0% found this document useful (0 votes)

72 views30 pages

Sostat Redacted

Uploaded by

black Abdi

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

72 views30 pages

Sostat Redacted

Uploaded by

black Abdi

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 30

analyst@security-onion:~$ sudo sostat-redacted

=========================================================================
Service Status
=========================================================================
Status: securityonion
* SO-user server[ OK ]
Status: HIDS
* ossec_agent (SO-user)[ OK ]
Status: Bro
Name Type Host Status Pid Started
manager manager localhost running 4054 27 Jun 15:53:18
proxy proxy localhost running 4465 27 Jun 15:53:20
SO-server-enp30s0-1 worker localhost running 5040 27 Jun 15:53:23
SO-server-enp34s0-1 worker localhost running 5041 27 Jun 15:53:23
Status: SO-server-enp30s0
* netsniff-ng (full packet data)[ OK ]
* pcap_agent (SO-user)[ OK ]
* snort_agent-1 (SO-user)[ OK ]
* snort-1 (alert data)[ OK ]
* barnyard2-1 (spooler, unified2 format)[ OK ]
Status: SO-server-enp34s0
* netsniff-ng (full packet data)[ OK ]
* pcap_agent (SO-user)[ OK ]
* snort_agent-1 (SO-user)[ OK ]
* snort-1 (alert data)[ OK ]
* barnyard2-1 (spooler, unified2 format)[ OK ]
Status: Elastic stack
* so-elasticsearch[ OK ]
* so-logstash[ OK ]
* so-kibana[ OK ]
* so-freqserver[ OK ]
* so-domainstats[ OK ]
* so-curator[ OK ]
* so-elastalert[ OK ]

=========================================================================
Interface Status
=========================================================================
br-f464f6c3351a Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
inet addr:X.X.X.X Bcast:X.X.X.X Mask:X.X.X.X
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:224 (224.0 B) TX bytes:1146 (1.1 KB)

docker0 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM

inet addr:X.X.X.X Bcast:X.X.X.X Mask:X.X.X.X
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64196 errors:0 dropped:0 overruns:0 frame:0
TX packets:78493 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:16303547 (16.3 MB) TX bytes:187608435 (187.6 MB)

enp30s0 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM

UP BROADCAST RUNNING NOARP PROMISC MULTICAST MTU:1500 Metric:1
RX packets:7100247 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6150066826 (6.1 GB) TX bytes:0 (0.0 B)

enp34s0 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM

UP BROADCAST RUNNING NOARP PROMISC MULTICAST MTU:1500 Metric:1
RX packets:4122551 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3564111117 (3.5 GB) TX bytes:0 (0.0 B)

enp37s0 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM

inet addr:X.X.X.X Bcast:X.X.X.X Mask:X.X.X.X
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:95562 errors:0 dropped:0 overruns:0 frame:0
TX packets:37509 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:112474945 (112.4 MB) TX bytes:14582983 (14.5 MB)

lo Link encap:Local Loopback

inet addr:X.X.X.X Mask:X.X.X.X
inet6 addr: X.X.X.X/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:186736 errors:0 dropped:0 overruns:0 frame:0
TX packets:186736 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:324346343 (324.3 MB) TX bytes:324346343 (324.3 MB)

so-curator
-------------------------------------------------------------------------
(eth0)
vetha29a00c Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:30 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:2104 (2.1 KB)

(eth1)
veth998fbb3 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2127 errors:0 dropped:0 overruns:0 frame:0
TX packets:2757 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:276750 (276.7 KB) TX bytes:22075630 (22.0 MB)

so-elastalert
-------------------------------------------------------------------------
(eth0)
vethaf2f39f Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:842 (842.0 B) TX bytes:3021 (3.0 KB)

(eth1)
veth9b24651 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1741 errors:0 dropped:0 overruns:0 frame:0
TX packets:1443 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:369323 (369.3 KB) TX bytes:256541 (256.5 KB)

so-kibana
-------------------------------------------------------------------------
(eth0)
veth3571938 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2162 errors:0 dropped:0 overruns:0 frame:0
TX packets:2267 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9680336 (9.6 MB) TX bytes:439228 (439.2 KB)

(eth1)
vethfa886ed Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8273 errors:0 dropped:0 overruns:0 frame:0
TX packets:7065 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1349089 (1.3 MB) TX bytes:10732882 (10.7 MB)

so-logstash
-------------------------------------------------------------------------
(eth0)
veth4786473 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:50663 errors:0 dropped:0 overruns:0 frame:0
TX packets:65136 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5499773 (5.4 MB) TX bytes:183125000 (183.1 MB)

(eth1)
vethc5e12bf Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1747909 errors:0 dropped:0 overruns:0 frame:0
TX packets:1747359 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:586515206 (586.5 MB) TX bytes:141788685 (141.7 MB)

so-elasticsearch
-------------------------------------------------------------------------
(eth0)
veth37d97c8 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:500 errors:0 dropped:0 overruns:0 frame:0
TX packets:722 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1247303 (1.2 MB) TX bytes:57623 (57.6 KB)

(eth1)
veth326fca3 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:69539 errors:0 dropped:0 overruns:0 frame:0
TX packets:70937 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:42651560 (42.6 MB) TX bytes:444133054 (444.1 MB)

so-domainstats
-------------------------------------------------------------------------
(eth0)
veth4679ec9 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10951 errors:0 dropped:0 overruns:0 frame:0
TX packets:10566 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:780687 (780.6 KB) TX bytes:4987453 (4.9 MB)

(eth1)
veth9164b62 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:492202 errors:0 dropped:0 overruns:0 frame:0
TX packets:492381 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:38324337 (38.3 MB) TX bytes:42233069 (42.2 MB)

so-freqserver
-------------------------------------------------------------------------
(eth0)
veth684420a Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:2956 (2.9 KB)

(eth1)
vethb8915ea Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM
inet6 addr: X.X.X.X/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1199335 errors:0 dropped:0 overruns:0 frame:0
TX packets:1199378 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:94073267 (94.0 MB) TX bytes:102874216 (102.8 MB)
=========================================================================
Link Statistics
=========================================================================
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
group default qlen 1000
link/loopback MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
RX: bytes packets errors dropped overrun mcast
325793948 186945 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
325793948 186945 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 0
2: enp30s0: <BROADCAST,MULTICAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
RX: bytes packets errors dropped overrun mcast
6154244882 7106534 0 0 0 64014
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
3: enp34s0: <BROADCAST,MULTICAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
RX: bytes packets errors dropped overrun mcast
3566310046 4126040 0 0 0 45290
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
4: enp37s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
mode DEFAULT group default qlen 1000
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
RX: bytes packets errors dropped overrun mcast
112517186 95664 0 0 0 218
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
14588683 37585 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
5: br-f464f6c3351a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UP mode DEFAULT group default
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
RX: bytes packets errors dropped overrun mcast
224 8 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
1146 15 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 4
6: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode
DEFAULT group default
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM
RX: bytes packets errors dropped overrun mcast
16310969 64335 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
188790271 78651 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
8: veth684420a@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master
docker0 state UP mode DEFAULT group default
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM link-netnsid 0
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
2956 42 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
10: vethb8915ea@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master br-f464f6c3351a state UP mode DEFAULT group default
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM link-netnsid 0
RX: bytes packets errors dropped overrun mcast
94073267 1199335 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
102874216 1199378 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
12: veth4679ec9@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master docker0 state UP mode DEFAULT group default
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM link-netnsid 1
RX: bytes packets errors dropped overrun mcast
780729 10952 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
4987495 10567 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
14: veth9164b62@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master br-f464f6c3351a state UP mode DEFAULT group default
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM link-netnsid 1
RX: bytes packets errors dropped overrun mcast
38339106 492391 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
42249368 492570 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
16: veth37d97c8@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master docker0 state UP mode DEFAULT group default
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM link-netnsid 2
RX: bytes packets errors dropped overrun mcast
1247303 500 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
57623 722 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
18: veth326fca3@if17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master br-f464f6c3351a state UP mode DEFAULT group default
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM link-netnsid 2
RX: bytes packets errors dropped overrun mcast
42660848 69581 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
444550666 70980 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
24: veth3571938@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master docker0 state UP mode DEFAULT group default
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM link-netnsid 4
RX: bytes packets errors dropped overrun mcast
9680336 2162 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
439228 2267 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
26: vethfa886ed@if25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master br-f464f6c3351a state UP mode DEFAULT group default
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM link-netnsid 4
RX: bytes packets errors dropped overrun mcast
1349911 8278 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
10736285 7069 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
28: vethaf2f39f@if27: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master docker0 state UP mode DEFAULT group default
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM link-netnsid 5
RX: bytes packets errors dropped overrun mcast
842 12 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
3021 41 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
30: veth9b24651@if29: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master br-f464f6c3351a state UP mode DEFAULT group default
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM link-netnsid 5
RX: bytes packets errors dropped overrun mcast
369323 1741 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
256541 1443 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
32: vetha29a00c@if31: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master docker0 state UP mode DEFAULT group default
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM link-netnsid 6
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
2104 30 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
34: veth998fbb3@if33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master br-f464f6c3351a state UP mode DEFAULT group default
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM link-netnsid 6
RX: bytes packets errors dropped overrun mcast
276750 2127 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
22075630 2757 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
40: veth4786473@if39: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master docker0 state UP mode DEFAULT group default
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM link-netnsid 3
RX: bytes packets errors dropped overrun mcast
5501093 50683 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
183310266 65161 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2
42: vethc5e12bf@if41: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master br-f464f6c3351a state UP mode DEFAULT group default
link/ether MM:MM:MM:MM:MM:MM brd MM:MM:MM:MM:MM:MM link-netnsid 3
RX: bytes packets errors dropped overrun mcast
587670247 1750667 0 0 0 0
RX errors: length crc frame fifo missed
0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
142010063 1750117 0 0 0 0
TX errors: aborted fifo window heartbeat transns
0 0 0 0 2

