr: NonHeapMemoryUsage + field: memory.non_heap_usage + +- module: jolokia + metricsets: ["jmx"] + enabled: true + period: 10s + namespace: "jolokia_metrics" + hosts: ["localhost:4002"] + jmx.mappings: + - mbean: 'org.apache.cassandra.metrics:type=ClientRequest,scope=Read,name=Latency' + attributes: + - attr: OneMinuteRate + field: client_request.read_latency_one_min_rate + - attr: Count + field: client_request.read_latency + - mbean: 'org.apache.cassandra.metrics:type=ClientRequest,scope=Write,name=Latency' + attributes: + - attr: OneMinuteRate + field: client_request.write_latency_one_min_rate + - attr: Count + field: client_request.write_latency + - mbean: 'org.apache.cassandra.metrics:type=Compaction,name=CompletedTasks' + attributes: + - attr: Value + field: compaction.completed_tasks + - mbean: 'org.apache.cassandra.metrics:type=Compaction,name=PendingTasks' + attributes: + - attr: Value + field: compaction.pending_tasks +#================================ Outputs ===================================== + +#-------------------------- Elasticsearch output ------------------------------ +output.elasticsearch: + # Array of hosts to connect to. + hosts: ["localhost:9200"] + + # Optional protocol and basic auth credentials. + #protocol: "https" + #username: "elastic" + #password: "changeme" diff --git a/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/_meta/test/jolokia_response.json b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/_meta/test/jolokia_response.json new file mode 100644 index 00000000..effa8f9f --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/_meta/test/jolokia_response.json @@ -0,0 +1,56 @@ +[ + { + "request": { + "mbean": "java.lang:type=Runtime", + "attribute": "Uptime", + "type": "read" + }, + "value": { + "Uptime": 47283 + }, + "timestamp": 1472298687, + "status": 200 + }, + { + "request": { + "mbean": "java.lang:type=GarbageCollector,name=ConcurrentMarkSweep", + "attribute": [ + "CollectionTime", + "CollectionCount" + ], + "type": "read" + }, + "value": { + "CollectionTime": 53, + "CollectionCount": 1 + }, + "timestamp": 1472298687, + "status": 200 + }, + { + "request": { + "mbean": "java.lang:type=Memory", + "attribute": [ + "HeapMemoryUsage", + "NonHeapMemoryUsage" + ], + "type": "read" + }, + "value": { + "HeapMemoryUsage": { + "init": 1073741824, + "committed": 1037959168, + "max": 1037959168, + "used": 227420472 + }, + "NonHeapMemoryUsage": { + "init": 2555904, + "committed": 53477376, + "max": -1, + "used": 50519768 + } + }, + "timestamp": 1472298687, + "status": 200 + } +] diff --git a/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/config.go b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/config.go new file mode 100644 index 00000000..26a263e6 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/config.go @@ -0,0 +1,61 @@ +package jmx + +import "encoding/json" + +type JMXMapping struct { + MBean string + Attributes []Attribute +} + +type Attribute struct { + Attr string + Field string +} + +// RequestBlock is used to build the request blocks of the following format: +// +// [ +// { +// "type":"read", +// "mbean":"java.lang:type=Runtime", +// "attribute":[ +// "Uptime" +// ] +// }, +// { +// "type":"read", +// "mbean":"java.lang:type=GarbageCollector,name=ConcurrentMarkSweep", +// "attribute":[ +// "CollectionTime", +// "CollectionCount" +// ] +// } +// ] +type RequestBlock struct { + Type string `json:"type"` + MBean string `json:"mbean"` + Attribute []string `json:"attribute"` +} + +func buildRequestBodyAndMapping(mappings []JMXMapping) ([]byte, map[string]string, error) { + + responseMapping := map[string]string{} + blocks := []RequestBlock{} + + for _, mapping := range mappings { + + rb := RequestBlock{ + Type: "read", + MBean: mapping.MBean, + } + + for _, attribute := range mapping.Attributes { + rb.Attribute = append(rb.Attribute, attribute.Attr) + responseMapping[mapping.MBean+"_"+attribute.Attr] = attribute.Field + } + blocks = append(blocks, rb) + } + + content, err := json.Marshal(blocks) + return content, responseMapping, err +} diff --git a/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/data.go b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/data.go new file mode 100644 index 00000000..37ca5b5d --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/data.go @@ -0,0 +1,87 @@ +package jmx + +import ( + "encoding/json" + "fmt" + + "github.com/elastic/beats/libbeat/common" + "github.com/joeshaw/multierror" +) + +type Entry struct { + Request struct { + Mbean string `json:"mbean"` + } + Value map[string]interface{} +} + +// Map responseBody to common.MapStr +// +// A response has the following structure +// [ +// { +// "request": { +// "mbean": "java.lang:type=Memory", +// "attribute": [ +// "HeapMemoryUsage", +// "NonHeapMemoryUsage" +// ], +// "type": "read" +// }, +// "value": { +// "HeapMemoryUsage": { +// "init": 1073741824, +// "committed": 1037959168, +// "max": 1037959168, +// "used": 227420472 +// }, +// "NonHeapMemoryUsage": { +// "init": 2555904, +// "committed": 53477376, +// "max": -1, +// "used": 50519768 +// } +// }, +// "timestamp": 1472298687, +// "status": 200 +// } +// ] +func eventMapping(content []byte, mapping map[string]string) (common.MapStr, error) { + + var entries []Entry + err := json.Unmarshal(content, &entries) + if err != nil { + return nil, fmt.Errorf("Cannot unmarshal json response: %s", err) + } + + event := common.MapStr{} + var errs multierror.Errors + + for _, v := range entries { + for attribute, value := range v.Value { + // Extend existing event + err := parseResponseEntry(v.Request.Mbean, attribute, value, event, mapping) + if err != nil { + errs = append(errs, err) + } + } + } + + return event, errs.Err() + +} + +func parseResponseEntry(mbeanName string, attributeName string, attibuteValue interface{}, + event common.MapStr, mapping map[string]string) error { + + //create metric name by merging mbean and attribute fields + var metricName = mbeanName + "_" + attributeName + + key, exists := mapping[metricName] + if !exists { + return fmt.Errorf("No key found for metric: '%s', skipping...", metricName) + } + + _, err := event.Put(key, attibuteValue) + return err +} diff --git a/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/data_test.go b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/data_test.go new file mode 100644 index 00000000..73f00660 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/data_test.go @@ -0,0 +1,44 @@ +package jmx + +import ( + "io/ioutil" + "path/filepath" + "testing" + + "github.com/elastic/beats/libbeat/common" + "github.com/stretchr/testify/assert" +) + +func TestEventMapper(t *testing.T) { + absPath, err := filepath.Abs("./_meta/test") + + assert.NotNil(t, absPath) + assert.Nil(t, err) + + jolokiaResponse, err := ioutil.ReadFile(absPath + "/jolokia_response.json") + + assert.Nil(t, err) + + var mapping = map[string]string{ + "java.lang:type=Runtime_Uptime": "uptime", + "java.lang:type=GarbageCollector,name=ConcurrentMarkSweep_CollectionTime": "gc.cms_collection_time", + "java.lang:type=GarbageCollector,name=ConcurrentMarkSweep_CollectionCount": "gc.cms_collection_count", + "java.lang:type=Memory_HeapMemoryUsage": "memory.heap_usage", + "java.lang:type=Memory_NonHeapMemoryUsage": "memory.non_heap_usage", + } + + event, err := eventMapping(jolokiaResponse, mapping) + + assert.Nil(t, err) + assert.EqualValues(t, 47283, event["uptime"]) + assert.EqualValues(t, 53, event["gc"].(common.MapStr)["cms_collection_time"]) + assert.EqualValues(t, 1, event["gc"].(common.MapStr)["cms_collection_count"]) + assert.EqualValues(t, 1073741824, event["memory"].(common.MapStr)["heap_usage"].(map[string]interface{})["init"]) + assert.EqualValues(t, 1037959168, event["memory"].(common.MapStr)["heap_usage"].(map[string]interface{})["committed"]) + assert.EqualValues(t, 1037959168, event["memory"].(common.MapStr)["heap_usage"].(map[string]interface{})["max"]) + assert.EqualValues(t, 227420472, event["memory"].(common.MapStr)["heap_usage"].(map[string]interface{})["used"]) + assert.EqualValues(t, 2555904, event["memory"].(common.MapStr)["non_heap_usage"].(map[string]interface{})["init"]) + assert.EqualValues(t, 53477376, event["memory"].(common.MapStr)["non_heap_usage"].(map[string]interface{})["committed"]) + assert.EqualValues(t, -1, event["memory"].(common.MapStr)["non_heap_usage"].(map[string]interface{})["max"]) + assert.EqualValues(t, 50519768, event["memory"].(common.MapStr)["non_heap_usage"].(map[string]interface{})["used"]) +} diff --git a/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/jmx.go b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/jmx.go new file mode 100644 index 00000000..b2b1de38 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/jmx.go @@ -0,0 +1,96 @@ +package jmx + +import ( + "github.com/elastic/beats/libbeat/common" + "github.com/elastic/beats/libbeat/logp" + "github.com/elastic/beats/metricbeat/helper" + "github.com/elastic/beats/metricbeat/mb" + "github.com/elastic/beats/metricbeat/mb/parse" +) + +var ( + debugf = logp.MakeDebug("jolokia-jmx") +) + +// init registers the MetricSet with the central registry. +func init() { + if err := mb.Registry.AddMetricSet("jolokia", "jmx", New, hostParser); err != nil { + panic(err) + } +} + +const ( + // defaultScheme is the default scheme to use when it is not specified in + // the host config. + defaultScheme = "http" + + // defaultPath is the default path to the ngx_http_stub_status_module endpoint on Nginx. + defaultPath = "/jolokia/?ignoreErrors=true&canonicalNaming=false" +) + +var ( + hostParser = parse.URLHostParserBuilder{ + DefaultScheme: defaultScheme, + PathConfigKey: "path", + DefaultPath: defaultPath, + }.Build() +) + +// MetricSet type defines all fields of the MetricSet +type MetricSet struct { + mb.BaseMetricSet + mapping map[string]string + namespace string + http *helper.HTTP +} + +// New create a new instance of the MetricSet +func New(base mb.BaseMetricSet) (mb.MetricSet, error) { + logp.Warn("BETA: The jolokia jmx metricset is beta") + + // Additional configuration options + config := struct { + Namespace string `config:"namespace" validate:"required"` + Mappings []JMXMapping `config:"jmx.mappings" validate:"required"` + }{} + + if err := base.Module().UnpackConfig(&config); err != nil { + return nil, err + } + + body, mapping, err := buildRequestBodyAndMapping(config.Mappings) + if err != nil { + return nil, err + } + + http := helper.NewHTTP(base) + http.SetMethod("POST") + http.SetBody(body) + + return &MetricSet{ + BaseMetricSet: base, + mapping: mapping, + namespace: config.Namespace, + http: http, + }, nil + +} + +// Fetch methods implements the data gathering and data conversion to the right format +func (m *MetricSet) Fetch() (common.MapStr, error) { + + body, err := m.http.FetchContent() + if err != nil { + return nil, err + } + + event, err := eventMapping(body, m.mapping) + if err != nil { + return nil, err + } + + // Set dynamic namespace + event["_namespace"] = m.namespace + + return event, nil +} diff --git a/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/jmx_integration_test.go b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/jmx_integration_test.go new file mode 100644 index 00000000..f3df7327 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/jolokia/jmx/jmx_integration_test.go @@ -0,0 +1,93 @@ +// +build integration + +package jmx + +import ( + "os" + "testing" + + mbtest "github.com/elastic/beats/metricbeat/mb/testing" + "github.com/stretchr/testify/assert" +) + +func TestFetch(t *testing.T) { + f := mbtest.NewEventFetcher(t, getConfig()) + event, err := f.Fetch() + if !assert.NoError(t, err) { + t.FailNow() + } + + t.Logf("%s/%s event: %+v", f.Module().Name(), f.Name(), event) +} + +func TestData(t *testing.T) { + f := mbtest.NewEventFetcher(t, getConfig()) + err := mbtest.WriteEvent(f, t) + if err != nil { + t.Fatal("write", err) + } +} + +func getConfig() map[string]interface{} { + return map[string]interface{}{ + "module": "jolokia", + "metricsets": []string{"jmx"}, + "hosts": []string{getEnvHost() + ":" + getEnvPort()}, + "namespace": "testnamespace", + "jmx.mappings": []map[string]interface{}{ + { + "mbean": "java.lang:type=Runtime", + "attributes": []map[string]string{ + { + "attr": "Uptime", + "field": "uptime", + }, + }, + }, + { + "mbean": "java.lang:type=GarbageCollector,name=ConcurrentMarkSweep", + "attributes": []map[string]string{ + { + "attr": "CollectionTime", + "field": "gc.cms_collection_time", + }, + { + "attr": "CollectionCount", + "field": "gc.cms_collection_count", + }, + }, + }, + { + "mbean": "java.lang:type=Memory", + "attributes": []map[string]string{ + { + "attr": "HeapMemoryUsage", + "field": "memory.heap_usage", + }, + { + "attr": "NonHeapMemoryUsage", + "field": "memory.non_heap_usage", + }, + }, + }, + }, + } +} + +func getEnvHost() string { + host := os.Getenv("JOLOKIA_HOST") + + if len(host) == 0 { + host = "127.0.0.1" + } + return host +} + +func getEnvPort() string { + port := os.Getenv("JOLOKIA_PORT") + + if len(port) == 0 { + port = "8778" + } + return port +} diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/dashboard/Metricbeat-MongoDB.json b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/dashboard/Metricbeat-MongoDB.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/dashboard/Metricbeat-MongoDB.json rename to vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/dashboard/Metricbeat-MongoDB.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/search/MongoDB-search.json b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/search/MongoDB-search.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/search/MongoDB-search.json rename to vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/search/MongoDB-search.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/visualization/MongoDB-Concurrent-transactions-Read.json b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/visualization/MongoDB-Concurrent-transactions-Read.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/visualization/MongoDB-Concurrent-transactions-Read.json rename to vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/visualization/MongoDB-Concurrent-transactions-Read.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/visualization/MongoDB-Concurrent-transactions-Write.json b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/visualization/MongoDB-Concurrent-transactions-Write.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/visualization/MongoDB-Concurrent-transactions-Write.json rename to vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/visualization/MongoDB-Concurrent-transactions-Write.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/visualization/MongoDB-Engine-ampersand-Version.json b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/visualization/MongoDB-Engine-ampersand-Version.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/visualization/MongoDB-Engine-ampersand-Version.json rename to vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/visualization/MongoDB-Engine-ampersand-Version.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/visualization/MongoDB-WiredTiger-Cache.json b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/visualization/MongoDB-WiredTiger-Cache.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/visualization/MongoDB-WiredTiger-Cache.json rename to vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/visualization/MongoDB-WiredTiger-Cache.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/visualization/MongoDB-asserts.json b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/visualization/MongoDB-asserts.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/visualization/MongoDB-asserts.json rename to vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/visualization/MongoDB-asserts.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/visualization/MongoDB-hosts.json b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/visualization/MongoDB-hosts.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/visualization/MongoDB-hosts.json rename to vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/visualization/MongoDB-hosts.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/visualization/MongoDB-memory-stats.json b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/visualization/MongoDB-memory-stats.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/visualization/MongoDB-memory-stats.json rename to vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/visualization/MongoDB-memory-stats.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/visualization/MongoDB-operation-counters.json b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/visualization/MongoDB-operation-counters.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/visualization/MongoDB-operation-counters.json rename to vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/5.x/visualization/MongoDB-operation-counters.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/default/dashboard/Metricbeat-mongodb.json b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/default/dashboard/Metricbeat-mongodb.json new file mode 100644 index 00000000..689e2068 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/_meta/kibana/default/dashboard/Metricbeat-mongodb.json @@ -0,0 +1,172 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MongoDB-search", + "title": "MongoDB hosts", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"MongoDB hosts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.connections.current\",\"customLabel\":\"Number of connections\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"metricset.host\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.memory.bits\",\"customLabel\":\"Arch\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.memory.resident.mb\",\"customLabel\":\"Resident memory\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.memory.virtual.mb\",\"customLabel\":\"Virtual memory\"}}],\"listeners\":{}}" + }, + "id": "MongoDB-hosts", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MongoDB-search", + "title": "MongoDB Engine \u0026 Version", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MongoDB Engine \u0026 Version\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"bottom\",\"shareYAxis\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"metricset.host\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mongodb.status.storage_engine.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Engine\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mongodb.status.version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Version\"}}],\"listeners\":{}}" + }, + "id": "MongoDB-Engine-ampersand-Version", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MongoDB-search", + "title": "MongoDB operation counters", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MongoDB operation counters\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.opcounters.command\",\"customLabel\":\"command\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.opcounters.delete\",\"customLabel\":\"delete\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.opcounters.getmore\",\"customLabel\":\"getmore\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.opcounters.insert\",\"customLabel\":\"insert\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.opcounters.query\",\"customLabel\":\"query\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.opcounters_replicated.update\",\"customLabel\":\"update\"}}],\"listeners\":{}}" + }, + "id": "MongoDB-operation-counters", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MongoDB-search", + "title": "MongoDB Concurrent transactions Read", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Read Available\":\"#508642\",\"Read Used\":\"#BF1B00\"}}}", + "version": 1, + "visState": "{\"title\":\"MongoDB Concurrent transactions Read\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.wired_tiger.concurrent_transactions.read.available\",\"customLabel\":\"Read Available\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.wired_tiger.concurrent_transactions.read.out\",\"customLabel\":\"Read Used\"}}],\"listeners\":{}}" + }, + "id": "MongoDB-Concurrent-transactions-Read", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MongoDB-search", + "title": "MongoDB Concurrent transactions Write", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Write Available\":\"#629E51\",\"Write Used\":\"#BF1B00\"}}}", + "version": 1, + "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Write Available\",\"field\":\"mongodb.status.wired_tiger.concurrent_transactions.write.available\"},\"schema\":\"metric\",\"type\":\"avg\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customInterval\":\"2h\",\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Write Used\",\"field\":\"mongodb.status.wired_tiger.concurrent_transactions.write.out\"},\"schema\":\"metric\",\"type\":\"avg\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"interpolate\":\"linear\",\"legendPosition\":\"bottom\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{}},\"title\":\"MongoDB Concurrent transactions Write\",\"type\":\"area\"}" + }, + "id": "MongoDB-Concurrent-transactions-Write", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MongoDB-search", + "title": "MongoDB memory stats", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MongoDB memory stats\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"log\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.memory.mapped.mb\",\"customLabel\":\"Mapped\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.memory.mapped_with_journal.mb\",\"customLabel\":\"Mapped with journal\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.memory.resident.mb\",\"customLabel\":\"Rezident\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.memory.virtual.mb\",\"customLabel\":\"Virtual\"}}],\"listeners\":{}}" + }, + "id": "MongoDB-memory-stats", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MongoDB-search", + "title": "MongoDB asserts", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MongoDB asserts\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.asserts.msg\",\"customLabel\":\"message\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.asserts.regular\",\"customLabel\":\"regular\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.asserts.rollovers\",\"customLabel\":\"rollover\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.asserts.user\",\"customLabel\":\"user\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.asserts.warning\",\"customLabel\":\"warning\"}}],\"listeners\":{}}" + }, + "id": "MongoDB-asserts", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MongoDB-search", + "title": "MongoDB WiredTiger Cache", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MongoDB WiredTiger Cache\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"overlap\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.wired_tiger.cache.maximum.bytes\",\"customLabel\":\"max\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.wired_tiger.cache.used.bytes\",\"customLabel\":\"used\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mongodb.status.wired_tiger.cache.dirty.bytes\",\"customLabel\":\"dirty\"}}],\"listeners\":{}}" + }, + "id": "MongoDB-WiredTiger-Cache", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"metricset.module:mongodb\"}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "MongoDB search", + "version": 1 + }, + "id": "MongoDB-search", + "type": "search", + "version": 8 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"MongoDB-hosts\",\"panelIndex\":1,\"row\":1,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":9,\"id\":\"MongoDB-Engine-ampersand-Version\",\"panelIndex\":4,\"row\":1,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"MongoDB-operation-counters\",\"panelIndex\":2,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"MongoDB-Concurrent-transactions-Read\",\"panelIndex\":6,\"row\":4,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":10,\"id\":\"MongoDB-Concurrent-transactions-Write\",\"panelIndex\":7,\"row\":4,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"MongoDB-memory-stats\",\"panelIndex\":5,\"row\":10,\"size_x\":12,\"size_y\":4,\"type\":\"visualization\"},{\"col\":7,\"id\":\"MongoDB-asserts\",\"panelIndex\":3,\"row\":7,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"id\":\"MongoDB-WiredTiger-Cache\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":6,\"size_y\":3,\"col\":1,\"row\":7}]", + "timeRestore": false, + "title": "Metricbeat MongoDB", + "uiStateJSON": "{\"P-1\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "version": 1 + }, + "id": "Metricbeat-MongoDB", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/dbstats/_meta/data.json b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/dbstats/_meta/data.json index 78cb66a8..39a3d34f 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/dbstats/_meta/data.json +++ b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/dbstats/_meta/data.json @@ -12,15 +12,25 @@ }, "mongodb": { "dbstats": { - "avg_obj_size": 59, + "avg_obj_size": { + "bytes": 59 + }, "collections": 1, - "data_size": 59, + "data_size": { + "bytes": 59 + }, "db": "admin", - "index_size": 32768, + "file_size": {}, + "index_size": { + "bytes": 32768 + }, "indexes": 2, + "ns_size_mb": {}, "num_extents": 0, "objects": 1, - "storage_size": 16384 + "storage_size": { + "bytes": 16384 + } } }, "type": "metricsets" diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/dbstats/data.go b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/dbstats/data.go index 7e1d3e59..558a9ea6 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/dbstats/data.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/dbstats/data.go @@ -6,19 +6,31 @@ import ( ) var schema = s.Schema{ - "db": c.Str("db"), - "collections": c.Int("collections"), - "objects": c.Int("objects"), - "avg_obj_size": c.Int("avgObjSize"), - "data_size": c.Int("dataSize"), - "storage_size": c.Int("storageSize"), - "num_extents": c.Int("numExtents"), - "indexes": c.Int("indexes"), - "index_size": c.Int("indexSize"), + "db": c.Str("db"), + "collections": c.Int("collections"), + "objects": c.Int("objects"), + "avg_obj_size": s.Object{ + "bytes": c.Int("avgObjSize"), + }, + "data_size": s.Object{ + "bytes": c.Int("dataSize"), + }, + "storage_size": s.Object{ + "bytes": c.Int("storageSize"), + }, + "num_extents": c.Int("numExtents"), + "indexes": c.Int("indexes"), + "index_size": s.Object{ + "bytes": c.Int("indexSize"), + }, // mmapv1 only - "ns_size_mb": c.Int("nsSizeMB", s.Optional), + "ns_size_mb": s.Object{ + "mb": c.Int("nsSizeMB", s.Optional), + }, // mmapv1 only - "file_size": c.Int("fileSize", s.Optional), + "file_size": s.Object{ + "bytes": c.Int("fileSize", s.Optional), + }, // mmapv1 only "data_file_version": c.Dict("dataFileVersion", s.Schema{ "major": c.Int("major"), @@ -26,8 +38,10 @@ var schema = s.Schema{ }, c.DictOptional), // mmapv1 only "extent_free_list": c.Dict("extentFreeList", s.Schema{ - "num": c.Int("num"), - "size": c.Int("size"), + "num": c.Int("num"), + "size": s.Object{ + "bytes": c.Int("size", s.Optional), + }, }, c.DictOptional), } diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/dbstats/dbstats_integration_test.go b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/dbstats/dbstats_integration_test.go index e53b9dff..d6a2933a 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/dbstats/dbstats_integration_test.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/dbstats/dbstats_integration_test.go @@ -30,14 +30,17 @@ func TestFetch(t *testing.T) { objects := event["objects"].(int64) assert.True(t, objects > 0) - avgObjSize := event["avg_obj_size"].(int64) - assert.True(t, avgObjSize > 0) + avgObjSize, err := event.GetValue("avg_obj_size.bytes") + assert.NoError(t, err) + assert.True(t, avgObjSize.(int64) > 0) - dataSize := event["data_size"].(int64) - assert.True(t, dataSize > 0) + dataSize, err := event.GetValue("data_size.bytes") + assert.NoError(t, err) + assert.True(t, dataSize.(int64) > 0) - storageSize := event["storage_size"].(int64) - assert.True(t, storageSize > 0) + storageSize, err := event.GetValue("storage_size.bytes") + assert.NoError(t, err) + assert.True(t, storageSize.(int64) > 0) numExtents := event["num_extents"].(int64) assert.True(t, numExtents >= 0) @@ -45,8 +48,9 @@ func TestFetch(t *testing.T) { indexes := event["indexes"].(int64) assert.True(t, indexes >= 0) - indexSize := event["index_size"].(int64) - assert.True(t, indexSize > 0) + indexSize, err := event.GetValue("index_size.bytes") + assert.NoError(t, err) + assert.True(t, indexSize.(int64) > 0) } } diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/status/_meta/fields.yml b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/status/_meta/fields.yml index 6bb6b239..941f614d 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/mongodb/status/_meta/fields.yml +++ b/vendor/github.com/elastic/beats/metricbeat/module/mongodb/status/_meta/fields.yml @@ -424,11 +424,3 @@ type: long description: > Number of sync operations. - - - - - - - - diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/dashboard/66881e90-0006-11e7-bf7f-c9acc3d3e306.json b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/dashboard/66881e90-0006-11e7-bf7f-c9acc3d3e306.json new file mode 100644 index 00000000..a4ee05ef --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/dashboard/66881e90-0006-11e7-bf7f-c9acc3d3e306.json @@ -0,0 +1,13 @@ +{ + "hits": 0, + "timeRestore": false, + "description": "", + "title": "Metricbeat MySQL", + "uiStateJSON": "{}", + "panelsJSON": "[{\"col\":1,\"id\":\"e784dc50-0005-11e7-bf7f-c9acc3d3e306\",\"panelIndex\":1,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"0f506420-0006-11e7-bf7f-c9acc3d3e306\",\"panelIndex\":2,\"row\":7,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"1a99f2b0-0006-11e7-bf7f-c9acc3d3e306\",\"panelIndex\":3,\"row\":10,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"45a00c10-0006-11e7-bf7f-c9acc3d3e306\",\"panelIndex\":4,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"1eda2280-0008-11e7-82f3-2f380154876c\",\"panelIndex\":5,\"row\":1,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"1ede99e0-0009-11e7-8cd4-73b67e9e3f3c\",\"panelIndex\":7,\"row\":10,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"4c36c420-000a-11e7-8cd4-73b67e9e3f3c\",\"panelIndex\":8,\"row\":7,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":3,\"panelIndex\":9,\"type\":\"visualization\",\"id\":\"a2175300-000a-11e7-b001-85aac4878445\",\"col\":1,\"row\":13}]", + "optionsJSON": "{\"darkTheme\":false}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/search/67e88e60-0005-11e7-aaf1-b342e4b94bb0.json b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/search/67e88e60-0005-11e7-aaf1-b342e4b94bb0.json new file mode 100644 index 00000000..8d76278f --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/search/67e88e60-0005-11e7-aaf1-b342e4b94bb0.json @@ -0,0 +1,16 @@ +{ + "sort": [ + "@timestamp", + "desc" + ], + "hits": 0, + "description": "", + "title": "Metricbeat MySQL status", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"_exists_:mysql.status\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "columns": [ + "_source" + ] +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/0f506420-0006-11e7-bf7f-c9acc3d3e306.json b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/0f506420-0006-11e7-bf7f-c9acc3d3e306.json new file mode 100644 index 00000000..800f8796 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/0f506420-0006-11e7-bf7f-c9acc3d3e306.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"MySQL open files\",\"type\":\"line\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mysql.status.open.files\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}", + "description": "", + "title": "MySQL open files", + "uiStateJSON": "{}", + "version": 1, + "savedSearchId": "67e88e60-0005-11e7-aaf1-b342e4b94bb0", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/1a99f2b0-0006-11e7-bf7f-c9acc3d3e306.json b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/1a99f2b0-0006-11e7-bf7f-c9acc3d3e306.json new file mode 100644 index 00000000..25ceca46 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/1a99f2b0-0006-11e7-bf7f-c9acc3d3e306.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"MySQL open tables\",\"type\":\"line\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mysql.status.open.files\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}", + "description": "", + "title": "MySQL open tables", + "uiStateJSON": "{}", + "version": 1, + "savedSearchId": "67e88e60-0005-11e7-aaf1-b342e4b94bb0", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/1eda2280-0008-11e7-82f3-2f380154876c.json b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/1eda2280-0008-11e7-82f3-2f380154876c.json new file mode 100644 index 00000000..3ece70ad --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/1eda2280-0008-11e7-82f3-2f380154876c.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"MySQL commands\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(*, metric='avg:mysql.status.command.select').derivative().label(\\\"SELECT\\\"),.es(*, metric='avg:mysql.status.command.insert').derivative().label(\\\"INSERT\\\"),.es(*, metric='avg:mysql.status.command.insert').derivative().label(\\\"UPDATE\\\"),.es(*, metric='avg:mysql.status.command.insert').derivative().label(\\\"DELETE\\\")\",\"interval\":\"1m\"},\"aggs\":[],\"listeners\":{}}", + "description": "", + "title": "MySQL commands", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/1ede99e0-0009-11e7-8cd4-73b67e9e3f3c.json b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/1ede99e0-0009-11e7-8cd4-73b67e9e3f3c.json new file mode 100644 index 00000000..c5887827 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/1ede99e0-0009-11e7-8cd4-73b67e9e3f3c.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"MySQL threads created\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(*, metric='avg:mysql.status.threads.created').derivative().label(\\\"Threads created\\\")\",\"interval\":\"1m\"},\"aggs\":[],\"listeners\":{}}", + "description": "", + "title": "MySQL threads created", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/45a00c10-0006-11e7-bf7f-c9acc3d3e306.json b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/45a00c10-0006-11e7-bf7f-c9acc3d3e306.json new file mode 100644 index 00000000..0909efb8 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/45a00c10-0006-11e7-bf7f-c9acc3d3e306.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"MySQL running threads\",\"type\":\"line\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mysql.status.threads.running\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}", + "description": "", + "title": "MySQL running threads", + "uiStateJSON": "{}", + "version": 1, + "savedSearchId": "67e88e60-0005-11e7-aaf1-b342e4b94bb0", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/4c36c420-000a-11e7-8cd4-73b67e9e3f3c.json b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/4c36c420-000a-11e7-8cd4-73b67e9e3f3c.json new file mode 100644 index 00000000..d7ee33ad --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/4c36c420-000a-11e7-8cd4-73b67e9e3f3c.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"aggs\":[],\"listeners\":{},\"params\":{\"expression\":\".es(*, metric='avg:mysql.status.opened_tables').derivative().label(\\\"Opened tables\\\")\",\"interval\":\"1m\"},\"title\":\"MySQL table opens\",\"type\":\"timelion\"}", + "description": "", + "title": "MySQL table opens", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/a2175300-000a-11e7-b001-85aac4878445.json b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/a2175300-000a-11e7-b001-85aac4878445.json new file mode 100644 index 00000000..54e18d05 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/a2175300-000a-11e7-b001-85aac4878445.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"Mysql sent and received bytes\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(*,metric=\\\"avg:mysql.status.bytes.sent\\\").derivative().divide(1000).label(\\\"Sent bytes (KB)\\\"),.es(*,metric=\\\"avg:mysql.status.bytes.received\\\").derivative().multiply(-1).divide(1000).label(\\\"Received bytes (KB)\\\")\",\"interval\":\"1m\"},\"aggs\":[],\"listeners\":{}}", + "description": "", + "title": "Mysql sent and received bytes", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/e784dc50-0005-11e7-bf7f-c9acc3d3e306.json b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/e784dc50-0005-11e7-bf7f-c9acc3d3e306.json new file mode 100644 index 00000000..9df0e8d1 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/5.x/visualization/e784dc50-0005-11e7-bf7f-c9acc3d3e306.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"MySQL active connections\",\"type\":\"line\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mysql.status.connections\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}", + "description": "", + "title": "MySQL active connections", + "uiStateJSON": "{}", + "version": 1, + "savedSearchId": "67e88e60-0005-11e7-aaf1-b342e4b94bb0", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/default/dashboard/Metricbeat-mysql.json b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/default/dashboard/Metricbeat-mysql.json new file mode 100644 index 00000000..1e283b34 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/mysql/_meta/kibana/default/dashboard/Metricbeat-mysql.json @@ -0,0 +1,168 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "67e88e60-0005-11e7-aaf1-b342e4b94bb0", + "title": "MySQL active connections", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MySQL active connections\",\"type\":\"line\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mysql.status.connections\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "e784dc50-0005-11e7-bf7f-c9acc3d3e306", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "67e88e60-0005-11e7-aaf1-b342e4b94bb0", + "title": "MySQL open files", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MySQL open files\",\"type\":\"line\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mysql.status.open.files\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "0f506420-0006-11e7-bf7f-c9acc3d3e306", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "67e88e60-0005-11e7-aaf1-b342e4b94bb0", + "title": "MySQL open tables", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MySQL open tables\",\"type\":\"line\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mysql.status.open.files\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "1a99f2b0-0006-11e7-bf7f-c9acc3d3e306", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "67e88e60-0005-11e7-aaf1-b342e4b94bb0", + "title": "MySQL running threads", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MySQL running threads\",\"type\":\"line\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"mysql.status.threads.running\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "45a00c10-0006-11e7-bf7f-c9acc3d3e306", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "MySQL commands", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MySQL commands\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(*, metric='avg:mysql.status.command.select').derivative().label(\\\"SELECT\\\"),.es(*, metric='avg:mysql.status.command.insert').derivative().label(\\\"INSERT\\\"),.es(*, metric='avg:mysql.status.command.insert').derivative().label(\\\"UPDATE\\\"),.es(*, metric='avg:mysql.status.command.insert').derivative().label(\\\"DELETE\\\")\",\"interval\":\"1m\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "1eda2280-0008-11e7-82f3-2f380154876c", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "MySQL threads created", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MySQL threads created\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(*, metric='avg:mysql.status.threads.created').derivative().label(\\\"Threads created\\\")\",\"interval\":\"1m\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "1ede99e0-0009-11e7-8cd4-73b67e9e3f3c", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "MySQL table opens", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"aggs\":[],\"listeners\":{},\"params\":{\"expression\":\".es(*, metric='avg:mysql.status.opened_tables').derivative().label(\\\"Opened tables\\\")\",\"interval\":\"1m\"},\"title\":\"MySQL table opens\",\"type\":\"timelion\"}" + }, + "id": "4c36c420-000a-11e7-8cd4-73b67e9e3f3c", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Mysql sent and received bytes", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Mysql sent and received bytes\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(*,metric=\\\"avg:mysql.status.bytes.sent\\\").derivative().divide(1000).label(\\\"Sent bytes (KB)\\\"),.es(*,metric=\\\"avg:mysql.status.bytes.received\\\").derivative().multiply(-1).divide(1000).label(\\\"Received bytes (KB)\\\")\",\"interval\":\"1m\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "a2175300-000a-11e7-b001-85aac4878445", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"highlightAll\":true,\"query\":{\"query_string\":{\"query\":\"_exists_:mysql.status\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Metricbeat MySQL status", + "version": 1 + }, + "id": "67e88e60-0005-11e7-aaf1-b342e4b94bb0", + "type": "search", + "version": 4 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"e784dc50-0005-11e7-bf7f-c9acc3d3e306\",\"panelIndex\":1,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"0f506420-0006-11e7-bf7f-c9acc3d3e306\",\"panelIndex\":2,\"row\":7,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"1a99f2b0-0006-11e7-bf7f-c9acc3d3e306\",\"panelIndex\":3,\"row\":10,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"45a00c10-0006-11e7-bf7f-c9acc3d3e306\",\"panelIndex\":4,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"1eda2280-0008-11e7-82f3-2f380154876c\",\"panelIndex\":5,\"row\":1,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"1ede99e0-0009-11e7-8cd4-73b67e9e3f3c\",\"panelIndex\":7,\"row\":10,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"4c36c420-000a-11e7-8cd4-73b67e9e3f3c\",\"panelIndex\":8,\"row\":7,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":3,\"panelIndex\":9,\"type\":\"visualization\",\"id\":\"a2175300-000a-11e7-b001-85aac4878445\",\"col\":1,\"row\":13}]", + "timeRestore": false, + "title": "Metricbeat MySQL", + "uiStateJSON": "{}", + "version": 1 + }, + "id": "66881e90-0006-11e7-bf7f-c9acc3d3e306", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/mysql/status/status_test.go b/vendor/github.com/elastic/beats/metricbeat/module/mysql/status/status_test.go index ac73478b..c223151b 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/mysql/status/status_test.