Scribd
Upload
84 views6 pages

Rhlinux Generic Event

The document contains log entries from multiple systems (NTNX-J500062M-A-CVM, NTNX-J500062L-A-CVM, etc.) recording commands run as root user, firewall rules being applied, and network traffic being allowed or dropped.

Uploaded by

Pentest Prometheus
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
84 views6 pages

Rhlinux Generic Event

The document contains log entries from multiple systems (NTNX-J500062M-A-CVM, NTNX-J500062L-A-CVM, etc.) recording commands run as root user, firewall rules being applied, and network traffic being allowed or dropped.

Uploaded by

Pentest Prometheus
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 6

2022-04-08T07:31:22.

738451-04:00 NTNX-J500062M-A-CVM sudo[11150]: nutanix :


TTY=unknown ; PWD=/home/nutanix ; USER=root ; COMMAND=/usr/local/nutanix/bin/fping
--quiet --dontfrag --count 2 --size 56 10.1.185.212 10.1.185.219 10.1.185.220
10.1.185.211 10.1.185.213 10.1.185.221 10.1.185.218 10.1.185.215 10.1.185.216
10.1.185.214 10.1.185.217
2022-04-08T07:31:22.738451-04:00 NTNX-J500062M-A-CVM sudo[11150]: nutanix :
PEDRO=unknown ; PWD=/home/nutanix ; USER=root ;
COMMAND=/usr/local/nutanix/bin/fping --quiet --dontfrag --count 2 --size 56
10.1.185.212 10.1.185.219 10.1.185.220 10.1.185.211 10.1.185.213 10.1.185.221
10.1.185.218 10.1.185.215 10.1.185.216 10.1.185.214 10.1.185.217
2022-04-08T07:31:23.483650-04:00 NTNX-J500062L-A-CVM sudo[11162]: nutanix :
TTY=unknown ; PWD=/home/nutanix ; USER=root ; COMMAND=/usr/local/nutanix/bin/fping
--quiet --dontfrag --count 2 --size 56 10.1.185.212 10.1.185.219 10.1.185.220
10.1.185.211 10.1.185.213 10.1.185.221 10.1.185.218 10.1.185.215 10.1.185.216
10.1.185.214 10.1.185.217
2022-04-08T07:31:24.609351-04:00 NTNX-J5000AVK-A-CVM sudo[2128]: nutanix :
TTY=unknown ; PWD=/home/nutanix ; USER=root ; COMMAND=/usr/local/nutanix/bin/fping
--quiet --dontfrag --count 2 --size 56 10.1.185.212 10.1.185.219 10.1.185.220
10.1.185.211 10.1.185.213 10.1.185.221 10.1.185.218 10.1.185.215 10.1.185.216
10.1.185.214 10.1.185.217
Jul 20 13:05:08 123.123.123.123 kernel: Shorewall:loc2net:REJECT:IN=eth0 OUT=eth1
SRC=444.333.222.111 DST=111.222.333.444 LEN=59 TOS=0x00 PREC=0x00 TTL=127 ID=12267
PROTO=UDP SPT=2121 DPT=53 LEN=39
2022-04-07T11:29:46.872229-04:00 NTNX-J5000AVK-A-CVM kernel: [3255567.916895]
IPTables Packet Dropped: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:90:ca:18:d2:08:00
SRC=10.14.11.5 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=36582 DF
PROTO=UDP SPT=68 DPT=67 LEN=556
2022-04-07T11:29:46.872541-04:00 NTNX-J500062L-A-CVM kernel: [3250375.371257]
IPTables Packet Dropped: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:90:ca:18:d2:08:00
SRC=10.14.11.5 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=36582 DF
PROTO=UDP SPT=68 DPT=67 LEN=556
2022-04-07T11:29:47.556438-04:00 NTNX-J5000AVL-A-CVM kernel: [3248757.650025]
IPTables Packet Dropped: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:90:ca:18:d2:08:00
SRC=10.14.11.5 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=36697 DF
PROTO=UDP SPT=68 DPT=67 LEN=556
2022-04-07T11:29:47.556438-04:00 NTNX-J5000AVL-A-CVM kernel: [3248757.650025]
IPTables Packet Dropped: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:90:ca:18:d2:08:00
