Scribd Logo
Upload

Welcome to Scribd!

  • Rhlinux Generic Event

    Uploaded by

    Pentest Prometheus
    30 views6 pages
    The document contains log entries from multiple systems (NTNX-J500062M-A-CVM, NTNX-J500062L-A-CVM, etc.) recording commands run as root user, firewall rules being applied, and network traffic being allowed or dropped.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document contains log entries from multiple systems (NTNX-J500062M-A-CVM, NTNX-J500062L-A-CVM, etc.) recording commands run as root user, firewall rules being applied, and network traffic being allowed or dropped.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    30 views6 pages

    Rhlinux Generic Event

    Uploaded by

    Pentest Prometheus
    The document contains log entries from multiple systems (NTNX-J500062M-A-CVM, NTNX-J500062L-A-CVM, etc.) recording commands run as root user, firewall rules being applied, and network traffic being allowed or dropped.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    2022-04-08T07:31:22.

    738451-04:00 NTNX-J500062M-A-CVM sudo[11150]: nutanix :


    TTY=unknown ; PWD=/home/nutanix ; USER=root ; COMMAND=/usr/local/nutanix/bin/fping
    --quiet --dontfrag --count 2 --size 56 10.1.185.212 10.1.185.219 10.1.185.220
    10.1.185.211 10.1.185.213 10.1.185.221 10.1.185.218 10.1.185.215 10.1.185.216
    10.1.185.214 10.1.185.217
    2022-04-08T07:31:22.738451-04:00 NTNX-J500062M-A-CVM sudo[11150]: nutanix :
    PEDRO=unknown ; PWD=/home/nutanix ; USER=root ;
    COMMAND=/usr/local/nutanix/bin/fping --quiet --dontfrag --count 2 --size 56
    10.1.185.212 10.1.185.219 10.1.185.220 10.1.185.211 10.1.185.213 10.1.185.221
    10.1.185.218 10.1.185.215 10.1.185.216 10.1.185.214 10.1.185.217
    2022-04-08T07:31:23.483650-04:00 NTNX-J500062L-A-CVM sudo[11162]: nutanix :
    TTY=unknown ; PWD=/home/nutanix ; USER=root ; COMMAND=/usr/local/nutanix/bin/fping
    --quiet --dontfrag --count 2 --size 56 10.1.185.212 10.1.185.219 10.1.185.220
    10.1.185.211 10.1.185.213 10.1.185.221 10.1.185.218 10.1.185.215 10.1.185.216
    10.1.185.214 10.1.185.217
    2022-04-08T07:31:24.609351-04:00 NTNX-J5000AVK-A-CVM sudo[2128]: nutanix :
    TTY=unknown ; PWD=/home/nutanix ; USER=root ; COMMAND=/usr/local/nutanix/bin/fping
    --quiet --dontfrag --count 2 --size 56 10.1.185.212 10.1.185.219 10.1.185.220
    10.1.185.211 10.1.185.213 10.1.185.221 10.1.185.218 10.1.185.215 10.1.185.216
    10.1.185.214 10.1.185.217
    Jul 20 13:05:08 123.123.123.123 kernel: Shorewall:loc2net:REJECT:IN=eth0 OUT=eth1
    SRC=444.333.222.111 DST=111.222.333.444 LEN=59 TOS=0x00 PREC=0x00 TTL=127 ID=12267
    PROTO=UDP SPT=2121 DPT=53 LEN=39
    2022-04-07T11:29:46.872229-04:00 NTNX-J5000AVK-A-CVM kernel: [3255567.916895]
    IPTables Packet Dropped: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:90:ca:18:d2:08:00
    SRC=10.14.11.5 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=36582 DF
    PROTO=UDP SPT=68 DPT=67 LEN=556
    2022-04-07T11:29:46.872541-04:00 NTNX-J500062L-A-CVM kernel: [3250375.371257]
    IPTables Packet Dropped: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:90:ca:18:d2:08:00
    SRC=10.14.11.5 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=36582 DF
    PROTO=UDP SPT=68 DPT=67 LEN=556