=========================================================================
Disk Usage
=========================================================================
Filesystem Size Used Avail Use% Mounted on
udev 16G 0 16G 0% /dev
tmpfs 3.1G 12M 3.1G 1% /run
/dev/md123p1 900G 8.0G 846G 1% /
tmpfs 16G 16K 16G 1% /dev/shm
tmpfs 5.0M 4.0K 5.0M 1% /run/lock
tmpfs 16G 0 16G 0% /sys/fs/cgroup
/dev/md1p1 2.7T 81G 2.5T 4% /nsm
/dev/md0 511M 3.4M 508M 1% /boot/efi
tmpfs 3.1G 4.0K 3.1G 1% /run/user/114
tmpfs 3.1G 0 3.1G 0% /run/user/1001
overlay 900G 8.0G 846G 1%
/var/lib/docker/overlay2/48268dbae7e1a362094cb9f9c29c123aa0d087cbc4dd63b8f72a17ed98
31c264/merged
shm 64M 0 64M 0%
/var/lib/docker/containers/e53daef2f78e2fad1e39ea6f1c68b4eff4b7d4f9795f9db3921ba2d1
577a4180/mounts/shm
overlay 900G 8.0G 846G 1%
/var/lib/docker/overlay2/966d1ab4a645f5d97e9c5e4445554b5d427768b6424d382e2f9d95a49e
ec19ce/merged
shm 64M 0 64M 0%
/var/lib/docker/containers/1a3cad558b784289454a1e8976dca53ae2932dc0339a511bb8bc79b9
6eac582b/mounts/shm
overlay 900G 8.0G 846G 1%
/var/lib/docker/overlay2/eec620b651dce6939512a50e529d008bc940b3a26ab7c149c6168cd0f4
b4b784/merged
shm 64M 0 64M 0%
/var/lib/docker/containers/e444ac767a449b0b094c06f6931e1467509ab1eca6453ef311537c1d
78e4c6f2/mounts/shm
tmpfs 3.1G 0 3.1G 0% /run/user/1000
overlay 900G 8.0G 846G 1%
/var/lib/docker/overlay2/efccffff3e4a82ef1a134634a3cbea10fda42721033f5fc62d6d0ebff6
889599/merged
shm 64M 0 64M 0%
/var/lib/docker/containers/694954c63eb4067d22539f8a059dcc7967afcb2c8deb577504412774
34c64ebf/mounts/shm
overlay 900G 8.0G 846G 1%
/var/lib/docker/overlay2/1ebd46e63bdcff9193dfd2c1a794c845981b24072e73f02f94292fd2dd
fb4aef/merged
shm 64M 0 64M 0%
/var/lib/docker/containers/508ceb2c9c0e3be6f480a2d38cfb6a3ccafce6a7605207a98d67be7f
5ec7ea29/mounts/shm
overlay 900G 8.0G 846G 1%
/var/lib/docker/overlay2/5e461f29f95de32b78abc92f97f1fa9fb039cecccfaababe8bf5ba63dc
bc950e/merged
shm 64M 0 64M 0%
/var/lib/docker/containers/e4d8d1cfd437d5d8dc3795285af4188f3924ba2fcbe3aa69ad8f3c65
8d2c521e/mounts/shm
overlay 900G 8.0G 846G 1%
/var/lib/docker/overlay2/f51475af62388d8193d11e0ed123fca52183fa905804ad57842f24cd8e
2a81c4/merged
shm 64M 0 64M 0%
/var/lib/docker/containers/6be7a6ea24817cf5a77407f6449dc680f3518df407887ec15f39c224
0a17c8eb/mounts/shm