SRC=10.14.11.5 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=36697
PROTO=UDP SPT=68 DPT=67 LEN=556
2022-04-07T11:29:47.556438-04:00 NTNX-J5000AVL-A-CVM kernel: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:25:90:ca:18:d2:08:00 SRC=10.14.11.5 DST=255.255.255.255
LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=36697 DF PROTO=UDP SPT=68 DPT=67 LEN=556
2022-04-07T11:29:47.556438-04:00 NTNX-J5000AVL-A-CVM kernel: [3248757.650025]
IPTables Packet Dropped: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:25:90:ca:18:d2:08:00
SRC=10.14.11.5 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=36697 DF
PROTO=UDP SPT=68 DPT=67 LEN=556
2022-04-07T11:29:47.556438-04:00 NTNX-J5000AVL-A-CVM kernel: [3248757.650025]
IPTables Packet Dropped: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:25:90:ca:18:d2:08:00
SRC=10.14.11.5 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=36697
PROTO=UDP SPT=68 DPT=67 LEN=556
2022-04-07T11:30:09.182141-04:00 NTNX-J500062M-A-CVM kernel: [3253750.860288]
SELinux: 2048 avtab hash slots, 113366 rules.
2022-04-07T11:30:09.182208-04:00 NTNX-J500062M-A-CVM kernel: [3253750.910109]
SELinux: 2048 avtab hash slots, 113366 rules.
Apr 7 15:35:58 base-gt2 kernel: Entrada Negada:IN=eth0.10 OUT=
MAC=bc:30:5b:fd:b4:bc:4c:ae:a3:81:33:34:08:00 SRC=52.97.78.130 DST=200.151.83.252
LEN=337 TOS=0x00 PREC=0x00 TTL=239 ID=46467 DF PROTO=TCP SPT=443 DPT=45630
WINDOW=16386 RES=0x00 ACK PSH URGP=0
Apr 7 15:35:58 base-gt2 kernel: Entrada Negada:IN=eth0.10 OUT=
MAC=bc:30:5b:fd:b4:bc:4c:ae:a3:81:33:34:08:00 SRC=52.97.78.130 DST=200.151.83.252
LEN=380 TOS=0x00 PREC=0x00 TTL=239 ID=46468 DF PROTO=TCP SPT=443 DPT=45630
WINDOW=16386 RES=0x00 ACK PSH URGP=0
Apr 7 15:35:58 base-gt2 kernel: Entrada Negada:IN=eth0.10 OUT=
MAC=bc:30:5b:fd:b4:bc:4c:ae:a3:81:33:34:08:00 SRC=52.97.78.130 DST=200.151.83.252
LEN=380 TOS=0x00 PREC=0x00 TTL=239 ID=46468 PROTO=TCP SPT=443 DPT=45630
WINDOW=16386 RES=0x00 ACK PSH URGP=0
Apr 7 15:35:58 base-gt2 kernel: Entrada Negada:IN=eth0.10 OUT=
MAC=00:00:00:00:00:00:ae:a3:81:33:34:08:00 SRC=52.97.78.130 DST=200.151.83.252
LEN=380 TOS=0x00 PREC=0x00 TTL=239 ID=46468 PROTO=TCP SPT=443 DPT=45630
WINDOW=16386 RES=0x00 ACK PSH URGP=0
Apr 7 15:35:58 base-gt2 kernel: Entrada Negada:IN=eth0.10 OUT=
MAC=ff:ff:ff:ff:ff:ff:ae:a3:81:33:34:08:00 SRC=52.97.78.130 DST=200.151.83.252
LEN=380 TOS=0x00 PREC=0x00 TTL=239 ID=46468 PROTO=TCP SPT=443 DPT=45630
WINDOW=16386 RES=0x00 ACK PSH URGP=0
Apr 7 15:35:58 base-gt2 kernel: Entrada Negada:IN=eth0.10 OUT=
MAC=bc:30:5b:fd:b4:bc:4c:ae:a3:81:33:34:08:00 SRC=52.97.78.130 DST=200.151.83.252
LEN=1024 TOS=0x00 PREC=0x00 TTL=239 ID=46469 DF PROTO=TCP SPT=443 DPT=45630
WINDOW=16386 RES=0x00 ACK PSH URGP=0
Apr 7 15:35:58 base-gt2 kernel: IN=eth0 OUT=eth0.10
MAC=bc:30:5b:fd:b4:bc:f0:d4:e2:8c:2c:1e:08:00 SRC=10.0.101.123 DST=23.73.220.58
LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=6746 DF PROTO=TCP SPT=64949 DPT=443
WINDOW=64240 RES=0x00 SYN URGP=0
Apr 7 15:35:58 base-gt2 kernel: IN=eth0 OUT=eth0.10
MAC=bc:30:5b:fd:b4:bc:54:9f:c6:6c:aa:71:08:00 SRC=10.0.5.5 DST=23.4.64.137 LEN=52
TOS=0x00 PREC=0x00 TTL=122 ID=58363 DF PROTO=TCP SPT=64086 DPT=80 WINDOW=64240
RES=0x00 SYN URGP=0
Apr 7 15:35:58 base-gt2 kernel: IN=eth0 OUT=eth0.10