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/mysql/status/status_test.go @@ -1,6 +1,7 @@ package status import ( + "fmt" "testing" "github.com/elastic/beats/libbeat/common" @@ -72,7 +73,7 @@ func TestConfigValidation(t *testing.T) { t.Errorf("unexpected error in testcase %d: %v", i, err) continue } - if test.err != "" && assert.Error(t, err, "expected '%v' in testcase %d", test.err, i) { + if test.err != "" && assert.Error(t, err, fmt.Sprintf("expected '%v' in testcase %d", test.err, i)) { assert.Contains(t, err.Error(), test.err, "testcase %d", i) continue } diff --git a/vendor/github.com/elastic/beats/metricbeat/module/prometheus/collector/collector_test.go b/vendor/github.com/elastic/beats/metricbeat/module/prometheus/collector/collector_test.go index c6a1954d..2651efab 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/prometheus/collector/collector_test.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/prometheus/collector/collector_test.go @@ -51,6 +51,21 @@ func TestDecodeLine(t *testing.T) { }, }, }, + { + Line: `apiserver_request_count{client="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36",code="200",contentType="",resource="elasticsearchclusters",verb="LIST"} 1`, + Event: PromEvent{ + key: "apiserver_request_count", + value: int64(1), + labelHash: `client="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36",code="200",contentType="",resource="elasticsearchclusters",verb="LIST"`, + labels: common.MapStr{ + "client": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36", + "code": int64(200), + "contentType": "", + "resource": "elasticsearchclusters", + "verb": "LIST", + }, + }, + }, } for _, test := range tests { diff --git a/vendor/github.com/elastic/beats/metricbeat/module/prometheus/collector/data.go b/vendor/github.com/elastic/beats/metricbeat/module/prometheus/collector/data.go index 0f39e1d0..ea659d6e 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/prometheus/collector/data.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/prometheus/collector/data.go @@ -17,7 +17,8 @@ type PromEvent struct { // NewPromEvent creates a prometheus event based on the given string func NewPromEvent(line string) PromEvent { // Separate key and value - split := strings.Split(line, " ") + splitPos := strings.LastIndex(line, " ") + split := []string{line[:splitPos], line[splitPos+1:]} promEvent := PromEvent{ key: split[0], @@ -54,11 +55,11 @@ func extractLabels(labelsString string) common.MapStr { keyValuePairs := common.MapStr{} // Extract labels - labels := strings.Split(labelsString, ",") + labels := strings.Split(labelsString, "\",") for _, label := range labels { keyValue := strings.Split(label, "=") // Remove " from value - keyValue[1] = keyValue[1][1 : len(keyValue[1])-1] + keyValue[1] = strings.Trim(keyValue[1], "\"") // Converts value to int or float if needed keyValuePairs[keyValue[0]] = convertValue(keyValue[1]) diff --git a/vendor/github.com/elastic/beats/metricbeat/module/prometheus/stats/stats.go b/vendor/github.com/elastic/beats/metricbeat/module/prometheus/stats/stats.go index ad6b65dd..7864aa0f 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/prometheus/stats/stats.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/prometheus/stats/stats.go @@ -59,7 +59,10 @@ func (m *MetricSet) Fetch() (common.MapStr, error) { if line[0] == '#' || strings.Contains(line, "quantile=") { continue } - split := strings.Split(line, " ") + + splitPos := strings.LastIndex(line, " ") + split := []string{line[:splitPos], line[splitPos+1:]} + entries[split[0]] = split[1] } diff --git a/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/docs.asciidoc b/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/docs.asciidoc index 5262ebc8..1da255fc 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/docs.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/docs.asciidoc @@ -7,6 +7,7 @@ This module periodically fetches metrics from http://redis.io/[Redis] servers. The Redis module has these additional config options: +*`password`*:: The password to authenticate, by default it's empty. *`idle_timeout`*:: The duration to remain idle before closing connections. If the value is zero, then idle connections are not closed. The default value is 2 times the module period to allow a connection to be reused across diff --git a/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/dashboard/Metricbeat-Redis.json b/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/dashboard/Metricbeat-Redis.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/dashboard/Metricbeat-Redis.json rename to vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/dashboard/Metricbeat-Redis.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/search/Metricbeat-Redis.json b/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/search/Metricbeat-Redis.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/search/Metricbeat-Redis.json rename to vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/search/Metricbeat-Redis.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/visualization/Redis-Clients-Metrics.json b/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/visualization/Redis-Clients-Metrics.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/visualization/Redis-Clients-Metrics.json rename to vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/visualization/Redis-Clients-Metrics.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/visualization/Redis-Connected-clients.json b/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/visualization/Redis-Connected-clients.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/visualization/Redis-Connected-clients.json rename to vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/visualization/Redis-Connected-clients.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/visualization/Redis-Keyspaces.json b/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/visualization/Redis-Keyspaces.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/visualization/Redis-Keyspaces.json rename to vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/visualization/Redis-Keyspaces.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/visualization/Redis-Server-Versions.json b/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/visualization/Redis-Server-Versions.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/visualization/Redis-Server-Versions.json rename to vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/visualization/Redis-Server-Versions.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/visualization/Redis-hosts.json b/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/visualization/Redis-hosts.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/visualization/Redis-hosts.json rename to vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/visualization/Redis-hosts.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/visualization/Redis-multiplexing-API.json b/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/visualization/Redis-multiplexing-API.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/visualization/Redis-multiplexing-API.json rename to vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/visualization/Redis-multiplexing-API.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/visualization/Redis-server-mode.json b/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/visualization/Redis-server-mode.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/visualization/Redis-server-mode.json rename to vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/5.x/visualization/Redis-server-mode.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/default/dashboard/Metricbeat-redis.json b/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/default/dashboard/Metricbeat-redis.json new file mode 100644 index 00000000..5511a3ec --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/redis/_meta/kibana/default/dashboard/Metricbeat-redis.json @@ -0,0 +1,138 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Metricbeat-Redis", + "title": "Redis Clients Metrics", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Redis Clients Metrics\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"redis.info.clients.connected\",\"customLabel\":\"Connected clients\"}}],\"listeners\":{}}" + }, + "id": "Redis-Clients-Metrics", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Metricbeat-Redis", + "title": "Redis Connected clients", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Blocked\":\"#C15C17\"}}}", + "version": 1, + "visState": "{\"title\":\"Redis Connected clients\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"grouped\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"redis.info.clients.connected\",\"customLabel\":\"Connected\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"redis.info.clients.blocked\",\"customLabel\":\"Blocked\"}}],\"listeners\":{}}" + }, + "id": "Redis-Connected-clients", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Metricbeat-Redis", + "title": "Redis hosts", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"Redis hosts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"metricset.host\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"redis.info.server.uptime\",\"customLabel\":\"Uptime (s)\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"redis.info.server.process_id\",\"customLabel\":\"PID\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"redis.info.memory.used.peak\",\"customLabel\":\"Memory\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"redis.info.cpu.used.user\",\"customLabel\":\"CPU used (user)\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"redis.info.cpu.used.sys\",\"customLabel\":\"CPU used (system)\"}}],\"listeners\":{}}" + }, + "id": "Redis-hosts", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Metricbeat-Redis", + "title": "Redis Server Versions", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Redis Server Versions\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"metricset.host\",\"customLabel\":\"Hosts\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"redis.info.server.version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Multiplexing API\"}}],\"listeners\":{}}" + }, + "id": "Redis-Server-Versions", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Metricbeat-Redis", + "title": "Redis server mode", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Redis server mode\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"metricset.host\",\"customLabel\":\"Hosts\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"redis.info.server.mode\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server mode\"}}],\"listeners\":{}}" + }, + "id": "Redis-server-mode", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Metricbeat-Redis", + "title": "Redis multiplexing API", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Redis multiplexing API\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"metricset.host\",\"customLabel\":\"Hosts\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"redis.info.server.multiplexing_api\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Multiplexing API\"}}],\"listeners\":{}}" + }, + "id": "Redis-multiplexing-API", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Metricbeat-Redis", + "title": "Redis Keyspaces", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Redis Keyspaces\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"redis.keyspace.keys\",\"customLabel\":\"Number of keys\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"redis.keyspace.id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Keyspaces\"}}],\"listeners\":{}}" + }, + "id": "Redis-Keyspaces", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"metricset.module:redis\",\"analyze_wildcard\":true}}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Metricbeat Redis", + "version": 1 + }, + "id": "Metricbeat-Redis", + "type": "search", + "version": 7 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/config.full.yml b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/config.full.yml index b6b511c7..a0460dd4 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/config.full.yml +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/config.full.yml @@ -36,6 +36,11 @@ # if true, exports the CPU usage in ticks, together with the percentage values #cpu_ticks: false + # A list of filesystem types to ignore. The filesystem metricset will not + # collect data from filesystems matching any of the specified types, and + # fsstats will not include data from these filesystems in its summary stats. + #filesystem.ignore_types: [] + # Enable collection of cgroup metrics from processes on Linux. #process.cgroups.enabled: true diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/docs.asciidoc b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/docs.asciidoc index 22b08e32..a861aa9e 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/docs.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/docs.asciidoc @@ -44,9 +44,6 @@ metricbeat.modules: cpu_ticks: true ---- -It is strongly recommended to not run docker metricsets with a period smaller then 3 seconds. The request to the docker -API already takes up to 2s seconds. Otherwise all the requests would timeout and no data is reported. - [float] === Dashboard diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/CPU-slash-Memory-per-container.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/CPU-slash-Memory-per-container.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/CPU-slash-Memory-per-container.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/CPU-slash-Memory-per-container.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/Metricbeat-cpu.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/Metricbeat-cpu.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/Metricbeat-cpu.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/Metricbeat-cpu.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/Metricbeat-filesystem-per-Host.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/Metricbeat-filesystem-per-Host.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/Metricbeat-filesystem-per-Host.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/Metricbeat-filesystem-per-Host.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/Metricbeat-filesystem.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/Metricbeat-filesystem.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/Metricbeat-filesystem.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/Metricbeat-filesystem.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/Metricbeat-memory.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/Metricbeat-memory.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/Metricbeat-memory.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/Metricbeat-memory.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/Metricbeat-network.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/Metricbeat-network.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/Metricbeat-network.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/Metricbeat-network.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/Metricbeat-overview.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/Metricbeat-overview.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/Metricbeat-overview.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/Metricbeat-overview.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/Metricbeat-processes.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/Metricbeat-processes.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/Metricbeat-processes.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/Metricbeat-processes.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/Metricbeat-system-overview.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/Metricbeat-system-overview.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/dashboard/Metricbeat-system-overview.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/dashboard/Metricbeat-system-overview.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/Cpu-Load-stats.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/Cpu-Load-stats.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/Cpu-Load-stats.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/Cpu-Load-stats.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/Cpu-stats.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/Cpu-stats.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/Cpu-stats.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/Cpu-stats.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/Filesystem-stats.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/Filesystem-stats.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/Filesystem-stats.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/Filesystem-stats.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/Fsstats.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/Fsstats.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/Fsstats.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/Fsstats.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/Load-stats.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/Load-stats.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/Load-stats.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/Load-stats.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/Memory-stats.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/Memory-stats.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/Memory-stats.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/Memory-stats.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/Network-data.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/Network-data.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/Network-data.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/Network-data.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/Process-stats.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/Process-stats.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/Process-stats.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/Process-stats.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/System-stats.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/System-stats.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/search/System-stats.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/search/System-stats.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Available-Memory.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Available-Memory.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Available-Memory.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Available-Memory.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/CPU-Usage.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/CPU-Usage.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/CPU-Usage.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/CPU-Usage.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/CPU-usage-over-time.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/CPU-usage-over-time.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/CPU-usage-over-time.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/CPU-usage-over-time.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/CPU-usage-per-process.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/CPU-usage-per-process.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/CPU-usage-per-process.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/CPU-usage-per-process.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Container-Block-IO.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Container-Block-IO.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Container-Block-IO.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Container-Block-IO.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Container-CPU-usage.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Container-CPU-usage.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Container-CPU-usage.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Container-CPU-usage.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Container-Memory-stats.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Container-Memory-stats.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Container-Memory-stats.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Container-Memory-stats.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Disk-space-distribution.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Disk-space-distribution.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Disk-space-distribution.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Disk-space-distribution.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Disk-space-overview.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Disk-space-overview.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Disk-space-overview.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Disk-space-overview.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Disk-space.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Disk-space.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Disk-space.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Disk-space.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Disk-utilization-over-time.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Disk-utilization-over-time.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Disk-utilization-over-time.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Disk-utilization-over-time.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Free-disk-space-over-days.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Free-disk-space-over-days.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Free-disk-space-over-days.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Free-disk-space-over-days.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/In-vs-Out-Network-Bytes.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/In-vs-Out-Network-Bytes.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/In-vs-Out-Network-Bytes.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/In-vs-Out-Network-Bytes.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Memory-usage-over-time.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Memory-usage-over-time.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Memory-usage-over-time.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Memory-usage-over-time.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Memory-usage-per-process.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Memory-usage-per-process.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Memory-usage-per-process.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Memory-usage-per-process.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Memory-usage.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Memory-usage.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Memory-usage.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Memory-usage.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Network-Bytes.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Network-Bytes.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Network-Bytes.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Network-Bytes.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Network-Packetloss.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Network-Packetloss.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Network-Packetloss.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Network-Packetloss.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Number-of-Pids.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Number-of-Pids.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Number-of-Pids.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Number-of-Pids.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Number-of-processes-by-host.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Number-of-processes-by-host.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Number-of-processes-by-host.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Number-of-processes-by-host.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Number-of-processes-over-time.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Number-of-processes-over-time.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Number-of-processes-over-time.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Number-of-processes-over-time.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Number-of-processes.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Number-of-processes.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Number-of-processes.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Number-of-processes.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Packet-loss-on-interfaces.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Packet-loss-on-interfaces.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Packet-loss-on-interfaces.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Packet-loss-on-interfaces.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Process-state-by-host.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Process-state-by-host.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Process-state-by-host.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Process-state-by-host.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Servers-overview.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Servers-overview.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Servers-overview.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Servers-overview.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Swap-usage-over-time.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Swap-usage-over-time.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Swap-usage-over-time.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Swap-usage-over-time.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Swap-usage.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Swap-usage.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Swap-usage.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Swap-usage.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/System-Load-over-time.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/System-Load-over-time.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/System-Load-over-time.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/System-Load-over-time.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/System-Navigation.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/System-Navigation.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/System-Navigation.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/System-Navigation.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/System-load.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/System-load.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/System-load.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/System-load.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/System-overview-by-host.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/System-overview-by-host.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/System-overview-by-host.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/System-overview-by-host.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Top-10-interfaces.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Top-10-interfaces.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Top-10-interfaces.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Top-10-interfaces.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Top-disks-by-memory-usage.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Top-disks-by-memory-usage.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Top-disks-by-memory-usage.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Top-disks-by-memory-usage.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Top-hosts-by-CPU-usage.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Top-hosts-by-CPU-usage.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Top-hosts-by-CPU-usage.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Top-hosts-by-CPU-usage.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Top-hosts-by-disk-size.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Top-hosts-by-disk-size.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Top-hosts-by-disk-size.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Top-hosts-by-disk-size.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Top-hosts-by-memory-usage.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Top-hosts-by-memory-usage.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Top-hosts-by-memory-usage.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Top-hosts-by-memory-usage.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Top-processes-by-CPU-usage.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Top-processes-by-CPU-usage.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Top-processes-by-CPU-usage.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Top-processes-by-CPU-usage.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Top-processes-by-memory-usage.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Top-processes-by-memory-usage.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Top-processes-by-memory-usage.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Top-processes-by-memory-usage.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Total-Memory.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Total-Memory.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Total-Memory.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Total-Memory.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Total-files-over-days.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Total-files-over-days.json similarity index 100% rename from vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/visualization/Total-files-over-days.json rename to vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/5.x/visualization/Total-files-over-days.json diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/default/dashboard/Metricbeat-docker-overview.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/default/dashboard/Metricbeat-docker-overview.json new file mode 100644 index 00000000..5dcfb880 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/default/dashboard/Metricbeat-docker-overview.json @@ -0,0 +1,83 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Container CPU usage", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"Container CPU usage\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.cpuacct.stats.user.ns\",\"customLabel\":\"CPU user\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.cpu.cfs.quota.us\",\"customLabel\":\"CPU quota\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.process.cgroup.id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Container ID\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.cpu.stats.throttled.ns\",\"customLabel\":\"CPU throttling\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.cpuacct.stats.system.ns\",\"customLabel\":\"CPU kernel\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.process.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Process name\"}}],\"listeners\":{}}" + }, + "id": "Container-CPU-usage", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "System Navigation", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"System Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[System Overview](#/dashboard/Metricbeat-system-overview) | [Host Overview (requires Kibana =\u003e 5.4)](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8) |\\n[Docker containers overview](#/dashboard/CPU-slash-Memory-per-container)\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "System-Navigation", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Container Memory stats", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"Container Memory stats\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"13\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.memory.mem.usage.bytes\",\"customLabel\":\"Usage\"}},{\"id\":\"14\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.memory.mem.usage.max.bytes\",\"customLabel\":\"Max usage\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.memory.stats.page_faults\",\"customLabel\":\"Page faults\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.memory.stats.pages_in\",\"customLabel\":\"Pages in memory\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.memory.stats.pages_out\",\"customLabel\":\"Pages out of memory\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.process.cgroup.id\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Container ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.memory.stats.inactive_file.bytes\",\"customLabel\":\"Inactive files\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.memory.stats.major_page_faults\",\"customLabel\":\"# Major page faults\"}},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.process.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Process name\"}},{\"id\":\"12\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.memory.mem.failures\",\"customLabel\":\"Failures\"}},{\"id\":\"10\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.memory.kmem_tcp.usage.bytes\",\"customLabel\":\"TCP buffers\"}},{\"id\":\"11\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.memory.stats.rss_huge.bytes\",\"customLabel\":\"Huge pages\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.memory.stats.rss.bytes\",\"customLabel\":\"Swap caches\"}},{\"id\":\"15\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.memory.stats.swap.bytes\",\"customLabel\":\"Swap usage\"}},{\"id\":\"16\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.cgroup.blkio.total.ios\",\"customLabel\":\"Block I/O\"}}],\"listeners\":{}}" + }, + "id": "Container-Memory-stats", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Container Block IO", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Total\",\"field\":\"system.process.cgroup.blkio.total.bytes\"},\"schema\":\"metric\",\"type\":\"avg\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"I/O\",\"field\":\"system.process.cgroup.blkio.total.ios\"},\"schema\":\"metric\",\"type\":\"avg\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Container ID\",\"field\":\"system.process.cgroup.id\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Process name\",\"field\":\"system.process.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Container Block IO\",\"type\":\"table\"}" + }, + "id": "Container-Block-IO", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"Container-CPU-usage\",\"panelIndex\":2,\"row\":2,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"System-Navigation\",\"panelIndex\":3,\"row\":1,\"size_x\":12,\"size_y\":1,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Container-Memory-stats\",\"panelIndex\":4,\"row\":5,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Container-Block-IO\",\"panelIndex\":5,\"row\":8,\"size_x\":12,\"size_y\":4,\"type\":\"visualization\"}]", + "timeRestore": false, + "title": "Metricbeat CPU/Memory per container", + "uiStateJSON": "{\"P-2\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-4\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "version": 1 + }, + "id": "CPU-slash-Memory-per-container", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/default/dashboard/Metricbeat-host-overview.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/default/dashboard/Metricbeat-host-overview.json new file mode 100644 index 00000000..43c3fd48 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/default/dashboard/Metricbeat-host-overview.json @@ -0,0 +1,375 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Mericbeat: Network Traffic (Packets)", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Mericbeat: Network Traffic (Packets)\",\"type\":\"metrics\",\"params\":{\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"timeseries\",\"series\":[{\"id\":\"da1046f1-faa0-11e6-86b1-cd7735ff7e23\",\"color\":\"rgba(0,156,224,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"da1046f2-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"max\",\"field\":\"system.network.in.packets\"},{\"unit\":\"1s\",\"id\":\"f41f9280-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"derivative\",\"field\":\"da1046f2-faa0-11e6-86b1-cd7735ff7e23\"},{\"unit\":\"\",\"id\":\"c0da3d80-1b93-11e7-8ada-3df93aab833e\",\"type\":\"positive_only\",\"field\":\"f41f9280-faa0-11e6-86b1-cd7735ff7e23\"},{\"id\":\"ecaad010-2c2c-11e7-be71-3162da85303f\",\"type\":\"series_agg\",\"function\":\"sum\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.[00]a\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Inbound\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"system.network.name\"},{\"id\":\"fbbd5720-faa0-11e6-86b1-cd7735ff7e23\",\"color\":\"rgba(250,40,255,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"fbbd7e30-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"max\",\"field\":\"system.network.out.packets\"},{\"unit\":\"1s\",\"id\":\"fbbd7e31-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"derivative\",\"field\":\"fbbd7e30-faa0-11e6-86b1-cd7735ff7e23\"},{\"script\":\"params.rate != null \u0026\u0026 params.rate \u003e 0 ? params.rate * -1 : null\",\"id\":\"17e597a0-faa1-11e6-86b1-cd7735ff7e23\",\"type\":\"calculation\",\"variables\":[{\"id\":\"1940bad0-faa1-11e6-86b1-cd7735ff7e23\",\"name\":\"rate\",\"field\":\"fbbd7e31-faa0-11e6-86b1-cd7735ff7e23\"}]},{\"id\":\"fe5fbdc0-2c2c-11e7-be71-3162da85303f\",\"type\":\"series_agg\",\"function\":\"sum\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.[00]a\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"system.network.name\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"filter\":\"-system.network.name:l*\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "6b7b9a40-faa1-11e6-86b1-cd7735ff7e23", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: System Load", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: System Load\",\"type\":\"metrics\",\"params\":{\"id\":\"f6264ad0-1b14-11e7-b09e-037021c4f8df\",\"type\":\"timeseries\",\"series\":[{\"id\":\"f62671e0-1b14-11e7-b09e-037021c4f8df\",\"color\":\"rgba(115,216,255,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"f62671e1-1b14-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.load.1\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":1,\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"1m\"},{\"id\":\"1c324850-1b15-11e7-b09e-037021c4f8df\",\"color\":\"rgba(0,156,224,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"1c324851-1b15-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.load.5\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"5m\"},{\"id\":\"3287e740-1b15-11e7-b09e-037021c4f8df\",\"color\":\"rgba(0,98,177,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"32880e50-1b15-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.load.15\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"15m\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1},\"aggs\":[],\"listeners\":{}}" + }, + "id": "4d546850-1b15-11e7-b09e-037021c4f8df", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Mericbeat: Network Traffic (Bytes)", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Mericbeat: Network Traffic (Bytes)\",\"type\":\"metrics\",\"params\":{\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"timeseries\",\"series\":[{\"id\":\"da1046f1-faa0-11e6-86b1-cd7735ff7e23\",\"color\":\"rgba(0,156,224,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"da1046f2-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"max\",\"field\":\"system.network.in.bytes\"},{\"unit\":\"1s\",\"id\":\"f41f9280-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"derivative\",\"field\":\"da1046f2-faa0-11e6-86b1-cd7735ff7e23\"},{\"unit\":\"\",\"id\":\"a87398e0-1b93-11e7-8ada-3df93aab833e\",\"type\":\"positive_only\",\"field\":\"f41f9280-faa0-11e6-86b1-cd7735ff7e23\"},{\"id\":\"2d533df0-2c2d-11e7-be71-3162da85303f\",\"type\":\"series_agg\",\"function\":\"sum\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Inbound \",\"value_template\":\"{{value}}/s\",\"terms_field\":\"system.network.name\"},{\"id\":\"fbbd5720-faa0-11e6-86b1-cd7735ff7e23\",\"color\":\"rgba(250,40,255,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"fbbd7e30-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"max\",\"field\":\"system.network.out.bytes\"},{\"unit\":\"1s\",\"id\":\"fbbd7e31-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"derivative\",\"field\":\"fbbd7e30-faa0-11e6-86b1-cd7735ff7e23\"},{\"script\":\"params.rate != null \u0026\u0026 params.rate \u003e 0 ? params.rate * -1 : null\",\"id\":\"17e597a0-faa1-11e6-86b1-cd7735ff7e23\",\"type\":\"calculation\",\"variables\":[{\"id\":\"1940bad0-faa1-11e6-86b1-cd7735ff7e23\",\"name\":\"rate\",\"field\":\"fbbd7e31-faa0-11e6-86b1-cd7735ff7e23\"}]},{\"id\":\"533da9b0-2c2d-11e7-be71-3162da85303f\",\"type\":\"series_agg\",\"function\":\"sum\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound \",\"value_template\":\"{{value}}/s\",\"terms_field\":\"system.network.name\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"filter\":\"-system.network.name:l*\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "089b85d0-1b16-11e7-b09e-037021c4f8df", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: Memory Usage", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: Memory Usage\",\"type\":\"metrics\",\"params\":{\"id\":\"32f46f40-1b16-11e7-b09e-037021c4f8df\",\"type\":\"timeseries\",\"series\":[{\"id\":\"4ff61fd0-1b16-11e7-b09e-037021c4f8df\",\"color\":\"rgba(211,49,21,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"4ff61fd1-1b16-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.memory.actual.used.