    2022-04-07T11:29:47.556438-04:00 NTNX-J5000AVL-A-CVM kernel: [3248757.650025]
    IPTables Packet Dropped: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:90:ca:18:d2:08:00
    SRC=10.14.11.5 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=36697 DF
    PROTO=UDP SPT=68 DPT=67 LEN=556
    2022-04-07T11:29:47.556438-04:00 NTNX-J5000AVL-A-CVM kernel: [3248757.650025]
    IPTables Packet Dropped: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:90:ca:18:d2:08:00
    SRC=10.14.11.5 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=36697
    PROTO=UDP SPT=68 DPT=67 LEN=556
    2022-04-07T11:29:47.556438-04:00 NTNX-J5000AVL-A-CVM kernel: IN=eth0 OUT=
    MAC=ff:ff:ff:ff:ff:ff:00:25:90:ca:18:d2:08:00 SRC=10.14.11.5 DST=255.255.255.255
    LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=36697 DF PROTO=UDP SPT=68 DPT=67 LEN=556
    2022-04-07T11:29:47.556438-04:00 NTNX-J5000AVL-A-CVM kernel: [3248757.650025]
    IPTables Packet Dropped: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:25:90:ca:18:d2:08:00
    SRC=10.14.11.5 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=36697 DF
    PROTO=UDP SPT=68 DPT=67 LEN=556
    2022-04-07T11:29:47.556438-04:00 NTNX-J5000AVL-A-CVM kernel: [3248757.650025]
    IPTables Packet Dropped: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:25:90:ca:18:d2:08:00
    SRC=10.14.11.5 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=36697
    PROTO=UDP SPT=68 DPT=67 LEN=556
    2022-04-07T11:30:09.182141-04:00 NTNX-J500062M-A-CVM kernel: [3253750.860288]
    SELinux: 2048 avtab hash slots, 113366 rules.
    2022-04-07T11:30:09.182208-04:00 NTNX-J500062M-A-CVM kernel: [3253750.910109]
    SELinux: 2048 avtab hash slots, 113366 rules.
    Apr 7 15:35:58 base-gt2 kernel: Entrada Negada:IN=eth0.10 OUT=
    MAC=bc:30:5b:fd:b4:bc:4c:ae:a3:81:33:34:08:00 SRC=52.97.78.130 DST=200.151.83.252
    LEN=337 TOS=0x00 PREC=0x00 TTL=239 ID=46467 DF PROTO=TCP SPT=443 DPT=45630
    WINDOW=16386 RES=0x00 ACK PSH URGP=0
    Apr 7 15:35:58 base-gt2 kernel: Entrada Negada:IN=eth0.10 OUT=
    MAC=bc:30:5b:fd:b4:bc:4c:ae:a3:81:33:34:08:00 SRC=52.97.78.130 DST=200.151.83.252
    LEN=380 TOS=0x00 PREC=0x00 TTL=239 ID=46468 DF PROTO=TCP SPT=443 DPT=45630
    WINDOW=16386 RES=0x00 ACK PSH URGP=0
    Apr 7 15:35:58 base-gt2 kernel: Entrada Negada:IN=eth0.10 OUT=
    MAC=bc:30:5b:fd:b4:bc:4c:ae:a3:81:33:34:08:00 SRC=52.97.78.130 DST=200.151.83.252
    LEN=380 TOS=0x00 PREC=0x00 TTL=239 ID=46468 PROTO=TCP SPT=443 DPT=45630
    WINDOW=16386 RES=0x00 ACK PSH URGP=0
    Apr 7 15:35:58 base-gt2 kernel: Entrada Negada:IN=eth0.10 OUT=
    MAC=00:00:00:00:00:00:ae:a3:81:33:34:08:00 SRC=52.97.78.130 DST=200.151.83.252
    LEN=380 TOS=0x00 PREC=0x00 TTL=239 ID=46468 PROTO=TCP SPT=443 DPT=45630
    WINDOW=16386 RES=0x00 ACK PSH URGP=0
    Apr 7 15:35:58 base-gt2 kernel: Entrada Negada:IN=eth0.10 OUT=
    MAC=ff:ff:ff:ff:ff:ff:ae:a3:81:33:34:08:00 SRC=52.97.78.130 DST=200.151.83.252
    LEN=380 TOS=0x00 PREC=0x00 TTL=239 ID=46468 PROTO=TCP SPT=443 DPT=45630
    WINDOW=16386 RES=0x00 ACK PSH URGP=0
    Apr 7 15:35:58 base-gt2 kernel: Entrada Negada:IN=eth0.10 OUT=
    MAC=bc:30:5b:fd:b4:bc:4c:ae:a3:81:33:34:08:00 SRC=52.97.78.130 DST=200.151.83.252
    LEN=1024 TOS=0x00 PREC=0x00 TTL=239 ID=46469 DF PROTO=TCP SPT=443 DPT=45630