=========================================================================
Network Sockets
=========================================================================
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
syslog-ng 1275 root 7u IPv4 20725 0t0 TCP *:514 (LISTEN)
syslog-ng 1275 root 8u IPv4 20726 0t0 UDP *:514
syslog-ng 1275 root 30u IPv4 89138 0t0 TCP X.X.X.X:33977-
>X.X.X.X:6050 (ESTABLISHED)
dhclient 1828 root 6u IPv4 22577 0t0 UDP *:68
sshd 1937 root 3u IPv4 29187 0t0 TCP *:ssh_port (LISTEN)
sshd 1937 root 4u IPv6 29189 0t0 TCP *:ssh_port (LISTEN)
mysqld 2045 mysql 22u IPv4 26089 0t0 TCP X.X.X.X:3306 (LISTEN)
salt-mini 2362 root 26u IPv4 27446 0t0 TCP X.X.X.X:45014-
>X.X.X.X:4505 (ESTABLISHED)
apache2 2365 root 4u IPv6 27006 0t0 TCP *:443 (LISTEN)
apache2 2373 www-data 4u IPv6 27006 0t0 TCP *:443 (LISTEN)
apache2 2373 www-data 15u IPv4 487109 0t0 TCP X.X.X.X:44790-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2373 www-data 16u IPv4 491499 0t0 TCP X.X.X.X:45036-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2373 www-data 17u IPv4 565215 0t0 TCP X.X.X.X:60398-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2373 www-data 18u IPv4 487214 0t0 TCP X.X.X.X:45066-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2373 www-data 19u IPv4 489467 0t0 TCP X.X.X.X:45072-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2376 www-data 4u IPv6 27006 0t0 TCP *:443 (LISTEN)
apache2 2376 www-data 15u IPv4 277795 0t0 TCP X.X.X.X:43380-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2376 www-data 16u IPv4 564891 0t0 TCP X.X.X.X:59752-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2376 www-data 17u IPv4 276867 0t0 TCP X.X.X.X:43494-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2376 www-data 18u IPv4 566343 0t0 TCP X.X.X.X:60008-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2376 www-data 19u IPv4 565662 0t0 TCP X.X.X.X:59966-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2377 www-data 4u IPv6 27006 0t0 TCP *:443 (LISTEN)
apache2 2377 www-data 15u IPv4 275091 0t0 TCP X.X.X.X:43360-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2377 www-data 16u IPv4 275096 0t0 TCP X.X.X.X:43368-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2377 www-data 17u IPv4 277792 0t0 TCP X.X.X.X:43374-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2377 www-data 18u IPv4 276853 0t0 TCP X.X.X.X:43462-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2377 www-data 19u IPv4 276872 0t0 TCP X.X.X.X:43512-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2377 www-data 20u IPv4 275179 0t0 TCP X.X.X.X:43556-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2378 www-data 4u IPv6 27006 0t0 TCP *:443 (LISTEN)
apache2 2378 www-data 15u IPv4 84546 0t0 TCP X.X.X.X:38952-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2378 www-data 16u IPv4 277849 0t0 TCP X.X.X.X:43522-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2378 www-data 17u IPv4 278761 0t0 TCP X.X.X.X:44224-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2378 www-data 18u IPv4 513776 0t0 TCP X.X.X.X:39840-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 2378 www-data 19u IPv4 279756 0t0 TCP X.X.X.X:44328-
>X.X.X.X:5601 (CLOSE_WAIT)
salt-mast 2417 root 14u IPv4 24781 0t0 TCP *:4505 (LISTEN)
salt-mast 2417 root 16u IPv4 27447 0t0 TCP X.X.X.X:4505-
>X.X.X.X:45014 (ESTABLISHED)
salt-mast 2425 root 22u IPv4 27052 0t0 TCP *:4506 (LISTEN)
ossec-csy 2731 ossecm 5u IPv4 26019 0t0 UDP X.X.X.X:44019-
>X.X.X.X:514
ntpd 3391 ntp 16u IPv6 28245 0t0 UDP *:123
ntpd 3391 ntp 17u IPv4 28248 0t0 UDP *:123
ntpd 3391 ntp 18u IPv4 28253 0t0 UDP X.X.X.X:123
ntpd 3391 ntp 19u IPv4 28255 0t0 UDP X.X.X.X:123
ntpd 3391 ntp 20u IPv6 28257 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 21u IPv6 28259 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 25u IPv4 37667 0t0 UDP X.X.X.X:123
ntpd 3391 ntp 26u IPv4 37669 0t0 UDP X.X.X.X:123
ntpd 3391 ntp 27u IPv6 37673 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 28u IPv6 37675 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 29u IPv6 37677 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 30u IPv6 37679 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 31u IPv6 37681 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 32u IPv6 37683 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 33u IPv6 37685 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 34u IPv6 37828 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 35u IPv6 75757 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 36u IPv6 75759 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 37u IPv6 48752 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 38u IPv6 48754 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 39u IPv6 48756 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 40u IPv6 48758 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 41u IPv6 48760 0t0 UDP [X.X.X.X]:123
ntpd 3391 ntp 42u IPv6 48762 0t0 UDP [X.X.X.X]:123
tclsh 3432 SO-user 13u IPv4 30863 0t0 TCP *:7734 (LISTEN)
tclsh 3432 SO-user 14u IPv6 30864 0t0 TCP *:7734 (LISTEN)
tclsh 3432 SO-user 15u IPv4 30867 0t0 TCP *:7736 (LISTEN)
tclsh 3432 SO-user 16u IPv6 30868 0t0 TCP *:7736 (LISTEN)
tclsh 3432 SO-user 17u IPv4 32272 0t0 TCP X.X.X.X:7736-
>X.X.X.X:36457 (ESTABLISHED)
tclsh 3432 SO-user 18u IPv4 32275 0t0 TCP X.X.X.X:7736-
>X.X.X.X:32897 (ESTABLISHED)
tclsh 3432 SO-user 19u IPv4 32278 0t0 TCP X.X.X.X:7736-
>X.X.X.X:42607 (ESTABLISHED)
tclsh 3432 SO-user 20u IPv4 32409 0t0 TCP X.X.X.X:7736-
>X.X.X.X:43951 (ESTABLISHED)
tclsh 3432 SO-user 21u IPv4 32436 0t0 TCP X.X.X.X:7736-
>X.X.X.X:42063 (ESTABLISHED)
tclsh 3432 SO-user 22u IPv4 302523 0t0 TCP X.X.X.X:7734-
>X.X.X.X:38522 (ESTABLISHED)
tclsh 3845 SO-user 3u IPv4 31497 0t0 TCP X.X.X.X:36457-
>X.X.X.X:7736 (ESTABLISHED)
bro 4054 SO-user 4u IPv4 29356 0t0 UDP X.X.X.X:54747-
>X.X.X.X:53
bro 4057 SO-user 0u IPv4 29361 0t0 TCP *:47761 (LISTEN)
bro 4057 SO-user 1u IPv6 29362 0t0 TCP *:47761 (LISTEN)
bro 4057 SO-user 2u IPv4 31069 0t0 TCP X.X.X.X:47761-
>X.X.X.X:54992 (ESTABLISHED)
bro 4057 SO-user 4u IPv4 29356 0t0 UDP X.X.X.X:54747-
>X.X.X.X:53
bro 4057 SO-user 14u IPv4 30513 0t0 TCP X.X.X.X:47761-
>X.X.X.X:54994 (ESTABLISHED)
bro 4057 SO-user 19u IPv4 30519 0t0 TCP X.X.X.X:47761-
>X.X.X.X:54998 (ESTABLISHED)
bro 4465 SO-user 4u IPv4 31910 0t0 UDP X.X.X.X:33435-
>X.X.X.X:53
bro 4467 SO-user 0u IPv4 30358 0t0 TCP X.X.X.X:54992-
>X.X.X.X:47761 (ESTABLISHED)
bro 4467 SO-user 4u IPv4 31910 0t0 UDP X.X.X.X:33435-
>X.X.X.X:53
bro 4467 SO-user 12u IPv4 30363 0t0 TCP *:47762 (LISTEN)
bro 4467 SO-user 13u IPv6 30364 0t0 TCP *:47762 (LISTEN)
bro 4467 SO-user 14u IPv4 30516 0t0 TCP X.X.X.X:47762-
>X.X.X.X:44414 (ESTABLISHED)
bro 4467 SO-user 19u IPv4 32087 0t0 TCP X.X.X.X:47762-
>X.X.X.X:44418 (ESTABLISHED)
bro 5040 SO-user 4u IPv4 31202 0t0 UDP X.X.X.X:35029-
>X.X.X.X:53
bro 5041 SO-user 4u IPv4 29661 0t0 UDP X.X.X.X:58877-
>X.X.X.X:53
bro 5138 SO-user 0u IPv4 31212 0t0 TCP X.X.X.X:54994-
>X.X.X.X:47761 (ESTABLISHED)
bro 5138 SO-user 4u IPv4 31202 0t0 UDP X.X.X.X:35029-
>X.X.X.X:53
bro 5138 SO-user 12u IPv4 31215 0t0 TCP X.X.X.X:44414-
>X.X.X.X:47762 (ESTABLISHED)
bro 5138 SO-user 17u IPv4 31220 0t0 TCP *:47763 (LISTEN)
bro 5138 SO-user 18u IPv6 31221 0t0 TCP *:47763 (LISTEN)
bro 5141 SO-user 0u IPv4 31224 0t0 TCP X.X.X.X:54998-
>X.X.X.X:47761 (ESTABLISHED)
bro 5141 SO-user 4u IPv4 29661 0t0 UDP X.X.X.X:58877-
>X.X.X.X:53
bro 5141 SO-user 12u IPv4 31227 0t0 TCP X.X.X.X:44418-
>X.X.X.X:47762 (ESTABLISHED)
bro 5141 SO-user 17u IPv4 31232 0t0 TCP *:47764 (LISTEN)
bro 5141 SO-user 18u IPv6 31233 0t0 TCP *:47764 (LISTEN)
tclsh 5871 SO-user 3u IPv4 31514 0t0 TCP X.X.X.X:32897-
>X.X.X.X:7736 (ESTABLISHED)
tclsh 5890 SO-user 3u IPv4 31556 0t0 TCP X.X.X.X:42607-
>X.X.X.X:7736 (ESTABLISHED)
tclsh 5890 SO-user 4u IPv4 31557 0t0 TCP X.X.X.X:8001 (LISTEN)
tclsh 5890 SO-user 6u IPv4 437189 0t0 TCP X.X.X.X:8001-
>X.X.X.X:43976 (ESTABLISHED)
tclsh 5999 SO-user 3u IPv4 33137 0t0 TCP X.X.X.X:43951-
>X.X.X.X:7736 (ESTABLISHED)
tclsh 6018 SO-user 3u IPv4 33201 0t0 TCP X.X.X.X:42063-
>X.X.X.X:7736 (ESTABLISHED)
tclsh 6018 SO-user 4u IPv4 33202 0t0 TCP X.X.X.X:8101 (LISTEN)
tclsh 6018 SO-user 6u IPv4 439571 0t0 TCP X.X.X.X:8101-
>X.X.X.X:33648 (ESTABLISHED)
docker-pr 6865 root 4u IPv4 37494 0t0 TCP X.X.X.X:9300 (LISTEN)
docker-pr 6878 root 4u IPv4 37500 0t0 TCP X.X.X.X:9200 (LISTEN)
apache2 7193 www-data 4u IPv6 27006 0t0 TCP *:443 (LISTEN)
apache2 7193 www-data 15u IPv4 297530 0t0 TCP X.X.X.X:33824-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 7193 www-data 16u IPv4 494591 0t0 TCP X.X.X.X:49218-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 7193 www-data 17u IPv4 299143 0t0 TCP X.X.X.X:33952-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 7193 www-data 18u IPv4 487209 0t0 TCP X.X.X.X:45056-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 3u IPv4 513579 0t0 TCP X.X.X.X:39810-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 4u IPv4 45234 0t0 TCP X.X.X.X:5601 (LISTEN)
docker-pr 9131 root 6u IPv4 512948 0t0 TCP X.X.X.X:5601-
>X.X.X.X:39120 (FIN_WAIT2)
docker-pr 9131 root 7u IPv4 297394 0t0 TCP X.X.X.X:5601-
>X.X.X.X:33184 (FIN_WAIT2)
docker-pr 9131 root 8u IPv4 297396 0t0 TCP X.X.X.X:34030-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 9u IPv4 86186 0t0 TCP X.X.X.X:5601-
>X.X.X.X:38952 (FIN_WAIT2)
docker-pr 9131 root 10u IPv4 86188 0t0 TCP X.X.X.X:39798-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 12u IPv4 277796 0t0 TCP X.X.X.X:5601-
>X.X.X.X:43380 (FIN_WAIT2)
docker-pr 9131 root 13u IPv4 277798 0t0 TCP X.X.X.X:44226-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 14u IPv4 487110 0t0 TCP X.X.X.X:5601-
>X.X.X.X:44790 (FIN_WAIT2)
docker-pr 9131 root 15u IPv4 487112 0t0 TCP X.X.X.X:45636-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 16u IPv4 489372 0t0 TCP X.X.X.X:5601-
>X.X.X.X:44776 (FIN_WAIT2)
docker-pr 9131 root 17u IPv4 489374 0t0 TCP X.X.X.X:45622-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 18u IPv4 565611 0t0 TCP X.X.X.X:60598-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 19u IPv4 563122 0t0 TCP X.X.X.X:5601-
>X.X.X.X:59950 (FIN_WAIT2)
docker-pr 9131 root 20u IPv4 512950 0t0 TCP X.X.X.X:39966-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 21u IPv4 513022 0t0 TCP X.X.X.X:5601-