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Used\"},{\"id\":\"753a6080-1b16-11e7-b09e-037021c4f8df\",\"color\":\"rgba(0,156,224,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"753a6081-1b16-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.memory.actual.used.bytes\"},{\"id\":\"7c9d3f00-1b16-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.memory.used.bytes\"},{\"script\":\"params.actual != null \u0026\u0026 params.used != null ? params.used - params.actual : null\",\"id\":\"869cc160-1b16-11e7-b09e-037021c4f8df\",\"type\":\"calculation\",\"variables\":[{\"id\":\"890f9620-1b16-11e7-b09e-037021c4f8df\",\"name\":\"actual\",\"field\":\"753a6081-1b16-11e7-b09e-037021c4f8df\"},{\"id\":\"8f3ab7f0-1b16-11e7-b09e-037021c4f8df\",\"name\":\"used\",\"field\":\"7c9d3f00-1b16-11e7-b09e-037021c4f8df\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Cache\"},{\"id\":\"32f46f41-1b16-11e7-b09e-037021c4f8df\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"32f46f42-1b16-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.memory.free\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Free\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1},\"aggs\":[],\"listeners\":{}}" + }, + "id": "bfa5e400-1b16-11e7-b09e-037021c4f8df", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: Top Processes By CPU", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: Top Processes By CPU\",\"type\":\"metrics\",\"params\":{\"id\":\"5f5b8d50-1b18-11e7-b09e-037021c4f8df\",\"type\":\"top_n\",\"series\":[{\"id\":\"5f5b8d51-1b18-11e7-b09e-037021c4f8df\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"5f5b8d52-1b18-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.process.cpu.total.pct\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"system.process.name\",\"terms_order_by\":\"5f5b8d52-1b18-11e7-b09e-037021c4f8df\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"bar_color_rules\":[{\"value\":0,\"id\":\"60e11be0-1b18-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(104,188,0,1)\",\"opperator\":\"gte\"}],\"drilldown_url\":\"\",\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "e0f001c0-1b18-11e7-b09e-037021c4f8df", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: Processes By Memory", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: Processes By Memory\",\"type\":\"metrics\",\"params\":{\"id\":\"edfceb30-1b18-11e7-b09e-037021c4f8df\",\"type\":\"top_n\",\"series\":[{\"id\":\"edfceb31-1b18-11e7-b09e-037021c4f8df\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"edfceb32-1b18-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.process.memory.rss.pct\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"system.process.name\",\"terms_order_by\":\"edfceb32-1b18-11e7-b09e-037021c4f8df\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"bar_color_rules\":[{\"value\":0,\"id\":\"efb9b660-1b18-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(104,188,0,1)\",\"opperator\":\"gte\"},{\"value\":0.7,\"id\":\"17fcb820-1b19-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(254,146,0,1)\",\"opperator\":\"gte\"},{\"value\":0.85,\"id\":\"1dd61070-1b19-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(211,49,21,1)\",\"opperator\":\"gte\"}],\"drilldown_url\":\"\",\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "2e224660-1b19-11e7-b09e-037021c4f8df", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: CPU Usage", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: CPU Usage\",\"type\":\"metrics\",\"params\":{\"id\":\"80a04950-1b19-11e7-b09e-037021c4f8df\",\"type\":\"timeseries\",\"series\":[{\"id\":\"80a04951-1b19-11e7-b09e-037021c4f8df\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"80a04952-1b19-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.cpu.user.pct\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"user\"},{\"id\":\"993acf30-1b19-11e7-b09e-037021c4f8df\",\"color\":\"rgba(211,49,21,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"993acf31-1b19-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.cpu.system.pct\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"system\"},{\"id\":\"65ca35e0-1b1a-11e7-b09e-037021c4f8df\",\"color\":\"rgba(123,100,255,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"65ca5cf0-1b1a-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.cpu.nice.pct\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"nice\"},{\"id\":\"741b5f20-1b1a-11e7-b09e-037021c4f8df\",\"color\":\"rgba(226,115,0,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"741b5f21-1b1a-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.cpu.irq.pct\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"irq\"},{\"id\":\"2efc5d40-1b1a-11e7-b09e-037021c4f8df\",\"color\":\"rgba(176,188,0,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"2efc5d41-1b1a-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.cpu.softirq.pct\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"softirq\"},{\"id\":\"ae644a30-1b19-11e7-b09e-037021c4f8df\",\"color\":\"rgba(15,20,25,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"ae644a31-1b19-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.cpu.iowait.pct\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"iowait\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1},\"aggs\":[],\"listeners\":{}}" + }, + "id": "ab2d1e90-1b1a-11e7-b09e-037021c4f8df", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: Disk IO (Bytes)", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: Disk IO (Bytes)\",\"type\":\"metrics\",\"params\":{\"id\":\"d3c67db0-1b1a-11e7-b09e-037021c4f8df\",\"type\":\"timeseries\",\"series\":[{\"id\":\"d3c67db1-1b1a-11e7-b09e-037021c4f8df\",\"color\":\"rgba(22,165,165,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"d3c67db2-1b1a-11e7-b09e-037021c4f8df\",\"type\":\"max\",\"field\":\"system.diskio.read.bytes\"},{\"unit\":\"1s\",\"id\":\"f55b9910-1b1a-11e7-b09e-037021c4f8df\",\"type\":\"derivative\",\"field\":\"d3c67db2-1b1a-11e7-b09e-037021c4f8df\"},{\"unit\":\"\",\"id\":\"dcbbb100-1b93-11e7-8ada-3df93aab833e\",\"type\":\"positive_only\",\"field\":\"f55b9910-1b1a-11e7-b09e-037021c4f8df\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"reads\",\"value_template\":\"{{value}}/s\"},{\"id\":\"144124d0-1b1b-11e7-b09e-037021c4f8df\",\"color\":\"rgba(251,158,0,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"144124d1-1b1b-11e7-b09e-037021c4f8df\",\"type\":\"max\",\"field\":\"system.diskio.write.bytes\"},{\"unit\":\"1s\",\"id\":\"144124d2-1b1b-11e7-b09e-037021c4f8df\",\"type\":\"derivative\",\"field\":\"144124d1-1b1b-11e7-b09e-037021c4f8df\"},{\"script\":\"params.rate \u003e 0 ? params.rate * -1 : 0\",\"id\":\"144124d4-1b1b-11e7-b09e-037021c4f8df\",\"type\":\"calculation\",\"variables\":[{\"id\":\"144124d3-1b1b-11e7-b09e-037021c4f8df\",\"name\":\"rate\",\"field\":\"144124d2-1b1b-11e7-b09e-037021c4f8df\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"writes\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "4e4bb1e0-1b1b-11e7-b09e-037021c4f8df", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: 5m Load Gauge", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: 5m Load Gauge\",\"type\":\"metrics\",\"params\":{\"id\":\"fdcc6180-1b90-11e7-bec4-a5e9ec5cab8b\",\"type\":\"gauge\",\"series\":[{\"id\":\"fdcc6181-1b90-11e7-bec4-a5e9ec5cab8b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"fdcc6182-1b90-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\",\"field\":\"system.load.5\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"5m Load\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"id\":\"feefabd0-1b90-11e7-bec4-a5e9ec5cab8b\"}],\"gauge_color_rules\":[{\"id\":\"ffd94880-1b90-11e7-bec4-a5e9ec5cab8b\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "26732e20-1b91-11e7-bec4-a5e9ec5cab8b", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: CPU Usage Gauge", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: CPU Usage Gauge\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"filter\":\"\",\"gauge_color_rules\":[{\"gauge\":\"rgba(104,188,0,1)\",\"id\":\"4ef2c3b0-1b91-11e7-bec4-a5e9ec5cab8b\",\"opperator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(254,146,0,1)\",\"id\":\"e6561ae0-1b91-11e7-bec4-a5e9ec5cab8b\",\"opperator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(211,49,21,1)\",\"id\":\"ec655040-1b91-11e7-bec4-a5e9ec5cab8b\",\"opperator\":\"gte\",\"value\":0.85}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"4c9e2550-1b91-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4c9e2551-1b91-11e7-bec4-a5e9ec5cab8b\",\"label\":\"CPU Usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.cpu.user.pct\",\"id\":\"4c9e2552-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\"},{\"field\":\"system.cpu.system.pct\",\"id\":\"225c2140-5fd7-11e7-a63a-a937b7c1a7e1\",\"type\":\"avg\"},{\"field\":\"system.cpu.cores\",\"id\":\"837a30c0-5fd7-11e7-a63a-a937b7c1a7e1\",\"type\":\"avg\"},{\"script\":\"params.n \u003e 0 ? (params.user+params.system)/params.n : null\",\"id\":\"587aa510-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"calculation\",\"variables\":[{\"field\":\"4c9e2552-1b91-11e7-bec4-a5e9ec5cab8b\",\"id\":\"5a19af10-1b91-11e7-bec4-a5e9ec5cab8b\",\"name\":\"user\"},{\"field\":\"225c2140-5fd7-11e7-a63a-a937b7c1a7e1\",\"id\":\"32b54f80-5fd7-11e7-a63a-a937b7c1a7e1\",\"name\":\"system\"},{\"field\":\"837a30c0-5fd7-11e7-a63a-a937b7c1a7e1\",\"id\":\"8ba6eef0-5fd7-11e7-a63a-a937b7c1a7e1\",\"name\":\"n\"}]}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"gauge\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "83e12df0-1b91-11e7-bec4-a5e9ec5cab8b", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: Memory Usage Gauge", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: Memory Usage Gauge\",\"type\":\"metrics\",\"params\":{\"id\":\"9f51b730-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"gauge\",\"series\":[{\"id\":\"9f51b731-1b91-11e7-bec4-a5e9ec5cab8b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"9f51b732-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\",\"field\":\"system.memory.actual.used.pct\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Memory Usage\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"gauge_color_rules\":[{\"value\":0,\"id\":\"a0d522e0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(104,188,0,1)\",\"opperator\":\"gte\"},{\"value\":0.7,\"id\":\"b45ad8f0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\",\"opperator\":\"gte\"},{\"value\":0.85,\"id\":\"c06e9550-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\",\"opperator\":\"gte\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_max\":\"1\",\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "d3166e80-1b91-11e7-bec4-a5e9ec5cab8b", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: Inbound Traffic Metric", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: Inbound Traffic Metric\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"filter\":\"-system.network.name:l*\",\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Inbound Traffic\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f2074f70-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"id\":\"c40e18f0-2c55-11e7-a0ad-277ce466684d\",\"type\":\"series_agg\",\"function\":\"sum\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"system.network.name\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Total Transfered\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"\"},{\"unit\":\"\",\"id\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"field\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\"},{\"sigma\":\"\",\"field\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"id\":\"3e63c2f0-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"series_agg\",\"function\":\"overall_sum\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"value_template\":\"{{value}}\",\"terms_field\":\"system.network.name\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "522ee670-1b92-11e7-bec4-a5e9ec5cab8b", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: Outbound Traffic Metric", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: Outbound Traffic Metric\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"filter\":\"-system.network.name:l*\",\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Outbound Traffic\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f2074f70-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"id\":\"a1737470-2c55-11e7-a0ad-277ce466684d\",\"type\":\"series_agg\",\"function\":\"sum\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"system.network.name\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Total Transfered\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"\"},{\"unit\":\"\",\"id\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"field\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\"},{\"sigma\":\"\",\"field\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"id\":\"3e63c2f0-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"series_agg\",\"function\":\"overall_sum\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"value_template\":\"{{value}}\",\"terms_field\":\"system.network.name\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "1aae9140-1b93-11e7-8ada-3df93aab833e", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: Disk Usage", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: Disk Usage\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"bar_color_rules\":[{\"bar_color\":\"rgba(104,188,0,1)\",\"id\":\"bf525310-1b95-11e7-8ada-3df93aab833e\",\"opperator\":\"gte\",\"value\":0},{\"bar_color\":\"rgba(254,146,0,1)\",\"id\":\"125fc4c0-1b96-11e7-8ada-3df93aab833e\",\"opperator\":\"gte\",\"value\":0.7},{\"bar_color\":\"rgba(211,49,21,1)\",\"id\":\"1a5c7240-1b96-11e7-8ada-3df93aab833e\",\"opperator\":\"gte\",\"value\":0.85}],\"drilldown_url\":\"\",\"filter\":\"-system.filesystem.mount_point:\\\\/run* AND -system.filesystem.mount_point:\\\\/sys* AND -system.filesystem.mount_point:\\\\/dev* AND -system.filesystem.mount_point:\\\\/proc* AND -system.filesystem.mount_point:\\\\/var* AND -system.filesystem.mount_point:\\\\/boot\",\"id\":\"9f7e48a0-1b95-11e7-8ada-3df93aab833e\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"9f7e48a1-1b95-11e7-8ada-3df93aab833e\",\"line_width\":1,\"metrics\":[{\"field\":\"system.filesystem.used.pct\",\"id\":\"9f7e48a2-1b95-11e7-8ada-3df93aab833e\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.filesystem.mount_point\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "34f97ee0-1b96-11e7-8ada-3df93aab833e", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Warning", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Warning\",\"type\":\"markdown\",\"params\":{\"markdown\":\"**This dashboard is only compatible with Kibana 5.4 and above. **\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "aa984970-1e0b-11e7-852e-cdcfcfdffddd", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "System Navigation", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"System Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[System Overview](#/dashboard/Metricbeat-system-overview) | [Host Overview (requires Kibana =\u003e 5.4)](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8) |\\n[Docker containers overview](#/dashboard/CPU-slash-Memory-per-container)\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "System-Navigation", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Swap usage", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Swap usage\",\"type\":\"metrics\",\"params\":{\"id\":\"cee2fd20-4d59-11e7-aee5-fdc812cc3bec\",\"type\":\"gauge\",\"series\":[{\"id\":\"cee2fd21-4d59-11e7-aee5-fdc812cc3bec\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"cee2fd22-4d59-11e7-aee5-fdc812cc3bec\",\"type\":\"avg\",\"field\":\"system.memory.swap.used.pct\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Swap usage\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"gauge_color_rules\":[{\"value\":0,\"id\":\"d17c1e90-4d59-11e7-aee5-fdc812cc3bec\",\"gauge\":\"rgba(104,188,0,1)\",\"opperator\":\"gte\"},{\"value\":0.7,\"id\":\"fc1d3490-4d59-11e7-aee5-fdc812cc3bec\",\"gauge\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"},{\"value\":0.85,\"id\":\"0e204240-4d5a-11e7-aee5-fdc812cc3bec\",\"gauge\":\"rgba(211,49,21,1)\",\"opperator\":\"gte\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_max\":\"\",\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "19e123b0-4d5a-11e7-aee5-fdc812cc3bec", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Memory usage vs total", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Memory usage vs total\",\"type\":\"metrics\",\"params\":{\"id\":\"6bc65720-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"metric\",\"series\":[{\"id\":\"6bc65721-4d5c-11e7-aa29-87a97a796de6\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"6bc65722-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"avg\",\"field\":\"system.memory.actual.used.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Memory usage\"},{\"id\":\"b8fe6820-4d5c-11e7-aa29-87a97a796de6\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"b8fe6821-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"avg\",\"field\":\"system.memory.total\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Memory\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"id\":\"6f7618b0-4d5c-11e7-aa29-87a97a796de6\"}]},\"aggs\":[],\"listeners\":{}}" + }, + "id": "d2e80340-4d5c-11e7-aa29-87a97a796de6", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Disk used", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Disk used\",\"type\":\"metrics\",\"params\":{\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"type\":\"gauge\",\"series\":[{\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"type\":\"avg\",\"field\":\"system.fsstat.total_size.used\"},{\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"type\":\"avg\",\"field\":\"system.fsstat.total_size.total\"},{\"script\":\"params.total != null \u0026\u0026 params.total \u003e 0 ? params.used/params.total : null\",\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\",\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Disk used\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"gauge_color_rules\":[{\"value\":0,\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"gauge\":\"rgba(104,188,0,1)\",\"opperator\":\"gte\"},{\"value\":0.7,\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"gauge\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"},{\"value\":0.85,\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"gauge\":\"rgba(211,49,21,1)\",\"opperator\":\"gte\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_max\":\"1\",\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "825fdb80-4d1d-11e7-b5f2-2b7c1895bf32", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Packetloss", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Packetloss\",\"type\":\"metrics\",\"params\":{\"id\":\"6984af10-4d5d-11e7-aa29-87a97a796de6\",\"type\":\"metric\",\"series\":[{\"id\":\"6984af11-4d5d-11e7-aa29-87a97a796de6\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"6984af12-4d5d-11e7-aa29-87a97a796de6\",\"type\":\"max\",\"field\":\"system.network.in.dropped\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"In Packetloss\"},{\"id\":\"ac2e6b30-4d5d-11e7-aa29-87a97a796de6\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"ac2e6b31-4d5d-11e7-aa29-87a97a796de6\",\"type\":\"max\",\"field\":\"system.network.out.dropped\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Out Packetloss\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"background_color_rules\":[{\"id\":\"6ba9b1f0-4d5d-11e7-aa29-87a97a796de6\"}]},\"aggs\":[],\"listeners\":{}}" + }, + "id": "96976150-4d5d-11e7-aa29-87a97a796de6", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: Interfaces by Incoming traffic", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: Interfaces by Incoming traffic\",\"type\":\"metrics\",\"params\":{\"id\":\"42ceae90-4d60-11e7-9a4c-ed99bbcaa42b\",\"type\":\"top_n\",\"series\":[{\"id\":\"42ced5a0-4d60-11e7-9a4c-ed99bbcaa42b\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"42ced5a1-4d60-11e7-9a4c-ed99bbcaa42b\",\"type\":\"avg\",\"field\":\"system.network.in.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Interfaces by Incoming traffic\",\"terms_field\":\"system.network.name\",\"terms_order_by\":\"42ced5a1-4d60-11e7-9a4c-ed99bbcaa42b\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"bar_color_rules\":[{\"id\":\"44596d40-4d60-11e7-9a4c-ed99bbcaa42b\"}]},\"aggs\":[],\"listeners\":{}}" + }, + "id": "99381c80-4d60-11e7-9a4c-ed99bbcaa42b", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: Interfaces by Outgoing traffic", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: Interfaces by Outgoing traffic\",\"type\":\"metrics\",\"params\":{\"id\":\"9cdba910-4d60-11e7-9a4c-ed99bbcaa42b\",\"type\":\"top_n\",\"series\":[{\"id\":\"9cdba911-4d60-11e7-9a4c-ed99bbcaa42b\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"9cdba912-4d60-11e7-9a4c-ed99bbcaa42b\",\"type\":\"avg\",\"field\":\"system.network.out.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"terms_order_by\":\"9cdba912-4d60-11e7-9a4c-ed99bbcaa42b\",\"label\":\"Interfaces by Outgoing traffic\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"bar_color_rules\":[{\"id\":\"9db20be0-4d60-11e7-9a4c-ed99bbcaa42b\"}]},\"aggs\":[],\"listeners\":{}}" + }, + "id": "c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Number of processes", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "version": 1, + "visState": "{\"title\":\"Number of processes\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"system.process.pid\",\"customLabel\":\"Processes\"}}],\"listeners\":{}}" + }, + "id": "590a60f0-5d87-11e7-8884-1bb4c3b890e4", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"beat.hostname:\\\"mar.local\\\"\"}}}],\"highlightAll\":true,\"version\":true}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"6b7b9a40-faa1-11e6-86b1-cd7735ff7e23\",\"panelIndex\":1,\"row\":12,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"4d546850-1b15-11e7-b09e-037021c4f8df\",\"panelIndex\":2,\"row\":6,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"089b85d0-1b16-11e7-b09e-037021c4f8df\",\"panelIndex\":3,\"row\":12,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"bfa5e400-1b16-11e7-b09e-037021c4f8df\",\"panelIndex\":4,\"row\":9,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"e0f001c0-1b18-11e7-b09e-037021c4f8df\",\"panelIndex\":5,\"row\":15,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"2e224660-1b19-11e7-b09e-037021c4f8df\",\"panelIndex\":6,\"row\":15,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"ab2d1e90-1b1a-11e7-b09e-037021c4f8df\",\"panelIndex\":7,\"row\":6,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"4e4bb1e0-1b1b-11e7-b09e-037021c4f8df\",\"panelIndex\":8,\"row\":9,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"26732e20-1b91-11e7-bec4-a5e9ec5cab8b\",\"panelIndex\":9,\"row\":2,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"83e12df0-1b91-11e7-bec4-a5e9ec5cab8b\",\"panelIndex\":10,\"row\":2,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":3,\"id\":\"d3166e80-1b91-11e7-bec4-a5e9ec5cab8b\",\"panelIndex\":11,\"row\":2,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"522ee670-1b92-11e7-bec4-a5e9ec5cab8b\",\"panelIndex\":12,\"row\":2,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":9,\"id\":\"1aae9140-1b93-11e7-8ada-3df93aab833e\",\"panelIndex\":13,\"row\":2,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":9,\"id\":\"34f97ee0-1b96-11e7-8ada-3df93aab833e\",\"panelIndex\":14,\"row\":4,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":10,\"id\":\"aa984970-1e0b-11e7-852e-cdcfcfdffddd\",\"panelIndex\":15,\"row\":1,\"size_x\":3,\"size_y\":1,\"type\":\"visualization\"},{\"col\":1,\"id\":\"System-Navigation\",\"panelIndex\":16,\"row\":1,\"size_x\":9,\"size_y\":1,\"type\":\"visualization\"},{\"col\":1,\"id\":\"19e123b0-4d5a-11e7-aee5-fdc812cc3bec\",\"panelIndex\":21,\"row\":4,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":3,\"id\":\"d2e80340-4d5c-11e7-aa29-87a97a796de6\",\"panelIndex\":22,\"row\":4,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"825fdb80-4d1d-11e7-b5f2-2b7c1895bf32\",\"panelIndex\":23,\"row\":4,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":11,\"id\":\"96976150-4d5d-11e7-aa29-87a97a796de6\",\"panelIndex\":25,\"row\":2,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"99381c80-4d60-11e7-9a4c-ed99bbcaa42b\",\"panelIndex\":27,\"row\":18,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b\",\"panelIndex\":28,\"row\":18,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"590a60f0-5d87-11e7-8884-1bb4c3b890e4\",\"panelIndex\":29,\"row\":4,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"}]", + "refreshInterval": { + "display": "Off", + "pause": false, + "value": 0 + }, + "timeFrom": "now-15m", + "timeRestore": true, + "timeTo": "now", + "title": "Metricbeat host overview", + "uiStateJSON": "{\"P-29\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}", + "version": 1 + }, + "id": "79ffd6e0-faa0-11e6-947f-177f697178b8", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/default/dashboard/Metricbeat-system-overview.json b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/default/dashboard/Metricbeat-system-overview.json new file mode 100644 index 00000000..a0516f18 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/_meta/kibana/default/dashboard/Metricbeat-system-overview.json @@ -0,0 +1,188 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "System Navigation", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"System Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[System Overview](#/dashboard/Metricbeat-system-overview) | [Host Overview (requires Kibana =\u003e 5.4)](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8) |\\n[Docker containers overview](#/dashboard/CPU-slash-Memory-per-container)\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "System-Navigation", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Number of hosts", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "version": 1, + "visState": "{\"title\":\"Number of hosts\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"63\",\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"beat.hostname\",\"customLabel\":\"Number of hosts\"}}],\"listeners\":{}}" + }, + "id": "c6f2ffd0-4d17-11e7-a196-69b9a7a020a9", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Top Hosts By Memory (Realtime)", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Top Hosts By Memory (Realtime)\",\"type\":\"metrics\",\"params\":{\"id\":\"31e5afa0-1b1c-11e7-b09e-037021c4f8df\",\"type\":\"top_n\",\"series\":[{\"id\":\"31e5afa1-1b1c-11e7-b09e-037021c4f8df\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.memory.actual.used.pct\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"beat.hostname\",\"terms_order_by\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"terms_size\":\"10\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"bar_color_rules\":[{\"value\":0,\"id\":\"33349dd0-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(104,188,0,1)\",\"opperator\":\"gte\"},{\"value\":0.6,\"id\":\"997dc440-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(254,146,0,1)\",\"opperator\":\"gte\"},{\"value\":0.85,\"id\":\"a10d7f20-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(211,49,21,1)\",\"opperator\":\"gte\"}],\"drilldown_url\":\"../app/kibana#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8?_a=(query:(query_string:(analyze_wildcard:!t,query:'beat.hostname:\\\"{{key}}\\\"')))\",\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "fe064790-1b1f-11e7-bec4-a5e9ec5cab8b", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Top Hosts By CPU (Realtime)", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Top Hosts By CPU (Realtime)\",\"type\":\"metrics\",\"params\":{\"id\":\"31e5afa0-1b1c-11e7-b09e-037021c4f8df\",\"type\":\"top_n\",\"series\":[{\"id\":\"31e5afa1-1b1c-11e7-b09e-037021c4f8df\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"type\":\"avg\",\"field\":\"system.cpu.user.pct\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"beat.hostname\",\"terms_order_by\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"terms_size\":\"10\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"bar_color_rules\":[{\"value\":0,\"id\":\"33349dd0-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(104,188,0,1)\",\"opperator\":\"gte\"},{\"value\":0.6,\"id\":\"997dc440-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(254,146,0,1)\",\"opperator\":\"gte\"},{\"value\":0.85,\"id\":\"a10d7f20-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(211,49,21,1)\",\"opperator\":\"gte\"}],\"drilldown_url\":\"../app/kibana#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8?_a=(query:(query_string:(analyze_wildcard:!t,query:'beat.hostname:\\\"{{key}}\\\"')))\",\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "855899e0-1b1c-11e7-b09e-037021c4f8df", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Hosts histogram by CPU usage", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0% - 5%\":\"rgb(247,252,245)\",\"5% - 10%\":\"rgb(199,233,192)\",\"10% - 15%\":\"rgb(116,196,118)\",\"15% - 20%\":\"rgb(35,139,69)\"}}}", + "version": 1, + "visState": "{\"title\":\"Hosts histogram by CPU usage\",\"type\":\"heatmap\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":4,\"colorSchema\":\"Greens\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"color\":\"#555\"}}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.cpu.user.pct\",\"customLabel\":\"CPU usage\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"beat.hostname\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hosts\"}}],\"listeners\":{}}" + }, + "id": "7cdb1330-4d1a-11e7-a196-69b9a7a020a9", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: Inbound Traffic Metric", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: Inbound Traffic Metric\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"filter\":\"-system.network.name:l*\",\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Inbound Traffic\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f2074f70-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"id\":\"c40e18f0-2c55-11e7-a0ad-277ce466684d\",\"type\":\"series_agg\",\"function\":\"sum\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"system.network.name\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Total Transfered\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"\"},{\"unit\":\"\",\"id\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"field\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\"},{\"sigma\":\"\",\"field\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"id\":\"3e63c2f0-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"series_agg\",\"function\":\"overall_sum\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"value_template\":\"{{value}}\",\"terms_field\":\"system.network.name\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "522ee670-1b92-11e7-bec4-a5e9ec5cab8b", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: Outbound Traffic Metric", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: Outbound Traffic Metric\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"filter\":\"-system.network.name:l*\",\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Outbound Traffic\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f2074f70-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"id\":\"a1737470-2c55-11e7-a0ad-277ce466684d\",\"type\":\"series_agg\",\"function\":\"sum\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"system.network.name\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Total Transfered\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"\"},{\"unit\":\"\",\"id\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"field\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\"},{\"sigma\":\"\",\"field\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"id\":\"3e63c2f0-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"series_agg\",\"function\":\"overall_sum\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"value_template\":\"{{value}}\",\"terms_field\":\"system.network.name\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "1aae9140-1b93-11e7-8ada-3df93aab833e", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Disk used", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Disk used\",\"type\":\"metrics\",\"params\":{\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"type\":\"gauge\",\"series\":[{\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"type\":\"avg\",\"field\":\"system.fsstat.total_size.used\"},{\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"type\":\"avg\",\"field\":\"system.fsstat.total_size.total\"},{\"script\":\"params.total != null \u0026\u0026 params.total \u003e 0 ? params.used/params.total : null\",\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\",\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Disk used\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"gauge_color_rules\":[{\"value\":0,\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"gauge\":\"rgba(104,188,0,1)\",\"opperator\":\"gte\"},{\"value\":0.7,\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"gauge\":\"rgba(251,158,0,1)\",\"opperator\":\"gte\"},{\"value\":0.85,\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"gauge\":\"rgba(211,49,21,1)\",\"opperator\":\"gte\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_max\":\"1\",\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "825fdb80-4d1d-11e7-b5f2-2b7c1895bf32", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: Memory Usage Gauge", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: Memory Usage Gauge\",\"type\":\"metrics\",\"params\":{\"id\":\"9f51b730-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"gauge\",\"series\":[{\"id\":\"9f51b731-1b91-11e7-bec4-a5e9ec5cab8b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"9f51b732-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\",\"field\":\"system.memory.actual.used.pct\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"percent\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Memory Usage\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"gauge_color_rules\":[{\"value\":0,\"id\":\"a0d522e0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(104,188,0,1)\",\"opperator\":\"gte\"},{\"value\":0.7,\"id\":\"b45ad8f0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\",\"opperator\":\"gte\"},{\"value\":0.85,\"id\":\"c06e9550-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\",\"opperator\":\"gte\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_max\":\"1\",\"filter\":\"\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "d3166e80-1b91-11e7-bec4-a5e9ec5cab8b", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Metricbeat: CPU Usage Gauge", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Metricbeat: CPU Usage Gauge\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"filter\":\"\",\"gauge_color_rules\":[{\"gauge\":\"rgba(104,188,0,1)\",\"id\":\"4ef2c3b0-1b91-11e7-bec4-a5e9ec5cab8b\",\"opperator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(254,146,0,1)\",\"id\":\"e6561ae0-1b91-11e7-bec4-a5e9ec5cab8b\",\"opperator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(211,49,21,1)\",\"id\":\"ec655040-1b91-11e7-bec4-a5e9ec5cab8b\",\"opperator\":\"gte\",\"value\":0.85}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"4c9e2550-1b91-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4c9e2551-1b91-11e7-bec4-a5e9ec5cab8b\",\"label\":\"CPU Usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.cpu.user.pct\",\"id\":\"4c9e2552-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\"},{\"field\":\"system.cpu.system.pct\",\"id\":\"225c2140-5fd7-11e7-a63a-a937b7c1a7e1\",\"type\":\"avg\"},{\"field\":\"system.cpu.cores\",\"id\":\"837a30c0-5fd7-11e7-a63a-a937b7c1a7e1\",\"type\":\"avg\"},{\"script\":\"params.n \u003e 0 ? (params.user+params.system)/params.n : null\",\"id\":\"587aa510-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"calculation\",\"variables\":[{\"field\":\"4c9e2552-1b91-11e7-bec4-a5e9ec5cab8b\",\"id\":\"5a19af10-1b91-11e7-bec4-a5e9ec5cab8b\",\"name\":\"user\"},{\"field\":\"225c2140-5fd7-11e7-a63a-a937b7c1a7e1\",\"id\":\"32b54f80-5fd7-11e7-a63a-a937b7c1a7e1\",\"name\":\"system\"},{\"field\":\"837a30c0-5fd7-11e7-a63a-a937b7c1a7e1\",\"id\":\"8ba6eef0-5fd7-11e7-a63a-a937b7c1a7e1\",\"name\":\"n\"}]}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"gauge\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "83e12df0-1b91-11e7-bec4-a5e9ec5cab8b", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Tip System overview", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Tip System overview\",\"type\":\"metrics\",\"params\":{\"id\":\"0a46a600-4d64-11e7-aa29-87a97a796de6\",\"type\":\"markdown\",\"series\":[{\"id\":\"0a46cd10-4d64-11e7-aa29-87a97a796de6\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"0a46cd11-4d64-11e7-aa29-87a97a796de6\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"markdown\":\"**Tip:** Click on any of the hosts from the Top Hosts By CPU or Top Hosts by Memory to view more details about the host.\",\"background_color\":\"rgba(252,220,0,0)\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "e9d22060-4d64-11e7-aa29-87a97a796de6", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"System-Navigation\",\"panelIndex\":9,\"row\":1,\"size_x\":8,\"size_y\":1,\"type\":\"visualization\"},{\"col\":1,\"id\":\"c6f2ffd0-4d17-11e7-a196-69b9a7a020a9\",\"panelIndex\":11,\"row\":2,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"fe064790-1b1f-11e7-bec4-a5e9ec5cab8b\",\"panelIndex\":12,\"row\":4,\"size_x\":6,\"size_y\":5,\"type\":\"visualization\"},{\"col\":1,\"id\":\"855899e0-1b1c-11e7-b09e-037021c4f8df\",\"panelIndex\":13,\"row\":4,\"size_x\":6,\"size_y\":5,\"type\":\"visualization\"},{\"col\":1,\"id\":\"7cdb1330-4d1a-11e7-a196-69b9a7a020a9\",\"panelIndex\":14,\"row\":9,\"size_x\":12,\"size_y\":6,\"type\":\"visualization\"},{\"col\":9,\"id\":\"522ee670-1b92-11e7-bec4-a5e9ec5cab8b\",\"panelIndex\":16,\"row\":2,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":11,\"id\":\"1aae9140-1b93-11e7-8ada-3df93aab833e\",\"panelIndex\":17,\"row\":2,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"825fdb80-4d1d-11e7-b5f2-2b7c1895bf32\",\"panelIndex\":18,\"row\":2,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":5,\"id\":\"d3166e80-1b91-11e7-bec4-a5e9ec5cab8b\",\"panelIndex\":19,\"row\":2,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":3,\"id\":\"83e12df0-1b91-11e7-bec4-a5e9ec5cab8b\",\"panelIndex\":20,\"row\":2,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":9,\"id\":\"e9d22060-4d64-11e7-aa29-87a97a796de6\",\"panelIndex\":21,\"row\":1,\"size_x\":4,\"size_y\":1,\"type\":\"visualization\"}]", + "timeRestore": false, + "title": "Metricbeat system overview", + "uiStateJSON": "{\"P-11\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-12\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-14\":{\"vis\":{\"defaultColors\":{\"0% - 8.75%\":\"rgb(247,252,245)\",\"17.5% - 26.25%\":\"rgb(116,196,118)\",\"26.25% - 35%\":\"rgb(35,139,69)\",\"8.75% - 17.5%\":\"rgb(199,233,192)\"}}},\"P-16\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-2\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-3\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}", + "version": 1 + }, + "id": "Metricbeat-system-overview", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/core/_meta/fields.yml b/vendor/github.com/elastic/beats/metricbeat/module/system/core/_meta/fields.yml index 00b90419..5ad71cc4 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/system/core/_meta/fields.yml +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/core/_meta/fields.yml @@ -1,7 +1,7 @@ - name: core type: group description: > - `system-core` contains local CPU core stats. + `system-core` contains CPU metrics for a single core of a multi-core system. fields: - name: id type: long @@ -12,8 +12,7 @@ type: scaled_float format: percent description: > - The percentage of CPU time spent in user space. On multi-core systems, you can have percentages that are greater than 100%. - For example, if 3 cores are at 60% use, then the `cpu.user_p` will be 180%. + The percentage of CPU time spent in user space. - name: user.ticks type: long diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/cpu/_meta/data.json b/vendor/github.com/elastic/beats/metricbeat/module/system/cpu/_meta/data.json index c0e041c9..17d7e58c 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/system/cpu/_meta/data.json +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/cpu/_meta/data.json @@ -11,13 +11,14 @@ }, "system": { "cpu": { + "cores": 8, "idle": { - "pct": 0.852, - "ticks": 44421033 + "pct": 7.0854, + "ticks": 1617015818 }, "iowait": { "pct": 0, - "ticks": 159735 + "ticks": 0 }, "irq": { "pct": 0, @@ -29,19 +30,19 @@ }, "softirq": { "pct": 0, - "ticks": 14070 + "ticks": 0 }, "steal": { "pct": 0, "ticks": 0 }, "system": { - "pct": 0.0408, - "ticks": 305704 + "pct": 0.3317, + "ticks": 40488863 }, "user": { - "pct": 0.1071, - "ticks": 841974 + "pct": 0.5829, + "ticks": 48194733 } } }, diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/cpu/_meta/fields.yml b/vendor/github.com/elastic/beats/metricbeat/module/system/cpu/_meta/fields.yml index abb3e03e..3d874af4 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/system/cpu/_meta/fields.yml +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/cpu/_meta/fields.yml @@ -6,14 +6,14 @@ - name: cores type: long description: > - The number of CPU cores. + The number of CPU cores. The CPU percentages can range from `[0, 100% * cores]`. - name: user.pct type: scaled_float format: percent description: > The percentage of CPU time spent in user space. On multi-core systems, you can have percentages that are greater than 100%. - For example, if 3 cores are at 60% use, then the `cpu.user_p` will be 180%. + For example, if 3 cores are at 60% use, then the `system.cpu.user.pct` will be 180%. - name: system.pct type: scaled_float diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/cpu/helper.go b/vendor/github.com/elastic/beats/metricbeat/module/system/cpu/helper.go index 391fed94..952346e5 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/system/cpu/helper.