MAC=bc:30:5b:fd:b4:bc:f0:d4:e2:8d:93:1e:08:00 SRC=10.0.100.96 DST=20.198.162.76
LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=35352 DF PROTO=TCP SPT=59662 DPT=443
WINDOW=64240 RES=0x00 SYN URGP=0
May 12 19:26:19 server-pdc kernel: [13440.120106] Shorewall:loc2fw:REJECT:IN=eth1
OUT= MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1
LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=147 PROTO=UDP SPT=123 DPT=123 LEN=56
May 12 19:26:20 server-pdc kernel: [13441.801174] Shorewall:zone:NAT:IN=eth0 OUT=
MAC=00:13:d4:fe:46:b9:00:1c:f0:03:67:e1:08:00 SRC=189.19.xxx.xxx DST=189.47.xxx.xxx
LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=1054 DF PROTO=TCP SPT=60154 DPT=3389
WINDOW=65535 RES=0x00 SYN URGP=0
May 12 19:26:26 server-pdc kernel: [13447.390318] Shorewall:loc2net:REJECT:IN=eth1
OUT=eth0 SRC=192.168.0.20 DST=200.144.121.33 LEN=76 TOS=0x00 PREC=0x00 TTL=63
ID=1461 DF PROTO=UDP SPT=2048 DPT=123 LEN=56
May 12 19:26:31 server-pdc kernel: [13452.389149] Shorewall:loc2net:REJECT:IN=eth1
OUT=eth0 SRC=192.168.0.20 DST=200.144.121.33 LEN=76 TOS=0x00 PREC=0x00 TTL=63
ID=1462 DF PROTO=UDP SPT=2048 DPT=123 LEN=56
May 12 19:26:35 server-pdc kernel: [13456.112881] Shorewall:loc2fw:REJECT:IN=eth1
OUT= MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1
LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=148 PROTO=UDP SPT=123 DPT=123 LEN=56
May 12 19:26:35 server-pdc kernel: Shorewall:loc2fw:REJECT:IN=eth1 OUT=
MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1
LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=149 PROTO=UDP SPT=123 DPT=123 LEN=56
May 12 19:27:07 server-pdc kernel: [13488.098411] Shorewall:loc2fw:REJECT:IN=eth1
OUT= MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1
LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=150 PROTO=UDP SPT=123 DPT=123 LEN=56
May 12 19:27:23 server-pdc kernel: [13504.091174] Shorewall:loc2fw:REJECT:IN=eth1
OUT= MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1
LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=151 PROTO=UDP SPT=123 DPT=123 LEN=56
May 12 19:27:39 server-pdc kernel: [13520.083951] Shorewall:loc2fw:REJECT:IN=eth1
OUT= MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1
LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=152 PROTO=UDP SPT=123 DPT=123 LEN=56
Jun 11 23:38:00 vivek-desktop pppd[30088]: pppd 2.4.4 started by root, uid 0
Jun 11 23:38:00 vivek-desktop pppd[30088]: Using interface ppp0
Jun 11 23:38:00 vivek-desktop pppd[30088]: Connect: ppp0 /dev/pts/4
Jun 11 23:38:03 vivek-desktop pppd[30088]: CHAP authentication succeeded
Jun 11 23:38:03 vivek-desktop kernel: [37415.524398] PPP MPPE Compression module
registered
Jun 11 23:38:03 vivek-desktop pppd[30088]: MPPE 128-bit stateless compression
enabled
Jun 11 23:38:05 vivek-desktop pppd[30088]: local IP address 10.5.3.44
Jun 11 23:38:05 vivek-desktop pppd[30088]: remote IP address 10.0.5.18
Apr 12 21:06:25 base-gt2 pppd[8883]: pppd 2.4.5 started by root, uid 0
Apr 12 21:05:54 base-gt2 pppd[8799]: pppd 2.4.5 started by root, uid 0
Apr 12 21:05:02 base-gt1 pppd[7145]: pppd 2.4.5 started by root, uid 0
Apr 12 21:03:58 base-gt2 pppd[8535]: pppd 2.4.5 started by root, uid 0
Apr 7 15:35:44 base-gt1 pppd[31501]: Plugin winbind.so loaded.