    WINDOW=16386 RES=0x00 ACK PSH URGP=0
    Apr 7 15:35:58 base-gt2 kernel: IN=eth0 OUT=eth0.10
    MAC=bc:30:5b:fd:b4:bc:f0:d4:e2:8c:2c:1e:08:00 SRC=10.0.101.123 DST=23.73.220.58
    LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=6746 DF PROTO=TCP SPT=64949 DPT=443
    WINDOW=64240 RES=0x00 SYN URGP=0
    Apr 7 15:35:58 base-gt2 kernel: IN=eth0 OUT=eth0.10
    MAC=bc:30:5b:fd:b4:bc:54:9f:c6:6c:aa:71:08:00 SRC=10.0.5.5 DST=23.4.64.137 LEN=52
    TOS=0x00 PREC=0x00 TTL=122 ID=58363 DF PROTO=TCP SPT=64086 DPT=80 WINDOW=64240
    RES=0x00 SYN URGP=0
    Apr 7 15:35:58 base-gt2 kernel: IN=eth0 OUT=eth0.10
    MAC=bc:30:5b:fd:b4:bc:f0:d4:e2:8d:93:1e:08:00 SRC=10.0.100.96 DST=20.198.162.76
    LEN=52 TOS=0x00 PREC=0x00 TTL=126 ID=35352 DF PROTO=TCP SPT=59662 DPT=443
    WINDOW=64240 RES=0x00 SYN URGP=0
    May 12 19:26:19 server-pdc kernel: [13440.120106] Shorewall:loc2fw:REJECT:IN=eth1
    OUT= MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1
    LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=147 PROTO=UDP SPT=123 DPT=123 LEN=56
    May 12 19:26:20 server-pdc kernel: [13441.801174] Shorewall:zone:NAT:IN=eth0 OUT=
    MAC=00:13:d4:fe:46:b9:00:1c:f0:03:67:e1:08:00 SRC=189.19.xxx.xxx DST=189.47.xxx.xxx
    LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=1054 DF PROTO=TCP SPT=60154 DPT=3389
    WINDOW=65535 RES=0x00 SYN URGP=0
    May 12 19:26:26 server-pdc kernel: [13447.390318] Shorewall:loc2net:REJECT:IN=eth1
    OUT=eth0 SRC=192.168.0.20 DST=200.144.121.33 LEN=76 TOS=0x00 PREC=0x00 TTL=63
    ID=1461 DF PROTO=UDP SPT=2048 DPT=123 LEN=56
    May 12 19:26:31 server-pdc kernel: [13452.389149] Shorewall:loc2net:REJECT:IN=eth1
    OUT=eth0 SRC=192.168.0.20 DST=200.144.121.33 LEN=76 TOS=0x00 PREC=0x00 TTL=63
    ID=1462 DF PROTO=UDP SPT=2048 DPT=123 LEN=56
    May 12 19:26:35 server-pdc kernel: [13456.112881] Shorewall:loc2fw:REJECT:IN=eth1
    OUT= MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1
    LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=148 PROTO=UDP SPT=123 DPT=123 LEN=56
    May 12 19:26:35 server-pdc kernel: Shorewall:loc2fw:REJECT:IN=eth1 OUT=
    MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1
    LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=149 PROTO=UDP SPT=123 DPT=123 LEN=56
    May 12 19:27:07 server-pdc kernel: [13488.098411] Shorewall:loc2fw:REJECT:IN=eth1
    OUT= MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1
    LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=150 PROTO=UDP SPT=123 DPT=123 LEN=56
    May 12 19:27:23 server-pdc kernel: [13504.091174] Shorewall:loc2fw:REJECT:IN=eth1
    OUT= MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1
    LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=151 PROTO=UDP SPT=123 DPT=123 LEN=56
    May 12 19:27:39 server-pdc kernel: [13520.083951] Shorewall:loc2fw:REJECT:IN=eth1
    OUT= MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1
    LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=152 PROTO=UDP SPT=123 DPT=123 LEN=56
    Jun 11 23:38:00 vivek-desktop pppd[30088]: pppd 2.4.4 started by root, uid 0
    Jun 11 23:38:00 vivek-desktop pppd[30088]: Using interface ppp0
    Jun 11 23:38:00 vivek-desktop pppd[30088]: Connect: ppp0 /dev/pts/4