>X.X.X.X:39470 (FIN_WAIT2)
docker-pr 9131 root 22u IPv4 491748 0t0 TCP X.X.X.X:5601-
>X.X.X.X:45034 (FIN_WAIT2)
docker-pr 9131 root 23u IPv4 491750 0t0 TCP X.X.X.X:45882-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 24u IPv4 296957 0t0 TCP X.X.X.X:5601-
>X.X.X.X:33824 (FIN_WAIT2)
docker-pr 9131 root 25u IPv4 296959 0t0 TCP X.X.X.X:34670-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 26u IPv4 276135 0t0 TCP X.X.X.X:44344-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 27u IPv4 491494 0t0 TCP X.X.X.X:5601-
>X.X.X.X:45026 (FIN_WAIT2)
docker-pr 9131 root 28u IPv4 563124 0t0 TCP X.X.X.X:60796-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 29u IPv4 566326 0t0 TCP X.X.X.X:5601-
>X.X.X.X:59958 (FIN_WAIT2)
docker-pr 9131 root 30u IPv4 487204 0t0 TCP X.X.X.X:5601-
>X.X.X.X:45048 (FIN_WAIT2)
docker-pr 9131 root 31u IPv4 487206 0t0 TCP X.X.X.X:45894-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 32u IPv4 487101 0t0 TCP X.X.X.X:5601-
>X.X.X.X:44770 (FIN_WAIT2)
docker-pr 9131 root 33u IPv4 487103 0t0 TCP X.X.X.X:45616-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 34u IPv4 513024 0t0 TCP X.X.X.X:40316-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 35u IPv4 516183 0t0 TCP X.X.X.X:5601-
>X.X.X.X:39818 (FIN_WAIT2)
docker-pr 9131 root 36u IPv4 565706 0t0 TCP X.X.X.X:5601-
>X.X.X.X:60398 (FIN_WAIT2)
docker-pr 9131 root 37u IPv4 565708 0t0 TCP X.X.X.X:33012-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 38u IPv4 494592 0t0 TCP X.X.X.X:5601-
>X.X.X.X:49218 (FIN_WAIT2)
docker-pr 9131 root 39u IPv4 497666 0t0 TCP X.X.X.X:50064-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 40u IPv4 277786 0t0 TCP X.X.X.X:5601-
>X.X.X.X:43360 (FIN_WAIT2)
docker-pr 9131 root 41u IPv4 277788 0t0 TCP X.X.X.X:44206-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 42u IPv4 276095 0t0 TCP X.X.X.X:5601-
>X.X.X.X:43368 (FIN_WAIT2)
docker-pr 9131 root 43u IPv4 276097 0t0 TCP X.X.X.X:44214-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 44u IPv4 275099 0t0 TCP X.X.X.X:5601-
>X.X.X.X:43374 (FIN_WAIT2)
docker-pr 9131 root 45u IPv4 275101 0t0 TCP X.X.X.X:44220-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 46u IPv4 277803 0t0 TCP X.X.X.X:5601-
>X.X.X.X:43394 (FIN_WAIT2)
docker-pr 9131 root 47u IPv4 277805 0t0 TCP X.X.X.X:44240-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 48u IPv4 566328 0t0 TCP X.X.X.X:60804-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 49u IPv4 563131 0t0 TCP X.X.X.X:5601-
>X.X.X.X:59966 (FIN_WAIT2)
docker-pr 9131 root 50u IPv4 277827 0t0 TCP X.X.X.X:5601-
>X.X.X.X:43462 (FIN_WAIT2)
docker-pr 9131 root 51u IPv4 277829 0t0 TCP X.X.X.X:44308-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 52u IPv4 275133 0t0 TCP X.X.X.X:5601-
>X.X.X.X:43494 (FIN_WAIT2)
docker-pr 9131 root 53u IPv4 275134 0t0 TCP X.X.X.X:5601-
>X.X.X.X:43496 (FIN_WAIT2)
docker-pr 9131 root 54u IPv4 275136 0t0 TCP X.X.X.X:44342-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 55u IPv4 491496 0t0 TCP X.X.X.X:45872-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 56u IPv4 277842 0t0 TCP X.X.X.X:5601-
>X.X.X.X:43512 (FIN_WAIT2)
docker-pr 9131 root 57u IPv4 277844 0t0 TCP X.X.X.X:44358-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 58u IPv4 276148 0t0 TCP X.X.X.X:5601-
>X.X.X.X:43522 (FIN_WAIT2)
docker-pr 9131 root 59u IPv4 276150 0t0 TCP X.X.X.X:44368-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 60u IPv4 563159 0t0 TCP X.X.X.X:5601-
>X.X.X.X:60142 (FIN_WAIT2)
docker-pr 9131 root 61u IPv4 563161 0t0 TCP X.X.X.X:60988-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 62u IPv4 276157 0t0 TCP X.X.X.X:5601-
>X.X.X.X:43556 (FIN_WAIT2)
docker-pr 9131 root 63u IPv4 276159 0t0 TCP X.X.X.X:44402-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 64u IPv4 489385 0t0 TCP X.X.X.X:5601-
>X.X.X.X:44796 (FIN_WAIT2)
docker-pr 9131 root 65u IPv4 489387 0t0 TCP X.X.X.X:45642-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 66u IPv4 491485 0t0 TCP X.X.X.X:5601-
>X.X.X.X:45002 (FIN_WAIT2)
docker-pr 9131 root 67u IPv4 491487 0t0 TCP X.X.X.X:45848-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 68u IPv4 277897 0t0 TCP X.X.X.X:5601-
>X.X.X.X:43598 (FIN_WAIT2)
docker-pr 9131 root 69u IPv4 277899 0t0 TCP X.X.X.X:44444-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 70u IPv4 277903 0t0 TCP X.X.X.X:5601-
>X.X.X.X:43610 (FIN_WAIT2)
docker-pr 9131 root 71u IPv4 277905 0t0 TCP X.X.X.X:44456-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 72u IPv4 278279 0t0 TCP X.X.X.X:5601-
>X.X.X.X:44224 (FIN_WAIT2)
docker-pr 9131 root 73u IPv4 278281 0t0 TCP X.X.X.X:45070-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 74u IPv4 513777 0t0 TCP X.X.X.X:5601-
>X.X.X.X:39840 (FIN_WAIT2)
docker-pr 9131 root 75u IPv4 513779 0t0 TCP X.X.X.X:40686-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 76u IPv4 566344 0t0 TCP X.X.X.X:5601-
>X.X.X.X:60008 (FIN_WAIT2)
docker-pr 9131 root 77u IPv4 566346 0t0 TCP X.X.X.X:60854-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 78u IPv4 278321 0t0 TCP X.X.X.X:5601-
>X.X.X.X:44328 (FIN_WAIT2)
docker-pr 9131 root 79u IPv4 278323 0t0 TCP X.X.X.X:45174-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 80u IPv4 563133 0t0 TCP X.X.X.X:60812-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 81u IPv4 513577 0t0 TCP X.X.X.X:5601-
>X.X.X.X:38964 (FIN_WAIT2)
docker-pr 9131 root 82u IPv4 300077 0t0 TCP X.X.X.X:5601-
>X.X.X.X:33952 (FIN_WAIT2)
docker-pr 9131 root 83u IPv4 300079 0t0 TCP X.X.X.X:34798-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 84u IPv4 516185 0t0 TCP X.X.X.X:40664-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 85u IPv4 565609 0t0 TCP X.X.X.X:5601-
>X.X.X.X:59752 (FIN_WAIT2)
docker-pr 9131 root 86u IPv4 491388 0t0 TCP X.X.X.X:5601-
>X.X.X.X:44708 (FIN_WAIT2)
docker-pr 9131 root 87u IPv4 491390 0t0 TCP X.X.X.X:45554-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 88u IPv4 489380 0t0 TCP X.X.X.X:5601-
>X.X.X.X:44782 (FIN_WAIT2)
docker-pr 9131 root 89u IPv4 489382 0t0 TCP X.X.X.X:45628-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 90u IPv4 487195 0t0 TCP X.X.X.X:5601-
>X.X.X.X:45036 (FIN_WAIT2)
docker-pr 9131 root 91u IPv4 487197 0t0 TCP X.X.X.X:45884-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 92u IPv4 489458 0t0 TCP X.X.X.X:5601-
>X.X.X.X:45056 (FIN_WAIT2)
docker-pr 9131 root 93u IPv4 489460 0t0 TCP X.X.X.X:45902-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 94u IPv4 491759 0t0 TCP X.X.X.X:5601-
>X.X.X.X:45066 (FIN_WAIT2)
docker-pr 9131 root 95u IPv4 491761 0t0 TCP X.X.X.X:45912-
>X.X.X.X:5601 (CLOSE_WAIT)
docker-pr 9131 root 96u IPv4 491763 0t0 TCP X.X.X.X:5601-
>X.X.X.X:45072 (FIN_WAIT2)
docker-pr 9131 root 97u IPv4 491765 0t0 TCP X.X.X.X:45918-
>X.X.X.X:5601 (CLOSE_WAIT)
sshd 11279 root 3u IPv4 48115 0t0 TCP X.X.X.X:ssh_port-
>X.X.X.X:33305 (ESTABLISHED)
sshd 11292 SO-user 3u IPv4 48115 0t0 TCP X.X.X.X:ssh_port-
>X.X.X.X:33305 (ESTABLISHED)
sshd 13063 root 3u IPv4 773123 0t0 TCP X.X.X.X:ssh_port-
>X.X.X.X:34474 (ESTABLISHED)
sshd 13321 SO-user 3u IPv4 773123 0t0 TCP X.X.X.X:ssh_port-
>X.X.X.X:34474 (ESTABLISHED)
docker-pr 19591 root 4u IPv6 78336 0t0 TCP *:9600 (LISTEN)
docker-pr 19603 root 4u IPv6 76474 0t0 TCP *:6053 (LISTEN)
docker-pr 19614 root 4u IPv6 78347 0t0 TCP *:6052 (LISTEN)
docker-pr 19625 root 4u IPv6 78356 0t0 TCP *:6051 (LISTEN)
docker-pr 19637 root 3u IPv6 88016 0t0 TCP X.X.X.X:6050-
>X.X.X.X:33977 (ESTABLISHED)
docker-pr 19637 root 4u IPv6 75569 0t0 TCP *:6050 (LISTEN)
docker-pr 19637 root 6u IPv4 88018 0t0 TCP X.X.X.X:53086-
>X.X.X.X:6050 (ESTABLISHED)
docker-pr 19650 root 4u IPv6 75576 0t0 TCP *:5044 (LISTEN)
apache2 22336 www-data 4u IPv6 27006 0t0 TCP *:443 (LISTEN)
apache2 22336 www-data 15u IPv4 491419 0t0 TCP X.X.X.X:44776-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22336 www-data 16u IPv4 514610 0t0 TCP X.X.X.X:39120-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22336 www-data 17u IPv4 491632 0t0 TCP X.X.X.X:44770-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22336 www-data 18u IPv4 515584 0t0 TCP X.X.X.X:39470-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22336 www-data 19u IPv4 491493 0t0 TCP X.X.X.X:45026-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22336 www-data 20u IPv4 491387 0t0 TCP X.X.X.X:44708-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22344 www-data 4u IPv6 27006 0t0 TCP *:443 (LISTEN)
apache2 22344 www-data 15u IPv4 487203 0t0 TCP X.X.X.X:45048-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22344 www-data 16u IPv4 487114 0t0 TCP X.X.X.X:44796-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22344 www-data 17u IPv4 489436 0t0 TCP X.X.X.X:45002-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22349 www-data 4u IPv6 27006 0t0 TCP *:443 (LISTEN)
apache2 22349 www-data 15u IPv4 275106 0t0 TCP X.X.X.X:43394-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22349 www-data 16u IPv4 564939 0t0 TCP X.X.X.X:59958-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22349 www-data 17u IPv4 276134 0t0 TCP X.X.X.X:43496-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22349 www-data 18u IPv4 564934 0t0 TCP X.X.X.X:59950-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22349 www-data 19u IPv4 563158 0t0 TCP X.X.X.X:60142-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22350 www-data 4u IPv6 27006 0t0 TCP *:443 (LISTEN)
apache2 22350 www-data 15u IPv4 513576 0t0 TCP X.X.X.X:38964-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22350 www-data 16u IPv4 298253 0t0 TCP X.X.X.X:33184-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22350 www-data 17u IPv4 516182 0t0 TCP X.X.X.X:39818-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22350 www-data 18u IPv4 489379 0t0 TCP X.X.X.X:44782-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22350 www-data 19u IPv4 491747 0t0 TCP X.X.X.X:45034-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22351 www-data 4u IPv6 27006 0t0 TCP *:443 (LISTEN)
apache2 22351 www-data 15u IPv4 276194 0t0 TCP X.X.X.X:43598-
>X.X.X.X:5601 (CLOSE_WAIT)
apache2 22351 www-data 16u IPv4 276201 0t0 TCP X.X.X.X:43610-
>X.X.X.X:5601 (CLOSE_WAIT)
barnyard2 32051 SO-user 3u IPv4 438369 0t0 TCP X.X.X.X:43976-
>X.X.X.X:8001 (ESTABLISHED)
barnyard2 32165 SO-user 3u IPv4 437754 0t0 TCP X.X.X.X:33648-
>X.X.X.X:8101 (ESTABLISHED)

