Created
August 30, 2023 14:28
-
-
Save packetuser/517122e1dfd9604deaff79ca15cd590b to your computer and use it in GitHub Desktop.
syslog | grep filebeat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Aug 30 12:36:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:36:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":175747072}}}},"cpu":{"system":{"ticks":727160,"time":{"ms":640}},"total":{"ticks":10709890,"time":{"ms":9620},"value":10709890},"user":{"ticks":9982730,"time":{"ms":8980}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":55920113},"version":"8.9.1"},"memstats":{"gc_next":125759528,"memory_alloc":93990456,"memory_total":635123006592,"rss":227827712},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":1209,"added":21952,"done":21992},"harvester":{"open_files":19,"running":19,"started":2}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":22599,"active":0,"batches":457,"total":22549},"read":{"bytes":5045467},"write":{"bytes":42587969}},"pipeline":{"clients":38,"events":{"active":0,"filtered":2,"published":21950,"total":21952},"queue":{"acked":22599}}},"registrar":{"states":{"current":20,"update":22601},"writes":{"success":23,"total":23}},"system":{"load":{"1":1.73,"15":1.76,"5":1.86,"norm":{"1":0.0432,"15":0.044,"5":0.0465}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:37:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:37:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":147128320}}}},"cpu":{"system":{"ticks":727950,"time":{"ms":790}},"total":{"ticks":10718740,"time":{"ms":8850},"value":10718740},"user":{"ticks":9990790,"time":{"ms":8060}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":55950114},"version":"8.9.1"},"memstats":{"gc_next":98144856,"memory_alloc":68789208,"memory_total":635649822096,"rss":203124736},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":815,"added":19926,"done":20320},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":19183,"active":0,"batches":390,"total":19183},"read":{"bytes":4282996},"write":{"bytes":36137618}},"pipeline":{"clients":38,"events":{"active":743,"published":19926,"total":19926},"queue":{"acked":19183}}},"registrar":{"states":{"current":20,"update":19183},"writes":{"success":20,"total":20}},"system":{"load":{"1":1.51,"15":1.74,"5":1.79,"norm":{"1":0.0378,"15":0.0435,"5":0.0448}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:37:17 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:37:17.267Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"9ae4765b-23f2-4be3-a4d9-3390f892eaba","source_file":"/mnt/Bro/current/pe.log","state_id":"native::5113074-64768","finished":false,"os_id":"5113074-64768","old_source":"/mnt/Bro/current/pe.log","old_finished":true,"old_os_id":"5113074-64768","harvester_id":"2773546e-18b3-422e-a972-2163dc84d968","ecs.version":"1.6.0"} | |
| Aug 30 12:37:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:37:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":171511808}}}},"cpu":{"system":{"ticks":728530,"time":{"ms":580}},"total":{"ticks":10727980,"time":{"ms":9240},"value":10727980},"user":{"ticks":9999450,"time":{"ms":8660}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":55980116},"version":"8.9.1"},"memstats":{"gc_next":148547680,"memory_alloc":118174264,"memory_total":636228109800,"rss":235917312},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":691,"added":21954,"done":22078},"harvester":{"closed":1,"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":22405,"active":50,"batches":455,"total":22455},"read":{"bytes":5002150},"write":{"bytes":41711394}},"pipeline":{"clients":38,"events":{"active":291,"filtered":1,"published":21953,"total":21954},"queue":{"acked":22405}}},"registrar":{"states":{"current":20,"update":22406},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.73,"15":1.76,"5":1.83,"norm":{"1":0.0432,"15":0.044,"5":0.0458}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:38:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:38:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":161038336}}}},"cpu":{"system":{"ticks":729090,"time":{"ms":560}},"total":{"ticks":10736740,"time":{"ms":8760},"value":10736740},"user":{"ticks":10007650,"time":{"ms":8200}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56010118},"version":"8.9.1"},"memstats":{"gc_next":113520544,"memory_alloc":58563192,"memory_total":636760928488,"rss":223514624},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":2075,"added":20267,"done":18883},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":19383,"active":50,"batches":395,"total":19383},"read":{"bytes":4327786},"write":{"bytes":36132486}},"pipeline":{"clients":38,"events":{"active":1175,"published":20267,"total":20267},"queue":{"acked":19383}