    Jun 11 23:38:03 vivek-desktop pppd[30088]: CHAP authentication succeeded
    Jun 11 23:38:03 vivek-desktop kernel: [37415.524398] PPP MPPE Compression module
    registered
    Jun 11 23:38:03 vivek-desktop pppd[30088]: MPPE 128-bit stateless compression
    enabled
    Jun 11 23:38:05 vivek-desktop pppd[30088]: local IP address 10.5.3.44
    Jun 11 23:38:05 vivek-desktop pppd[30088]: remote IP address 10.0.5.18
    Apr 12 21:06:25 base-gt2 pppd[8883]: pppd 2.4.5 started by root, uid 0
    Apr 12 21:05:54 base-gt2 pppd[8799]: pppd 2.4.5 started by root, uid 0
    Apr 12 21:05:02 base-gt1 pppd[7145]: pppd 2.4.5 started by root, uid 0
    Apr 12 21:03:58 base-gt2 pppd[8535]: pppd 2.4.5 started by root, uid 0
    Apr 7 15:35:44 base-gt1 pppd[31501]: Plugin winbind.so loaded.
    Apr 7 15:35:44 base-gt1 pppd[31501]: WINBIND plugin initialized.
    Apr 7 15:35:44 base-gt1 pppd[31501]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so
    loaded.
    Apr 7 15:35:44 base-gt1 pppd[31501]: pppd 2.4.5 started by root, uid 0
    Apr 7 15:35:44 base-gt1 pppd[31501]: Using interface ppp12
    Apr 7 15:35:44 base-gt1 pppd[31501]: Connect: ppp12 <--> /dev/pts/12
    Apr 13 15:41:33 base-gt2 pptpd[24463]: CTRL: Reaping child PPP[24465]
    Apr 13 15:41:33 base-gt2 pptpd[24463]: CTRL: Client 45.169.109.167 control
    connection finished
    Apr 13 15:41:42 base-gt2 pptpd[7047]: CTRL: Client 78.128.113.70 control connection
    started
    Apr 13 15:41:42 base-gt2 pptpd[7047]: CTRL: Starting call (launching pppd, opening
    GRE)
    Apr 13 15:41:43 base-gt2 pptpd[7047]: CTRL: EOF or bad error reading ctrl packet
    length.
    Apr 13 15:41:43 base-gt2 pptpd[7047]: CTRL: couldn't read packet header (exit)
    Apr 13 15:41:43 base-gt2 pptpd[7047]: CTRL: CTRL read failed
    Apr 13 15:41:43 base-gt2 pptpd[7047]: CTRL: Reaping child PPP[7049]
    Apr 13 15:41:44 base-gt2 pptpd[7047]: CTRL: Client 78.128.113.70 control connection
    finished
    Apr 7 15:36:04 base-gt2 NetworkManager[1063]: <info> [1649356564.6185] manager:
    (ppp43): new Ppp device (/org/freedesktop/NetworkManager/Devices/67675)
    Apr 7 15:35:44 base-gt1 NetworkManager[1055]: <info> [1649356544.5659] manager:
    (ppp12): new Ppp device (/org/freedesktop/NetworkManager/Devices/24572)
    Mar 15 09:06:37 macbookair NetworkManager[1098]: <info> [xxx] keyfile: add
    connection in-memory (xxx,"tun0")
    Mar 15 09:06:37 macbookair NetworkManager[1098]: <info> [xxx] device (tun0): state
    change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state:
    'external')
    Mar 15 09:06:37 macbookair NetworkManager[1098]: <info> [xxx] device (tun0):
    Activation: starting connection 'tun0' (xxx)
    Apr 27 17:49:43 dcbw NetworkManager[922]: <info> Config: added 'ssid' value
    'swedish-chef'
    Apr 27 17:49:43 dcbw NetworkManager[922]: <info> Config: added 'scan_ssid' value
    '1'
    Apr 27 17:49:43 dcbw NetworkManager[922]: <info> Config: added 'key_mgmt' value
    'WPA-PSK'
    Apr 27 17:49:43 dcbw NetworkManager[922]: <info> Config: added 'psk' value
    '<omitted>'
    Apr 27 17:49:43 dcbw NetworkManager[922]: <info> Config: added 'proto' value 'WPA
    RSN'
    Apr 27 17:49:43 dcbw NetworkManager[922]: <info> Activation (wlan12) Stage 2 of 5
    (Device Configure) complete.