=========================================================================
IDS Rules Update
=========================================================================
Wed Jun 27 16:24:23 UTC 2018
Backing up current local_rules.xml file.
Cleaning up local_rules.xml backup files older than 30 days.
Backing up current downloaded.rules file before it gets overwritten.
Cleaning up downloaded.rules backup files older than 30 days.
Backing up current local.rules file before it gets overwritten.
Cleaning up local.rules backup files older than 30 days.
Running PulledPork.

https://github.com/shirkdog/pulledpork
_____ ____
`----,\ )
`--==\\ / PulledPork v0.7.3 - Making signature updates great again!
`--==\\/
.-~~~~-.Y|\\_ Copyright (C) 2009-2016 JJ Cummings
@_/ / 66\_ [email protected]
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Checking latest MD5 for snortrules-snapshot-2990.tar.gz....
They Match
Done!
Checking latest MD5 for emerging.rules.tar.gz....
They Match
Done!
Prepping rules from emerging.rules.tar.gz for work....
Done!
Prepping rules from snortrules-snapshot-2990.tar.gz for work....
Done!
Reading rules...
Generating Stub Rules....
Done
Reading rules...
Reading rules...
Activating security rulesets....
Done
Modifying Sids....
Done!
Processing /etc/nsm/pulledpork/enablesid.conf....
Modified 0 rules
Skipped 0 rules (already disabled)
Done
Processing /etc/nsm/pulledpork/dropsid.conf....
Modified 0 rules
Skipped 0 rules (already disabled)
Done
Processing /etc/nsm/pulledpork/disablesid.conf....
Modified 0 rules
Skipped 0 rules (already disabled)
Done
Setting Flowbit State....
Enabled 551 flowbits
Done
Writing /etc/nsm/rules/downloaded.rules....
Done
Generating sid-msg.map....
Done
Writing v1 /etc/nsm/rules/sid-msg.map....
Done
Writing /var/log/nsm/sid_changes.log....
Done
Rule Stats...
New:-------0
Deleted:---0
Enabled Rules:----14058
Dropped Rules:----0
Disabled Rules:---47105
Total Rules:------61163
No IP Blacklist Changes
Done
Please review /var/log/nsm/sid_changes.log for additional details
Fly Piggy Fly!
Restarting Barnyard2.
Restarting: SO-server-enp30s0
* stopping: barnyard2-1 (spooler, unified2 format)[ OK ]
* starting: barnyard2-1 (spooler, unified2 format)[ OK ]
Restarting: SO-server-enp34s0
* stopping: barnyard2-1 (spooler, unified2 format)[ OK ]
* starting: barnyard2-1 (spooler, unified2 format)[ OK ]
Restarting IDS Engine.
Restarting: SO-server-enp30s0
* stopping: snort-1 (alert data)[ OK ]
* starting: snort-1 (alert data)[ OK ]
Restarting: SO-server-enp34s0
* stopping: snort-1 (alert data)[ OK ]
* starting: snort-1 (alert data)[ OK ]

=========================================================================
CPU Usage
=========================================================================
Load average for the last 1, 5, and 15 minutes:
0.87 1.22 1.41
Processing units: 4
If load average is higher than processing units,
then tune until load average is lower than processing units.

top - 16:48:29 up 55 min, 2 users, load average: 0.87, 1.22, 1.41

Tasks: 251 total, 4 running, 247 sleeping, 0 stopped, 0 zombie
%Cpu(s): 23.9 us, 2.3 sy, 0.1 ni, 68.9 id, 4.2 wa, 0.0 hi, 0.6 si, 0.0 st
KiB Mem : 31899312 total, 1239084 free, 16625388 used, 14034840 buff/cache
KiB Swap: 15718396 total, 15718396 free, 0 used. 14601316 avail Mem