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/cpu/helper.go @@ -9,6 +9,9 @@ import ( sigar "github.com/elastic/gosigar" ) +// NumCPU is the number of CPU cores the system has. +var NumCPU = runtime.NumCPU() + type CPU struct { CpuPerCore bool LastCpuTimes *CpuTimes @@ -72,7 +75,7 @@ func GetCpuPercentage(last *CpuTimes, current *CpuTimes) *CpuTimes { perc := 0.0 delta := int64(field2 - field1) perc = float64(delta) / float64(allDelta) - return system.Round(perc, .5, 4) + return system.Round(perc*float64(NumCPU), .5, 4) } current.UserPercent = calculate(current.Cpu.User, last.Cpu.User) diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/cpu/helper_test.go b/vendor/github.com/elastic/beats/metricbeat/module/system/cpu/helper_test.go index af9f22a2..a25bbe56 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/system/cpu/helper_test.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/cpu/helper_test.go @@ -4,6 +4,7 @@ package cpu import ( + "runtime" "testing" "github.com/elastic/gosigar" @@ -21,6 +22,8 @@ func TestGetCpuTimes(t *testing.T) { } func TestCpuPercentage(t *testing.T) { + NumCPU = 1 + defer func() { NumCPU = runtime.NumCPU() }() cpu := CPU{} diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/filesystem/_meta/docs.asciidoc b/vendor/github.com/elastic/beats/metricbeat/module/system/filesystem/_meta/docs.asciidoc index 04793c4e..144a5960 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/system/filesystem/_meta/docs.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/filesystem/_meta/docs.asciidoc @@ -11,13 +11,35 @@ This metricset is available on: - OpenBSD - Windows +[float] +=== Configuration + +*`filesystem.ignore_types`* - A list of filesystem types to ignore. Metrics will +not be collected from filesystems matching these types. This setting also +affects the `fsstats` metricset. + [float] === Filtering Often there are mounted filesystems that you do not want Metricbeat to report -metrics on. A simple strategy to deal with these filesystems is to configure a -drop_event filter that matches the `mount_point` using a regular expression. -Below is an example. +metrics on. One option is to configure Metricbeat to ignore specific filesystem +types. This can be accomplished by configuring `filesystem.ignore_types` with +a list of filesystem types to ignore. In this example we are ignoring three +types of filesystems. + +[source,yaml] +---- +metricbeat.modules: + - module: system + period: 30s + metricsets: ["filesystem"] + filesystem.ignore_types: [nfs, smbfs, autofs] +---- + +Another strategy to deal with these filesystems is to configure a `drop_event` +filter that matches the `mount_point` using a regular expression. This type of +filtering occurs after the data has been collected so it can be less efficient +than the previous method. [source,yaml] ---- diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/filesystem/filesystem.go b/vendor/github.com/elastic/beats/metricbeat/module/system/filesystem/filesystem.go index 4cf3cc5c..7bf133be 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/system/filesystem/filesystem.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/filesystem/filesystem.go @@ -11,7 +11,7 @@ import ( "github.com/pkg/errors" ) -var debugf = logp.MakeDebug("system-filesystem") +var debugf = logp.MakeDebug("system.filesystem") func init() { if err := mb.Registry.AddMetricSet("system", "filesystem", New, parse.EmptyHostParser); err != nil { @@ -22,12 +22,19 @@ func init() { // MetricSet for fetching filesystem metrics. type MetricSet struct { mb.BaseMetricSet + config Config } // New creates and returns a new instance of MetricSet. func New(base mb.BaseMetricSet) (mb.MetricSet, error) { + var config Config + if err := base.Module().UnpackConfig(&config); err != nil { + return nil, err + } + return &MetricSet{ BaseMetricSet: base, + config: config, }, nil } @@ -39,6 +46,10 @@ func (m *MetricSet) Fetch() ([]common.MapStr, error) { return nil, errors.Wrap(err, "filesystem list") } + if len(m.config.IgnoreTypes) > 0 { + fss = Filter(fss, BuildTypeFilter(m.config.IgnoreTypes...)) + } + filesSystems := make([]common.MapStr, 0, len(fss)) for _, fs := range fss { fsStat, err := GetFileSystemStat(fs) diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/filesystem/helper.go b/vendor/github.com/elastic/beats/metricbeat/module/system/filesystem/helper.go index c1e93909..16253854 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/system/filesystem/helper.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/filesystem/helper.go @@ -3,14 +3,18 @@ package filesystem import ( + "path/filepath" "time" "github.com/elastic/beats/libbeat/common" - "github.com/elastic/beats/libbeat/logp" "github.com/elastic/beats/metricbeat/module/system" sigar "github.com/elastic/gosigar" ) +type Config struct { + IgnoreTypes []string `config:"filesystem.ignore_types"` +} + type FileSystemStat struct { sigar.FileSystemUsage DevName string `json:"device_name"` @@ -20,13 +24,23 @@ type FileSystemStat struct { } func GetFileSystemList() ([]sigar.FileSystem, error) { - fss := sigar.FileSystemList{} - err := fss.Get() - if err != nil { + if err := fss.Get(); err != nil { return nil, err } + // Ignore relative mount points, which are present for example + // in /proc/mounts on Linux with network namespaces. + filtered := fss.List[:0] + for _, fs := range fss.List { + if filepath.IsAbs(fs.DirName) { + filtered = append(filtered, fs) + continue + } + debugf("Filtering filesystem with relative mountpoint %+v", fs) + } + fss.List = filtered + return fss.List, nil } @@ -54,26 +68,6 @@ func AddFileSystemUsedPercentage(f *FileSystemStat) { f.UsedPercent = system.Round(perc, .5, 4) } -func CollectFileSystemStats(fss []sigar.FileSystem) []common.MapStr { - events := make([]common.MapStr, 0, len(fss)) - for _, fs := range fss { - fsStat, err := GetFileSystemStat(fs) - if err != nil { - logp.Debug("system", "Skip filesystem %d: %v", fsStat, err) - continue - } - AddFileSystemUsedPercentage(fsStat) - - event := common.MapStr{ - "@timestamp": common.Time(time.Now()), - "type": "filesystem", - "fs": GetFilesystemEvent(fsStat), - } - events = append(events, event) - } - return events -} - func GetFilesystemEvent(fsStat *FileSystemStat) common.MapStr { return common.MapStr{ "device_name": fsStat.DevName, @@ -90,12 +84,34 @@ func GetFilesystemEvent(fsStat *FileSystemStat) common.MapStr { } } -func GetFileSystemStats() ([]common.MapStr, error) { - fss, err := GetFileSystemList() - if err != nil { - logp.Warn("Getting filesystem list: %v", err) - return nil, err - } +// Predicate is a function predicate for use with filesystems. It returns true +// if the argument matches the predicate. +type Predicate func(*sigar.FileSystem) bool - return CollectFileSystemStats(fss), nil +// Filter returns a filtered list of filesystems. The in parameter +// is used as the backing storage for the returned slice and is therefore +// modified in this operation. +func Filter(in []sigar.FileSystem, p Predicate) []sigar.FileSystem { + out := in[:0] + for _, fs := range in { + if p(&fs) { + out = append(out, fs) + } + } + return out +} + +// BuildTypeFilter returns a predicate that returns false if the given +// filesystem has a type that matches one of the ignoreType values. +func BuildTypeFilter(ignoreType ...string) Predicate { + return func(fs *sigar.FileSystem) bool { + for _, fsType := range ignoreType { + // XXX (andrewkroh): SysTypeName appears to be used for non-Windows + // and TypeName is used exclusively for Windows. + if fs.SysTypeName == fsType || fs.TypeName == fsType { + return false + } + } + return true + } } diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/filesystem/helper_test.go b/vendor/github.com/elastic/beats/metricbeat/module/system/filesystem/helper_test.go index cffee332..084974a1 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/system/filesystem/helper_test.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/filesystem/helper_test.go @@ -9,6 +9,8 @@ import ( "testing" "github.com/stretchr/testify/assert" + + sigar "github.com/elastic/gosigar" ) func TestFileSystemList(t *testing.T) { @@ -28,7 +30,11 @@ func TestFileSystemList(t *testing.T) { } stat, err := GetFileSystemStat(fs) - if assert.NoError(t, err, "%v", err) { + if os.IsPermission(err) { + continue + } + + if assert.NoError(t, err, "filesystem=%v: %v", fs, err) { assert.True(t, (stat.Total >= 0)) assert.True(t, (stat.Free >= 0)) assert.True(t, (stat.Avail >= 0)) @@ -36,3 +42,18 @@ func TestFileSystemList(t *testing.T) { } } } + +func TestFilter(t *testing.T) { + in := []sigar.FileSystem{ + {SysTypeName: "nfs"}, + {SysTypeName: "ext4"}, + {SysTypeName: "proc"}, + {SysTypeName: "smb"}, + } + + out := Filter(in, BuildTypeFilter("nfs", "smb", "proc")) + + if assert.Len(t, out, 1) { + assert.Equal(t, "ext4", out[0].SysTypeName) + } +} diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/fsstat/_meta/docs.asciidoc b/vendor/github.com/elastic/beats/metricbeat/module/system/fsstat/_meta/docs.asciidoc index 06ac6e4d..acdffa84 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/system/fsstat/_meta/docs.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/fsstat/_meta/docs.asciidoc @@ -9,3 +9,10 @@ This metricset is available on: - Linux - OpenBSD - Windows + +[float] +=== Configuration + +*`filesystem.ignore_types`* - A list of filesystem types to ignore. Metrics will +not be collected from filesystems matching these types. This setting also +affects the `filesystem` metricset. diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/fsstat/fsstat.go b/vendor/github.com/elastic/beats/metricbeat/module/system/fsstat/fsstat.go index 21eb4870..aec4069f 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/system/fsstat/fsstat.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/fsstat/fsstat.go @@ -23,12 +23,19 @@ func init() { // MetricSet for fetching a summary of filesystem stats. type MetricSet struct { mb.BaseMetricSet + config filesystem.Config } // New creates and returns a new instance of MetricSet. func New(base mb.BaseMetricSet) (mb.MetricSet, error) { + var config filesystem.Config + if err := base.Module().UnpackConfig(&config); err != nil { + return nil, err + } + return &MetricSet{ BaseMetricSet: base, + config: config, }, nil } @@ -40,6 +47,10 @@ func (m *MetricSet) Fetch() (common.MapStr, error) { return nil, errors.Wrap(err, "filesystem list") } + if len(m.config.IgnoreTypes) > 0 { + fss = filesystem.Filter(fss, filesystem.BuildTypeFilter(m.config.IgnoreTypes...)) + } + // These values are optional and could also be calculated by Kibana var totalFiles, totalSize, totalSizeFree, totalSizeUsed uint64 dict := map[string]bool{} diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/process/_meta/docs.asciidoc b/vendor/github.com/elastic/beats/metricbeat/module/system/process/_meta/docs.asciidoc index 7c37c886..3e885a7f 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/system/process/_meta/docs.asciidoc +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/process/_meta/docs.asciidoc @@ -15,7 +15,7 @@ This metricset is available on: On Linux this metricset will collect metrics from any cgroups that the process is a member of. This feature is enabled by default and can be disabled by adding -`process.cgroup.enabled: false` to the system module configuration. +`process.cgroups.enabled: false` to the system module configuration. [float] === Process Environment Variables diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/process/helper.go b/vendor/github.com/elastic/beats/metricbeat/module/system/process/helper.go index e71d0c8d..6efb04a2 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/system/process/helper.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/process/helper.go @@ -234,23 +234,17 @@ func (procStats *ProcStats) GetProcessEvent(process *Process, last *Process) com proc["env"] = process.Env } + proc["cpu"] = common.MapStr{ + "total": common.MapStr{ + "pct": GetProcCpuPercentage(last, process), + }, + "start_time": unixTimeMsToTime(process.Cpu.StartTime), + } + if procStats.CpuTicks { - proc["cpu"] = common.MapStr{ - "user": process.Cpu.User, - "system": process.Cpu.Sys, - "total": common.MapStr{ - "ticks": process.Cpu.Total, - "pct": GetProcCpuPercentage(last, process), - }, - "start_time": unixTimeMsToTime(process.Cpu.StartTime), - } - } else { - proc["cpu"] = common.MapStr{ - "total": common.MapStr{ - "pct": GetProcCpuPercentage(last, process), - }, - "start_time": unixTimeMsToTime(process.Cpu.StartTime), - } + proc.Put("cpu.user", process.Cpu.User) + proc.Put("cpu.system", process.Cpu.Sys) + proc.Put("cpu.total.ticks", process.Cpu.Total) } if process.FD != (sigar.ProcFDUsage{}) { diff --git a/vendor/github.com/elastic/beats/metricbeat/module/system/process/process.go b/vendor/github.com/elastic/beats/metricbeat/module/system/process/process.go index d9fc8ea7..70375966 100644 --- a/vendor/github.com/elastic/beats/metricbeat/module/system/process/process.go +++ b/vendor/github.com/elastic/beats/metricbeat/module/system/process/process.go @@ -37,6 +37,7 @@ func New(base mb.BaseMetricSet) (mb.MetricSet, error) { Procs []string `config:"processes"` Cgroups *bool `config:"process.cgroups.enabled"` EnvWhitelist []string `config:"process.env.whitelist"` + CPUTicks bool `config:"cpu_ticks"` }{ Procs: []string{".*"}, // collect all processes by default } @@ -49,6 +50,7 @@ func New(base mb.BaseMetricSet) (mb.MetricSet, error) { stats: &ProcStats{ Procs: config.Procs, EnvWhitelist: config.EnvWhitelist, + CpuTicks: config.CPUTicks, }, } err := m.stats.InitProcStats() diff --git a/vendor/github.com/elastic/beats/metricbeat/tests/system/config/metricbeat.yml.j2 b/vendor/github.com/elastic/beats/metricbeat/tests/system/config/metricbeat.yml.j2 index da5a6b15..4a0fab29 100644 --- a/vendor/github.com/elastic/beats/metricbeat/tests/system/config/metricbeat.yml.j2 +++ b/vendor/github.com/elastic/beats/metricbeat/tests/system/config/metricbeat.yml.j2 @@ -41,6 +41,10 @@ metricbeat.modules: timeout: {{ m.timeout }} {% endif -%} + {% if m.namespace -%} + namespace: {{ m.namespace }} + {% endif -%} + {% if m.processes -%} processes: {{ m.processes }} {% endif -%} @@ -78,6 +82,9 @@ metricbeat.modules: {{ k }}: {{ v }} {% endfor %} {% endif -%} + {% if m.additional_content -%} + {{ m.additional_content }} + {% endif -%} {%- endfor %} {% if reload -%} diff --git a/vendor/github.com/elastic/beats/metricbeat/tests/system/metricbeat.py b/vendor/github.com/elastic/beats/metricbeat/tests/system/metricbeat.py index b6c8d8af..0b4b3111 100644 --- a/vendor/github.com/elastic/beats/metricbeat/tests/system/metricbeat.py +++ b/vendor/github.com/elastic/beats/metricbeat/tests/system/metricbeat.py @@ -51,3 +51,15 @@ class BaseTest(TestCase): fields[key] = self.de_dot(fields[key]) return fields + + def assert_no_logged_warnings(self): + """ + Assert that the log file contains no ERR or WARN lines. + """ + log = self.get_log() + log = log.replace("WARN EXPERIMENTAL", "") + log = log.replace("WARN BETA", "") + # Jenkins runs as a Windows service and when Jenkins executes theses + # tests the Beat is confused since it thinks it is running as a service. + log = log.replace("ERR Error: The service process could not connect to the service controller.", "") + self.assertNotRegexpMatches(log, "ERR|WARN") diff --git a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_apache.py b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_apache.py index 281182b9..77d2f47f 100644 --- a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_apache.py +++ b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_apache.py @@ -44,10 +44,7 @@ class ApacheStatusTest(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertEqual(len(output), 1) diff --git a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_base.py b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_base.py index 2f3d92ce..2c1db2f4 100644 --- a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_base.py +++ b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_base.py @@ -19,10 +19,7 @@ class Test(BaseTest): proc = self.start_beat() self.wait_until(lambda: self.log_contains("start running")) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() # Ensure all Beater stages are used. assert self.log_contains("Setup Beat: metricbeat") diff --git a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_couchbase.py b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_couchbase.py index d46bedb2..8d3bb42e 100644 --- a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_couchbase.py +++ b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_couchbase.py @@ -18,6 +18,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0, max_timeout=20) proc.check_kill_and_wait() + self.assert_no_logged_warnings() output = self.read_output_json() self.assertTrue(len(output) >= 1) @@ -40,6 +41,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0, max_timeout=20) proc.check_kill_and_wait() + self.assert_no_logged_warnings() output = self.read_output_json() self.assertTrue(len(output) >= 1) @@ -62,6 +64,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0, max_timeout=20) proc.check_kill_and_wait() + self.assert_no_logged_warnings() output = self.read_output_json() self.assertTrue(len(output) >= 1) diff --git a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_docker.py b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_docker.py index baab295d..81f60402 100644 --- a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_docker.py +++ b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_docker.py @@ -21,10 +21,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0, max_timeout=20) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log.replace("WARN BETA", ""), "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() evt = output[0] @@ -47,10 +44,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0, max_timeout=30) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log.replace("WARN BETA", ""), "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() evt = output[0] @@ -77,10 +71,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0, max_timeout=30) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log.replace("WARN BETA", ""), "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() evt = output[0] @@ -104,10 +95,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0, max_timeout=30) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log.replace("WARN BETA", ""), "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() evt = output[0] @@ -129,10 +117,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0, max_timeout=30) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log.replace("WARN BETA", ""), "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() evt = output[0] @@ -155,10 +140,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0, max_timeout=30) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log.replace("WARN BETA", ""), "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() evt = output[0] @@ -181,10 +163,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0, max_timeout=20) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log.replace("WARN BETA", ""), "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() evt = output[0] @@ -207,10 +186,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0, max_timeout=20) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log.replace("WARN BETA", ""), "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() evt = output[0] diff --git a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_haproxy.py b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_haproxy.py index 558a1f9a..7fa4b420 100644 --- a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_haproxy.py +++ b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_haproxy.py @@ -22,10 +22,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertEqual(len(output), 1) @@ -49,10 +46,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertGreater(len(output), 0) diff --git a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_jolokia.py b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_jolokia.py new file mode 100644 index 00000000..18a19d84 --- /dev/null +++ b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_jolokia.py @@ -0,0 +1,45 @@ +import os +import metricbeat +import unittest +from nose.plugins.attrib import attr + + +class Test(metricbeat.BaseTest): + + @unittest.skipUnless(metricbeat.INTEGRATION_TESTS, "integration test") + def test_jmx(self): + """ + jolokia jmx metricset test + """ + + additional_content = """ + jmx.mappings: + - mbean: 'java.lang:type=Runtime' + attributes: + - attr: Uptime + field: uptime +""" + + self.render_config_template(modules=[{ + "name": "jolokia", + "metricsets": ["jmx"], + "hosts": self.get_hosts(), + "period": "1s", + "namespace": "test", + "additional_content": additional_content, + }]) + proc = self.start_beat() + self.wait_until(lambda: self.output_lines() > 0, max_timeout=20) + proc.check_kill_and_wait() + self.assert_no_logged_warnings() + + output = self.read_output_json() + self.assertTrue(len(output) >= 1) + evt = output[0] + print(evt) + + assert evt["jolokia"]["test"]["uptime"] > 0 + + def get_hosts(self): + return [os.getenv('JOLOKIA_HOST', 'localhost') + ':' + + os.getenv('JOLOKIA_PORT', '8778')] diff --git a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_mongodb.py b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_mongodb.py index 3cf1dd76..9497346c 100644 --- a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_mongodb.py +++ b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_mongodb.py @@ -23,10 +23,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertEqual(len(output), 1) diff --git a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_mysql.py b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_mysql.py index b2631463..e7271f43 100644 --- a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_mysql.py +++ b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_mysql.py @@ -26,10 +26,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertEqual(len(output), 1) diff --git a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_phpfpm.py b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_phpfpm.py index 96c29ec5..475a8c3e 100644 --- a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_phpfpm.py +++ b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_phpfpm.py @@ -21,10 +21,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log.replace("WARN BETA", ""), "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertEqual(len(output), 1) diff --git a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_prometheus.py b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_prometheus.py index f00407fb..4e9eae4d 100644 --- a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_prometheus.py +++ b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_prometheus.py @@ -21,10 +21,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log.replace("WARN BETA", ""), "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertEqual(len(output), 1) diff --git a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_redis.py b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_redis.py index 21438252..913c29f2 100644 --- a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_redis.py +++ b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_redis.py @@ -35,10 +35,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertEqual(len(output), 1) @@ -71,10 +68,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertEqual(len(output), 1) @@ -104,10 +98,7 @@ class Test(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertEqual(len(output), 1) diff --git a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_system.py b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_system.py index 15248b55..6b103f28 100644 --- a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_system.py +++ b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_system.py @@ -57,10 +57,7 @@ class SystemTest(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertEqual(len(output), 1) @@ -86,10 +83,7 @@ class SystemTest(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertGreater(len(output), 0) @@ -112,10 +106,7 @@ class SystemTest(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertGreater(len(output), 0) @@ -141,10 +132,7 @@ class SystemTest(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertGreater(len(output), 0) @@ -167,10 +155,7 @@ class SystemTest(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertEqual(len(output), 1) @@ -193,10 +178,7 @@ class SystemTest(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertGreater(len(output), 0) @@ -219,10 +201,7 @@ class SystemTest(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertGreater(len(output), 0) @@ -245,10 +224,7 @@ class SystemTest(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertEqual(len(output), 1) @@ -271,10 +247,7 @@ class SystemTest(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertEqual(len(output), 1) @@ -308,10 +281,7 @@ class SystemTest(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertGreater(len(output), 0) @@ -340,10 +310,7 @@ class SystemTest(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertGreater(len(output), 0) diff --git a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_zookeeper.py b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_zookeeper.py index 7975a1ed..0dd3a4c1 100644 --- a/vendor/github.com/elastic/beats/metricbeat/tests/system/test_zookeeper.py +++ b/vendor/github.com/elastic/beats/metricbeat/tests/system/test_zookeeper.py @@ -29,10 +29,7 @@ class ZooKeeperMntrTest(metricbeat.BaseTest): proc = self.start_beat() self.wait_until(lambda: self.output_lines() > 0) proc.check_kill_and_wait() - - # Ensure no errors or warnings exist in the log. - log = self.get_log() - self.assertNotRegexpMatches(log, "ERR|WARN") + self.assert_no_logged_warnings() output = self.read_output_json() self.assertEqual(len(output), 1) diff --git a/vendor/github.com/elastic/beats/packetbeat/Dockerfile b/vendor/github.com/elastic/beats/packetbeat/Dockerfile index 9716f7ff..16ca658b 100644 --- a/vendor/github.com/elastic/beats/packetbeat/Dockerfile +++ b/vendor/github.com/elastic/beats/packetbeat/Dockerfile @@ -1,5 +1,5 @@ # Beats dockerfile used for testing -FROM golang:1.7.4 +FROM golang:1.7.6 MAINTAINER Nicolas Ruflin RUN set -x && \ diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/DNS-Unique-Domains.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/DNS-Unique-Domains.json new file mode 100644 index 00000000..bdd8ff06 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/DNS-Unique-Domains.json @@ -0,0 +1,13 @@ +{ + "hits": 0, + "timeRestore": false, + "description": "", + "title": "DNS Tunneling", + "uiStateJSON": "{\"P-1\":{\"spy\":{\"mode\":{\"fill\":false,\"name\":null}},\"vis\":{\"legendOpen\":false,\"colors\":{\"Unique count of dns.question.name\":\"#E0752D\",\"Count\":\"#1F78C1\",\"Unique Subdomain Count\":\"#EF843C\"}}},\"P-2\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-4\":{\"vis\":{\"legendOpen\":false}},\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "panelsJSON": "[{\"col\":1,\"id\":\"Unique-FQDNs-per-eTLD 1\",\"panelIndex\":1,\"row\":1,\"size_x\":12,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Unique-FQDNs-per-eTLD 1-Table\",\"panelIndex\":2,\"row\":8,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Bytes-Transferred-per-Domain\",\"panelIndex\":4,\"row\":5,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"dc743240-1665-11e7-a6de-cbac1a3d0a7d\",\"panelIndex\":5,\"row\":8,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"}]", + "optionsJSON": "{\"darkTheme\":false}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"NOT dns.question.type:PTR\",\"analyze_wildcard\":true}}}]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/DNS.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/DNS.json new file mode 100644 index 00000000..256eef5d --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/DNS.json @@ -0,0 +1,13 @@ +{ + "hits": 0, + "timeRestore": false, + "description": "", + "title": "DNS", + "uiStateJSON": "{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "panelsJSON": "[{\"col\":6,\"id\":\"DNS-Count-and-Response-Time\",\"panelIndex\":1,\"row\":4,\"size_x\":7,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"DNS-Query-Summary\",\"panelIndex\":2,\"row\":1,\"size_x\":5,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"DNS-Question-Types\",\"panelIndex\":3,\"row\":4,\"size_x\":5,\"size_y\":4,\"type\":\"visualization\"},{\"col\":6,\"id\":\"DNS-Request-Status-Over-Time\",\"panelIndex\":4,\"row\":1,\"size_x\":7,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"DNS-Top-10-Questions\",\"panelIndex\":5,\"row\":8,\"size_x\":5,\"size_y\":4,\"type\":\"visualization\"},{\"col\":6,\"id\":\"DNS-Response-Codes\",\"panelIndex\":6,\"row\":8,\"size_x\":3,\"size_y\":4,\"type\":\"visualization\"}]", + "optionsJSON": "{\"darkTheme\":false}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-Cassandra.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-Cassandra.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-Cassandra.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-Cassandra.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-Dashboard.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-Dashboard.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-Dashboard.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-Dashboard.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-Flows.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-Flows.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-Flows.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-Flows.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-HTTP.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-HTTP.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-HTTP.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-HTTP.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-MongoDB-performance.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-MongoDB-performance.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-MongoDB-performance.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-MongoDB-performance.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-MySQL-performance.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-MySQL-performance.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-MySQL-performance.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-MySQL-performance.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-NFS.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-NFS.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-NFS.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-NFS.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-PgSQL-performance.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-PgSQL-performance.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-PgSQL-performance.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-PgSQL-performance.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-Thrift-performance.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-Thrift-performance.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/dashboard/Packetbeat-Thrift-performance.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/dashboard/Packetbeat-Thrift-performance.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/Cache-transactions.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/Cache-transactions.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/Cache-transactions.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/Cache-transactions.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/Cassandra-QueryView.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/Cassandra-QueryView.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/Cassandra-QueryView.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/Cassandra-QueryView.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/DB-transactions.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/DB-transactions.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/DB-transactions.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/DB-transactions.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/DNS.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/DNS.json new file mode 100644 index 00000000..0ab2fd18 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/DNS.json @@ -0,0 +1,16 @@ +{ + "sort": [ + "@timestamp", + "desc" + ], + "hits": 0, + "description": "", + "title": "DNS", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"type: dns\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "columns": [ + "_source" + ] +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/HTTP-errors.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/HTTP-errors.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/HTTP-errors.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/HTTP-errors.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/MongoDB-errors.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/MongoDB-errors.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/MongoDB-errors.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/MongoDB-errors.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/MongoDB-transactions-with-write-concern-0.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/MongoDB-transactions-with-write-concern-0.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/MongoDB-transactions-with-write-concern-0.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/MongoDB-transactions-with-write-concern-0.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/MongoDB-transactions.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/MongoDB-transactions.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/MongoDB-transactions.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/MongoDB-transactions.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/MySQL-Transactions.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/MySQL-Transactions.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/MySQL-Transactions.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/MySQL-Transactions.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/MySQL-errors.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/MySQL-errors.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/MySQL-errors.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/MySQL-errors.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/NFS-errors-search.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/NFS-errors-search.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/NFS-errors-search.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/NFS-errors-search.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/Packetbeat-Flows-Search.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/Packetbeat-Flows-Search.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/Packetbeat-Flows-Search.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/Packetbeat-Flows-Search.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/Packetbeat-Search.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/Packetbeat-Search.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/Packetbeat-Search.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/Packetbeat-Search.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/PgSQL-errors.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/PgSQL-errors.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/PgSQL-errors.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/PgSQL-errors.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/PgSQL-transactions.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/PgSQL-transactions.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/PgSQL-transactions.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/PgSQL-transactions.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/RPC-transactions.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/RPC-transactions.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/RPC-transactions.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/RPC-transactions.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/Thrift-errors.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/Thrift-errors.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/Thrift-errors.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/Thrift-errors.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/Thrift-transactions.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/Thrift-transactions.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/Thrift-transactions.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/Thrift-transactions.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/Transactions-errors.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/Transactions-errors.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/Transactions-errors.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/Transactions-errors.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/Web-transactions.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/Web-transactions.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/Web-transactions.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/Web-transactions.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/nfs.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/nfs.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/search/nfs.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/search/nfs.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Bytes-Transferred-per-Domain.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Bytes-Transferred-per-Domain.json new file mode 100644 index 00000000..73dc9ba6 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Bytes-Transferred-per-Domain.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"Bytes Transferred per Domain\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"grouped\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":true,\"setYExtents\":false,\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_out\",\"customLabel\":\"Bytes Out\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.question.etld_plus_one\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domains\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_in\",\"customLabel\":\"Bytes In\"}}],\"listeners\":{}}", + "description": "", + "title": "Bytes Transferred per Domain", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Unique count of dns.question.name\":\"#E0752D\",\"Count\":\"#1F78C1\",\"Bytes Out\":\"#629E51\",\"Bytes In\":\"#F2C96D\"}}}", + "version": 1, + "savedSearchId": "DNS", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cache-transactions.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cache-transactions.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cache-transactions.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cache-transactions.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-Ops.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-Ops.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-Ops.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-Ops.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-RequestCount.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-RequestCount.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-RequestCount.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-RequestCount.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-RequestCountByType.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-RequestCountByType.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-RequestCountByType.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-RequestCountByType.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-RequestCountStackByType.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-RequestCountStackByType.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-RequestCountStackByType.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-RequestCountStackByType.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-ResponseCountByType.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-ResponseCountByType.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-ResponseCountByType.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-ResponseCountByType.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-ResponseCountStackByType.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-ResponseCountStackByType.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-ResponseCountStackByType.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-ResponseCountStackByType.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-ResponseKeyspace.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-ResponseKeyspace.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-ResponseKeyspace.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-ResponseKeyspace.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-ResponseTime.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-ResponseTime.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-ResponseTime.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-ResponseTime.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-ResponseType.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-ResponseType.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Cassandra-ResponseType.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Cassandra-ResponseType.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Client-locations.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Client-locations.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Client-locations.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Client-locations.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Connections-over-time.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Connections-over-time.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Connections-over-time.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Connections-over-time.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/DB-transactions.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DB-transactions.