    Apr 27 17:49:43 dcbw NetworkManager[922]: <info> Config: set interface ap_scan to 1
    Apr 7 15:35:59 base-gt2 kernel: IN=eth0 OUT=eth0.10
    MAC=bc:30:5b:fd:b4:bc:f8:a7:3a:bb:d3:81:08:00 SRC=10.0.8.149 DST=34.95.163.186
    LEN=44 TOS=0x00 PREC=0x00 TTL=122 ID=37511 PROTO=UDP SPT=62518 DPT=1252 LEN=24
    Apr 7 15:35:59 base-gt2 kernel: IN=eth0 OUT=eth0.10
    MAC=bc:30:5b:fd:b4:bc:f8:a7:3a:bb:d3:81:08:00 SRC=10.0.8.149 DST=34.95.153.254
    LEN=44 TOS=0x00 PREC=0x00 TTL=122 ID=44549 PROTO=UDP SPT=62518 DPT=1252 LEN=24
    Apr 7 15:35:59 base-gt2 kernel: IN=eth0 OUT=eth0.10
    MAC=bc:30:5b:fd:b4:bc:54:9f:c6:6c:aa:71:08:00 SRC=10.0.8.149 DST=35.198.31.14
    LEN=44 TOS=0x00 PREC=0x00 TTL=122 ID=11025 PROTO=UDP SPT=62518 DPT=1252 LEN=24
    Apr 7 15:35:59 base-gt2 kernel: IN=eth0 OUT=eth0.10
    MAC=bc:30:5b:fd:b4:bc:54:9f:c6:6c:aa:71:08:00 SRC=10.0.8.149 DST=35.199.93.243
    LEN=44 TOS=0x00 PREC=0x00 TTL=122 ID=28793 PROTO=UDP SPT=62518 DPT=1252 LEN=24
    Apr 7 15:35:59 base-gt2 kernel: IN=eth0 OUT=eth0.10
    MAC=bc:30:5b:fd:b4:bc:54:9f:c6:6c:aa:71:08:00 SRC=10.0.8.149 DST=34.151.235.216
    LEN=44 TOS=0x00 PREC=0x00 TTL=123 ID=24802 PROTO=UDP SPT=62518 DPT=1252 LEN=24
    Apr 12 21:02:01 base-gt2 rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-
    57.el7_9.1" x-pid="8142" x-info="http://www.rsyslog.com"] exiting on signal 15.
    Apr 12 21:02:01 base-gt1 rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-
    57.el7_9.1" x-pid="6902" x-info="http://www.rsyslog.com"] exiting on signal 15.
    Apr 12 21:03:01 base-gt2 rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-
    57.el7_9.1" x-pid="8287" x-info="http://www.rsyslog.com"] exiting on signal 15.
    Apr 12 21:03:01 base-gt1 rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-
    57.el7_9.1" x-pid="6961" x-info="http://www.rsyslog.com"] exiting on signal 15.
    Apr 12 21:04:01 base-gt2 rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-
    57.el7_9.1" x-pid="8398" x-info="http://www.rsyslog.com"] exiting on signal 15.