%CPU %MEM COMMAND

30.1 8.3 /bin/java -Xms4000m -Xmx4000m -XX:+UseParNewGC -XX:+UseConcMarkSweepGC
-XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly
-Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djruby.compile.invokedynamic=true
-Djruby.jit.threshold=0 -XX:+HeapDumpOnOutOfMemoryError
-Djava.security.egd=file:/dev/urandom -cp /usr/share/logstash/logstash-
core/lib/jars/commons-compiler-3.0.8.jar:/usr/share/logstash/logstash-
core/lib/jars/google-java-format-1.1.jar:/usr/share/logstash/logstash-
core/lib/jars/guava-19.0.jar:/usr/share/logstash/logstash-core/lib/jars/jackson-
annotations-2.9.1.jar:/usr/share/logstash/logstash-core/lib/jars/jackson-core-
2.9.1.jar:/usr/share/logstash/logstash-core/lib/jars/jackson-databind-
2.9.1.jar:/usr/share/logstash/logstash-core/lib/jars/jackson-dataformat-cbor-
2.9.1.jar:/usr/share/logstash/logstash-core/lib/jars/janino-
3.0.8.jar:/usr/share/logstash/logstash-core/lib/jars/jruby-complete-
X.X.X.X.jar:/usr/share/logstash/logstash-core/lib/jars/log4j-api-
2.9.1.jar:/usr/share/logstash/logstash-core/lib/jars/log4j-core-
2.9.1.jar:/usr/share/logstash/logstash-core/lib/jars/log4j-slf4j-impl-
2.9.1.jar:/usr/share/logstash/logstash-core/lib/jars/logstash-
core.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.core.commands-
3.6.0.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.core.contenttype-
3.4.100.jar:/usr/share/logstash/logstash-
core/lib/jars/org.eclipse.core.expressions-
3.4.300.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.core.filesystem-
1.3.100.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.core.jobs-
3.5.100.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.core.resources-
3.7.100.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.core.runtime-
3.7.0.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.equinox.app-
1.3.100.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.equinox.common-
3.6.0.jar:/usr/share/logstash/logstash-
core/lib/jars/org.eclipse.equinox.preferences-
3.4.1.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.equinox.registry-
3.5.101.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.jdt.core-
3.10.0.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.osgi-
3.7.1.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.text-
3.5.101.jar:/usr/share/logstash/logstash-core/lib/jars/slf4j-api-1.7.25.jar
org.logstash.Logstash
14.2 0.0 barnyard2 -c /etc/nsm/SO-server-enp34s0/barnyard2-1.conf -u SO-user -g
SO-user -d /nsm/sensor_data/SO-server-enp34s0/snort-1 -f snort.unified2 -w
/etc/nsm/SO-server-enp34s0/barnyard2.waldo-1 -i SO-server-enp34s0-1 -U
14.0 0.0 barnyard2 -c /etc/nsm/SO-server-enp30s0/barnyard2-1.conf -u SO-user -g
SO-user -d /nsm/sensor_data/SO-server-enp30s0/snort-1 -f snort.unified2 -w
/etc/nsm/SO-server-enp30s0/barnyard2.waldo-1 -i SO-server-enp30s0-1 -U
12.6 2.1 /opt/bro/bin/bro -i enp30s0 -U .status -p broctl -p broctl-live -p local
-p SO-server-enp30s0-1 local.bro broctl base/frameworks/cluster local-worker.bro
broctl/auto
12.5 2.1 /opt/bro/bin/bro -i enp34s0 -U .status -p broctl -p broctl-live -p local
-p SO-server-enp34s0-1 local.bro broctl base/frameworks/cluster local-worker.bro
broctl/auto
8.2 27.9 /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -Xms7974m -Xmx7974m -XX:
+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:
+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true
-Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow
-Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true
-Dio.netty.recycler.maxCapacityPerThread=0 -Dlog4j.shutdownHookEnabled=false
-Dlog4j2.disable.jmx=true -Djava.io.tmpdir=/tmp/elasticsearch.Xy6uYZYM -XX:
+HeapDumpOnOutOfMemoryError -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:
+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime -Xloggc:logs/gc.log
-XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=32 -XX:GCLogFileSize=64m
-Des.cgroups.hierarchy.override=/ -Des.path.home=/usr/share/elasticsearch
-Des.path.conf=/usr/share/elasticsearch/config -cp /usr/share/elasticsearch/lib/*
org.elasticsearch.bootstrap.Elasticsearch -Ecluster.name=SO-server
-Ebootstrap.memory_lock=true -Etransport.host=X.X.X.X -Ehttp.host=X.X.X.X
3.3 2.8 snort -c /etc/nsm/SO-server-enp34s0/snort.conf -u SO-user -g SO-user -i
enp34s0 -l /nsm/sensor_data/SO-server-enp34s0/snort-1 --perfmon-file
/nsm/sensor_data/SO-server-enp34s0/snort-1.stats -U --snaplen 1524
3.2 2.8 snort -c /etc/nsm/SO-server-enp30s0/snort.conf -u SO-user -g SO-user -i
enp30s0 -l /nsm/sensor_data/SO-server-enp30s0/snort-1 --perfmon-file
/nsm/sensor_data/SO-server-enp30s0/snort-1.stats -U --snaplen 1524
2.9 0.0 /usr/bin/python /opt/freq_server/freq/freq_server.py -ip X.X.X.X 10004
/opt/freq_server/freq/freq_table.freq
1.4 1.0 /usr/bin/python /opt/domain_stats/domain_stats.py -ip X.X.X.X 20000 -a
/opt/domain_stats/top-1m.csv --preload 0
1.2 0.2 /opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p manager
local.bro broctl base/frameworks/cluster local-manager.bro broctl/auto
0.9 0.0 /var/ossec/bin/ossec-analysisd
0.9 0.0 /var/ossec/bin/ossec-syscheckd
0.8 0.2 /opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p proxy
local.bro broctl base/frameworks/cluster local-proxy broctl/auto
0.5 0.4 /usr/share/kibana/bin/../node/bin/node --no-warnings
/usr/share/kibana/bin/../src/cli --cpu.cgroup.path.override=/
--cpuacct.cgroup.path.override=/ --kibana.defaultAppId=dashboard/94b52620-342a-
11e7-9d52-4f090484f59e
0.3 0.0 /usr/sbin/syslog-ng -F
0.2 0.2 /usr/bin/dockerd -H fd://
0.2 0.2 /usr/bin/python /usr/bin/salt-master
0.2 0.0 /bin/bash /usr/sbin/sostat
0.2 1.2 netsniff-ng -i enp30s0 -o /nsm/sensor_data/SO-server-
enp30s0/dailylogs/2018-06-27/ --user 1001 --group 1001 -s --prefix snort.log.
--verbose --ring-size 256MiB --interval 150MiB --mmap
0.1 0.0 docker-containerd --config /var/run/docker/containerd/containerd.toml
0.1 1.0 netsniff-ng -i enp34s0 -o /nsm/sensor_data/SO-server-
enp34s0/dailylogs/2018-06-27/ --user 1001 --group 1001 -s --prefix snort.log.
--verbose --ring-size 256MiB --interval 150MiB --mmap
0.1 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 6050
-container-ip X.X.X.X -container-port 6050
0.1 0.0 [kworker/0:1]
0.1 0.0 atop
0.0 0.0 /sbin/init splash
0.0 0.0 [kthreadd]
0.0 0.0 [kworker/0:0H]
0.0 0.0 [mm_percpu_wq]
0.0 0.0 [ksoftirqd/0]
0.0 0.0 [rcu_sched]
0.0 0.0 [rcu_bh]
0.0 0.0 [migration/0]
0.0 0.0 [watchdog/0]
0.0 0.0 [cpuhp/0]
0.0 0.0 [cpuhp/1]
0.0 0.0 [watchdog/1]
0.0 0.0 [migration/1]
0.0 0.0 [ksoftirqd/1]
0.0 0.0 [kworker/1:0H]
0.0 0.0 [cpuhp/2]
0.0 0.0 [watchdog/2]
0.0 0.0 [migration/2]
0.0 0.0 [ksoftirqd/2]
0.0 0.0 [kworker/2:0H]
0.0 0.0 [cpuhp/3]
0.0 0.0 [watchdog/3]
0.0 0.0 [migration/3]
0.0 0.0 [ksoftirqd/3]
0.0 0.0 [kworker/3:0H]
0.0 0.0 [kdevtmpfs]
0.0 0.0 [netns]
0.0 0.0 [kworker/2:1]
0.0 0.0 [khungtaskd]
0.0 0.0 [oom_reaper]
0.0 0.0 [writeback]
0.0 0.0 [kcompactd0]
0.0 0.0 [ksmd]
0.0 0.0 [khugepaged]
0.0 0.0 [crypto]
0.0 0.0 [kintegrityd]
0.0 0.0 [kblockd]
0.0 0.0 [ata_sff]
0.0 0.0 [md]
0.0 0.0 [edac-poller]
0.0 0.0 [devfreq_wq]
0.0 0.0 [watchdogd]
0.0 0.0 [irq/25-AMD-Vi]
0.0 0.0 [kauditd]
0.0 0.0 [kswapd0]
0.0 0.0 [ecryptfs-kthrea]
0.0 0.0 [kthrotld]
0.0 0.0 [acpi_thermal_pm]
0.0 0.0 [ipv6_addrconf]
0.0 0.0 [charger_manager]
0.0 0.0 [scsi_eh_0]
0.0 0.0 [scsi_tmf_0]
0.0 0.0 [scsi_eh_1]
0.0 0.0 [scsi_tmf_1]
0.0 0.0 [scsi_eh_2]
0.0 0.0 [scsi_tmf_2]
0.0 0.0 [scsi_eh_3]
0.0 0.0 [scsi_tmf_3]
0.0 0.0 [scsi_eh_4]
0.0 0.0 [scsi_tmf_4]
0.0 0.0 [scsi_eh_5]
0.0 0.0 [scsi_tmf_5]
0.0 0.0 [scsi_eh_6]
0.0 0.0 [scsi_tmf_6]
0.0 0.0 [scsi_eh_7]
0.0 0.0 [scsi_tmf_7]
0.0 0.0 [scsi_eh_8]
0.0 0.0 [scsi_tmf_8]
0.0 0.0 [scsi_eh_9]
0.0 0.0 [scsi_tmf_9]
0.0 0.0 [scsi_eh_10]
0.0 0.0 [scsi_tmf_10]
0.0 0.0 [kworker/0:2]
0.0 0.0 [kworker/0:1H]
0.0 0.0 [kworker/1:1H]
0.0 0.0 [md0_raid1]
0.0 0.0 [kworker/2:1H]
0.0 0.0 [md1_raid1]
0.0 0.0 [md123_raid1]
0.0 0.0 [md122_raid1]
0.0 0.0 [raid5wq]
0.0 0.0 [jbd2/md123p1-8]
0.0 0.0 [ext4-rsv-conver]
0.0 0.0 [kworker/3:1H]
0.0 0.0 /lib/systemd/systemd-journald
0.0 0.0 [iscsi_eh]
0.0 0.0 /sbin/lvmetad -f
0.0 0.0 [ib-comp-wq]
0.0 0.0 [ib_addr]
0.0 0.0 [ib_mcast]
0.0 0.0 [ib_nl_sa_wq]
0.0 0.0 [ib_cm]
0.0 0.0 [iw_cm_wq]
0.0 0.0 [rdma_cm]
0.0 0.0 /lib/systemd/systemd-udevd
0.0 0.0 [jbd2/md1p1-8]
0.0 0.0 [ext4-rsv-conver]
0.0 0.0 /usr/sbin/atd -f
0.0 0.0 /usr/sbin/acpid
0.0 0.0 /usr/sbin/cron -f
0.0 0.0 /usr/lib/accountsservice/accounts-daemon
0.0 0.0 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile
--systemd-activation
0.0 0.0 /usr/sbin/NetworkManager --no-daemon
0.0 0.0 /lib/systemd/systemd-logind
0.0 0.0 /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise
--scan --syslog
0.0 0.0 /usr/lib/policykit-1/polkitd --no-debug
0.0 0.0 /sbin/dhclient -1 -v -pf /run/dhclient.enp37s0.pid -lf
/var/lib/dhcp/dhclient.enp37s0.leases -I -df /var/lib/dhcp/dhclient6.enp37s0.leases
enp37s0
0.0 0.0 /usr/sbin/sshd -D
0.0 0.1 /usr/bin/python /usr/bin/salt-minion
0.0 0.2 /usr/bin/python /usr/bin/salt-master
0.0 0.0 /sbin/iscsid
0.0 0.0 /sbin/iscsid
0.0 0.4 /usr/sbin/mysqld
0.0 0.0 /usr/bin/atop -a -w /var/log/atop/atop_20180628 600
0.0 0.0 /usr/sbin/lightdm
0.0 0.0 /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
0.0 0.1 /usr/lib/xorg/Xorg -core :0 -seat seat0 -auth /var/run/lightdm/root/:0
-nolisten tcp vt7 -novtswitch
0.0 0.0 /sbin/agetty --noclear tty1 linux
0.0 0.0 php-fpm: master process (/etc/php/7.0/fpm/php-fpm.conf)
0.0 0.0 php-fpm: pool www
0.0 0.0 php-fpm: pool www
0.0 0.2 /usr/bin/python /usr/bin/salt-minion
0.0 0.0 /usr/sbin/apache2 -k start
0.0 0.0 /usr/sbin/apache2 -k start
0.0 0.0 /usr/sbin/apache2 -k start
0.0 0.0 /usr/sbin/apache2 -k start
0.0 0.0 /usr/sbin/apache2 -k start
0.0 0.1 /usr/bin/python /usr/bin/salt-master
0.0 0.1 /usr/bin/python /usr/bin/salt-master
0.0 0.1 /usr/bin/python /usr/bin/salt-master
0.0 0.1 /usr/bin/python /usr/bin/salt-master
0.0 0.2 /usr/bin/python /usr/bin/salt-master
0.0 0.2 /usr/bin/python /usr/bin/salt-master
0.0 0.2 /usr/bin/python /usr/bin/salt-master
0.0 0.2 /usr/bin/python /usr/bin/salt-master
0.0 0.2 /usr/bin/python /usr/bin/salt-master
0.0 0.0 /var/ossec/bin/ossec-csyslogd
0.0 0.0 /var/ossec/bin/ossec-execd
0.0 0.0 /var/ossec/bin/ossec-logcollector
0.0 0.0 lightdm --session-child 16 19
0.0 0.0 /var/ossec/bin/ossec-monitord
0.0 0.0 /lib/systemd/systemd --user
0.0 0.0 (sd-pam)
0.0 0.0 /bin/sh /usr/lib/lightdm/lightdm-greeter-session /usr/sbin/lightdm-gtk-
greeter
0.0 0.0 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
0.0 0.2 /usr/sbin/lightdm-gtk-greeter
0.0 0.0 /usr/lib/at-spi2-core/at-spi-bus-launcher --launch-immediately
0.0 0.0 /usr/lib/gvfs/gvfsd
0.0 0.0 /usr/bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf
--nofork --print-address 3
0.0 0.0 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 111:118
0.0 0.0 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
0.0 0.0 su - SO-user -- /usr/bin/SO-userd -c /etc/nsm/securityonion/SO-userd.conf
-a /etc/nsm/securityonion/autocat.conf -g /etc/nsm/securityonion/SO-userd.queries
-A /etc/nsm/securityonion/SO-userd.access -C /etc/nsm/securityonion/certs
0.0 0.0 /lib/systemd/systemd --user
0.0 0.0 (sd-pam)
0.0 0.0 tclsh /usr/bin/SO-userd -c /etc/nsm/securityonion/SO-userd.conf -a
/etc/nsm/securityonion/autocat.conf -g /etc/nsm/securityonion/SO-userd.queries
-A /etc/nsm/securityonion/SO-userd.access -C /etc/nsm/securityonion/certs
0.0 0.0 su - SO-user -- /usr/bin/ossec_agent.tcl -o -f
/var/ossec/logs/alerts/alerts.log -i X.X.X.X -p 5 -c
/etc/nsm/ossec/ossec_agent.conf
0.0 0.0 tclsh /usr/bin/ossec_agent.tcl -o -f /var/ossec/logs/alerts/alerts.log -i
X.X.X.X -p 5 -c /etc/nsm/ossec/ossec_agent.conf
0.0 0.0 lightdm --session-child 12 19
0.0 0.0 tclsh /usr/bin/SO-userd -c /etc/nsm/securityonion/SO-userd.conf -a
/etc/nsm/securityonion/autocat.conf -g /etc/nsm/securityonion/SO-userd.queries
-A /etc/nsm/securityonion/SO-userd.access -C /etc/nsm/securityonion/certs
0.0 0.0 tclsh /usr/bin/SO-userd -c /etc/nsm/securityonion/SO-userd.conf -a
/etc/nsm/securityonion/autocat.conf -g /etc/nsm/securityonion/SO-userd.queries
-A /etc/nsm/securityonion/SO-userd.access -C /etc/nsm/securityonion/certs
0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -U .status -p broctl
-p broctl-live -p local -p manager local.bro broctl base/frameworks/cluster local-
manager.bro broctl/auto
0.0 0.1 /opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p manager
local.bro broctl base/frameworks/cluster local-manager.bro broctl/auto
0.0 0.0 [kworker/1:0]
0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -U .status -p broctl
-p broctl-live -p local -p proxy local.bro broctl base/frameworks/cluster local-
proxy broctl/auto
0.0 0.1 /opt/bro/bin/bro -U .status -p broctl -p broctl-live -p local -p proxy
local.bro broctl base/frameworks/cluster local-proxy broctl/auto
0.0 0.0 sudo sostat-redacted
0.0 0.0 /bin/bash /usr/sbin/sostat-redacted
0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i enp30s0 -U .status
-p broctl -p broctl-live -p local -p SO-server-enp30s0-1 local.bro broctl
base/frameworks/cluster local-worker.bro broctl/auto
0.0 0.0 /bin/bash /opt/bro/share/broctl/scripts/run-bro -1 -i enp34s0 -U .status
-p broctl -p broctl-live -p local -p SO-server-enp34s0-1 local.bro broctl
base/frameworks/cluster local-worker.bro broctl/auto
0.0 1.8 /opt/bro/bin/bro -i enp30s0 -U .status -p broctl -p broctl-live -p local
-p SO-server-enp30s0-1 local.bro broctl base/frameworks/cluster local-worker.bro
broctl/auto
0.0 1.8 /opt/bro/bin/bro -i enp34s0 -U .status -p broctl -p broctl-live -p local
-p SO-server-enp34s0-1 local.bro broctl base/frameworks/cluster local-worker.bro
broctl/auto
0.0 0.0 tail -n 0 -F /var/ossec/logs/alerts/alerts.log
0.0 0.0 su - SO-user -- /usr/bin/pcap_agent.tcl -c /etc/nsm/SO-server-
enp30s0/pcap_agent.conf
0.0 0.0 tclsh /usr/bin/pcap_agent.tcl -c /etc/nsm/SO-server-
enp30s0/pcap_agent.conf
0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/SO-server-
enp30s0/snort_agent-1.conf
0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/SO-server-enp30s0/snort_agent-
1.conf
0.0 0.0 tail -n 1 -f /nsm/sensor_data/SO-server-enp30s0/snort-1.stats
0.0 0.0 su - SO-user -- /usr/bin/pcap_agent.tcl -c /etc/nsm/SO-server-
enp34s0/pcap_agent.conf
0.0 0.0 tclsh /usr/bin/pcap_agent.tcl -c /etc/nsm/SO-server-
enp34s0/pcap_agent.conf
0.0 0.0 su - SO-user -- /usr/bin/snort_agent.tcl -c /etc/nsm/SO-server-
enp34s0/snort_agent-1.conf
0.0 0.0 tclsh /usr/bin/snort_agent.tcl -c /etc/nsm/SO-server-enp34s0/snort_agent-
1.conf
0.0 0.0 tail -n 1 -f /nsm/sensor_data/SO-server-enp34s0/snort-1.stats
0.0 0.0 docker-containerd-shim -namespace moby -workdir
/var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/e53daef2f78e2
fad1e39ea6f1c68b4eff4b7d4f9795f9db3921ba2d1577a4180 -address
/var/run/docker/containerd/docker-containerd.sock -containerd-binary
/usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
0.0 0.0 [kworker/u32:2]
0.0 0.0 docker-containerd-shim -namespace moby -workdir
/var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/1a3cad558b784
289454a1e8976dca53ae2932dc0339a511bb8bc79b96eac582b -address
/var/run/docker/containerd/docker-containerd.sock -containerd-binary
/usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 9300
-container-ip X.X.X.X -container-port 9300
0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 9200
-container-ip X.X.X.X -container-port 9200
0.0 0.0 docker-containerd-shim -namespace moby -workdir
/var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/e444ac767a449
b0b094c06f6931e1467509ab1eca6453ef311537c1d78e4c6f2 -address
/var/run/docker/containerd/docker-containerd.sock -containerd-binary
/usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
0.0 0.0 /usr/sbin/apache2 -k start
0.0 0.0 /lib/systemd/systemd --user
0.0 0.0 (sd-pam)
0.0 0.0 ps -eo pcpu,pmem,args --sort -pcpu
0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 5601
-container-ip X.X.X.X -container-port 5601
0.0 0.0 docker-containerd-shim -namespace moby -workdir
/var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/694954c63eb40
67d22539f8a059dcc7967afcb2c8deb57750441277434c64ebf -address
/var/run/docker/containerd/docker-containerd.sock -containerd-binary
/usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
0.0 0.0 docker-containerd-shim -namespace moby -workdir
/var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/508ceb2c9c0e3
be6f480a2d38cfb6a3ccafce6a7605207a98d67be7f5ec7ea29 -address
/var/run/docker/containerd/docker-containerd.sock -containerd-binary
/usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
0.0 0.0 /usr/bin/python /usr/bin/supervisord -c
/etc/elastalert/conf/elastalert_supervisord.conf -n
0.0 0.0 docker-containerd-shim -namespace moby -workdir
/var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/e4d8d1cfd437d
5d8dc3795285af4188f3924ba2fcbe3aa69ad8f3c658d2c521e -address
/var/run/docker/containerd/docker-containerd.sock -containerd-binary
/usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
0.0 0.0 /bin/bash
0.0 0.1 python -m elastalert.elastalert --config
/etc/elastalert/conf/elastalert_config.yaml --verbose
0.0 0.0 [kworker/3:0]
0.0 0.0 sshd: SO-user [priv]
0.0 0.0 sshd: SO-user@pts/1
0.0 0.0 -bash
0.0 0.0 sshd: SO-user [priv]
0.0 0.0 sshd: SO-user@pts/0
0.0 0.0 -bash
0.0 0.0 [kworker/3:2]
0.0 0.0 [kworker/u32:0]
0.0 0.0 [kworker/2:2]
0.0 0.0 [kworker/2:0]
0.0 0.0 [kworker/1:1]
0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 9600
-container-ip X.X.X.X -container-port 9600
0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 6053
-container-ip X.X.X.X -container-port 6053
0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 6052
-container-ip X.X.X.X -container-port 6052
0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 6051
-container-ip X.X.X.X -container-port 6051
0.0 0.0 /usr/bin/docker-proxy -proto tcp -host-ip X.X.X.X -host-port 5044
-container-ip X.X.X.X -container-port 5044
0.0 0.0 docker-containerd-shim -namespace moby -workdir
/var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/6be7a6ea24817
cf5a77407f6449dc680f3518df407887ec15f39c2240a17c8eb -address
/var/run/docker/containerd/docker-containerd.sock -containerd-binary
/usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
0.0 0.0 /usr/sbin/apache2 -k start
0.0 0.0 /usr/sbin/apache2 -k start
0.0 0.0 /usr/sbin/apache2 -k start
0.0 0.0 /usr/sbin/apache2 -k start
0.0 0.0 /usr/sbin/apache2 -k start
0.0 0.0 [kworker/3:1]
0.0 0.0 sudo atop
0.0 0.0 [kworker/u32:1]