Apr 7 15:35:44 base-gt1 pppd[31501]: WINBIND plugin initialized.
Apr 7 15:35:44 base-gt1 pppd[31501]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so
loaded.
Apr 7 15:35:44 base-gt1 pppd[31501]: pppd 2.4.5 started by root, uid 0
Apr 7 15:35:44 base-gt1 pppd[31501]: Using interface ppp12
Apr 7 15:35:44 base-gt1 pppd[31501]: Connect: ppp12 <--> /dev/pts/12
Apr 13 15:41:33 base-gt2 pptpd[24463]: CTRL: Reaping child PPP[24465]
Apr 13 15:41:33 base-gt2 pptpd[24463]: CTRL: Client 45.169.109.167 control
connection finished
Apr 13 15:41:42 base-gt2 pptpd[7047]: CTRL: Client 78.128.113.70 control connection
started
Apr 13 15:41:42 base-gt2 pptpd[7047]: CTRL: Starting call (launching pppd, opening
GRE)
Apr 13 15:41:43 base-gt2 pptpd[7047]: CTRL: EOF or bad error reading ctrl packet
length.
Apr 13 15:41:43 base-gt2 pptpd[7047]: CTRL: couldn't read packet header (exit)
Apr 13 15:41:43 base-gt2 pptpd[7047]: CTRL: CTRL read failed
Apr 13 15:41:43 base-gt2 pptpd[7047]: CTRL: Reaping child PPP[7049]
Apr 13 15:41:44 base-gt2 pptpd[7047]: CTRL: Client 78.128.113.70 control connection
finished
Apr 7 15:36:04 base-gt2 NetworkManager[1063]: <info> [1649356564.6185] manager:
(ppp43): new Ppp device (/org/freedesktop/NetworkManager/Devices/67675)
Apr 7 15:35:44 base-gt1 NetworkManager[1055]: <info> [1649356544.5659] manager:
(ppp12): new Ppp device (/org/freedesktop/NetworkManager/Devices/24572)
Mar 15 09:06:37 macbookair NetworkManager[1098]: <info> [xxx] keyfile: add
connection in-memory (xxx,"tun0")
Mar 15 09:06:37 macbookair NetworkManager[1098]: <info> [xxx] device (tun0): state
change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state:
'external')
Mar 15 09:06:37 macbookair NetworkManager[1098]: <info> [xxx] device (tun0):
Activation: starting connection 'tun0' (xxx)
Apr 27 17:49:43 dcbw NetworkManager[922]: <info> Config: added 'ssid' value
'swedish-chef'
Apr 27 17:49:43 dcbw NetworkManager[922]: <info> Config: added 'scan_ssid' value
'1'
Apr 27 17:49:43 dcbw NetworkManager[922]: <info> Config: added 'key_mgmt' value
'WPA-PSK'
Apr 27 17:49:43 dcbw NetworkManager[922]: <info> Config: added 'psk' value
'<omitted>'
Apr 27 17:49:43 dcbw NetworkManager[922]: <info> Config: added 'proto' value 'WPA
RSN'
Apr 27 17:49:43 dcbw NetworkManager[922]: <info> Activation (wlan12) Stage 2 of 5
(Device Configure) complete.