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/DB-transactions.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DB-transactions.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Count-and-Response-Time.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Count-and-Response-Time.json new file mode 100644 index 00000000..6f5582db --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Count-and-Response-Time.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"DNS Count and Response Time\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"histogram\",\"schema\":\"group\",\"params\":{\"field\":\"responsetime\",\"interval\":50,\"min_doc_count\":false,\"extended_bounds\":{}}}],\"listeners\":{}}", + "description": "", + "title": "DNS Count and Response Time", + "uiStateJSON": "{}", + "version": 1, + "savedSearchId": "DNS", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Query-Summary.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Query-Summary.json new file mode 100644 index 00000000..8b549a6e --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Query-Summary.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"DNS Query Summary\",\"type\":\"metric\",\"params\":{\"fontSize\":\"17\",\"handleNoResults\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_in\",\"customLabel\":\"Bytes In\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_out\",\"customLabel\":\"Bytes Out\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"responsetime\",\"customLabel\":\"Avg Response Time (ms)\"}}],\"listeners\":{}}", + "description": "", + "title": "DNS Query Summary", + "uiStateJSON": "{}", + "version": 1, + "savedSearchId": "DNS", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Question-Types.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Question-Types.json new file mode 100644 index 00000000..e33fbda1 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Question-Types.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"DNS Question Types\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.question.type\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "DNS Question Types", + "uiStateJSON": "{}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Request-Status-Over-Time.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Request-Status-Over-Time.json new file mode 100644 index 00000000..1b042b49 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Request-Status-Over-Time.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"DNS Request Status Over Time\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"status\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "title": "DNS Request Status Over Time", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Error\":\"#890F02\",\"OK\":\"#0A50A1\"}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"type: dns\"}},\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Response-Codes.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Response-Codes.json new file mode 100644 index 00000000..05bcee33 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Response-Codes.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"DNS Response Codes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.response_code\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code\"}}],\"listeners\":{}}", + "description": "", + "title": "DNS Response Codes", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"type: dns\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Top-10-Questions.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Top-10-Questions.json new file mode 100644 index 00000000..2b5090f3 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/DNS-Top-10-Questions.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"DNS Top 10 Questions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.question.name\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Question\"}}],\"listeners\":{}}", + "description": "", + "title": "DNS Top 10 Questions", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"type: dns AND status: OK\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Errors-count-over-time.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Errors-count-over-time.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Errors-count-over-time.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Errors-count-over-time.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Errors-vs-successful-transactions.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Errors-vs-successful-transactions.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Errors-vs-successful-transactions.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Errors-vs-successful-transactions.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Evolution-of-the-CPU-times-per-process.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Evolution-of-the-CPU-times-per-process.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Evolution-of-the-CPU-times-per-process.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Evolution-of-the-CPU-times-per-process.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/HTTP-codes-for-the-top-queries.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/HTTP-codes-for-the-top-queries.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/HTTP-codes-for-the-top-queries.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/HTTP-codes-for-the-top-queries.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/HTTP-error-codes-evolution.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/HTTP-error-codes-evolution.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/HTTP-error-codes-evolution.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/HTTP-error-codes-evolution.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/HTTP-error-codes.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/HTTP-error-codes.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/HTTP-error-codes.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/HTTP-error-codes.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Latency-histogram.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Latency-histogram.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Latency-histogram.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Latency-histogram.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MongoDB-commands.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MongoDB-commands.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MongoDB-commands.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MongoDB-commands.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MongoDB-errors-per-collection.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MongoDB-errors-per-collection.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MongoDB-errors-per-collection.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MongoDB-errors-per-collection.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MongoDB-errors.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MongoDB-errors.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MongoDB-errors.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MongoDB-errors.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MongoDB-in-slash-out-throughput.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MongoDB-in-slash-out-throughput.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MongoDB-in-slash-out-throughput.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MongoDB-in-slash-out-throughput.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MongoDB-response-times-and-count.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MongoDB-response-times-and-count.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MongoDB-response-times-and-count.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MongoDB-response-times-and-count.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MongoDB-response-times-by-collection.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MongoDB-response-times-by-collection.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MongoDB-response-times-by-collection.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MongoDB-response-times-by-collection.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Most-frequent-MySQL-queries.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Most-frequent-MySQL-queries.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Most-frequent-MySQL-queries.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Most-frequent-MySQL-queries.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Most-frequent-PgSQL-queries.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Most-frequent-PgSQL-queries.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Most-frequent-PgSQL-queries.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Most-frequent-PgSQL-queries.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MySQL-Errors.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MySQL-Errors.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MySQL-Errors.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MySQL-Errors.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MySQL-Methods.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MySQL-Methods.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MySQL-Methods.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MySQL-Methods.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MySQL-Reads-vs-Writes.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MySQL-Reads-vs-Writes.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MySQL-Reads-vs-Writes.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MySQL-Reads-vs-Writes.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MySQL-throughput.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MySQL-throughput.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/MySQL-throughput.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/MySQL-throughput.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Mysql-response-times-percentiles.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Mysql-response-times-percentiles.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Mysql-response-times-percentiles.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Mysql-response-times-percentiles.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/NFS-bytes-in-slash-out.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/NFS-bytes-in-slash-out.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/NFS-bytes-in-slash-out.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/NFS-bytes-in-slash-out.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/NFS-clients-pie-chart.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/NFS-clients-pie-chart.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/NFS-clients-pie-chart.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/NFS-clients-pie-chart.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/NFS-errors.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/NFS-errors.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/NFS-errors.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/NFS-errors.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/NFS-operation-table.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/NFS-operation-table.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/NFS-operation-table.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/NFS-operation-table.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/NFS-operations-area-chart.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/NFS-operations-area-chart.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/NFS-operations-area-chart.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/NFS-operations-area-chart.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/NFS-response-times.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/NFS-response-times.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/NFS-response-times.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/NFS-response-times.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/NFS-top-group-pie-chart.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/NFS-top-group-pie-chart.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/NFS-top-group-pie-chart.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/NFS-top-group-pie-chart.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/NFS-top-users-pie-chart.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/NFS-top-users-pie-chart.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/NFS-top-users-pie-chart.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/NFS-top-users-pie-chart.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Navigation.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Navigation.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Navigation.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Navigation.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Network-traffic-between-your-hosts.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Network-traffic-between-your-hosts.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Network-traffic-between-your-hosts.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Network-traffic-between-your-hosts.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Number-of-MongoDB-transactions-with-writeConcern-w-equal-0.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Number-of-MongoDB-transactions-with-writeConcern-w-equal-0.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Number-of-MongoDB-transactions-with-writeConcern-w-equal-0.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Number-of-MongoDB-transactions-with-writeConcern-w-equal-0.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/PgSQL-Errors.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/PgSQL-Errors.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/PgSQL-Errors.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/PgSQL-Errors.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/PgSQL-Methods.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/PgSQL-Methods.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/PgSQL-Methods.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/PgSQL-Methods.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/PgSQL-Reads-vs-Writes.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/PgSQL-Reads-vs-Writes.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/PgSQL-Reads-vs-Writes.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/PgSQL-Reads-vs-Writes.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/PgSQL-response-times-percentiles.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/PgSQL-response-times-percentiles.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/PgSQL-response-times-percentiles.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/PgSQL-response-times-percentiles.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/PgSQL-throughput.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/PgSQL-throughput.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/PgSQL-throughput.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/PgSQL-throughput.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/RPC-transactions.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/RPC-transactions.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/RPC-transactions.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/RPC-transactions.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Reads-versus-Writes.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Reads-versus-Writes.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Reads-versus-Writes.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Reads-versus-Writes.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Response-times-percentiles.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Response-times-percentiles.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Response-times-percentiles.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Response-times-percentiles.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Response-times-repartition.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Response-times-repartition.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Response-times-repartition.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Response-times-repartition.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Slowest-MySQL-queries.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Slowest-MySQL-queries.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Slowest-MySQL-queries.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Slowest-MySQL-queries.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Slowest-PgSQL-queries.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Slowest-PgSQL-queries.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Slowest-PgSQL-queries.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Slowest-PgSQL-queries.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Slowest-Thrift-RPC-methods.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Slowest-Thrift-RPC-methods.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Slowest-Thrift-RPC-methods.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Slowest-Thrift-RPC-methods.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Thrift-RPC-Errors.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Thrift-RPC-Errors.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Thrift-RPC-Errors.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Thrift-RPC-Errors.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Thrift-requests-per-minute.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Thrift-requests-per-minute.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Thrift-requests-per-minute.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Thrift-requests-per-minute.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Thrift-response-times-percentiles.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Thrift-response-times-percentiles.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Thrift-response-times-percentiles.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Thrift-response-times-percentiles.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Top-10-HTTP-requests.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Top-10-HTTP-requests.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Top-10-HTTP-requests.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Top-10-HTTP-requests.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Top-Thrift-RPC-calls-with-errors.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Top-Thrift-RPC-calls-with-errors.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Top-Thrift-RPC-calls-with-errors.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Top-Thrift-RPC-calls-with-errors.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Top-Thrift-RPC-methods.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Top-Thrift-RPC-methods.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Top-Thrift-RPC-methods.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Top-Thrift-RPC-methods.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Top-hosts-creating-traffic.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Top-hosts-creating-traffic.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Top-hosts-creating-traffic.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Top-hosts-creating-traffic.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Top-hosts-receiving-traffic.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Top-hosts-receiving-traffic.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Top-hosts-receiving-traffic.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Top-hosts-receiving-traffic.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Top-slowest-MongoDB-queries.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Top-slowest-MongoDB-queries.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Top-slowest-MongoDB-queries.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Top-slowest-MongoDB-queries.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Total-number-of-HTTP-transactions.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Total-number-of-HTTP-transactions.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Total-number-of-HTTP-transactions.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Total-number-of-HTTP-transactions.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Total-time-spent-in-each-MongoDB-collection.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Total-time-spent-in-each-MongoDB-collection.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Total-time-spent-in-each-MongoDB-collection.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Total-time-spent-in-each-MongoDB-collection.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Unique-FQDNs-per-eTLD 1-Table.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Unique-FQDNs-per-eTLD 1-Table.json new file mode 100644 index 00000000..b46c6040 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Unique-FQDNs-per-eTLD 1-Table.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"Unique FQDNs per eTLD+1 Table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.question.etld_plus_one\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"ETLD+1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"dns.question.name\",\"customLabel\":\"Unique Domains\"}}],\"listeners\":{}}", + "description": "", + "title": "Unique FQDNs per eTLD+1 Table", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "savedSearchId": "DNS", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Unique-FQDNs-per-eTLD 1.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Unique-FQDNs-per-eTLD 1.json new file mode 100644 index 00000000..f85aa847 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Unique-FQDNs-per-eTLD 1.json @@ -0,0 +1,11 @@ +{ + "visState": "{\"title\":\"Unique FQDNs per eTLD+1\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"grouped\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":true,\"setYExtents\":false,\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"dns.question.name\",\"customLabel\":\"Unique Subdomain Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.question.etld_plus_one\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domains\"}}],\"listeners\":{}}", + "description": "", + "title": "Unique FQDNs per eTLD+1", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Unique count of dns.question.name\":\"#E0752D\",\"Count\":\"#1F78C1\"}}}", + "version": 1, + "savedSearchId": "DNS", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Web-transactions.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Web-transactions.json similarity index 100% rename from vendor/github.com/elastic/beats/packetbeat/_meta/kibana/visualization/Web-transactions.json rename to vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/Web-transactions.json diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/dc743240-1665-11e7-a6de-cbac1a3d0a7d.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/dc743240-1665-11e7-a6de-cbac1a3d0a7d.json new file mode 100644 index 00000000..cadcd4a9 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/5.x/visualization/dc743240-1665-11e7-a6de-cbac1a3d0a7d.json @@ -0,0 +1,10 @@ +{ + "visState": "{\"title\":\"Top Domains by Data Volume\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_in\",\"customLabel\":\"Bytes In\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.question.etld_plus_one\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"3\",\"customLabel\":\"ETLD+1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_out\",\"customLabel\":\"Bytes Out\"}}],\"listeners\":{}}", + "description": "", + "title": "Top Domains by Data Volume", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"type:dns\",\"analyze_wildcard\":true}},\"filter\":[]}" + } +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-cassandra.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-cassandra.json new file mode 100644 index 00000000..af337c98 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-cassandra.json @@ -0,0 +1,197 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Cassandra ResponseKeyspace", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Cassandra ResponseKeyspace\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"cassandra.response.result.rows.meta.keyspace\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"cassandra.response.result.rows.meta.table\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Cassandra-ResponseKeyspace", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Cassandra ResponseType", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Cassandra ResponseType\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"cassandra.response.result.type\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Cassandra-ResponseType", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"type:cassandra\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Cassandra ResponseTime", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Cassandra ResponseTime\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"percentiles\",\"schema\":\"metric\",\"params\":{\"field\":\"responsetime\",\"percents\":[5,25,50,75,95]}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "Cassandra-ResponseTime", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"type:cassandra\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Cassandra RequestCount", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Cassandra RequestCount\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "Cassandra-RequestCount", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"type:cassandra\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Cassandra Ops", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Cassandra Ops\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"cassandra.request.headers.op\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"cassandra.response.headers.op\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Cassandra-Ops", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"type:cassandra\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Cassandra RequestCountStackByType", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Cassandra RequestCountStackByType\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"cassandra.request.headers.op\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Cassandra-RequestCountStackByType", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Cassandra ResponseCountStackByType", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Cassandra ResponseCountStackByType\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"cassandra.response.headers.op\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Cassandra-ResponseCountStackByType", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Cassandra RequestCountByType", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Cassandra RequestCountByType\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"log\",\"drawLinesBetweenPoints\":false,\"radiusRatio\":\"13\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"cassandra.request.headers.op\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"count\",\"schema\":\"radius\",\"params\":{}}],\"listeners\":{}}" + }, + "id": "Cassandra-RequestCountByType", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Cassandra ResponseCountByType", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Cassandra: ResponseCountByType\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"log\",\"drawLinesBetweenPoints\":false,\"radiusRatio\":\"15\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"cassandra.response.headers.op\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"type\":\"count\",\"schema\":\"radius\",\"params\":{}}],\"listeners\":{}}" + }, + "id": "Cassandra-ResponseCountByType", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Navigation", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### Packetbeat:\\n\\n[Overview](#/dashboard/Packetbeat-Dashboard)\\n\\n[Flows](#/dashboard/Packetbeat-Flows)\\n\\n[Web transactions](#/dashboard/Packetbeat-HTTP)\\n\\n[MySQL performance](#/dashboard/Packetbeat-MySQL-performance)\\n\\n[PostgreSQL performance](#/dashboard/Packetbeat-PgSQL-performance)\\n\\n[MongoDB performance](#/dashboard/Packetbeat-MongoDB-performance)\\n\\n[Thrift-RPC performance](#/dashboard/Packetbeat-Thrift-performance)\\n\\n[NFS transactions](#/dashboard/Packetbeat-NFS)\\n\\n[Cassandra performance](#/dashboard/Packetbeat-Cassandra)\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "Navigation", + "type": "visualization", + "version": 18 + }, + { + "attributes": { + "columns": [ + "cassandra.request.query", + "cassandra.response.result.rows.meta.keyspace", + "cassandra.response.result.rows.meta.table", + "cassandra.response.result.rows.num_rows" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"packetbeat-*\",\"key\":\"cassandra.request.headers.op\",\"value\":\"QUERY\",\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"cassandra.request.headers.op\":{\"query\":\"QUERY\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"index\":\"packetbeat-*\",\"key\":\"cassandra.response.headers.op\",\"value\":\"ERROR\",\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"cassandra.response.headers.op\":{\"query\":\"ERROR\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Cassandra QueryView", + "version": 1 + }, + "id": "Cassandra-QueryView", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":10,\"id\":\"Cassandra-ResponseKeyspace\",\"panelIndex\":3,\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Cassandra-ResponseType\",\"panelIndex\":4,\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Cassandra-ResponseTime\",\"panelIndex\":9,\"row\":5,\"size_x\":12,\"size_y\":2,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Cassandra-RequestCount\",\"panelIndex\":10,\"row\":1,\"size_x\":9,\"size_y\":2,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Cassandra-Ops\",\"panelIndex\":11,\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Cassandra-RequestCountStackByType\",\"panelIndex\":15,\"row\":7,\"size_x\":12,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Cassandra-ResponseCountStackByType\",\"panelIndex\":16,\"row\":9,\"size_x\":12,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Cassandra-RequestCountByType\",\"panelIndex\":17,\"row\":11,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Cassandra-ResponseCountByType\",\"panelIndex\":18,\"row\":11,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Navigation\",\"panelIndex\":19,\"row\":1,\"size_x\":3,\"size_y\":4,\"type\":\"visualization\"},{\"id\":\"Cassandra-QueryView\",\"type\":\"search\",\"panelIndex\":20,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":14,\"columns\":[\"cassandra.request.query\",\"cassandra.response.result.rows.meta.keyspace\",\"cassandra.response.result.rows.meta.table\",\"cassandra.response.result.rows.num_rows\"],\"sort\":[\"@timestamp\",\"desc\"]}]", + "timeRestore": false, + "title": "Packetbeat Cassandra", + "uiStateJSON": "{\"P-10\":{\"vis\":{\"legendOpen\":false}},\"P-17\":{\"vis\":{\"legendOpen\":false}},\"P-18\":{\"vis\":{\"legendOpen\":false}}}", + "version": 1 + }, + "id": "Packetbeat-Cassandra", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-dns-tunneling.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-dns-tunneling.json new file mode 100644 index 00000000..1231e3ef --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-dns-tunneling.json @@ -0,0 +1,107 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "DNS", + "title": "Unique FQDNs per eTLD+1", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Unique count of dns.question.name\":\"#E0752D\",\"Count\":\"#1F78C1\"}}}", + "version": 1, + "visState": "{\"title\":\"Unique FQDNs per eTLD+1\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"grouped\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":true,\"setYExtents\":false,\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"dns.question.name\",\"customLabel\":\"Unique Subdomain Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.question.etld_plus_one\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domains\"}}],\"listeners\":{}}" + }, + "id": "Unique-FQDNs-per-eTLD 1", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "DNS", + "title": "Unique FQDNs per eTLD+1 Table", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"Unique FQDNs per eTLD+1 Table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.question.etld_plus_one\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"ETLD+1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"dns.question.name\",\"customLabel\":\"Unique Domains\"}}],\"listeners\":{}}" + }, + "id": "Unique-FQDNs-per-eTLD 1-Table", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "DNS", + "title": "Bytes Transferred per Domain", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Unique count of dns.question.name\":\"#E0752D\",\"Count\":\"#1F78C1\",\"Bytes Out\":\"#629E51\",\"Bytes In\":\"#F2C96D\"}}}", + "version": 1, + "visState": "{\"title\":\"Bytes Transferred per Domain\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"grouped\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":true,\"setYExtents\":false,\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_out\",\"customLabel\":\"Bytes Out\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.question.etld_plus_one\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domains\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_in\",\"customLabel\":\"Bytes In\"}}],\"listeners\":{}}" + }, + "id": "Bytes-Transferred-per-Domain", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"type:dns\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Top Domains by Data Volume", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"Top Domains by Data Volume\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_in\",\"customLabel\":\"Bytes In\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.question.etld_plus_one\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"3\",\"customLabel\":\"ETLD+1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_out\",\"customLabel\":\"Bytes Out\"}}],\"listeners\":{}}" + }, + "id": "dc743240-1665-11e7-a6de-cbac1a3d0a7d", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"type: dns\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "DNS", + "version": 1 + }, + "id": "DNS", + "type": "search", + "version": 10 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"NOT dns.question.type:PTR\",\"analyze_wildcard\":true}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"Unique-FQDNs-per-eTLD 1\",\"panelIndex\":1,\"row\":1,\"size_x\":12,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Unique-FQDNs-per-eTLD 1-Table\",\"panelIndex\":2,\"row\":8,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Bytes-Transferred-per-Domain\",\"panelIndex\":4,\"row\":5,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"dc743240-1665-11e7-a6de-cbac1a3d0a7d\",\"panelIndex\":5,\"row\":8,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"}]", + "timeRestore": false, + "title": "DNS Tunneling", + "uiStateJSON": "{\"P-1\":{\"spy\":{\"mode\":{\"fill\":false,\"name\":null}},\"vis\":{\"legendOpen\":false,\"colors\":{\"Unique count of dns.question.name\":\"#E0752D\",\"Count\":\"#1F78C1\",\"Unique Subdomain Count\":\"#EF843C\"}}},\"P-2\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-4\":{\"vis\":{\"legendOpen\":false}},\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "version": 1 + }, + "id": "DNS-Unique-Domains", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-dns.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-dns.json new file mode 100644 index 00000000..6ece32fa --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-dns.json @@ -0,0 +1,118 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "DNS", + "title": "DNS Count and Response Time", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"DNS Count and Response Time\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"histogram\",\"schema\":\"group\",\"params\":{\"field\":\"responsetime\",\"interval\":50,\"min_doc_count\":false,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "DNS-Count-and-Response-Time", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "DNS", + "title": "DNS Query Summary", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"DNS Query Summary\",\"type\":\"metric\",\"params\":{\"fontSize\":\"17\",\"handleNoResults\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_in\",\"customLabel\":\"Bytes In\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_out\",\"customLabel\":\"Bytes Out\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"responsetime\",\"customLabel\":\"Avg Response Time (ms)\"}}],\"listeners\":{}}" + }, + "id": "DNS-Query-Summary", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "DNS Question Types", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"DNS Question Types\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.question.type\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "DNS-Question-Types", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"type: dns\"}},\"filter\":[]}" + }, + "title": "DNS Request Status Over Time", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Error\":\"#890F02\",\"OK\":\"#0A50A1\"}}}", + "version": 1, + "visState": "{\"title\":\"DNS Request Status Over Time\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"status\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "DNS-Request-Status-Over-Time", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"type: dns AND status: OK\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "title": "DNS Top 10 Questions", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"DNS Top 10 Questions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.question.name\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Question\"}}],\"listeners\":{}}" + }, + "id": "DNS-Top-10-Questions", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[],\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"type: dns\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "title": "DNS Response Codes", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"DNS Response Codes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.response_code\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code\"}}],\"listeners\":{}}" + }, + "id": "DNS-Response-Codes", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"type: dns\",\"analyze_wildcard\":true}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "DNS", + "version": 1 + }, + "id": "DNS", + "type": "search", + "version": 10 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-flows.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-flows.json new file mode 100644 index 00000000..58397f51 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-flows.json @@ -0,0 +1,131 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Navigation", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### Packetbeat:\\n\\n[Overview](#/dashboard/Packetbeat-Dashboard)\\n\\n[Flows](#/dashboard/Packetbeat-Flows)\\n\\n[Web transactions](#/dashboard/Packetbeat-HTTP)\\n\\n[MySQL performance](#/dashboard/Packetbeat-MySQL-performance)\\n\\n[PostgreSQL performance](#/dashboard/Packetbeat-PgSQL-performance)\\n\\n[MongoDB performance](#/dashboard/Packetbeat-MongoDB-performance)\\n\\n[Thrift-RPC performance](#/dashboard/Packetbeat-Thrift-performance)\\n\\n[NFS transactions](#/dashboard/Packetbeat-NFS)\\n\\n[Cassandra performance](#/dashboard/Packetbeat-Cassandra)\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "Navigation", + "type": "visualization", + "version": 18 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Packetbeat-Flows-Search", + "title": "Connections over time", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Connections over time\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"smoothLines\":true,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"flow_id\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "Connections-over-time", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Packetbeat-Flows-Search", + "title": "Top hosts creating traffic", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Top hosts creating traffic\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"smoothLines\":true,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"source.stats.net_bytes_total\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source.ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Top-hosts-creating-traffic", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Packetbeat-Flows-Search", + "title": "Top hosts receiving traffic", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Top hosts receiving traffic\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"smoothLines\":true,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"dest.stats.net_bytes_total\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest.ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Top-hosts-receiving-traffic", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Packetbeat-Flows-Search", + "title": "Network traffic between your hosts", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"Network traffic between your hosts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"source.stats.net_bytes_total\",\"customLabel\":\"Source traffic\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"dest.stats.net_bytes_total\",\"customLabel\":\"Destination traffic\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest.ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Network-traffic-between-your-hosts", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "type", + "start_time", + "last_time", + "source.ip", + "source.port", + "dest.ip", + "dest.port", + "source.stats.net_bytes_total", + "dest.stats.net_bytes_total" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"type: flow\",\"analyze_wildcard\":true}}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Packetbeat Flows Search", + "version": 1 + }, + "id": "Packetbeat-Flows-Search", + "type": "search", + "version": 8 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"Navigation\",\"panelIndex\":2,\"row\":1,\"size_x\":3,\"size_y\":4,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Connections-over-time\",\"panelIndex\":3,\"row\":1,\"size_x\":9,\"size_y\":5,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Top-hosts-creating-traffic\",\"panelIndex\":1,\"row\":6,\"size_x\":6,\"size_y\":7,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Top-hosts-receiving-traffic\",\"panelIndex\":4,\"row\":6,\"size_x\":6,\"size_y\":7,\"type\":\"visualization\"},{\"id\":\"Network-traffic-between-your-hosts\",\"type\":\"visualization\",\"panelIndex\":5,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":13}]", + "timeRestore": false, + "title": "Packetbeat Flows", + "uiStateJSON": "{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "version": 1 + }, + "id": "Packetbeat-Flows", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-http.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-http.json new file mode 100644 index 00000000..01869a5a --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-http.json @@ -0,0 +1,131 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Web-transactions", + "title": "Web transactions", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Web transactions\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":false,\"mode\":\"stacked\",\"defaultYExtents\":false,\"scale\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "Web-transactions", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": [\n {\n \"$state\": {\n \"store\": \"appState\"\n },\n \"meta\": {\n \"disabled\": false,\n \"index\": \"packetbeat-*\",\n \"key\": \"type\",\n \"negate\": false,\n \"value\": \"http\",\n \"alias\": null\n },\n \"query\": {\n \"match\": {\n \"type\": {\n \"query\": \"http\",\n \"type\": \"phrase\"\n }\n }\n }\n }\n ],\n \"index\": \"packetbeat-*\",\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n }\n },\n \"query\": {\n \"query_string\": {\n \"query\": \"http.response.code: [300 TO *]\",\n \"analyze_wildcard\": true\n }\n }\n}" + }, + "title": "HTTP error codes", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\n \"title\": \"HTTP error codes\",\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": false,\n \"mode\": \"stacked\",\n \"defaultYExtents\": false,\n \"scale\": \"linear\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"type\"\n }\n },\n {\n \"id\": \"2\",\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"http.response.code\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "HTTP-error-codes", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": [\n {\n \"$state\": {\n \"store\": \"appState\"\n },\n \"meta\": {\n \"disabled\": false,\n \"index\": \"packetbeat-*\",\n \"key\": \"type\",\n \"negate\": false,\n \"value\": \"http\",\n \"alias\": null\n },\n \"query\": {\n \"match\": {\n \"type\": {\n \"query\": \"http\",\n \"type\": \"phrase\"\n }\n }\n }\n }\n ],\n \"index\": \"packetbeat-*\",\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n }\n },\n \"query\": {\n \"query_string\": {\n \"query\": \"!http.response.code: [200 TO 299]\",\n \"analyze_wildcard\": true\n }\n }\n}" + }, + "title": "HTTP error codes evolution", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\n \"title\": \"HTTP error codes evolution\",\n \"type\": \"line\",\n \"params\": {\n \"addLegend\": true,\n \"addTooltip\": true,\n \"defaultYExtents\": false,\n \"shareYAxis\": true,\n \"showCircles\": true,\n \"smoothLines\": false,\n \"interpolate\": \"linear\",\n \"scale\": \"linear\",\n \"drawLinesBetweenPoints\": true,\n \"radiusRatio\": 9,\n \"times\": [],\n \"addTimeMarker\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"type\"\n }\n },\n {\n \"id\": \"2\",\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"http.response.code\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "HTTP-error-codes-evolution", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Navigation", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### Packetbeat:\\n\\n[Overview](#/dashboard/Packetbeat-Dashboard)\\n\\n[Flows](#/dashboard/Packetbeat-Flows)\\n\\n[Web transactions](#/dashboard/Packetbeat-HTTP)\\n\\n[MySQL performance](#/dashboard/Packetbeat-MySQL-performance)\\n\\n[PostgreSQL performance](#/dashboard/Packetbeat-PgSQL-performance)\\n\\n[MongoDB performance](#/dashboard/Packetbeat-MongoDB-performance)\\n\\n[Thrift-RPC performance](#/dashboard/Packetbeat-Thrift-performance)\\n\\n[NFS transactions](#/dashboard/Packetbeat-NFS)\\n\\n[Cassandra performance](#/dashboard/Packetbeat-Cassandra)\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "Navigation", + "type": "visualization", + "version": 18 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Web-transactions", + "title": "Total number of HTTP transactions", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Total number of HTTP transactions\",\"type\":\"metric\",\"params\":{\"fontSize\":\"37\",\"handleNoResults\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}" + }, + "id": "Total-number-of-HTTP-transactions", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": []\n}" + }, + "savedSearchId": "Web-transactions", + "title": "HTTP codes for the top queries", + "version": 1, + "visState": "{\n \"type\": \"pie\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"isDonut\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"type\": \"terms\",\n \"schema\": \"split\",\n \"params\": {\n \"field\": \"query\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"row\": false\n }\n },\n {\n \"id\": \"3\",\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"http.response.code\",\n \"size\": 10,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "HTTP-codes-for-the-top-queries", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Web-transactions", + "title": "Top 10 HTTP requests", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Top 10 HTTP requests\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Top-10-HTTP-requests", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":4,\"id\":\"Web-transactions\",\"row\":1,\"size_x\":9,\"size_y\":4,\"type\":\"visualization\",\"panelIndex\":1},{\"col\":1,\"id\":\"HTTP-error-codes\",\"row\":8,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\",\"panelIndex\":2},{\"col\":7,\"id\":\"HTTP-error-codes-evolution\",\"row\":8,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\",\"panelIndex\":3},{\"col\":1,\"id\":\"Navigation\",\"row\":1,\"size_x\":3,\"size_y\":4,\"type\":\"visualization\",\"panelIndex\":4},{\"col\":1,\"id\":\"Total-number-of-HTTP-transactions\",\"row\":5,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\",\"panelIndex\":5},{\"col\":4,\"id\":\"HTTP-codes-for-the-top-queries\",\"row\":5,\"size_x\":9,\"size_y\":3,\"type\":\"visualization\",\"panelIndex\":6},{\"id\":\"Top-10-HTTP-requests\",\"type\":\"visualization\",\"size_x\":12,\"size_y\":5,\"col\":1,\"row\":11,\"panelIndex\":7}]", + "timeRestore": false, + "title": "Packetbeat HTTP", + "uiStateJSON": "{}", + "version": 1 + }, + "id": "Packetbeat-HTTP", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-mongodb.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-mongodb.json new file mode 100644 index 00000000..37bd9dc0 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-mongodb.json @@ -0,0 +1,200 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Navigation", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### Packetbeat:\\n\\n[Overview](#/dashboard/Packetbeat-Dashboard)\\n\\n[Flows](#/dashboard/Packetbeat-Flows)\\n\\n[Web transactions](#/dashboard/Packetbeat-HTTP)\\n\\n[MySQL performance](#/dashboard/Packetbeat-MySQL-performance)\\n\\n[PostgreSQL performance](#/dashboard/Packetbeat-PgSQL-performance)\\n\\n[MongoDB performance](#/dashboard/Packetbeat-MongoDB-performance)\\n\\n[Thrift-RPC performance](#/dashboard/Packetbeat-Thrift-performance)\\n\\n[NFS transactions](#/dashboard/Packetbeat-NFS)\\n\\n[Cassandra performance](#/dashboard/Packetbeat-Cassandra)\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "Navigation", + "type": "visualization", + "version": 18 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MongoDB-errors", + "title": "MongoDB errors", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MongoDB errors\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"radiusRatio\":9,\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"spyPerPage\":10,\"times\":[],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"resource\",\"size\":3,\"order\":\"desc\",\"orderBy\":\"1\",\"row\":true}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"method\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "MongoDB-errors", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MongoDB-transactions", + "title": "MongoDB commands", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MongoDB commands\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"smoothLines\":true,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"silhouette\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"method\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "MongoDB-commands", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MongoDB-errors", + "title": "MongoDB errors per collection", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MongoDB errors per collection\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"radiusRatio\":9,\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"spyPerPage\":10,\"times\":[],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"resource\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "MongoDB-errors-per-collection", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MongoDB-transactions", + "title": "MongoDB in/out throughput", + "version": 1, + "visState": "{\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_in\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"4\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_out\"}}],\"listeners\":{}}" + }, + "id": "MongoDB-in-slash-out-throughput", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MongoDB-transactions", + "title": "MongoDB response times by collection", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MongoDB response times by collection\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":false,\"radiusRatio\":\"9\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"percentiles\",\"schema\":\"metric\",\"params\":{\"field\":\"responsetime\",\"percents\":[99]}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"resource\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1.99\"}},{\"id\":\"4\",\"type\":\"count\",\"schema\":\"radius\",\"params\":{}}],\"listeners\":{}}" + }, + "id": "MongoDB-response-times-by-collection", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MongoDB-transactions", + "title": "Top slowest MongoDB queries", + "version": 1, + "visState": "{\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"percentiles\",\"schema\":\"metric\",\"params\":{\"field\":\"responsetime\",\"percents\":[99]}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1.99\"}}],\"listeners\":{}}" + }, + "id": "Top-slowest-MongoDB-queries", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MongoDB-transactions-with-write-concern-0", + "title": "Number of MongoDB transactions with writeConcern w=0", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Number of MongoDB transactions with writeConcern w=0\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"count\",\"schema\":\"radius\",\"params\":{}}],\"listeners\":{}}" + }, + "id": "Number-of-MongoDB-transactions-with-writeConcern-w-equal-0", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "method", + "type", + "path", + "responsetime", + "status", + "query" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[{\"meta\":{\"disabled\":false,\"index\":\"packetbeat-*\",\"key\":\"type\",\"negate\":false,\"value\":\"mongodb\"},\"query\":{\"match\":{\"type\":{\"query\":\"mongodb\",\"type\":\"phrase\"}}}}],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "MongoDB transactions", + "version": 1 + }, + "id": "MongoDB-transactions", + "type": "search", + "version": 8 + }, + { + "attributes": { + "columns": [ + "method", + "type", + "path", + "responsetime", + "status", + "query" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[{\"meta\":{\"disabled\":false,\"index\":\"packetbeat-*\",\"key\":\"type\",\"negate\":false,\"value\":\"mongodb\"},\"query\":{\"match\":{\"type\":{\"query\":\"mongodb\",\"type\":\"phrase\"}}}}],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"request: \\\"writeConcern w 0\\\"\"}}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "MongoDB transactions with write concern 0", + "version": 1 + }, + "id": "MongoDB-transactions-with-write-concern-0", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"Navigation\",\"row\":1,\"size_x\":3,\"size_y\":4,\"type\":\"visualization\",\"panelIndex\":1},{\"col\":4,\"id\":\"MongoDB-errors\",\"row\":1,\"size_x\":5,\"size_y\":4,\"type\":\"visualization\",\"panelIndex\":2},{\"col\":9,\"id\":\"MongoDB-commands\",\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\",\"panelIndex\":3},{\"col\":1,\"id\":\"MongoDB-errors-per-collection\",\"row\":5,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\",\"panelIndex\":4},{\"col\":5,\"id\":\"MongoDB-in-slash-out-throughput\",\"row\":5,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\",\"panelIndex\":5},{\"col\":1,\"id\":\"MongoDB-response-times-by-collection\",\"row\":8,\"size_x\":8,\"size_y\":5,\"type\":\"visualization\",\"panelIndex\":6},{\"col\":9,\"id\":\"Top-slowest-MongoDB-queries\",\"row\":8,\"size_x\":4,\"size_y\":5,\"type\":\"visualization\",\"panelIndex\":7},{\"id\":\"Number-of-MongoDB-transactions-with-writeConcern-w-equal-0\",\"type\":\"visualization\",\"size_x\":4,\"size_y\":3,\"col\":9,\"row\":5,\"panelIndex\":8}]", + "timeRestore": false, + "title": "Packetbeat MongoDB performance", + "uiStateJSON": "{}", + "version": 1 + }, + "id": "Packetbeat-MongoDB-performance", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-mysql.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-mysql.json new file mode 100644 index 00000000..52ffd70b --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-mysql.json @@ -0,0 +1,197 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MySQL-errors", + "title": "MySQL Errors", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MySQL Errors\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":false,\"mode\":\"stacked\",\"defaultYExtents\":false,\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "MySQL-Errors", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MySQL-Transactions", + "title": "MySQL Methods", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MySQL Methods\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"mode\":\"wiggle\",\"defaultYExtents\":false,\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"method\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "MySQL-Methods", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Navigation", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### Packetbeat:\\n\\n[Overview](#/dashboard/Packetbeat-Dashboard)\\n\\n[Flows](#/dashboard/Packetbeat-Flows)\\n\\n[Web transactions](#/dashboard/Packetbeat-HTTP)\\n\\n[MySQL performance](#/dashboard/Packetbeat-MySQL-performance)\\n\\n[PostgreSQL performance](#/dashboard/Packetbeat-PgSQL-performance)\\n\\n[MongoDB performance](#/dashboard/Packetbeat-MongoDB-performance)\\n\\n[Thrift-RPC performance](#/dashboard/Packetbeat-Thrift-performance)\\n\\n[NFS transactions](#/dashboard/Packetbeat-NFS)\\n\\n[Cassandra performance](#/dashboard/Packetbeat-Cassandra)\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "Navigation", + "type": "visualization", + "version": 18 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MySQL-Transactions", + "title": "MySQL throughput", + "version": 1, + "visState": "{\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"defaultYExtents\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_out\"}},{\"id\":\"3\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_in\"}},{\"id\":\"4\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "MySQL-throughput", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MySQL-Transactions", + "title": "Most frequent MySQL queries", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Most frequent MySQL queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Most-frequent-MySQL-queries", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MySQL-Transactions", + "title": "Slowest MySQL queries", + "version": 1, + "visState": "{\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"responsetime\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Slowest-MySQL-queries", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MySQL-Transactions", + "title": "Mysql response times percentiles", + "version": 1, + "visState": "{\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"defaultYExtents\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"percentiles\",\"schema\":\"metric\",\"params\":{\"field\":\"responsetime\",\"percents\":[75,99,99.5]}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "Mysql-response-times-percentiles", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "MySQL-Transactions", + "title": "MySQL Reads vs Writes", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"MySQL Reads vs Writes\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"mode\":\"stacked\",\"defaultYExtents\":false,\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":{\"query_string\":{\"query\":\"method: SELECT\",\"analyze_wildcard\":true}}}},{\"input\":{\"query\":{\"query_string\":{\"query\":\"method: INSERT or method: UPDATE or method: DELETE\",\"analyze_wildcard\":true}}}}]}}],\"listeners\":{}}" + }, + "id": "MySQL-Reads-vs-Writes", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "method", + "type", + "path", + "responsetime", + "status" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[{\"meta\":{\"disabled\":false,\"index\":\"packetbeat-*\",\"key\":\"type\",\"negate\":false,\"value\":\"mysql\"},\"query\":{\"match\":{\"type\":{\"query\":\"mysql\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"packetbeat-*\",\"negate\":true,\"key\":\"status\",\"value\":\"OK\",\"disabled\":false},\"query\":{\"match\":{\"status\":{\"query\":\"OK\",\"type\":\"phrase\"}}}}],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "MySQL errors", + "version": 1 + }, + "id": "MySQL-errors", + "type": "search", + "version": 2 + }, + { + "attributes": { + "columns": [ + "method", + "type", + "path", + "responsetime", + "status" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[{\"meta\":{\"index\":\"packetbeat-*\",\"negate\":false,\"key\":\"type\",\"value\":\"mysql\",\"disabled\":false},\"query\":{\"match\":{\"type\":{\"query\":\"mysql\",\"type\":\"phrase\"}}}}],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "MySQL Transactions", + "version": 1 + }, + "id": "MySQL-Transactions", + "type": "search", + "version": 12 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":4,\"id\":\"MySQL-Errors\",\"panelIndex\":1,\"row\":1,\"size_x\":5,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"MySQL-Methods\",\"panelIndex\":2,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Navigation\",\"panelIndex\":3,\"row\":1,\"size_x\":3,\"size_y\":4,\"type\":\"visualization\"},{\"col\":7,\"id\":\"MySQL-throughput\",\"panelIndex\":4,\"row\":8,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Most-frequent-MySQL-queries\",\"panelIndex\":5,\"row\":11,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Slowest-MySQL-queries\",\"panelIndex\":6,\"row\":11,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Mysql-response-times-percentiles\",\"panelIndex\":7,\"row\":5,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"MySQL-Reads-vs-Writes\",\"panelIndex\":8,\"row\":8,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"}]", + "timeRestore": false, + "title": "Packetbeat MySQL performance", + "uiStateJSON": "{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", + "version": 1 + }, + "id": "Packetbeat-MySQL-performance", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-nfs.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-nfs.json new file mode 100644 index 00000000..e5d5b8ef --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-nfs.json @@ -0,0 +1,208 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": []\n}" + }, + "savedSearchId": "nfs", + "title": "NFS clients pie chart", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\n \"title\": \"NFS clients pie chart\",\n \"type\": \"pie\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"isDonut\": true\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"rpc.cred.machinename\",\n \"size\": 16,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "NFS-clients-pie-chart", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "nfs", + "title": "NFS operations area chart", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"NFS operations area chart\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"smoothLines\":true,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"nfs.opcode\",\"size\":16,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "NFS-operations-area-chart", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": []\n}" + }, + "savedSearchId": "nfs", + "title": "NFS top group pie chart", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\n \"title\": \"New Visualization\",\n \"type\": \"pie\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"isDonut\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"rpc.cred.gid\",\n \"size\": 16,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "NFS-top-group-pie-chart", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": []\n}" + }, + "savedSearchId": "nfs", + "title": "NFS top users pie chart", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\n \"title\": \"New Visualization\",\n \"type\": \"pie\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"isDonut\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"rpc.cred.uid\",\n \"size\": 16,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "NFS-top-users-pie-chart", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "nfs", + "title": "NFS response times", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"NFS response times\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":true,\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"radiusRatio\":\"9\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":true,\"times\":[],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"median\",\"schema\":\"metric\",\"params\":{\"field\":\"rpc.time\",\"percents\":[50]}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "NFS-response-times", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "NFS-errors-search", + "title": "NFS errors", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"NFS errors\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"nfs.status\",\"size\":12,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "NFS-errors", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "nfs", + "title": "NFS operation table", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"NFS operation table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"rpc.time\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"nfs.opcode\",\"size\":16,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}" + }, + "id": "NFS-operation-table", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "nfs", + "title": "NFS bytes in / out", + "uiStateJSON": "{\"vis\":{\"colors\":{\"Sum of rpc.reply_size\":\"#7EB26D\"}}}", + "version": 1, + "visState": "{\"title\":\"NFS bytes in / out\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"rpc.call_size\"}},{\"id\":\"2\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"rpc.reply_size\"}},{\"id\":\"3\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "NFS-bytes-in-slash-out", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Navigation", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### Packetbeat:\\n\\n[Overview](#/dashboard/Packetbeat-Dashboard)\\n\\n[Flows](#/dashboard/Packetbeat-Flows)\\n\\n[Web transactions](#/dashboard/Packetbeat-HTTP)\\n\\n[MySQL performance](#/dashboard/Packetbeat-MySQL-performance)\\n\\n[PostgreSQL performance](#/dashboard/Packetbeat-PgSQL-performance)\\n\\n[MongoDB performance](#/dashboard/Packetbeat-MongoDB-performance)\\n\\n[Thrift-RPC performance](#/dashboard/Packetbeat-Thrift-performance)\\n\\n[NFS transactions](#/dashboard/Packetbeat-NFS)\\n\\n[Cassandra performance](#/dashboard/Packetbeat-Cassandra)\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "Navigation", + "type": "visualization", + "version": 18 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"packetbeat-*\",\"key\":\"type\",\"negate\":false,\"value\":\"nfs\"},\"query\":{\"match\":{\"type\":{\"query\":\"nfs\",\"type\":\"phrase\"}}}}],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "nfs", + "version": 1 + }, + "id": "nfs", + "type": "search", + "version": 14 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"packetbeat-*\",\"key\":\"type\",\"value\":\"nfs\",\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"type\":{\"query\":\"nfs\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"index\":\"packetbeat-*\",\"key\":\"nfs.status\",\"value\":\"NFSERR_NOENT\",\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"nfs.status\":{\"query\":\"NFSERR_NOENT\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"index\":\"packetbeat-*\",\"key\":\"nfs.status\",\"value\":\"NFS_OK\",\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"nfs.status\":{\"query\":\"NFS_OK\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "NFS errors search", + "version": 1 + }, + "id": "NFS-errors-search", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":5,\"id\":\"NFS-clients-pie-chart\",\"panelIndex\":1,\"row\":1,\"size_x\":4,\"size_y\":5,\"type\":\"visualization\"},{\"col\":1,\"id\":\"NFS-operations-area-chart\",\"panelIndex\":3,\"row\":12,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"NFS-top-group-pie-chart\",\"panelIndex\":4,\"row\":1,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":9,\"id\":\"NFS-top-users-pie-chart\",\"panelIndex\":5,\"row\":3,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"NFS-response-times\",\"panelIndex\":6,\"row\":6,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"NFS-errors\",\"panelIndex\":7,\"row\":9,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"NFS-operation-table\",\"panelIndex\":8,\"row\":12,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"NFS-bytes-in-slash-out\",\"panelIndex\":9,\"row\":6,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"id\":\"Navigation\",\"type\":\"visualization\",\"panelIndex\":10,\"size_x\":4,\"size_y\":5,\"col\":1,\"row\":1}]", + "timeRestore": false, + "title": "Packetbeat NFS", + "uiStateJSON": "{\"P-1\":{\"vis\":{\"legendOpen\":true}},\"P-4\":{\"spy\":{\"mode\":{\"fill\":false,\"name\":null}},\"vis\":{\"legendOpen\":true}},\"P-5\":{\"vis\":{\"legendOpen\":true}},\"P-6\":{\"vis\":{\"legendOpen\":false}},\"P-9\":{\"vis\":{\"legendOpen\":true}}}", + "version": 1 + }, + "id": "Packetbeat-NFS", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-overview.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-overview.json new file mode 100644 index 00000000..51883535 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-overview.json @@ -0,0 +1,253 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Web-transactions", + "title": "Web transactions", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Web transactions\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":false,\"mode\":\"stacked\",\"defaultYExtents\":false,\"scale\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "Web-transactions", + "type": "visualization", + "version": 4 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "DB-transactions", + "title": "DB transactions", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"DB transactions\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"mode\":\"stacked\",\"defaultYExtents\":false,\"scale\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"type\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "DB-transactions", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Cache-transactions", + "title": "Cache transactions", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Cache transactions\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":false,\"mode\":\"stacked\",\"defaultYExtents\":false,\"scale\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "Cache-transactions", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "RPC-transactions", + "title": "RPC transactions", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"RPC transactions\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":false,\"mode\":\"stacked\",\"defaultYExtents\":false,\"scale\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"type\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "RPC-transactions", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Packetbeat-Search", + "title": "Response times percentiles", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Response times percentiles\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"percentiles\",\"schema\":\"metric\",\"params\":{\"field\":\"responsetime\",\"percents\":[75,95,99]}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "Response-times-percentiles", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Transactions-errors", + "title": "Errors count over time", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"New Visualization\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"custom\",\"customInterval\":\"30s\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"type\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Errors-count-over-time", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Packetbeat-Search", + "title": "Errors vs successful transactions", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Errors vs successful transactions\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"percentage\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"status\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Errors-vs-successful-transactions", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Packetbeat-Search", + "title": "Latency histogram", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Latency histogram\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"smoothLines\":true,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"responsetime\",\"interval\":10,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "Latency-histogram", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Client locations", + "uiStateJSON": "{\"mapCenter\":[0,-0.17578125]}", + "version": 1, + "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"autoPrecision\":true,\"field\":\"client_geoip.location\"},\"schema\":\"segment\",\"type\":\"geohash_grid\"}],\"listeners\":{},\"params\":{\"addTooltip\":true,\"heatBlur\":15,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatNormalizeData\":true,\"heatRadius\":25,\"isDesaturated\":true,\"mapCenter\":[15,5],\"mapType\":\"Scaled Circle Markers\",\"mapZoom\":2,\"wms\":{\"enabled\":false,\"options\":{\"attribution\":\"Maps provided by USGS\",\"format\":\"image/png\",\"layers\":\"0\",\"styles\":\"\",\"transparent\":true,\"version\":\"1.3.0\"},\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"}},\"title\":\"Client locations\",\"type\":\"tile_map\"}" + }, + "id": "Client-locations", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Packetbeat-Search", + "title": "Response times repartition", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Response times repartition\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"histogram\",\"schema\":\"group\",\"params\":{\"field\":\"responsetime\",\"interval\":10,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "Response-times-repartition", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Navigation", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### Packetbeat:\\n\\n[Overview](#/dashboard/Packetbeat-Dashboard)\\n\\n[Flows](#/dashboard/Packetbeat-Flows)\\n\\n[Web transactions](#/dashboard/Packetbeat-HTTP)\\n\\n[MySQL performance](#/dashboard/Packetbeat-MySQL-performance)\\n\\n[PostgreSQL performance](#/dashboard/Packetbeat-PgSQL-performance)\\n\\n[MongoDB performance](#/dashboard/Packetbeat-MongoDB-performance)\\n\\n[Thrift-RPC performance](#/dashboard/Packetbeat-Thrift-performance)\\n\\n[NFS transactions](#/dashboard/Packetbeat-NFS)\\n\\n[Cassandra performance](#/dashboard/Packetbeat-Cassandra)\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "Navigation", + "type": "visualization", + "version": 18 + }, + { + "attributes": { + "columns": [ + "client_ip", + "client_port", + "ip", + "port", + "type", + "query", + "method", + "responsetime", + "status" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"NOT type: flow\",\"analyze_wildcard\":true}}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Packetbeat Search", + "version": 1 + }, + "id": "Packetbeat-Search", + "type": "search", + "version": 8 + }, + { + "attributes": { + "columns": [ + "client_ip", + "client_port", + "ip", + "port", + "type", + "query", + "method", + "responsetime", + "status" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"!type: flow AND !status: OK\",\"analyze_wildcard\":true}}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Transactions errors", + "version": 1 + }, + "id": "Transactions-errors", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "panelsJSON": "[{\"col\":1,\"id\":\"Web-transactions\",\"row\":5,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":4,\"id\":\"DB-transactions\",\"row\":5,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Cache-transactions\",\"row\":5,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":10,\"id\":\"RPC-transactions\",\"row\":5,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Response-times-percentiles\",\"row\":10,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Errors-count-over-time\",\"row\":13,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Errors-vs-successful-transactions\",\"row\":10,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Latency-histogram\",\"row\":13,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Client-locations\",\"row\":1,\"size_x\":9,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Response-times-repartition\",\"row\":7,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"id\":\"Navigation\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":4,\"col\":1,\"row\":1}]", + "timeRestore": false, + "title": "Packetbeat Dashboard", + "version": 1 + }, + "id": "Packetbeat-Dashboard", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-pgsql.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-pgsql.json new file mode 100644 index 00000000..f711d0dc --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-pgsql.json @@ -0,0 +1,197 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Navigation", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### Packetbeat:\\n\\n[Overview](#/dashboard/Packetbeat-Dashboard)\\n\\n[Flows](#/dashboard/Packetbeat-Flows)\\n\\n[Web transactions](#/dashboard/Packetbeat-HTTP)\\n\\n[MySQL performance](#/dashboard/Packetbeat-MySQL-performance)\\n\\n[PostgreSQL performance](#/dashboard/Packetbeat-PgSQL-performance)\\n\\n[MongoDB performance](#/dashboard/Packetbeat-MongoDB-performance)\\n\\n[Thrift-RPC performance](#/dashboard/Packetbeat-Thrift-performance)\\n\\n[NFS transactions](#/dashboard/Packetbeat-NFS)\\n\\n[Cassandra performance](#/dashboard/Packetbeat-Cassandra)\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "Navigation", + "type": "visualization", + "version": 18 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "PgSQL-errors", + "title": "PgSQL Errors", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"PgSQL Errors\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":false,\"mode\":\"stacked\",\"defaultYExtents\":false,\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "PgSQL-Errors", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "PgSQL-transactions", + "title": "PgSQL Methods", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"PgSQL Methods\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"mode\":\"wiggle\",\"defaultYExtents\":false,\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"method\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "PgSQL-Methods", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "PgSQL-transactions", + "title": "PgSQL response times percentiles", + "version": 1, + "visState": "{\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"defaultYExtents\":false,\"shareYAxis\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"percentiles\",\"schema\":\"metric\",\"params\":{\"field\":\"responsetime\",\"percents\":[75,99,99.5]}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "PgSQL-response-times-percentiles", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "PgSQL-transactions", + "title": "PgSQL throughput", + "version": 1, + "visState": "{\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"defaultYExtents\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_out\"}},{\"id\":\"2\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_in\"}},{\"id\":\"3\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "PgSQL-throughput", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "PgSQL-transactions", + "title": "PgSQL Reads vs Writes", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"PgSQL Reads vs Writes\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"mode\":\"stacked\",\"defaultYExtents\":false,\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":{\"query_string\":{\"query\":\"method: SELECT\",\"analyze_wildcard\":true}}}},{\"input\":{\"query\":{\"query_string\":{\"query\":\"method: INSERT or method: UPDATE or method: DELETE\",\"analyze_wildcard\":true}}}}]}}],\"listeners\":{}}" + }, + "id": "PgSQL-Reads-vs-Writes", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "PgSQL-transactions", + "title": "Most frequent PgSQL queries", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Most frequent PgSQL queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Most-frequent-PgSQL-queries", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "PgSQL-transactions", + "title": "Slowest PgSQL queries", + "version": 1, + "visState": "{\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"responsetime\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Slowest-PgSQL-queries", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "method", + "type", + "path", + "responsetime", + "status" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[{\"meta\":{\"disabled\":false,\"index\":\"packetbeat-*\",\"key\":\"type\",\"negate\":false,\"value\":\"pgsql\"},\"query\":{\"match\":{\"type\":{\"query\":\"pgsql\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"packetbeat-*\",\"negate\":true,\"key\":\"status\",\"value\":\"OK\",\"disabled\":false},\"query\":{\"match\":{\"status\":{\"query\":\"OK\",\"type\":\"phrase\"}}}}],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "PgSQL errors", + "version": 1 + }, + "id": "PgSQL-errors", + "type": "search", + "version": 2 + }, + { + "attributes": { + "columns": [ + "method", + "type", + "path", + "responsetime", + "status" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[{\"meta\":{\"index\":\"packetbeat-*\",\"negate\":false,\"key\":\"type\",\"value\":\"pgsql\",\"disabled\":false},\"query\":{\"match\":{\"type\":{\"query\":\"pgsql\",\"type\":\"phrase\"}}}}],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "PgSQL transactions", + "version": 1 + }, + "id": "PgSQL-transactions", + "type": "search", + "version": 12 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"Navigation\",\"row\":1,\"size_x\":3,\"size_y\":4,\"type\":\"visualization\",\"panelIndex\":1},{\"col\":4,\"id\":\"PgSQL-Errors\",\"row\":1,\"size_x\":5,\"size_y\":4,\"type\":\"visualization\",\"panelIndex\":2},{\"col\":9,\"id\":\"PgSQL-Methods\",\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\",\"panelIndex\":3},{\"col\":1,\"id\":\"PgSQL-response-times-percentiles\",\"row\":5,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\",\"panelIndex\":4},{\"col\":7,\"id\":\"PgSQL-throughput\",\"row\":8,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\",\"panelIndex\":5},{\"col\":1,\"id\":\"PgSQL-Reads-vs-Writes\",\"row\":8,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\",\"panelIndex\":6},{\"id\":\"Most-frequent-PgSQL-queries\",\"type\":\"visualization\",\"size_x\":6,\"size_y\":6,\"col\":1,\"row\":11,\"panelIndex\":7},{\"id\":\"Slowest-PgSQL-queries\",\"type\":\"visualization\",\"size_x\":6,\"size_y\":6,\"col\":7,\"row\":11,\"panelIndex\":8}]", + "timeRestore": false, + "title": "Packetbeat PgSQL performance", + "uiStateJSON": "{}", + "version": 1 + }, + "id": "Packetbeat-PgSQL-performance", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-thrift.json b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-thrift.json new file mode 100644 index 00000000..b27201c2 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/_meta/kibana/default/dashboard/Packetbeat-thrift.json @@ -0,0 +1,181 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + }, + "title": "Navigation", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### Packetbeat:\\n\\n[Overview](#/dashboard/Packetbeat-Dashboard)\\n\\n[Flows](#/dashboard/Packetbeat-Flows)\\n\\n[Web transactions](#/dashboard/Packetbeat-HTTP)\\n\\n[MySQL performance](#/dashboard/Packetbeat-MySQL-performance)\\n\\n[PostgreSQL performance](#/dashboard/Packetbeat-PgSQL-performance)\\n\\n[MongoDB performance](#/dashboard/Packetbeat-MongoDB-performance)\\n\\n[Thrift-RPC performance](#/dashboard/Packetbeat-Thrift-performance)\\n\\n[NFS transactions](#/dashboard/Packetbeat-NFS)\\n\\n[Cassandra performance](#/dashboard/Packetbeat-Cassandra)\"},\"aggs\":[],\"listeners\":{}}" + }, + "id": "Navigation", + "type": "visualization", + "version": 18 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Thrift-transactions", + "title": "Thrift requests per minute", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Thrift requests per