=========================================================================
Packets received during last monitoring interval (600 seconds)
=========================================================================

enp30s0: 1300681

enp34s0: 679360

=========================================================================
Packet Loss Stats
=========================================================================

NIC:

enp30s0:
RX packets:7107024 dropped:0 TX packets:0 dropped:0

enp34s0:

RX packets:4126281 dropped:0 TX packets:0 dropped:0

-------------------------------------------------------------------------

pf_ring:

Appl. Name : snort-cluster-51-socket-0

Tot Packets : 3207487
Tot Pkt Lost : 0

Appl. Name : snort-cluster-52-socket-0

Tot Packets : 1723798
Tot Pkt Lost : 0

Appl. Name : bro-enp30s0

Tot Packets : 7064177
Tot Pkt Lost : 0

Appl. Name : bro-enp34s0

Tot Packets : 4097043
Tot Pkt Lost : 0

-------------------------------------------------------------------------

IDS Engine (snort) packet drops:

/nsm/sensor_data/SO-server-enp30s0/snort-1.stats last reported pkt_drop_percent as

0.000
/nsm/sensor_data/SO-server-enp34s0/snort-1.stats last reported pkt_drop_percent as
0.000
-------------------------------------------------------------------------

Bro:

Average packet loss as percent across all Bro workers: 0.000000

SO-server-enp30s0-1: 1530118110.321415 recvd=7064748 dropped=0 link=7064748

SO-server-enp34s0-1: 1530118110.517446 recvd=4097635 dropped=0 link=4097635

Capture Loss:

If you are seeing capture loss without dropped packets, this

may indicate that an upstream device is dropping packets (tap or SPAN port).

-------------------------------------------------------------------------

Netsniff-NG:

0 Loss
0 Loss

=========================================================================
PF_RING
=========================================================================
PF_RING Version : 6.6.0 (unknown)
Total rings : 4

Standard (non ZC) Options

Ring slots : 65534
Slot version : 16
Capture TX : Yes [RX+TX]
IP Defragment : No
Socket Mode : Standard
Cluster Fragment Queue : 0
Cluster Fragment Discard : 0

=========================================================================
Log Archive
=========================================================================
/nsm/sensor_data/SO-server-enp30s0/dailylogs/ - 2 days
23G .
5.9G ./2018-06-27
17G ./2018-06-28

/nsm/sensor_data/SO-server-enp34s0/dailylogs/ - 2 days
52G .
17G ./2018-06-27
36G ./2018-06-28

/nsm/sensor_data/SO-server-enp37s0/dailylogs/ - 0 days
4.0K .

/nsm/bro/logs/ - 2 days
94M .
20M ./2018-06-27
74M ./2018-06-28
904K ./stats

=========================================================================
Sguil Uncategorized Events
=========================================================================
COUNT(*)
0

=========================================================================
Sguil events summary for yesterday
=========================================================================
Total
0

=========================================================================
Top 50 All time Sguil Events
=========================================================================
Totals GenID:SigID Signature
1562 124:1 smtp: Attempted command buffer overflow
24 1:45950 PUA-OTHER Coinhive TLS client hello attempt
24 1:16482 BROWSER-IE Microsoft Internet Explorer userdata behavior memory
corruption attempt
24 1:45949 PUA-OTHER Coinhive TLS server hello attempt
7 1:28039 INDICATOR-COMPROMISE Suspicious .pw dns query
Total
1641

=========================================================================
Last update
=========================================================================
Requested-By: SO-user (1000)
Install: atop:amd64 (1.26-2build1)
End-Date: 2018-06-27 15:33:29

Start-Date: 2018-06-27 17:06:30

Commandline: apt-get -y install --install-recommends linux-generic-hwe-16.04
xserver-xorg-hwe-16.04
Requested-By: SO-user (1000)
Install: xserver-xorg-video-qxl-hwe-16.04:amd64 (0.1.5-2build1~16.04.1, automatic),
xserver-xorg-video-vesa-hwe-16.04:amd64 (1:2.3.4-1build3~16.04.1, automatic),
linux-image-generic-hwe-16.04:amd64 (X.X.X.X.64, automatic), xserver-xorg-video-
amdgpu-hwe-16.04:amd64 (1.4.0-1~16.04.1, automatic), linux-generic-hwe-16.04:amd64
(X.X.X.X.64), xserver-xorg-input-synaptics-hwe-16.04:amd64 (1.9.0-1ubuntu1~16.04.1,
automatic), linux-image-4.13.0-45-generic:amd64 (4.13.0-45.50~16.04.1, automatic),
xserver-xorg-hwe-16.04:amd64 (1:7.7+16ubuntu3~16.04.1), xserver-xorg-video-all-hwe-
16.04:amd64 (1:7.7+16ubuntu3~16.04.1, automatic), xserver-xorg-video-fbdev-hwe-
16.04:amd64 (1:0.4.4-1build6~16.04.1, automatic), linux-headers-4.13.0-45:amd64
(4.13.0-45.50~16.04.1, automatic), xserver-xorg-video-vmware-hwe-16.04:amd64
(1:13.2.1-1build1~16.04.1, automatic), libxfont2:amd64 (1:2.0.1-3~ubuntu16.04.3,
automatic), xserver-xorg-video-intel-hwe-16.04:amd64 (2:2.99.917+git20170309-
0ubuntu1~16.04.1, automatic), xserver-xorg-core-hwe-16.04:amd64 (2:1.19.5-
0ubuntu2~16.04.1, automatic), xserver-xorg-input-wacom-hwe-16.04:amd64 (1:0.34.0-
0ubuntu2~16.04.1, automatic), thermald:amd64 (1.5-2ubuntu4, automatic), linux-
image-extra-4.13.0-45-generic:amd64 (4.13.0-45.50~16.04.1, automatic), xserver-
xorg-input-evdev-hwe-16.04:amd64 (1:2.10.5-1ubuntu1~16.04.1, automatic), linux-
headers-generic-hwe-16.04:amd64 (X.X.X.X.64, automatic), xserver-xorg-video-
nouveau-hwe-16.04:amd64 (1:1.0.15-2~16.04.1, automatic), xserver-xorg-legacy-hwe-
16.04:amd64 (2:1.19.5-0ubuntu2~16.04.1, automatic), linux-headers-4.13.0-45-
generic:amd64 (4.13.0-45.50~16.04.1, automatic), xserver-xorg-input-all-hwe-
16.04:amd64 (1:7.7+16ubuntu3~16.04.1, automatic), xserver-xorg-video-radeon-hwe-
16.04:amd64 (1:7.10.0-1~16.04.1, automatic), xserver-xorg-video-ati-hwe-16.04:amd64
(1:7.10.0-1~16.04.1, automatic)
Remove: xserver-xorg-input-all:amd64 (1:7.7+13ubuntu3), xserver-xorg-input-
synaptics:amd64 (1.8.2-1ubuntu3), xserver-xorg:amd64 (1:7.7+13ubuntu3), xserver-
xorg-video-qxl:amd64 (0.1.4-3ubuntu3), xserver-xorg-video-vesa:amd64 (1:2.3.4-
1build2), xserver-xorg-video-nouveau:amd64 (1:1.0.12-1build2), xserver-xorg-video-
amdgpu:amd64 (1.1.2-0ubuntu0.16.04.1), xserver-xorg-core:amd64 (2:1.18.4-
0ubuntu0.7), xserver-xorg-video-fbdev:amd64 (1:0.4.4-1build5), xserver-xorg-input-
wacom:amd64 (1:0.32.0-0ubuntu3), xserver-xorg-input-vmmouse:amd64 (1:13.1.0-
1ubuntu2), xserver-xorg-video-intel:amd64 (2:2.99.917+git20160325-1ubuntu1.2),
xserver-xorg-video-vmware:amd64 (1:13.1.0-2ubuntu3), xserver-xorg-input-evdev:amd64
(1:2.10.1-1ubuntu2), xserver-xorg-video-all:amd64 (1:7.7+13ubuntu3), xserver-xorg-
video-ati:amd64 (1:7.7.0-1), xserver-xorg-video-radeon:amd64 (1:7.7.0-1)
End-Date: 2018-06-27 17:08:43

=========================================================================
Elasticsearch
=========================================================================

Elasticsearch is running.
Cluster Name: "SO-server"
Cluster Status: "green"
Total Nodes: 1
Failed Nodes: 0
Total Indices: 12
Total Shards: 32
Total Documents: 2174993
Total Size: 4124MB
Free Memory: 4%
Total Number of Events: 2174993
Avg. Event Size (In Bytes): 1896

CONTAINER ID NAME CPU % MEM USAGE / LIMIT

MEM % NET I/O BLOCK I/O PIDS
e444ac767a44 so-elasticsearch 2.72% 8.399GiB / 30.42GiB
27.61% 446MB / 44.1MB 1.11GB / 2.54GB 68

=========================================================================
Logstash
=========================================================================

Logstash is running.

CONTAINER ID NAME CPU % MEM USAGE / LIMIT

MEM % NET I/O BLOCK I/O PIDS
6be7a6ea2481 so-logstash 37.76% 2.536GiB / 30.42GiB
8.34% 327MB / 598MB 101MB / 39.3MB 133

Logstash Queue Stats:

Queue Type: memory

Queue settings can be modified in /etc/logstash/logstash.yml.

Event Summary (since restart):

Events In: 221981

Events Out: 221927

=========================================================================
Kibana
=========================================================================

Kibana is running.

CONTAINER ID NAME CPU % MEM USAGE / LIMIT

MEM % NET I/O BLOCK I/O PIDS
694954c63eb4 so-kibana 0.46% 125.2MiB / 30.42GiB
0.40% 11.2MB / 11MB 223MB / 30.7kB 10

=========================================================================
ElastAlert
=========================================================================

ElastAlert is running.

CONTAINER ID NAME CPU % MEM USAGE / LIMIT

MEM % NET I/O BLOCK I/O PIDS
508ceb2c9c0e so-elastalert 0.02% 64.45MiB / 30.42GiB
0.21% 260kB / 370kB 98.5MB / 92.2kB 2

=========================================================================
Curator
=========================================================================

Curator is running.

CONTAINER ID NAME CPU % MEM USAGE / LIMIT

MEM % NET I/O BLOCK I/O PIDS
e4d8d1cfd437 so-curator 0.00% 4.93MiB / 30.42GiB
0.02% 22.1MB / 277kB 7.91MB / 0B 1

=========================================================================
Freq Server
=========================================================================

Freq_server is running.

CONTAINER ID NAME CPU % MEM USAGE / LIMIT

MEM % NET I/O BLOCK I/O PIDS
e53daef2f78e so-freqserver 0.86% 10.2MiB / 30.42GiB
0.03% 104MB / 94.9MB 37.3MB / 0B 2

Testing freq_server now...

Freq Server is working.

=========================================================================
Domain Stats
=========================================================================

Domain_stats is running.