}},"registrar":{"states":{"current":20,"update":19383},"writes":{"success":21,"total":21}},"system":{"load":{"1":1.78,"15":1.76,"5":1.83,"norm":{"1":0.0445,"15":0.044,"5":0.0458}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:38:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:38:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":160305152}}}},"cpu":{"system":{"ticks":729740,"time":{"ms":650}},"total":{"ticks":10747850,"time":{"ms":11110},"value":10747850},"user":{"ticks":10018110,"time":{"ms":10460}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56040114},"version":"8.9.1"},"memstats":{"gc_next":142105448,"memory_alloc":96297392,"memory_total":637449444304,"rss":224002048},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":790,"added":25804,"done":27089},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26472,"active":0,"batches":532,"total":26422},"read":{"bytes":5909576},"write":{"bytes":49783773}},"pipeline":{"clients":38,"events":{"active":507,"published":25804,"total":25804},"queue":{"acked":26472}}},"registrar":{"states":{"current":20,"update":26472},"writes":{"success":26,"total":26}},"system":{"load":{"1":2,"15":1.78,"5":1.88,"norm":{"1":0.05,"15":0.0445,"5":0.047}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:39:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:39:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":147726336}}}},"cpu":{"system":{"ticks":730410,"time":{"ms":670}},"total":{"ticks":10756830,"time":{"ms":8980},"value":10756830},"user":{"ticks":10026420,"time":{"ms":8310}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56070118},"version":"8.9.1"},"memstats":{"gc_next":125170552,"memory_alloc":112187784,"memory_total":638002537840,"rss":211312640},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1330,"added":20763,"done":20223},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":20840,"active":50,"batches":424,"total":20890},"read":{"bytes":4652834},"write":{"bytes":39442423}},"pipeline":{"clients":38,"events":{"active":430,"published":20763,"total":20763},"queue":{"acked":20840}}},"registrar":{"states":{"current":20,"update":20840},"writes":{"success":23,"total":23}},"system":{"load":{"1":2.07,"15":1.79,"5":1.91,"norm":{"1":0.0518,"15":0.0448,"5":0.0478}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:39:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:39:36.488Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":143130624}}}},"cpu":{"system":{"ticks":731000,"time":{"ms":590}},"total":{"ticks":10765650,"time":{"ms":8820},"value":10765650},"user":{"ticks":10034650,"time":{"ms":8230}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56100116},"version":"8.9.1"},"memstats":{"gc_next":124505088,"memory_alloc":96819056,"memory_total":638539168392,"rss":206356480},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":737,"added":20403,"done":20996},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":20246,"active":50,"batches":411,"total":20246},"read":{"bytes":4520231},"write":{"bytes":37754237}},"pipeline":{"clients":38,"events":{"active":587,"published":20403,"total":20403},"queue":{"acked":20246}}},"registrar":{"states":{"current":20,"update":20246},"writes":{"success":21,"total":21}},"system":{"load":{"1":1.94,"15":1.79,"5":1.89,"norm":{"1":0.0485,"15":0.0448,"5":0.0473}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:40:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:40:06.484Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":156073984}}}},"cpu":{"system":{"ticks":731600,"time":{"ms":600}},"total":{"ticks":10773660,"time":{"ms":8010},"value":10773660},"user":{"ticks":10042060,"time":{"ms":7410}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56130113},"version":"8.9.1"},"memstats":{"gc_next":133026704,"memory_alloc":108850392,"memory_total":639039116664,"rss":219824128},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":2407,"added":19065,"done":17395},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":18245,"active":50,"batches":371,"total":18245},"read":{"bytes":4073576},"write":{"bytes":33847492}},"pipeline":{"clients":38,"events":{"active":1407,"published":19065,"total":19065},"queue":{"acked":18245}}},"registrar":{"states":{"current":20,"update":18245},"writes":{"success":20,"total":20}},"system":{"load":{"1":2.26,"15":1.81,"5":1.95,"norm":{"1":0.0565,"15":0.0453,"5":0.0488}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:40:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:40:36.488Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":147886080}}}},"cpu":{"system":{"ticks":732210,"time":{"ms":610}},"total":{"ticks":10782570,"time":{"ms":8910},"value":10782570},"user":{"ticks":10050360,"time":{"ms":8300}