Apr 27 17:49:43 dcbw NetworkManager[922]: <info> Config: set interface ap_scan to 1
Apr 7 15:35:59 base-gt2 kernel: IN=eth0 OUT=eth0.10
MAC=bc:30:5b:fd:b4:bc:f8:a7:3a:bb:d3:81:08:00 SRC=10.0.8.149 DST=34.95.163.186
LEN=44 TOS=0x00 PREC=0x00 TTL=122 ID=37511 PROTO=UDP SPT=62518 DPT=1252 LEN=24
Apr 7 15:35:59 base-gt2 kernel: IN=eth0 OUT=eth0.10
MAC=bc:30:5b:fd:b4:bc:f8:a7:3a:bb:d3:81:08:00 SRC=10.0.8.149 DST=34.95.153.254
LEN=44 TOS=0x00 PREC=0x00 TTL=122 ID=44549 PROTO=UDP SPT=62518 DPT=1252 LEN=24
Apr 7 15:35:59 base-gt2 kernel: IN=eth0 OUT=eth0.10
MAC=bc:30:5b:fd:b4:bc:54:9f:c6:6c:aa:71:08:00 SRC=10.0.8.149 DST=35.198.31.14
LEN=44 TOS=0x00 PREC=0x00 TTL=122 ID=11025 PROTO=UDP SPT=62518 DPT=1252 LEN=24
Apr 7 15:35:59 base-gt2 kernel: IN=eth0 OUT=eth0.10
MAC=bc:30:5b:fd:b4:bc:54:9f:c6:6c:aa:71:08:00 SRC=10.0.8.149 DST=35.199.93.243
LEN=44 TOS=0x00 PREC=0x00 TTL=122 ID=28793 PROTO=UDP SPT=62518 DPT=1252 LEN=24
Apr 7 15:35:59 base-gt2 kernel: IN=eth0 OUT=eth0.10
MAC=bc:30:5b:fd:b4:bc:54:9f:c6:6c:aa:71:08:00 SRC=10.0.8.149 DST=34.151.235.216
LEN=44 TOS=0x00 PREC=0x00 TTL=123 ID=24802 PROTO=UDP SPT=62518 DPT=1252 LEN=24
Apr 12 21:02:01 base-gt2 rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-
57.el7_9.1" x-pid="8142" x-info="http://www.rsyslog.com"] exiting on signal 15.
Apr 12 21:02:01 base-gt1 rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-
57.el7_9.1" x-pid="6902" x-info="http://www.rsyslog.com"] exiting on signal 15.
Apr 12 21:03:01 base-gt2 rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-
57.el7_9.1" x-pid="8287" x-info="http://www.rsyslog.com"] exiting on signal 15.
Apr 12 21:03:01 base-gt1 rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-
57.el7_9.1" x-pid="6961" x-info="http://www.rsyslog.com"] exiting on signal 15.
Apr 12 21:04:01 base-gt2 rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-
57.el7_9.1" x-pid="8398" x-info="http://www.rsyslog.com"] exiting on signal 15.