    Apr 7 15:35:43 base-gt2 named[1506]: client @0x7f6920079730 186.225.59.178#64130
    (onedscolprdwus14.westus.cloudapp.azure.com): view externo: query (cache)
    'onedscolprdwus14.westus.cloudapp.azure.com/A/IN' denied
    Apr 7 15:35:43 base-gt2 named[1506]: client @0x7f6920079730 186.225.59.178#64130
    (onedscolprdwus14.westus.cloudapp.azure.com): view externo: query (cache)
    'onedscolprdwus14.westus.cloudapp.azure.com/A/IN' accept
    Apr 7 15:35:55 base-gt9 kernel: usb 1-2: USB disconnect, device number 58
    Apr 7 15:35:56 base-gt9 kernel: usb 1-2: new low-speed USB device number 59 using
    xhci_hcd
    Apr 7 15:35:56 base-gt9 kernel: usb 1-2: New USB device found, idVendor=03f0,
    idProduct=094a, bcdDevice= 1.00
    Apr 7 15:35:56 base-gt9 kernel: usb 1-2: New USB device strings: Mfr=1, Product=2,
    SerialNumber=0
    Apr 7 15:35:56 base-gt9 kernel: usb 1-2: Product: HP USB Optical Mouse
    Apr 7 15:35:56 base-gt9 kernel: usb 1-2: Manufacturer: PixArt
    Apr 7 15:35:56 base-gt9 kernel: input: PixArt HP USB Optical Mouse as
    /devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2:1.0/input/input22323
    Apr 7 15:35:56 base-gt9 kernel: hid-generic 0003:03F0:094A.5725: input,hidraw0:
    USB HID v1.11 Mouse [PixArt HP USB Optical Mouse] on usb-0000:00:14.0-2/input0
    Apr 7 15:35:56 base-gt2 kernel: IN=eth0 OUT=eth0.10
    MAC=bc:30:5b:fd:b4:bc:f0:d4:e2:8d:93:1e:08:00 SRC=10.0.100.138 DST=179.155.6.132
    LEN=140 TOS=0x00 PREC=0x00 TTL=126 ID=60646 PROTO=UDP SPT=50019 DPT=50000 LEN=120
    Apr 7 15:36:04 base-gt7 kernel: IN=eth0 OUT=
    MAC=ff:ff:ff:ff:ff:ff:cc:2d:e0:74:d7:e1:08:00 SRC=0.0.0.0 DST=255.255.255.255
    LEN=147 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=5678 DPT=5678 LEN=127
    Jul 13 08:27:01 davis kernel: [2447090.462486] iptables RULE -16 -- ACCEPT IN=
    OUT=eth4 SRC=10.100.40.2 DST=224.0.0.18 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=25462
    PROTO=112
    Jul 13 08:27:01 davis kernel: [2447090.462773] iptables RULE -16 -- ACCEPT IN=
    OUT=eth1 SRC=10.100.10.2 DST=224.0.0.18 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=25462
    PROTO=112
    Jul 13 08:27:01 davis CRON[24335]: (root) CMD (cp /var/log/iptables.log
    /opt/log/iptables/davis/iptables.log # exports log iptable every min)
    Jul 13 08:27:02 davis kernel: [2447091.460677] iptables RULE -16 -- ACCEPT IN=
    OUT=eth3 SRC=10.100.30.2 DST=224.0.0.18 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=25462
    PROTO=112
    Jul 13 08:27:02 davis kernel: [2447091.460866] iptables RULE -16 -- ACCEPT IN=
    OUT=eth2 SRC=10.100.20.2 DST=224.0.0.18 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=25462
    PROTO=112
    14:50:01 davis <cron.info> CRON[28985]: (root) CMD (cp /var/log/iptables.log
    /opt/log/iptables/davis/iptables.log # exports log iptable every min)
    14:51:01 davis <cron.info> CRON[29018]: (root) CMD (cp /var/log/iptables.log
    /opt/log/iptables/davis/iptables.log # exports log iptable every min)
    14:52:01 davis <cron.info> CRON[29022]: (root) CMD (cp /var/log/iptables.log
    /opt/log/iptables/davis/iptables.log # exports log iptable every min)
    14:53:01 davis <cron.info> CRON[29026]: (root) CMD (cp /var/log/iptables.log
    /opt/log/iptables/davis/iptables.log # exports log iptable every min)
    Oct 4 00:44:28 debian gconfd (vivek-4435): Resolved address
    "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at
    position 2
    Oct 4 01:14:19 debian kernel: IN=ra0 OUT=
    MAC=00:17:9a:0a:f6:44:00:08:5c:00:00:01:08:00 SRC=200.142.84.36 DST=192.168.1.2
    LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=18374 DF PROTO=TCP SPT=46040 DPT=22 WINDOW=5840
    RES=0x00 SYN URGP=0
    Oct 4 00:13:55 debian kernel: IN=ra0 OUT=
    MAC=ff:ff:ff:ff:ff:ff:00:18:de:55:0a:56:08:00 SRC=192.168.1.30
    DST=192.168.1.255LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=13461 PROTO=UDP SPT=137
    DPT=137 LEN=58
    Apr 13 15:40:35 base-gt4 kernel: IN=eth0 OUT=
    MAC=01:00:5e:00:00:01:02:04:96:9e:50:be:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32
    TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2
    Apr 13 15:40:35 base-gt4 kernel: IN=eth0 OUT=
    MAC=01:00:5e:00:00:01:02:04:96:cd:3b:54:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32
    TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2
    2022-04-13T19:39:15.406507+00:00 mtntx03 sshd[72665]: Accepted publickey for root
    from 192.168.5.254 port 34243 ssh2: RSA
    SHA256:MJpWbcxOXt2CwyPWjTb8/EoHDSqFxHyzODo0TPHGo9A
    2022-04-13T19:39:25.250349+00:00 mtntx04 sshd[63464]: Close session: user root from
    10.14.11.78 port 43626 id 0
    2022-04-13T09:28:31.168226-04:00 NTNX-J500062L-A-CVM systemd-logind[1360]: New
    session 583524 of user nutanix.