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56160113},"version":"8.9.1"},"memstats":{"gc_next":130937392,"memory_alloc":104475392,"memory_total":639594475240,"rss":210587648},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1118,"added":21009,"done":22298},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":21498,"active":50,"batches":435,"total":21498},"read":{"bytes":4799563},"write":{"bytes":40041434}},"pipeline":{"clients":38,"events":{"active":918,"published":21009,"total":21009},"queue":{"acked":21498}}},"registrar":{"states":{"current":20,"update":21498},"writes":{"success":25,"total":25}},"system":{"load":{"1":2.22,"15":1.82,"5":1.97,"norm":{"1":0.0555,"15":0.0455,"5":0.0493}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:41:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:41:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":147963904}}}},"cpu":{"system":{"ticks":732850,"time":{"ms":640}},"total":{"ticks":10791460,"time":{"ms":8890},"value":10791460},"user":{"ticks":10058610,"time":{"ms":8250}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56190113},"version":"8.9.1"},"memstats":{"gc_next":127058248,"memory_alloc":110674952,"memory_total":640138440520,"rss":210423808},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1544,"added":20591,"done":20165},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":21215,"active":50,"batches":432,"total":21215},"read":{"bytes":4736778},"write":{"bytes":39876524}},"pipeline":{"clients":38,"events":{"active":294,"published":20591,"total":20591},"queue":{"acked":21215}}},"registrar":{"states":{"current":20,"update":21215},"writes":{"success":20,"total":20}},"system":{"load":{"1":2.5,"15":1.86,"5":2.06,"norm":{"1":0.0625,"15":0.0465,"5":0.0515}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:41:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:41:36.485Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":152735744}}}},"cpu":{"system":{"ticks":733700,"time":{"ms":850}},"total":{"ticks":10801770,"time":{"ms":10310},"value":10801770},"user":{"ticks":10068070,"time":{"ms":9460}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56220113},"version":"8.9.1"},"memstats":{"gc_next":122450296,"memory_alloc":115177768,"memory_total":640773331448,"rss":215887872},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":581,"added":24101,"done":25064},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23814,"active":0,"batches":481,"total":23764},"read":{"bytes":5316586},"write":{"bytes":44416543}},"pipeline":{"clients":38,"events":{"active":581,"published":24101,"total":24101},"queue":{"acked":23814}}},"registrar":{"states":{"current":20,"update":23814},"writes":{"success":25,"total":25}},"system":{"load":{"1":2.47,"15":1.88,"5":2.1,"norm":{"1":0.0618,"15":0.047,"5":0.0525}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:42:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:42:02.297Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"5f023bf7-2895-4402-8800-0ea487a7915b","source_file":"/mnt/Bro/current/capture_loss.log","state_id":"native::5111854-64768","finished":false,"os_id":"5111854-64768","old_source":"/mnt/Bro/current/capture_loss.log","old_finished":true,"old_os_id":"5111854-64768","harvester_id":"720a0532-562f-4adc-a512-510d2116177f","ecs.version":"1.6.0"} | |
| Aug 30 12:42:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:42:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":162238464}}}},"cpu":{"system":{"ticks":734350,"time":{"ms":650}},"total":{"ticks":10811300,"time":{"ms":9530},"value":10811300},"user":{"ticks":10076950,"time":{"ms":8880}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56250113},"version":"8.9.1"},"memstats":{"gc_next":133527400,"memory_alloc":105252392,"memory_total":641330049528,"rss":223989760},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1468,"added":21126,"done":20239},"harvester":{"closed":1,"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":20338,"active":50,"batches":415,"total":20388},"read":{"bytes":4540964},"write":{"bytes":37982927}},"pipeline":{"clients":38,"events":{"active":1368,"filtered":1,"published":21125,"total":21126},"queue":{"acked":20338}}},"registrar":{"states":{"current":20,"update":20339},"writes":{"success":21,"total":21}},"system":{"load":{"1":2.11,"15":1.87,"5":2.04,"norm":{"1":0.0528,"15":0.0468,"5":0.051}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:42:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:42:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":158916608}}}},"cpu":{"system":{"ticks":735120,"time":{"ms":770}},"total":{"ticks":10821530,"time":{"ms":10230},"value":10821530},"user":{"ticks":10086410,"time":{"ms":9460}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