Apr 7 15:35:43 base-gt2 named[1506]: client @0x7f6920079730 186.225.59.178#64130
(onedscolprdwus14.westus.cloudapp.azure.com): view externo: query (cache)
'onedscolprdwus14.westus.cloudapp.azure.com/A/IN' denied
Apr 7 15:35:43 base-gt2 named[1506]: client @0x7f6920079730 186.225.59.178#64130
(onedscolprdwus14.westus.cloudapp.azure.com): view externo: query (cache)
'onedscolprdwus14.westus.cloudapp.azure.com/A/IN' accept
Apr 7 15:35:55 base-gt9 kernel: usb 1-2: USB disconnect, device number 58
Apr 7 15:35:56 base-gt9 kernel: usb 1-2: new low-speed USB device number 59 using
xhci_hcd
Apr 7 15:35:56 base-gt9 kernel: usb 1-2: New USB device found, idVendor=03f0,
idProduct=094a, bcdDevice= 1.00
Apr 7 15:35:56 base-gt9 kernel: usb 1-2: New USB device strings: Mfr=1, Product=2,
SerialNumber=0
Apr 7 15:35:56 base-gt9 kernel: usb 1-2: Product: HP USB Optical Mouse
Apr 7 15:35:56 base-gt9 kernel: usb 1-2: Manufacturer: PixArt
Apr 7 15:35:56 base-gt9 kernel: input: PixArt HP USB Optical Mouse as
/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.0/input/input22323
Apr 7 15:35:56 base-gt9 kernel: hid-generic 0003:03F0:094A.5725: input,hidraw0:
USB HID v1.11 Mouse [PixArt HP USB Optical Mouse] on usb-0000:00:14.0-2/input0
Apr 7 15:35:56 base-gt2 kernel: IN=eth0 OUT=eth0.10
MAC=bc:30:5b:fd:b4:bc:f0:d4:e2:8d:93:1e:08:00 SRC=10.0.100.138 DST=179.155.6.132
LEN=140 TOS=0x00 PREC=0x00 TTL=126 ID=60646 PROTO=UDP SPT=50019 DPT=50000 LEN=120
Apr 7 15:36:04 base-gt7 kernel: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:cc:2d:e0:74:d7:e1:08:00 SRC=0.0.0.0 DST=255.255.255.255
LEN=147 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=5678 DPT=5678 LEN=127
Jul 13 08:27:01 davis kernel: [2447090.462486] iptables RULE -16 -- ACCEPT IN=
OUT=eth4 SRC=10.100.40.2 DST=224.0.0.18 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=25462
PROTO=112
Jul 13 08:27:01 davis kernel: [2447090.462773] iptables RULE -16 -- ACCEPT IN=
OUT=eth1 SRC=10.100.10.2 DST=224.0.0.18 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=25462
PROTO=112
Jul 13 08:27:01 davis CRON[24335]: (root) CMD (cp /var/log/iptables.log
/opt/log/iptables/davis/iptables.log # exports log iptable every min)
Jul 13 08:27:02 davis kernel: [2447091.460677] iptables RULE -16 -- ACCEPT IN=
OUT=eth3 SRC=10.100.30.2 DST=224.0.0.18 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=25462
PROTO=112
Jul 13 08:27:02 davis kernel: [2447091.460866] iptables RULE -16 -- ACCEPT IN=
OUT=eth2 SRC=10.100.20.2 DST=224.0.0.18 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=25462
PROTO=112
14:50:01 davis <cron.info> CRON[28985]: (root) CMD (cp /var/log/iptables.log
/opt/log/iptables/davis/iptables.log # exports log iptable every min)
14:51:01 davis <cron.info> CRON[29018]: (root) CMD (cp /var/log/iptables.log
/opt/log/iptables/davis/iptables.log # exports log iptable every min)
14:52:01 davis <cron.info> CRON[29022]: (root) CMD (cp /var/log/iptables.log
/opt/log/iptables/davis/iptables.log # exports log iptable every min)
14:53:01 davis <cron.info> CRON[29026]: (root) CMD (cp /var/log/iptables.log
/opt/log/iptables/davis/iptables.log # exports log iptable every min)
Oct 4 00:44:28 debian gconfd (vivek-4435): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at
position 2
Oct 4 01:14:19 debian kernel: IN=ra0 OUT=
MAC=00:17:9a:0a:f6:44:00:08:5c:00:00:01:08:00 SRC=200.142.84.36 DST=192.168.1.2
LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=18374 DF PROTO=TCP SPT=46040 DPT=22 WINDOW=5840
RES=0x00 SYN URGP=0
Oct 4 00:13:55 debian kernel: IN=ra0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:18:de:55:0a:56:08:00 SRC=192.168.1.30
DST=192.168.1.255LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=13461 PROTO=UDP SPT=137
DPT=137 LEN=58
Apr 13 15:40:35 base-gt4 kernel: IN=eth0 OUT=
MAC=01:00:5e:00:00:01:02:04:96:9e:50:be:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32
TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2
Apr 13 15:40:35 base-gt4 kernel: IN=eth0 OUT=
MAC=01:00:5e:00:00:01:02:04:96:cd:3b:54:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32
TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2
2022-04-13T19:39:15.406507+00:00 mtntx03 sshd[72665]: Accepted publickey for root
from 192.168.5.254 port 34243 ssh2: RSA
SHA256:MJpWbcxOXt2CwyPWjTb8/EoHDSqFxHyzODo0TPHGo9A
2022-04-13T19:39:25.250349+00:00 mtntx04 sshd[63464]: Close session: user root from
10.14.11.78 port 43626 id 0
2022-04-13T09:28:31.168226-04:00 NTNX-J500062L-A-CVM systemd-logind[1360]: New
session 583524 of user nutanix.