CONTAINER ID NAME CPU % MEM USAGE / LIMIT

MEM % NET I/O BLOCK I/O PIDS
1a3cad558b78 so-domainstats 2.31% 308.9MiB / 30.42GiB
0.99% 47.7MB / 39.5MB 78.6MB / 0B 2

Testing domain_stats now...

Domain_stats is working.

=========================================================================
Version Information
=========================================================================

Ubuntu 16.04.4 LTS

Vmware Interview Questions and Answers
75% (4)
Vmware Interview Questions and Answers
41 pages
Vmware Interview Questions and Answers PDF
No ratings yet
Vmware Interview Questions and Answers PDF
41 pages
13 Linux Network Configuration and Troubleshooting Commands
No ratings yet
13 Linux Network Configuration and Troubleshooting Commands
9 pages
Zesty Overview
No ratings yet
Zesty Overview
26 pages
VTSP NV (2019) - Network Virtualization 2019
64% (14)
VTSP NV (2019) - Network Virtualization 2019
10 pages
T REC G.Imp984.4 200812 S!!MSW E
No ratings yet
T REC G.Imp984.4 200812 S!!MSW E
43 pages
OpenRG Conf
No ratings yet
OpenRG Conf
152 pages
Kerio Support Info
No ratings yet
Kerio Support Info
55 pages
WebSphere Application Server Versions Whats Different
100% (1)
WebSphere Application Server Versions Whats Different
222 pages
How To Stop and Start The Logservice On Ver4 Server
No ratings yet
How To Stop and Start The Logservice On Ver4 Server
7 pages
OS - Lecture 04 - CPU Scheduling
No ratings yet
OS - Lecture 04 - CPU Scheduling
51 pages
GTPL SESSION LOGS
No ratings yet
GTPL SESSION LOGS
27 pages
MAC Address: NIC Bonding in RHEL5.6 (This Config From The DB Servers)
No ratings yet
MAC Address: NIC Bonding in RHEL5.6 (This Config From The DB Servers)
8 pages
Ifconfig
No ratings yet
Ifconfig
4 pages
Netstat POST
No ratings yet
Netstat POST
24 pages
Practica EIGRP - 6502
No ratings yet
Practica EIGRP - 6502
5 pages
Netkit Lab - Two Switches
No ratings yet
Netkit Lab - Two Switches
33 pages
Linux Networking
No ratings yet
Linux Networking
14 pages
Beyond Your Cable Modem
No ratings yet
Beyond Your Cable Modem
129 pages
TS1 TS2 and DIAG
No ratings yet
TS1 TS2 and DIAG
119 pages
SD
No ratings yet
SD
33 pages
Cau Hinh SW Core 3705
No ratings yet
Cau Hinh SW Core 3705
23 pages
Prints cfx5000 Waw
No ratings yet
Prints cfx5000 Waw
12 pages
Linux Network Command
No ratings yet
Linux Network Command
7 pages
Plantilla ASR920 (Para Revisar)
No ratings yet
Plantilla ASR920 (Para Revisar)
13 pages
Untitled
No ratings yet
Untitled
4 pages
Ifconfig
No ratings yet
Ifconfig
4 pages
NE40E-M2 V800R010C10SPC500 Configuration Guide - User Access 01
No ratings yet
NE40E-M2 V800R010C10SPC500 Configuration Guide - User Access 01
775 pages
Lab41 ALS1 TT A CFG
No ratings yet
Lab41 ALS1 TT A CFG
5 pages
Manual Dslam Huawei
100% (4)
Manual Dslam Huawei
922 pages
Hitham Config
No ratings yet
Hitham Config
18 pages
Muestra Ping
No ratings yet
Muestra Ping
56 pages
Network Info
No ratings yet
Network Info
4 pages
Bridge Channel Bonding IPAliasing Policy Routing Dual Leased Line Use 20120903
No ratings yet
Bridge Channel Bonding IPAliasing Policy Routing Dual Leased Line Use 20120903
9 pages
V 20
No ratings yet
V 20
8 pages
Site-T0-Site VPN Hub and Spoke Setup
No ratings yet
Site-T0-Site VPN Hub and Spoke Setup
17 pages
BB 1
No ratings yet
BB 1
8 pages
Policies Book Xe Sdwan
No ratings yet
Policies Book Xe Sdwan
230 pages
MobaXterm DM4100 20220601 092640
No ratings yet
MobaXterm DM4100 20220601 092640
18 pages
BackUp - SW GUA 29 06 2022
No ratings yet
BackUp - SW GUA 29 06 2022
15 pages
Network Tools: Ifconfig Traceroute Arp Netcat Ping TCPDMP Route Wireshark
No ratings yet
Network Tools: Ifconfig Traceroute Arp Netcat Ping TCPDMP Route Wireshark
51 pages
Salidas Mellanox
No ratings yet
Salidas Mellanox
16 pages
Network Info
No ratings yet
Network Info
2 pages
XG Firewall On Ms Azure Infrastructure
No ratings yet
XG Firewall On Ms Azure Infrastructure
1 page
Chapter 7 Demonstrate The Pan in Linux System: 7.1 Demonstration
No ratings yet
Chapter 7 Demonstrate The Pan in Linux System: 7.1 Demonstration
14 pages
Rack 5
No ratings yet
Rack 5
8 pages
Experiment 1
No ratings yet
Experiment 1
2 pages
Ex - No 1
No ratings yet
Ex - No 1
4 pages
NAME Ip Show Manipulate
No ratings yet
NAME Ip Show Manipulate
3 pages
PPPoE-CONF ENCONTRADA NA NET
No ratings yet
PPPoE-CONF ENCONTRADA NA NET
4 pages
P 21
No ratings yet
P 21
4 pages
SW Acces Pku Spring
No ratings yet
SW Acces Pku Spring
11 pages
Vlan Stacking
No ratings yet
Vlan Stacking
4 pages
SW PGM 14 07 2022
No ratings yet
SW PGM 14 07 2022
12 pages
Kube Using
No ratings yet
Kube Using
1 page
Pool
No ratings yet
Pool
1 page
SW Cisco c3850 (Ambiental)
No ratings yet
SW Cisco c3850 (Ambiental)
7 pages
SW 21
No ratings yet
SW 21
6 pages
Proyecto 2
No ratings yet
Proyecto 2
18 pages
SW 22
No ratings yet
SW 22
6 pages
Port# TCP or UDP Port Name Description
No ratings yet
Port# TCP or UDP Port Name Description
1 page
Running Config Vitesse
No ratings yet
Running Config Vitesse
3 pages
DVR WVB Dump - Source
No ratings yet
DVR WVB Dump - Source
24 pages
FJ Gen2 Stats
No ratings yet
FJ Gen2 Stats
4 pages
RAD ETX 203, 205, 220 Debug and Information Commands - Yuri Slob
No ratings yet
RAD ETX 203, 205, 220 Debug and Information Commands - Yuri Slob
9 pages
Module 6 - More iBGP, and Basic eBGP Configuration
No ratings yet
Module 6 - More iBGP, and Basic eBGP Configuration
10 pages
Huawei Configuration File
No ratings yet
Huawei Configuration File
4 pages
Netscaler Gateway 12 0
No ratings yet
Netscaler Gateway 12 0
658 pages
Config Guide Mpls Applications
No ratings yet
Config Guide Mpls Applications
2,912 pages
CH 19
0% (1)
CH 19
32 pages
OSPF Part3 - CheatSheet ATech (Waqas Karim)
100% (1)
OSPF Part3 - CheatSheet ATech (Waqas Karim)
1 page
FortiSwitch Secure Access Series
No ratings yet
FortiSwitch Secure Access Series
19 pages
Ccna R&S Demo
No ratings yet
Ccna R&S Demo
18 pages
Computer Networks Project
No ratings yet
Computer Networks Project
24 pages
Mindmap OSPF
No ratings yet
Mindmap OSPF
1 page
CS 8791 Cloud Computing Internal3
No ratings yet
CS 8791 Cloud Computing Internal3
7 pages
New Generation Fire Wall
No ratings yet
New Generation Fire Wall
25 pages
Zpa Quick Start
No ratings yet
Zpa Quick Start
10 pages
Anti Ddos
No ratings yet
Anti Ddos
40 pages
TR 143
No ratings yet
TR 143
44 pages
Questions Review - EC2 PDF
No ratings yet
Questions Review - EC2 PDF
7 pages
BFD Modes
No ratings yet
BFD Modes
5 pages
Carrier Sense Multiple Access With Collision Avoidance Aim
No ratings yet
Carrier Sense Multiple Access With Collision Avoidance Aim
4 pages
Overview of TCP IP Model
No ratings yet
Overview of TCP IP Model
3 pages
Sarvam AI
No ratings yet
Sarvam AI
1 page
Threads in Operating Systems
No ratings yet
Threads in Operating Systems
2 pages
Icotera I4880 Datasheet
No ratings yet
Icotera I4880 Datasheet
2 pages
RF Circuit Design
From Everand
RF Circuit Design
Richard C. Li
5/5 (1)
Cisco Network Administration Interview Questions: CISCO CCNA Certification Review
From Everand
Cisco Network Administration Interview Questions: CISCO CCNA Certification Review
equitypress
4.5/5 (6)
WAN TECHNOLOGY FRAME-RELAY: An Expert's Handbook of Navigating Frame Relay Networks
From Everand
WAN TECHNOLOGY FRAME-RELAY: An Expert's Handbook of Navigating Frame Relay Networks
Mamta Devi
No ratings yet

Sostat Redacted

Uploaded by

Sostat Redacted

Uploaded by

analyst@security-onion:~$ sudo sostat-redacted

docker0 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM

enp30s0 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM

enp34s0 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM

enp37s0 Link encap:Ethernet HWaddr MM:MM:MM:MM:MM:MM

lo Link encap:Local Loopback

top - 16:48:29 up 55 min, 2 users, load average: 0.87, 1.22, 1.41

%CPU %MEM COMMAND

RX packets:4126281 dropped:0 TX packets:0 dropped:0

Appl. Name : snort-cluster-51-socket-0

Appl. Name : snort-cluster-52-socket-0

Appl. Name : bro-enp30s0

Appl. Name : bro-enp34s0

IDS Engine (snort) packet drops:

/nsm/sensor_data/SO-server-enp30s0/snort-1.stats last reported pkt_drop_percent as

Average packet loss as percent across all Bro workers: 0.000000

SO-server-enp30s0-1: 1530118110.321415 recvd=7064748 dropped=0 link=7064748

If you are seeing capture loss without dropped packets, this

Standard (non ZC) Options

Start-Date: 2018-06-27 17:06:30

CONTAINER ID NAME CPU % MEM USAGE / LIMIT

CONTAINER ID NAME CPU % MEM USAGE / LIMIT

Logstash Queue Stats:

Queue Type: memory

Event Summary (since restart):

Events In: 221981

CONTAINER ID NAME CPU % MEM USAGE / LIMIT

CONTAINER ID NAME CPU % MEM USAGE / LIMIT

CONTAINER ID NAME CPU % MEM USAGE / LIMIT

CONTAINER ID NAME CPU % MEM USAGE / LIMIT

Testing freq_server now...

Freq Server is working.

CONTAINER ID NAME CPU % MEM USAGE / LIMIT

Testing domain_stats now...

Ubuntu 16.04.4 LTS

You might also like