minute\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":false,\"mode\":\"stacked\",\"defaultYExtents\":false,\"scale\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"m\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "Thrift-requests-per-minute", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Thrift-errors", + "title": "Thrift RPC Errors", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Thrift RPC Errors\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":false,\"mode\":\"stacked\",\"defaultYExtents\":false,\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" + }, + "id": "Thrift-RPC-Errors", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Thrift-transactions", + "title": "Slowest Thrift RPC methods", + "version": 1, + "visState": "{\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"responsetime\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"method\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Slowest-Thrift-RPC-methods", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Thrift-transactions", + "title": "Thrift response times percentiles", + "version": 1, + "visState": "{\"aggs\":[{\"id\":\"1\",\"params\":{\"field\":\"responsetime\",\"percents\":[75,99,99.5]},\"schema\":\"metric\",\"type\":\"percentiles\"},{\"id\":\"2\",\"params\":{\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"defaultYExtents\":false,\"shareYAxis\":true},\"type\":\"line\"}" + }, + "id": "Thrift-response-times-percentiles", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[]}" + }, + "savedSearchId": "Thrift-transactions", + "title": "Top Thrift-RPC methods", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Top Thrift-RPC methods\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":false,\"mode\":\"stacked\",\"defaultYExtents\":false,\"scale\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"method\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Top-Thrift-RPC-methods", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"filter\": []\n}" + }, + "savedSearchId": "Thrift-errors", + "title": "Top Thrift-RPC calls with errors", + "version": 1, + "visState": "{\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": false,\n \"mode\": \"stacked\",\n \"defaultYExtents\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"method\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "Top-Thrift-RPC-calls-with-errors", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "method", + "type", + "path", + "responsetime", + "status" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[{\"meta\":{\"index\":\"packetbeat-*\",\"negate\":false,\"key\":\"type\",\"value\":\"thrift\",\"disabled\":false},\"query\":{\"match\":{\"type\":{\"query\":\"thrift\",\"type\":\"phrase\"}}}}],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"type: thrift\"}}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Thrift transactions", + "version": 1 + }, + "id": "Thrift-transactions", + "type": "search", + "version": 8 + }, + { + "attributes": { + "columns": [ + "method", + "type", + "path", + "responsetime", + "status" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"packetbeat-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}}},\"filter\":[{\"meta\":{\"disabled\":false,\"index\":\"packetbeat-*\",\"key\":\"type\",\"negate\":false,\"value\":\"thrift\"},\"query\":{\"match\":{\"type\":{\"query\":\"thrift\",\"type\":\"phrase\"}}}},{\"meta\":{\"index\":\"packetbeat-*\",\"negate\":true,\"key\":\"status\",\"value\":\"OK\",\"disabled\":false},\"query\":{\"match\":{\"status\":{\"query\":\"OK\",\"type\":\"phrase\"}}}}],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"type: thrift\"}}}" + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Thrift errors", + "version": 1 + }, + "id": "Thrift-errors", + "type": "search", + "version": 4 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":1,\"id\":\"Navigation\",\"row\":1,\"size_x\":3,\"size_y\":4,\"type\":\"visualization\",\"panelIndex\":1},{\"col\":4,\"id\":\"Thrift-requests-per-minute\",\"row\":1,\"size_x\":5,\"size_y\":4,\"type\":\"visualization\",\"panelIndex\":2},{\"col\":9,\"id\":\"Thrift-RPC-Errors\",\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\",\"panelIndex\":3},{\"col\":1,\"id\":\"Slowest-Thrift-RPC-methods\",\"row\":5,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\",\"panelIndex\":4},{\"col\":7,\"id\":\"Thrift-response-times-percentiles\",\"row\":5,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\",\"panelIndex\":5},{\"col\":1,\"id\":\"Top-Thrift-RPC-methods\",\"row\":8,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\",\"panelIndex\":6},{\"col\":7,\"id\":\"Top-Thrift-RPC-calls-with-errors\",\"row\":8,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\",\"panelIndex\":7}]", + "timeRestore": false, + "title": "Packetbeat Thrift performance", + "uiStateJSON": "{}", + "version": 1 + }, + "id": "Packetbeat-Thrift-performance", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/config/config.go b/vendor/github.com/elastic/beats/packetbeat/config/config.go index 977e4e1a..8f4b1676 100644 --- a/vendor/github.com/elastic/beats/packetbeat/config/config.go +++ b/vendor/github.com/elastic/beats/packetbeat/config/config.go @@ -18,13 +18,13 @@ type Config struct { } type InterfacesConfig struct { - Device string - Type string - File string - WithVlans bool - BpfFilter string - Snaplen int - BufferSizeMb int + Device string `config:"device"` + Type string `config:"type"` + File string `config:"file"` + WithVlans bool `config:"with_vlans"` + BpfFilter string `config:"bpf_filter"` + Snaplen int `config:"snaplen"` + BufferSizeMb int `config:"buffer_size_mb"` TopSpeed bool Dumpfile string OneAtATime bool diff --git a/vendor/github.com/elastic/beats/packetbeat/docs/command-line.asciidoc b/vendor/github.com/elastic/beats/packetbeat/docs/command-line.asciidoc index e9738a29..f3d347dd 100644 --- a/vendor/github.com/elastic/beats/packetbeat/docs/command-line.asciidoc +++ b/vendor/github.com/elastic/beats/packetbeat/docs/command-line.asciidoc @@ -1,4 +1,4 @@ -[[packetbeat-command]] +[[command-line-options]] === Command Line Options The following command line options are available for Packetbeat. To use these options, diff --git a/vendor/github.com/elastic/beats/packetbeat/docs/flows.asciidoc b/vendor/github.com/elastic/beats/packetbeat/docs/flows.asciidoc new file mode 100644 index 00000000..4f7dde72 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/docs/flows.asciidoc @@ -0,0 +1,80 @@ +[[flows]] +== Configuring Flows to Monitor Network Traffic + +You can configure Packetbeat to collect and report statistics on network flows. +A _flow_ is a group of packets sent over the same time period that share +common properties, such as the same source and destination address and protocol. +You can use this feature to analyze network traffic over specific protocols on +your network. + +For each flow, Packetbeat reports the number of packets and the total number of +bytes sent from the source to the destination. Each flow event also contains +information about the source and destination hosts, such as their IP address. +For bi-directional flows, Packetbeat reports statistics for the reverse flow. + +Packetbeat collects and reports statistics up to and including the transport +layer. See <> for more info about the exported +data. + +Here's an example of flow events visualized in the Flows dashboard: + +image:./images/flows.png[] + +To configure flows, use the `flows` option in the +{beatname_lc}.yml+ config file. +Flows are enabled by default. + +[source,yaml] +-------------------------------------------------------------------------------- +packetbeat.flows: + timeout: 30s + period: 10s +-------------------------------------------------------------------------------- + +See <> for more info about these configuration options. + +Here’s an example of a flow information sent by Packetbeat. See +<> for a description of each field. + +["source","json",subs="attributes"] +-------------------------------------------------------------------------------- +{ + "@timestamp": "2017-05-03T19:42:40.003Z", + "beat": { + "hostname": "host.example.com", + "name": "host.example.com", + "version": "{stack-version}" + }, + "connection_id": "AQAAAAAAAAA=", + "dest": { + "ip": "192.0.2.0", + "mac": "fe:ff:20:00:01:00", + "port": 80, + "stats": { + "net_bytes_total": 19236, + "net_packets_total": 16 + } + }, + "final": false, <1> + "flow_id": "EQwA////DP//////FBgBAAEAAAEAAAD+/yAAAQCR/qDtQdDk3ywNUAABAAAAAAAAAA", + "last_time": "2017-05-03T19:42:24.151Z", + "source": { + "ip": "203.0.113.0", + "mac": "00:00:01:00:00:00", + "port": 3372, + "stats": { + "net_bytes_total": 1243, + "net_packets_total": 14 + } + }, + "start_time": "2017-05-03T19:42:24.151Z", + "transport": "tcp", + "type": "flow" +} +-------------------------------------------------------------------------------- + +<1> Packetbeat sets the `final` flag to `false` to indicate that the event +contains an intermediate report about a flow that it's tracking. When the flow +completes, Packetbeat sends one last event with `final` set to `true`. If you +want to aggregate sums of traffic, you need to filter on `final:true`, or use +some other technique, so that you get only the latest update from each flow. +You can disable intermediate reports by setting `period: -1s`. diff --git a/vendor/github.com/elastic/beats/packetbeat/docs/gettingstarted.asciidoc b/vendor/github.com/elastic/beats/packetbeat/docs/gettingstarted.asciidoc index b6ef85dc..2024ffb5 100644 --- a/vendor/github.com/elastic/beats/packetbeat/docs/gettingstarted.asciidoc +++ b/vendor/github.com/elastic/beats/packetbeat/docs/gettingstarted.asciidoc @@ -19,22 +19,13 @@ After installing the Elastic Stack, read the following topics to learn how to in * <> * <> * <> -* <> +* <> * <> [[packetbeat-installation]] === Step 1: Installing Packetbeat -To download and install Packetbeat on your application servers, use the commands -that work with your system (<> for Debian/Ubuntu, <> for -Redhat/Centos/Fedora, <> for OS X, and <> for Windows). - -[NOTE] -================================================== -If you use Apt or Yum, you can <> to update to the newest version more easily. - -See our https://www.elastic.co/downloads/beats/packetbeat[download page] for other installation options, such as 32-bit images. -================================================== +include::../../libbeat/docs/shared-download-and-install.asciidoc[] [[deb]] *deb:* @@ -76,6 +67,24 @@ sudo rpm -vi packetbeat-{version}-x86_64.rpm endif::[] +[[docker]] +*docker:* + +ifeval::["{release-state}"=="unreleased"] + +Version {stack-version} of {beatname_uc} has not yet been released. + +endif::[] + +ifeval::["{release-state}"!="unreleased"] + +["source", "shell", subs="attributes"] +------------------------------------------------ +docker pull {dockerimage} +------------------------------------------------ + +endif::[] + [[mac]] *mac:* @@ -119,7 +128,7 @@ https://www.elastic.co/downloads/beats/packetbeat[downloads page]. . Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select *Run As Administrator*). If you are running Windows XP, you may need to download and install PowerShell. -. Run the following commands to install Packetbeat as a Windows service: +. From the PowerShell prompt, run the following commands to install Packetbeat as a Windows service: + [source,shell] ---------------------------------------------------------------------- @@ -138,14 +147,7 @@ more information about these options, see <>. [[configuring-packetbeat]] === Step 2: Configuring Packetbeat -To configure Packetbeat, you edit the configuration file. For rpm and deb, you'll -find the configuration file at `/etc/packetbeat/packetbeat.yml`. For mac and win, look in -the archive that you just extracted. There’s also a full example configuration file called -`packetbeat.full.yml` that shows all non-deprecated options. - -See the -{libbeat}/config-file-format.html[Config File Format] section of the -_Beats Platform Reference_ for more about the structure of the config file. +include::../../libbeat/docs/shared-configuring.asciidoc[] To configure Packetbeat: @@ -255,7 +257,7 @@ include::../../libbeat/docs/shared-template-load.asciidoc[] Run Packetbeat by issuing the command that is appropriate for your platform. NOTE: If you use an init.d script to start Packetbeat on deb or rpm, you can't -specify command line flags (see <>). To specify flags, +specify command line flags (see <>). To specify flags, start Packetbeat in the foreground. *deb:* @@ -272,6 +274,13 @@ sudo /etc/init.d/packetbeat start sudo /etc/init.d/packetbeat start ---------------------------------------------------------------------- +*docker:* + +["source", "shell", subs="attributes"] +---------------------------------------------------------------------- +docker run {dockerimage} +---------------------------------------------------------------------- + *mac:* [source,shell] @@ -327,4 +336,3 @@ image:./images/packetbeat-statistics.png[Packetbeat statistics] :allplatforms: include::../../libbeat/docs/dashboards.asciidoc[] - diff --git a/vendor/github.com/elastic/beats/packetbeat/docs/images/flows.png b/vendor/github.com/elastic/beats/packetbeat/docs/images/flows.png new file mode 100644 index 00000000..ecbdfddf Binary files /dev/null and b/vendor/github.com/elastic/beats/packetbeat/docs/images/flows.png differ diff --git a/vendor/github.com/elastic/beats/packetbeat/docs/index.asciidoc b/vendor/github.com/elastic/beats/packetbeat/docs/index.asciidoc index c3628c56..9cf45644 100644 --- a/vendor/github.com/elastic/beats/packetbeat/docs/index.asciidoc +++ b/vendor/github.com/elastic/beats/packetbeat/docs/index.asciidoc @@ -16,6 +16,7 @@ include::../../libbeat/docs/version.asciidoc[] :beatname_lc: packetbeat :beatname_uc: Packetbeat :security: X-Pack Security +:dockerimage: docker.elastic.co/beats/{beatname_lc}:{version} include::./overview.asciidoc[] @@ -28,10 +29,16 @@ include::../../libbeat/docs/shared-directory-layout.asciidoc[] include::../../libbeat/docs/repositories.asciidoc[] +include::./running-on-docker.asciidoc[] + include::./upgrading.asciidoc[] include::./configuring-howto.asciidoc[] +include::../../libbeat/docs/shared-env-vars.asciidoc[] + +include::./capturing.asciidoc[] + include::./packetbeat-filtering.asciidoc[] include::../../libbeat/docs/shared-config-ingest.asciidoc[] @@ -40,9 +47,10 @@ include::./packetbeat-geoip.asciidoc[] include::./configuring-logstash.asciidoc[] -include::../../libbeat/docs/shared-env-vars.asciidoc[] +include::./flows.asciidoc[] -include::./capturing.asciidoc[] +:standalone: +include::../../libbeat/docs/shared-env-vars.asciidoc[] include::./thrift.asciidoc[] diff --git a/vendor/github.com/elastic/beats/packetbeat/docs/reference/configuration/packetbeat-options.asciidoc b/vendor/github.com/elastic/beats/packetbeat/docs/reference/configuration/packetbeat-options.asciidoc index 82673579..b32b8efe 100644 --- a/vendor/github.com/elastic/beats/packetbeat/docs/reference/configuration/packetbeat-options.asciidoc +++ b/vendor/github.com/elastic/beats/packetbeat/docs/reference/configuration/packetbeat-options.asciidoc @@ -211,6 +211,8 @@ packetbeat.flows: period: 10s ------------------------------------------------------------------------------ +See <> for more information. + ==== Options You can specify the following options in the `flows` section of the +{beatname_lc}.yml+ config file: diff --git a/vendor/github.com/elastic/beats/packetbeat/docs/running-on-docker.asciidoc b/vendor/github.com/elastic/beats/packetbeat/docs/running-on-docker.asciidoc new file mode 100644 index 00000000..fd939cc4 --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/docs/running-on-docker.asciidoc @@ -0,0 +1,29 @@ +include::../../libbeat/docs/shared-docker.asciidoc[] + +=== Required Network Capabilities + +Under Docker, Packetbeat runs as a non-root user, but requires some privileged +network capabilities to operate correctly. Ensure that the +NET_ADMIN+ +capability is available to the container. + +["source","sh",subs="attributes"] +---- +docker run --cap-add=NET_ADMIN {dockerimage} +---- + +=== Capturing Traffic from the Host System + +By default, Docker networking will connect the Packetbeat container to an +isolated virtual network, with a limited view of network traffic. You may wish +to connect the container directly to the host network in order to see traffic +destined for, and originating from, the host system. With +docker run+, this can +be achieved by specifying +--network=host+. + +["source","sh",subs="attributes"] +---- +docker run --cap-add=NET_ADMIN --network=host {dockerimage} +---- + +NOTE: On Windows and MacOS, specifying +--network=host+ will bind the +container's network interface to the virtual interface of Docker's embedded +Linux virtual machine, not to the physical interface of the host system. diff --git a/vendor/github.com/elastic/beats/packetbeat/flows/table.go b/vendor/github.com/elastic/beats/packetbeat/flows/table.go index c8c1bc49..5c5c411c 100644 --- a/vendor/github.com/elastic/beats/packetbeat/flows/table.go +++ b/vendor/github.com/elastic/beats/packetbeat/flows/table.go @@ -58,6 +58,8 @@ func (t *flowMetaTable) get(id *FlowID, counter *counterReg) Flow { } func (t *flowTable) get(id *FlowID, counter *counterReg) Flow { + ts := time.Now() + t.mutex.Lock() defer t.mutex.Unlock() @@ -66,13 +68,14 @@ func (t *flowTable) get(id *FlowID, counter *counterReg) Flow { if bf == nil || !bf.isAlive() { debugf("create new flow") - bf = newBiFlow(id.rawFlowID.clone(), time.Now(), id.dir) + bf = newBiFlow(id.rawFlowID.clone(), ts, id.dir) t.table[string(bf.id.flowID)] = bf t.flows.append(bf) } else if bf.dir != id.dir { dir = flowDirReversed } + bf.ts = ts stats := bf.stats[dir] if stats == nil { stats = newFlowStats(counter) diff --git a/vendor/github.com/elastic/beats/packetbeat/packetbeat.full.yml b/vendor/github.com/elastic/beats/packetbeat/packetbeat.full.yml index 40983d7a..8d02fd57 100644 --- a/vendor/github.com/elastic/beats/packetbeat/packetbeat.full.yml +++ b/vendor/github.com/elastic/beats/packetbeat/packetbeat.full.yml @@ -614,6 +614,14 @@ output.elasticsearch: # Path to the Elasticsearch 2.x version of the template file. #template.versions.2x.path: "${path.config}/packetbeat.template-es2x.json" + # If set to true, packetbeat checks the Elasticsearch version at connect time, and if it + # is 6.x, it loads the file specified by the template.versions.6x.path setting. The + # default is true. + #template.versions.6x.enabled: true + + # Path to the Elasticsearch 6.x version of the template file. + #template.versions.6x.path: "${path.config}/packetbeat.template-es6x.json" + # Use SSL settings for HTTPS. Default is true. #ssl.enabled: true @@ -646,6 +654,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #----------------------------- Logstash output --------------------------------- #output.logstash: @@ -668,6 +680,11 @@ output.elasticsearch: # new batches. #pipelining: 0 + # If enabled only a subset of events in a batch of events is transferred per + # transaction. The number of events to be sent increases up to `bulk_max_size` + # if no error is encountered. + #slow_start: false + # Optional index name. The default index name is set to name of the beat # in all lowercase. #index: 'packetbeat' @@ -710,6 +727,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- Kafka output ---------------------------------- #output.kafka: # Boolean flag to enable or disable the output module. @@ -845,6 +866,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- Redis output ---------------------------------- #output.redis: # Boolean flag to enable or disable the output module. @@ -942,6 +967,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- File output ----------------------------------- #output.file: @@ -1084,3 +1113,6 @@ logging.files: # Number of rotated log files to keep. Oldest files will be deleted first. #keepfiles: 7 + # The permissions mask to apply when rotating log files. The default value is 0600. + # Must be a valid Unix-style file permissions mask expressed in octal notation. + #permissions: 0600 diff --git a/vendor/github.com/elastic/beats/packetbeat/packetbeat.template-es2x.json b/vendor/github.com/elastic/beats/packetbeat/packetbeat.template-es2x.json index 40b5b860..a950586a 100644 --- a/vendor/github.com/elastic/beats/packetbeat/packetbeat.template-es2x.json +++ b/vendor/github.com/elastic/beats/packetbeat/packetbeat.template-es2x.json @@ -7,7 +7,7 @@ } }, "_meta": { - "version": "5.3.2" + "version": "5.6.6" }, "date_detection": false, "dynamic_templates": [ @@ -33,9 +33,6 @@ "index": "not_analyzed", "type": "string" }, - "arguments": { - "properties": {} - }, "auto-delete": { "type": "boolean" }, @@ -94,9 +91,6 @@ "index": "not_analyzed", "type": "string" }, - "headers": { - "properties": {} - }, "if-empty": { "type": "boolean" }, @@ -574,9 +568,6 @@ } } }, - "supported": { - "properties": {} - }, "warnings": { "ignore_above": 1024, "index": "not_analyzed", @@ -864,9 +855,6 @@ "domloadtime": { "type": "long" }, - "fields": { - "properties": {} - }, "final": { "ignore_above": 1024, "index": "not_analyzed", @@ -888,9 +876,6 @@ }, "type": "string" }, - "headers": { - "properties": {} - }, "params": { "ignore_above": 1024, "index": "not_analyzed", @@ -910,9 +895,6 @@ "index": "not_analyzed", "type": "string" }, - "headers": { - "properties": {} - }, "phrase": { "ignore_above": 1024, "index": "not_analyzed", @@ -1020,9 +1002,6 @@ "initial": { "type": "long" }, - "keys": { - "properties": {} - }, "line": { "ignore_above": 1024, "index": "not_analyzed", @@ -1061,9 +1040,6 @@ "index": "not_analyzed", "type": "string" }, - "values": { - "properties": {} - }, "vbucket": { "type": "long" }, @@ -1096,9 +1072,6 @@ "flags": { "type": "long" }, - "keys": { - "properties": {} - }, "opaque": { "type": "long" }, @@ -1110,9 +1083,6 @@ "opcode_value": { "type": "long" }, - "stats": { - "properties": {} - }, "status": { "ignore_above": 1024, "index": "not_analyzed", @@ -1129,9 +1099,6 @@ "value": { "type": "long" }, - "values": { - "properties": {} - }, "version": { "ignore_above": 1024, "index": "not_analyzed", diff --git a/vendor/github.com/elastic/beats/packetbeat/packetbeat.template-es6x.json b/vendor/github.com/elastic/beats/packetbeat/packetbeat.template-es6x.json new file mode 100644 index 00000000..869649bb --- /dev/null +++ b/vendor/github.com/elastic/beats/packetbeat/packetbeat.template-es6x.json @@ -0,0 +1,1364 @@ +{ + "mappings": { + "_default_": { + "_meta": { + "version": "5.6.6" + }, + "date_detection": false, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "amqp": { + "properties": { + "app-id": { + "ignore_above": 1024, + "type": "keyword" + }, + "auto-delete": { + "type": "boolean" + }, + "class-id": { + "type": "long" + }, + "consumer-count": { + "type": "long" + }, + "consumer-tag": { + "ignore_above": 1024, + "type": "keyword" + }, + "content-encoding": { + "ignore_above": 1024, + "type": "keyword" + }, + "content-type": { + "ignore_above": 1024, + "type": "keyword" + }, + "correlation-id": { + "ignore_above": 1024, + "type": "keyword" + }, + "delivery-mode": { + "ignore_above": 1024, + "type": "keyword" + }, + "delivery-tag": { + "type": "long" + }, + "durable": { + "type": "boolean" + }, + "exchange": { + "ignore_above": 1024, + "type": "keyword" + }, + "exchange-type": { + "ignore_above": 1024, + "type": "keyword" + }, + "exclusive": { + "type": "boolean" + }, + "expiration": { + "ignore_above": 1024, + "type": "keyword" + }, + "if-empty": { + "type": "boolean" + }, + "if-unused": { + "type": "boolean" + }, + "immediate": { + "type": "boolean" + }, + "mandatory": { + "type": "boolean" + }, + "message-count": { + "type": "long" + }, + "message-id": { + "ignore_above": 1024, + "type": "keyword" + }, + "method-id": { + "type": "long" + }, + "multiple": { + "type": "boolean" + }, + "no-ack": { + "type": "boolean" + }, + "no-local": { + "type": "boolean" + }, + "no-wait": { + "type": "boolean" + }, + "passive": { + "type": "boolean" + }, + "priority": { + "type": "long" + }, + "queue": { + "ignore_above": 1024, + "type": "keyword" + }, + "redelivered": { + "type": "boolean" + }, + "reply-code": { + "type": "long" + }, + "reply-text": { + "ignore_above": 1024, + "type": "keyword" + }, + "reply-to": { + "ignore_above": 1024, + "type": "keyword" + }, + "routing-key": { + "ignore_above": 1024, + "type": "keyword" + }, + "timestamp": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "user-id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "beat": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "bytes_in": { + "type": "long" + }, + "bytes_out": { + "type": "long" + }, + "cassandra": { + "properties": { + "request": { + "properties": { + "headers": { + "properties": { + "flags": { + "ignore_above": 1024, + "type": "keyword" + }, + "length": { + "type": "long" + }, + "op": { + "ignore_above": 1024, + "type": "keyword" + }, + "stream": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "type": "long" + } + } + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "response": { + "properties": { + "authentication": { + "properties": { + "class": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "error": { + "properties": { + "code": { + "type": "long" + }, + "details": { + "properties": { + "alive": { + "type": "long" + }, + "arg_types": { + "ignore_above": 1024, + "type": "keyword" + }, + "blockfor": { + "type": "long" + }, + "data_present": { + "type": "boolean" + }, + "function": { + "ignore_above": 1024, + "type": "keyword" + }, + "keyspace": { + "ignore_above": 1024, + "type": "keyword" + }, + "num_failures": { + "ignore_above": 1024, + "type": "keyword" + }, + "read_consistency": { + "ignore_above": 1024, + "type": "keyword" + }, + "received": { + "type": "long" + }, + "required": { + "type": "long" + }, + "stmt_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "table": { + "ignore_above": 1024, + "type": "keyword" + }, + "write_type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "msg": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "change": { + "ignore_above": 1024, + "type": "keyword" + }, + "host": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "schema_change": { + "properties": { + "args": { + "ignore_above": 1024, + "type": "keyword" + }, + "change": { + "ignore_above": 1024, + "type": "keyword" + }, + "keyspace": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "object": { + "ignore_above": 1024, + "type": "keyword" + }, + "table": { + "ignore_above": 1024, + "type": "keyword" + }, + "target": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "headers": { + "properties": { + "flags": { + "ignore_above": 1024, + "type": "keyword" + }, + "length": { + "type": "long" + }, + "op": { + "ignore_above": 1024, + "type": "keyword" + }, + "stream": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "type": "long" + } + } + }, + "result": { + "properties": { + "keyspace": { + "ignore_above": 1024, + "type": "keyword" + }, + "prepared": { + "properties": { + "prepared_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "req_meta": { + "properties": { + "col_count": { + "type": "long" + }, + "flags": { + "ignore_above": 1024, + "type": "keyword" + }, + "keyspace": { + "ignore_above": 1024, + "type": "keyword" + }, + "paging_state": { + "ignore_above": 1024, + "type": "keyword" + }, + "pkey_columns": { + "type": "long" + }, + "table": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "resp_meta": { + "properties": { + "col_count": { + "type": "long" + }, + "flags": { + "ignore_above": 1024, + "type": "keyword" + }, + "keyspace": { + "ignore_above": 1024, + "type": "keyword" + }, + "paging_state": { + "ignore_above": 1024, + "type": "keyword" + }, + "pkey_columns": { + "type": "long" + }, + "table": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "rows": { + "properties": { + "meta": { + "properties": { + "col_count": { + "type": "long" + }, + "flags": { + "ignore_above": 1024, + "type": "keyword" + }, + "keyspace": { + "ignore_above": 1024, + "type": "keyword" + }, + "paging_state": { + "ignore_above": 1024, + "type": "keyword" + }, + "pkey_columns": { + "type": "long" + }, + "table": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "num_rows": { + "type": "long" + } + } + }, + "schema_change": { + "properties": { + "args": { + "ignore_above": 1024, + "type": "keyword" + }, + "change": { + "ignore_above": 1024, + "type": "keyword" + }, + "keyspace": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "object": { + "ignore_above": 1024, + "type": "keyword" + }, + "table": { + "ignore_above": 1024, + "type": "keyword" + }, + "target": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "warnings": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "client_geoip": { + "properties": { + "location": { + "type": "geo_point" + } + } + }, + "client_ip": { + "ignore_above": 1024, + "type": "keyword" + }, + "client_location": { + "type": "geo_point" + }, + "client_port": { + "ignore_above": 1024, + "type": "keyword" + }, + "client_proc": { + "ignore_above": 1024, + "type": "keyword" + }, + "client_server": { + "ignore_above": 1024, + "type": "keyword" + }, + "client_service": { + "ignore_above": 1024, + "type": "keyword" + }, + "connection_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "connecttime": { + "type": "long" + }, + "cpu_time": { + "type": "long" + }, + "dest": { + "properties": { + "ip": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip_location": { + "type": "geo_point" + }, + "ipv6": { + "ignore_above": 1024, + "type": "keyword" + }, + "ipv6_location": { + "type": "geo_point" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "outer_ip": { + "ignore_above": 1024, + "type": "keyword" + }, + "outer_ip_location": { + "type": "geo_point" + }, + "outer_ipv6": { + "ignore_above": 1024, + "type": "keyword" + }, + "outer_ipv6_location": { + "type": "geo_point" + }, + "port": { + "ignore_above": 1024, + "type": "keyword" + }, + "stats": { + "properties": { + "net_bytes_total": { + "type": "long" + }, + "net_packets_total": { + "type": "long" + } + } + } + } + }, + "direction": { + "ignore_above": 1024, + "type": "keyword" + }, + "dns": { + "properties": { + "additionals": { + "properties": { + "class": { + "ignore_above": 1024, + "type": "keyword" + }, + "data": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "ttl": { + "type": "long" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "additionals_count": { + "type": "long" + }, + "answers": { + "properties": { + "class": { + "ignore_above": 1024, + "type": "keyword" + }, + "data": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "ttl": { + "type": "long" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "answers_count": { + "type": "long" + }, + "authorities": { + "properties": { + "class": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "authorities_count": { + "type": "long" + }, + "flags": { + "properties": { + "authentic_data": { + "type": "boolean" + }, + "authoritative": { + "type": "boolean" + }, + "checking_disabled": { + "type": "boolean" + }, + "recursion_available": { + "type": "boolean" + }, + "recursion_desired": { + "type": "boolean" + }, + "truncated_response": { + "type": "boolean" + } + } + }, + "id": { + "type": "long" + }, + "op_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "opt": { + "properties": { + "do": { + "type": "boolean" + }, + "ext_rcode": { + "ignore_above": 1024, + "type": "keyword" + }, + "udp_size": { + "type": "long" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "question": { + "properties": { + "class": { + "ignore_above": 1024, + "type": "keyword" + }, + "etld_plus_one": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "response_code": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "dnstime": { + "type": "long" + }, + "domloadtime": { + "type": "long" + }, + "final": { + "ignore_above": 1024, + "type": "keyword" + }, + "flow_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "http": { + "properties": { + "request": { + "properties": { + "body": { + "norms": false, + "type": "text" + }, + "params": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "response": { + "properties": { + "body": { + "ignore_above": 1024, + "type": "keyword" + }, + "code": { + "ignore_above": 1024, + "type": "keyword" + }, + "phrase": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "icmp": { + "properties": { + "request": { + "properties": { + "code": { + "type": "long" + }, + "message": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "type": "long" + } + } + }, + "response": { + "properties": { + "code": { + "type": "long" + }, + "message": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "type": "long" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "icmp_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "ignore_above": 1024, + "type": "keyword" + }, + "last_time": { + "type": "date" + }, + "loadtime": { + "type": "long" + }, + "memcache": { + "properties": { + "protocol_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "request": { + "properties": { + "automove": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "cas_unique": { + "type": "long" + }, + "command": { + "ignore_above": 1024, + "type": "keyword" + }, + "count_values": { + "type": "long" + }, + "delta": { + "type": "long" + }, + "dest_class": { + "type": "long" + }, + "exptime": { + "type": "long" + }, + "flags": { + "type": "long" + }, + "initial": { + "type": "long" + }, + "line": { + "ignore_above": 1024, + "type": "keyword" + }, + "noreply": { + "type": "boolean" + }, + "opaque": { + "type": "long" + }, + "opcode": { + "ignore_above": 1024, + "type": "keyword" + }, + "opcode_value": { + "type": "long" + }, + "quiet": { + "type": "boolean" + }, + "raw_args": { + "ignore_above": 1024, + "type": "keyword" + }, + "sleep_us": { + "type": "long" + }, + "source_class": { + "type": "long" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "vbucket": { + "type": "long" + }, + "verbosity": { + "type": "long" + } + } + }, + "response": { + "properties": { + "bytes": { + "type": "long" + }, + "cas_unique": { + "type": "long" + }, + "command": { + "ignore_above": 1024, + "type": "keyword" + }, + "count_values": { + "type": "long" + }, + "error_msg": { + "ignore_above": 1024, + "type": "keyword" + }, + "flags": { + "type": "long" + }, + "opaque": { + "type": "long" + }, + "opcode": { + "ignore_above": 1024, + "type": "keyword" + }, + "opcode_value": { + "type": "long" + }, + "status": { + "ignore_above": 1024, + "type": "keyword" + }, + "status_code": { + "type": "long" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "value": { + "type": "long" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "meta": { + "properties": { + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "instance_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "project_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + }, + "mongodb": { + "properties": { + "cursorId": { + "ignore_above": 1024, + "type": "keyword" + }, + "error": { + "ignore_above": 1024, + "type": "keyword" + }, + "fullCollectionName": { + "ignore_above": 1024, + "type": "keyword" + }, + "numberReturned": { + "type": "long" + }, + "numberToReturn": { + "type": "long" + }, + "numberToSkip": { + "type": "long" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + }, + "returnFieldsSelector": { + "ignore_above": 1024, + "type": "keyword" + }, + "selector": { + "ignore_above": 1024, + "type": "keyword" + }, + "startingFrom": { + "ignore_above": 1024, + "type": "keyword" + }, + "update": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "mysql": { + "properties": { + "affected_rows": { + "type": "long" + }, + "error_code": { + "type": "long" + }, + "error_message": { + "ignore_above": 1024, + "type": "keyword" + }, + "insert_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "iserror": { + "type": "boolean" + }, + "num_fields": { + "ignore_above": 1024, + "type": "keyword" + }, + "num_rows": { + "ignore_above": 1024, + "type": "keyword" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "nfs": { + "properties": { + "minor_version": { + "type": "long" + }, + "opcode": { + "ignore_above": 1024, + "type": "keyword" + }, + "status": { + "ignore_above": 1024, + "type": "keyword" + }, + "tag": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "type": "long" + } + } + }, + "notes": { + "ignore_above": 1024, + "type": "keyword" + }, + "outer_vlan": { + "ignore_above": 1024, + "type": "keyword" + }, + "params": { + "norms": false, + "type": "text" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "pgsql": { + "properties": { + "error_code": { + "type": "long" + }, + "error_message": { + "ignore_above": 1024, + "type": "keyword" + }, + "error_severity": { + "ignore_above": 1024, + "type": "keyword" + }, + "iserror": { + "type": "boolean" + }, + "num_fields": { + "ignore_above": 1024, + "type": "keyword" + }, + "num_rows": { + "ignore_above": 1024, + "type": "keyword" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "port": { + "ignore_above": 1024, + "type": "keyword" + }, + "proc": { + "ignore_above": 1024, + "type": "keyword" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + }, + "real_ip": { + "ignore_above": 1024, + "type": "keyword" + }, + "redis": { + "properties": { + "error": { + "ignore_above": 1024, + "type": "keyword" + }, + "return_value": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "release": { + "ignore_above": 1024, + "type": "keyword" + }, + "request": { + "norms": false, + "type": "text" + }, + "resource": { + "ignore_above": 1024, + "type": "keyword" + }, + "response": { + "norms": false, + "type": "text" + }, + "responsetime": { + "type": "long" + }, + "rpc": { + "properties": { + "auth_flavor": { + "ignore_above": 1024, + "type": "keyword" + }, + "call_size": { + "type": "long" + }, + "cred": { + "properties": { + "gid": { + "type": "long" + }, + "gids": { + "ignore_above": 1024, + "type": "keyword" + }, + "machinename": { + "ignore_above": 1024, + "type": "keyword" + }, + "stamp": { + "type": "long" + }, + "uid": { + "type": "long" + } + } + }, + "reply_size": { + "type": "long" + }, + "status": { + "ignore_above": 1024, + "type": "keyword" + }, + "time": { + "type": "long" + }, + "time_str": { + "ignore_above": 1024, + "type": "keyword" + }, + "xid": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "server": { + "ignore_above": 1024, + "type": "keyword" + }, + "service": { + "ignore_above": 1024, + "type": "keyword" + }, + "source": { + "properties": { + "ip": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip_location": { + "type": "geo_point" + }, + "ipv6": { + "ignore_above": 1024, + "type": "keyword" + }, + "ipv6_location": { + "type": "geo_point" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "outer_ip": { + "ignore_above": 1024, + "type": "keyword" + }, + "outer_ip_location": { + "type": "geo_point" + }, + "outer_ipv6": { + "ignore_above": 1024, + "type": "keyword" + }, + "outer_ipv6_location": { + "type": "geo_point" + }, + "port": { + "ignore_above": 1024, + "type": "keyword" + }, + "stats": { + "properties": { + "net_bytes_total": { + "type": "long" + }, + "net_packets_total": { + "type": "long" + } + } + } + } + }, + "start_time": { + "type": "date" + }, + "status": { + "ignore_above": 1024, + "type": "keyword" + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "thrift": { + "properties": { + "exceptions": { + "ignore_above": 1024, + "type": "keyword" + }, + "params": { + "ignore_above": 1024, + "type": "keyword" + }, + "return_value": { + "ignore_above": 1024, + "type": "keyword" + }, + "service": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "transport": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "vlan": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + }, + "order": 0, + "settings": { + "index.mapping.total_fields.limit": 10000, + "index.refresh_interval": "5s" + }, + "template": "packetbeat-*" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/packetbeat/packetbeat.template.json b/vendor/github.com/elastic/beats/packetbeat/packetbeat.template.json index 1a131cbb..869649bb 100644 --- a/vendor/github.com/elastic/beats/packetbeat/packetbeat.template.json +++ b/vendor/github.com/elastic/beats/packetbeat/packetbeat.template.json @@ -1,11 +1,8 @@ { "mappings": { "_default_": { - "_all": { - "norms": false - }, "_meta": { - "version": "5.3.2" + "version": "5.6.6" }, "date_detection": false, "dynamic_templates": [ @@ -29,9 +26,6 @@ "ignore_above": 1024, "type": "keyword" }, - "arguments": { - "properties": {} - }, "auto-delete": { "type": "boolean" }, @@ -82,9 +76,6 @@ "ignore_above": 1024, "type": "keyword" }, - "headers": { - "properties": {} - }, "if-empty": { "type": "boolean" }, @@ -501,9 +492,6 @@ } } }, - "supported": { - "properties": {} - }, "warnings": { "ignore_above": 1024, "type": "keyword" @@ -758,9 +746,6 @@ "domloadtime": { "type": "long" }, - "fields": { - "properties": {} - }, "final": { "ignore_above": 1024, "type": "keyword" @@ -777,9 +762,6 @@ "norms": false, "type": "text" }, - "headers": { - "properties": {} - }, "params": { "ignore_above": 1024, "type": "keyword" @@ -796,9 +778,6 @@ "ignore_above": 1024, "type": "keyword" }, - "headers": { - "properties": {} - }, "phrase": { "ignore_above": 1024, "type": "keyword" @@ -897,9 +876,6 @@ "initial": { "type": "long" }, - "keys": { - "properties": {} - }, "line": { "ignore_above": 1024, "type": "keyword" @@ -934,9 +910,6 @@ "ignore_above": 1024, "type": "keyword" }, - "values": { - "properties": {} - }, "vbucket": { "type": "long" }, @@ -967,9 +940,6 @@ "flags": { "type": "long" }, - "keys": { - "properties": {} - }, "opaque": { "type": "long" }, @@ -980,9 +950,6 @@ "opcode_value": { "type": "long" }, - "stats": { - "properties": {} - }, "status": { "ignore_above": 1024, "type": "keyword" @@ -997,9 +964,6 @@ "value": { "type": "long" }, - "values": { - "properties": {} - }, "version": { "ignore_above": 1024, "type": "keyword" diff --git a/vendor/github.com/elastic/beats/packetbeat/procs/procs.go b/vendor/github.com/elastic/beats/packetbeat/procs/procs.go index 6b34cf7d..233cfafa 100644 --- a/vendor/github.com/elastic/beats/packetbeat/procs/procs.go +++ b/vendor/github.com/elastic/beats/packetbeat/procs/procs.go @@ -244,7 +244,7 @@ func hexToIpv4(word string) (net.IP, error) { func hexToIpv6(word string) (net.IP, error) { p := make(net.IP, net.IPv6len) for i := 0; i < 4; i++ { - part, err := strconv.ParseInt(word[i*8:(i+1)*8], 16, 32) + part, err := strconv.ParseUint(word[i*8:(i+1)*8], 16, 32) if err != nil { return nil, err } @@ -324,12 +324,12 @@ func (proc *ProcessesWatcher) updateMap() { } func socketsFromProc(filename string, ipv6 bool) ([]*socketInfo, error) { - file, err := os.Open("/proc/net/tcp") + file, err := os.Open(filename) if err != nil { return nil, err } defer file.Close() - return parseProcNetTCP(file, false) + return parseProcNetTCP(file, ipv6) } // Parses the /proc/net/tcp file diff --git a/vendor/github.com/elastic/beats/packetbeat/procs/procs_test.go b/vendor/github.com/elastic/beats/packetbeat/procs/procs_test.go index 1cd2b775..9deaa84d 100644 --- a/vendor/github.com/elastic/beats/packetbeat/procs/procs_test.go +++ b/vendor/github.com/elastic/beats/packetbeat/procs/procs_test.go @@ -94,7 +94,7 @@ func TestFindPidsByCmdlineGrep(t *testing.T) { } // Create fake proc file system - pathPrefix, err := ioutil.TempDir("/tmp", "") + pathPrefix, err := ioutil.TempDir("", "find-pids") if err != nil { t.Error("TempDir failed:", err) return @@ -129,7 +129,7 @@ func TestRefreshPids(t *testing.T) { } // Create fake proc file system - pathPrefix, err := ioutil.TempDir("/tmp", "") + pathPrefix, err := ioutil.TempDir("", "refresh-pids") if err != nil { t.Error("TempDir failed:", err) return @@ -187,7 +187,7 @@ func TestFindSocketsOfPid(t *testing.T) { } // Create fake proc file system - pathPrefix, err := ioutil.TempDir("/tmp", "") + pathPrefix, err := ioutil.TempDir("", "find-sockets") if err != nil { t.Error("TempDir failed:", err) return diff --git a/vendor/github.com/elastic/beats/packetbeat/protos/pgsql/parse.go b/vendor/github.com/elastic/beats/packetbeat/protos/pgsql/parse.go index 17f9e014..6c275c1a 100644 --- a/vendor/github.com/elastic/beats/packetbeat/protos/pgsql/parse.go +++ b/vendor/github.com/elastic/beats/packetbeat/protos/pgsql/parse.go @@ -379,6 +379,9 @@ func pgsqlFieldsParser(s *pgsqlStream, buf []byte) error { off += 4 // read format (int16) + if len(buf) < off+2 { + return errFieldBufferShort + } format := common.BytesNtohs(buf[off : off+2]) off += 2 fieldsFormat = append(fieldsFormat, byte(format)) diff --git a/vendor/github.com/elastic/beats/packetbeat/tests/system/config/packetbeat.yml.j2 b/vendor/github.com/elastic/beats/packetbeat/tests/system/config/packetbeat.yml.j2 index 916f4ee6..6c35c6e6 100644 --- a/vendor/github.com/elastic/beats/packetbeat/tests/system/config/packetbeat.yml.j2 +++ b/vendor/github.com/elastic/beats/packetbeat/tests/system/config/packetbeat.yml.j2 @@ -111,12 +111,10 @@ packetbeat.protocols.thrift: ports: [{{ thrift_ports|default([9090])|join(", ") }}] transport_type: "{{ thrift_transport_type|default('socket') }}" {% if thrift_idl_files %} - idl_files: [ - {%- for file in thrift_idl_files -%} - "{{ beat.working_dir + '/' + file }}" - {%- if not loop.last %}, {% endif -%} - {%- endfor -%} - ] + idl_files: + {%- for file in thrift_idl_files %} + - '{{ beat.working_dir + '/' + file }}' + {%- endfor -%} {%- endif %} {% if thrift_send_request %} send_request: true{%- endif %} {% if thrift_send_response %} send_response: true{%- endif %} @@ -173,7 +171,7 @@ tags: [ geoip: paths: [ {%- for path in geoip_paths -%} - "{{ beat.working_dir + '/' + path }}" + '{{ beat.working_dir + '/' + path }}' {%- if not loop.last %}, {% endif -%} {%- endfor -%} ] diff --git a/vendor/github.com/elastic/beats/packetbeat/tests/system/test_0011_geoip.py b/vendor/github.com/elastic/beats/packetbeat/tests/system/test_0011_geoip.py index d1343102..a9904412 100644 --- a/vendor/github.com/elastic/beats/packetbeat/tests/system/test_0011_geoip.py +++ b/vendor/github.com/elastic/beats/packetbeat/tests/system/test_0011_geoip.py @@ -1,5 +1,8 @@ -from packetbeat import BaseTest import os +import unittest +import sys + +from packetbeat import BaseTest """ Tests for reading the geoip files. @@ -43,6 +46,7 @@ class Test(BaseTest): assert o["real_ip"] == "89.247.39.104" assert o["client_location"] == "52.528503, 13.410904" + @unittest.skipIf(sys.platform.startswith("win"), "requires unix for symlinks") def test_geoip_symlink(self): """ Should be able to follow symlinks to GeoIP libs. diff --git a/vendor/github.com/elastic/beats/packetbeat/tests/system/test_0060_flows.py b/vendor/github.com/elastic/beats/packetbeat/tests/system/test_0060_flows.py index 1dc02a29..30d03eb8 100644 --- a/vendor/github.com/elastic/beats/packetbeat/tests/system/test_0060_flows.py +++ b/vendor/github.com/elastic/beats/packetbeat/tests/system/test_0060_flows.py @@ -1,6 +1,7 @@ from packetbeat import (BaseTest, FLOWS_REQUIRED_FIELDS) from pprint import PrettyPrinter +from datetime import datetime pprint = lambda x: PrettyPrinter().pprint(x) @@ -11,6 +12,10 @@ def check_fields(flow, fields): assert flow[k] == v +def parse_timestamp(ts): + return datetime.strptime(ts, "%Y-%m-%dT%H:%M:%S.