56280113},"version":"8.9.1"},"memstats":{"gc_next":123897440,"memory_alloc":85900192,"memory_total":641927339080,"rss":223199232},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":36,"added":22549,"done":23981},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23917,"active":0,"batches":482,"total":23867},"read":{"bytes":5339453},"write":{"bytes":44676545}},"pipeline":{"clients":38,"events":{"active":0,"published":22549,"total":22549},"queue":{"acked":23917}}},"registrar":{"states":{"current":20,"update":23917},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.96,"15":1.87,"5":2.02,"norm":{"1":0.049,"15":0.0468,"5":0.0505}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:43:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:43:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":153374720}}}},"cpu":{"system":{"ticks":735840,"time":{"ms":720}},"total":{"ticks":10832200,"time":{"ms":10670},"value":10832200},"user":{"ticks":10096360,"time":{"ms":9950}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56310115},"version":"8.9.1"},"memstats":{"gc_next":121865408,"memory_alloc":94653832,"memory_total":642566045912,"rss":215580672},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":229,"added":24093,"done":23900},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23864,"active":0,"batches":482,"total":23864},"read":{"bytes":5327636},"write":{"bytes":44981474}},"pipeline":{"clients":38,"events":{"active":229,"published":24092,"total":24093},"queue":{"acked":23864}}},"registrar":{"states":{"current":20,"update":23864},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.71,"15":1.85,"5":1.95,"norm":{"1":0.0427,"15":0.0463,"5":0.0488}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:43:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:43:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":156803072}}}},"cpu":{"system":{"ticks":736360,"time":{"ms":520}},"total":{"ticks":10841170,"time":{"ms":8970},"value":10841170},"user":{"ticks":10104810,"time":{"ms":8450}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56340114},"version":"8.9.1"},"memstats":{"gc_next":118648624,"memory_alloc":61443680,"memory_total":643091175200,"rss":217235456},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":1216,"added":19944,"done":18957},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":19733,"active":0,"batches":401,"total":19733},"read":{"bytes":4405789},"write":{"bytes":36751894}},"pipeline":{"clients":38,"events":{"active":440,"published":19945,"total":19944},"queue":{"acked":19733}}},"registrar":{"states":{"current":20,"update":19733},"writes":{"success":22,"total":22}},"system":{"load":{"1":1.4,"15":1.82,"5":1.86,"norm":{"1":0.035,"15":0.0455,"5":0.0465}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:44:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:44:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":151896064}}}},"cpu":{"system":{"ticks":736830,"time":{"ms":470}},"total":{"ticks":10848970,"time":{"ms":7800},"value":10848970},"user":{"ticks":10112140,"time":{"ms":7330}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56370113},"version":"8.9.1"},"memstats":{"gc_next":112480256,"memory_alloc":91884824,"memory_total":643562883952,"rss":214581248},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":983,"added":17984,"done":18217},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":17441,"active":0,"batches":354,"total":17441},"read":{"bytes":3893974},"write":{"bytes":32416624}},"pipeline":{"clients":38,"events":{"active":983,"published":17984,"total":17984},"queue":{"acked":17441}}},"registrar":{"states":{"current":20,"update":17441},"writes":{"success":21,"total":21}},"system":{"load":{"1":1.42,"15":1.81,"5":1.82,"norm":{"1":0.0355,"15":0.0453,"5":0.0455}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:44:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:44:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":163426304}}}},"cpu":{"system":{"ticks":737440,"time":{"ms":610}},"total":{"ticks":10858600,"time":{"ms":9630},"value":10858600},"user":{"ticks":10121160,"time":{"ms":9020}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56400116},"version":"8.9.1"},"memstats":{"gc_next":145341296,"memory_alloc":94798328,"memory_total":644143960656,"rss":224784384},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":1052,"added":21933,"done":21864},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":22857,"active":0,"batches":463,"total":22857},"read":{"bytes":5103031},"write":{"bytes":42730182}},"pipeline":{"clients":38,"events":{"active":59,"published":21933,"total":21933},"queue":{"acked":22857}}},"registrar":{"states":{"current":20,"update":22857},"writes":