    2022-04-13T09:28:31.231161-04:00 NTNX-J500062L-A-CVM systemd-logind[1360]: Removed
    session 583524.
    2022-04-13T09:30:08.986326-04:00 NTNX-J500062L-A-CVM systemd-logind[1360]: New
    session 583545 of user nutanix.
    2022-04-13T09:30:15.185488-04:00 NTNX-J500062L-A-CVM systemd-logind[1360]: Removed
    session 583545.
    2022-04-13T09:29:46.907082-04:00 NTNX-J500062M-A-CVM sudo[8806]: nutanix : (command
    continued) /sys/fs/cgroup/memory/nusights/memory.kmem.tcp.limit_in_bytes
    /sys/fs/cgroup/memory/nusights/memory.memsw.failcnt
    /sys/fs/cgroup/memory/nusights/memory.memsw.limit_in_bytes
    /sys/fs/cgroup/memory/nusights/memory.memsw.max_usage_in_bytes
    /sys/fs/cgroup/memory/nusights/memory.memsw.usage_in_bytes
    /sys/fs/cgroup/memory/nusights/memory.kmem.slabinfo
    /sys/fs/cgroup/memory/nusights/memory.kmem.max_usage_in_bytes
    /sys/fs/cgroup/memory/nusights/memory.kmem.failcnt
    /sys/fs/cgroup/memory/nusights/memory.kmem.usage_in_bytes
    /sys/fs/cgroup/memory/nusights/memory.kmem.limit_in_bytes
    /sys/fs/cgroup/memory/nusights/memory.numa_stat
    /sys/fs/cgroup/memory/nusights/memory.pressure_level
    /sys/fs/cgroup/memory/nusights/memory.oom_control
    /sys/fs/cgroup/memory/nusights/memory.move_charge_at_immigrate
    /sys/fs/cgroup/memory/nusights/memory.swappiness
    /sys/fs/cgroup/memory/nusights/memory
    2022-04-13T09:31:47.293619-04:00 NTNX-J500062M-A-CVM sudo[11367]: nutanix :
    (command continued) /sys/fs/cgroup/memory/Salt/memory.move_charge_at_immigrate
    /sys/fs/cgroup/memory/Salt/memory.swappiness
    /sys/fs/cgroup/memory/Salt/memory.use_hierarchy
    /sys/fs/cgroup/memory/Salt/memory.force_empty
    /sys/fs/cgroup/memory/Salt/memory.stat /sys/fs/cgroup/memory/Salt/memory.failcnt
    /sys/fs/cgroup/memory/Salt/memory.soft_limit_in_bytes
    /sys/fs/cgroup/memory/Salt/memory.limit_in_bytes
    /sys/fs/cgroup/memory/Salt/memory.max_usage_in_bytes
    /sys/fs/cgroup/memory/Salt/memory.usage_in_bytes
    /sys/fs/cgroup/memory/Salt/cgroup.clone_children
    /sys/fs/cgroup/memory/Salt/cgroup.event_control
    /sys/fs/cgroup/memory/Salt/notify_on_release
    /sys/fs/cgroup/memory/Salt/cgroup.procs /sys/fs/cgroup/memory/Salt/tasks
    /sys/fs/cgroup/memory/nusights/memory.kmem.tcp.max_usage_in_bytes
    /sys/fs/cgroup/memory/nusights/memory.kmem.tcp.failcnt
    /sys/fs/cgroup/memory/nusights/memory.kmem.tcp.usage_in

    You might also like