1.2 seconds upper bound for rules table on the UI to load without any rules The below is just the API
$ time ./get_prepackaged_rules_status.sh
{
"rules_custom_installed": 0,
"rules_installed": 0,
"rules_not_installed": 145,
## Configuration file for a typical Tor user | |
## Last updated 2 September 2014 for Tor 0.2.6.1-alpha. | |
## (may or may not work for much older or much newer versions of Tor.) | |
## | |
## Lines that begin with "## " try to explain what's going on. Lines | |
## that begin with just "#" are disabled commands: you can enable them | |
## by removing the "#" symbol. | |
## | |
## See 'man tor', or https://www.torproject.org/docs/tor-manual.html, | |
## for more options you can use in this file. |
################################################# | |
# Sample OpenVPN 2.0 config file for # | |
# multi-client server. # | |
# # | |
# This file is for the server side # | |
# of a many-clients <-> one-server # | |
# OpenVPN configuration. # | |
# # | |
# OpenVPN also supports # | |
# single-machine <-> single-machine # |
## Configuration file for a typical Tor user | |
## Last updated 9 October 2013 for Tor 0.2.5.2-alpha. | |
## (may or may not work for much older or much newer versions of Tor.) | |
## | |
## Lines that begin with "## " try to explain what's going on. Lines | |
## that begin with just "#" are disabled commands: you can enable them | |
## by removing the "#" symbol. | |
## | |
## See 'man tor', or https://www.torproject.org/docs/tor-manual.html, | |
## for more options you can use in this file. |
# | |
# rules.before | |
# | |
# Rules that should be run before the ufw command line added rules. Custom | |
# rules should be added to one of these chains: | |
# ufw-before-input | |
# ufw-before-output | |
# ufw-before-forward | |
# |
2016-03-28 22:19:58 SIGUSR1[soft,init_instance] received, process restarting | |
2016-03-28 22:19:58 MANAGEMENT: >STATE:1459217998,RECONNECTING,init_instance,, | |
2016-03-28 22:20:00 *Tunnelblick: No 'reconnecting.sh' script to execute | |
2016-03-28 22:20:00 MANAGEMENT: CMD 'hold release' | |
2016-03-28 22:20:00 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts | |
2016-03-28 22:20:00 Socket Buffers: R=[131072->65536] S=[131072->65536] | |
2016-03-28 22:20:00 Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:9040 [nonblock] | |
2016-03-28 22:20:00 MANAGEMENT: >STATE:1459218000,TCP_CONNECT,,, | |
2016-03-28 22:20:00 TCP: connect to [AF_INET]XXX.XXX.XXX.XXX:9040 failed, will try again in 5 seconds: Can't assign requested address | |
2016-03-28 22:20:00 SIGUSR1[soft,init_instance] received, process restarting |
pi@raspberrypi:/var/log/maltrail $ tail 2016-05-18.log 2016-05-19.log 2016-05-20.log 2016-05-21.log 2016-05-22.log 2016-05-23.log 2016-05-24.log 2016-05-25.log | |
==> 2016-05-18.log <== | |
"2016-05-18 23:47:51.125602" raspberrypi 192.168.1.5 35579 128.208.2.233 9001 TCP IP 128.208.2.233 "tor exit node (suspicious)" blutmagie.de | |
"2016-05-18 23:49:59.424015" raspberrypi 192.168.1.5 - 136.161.101.53 - ICMP IP 136.161.101.53 "sinkhole conficker (malware)" (static) | |
==> 2016-05-19.log <== | |
"2016-05-19 10:26:19.485956" raspberrypi 192.168.1.5 39074 178.63.9.165 443 TCP IP 178.63.9.165 "tor exit node (suspicious)" blutmagie.de | |
"2016-05-19 11:59:51.032876" raspberrypi 192.168.1.5 39075 178.63.9.165 443 TCP IP 178.63.9.165 "tor exit node (suspicious)" blutmagie.de | |
"2016-05-19 13:25:15.583751" raspberrypi 192.168.1.5 39076 178.63.9.165 443 TCP IP 178.63.9.165 "tor exit node (suspicious)" blutmagie.de | |
"2016-05-19 15:10:59.114896" raspberrypi 192.168.1.5 39077 178.63.9.165 443 TCP IP 178.63.9.165 "tor exit node (suspicious)" bl |
--- | |
options: | |
docker: true | |
pipelines: | |
branches: | |
master: | |
- step: | |
script: | |
# Installing gcloud |
agent.type | ||
---|---|---|
as.number | ||
as.organization.name | ||
client.as.number | ||
client.as.organization.name | ||
client.nat.ip | ||
client.nat.port | ||
client.user.domain | ||
cloud.machine.type | ||
destination.as.number |
server log [16:05:30.489] [error][plugins][plugins][siem][siem] [-] nextSearchAfter threw an error [security_exception] missing authentication credentials for REST request [/apm-*-transaction*%2Cauditbeat-*%2Cendgame-*%2Cfilebeat-*%2Cpacketbeat-*%2Cwinlogbeat-*/_search?allow_no_indices=true&size=100&ignore_unavailable=true], with { header={ WWW-Authenticate={ 0="Bearer realm=\"security\"" & 1="ApiKey" & 2="Basic realm=\"security\" charset=\"UTF-8\"" } } } :: {"path":"/apm-*-transaction*%2Cauditbeat-*%2Cendgame-*%2Cfilebeat-*%2Cpacketbeat-*%2Cwinlogbeat-*/_search","query":{"allow_no_indices":true,"size":100,"ignore_unavailable":true},"body":"{\"query\":{\"bool\":{\"filter\":[{\"bool\":{\"must\":[],\"filter\":[{\"bool\":{\"should\":[{\"exists\":{\"field\":\"host.name\"}}],\"minimum_should_match\":1}}],\"should\":[],\"must_not\":[]}},{\"bool\":{\"filter\":[{\"bool\":{\"should\":[{\"range\":{\"@timestamp\":{\"gte\":\"now-6m\"}}}],\"minimum_should_match\":1}},{\"bool\":{\"should\":[{\"range\":{\"@timestamp\": |