%fZ") + + class Test(BaseTest): def test_mysql_flow(self): @@ -43,6 +48,10 @@ class Test(BaseTest): 'dest.stats.net_bytes_total': 181133, }) + start_ts = parse_timestamp(objs[0]['start_time']) + last_ts = parse_timestamp(objs[0]['last_time']) + assert last_ts > start_ts + def test_memcache_udp_flow(self): self.render_config_template( flows=True, diff --git a/vendor/github.com/elastic/beats/testing/environments/args.yml b/vendor/github.com/elastic/beats/testing/environments/args.yml index 92720956..6d86ecd4 100644 --- a/vendor/github.com/elastic/beats/testing/environments/args.yml +++ b/vendor/github.com/elastic/beats/testing/environments/args.yml @@ -5,5 +5,5 @@ services: args: build: args: - DOWNLOAD_URL: https://staging.elastic.co/5.3.1-ca15c737/downloads - ELASTIC_VERSION: 5.3.1 + DOWNLOAD_URL: https://snapshots.elastic.co/downloads + ELASTIC_VERSION: 5.6.5-SNAPSHOT diff --git a/vendor/github.com/elastic/beats/testing/environments/docker/elasticsearch/Dockerfile-snapshot b/vendor/github.com/elastic/beats/testing/environments/docker/elasticsearch/Dockerfile-snapshot index bf49aa71..0e73c27f 100644 --- a/vendor/github.com/elastic/beats/testing/environments/docker/elasticsearch/Dockerfile-snapshot +++ b/vendor/github.com/elastic/beats/testing/environments/docker/elasticsearch/Dockerfile-snapshot @@ -1,20 +1,26 @@ # Copy of https://github.com/elastic/elasticsearch-docker/blob/master/build/elasticsearch/Dockerfile -FROM docker.elastic.co/elasticsearch/elasticsearch-alpine-base:latest +#FROM docker.elastic.co/elasticsearch/elasticsearch-alpine-base:latest +FROM centos:7 MAINTAINER Elastic Docker Team ARG ELASTIC_VERSION ARG DOWNLOAD_URL ARG ES_JAVA_OPTS +ENV ELASTIC_CONTAINER true ENV PATH /usr/share/elasticsearch/bin:$PATH ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk +RUN yum update -y && yum install -y java-1.8.0-openjdk-headless wget which && yum clean all + +RUN groupadd -g 1000 elasticsearch && adduser -u 1000 -g 1000 -d /usr/share/elasticsearch elasticsearch + WORKDIR /usr/share/elasticsearch # Download/extract defined ES version. busybox tar can't strip leading dir. RUN wget ${DOWNLOAD_URL}/elasticsearch/elasticsearch-${ELASTIC_VERSION}.tar.gz && \ - EXPECTED_SHA=$(wget -O - ${DOWNLOAD_URL}/elasticsearch/elasticsearch-${ELASTIC_VERSION}.tar.gz.sha1) && \ - test $EXPECTED_SHA == $(sha1sum elasticsearch-${ELASTIC_VERSION}.tar.gz | awk '{print $1}') && \ + EXPECTED_SHA=$(wget -O - ${DOWNLOAD_URL}/elasticsearch/elasticsearch-${ELASTIC_VERSION}.tar.gz.sha512) && \ + test $EXPECTED_SHA == $(sha512sum elasticsearch-${ELASTIC_VERSION}.tar.gz | awk '{print $1}') && \ tar zxf elasticsearch-${ELASTIC_VERSION}.tar.gz && \ chown -R elasticsearch:elasticsearch elasticsearch-${ELASTIC_VERSION} && \ mv elasticsearch-${ELASTIC_VERSION}/* . && \ @@ -29,8 +35,7 @@ RUN set -ex && for esdirs in config data logs; do \ USER elasticsearch # Install xpack -#RUN eval ${ES_JAVA_OPTS:-} elasticsearch-plugin install --batch ${DOWNLOAD_URL}/packs/x-pack/x-pack-${ELASTIC_VERSION}.zip - +RUN elasticsearch-plugin install --batch ${DOWNLOAD_URL}/packs/x-pack/x-pack-${ELASTIC_VERSION}.zip RUN elasticsearch-plugin install --batch ${DOWNLOAD_URL}/elasticsearch-plugins/ingest-user-agent/ingest-user-agent-${ELASTIC_VERSION}.zip RUN elasticsearch-plugin install --batch ${DOWNLOAD_URL}/elasticsearch-plugins/ingest-geoip/ingest-geoip-${ELASTIC_VERSION}.zip diff --git a/vendor/github.com/elastic/beats/testing/environments/docker/kibana/Dockerfile-snapshot b/vendor/github.com/elastic/beats/testing/environments/docker/kibana/Dockerfile-snapshot index 82d8fbdd..295e7e7a 100644 --- a/vendor/github.com/elastic/beats/testing/environments/docker/kibana/Dockerfile-snapshot +++ b/vendor/github.com/elastic/beats/testing/environments/docker/kibana/Dockerfile-snapshot @@ -9,7 +9,7 @@ EXPOSE 5601 WORKDIR /usr/share/kibana RUN curl -Ls ${DOWNLOAD_URL}/kibana/kibana-${ELASTIC_VERSION}-linux-x86_64.tar.gz | tar --strip-components=1 -zxf - && \ - #bin/kibana-plugin install ${DOWNLOAD_URL}/kibana-plugins/x-pack/x-pack-${ELASTIC_VERSION}.zip} && \ + bin/kibana-plugin install ${DOWNLOAD_URL}/kibana-plugins/x-pack/x-pack-${ELASTIC_VERSION}.zip && \ ln -s /usr/share/kibana /opt/kibana # Set some Kibana configuration defaults. diff --git a/vendor/github.com/elastic/beats/testing/environments/docker/logstash/docker-entrypoint.sh b/vendor/github.com/elastic/beats/testing/environments/docker/logstash/docker-entrypoint.sh index f9147a5e..020c3c9a 100755 --- a/vendor/github.com/elastic/beats/testing/environments/docker/logstash/docker-entrypoint.sh +++ b/vendor/github.com/elastic/beats/testing/environments/docker/logstash/docker-entrypoint.sh @@ -64,6 +64,7 @@ updateConfigFile() { # Main +readParams updateConfigFile waitForElasticsearch exec "$@" diff --git a/vendor/github.com/elastic/beats/testing/environments/latest.yml b/vendor/github.com/elastic/beats/testing/environments/latest.yml index e06d01fc..66fa4cad 100644 --- a/vendor/github.com/elastic/beats/testing/environments/latest.yml +++ b/vendor/github.com/elastic/beats/testing/environments/latest.yml @@ -4,7 +4,7 @@ version: '2' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:5.1.2 + image: docker.elastic.co/elasticsearch/elasticsearch:5.4.1 environment: - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - "network.host=" @@ -17,10 +17,10 @@ services: context: docker/logstash dockerfile: Dockerfile args: - ELASTIC_VERSION: 5.1.2 + ELASTIC_VERSION: 5.4.1 DOWNLOAD_URL: https://artifacts.elastic.co/downloads environment: - ES_HOST=elasticsearch kibana: - image: docker.elastic.co/kibana/kibana:5.1.2 + image: docker.elastic.co/kibana/kibana:5.4.1 diff --git a/vendor/github.com/elastic/beats/testing/environments/snapshot.yml b/vendor/github.com/elastic/beats/testing/environments/snapshot.yml index de539211..3988e97e 100644 --- a/vendor/github.com/elastic/beats/testing/environments/snapshot.yml +++ b/vendor/github.com/elastic/beats/testing/environments/snapshot.yml @@ -16,6 +16,7 @@ services: - "network.host=" - "transport.host=127.0.0.1" - "http.host=0.0.0.0" + - "xpack.security.enabled=false" logstash: extends: diff --git a/vendor/github.com/elastic/beats/vendor/github.com/elastic/gosigar/CHANGELOG.md b/vendor/github.com/elastic/beats/vendor/github.com/elastic/gosigar/CHANGELOG.md index 548b1cee..2d1e9ade 100644 --- a/vendor/github.com/elastic/beats/vendor/github.com/elastic/gosigar/CHANGELOG.md +++ b/vendor/github.com/elastic/beats/vendor/github.com/elastic/gosigar/CHANGELOG.md @@ -2,15 +2,10 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). -## [Unreleased] - -### Added +## [0.2.1] ### Changed - -### Deprecated - -### Removed +- Fixed Windows issue that caused a hang during `init()` if WMI wasn't ready. #74 ## [0.2.0] diff --git a/vendor/github.com/elastic/beats/vendor/github.com/elastic/gosigar/sigar_windows.go b/vendor/github.com/elastic/beats/vendor/github.com/elastic/gosigar/sigar_windows.go index c5f665d9..79105aeb 100644 --- a/vendor/github.com/elastic/beats/vendor/github.com/elastic/gosigar/sigar_windows.go +++ b/vendor/github.com/elastic/beats/vendor/github.com/elastic/gosigar/sigar_windows.go @@ -7,6 +7,7 @@ import ( "path/filepath" "runtime" "strings" + "sync" "syscall" "time" @@ -41,7 +42,8 @@ var ( // bootTime is the time when the OS was last booted. This value may be nil // on operating systems that do not support the WMI query used to obtain it. - bootTime *time.Time + bootTime *time.Time + bootTimeLock sync.Mutex ) func init() { @@ -49,14 +51,6 @@ func init() { // PROCESS_QUERY_LIMITED_INFORMATION cannot be used on 2003 or XP. processQueryLimitedInfoAccess = syscall.PROCESS_QUERY_INFORMATION } - - if version.IsWindowsVistaOrGreater() { - // The minimum supported client for Win32_OperatingSystem is Windows Vista. - os, err := getWin32OperatingSystem() - if err == nil { - bootTime = &os.LastBootUpTime - } - } } func (self *LoadAverage) Get() error { @@ -80,11 +74,21 @@ func (self *ProcFDUsage) Get(pid int) error { } func (self *Uptime) Get() error { - if bootTime == nil { - // Minimum supported OS is Windows Vista. + // Minimum supported OS is Windows Vista. + if !version.IsWindowsVistaOrGreater() { return ErrNotImplemented{runtime.GOOS} } + bootTimeLock.Lock() + defer bootTimeLock.Unlock() + if bootTime == nil { + os, err := getWin32OperatingSystem() + if err != nil { + return errors.Wrap(err, "failed to get boot time using WMI") + } + bootTime = &os.LastBootUpTime + } + self.Length = time.Since(*bootTime).Seconds() return nil } diff --git a/vendor/github.com/elastic/beats/winlogbeat/_meta/beat.full.yml b/vendor/github.com/elastic/beats/winlogbeat/_meta/beat.full.yml index 50e3f104..2a05bde1 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/_meta/beat.full.yml +++ b/vendor/github.com/elastic/beats/winlogbeat/_meta/beat.full.yml @@ -14,12 +14,6 @@ # in the directory in which it was started. #winlogbeat.registry_file: .winlogbeat.yml -# Diagnostic metrics that can retrieved through a web interface if a -# bindaddress value (host:port) is specified. The web address will be -# http:///debug/vars -#winlogbeat.metrics: -# bindaddress: 'localhost:8123' - # event_logs specifies a list of event logs to monitor as well as any # accompanying options. The YAML data type of event_logs is a list of # dictionaries. diff --git a/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/dashboard/Winlogbeat-Dashboard.json b/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/dashboard/Winlogbeat-Dashboard.json similarity index 100% rename from vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/dashboard/Winlogbeat-Dashboard.json rename to vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/dashboard/Winlogbeat-Dashboard.json diff --git a/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/search/Winlogbeat-Search.json b/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/search/Winlogbeat-Search.json similarity index 100% rename from vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/search/Winlogbeat-Search.json rename to vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/search/Winlogbeat-Search.json diff --git a/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/visualization/Errors-count-over-time.json b/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/visualization/Errors-count-over-time.json similarity index 100% rename from vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/visualization/Errors-count-over-time.json rename to vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/visualization/Errors-count-over-time.json diff --git a/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/visualization/Event-Levels.json b/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/visualization/Event-Levels.json similarity index 100% rename from vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/visualization/Event-Levels.json rename to vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/visualization/Event-Levels.json diff --git a/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/visualization/Evolution-of-the-CPU-times-per-process.json b/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/visualization/Evolution-of-the-CPU-times-per-process.json similarity index 100% rename from vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/visualization/Evolution-of-the-CPU-times-per-process.json rename to vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/visualization/Evolution-of-the-CPU-times-per-process.json diff --git a/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/visualization/Number-of-Events-Over-Time-By-Event-Log.json b/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/visualization/Number-of-Events-Over-Time-By-Event-Log.json similarity index 100% rename from vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/visualization/Number-of-Events-Over-Time-By-Event-Log.json rename to vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/visualization/Number-of-Events-Over-Time-By-Event-Log.json diff --git a/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/visualization/Number-of-Events.json b/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/visualization/Number-of-Events.json similarity index 100% rename from vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/visualization/Number-of-Events.json rename to vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/visualization/Number-of-Events.json diff --git a/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/visualization/Sources.json b/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/visualization/Sources.json similarity index 100% rename from vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/visualization/Sources.json rename to vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/visualization/Sources.json diff --git a/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/visualization/Top-Event-IDs.json b/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/visualization/Top-Event-IDs.json similarity index 100% rename from vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/visualization/Top-Event-IDs.json rename to vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/5.x/visualization/Top-Event-IDs.json diff --git a/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/default/dashboard/Winlogbeat-overview.json b/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/default/dashboard/Winlogbeat-overview.json new file mode 100644 index 00000000..6f6d5e5e --- /dev/null +++ b/vendor/github.com/elastic/beats/winlogbeat/_meta/kibana/default/dashboard/Winlogbeat-overview.json @@ -0,0 +1,98 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"index\": \"winlogbeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" + }, + "title": "Number of Events Over Time By Event Log", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"log_name\",\n \"size\": 6,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "Number-of-Events-Over-Time-By-Event-Log", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"winlogbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Number of Events", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"type\":\"metric\",\"params\":{\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}" + }, + "id": "Number-of-Events", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\n \"index\": \"winlogbeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" + }, + "title": "Top Event IDs", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMeticsAtAllLevels\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"event_id\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" + }, + "id": "Top-Event-IDs", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"winlogbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Event Levels", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "version": 1, + "visState": "{\"title\":\"Event Levels\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"level\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Event-Levels", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"winlogbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + }, + "title": "Sources", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"Sources\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source_name\",\"size\":7,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" + }, + "id": "Sources", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" + }, + "optionsJSON": "{\"darkTheme\":false}", + "panelsJSON": "[{\"col\":4,\"id\":\"Number-of-Events-Over-Time-By-Event-Log\",\"panelIndex\":1,\"row\":1,\"size_x\":9,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Number-of-Events\",\"panelIndex\":3,\"row\":1,\"size_x\":3,\"size_y\":4,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Top-Event-IDs\",\"panelIndex\":4,\"row\":5,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Event-Levels\",\"panelIndex\":5,\"row\":5,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Sources\",\"panelIndex\":6,\"row\":5,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"}]", + "timeRestore": false, + "title": "Winlogbeat Dashboard", + "uiStateJSON": "{}", + "version": 1 + }, + "id": "Winlogbeat-Dashboard", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0-alpha3-SNAPSHOT" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/winlogbeat/beater/winlogbeat.go b/vendor/github.com/elastic/beats/winlogbeat/beater/winlogbeat.go index ffe12726..4ccefbf7 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/beater/winlogbeat.go +++ b/vendor/github.com/elastic/beats/winlogbeat/beater/winlogbeat.go @@ -116,6 +116,7 @@ func (eb *Winlogbeat) setup(b *beat.Beat) error { } if config.Metrics.BindAddress != "" { + logp.Warn("DEPRECATED: Metrics endpoint is deprecated and will be removed in 6.0") bindAddress := config.Metrics.BindAddress sock, err := net.Listen("tcp", bindAddress) if err != nil { diff --git a/vendor/github.com/elastic/beats/winlogbeat/checkpoint/checkpoint_test.go b/vendor/github.com/elastic/beats/winlogbeat/checkpoint/checkpoint_test.go index 998d5912..4ac9d2b3 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/checkpoint/checkpoint_test.go +++ b/vendor/github.com/elastic/beats/winlogbeat/checkpoint/checkpoint_test.go @@ -27,7 +27,10 @@ func TestWriteMaxUpdates(t *testing.T) { }() file := filepath.Join(dir, "some", "new", "dir", ".winlogbeat.yml") - assert.False(t, fileExists(file), "%s should not exist", file) + if !assert.False(t, fileExists(file), "%s should not exist", file) { + return + } + cp, err := NewCheckpoint(file, 2, time.Hour) if err != nil { t.Fatal(err) @@ -39,18 +42,24 @@ func TestWriteMaxUpdates(t *testing.T) { time.Sleep(500 * time.Millisecond) _, found := cp.States()["App"] assert.True(t, found) + ps, err := cp.read() - assert.NoError(t, err) + if err != nil { + t.Fatal("read failed", err) + } assert.Len(t, ps.States, 0) // Send update - it is written to disk. cp.Persist("App", 2, time.Now()) - time.Sleep(500 * time.Millisecond) + time.Sleep(750 * time.Millisecond) ps, err = cp.read() - assert.NoError(t, err) - assert.Len(t, ps.States, 1) - assert.Equal(t, "App", ps.States[0].Name) - assert.Equal(t, uint64(2), ps.States[0].RecordNumber) + if err != nil { + t.Fatal("read failed", err) + } + if assert.Len(t, ps.States, 1, "state not written, could be a flush timing issue, retry") { + assert.Equal(t, "App", ps.States[0].Name) + assert.Equal(t, uint64(2), ps.States[0].RecordNumber) + } } // Test that a write is triggered when the maximum time period since the last @@ -68,7 +77,10 @@ func TestWriteTimedFlush(t *testing.T) { }() file := filepath.Join(dir, ".winlogbeat.yml") - assert.False(t, fileExists(file), "%s should not exist", file) + if !assert.False(t, fileExists(file), "%s should not exist", file) { + return + } + cp, err := NewCheckpoint(file, 100, time.Second) if err != nil { t.Fatal(err) @@ -80,10 +92,13 @@ func TestWriteTimedFlush(t *testing.T) { cp.Persist("App", 1, time.Now()) time.Sleep(1500 * time.Millisecond) ps, err := cp.read() - assert.NoError(t, err) - assert.Len(t, ps.States, 1) - assert.Equal(t, "App", ps.States[0].Name) - assert.Equal(t, uint64(1), ps.States[0].RecordNumber) + if err != nil { + t.Fatal("read failed", err) + } + if assert.Len(t, ps.States, 1) { + assert.Equal(t, "App", ps.States[0].Name) + assert.Equal(t, uint64(1), ps.States[0].RecordNumber) + } } // Test that createDir creates the directory with 0750 permissions. @@ -103,17 +118,24 @@ func TestCreateDir(t *testing.T) { file := filepath.Join(stateDir, ".winlogbeat.yml") cp := &Checkpoint{file: file} - assert.False(t, fileExists(stateDir), "%s should not exist", file) - assert.NoError(t, cp.createDir()) - assert.True(t, fileExists(stateDir), "%s should exist", file) + if !assert.False(t, fileExists(file), "%s should not exist", file) { + return + } + if err = cp.createDir(); err != nil { + t.Fatal("createDir", err) + } + if !assert.True(t, fileExists(stateDir), "%s should exist", file) { + return + } // mkdir on Windows does not pass the POSIX mode to the CreateDirectory // syscall so doesn't test the mode. if runtime.GOOS != "windows" { fileInfo, err := os.Stat(stateDir) - assert.NoError(t, err) - assert.Equal(t, true, fileInfo.IsDir()) - assert.Equal(t, os.FileMode(0750), fileInfo.Mode().Perm()) + if assert.NoError(t, err) { + assert.Equal(t, true, fileInfo.IsDir()) + assert.Equal(t, os.FileMode(0750), fileInfo.Mode().Perm()) + } } } @@ -134,7 +156,9 @@ func TestCreateDirAlreadyExists(t *testing.T) { file := filepath.Join(dir, ".winlogbeat.yml") cp := &Checkpoint{file: file} - assert.True(t, fileExists(dir), "%s should exist", file) + if !assert.True(t, fileExists(dir), "%s should exist", file) { + return + } assert.NoError(t, cp.createDir()) } diff --git a/vendor/github.com/elastic/beats/winlogbeat/config/config_test.go b/vendor/github.com/elastic/beats/winlogbeat/config/config_test.go index 2291bdb2..e5a8b88b 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/config/config_test.go +++ b/vendor/github.com/elastic/beats/winlogbeat/config/config_test.go @@ -3,6 +3,7 @@ package config import ( + "fmt" "testing" "github.com/stretchr/testify/assert" @@ -18,7 +19,7 @@ func (v validationTestCase) run(t *testing.T) { assert.NoError(t, v.config.Validate()) } else { err := v.config.Validate() - if assert.Error(t, err, "expected '%s'", v.errMsg) { + if assert.Error(t, err, fmt.Sprintf("expected '%s'", v.errMsg)) { assert.Contains(t, err.Error(), v.errMsg) } } @@ -73,8 +74,7 @@ func TestConfigValidate(t *testing.T) { }, { MetricsConfig{BindAddress: "example.com"}, - "bind_address must be formatted as host:port but was " + - "'example.com' (missing port in address example.com)", + "bind_address must be formatted as host:port but was 'example.com'", }, { MetricsConfig{BindAddress: ":1"}, @@ -82,8 +82,7 @@ func TestConfigValidate(t *testing.T) { }, { MetricsConfig{BindAddress: "example.com:1024f"}, - "bind_address port value ('1024f') must be a number " + - "(strconv.ParseInt: parsing \"1024f\": invalid syntax)", + "bind_address port value ('1024f') must be a number", }, { MetricsConfig{BindAddress: "example.com:0"}, diff --git a/vendor/github.com/elastic/beats/winlogbeat/docs/command-line.asciidoc b/vendor/github.com/elastic/beats/winlogbeat/docs/command-line.asciidoc index 32b63d7c..a45e37b8 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/docs/command-line.asciidoc +++ b/vendor/github.com/elastic/beats/winlogbeat/docs/command-line.asciidoc @@ -1,4 +1,4 @@ -[[winlogbeat-command-line-options]] +[[command-line-options]] === Command Line Options Winlogbeat does not have any Winlogbeat-specific command line options. Instead, diff --git a/vendor/github.com/elastic/beats/winlogbeat/docs/getting-started.asciidoc b/vendor/github.com/elastic/beats/winlogbeat/docs/getting-started.asciidoc index 7c212c48..bc5f5b65 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/docs/getting-started.asciidoc +++ b/vendor/github.com/elastic/beats/winlogbeat/docs/getting-started.asciidoc @@ -19,7 +19,7 @@ After installing the Elastic Stack, read the following topics to learn how to in * <> * <> * <> -* <> +* <> * <> [[winlogbeat-installation]] @@ -32,7 +32,7 @@ https://www.elastic.co/downloads/beats/winlogbeat[downloads page]. . Open a PowerShell prompt as an Administrator (right-click on the PowerShell icon and select Run As Administrator). If you are running Windows XP, you may need to download and install PowerShell. -. Run the following commands to install the service. +. From the PowerShell prompt, run the following commands to install the service. ["source","sh",subs="attributes,callouts"] ------------------------------------------------ diff --git a/vendor/github.com/elastic/beats/winlogbeat/docs/index.asciidoc b/vendor/github.com/elastic/beats/winlogbeat/docs/index.asciidoc index bb6c2073..eef8ae04 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/docs/index.asciidoc +++ b/vendor/github.com/elastic/beats/winlogbeat/docs/index.asciidoc @@ -31,6 +31,7 @@ include::./winlogbeat-filtering.asciidoc[] include::../../libbeat/docs/shared-config-ingest.asciidoc[] +:standalone: include::../../libbeat/docs/shared-env-vars.asciidoc[] :standalone: diff --git a/vendor/github.com/elastic/beats/winlogbeat/docs/reference/configuration/winlogbeat-options.asciidoc b/vendor/github.com/elastic/beats/winlogbeat/docs/reference/configuration/winlogbeat-options.asciidoc index 0c7e7c32..e86e32e7 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/docs/reference/configuration/winlogbeat-options.asciidoc +++ b/vendor/github.com/elastic/beats/winlogbeat/docs/reference/configuration/winlogbeat-options.asciidoc @@ -170,7 +170,7 @@ Windows will prevent Winlogbeat from reading the event log because it limits the number of conditions that can be used in an event log query. If this occurs a similar warning as shown below will be logged by Winlogbeat, and it will continue processing data from other event logs. For more information, see -https://support.microsoft.com/en-us/kb/970453. +https://support.microsoft.com/en-us/kb/970453. `WARN EventLog[Application] Open() error. No events will be read from this source. The specified query is invalid.` @@ -183,12 +183,12 @@ event IDs. [source,yaml] -------------------------------------------------------------------------------- -processors: -- drop_event.when.and: - - equals.log_name: Security - - not.or: - - equals.event_id: 903 - - equals.event_id: 1024 +processors: +- drop_event.when.and: + - equals.log_name: Security + - not.or: + - equals.event_id: 903 + - equals.event_id: 1024 - equals.event_id: 4624 -------------------------------------------------------------------------------- @@ -328,11 +328,13 @@ fields. ===== metrics.bindaddress +[]deprecated + The hostname and port where the Beat will host an HTTP web service that provides metrics. This field is optional. The following example specifies that the metrics service is available at -http://localhost:8128/debug/vars: +http://localhost:8123/debug/vars: [source,yaml] -------------------------------------------------------------------------------- diff --git a/vendor/github.com/elastic/beats/winlogbeat/eventlog/wineventlog.go b/vendor/github.com/elastic/beats/winlogbeat/eventlog/wineventlog.go index 69a3b8ab..62a1d3a4 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/eventlog/wineventlog.go +++ b/vendor/github.com/elastic/beats/winlogbeat/eventlog/wineventlog.go @@ -216,6 +216,11 @@ func (l *winEventLog) buildRecordFromXML(x []byte, recoveredErr error) (Record, e.RenderErr = recoveredErr.Error() } + if e.Level == "" { + // Fallback on LevelRaw if the Level is not set in the RenderingInfo. + e.Level = win.EventLevel(e.LevelRaw).String() + } + if logp.IsDebug(detailSelector) { detailf("%s XML=%s Event=%+v", l.logPrefix, string(x), e) } diff --git a/vendor/github.com/elastic/beats/winlogbeat/sys/strings.go b/vendor/github.com/elastic/beats/winlogbeat/sys/strings.go index 01009f00..0377cf99 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/sys/strings.go +++ b/vendor/github.com/elastic/beats/winlogbeat/sys/strings.go @@ -40,6 +40,10 @@ func UTF16ToUTF8Bytes(in []byte, out io.Writer) error { var v1, v2 uint16 for i := 0; i < len(in); i += 2 { v1 = uint16(in[i]) | uint16(in[i+1])<<8 + // Stop at null-terminator. + if v1 == 0 { + return nil + } switch { case v1 < surr1, surr3 <= v1: diff --git a/vendor/github.com/elastic/beats/winlogbeat/sys/strings_test.go b/vendor/github.com/elastic/beats/winlogbeat/sys/strings_test.go index 145c0e66..09f34754 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/sys/strings_test.go +++ b/vendor/github.com/elastic/beats/winlogbeat/sys/strings_test.go @@ -107,6 +107,20 @@ func TestUTF16ToUTF8(t *testing.T) { assert.Equal(t, []byte(input), outputBuf.Bytes()) } +func TestUTF16BytesToStringTrimNullTerm(t *testing.T) { + input := "abc" + utf16Bytes := append(toUTF16Bytes(input), []byte{0, 0, 0, 0, 0, 0}...) + + outputBuf := &bytes.Buffer{} + err := UTF16ToUTF8Bytes(utf16Bytes, outputBuf) + if err != nil { + t.Fatal(err) + } + b := outputBuf.Bytes() + assert.Len(t, b, 3) + assert.Equal(t, input, string(b)) +} + func BenchmarkUTF16ToUTF8(b *testing.B) { utf16Bytes := toUTF16Bytes("A logon was attempted using explicit credentials.") outputBuf := &bytes.Buffer{} diff --git a/vendor/github.com/elastic/beats/winlogbeat/sys/wineventlog/syscall_windows.go b/vendor/github.com/elastic/beats/winlogbeat/sys/wineventlog/syscall_windows.go index a02d62ef..d899e43a 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/sys/wineventlog/syscall_windows.go +++ b/vendor/github.com/elastic/beats/winlogbeat/sys/wineventlog/syscall_windows.go @@ -194,6 +194,35 @@ func (e EvtSystemPropertyID) String() string { return s } +// EventLevel identifies the six levels of events that can be logged +type EventLevel uint16 + +// EventLevel values. +const ( + // Do not reorder. + EVENTLOG_LOGALWAYS_LEVEL EventLevel = iota + EVENTLOG_CRITICAL_LEVEL + EVENTLOG_ERROR_LEVEL + EVENTLOG_WARNING_LEVEL + EVENTLOG_INFORMATION_LEVEL + EVENTLOG_VERBOSE_LEVEL +) + +// Mapping of event levels to their string representations. +var EventLevelToString = map[EventLevel]string{ + EVENTLOG_LOGALWAYS_LEVEL: "Information", + EVENTLOG_INFORMATION_LEVEL: "Information", + EVENTLOG_CRITICAL_LEVEL: "Critical", + EVENTLOG_ERROR_LEVEL: "Error", + EVENTLOG_WARNING_LEVEL: "Warning", + EVENTLOG_VERBOSE_LEVEL: "Verbose", +} + +// String returns string representation of EventLevel. +func (et EventLevel) String() string { + return EventLevelToString[et] +} + // Add -trace to enable debug prints around syscalls. //go:generate go run $GOROOT/src/syscall/mksyscall_windows.go -output zsyscall_windows.go syscall_windows.go diff --git a/vendor/github.com/elastic/beats/winlogbeat/tests/system/test_wineventlog.py b/vendor/github.com/elastic/beats/winlogbeat/tests/system/test_wineventlog.py index 25ad14ff..98cb8713 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/tests/system/test_wineventlog.py +++ b/vendor/github.com/elastic/beats/winlogbeat/tests/system/test_wineventlog.py @@ -142,6 +142,7 @@ class Test(WriteReadTest): self.assertTrue(len(evts), 1) self.assert_common_fields(evts[0], msg=msg) self.assertTrue("xml" in evts[0]) + self.assertTrue(evts[0]["xml"].endswith(''), 'xml value: "{}"'.format(evts[0]["xml"])) def test_query_event_id(self): """ diff --git a/vendor/github.com/elastic/beats/winlogbeat/tests/system/winlogbeat.py b/vendor/github.com/elastic/beats/winlogbeat/tests/system/winlogbeat.py index e6f2a305..fe79757f 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/tests/system/winlogbeat.py +++ b/vendor/github.com/elastic/beats/winlogbeat/tests/system/winlogbeat.py @@ -1,3 +1,5 @@ +import os +import platform import sys if sys.platform.startswith("win"): @@ -93,7 +95,7 @@ class WriteReadTest(BaseTest): def assert_common_fields(self, evt, msg=None, eventID=10, sid=None, level="Information", extra=None): - assert evt["computer_name"].lower() == win32api.GetComputerName().lower() + assert evt["computer_name"].lower() == platform.node().lower() assert "record_number" in evt self.assertDictContainsSubset({ "event_id": eventID, diff --git a/vendor/github.com/elastic/beats/winlogbeat/winlogbeat.full.yml b/vendor/github.com/elastic/beats/winlogbeat/winlogbeat.full.yml index a0e6deba..efc23cee 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/winlogbeat.full.yml +++ b/vendor/github.com/elastic/beats/winlogbeat/winlogbeat.full.yml @@ -14,12 +14,6 @@ # in the directory in which it was started. #winlogbeat.registry_file: .winlogbeat.yml -# Diagnostic metrics that can retrieved through a web interface if a -# bindaddress value (host:port) is specified. The web address will be -# http:///debug/vars -#winlogbeat.metrics: -# bindaddress: 'localhost:8123' - # event_logs specifies a list of event logs to monitor as well as any # accompanying options. The YAML data type of event_logs is a list of # dictionaries. @@ -195,6 +189,14 @@ output.elasticsearch: # Path to the Elasticsearch 2.x version of the template file. #template.versions.2x.path: "${path.config}/winlogbeat.template-es2x.json" + # If set to true, winlogbeat checks the Elasticsearch version at connect time, and if it + # is 6.x, it loads the file specified by the template.versions.6x.path setting. The + # default is true. + #template.versions.6x.enabled: true + + # Path to the Elasticsearch 6.x version of the template file. + #template.versions.6x.path: "${path.config}/winlogbeat.template-es6x.json" + # Use SSL settings for HTTPS. Default is true. #ssl.enabled: true @@ -227,6 +229,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #----------------------------- Logstash output --------------------------------- #output.logstash: @@ -249,6 +255,11 @@ output.elasticsearch: # new batches. #pipelining: 0 + # If enabled only a subset of events in a batch of events is transferred per + # transaction. The number of events to be sent increases up to `bulk_max_size` + # if no error is encountered. + #slow_start: false + # Optional index name. The default index name is set to name of the beat # in all lowercase. #index: 'winlogbeat' @@ -291,6 +302,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- Kafka output ---------------------------------- #output.kafka: # Boolean flag to enable or disable the output module. @@ -426,6 +441,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- Redis output ---------------------------------- #output.redis: # Boolean flag to enable or disable the output module. @@ -523,6 +542,10 @@ output.elasticsearch: # Configure curve types for ECDHE based cipher suites #ssl.curve_types: [] + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + #------------------------------- File output ----------------------------------- #output.file: @@ -665,3 +688,6 @@ logging.files: # Number of rotated log files to keep. Oldest files will be deleted first. #keepfiles: 7 + # The permissions mask to apply when rotating log files. The default value is 0600. + # Must be a valid Unix-style file permissions mask expressed in octal notation. + #permissions: 0600 diff --git a/vendor/github.com/elastic/beats/winlogbeat/winlogbeat.template-es2x.json b/vendor/github.com/elastic/beats/winlogbeat/winlogbeat.template-es2x.json index 08cf7586..42ba33bb 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/winlogbeat.template-es2x.json +++ b/vendor/github.com/elastic/beats/winlogbeat/winlogbeat.template-es2x.json @@ -7,7 +7,7 @@ } }, "_meta": { - "version": "5.3.2" + "version": "5.6.6" }, "date_detection": false, "dynamic_templates": [ @@ -55,15 +55,9 @@ "index": "not_analyzed", "type": "string" }, - "event_data": { - "properties": {} - }, "event_id": { "type": "long" }, - "fields": { - "properties": {} - }, "keywords": { "ignore_above": 1024, "index": "not_analyzed", @@ -199,9 +193,6 @@ } } }, - "user_data": { - "properties": {} - }, "version": { "type": "long" }, diff --git a/vendor/github.com/elastic/beats/winlogbeat/winlogbeat.template-es6x.json b/vendor/github.com/elastic/beats/winlogbeat/winlogbeat.template-es6x.json new file mode 100644 index 00000000..1e32e168 --- /dev/null +++ b/vendor/github.com/elastic/beats/winlogbeat/winlogbeat.template-es6x.json @@ -0,0 +1,176 @@ +{ + "mappings": { + "_default_": { + "_meta": { + "version": "5.6.6" + }, + "date_detection": false, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "activity_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "beat": { + "properties": { + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "computer_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "event_id": { + "type": "long" + }, + "keywords": { + "ignore_above": 1024, + "type": "keyword" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + }, + "log_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "message": { + "norms": false, + "type": "text" + }, + "message_error": { + "ignore_above": 1024, + "type": "keyword" + }, + "meta": { + "properties": { + "cloud": { + "properties": { + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "instance_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "machine_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "project_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "opcode": { + "ignore_above": 1024, + "type": "keyword" + }, + "process_id": { + "type": "long" + }, + "provider_guid": { + "ignore_above": 1024, + "type": "keyword" + }, + "record_number": { + "ignore_above": 1024, + "type": "keyword" + }, + "related_activity_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "source_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "task": { + "ignore_above": 1024, + "type": "keyword" + }, + "thread_id": { + "type": "long" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "identifier": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "version": { + "type": "long" + }, + "xml": { + "norms": false, + "type": "text" + } + } + } + }, + "order": 0, + "settings": { + "index.mapping.total_fields.limit": 10000, + "index.refresh_interval": "5s" + }, + "template": "winlogbeat-*" +} \ No newline at end of file diff --git a/vendor/github.com/elastic/beats/winlogbeat/winlogbeat.template.json b/vendor/github.com/elastic/beats/winlogbeat/winlogbeat.template.json index bfd1ba8c..1e32e168 100644 --- a/vendor/github.com/elastic/beats/winlogbeat/winlogbeat.template.json +++ b/vendor/github.com/elastic/beats/winlogbeat/winlogbeat.template.json @@ -1,11 +1,8 @@ { "mappings": { "_default_": { - "_all": { - "norms": false - }, "_meta": { - "version": "5.3.2" + "version": "5.6.6" }, "date_detection": false, "dynamic_templates": [ @@ -47,15 +44,9 @@ "ignore_above": 1024, "type": "keyword" }, - "event_data": { - "properties": {} - }, "event_id": { "type": "long" }, - "fields": { - "properties": {} - }, "keywords": { "ignore_above": 1024, "type": "keyword" @@ -166,9 +157,6 @@ } } }, - "user_data": { - "properties": {} - }, "version": { "type": "long" },