2022-04-13T09:28:31.231161-04:00 NTNX-J500062L-A-CVM systemd-logind[1360]: Removed
session 583524.
2022-04-13T09:30:08.986326-04:00 NTNX-J500062L-A-CVM systemd-logind[1360]: New
session 583545 of user nutanix.
2022-04-13T09:30:15.185488-04:00 NTNX-J500062L-A-CVM systemd-logind[1360]: Removed
session 583545.
2022-04-13T09:29:46.907082-04:00 NTNX-J500062M-A-CVM sudo[8806]: nutanix : (command
continued) /sys/fs/cgroup/memory/nusights/memory.kmem.tcp.limit_in_bytes
/sys/fs/cgroup/memory/nusights/memory.memsw.failcnt
/sys/fs/cgroup/memory/nusights/memory.memsw.limit_in_bytes
/sys/fs/cgroup/memory/nusights/memory.memsw.max_usage_in_bytes
/sys/fs/cgroup/memory/nusights/memory.memsw.usage_in_bytes
/sys/fs/cgroup/memory/nusights/memory.kmem.slabinfo
/sys/fs/cgroup/memory/nusights/memory.kmem.max_usage_in_bytes
/sys/fs/cgroup/memory/nusights/memory.kmem.failcnt
/sys/fs/cgroup/memory/nusights/memory.kmem.usage_in_bytes
/sys/fs/cgroup/memory/nusights/memory.kmem.limit_in_bytes
/sys/fs/cgroup/memory/nusights/memory.numa_stat
/sys/fs/cgroup/memory/nusights/memory.pressure_level
/sys/fs/cgroup/memory/nusights/memory.oom_control
/sys/fs/cgroup/memory/nusights/memory.move_charge_at_immigrate
/sys/fs/cgroup/memory/nusights/memory.swappiness
/sys/fs/cgroup/memory/nusights/memory
2022-04-13T09:31:47.293619-04:00 NTNX-J500062M-A-CVM sudo[11367]: nutanix :
(command continued) /sys/fs/cgroup/memory/Salt/memory.move_charge_at_immigrate
/sys/fs/cgroup/memory/Salt/memory.swappiness
/sys/fs/cgroup/memory/Salt/memory.use_hierarchy
/sys/fs/cgroup/memory/Salt/memory.force_empty
/sys/fs/cgroup/memory/Salt/memory.stat /sys/fs/cgroup/memory/Salt/memory.failcnt
/sys/fs/cgroup/memory/Salt/memory.soft_limit_in_bytes
/sys/fs/cgroup/memory/Salt/memory.limit_in_bytes
/sys/fs/cgroup/memory/Salt/memory.max_usage_in_bytes
/sys/fs/cgroup/memory/Salt/memory.usage_in_bytes
/sys/fs/cgroup/memory/Salt/cgroup.clone_children
/sys/fs/cgroup/memory/Salt/cgroup.event_control
/sys/fs/cgroup/memory/Salt/notify_on_release
/sys/fs/cgroup/memory/Salt/cgroup.procs /sys/fs/cgroup/memory/Salt/tasks
/sys/fs/cgroup/memory/nusights/memory.kmem.tcp.max_usage_in_bytes
/sys/fs/cgroup/memory/nusights/memory.kmem.tcp.failcnt
/sys/fs/cgroup/memory/nusights/memory.kmem.tcp.usage_in

You might also like