{"success":22,"total":22}},"system":{"load":{"1":1.26,"15":1.78,"5":1.74,"norm":{"1":0.0315,"15":0.0445,"5":0.0435}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:45:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:45:06.485Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":151269376}}}},"cpu":{"system":{"ticks":738070,"time":{"ms":630}},"total":{"ticks":10867640,"time":{"ms":9040},"value":10867640},"user":{"ticks":10129570,"time":{"ms":8410}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56430114},"version":"8.9.1"},"memstats":{"gc_next":101784248,"memory_alloc":95791184,"memory_total":644725296384,"rss":210907136},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1355,"added":22107,"done":21804},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":21061,"active":50,"batches":428,"total":21111},"read":{"bytes":4702093},"write":{"bytes":39678052}},"pipeline":{"clients":38,"events":{"active":1105,"published":22106,"total":22107},"queue":{"acked":21061}}},"registrar":{"states":{"current":20,"update":21061},"writes":{"success":22,"total":22}},"system":{"load":{"1":2.02,"15":1.82,"5":1.87,"norm":{"1":0.0505,"15":0.0455,"5":0.0468}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:45:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:45:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":164532224}}}},"cpu":{"system":{"ticks":738640,"time":{"ms":570}},"total":{"ticks":10878420,"time":{"ms":10780},"value":10878420},"user":{"ticks":10139780,"time":{"ms":10210}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56460113},"version":"8.9.1"},"memstats":{"gc_next":141879200,"memory_alloc":127171816,"memory_total":645401976840,"rss":225865728},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":963,"added":25349,"done":25741},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25707,"active":0,"batches":518,"total":25657},"read":{"bytes":5739024},"write":{"bytes":48406341}},"pipeline":{"clients":38,"events":{"active":747,"published":25350,"total":25349},"queue":{"acked":25707}}},"registrar":{"states":{"current":20,"update":25707},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.94,"15":1.82,"5":1.86,"norm":{"1":0.0485,"15":0.0455,"5":0.0465}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:45:52 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:45:52.312Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/kerberos.log]","service.name":"filebeat","input_id":"d231eb41-d945-4da6-bd53-028f690c281c","source_file":"/mnt/Bro/current/kerberos.log","state_id":"native::5113080-64768","finished":false,"os_id":"5113080-64768","old_source":"/mnt/Bro/current/kerberos.log","old_finished":true,"old_os_id":"5113080-64768","harvester_id":"2d1ea04f-093a-4129-9245-60a07ca4c4f6","ecs.version":"1.6.0"} | |
| Aug 30 12:46:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:46:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":157863936}}}},"cpu":{"system":{"ticks":739380,"time":{"ms":740}},"total":{"ticks":10889080,"time":{"ms":10660},"value":10889080},"user":{"ticks":10149700,"time":{"ms":9920}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56490115},"version":"8.9.1"},"memstats":{"gc_next":125479880,"memory_alloc":102760408,"memory_total":646057120328,"rss":218402816},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":2212,"added":24924,"done":23675},"harvester":{"open_files":18,"running":18,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24158,"active":50,"batches":489,"total":24208},"read":{"bytes":5393285},"write":{"bytes":45176554}},"pipeline":{"clients":38,"events":{"active":1512,"filtered":1,"published":24922,"total":24924},"queue":{"acked":24158}}},"registrar":{"states":{"current":20,"update":24159},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.81,"15":1.82,"5":1.84,"norm":{"1":0.0453,"15":0.0455,"5":0.046}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:46:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:46:36.489Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":142491648}}}},"cpu":{"system":{"ticks":739950,"time":{"ms":570}},"total":{"ticks":10899570,"time":{"ms":10490},"value":10899570},"user":{"ticks":10159620,"time":{"ms":9920}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56520113},"version":"8.9.1"},"memstats":{"gc_next":122534336,"memory_alloc":99618432,"memory_total":646694888656,"rss":204783616},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1009,"added":24190,"done":25393},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24793,"active":50,"batches":499,"total":24793},"read":{"bytes":5534730},"write":{"bytes":46298875}},"pipeline":{"clients":38,"events":{"active":909,"published":24190,"total":24190},"queue":{"acked":24793}}},"registrar":{"states":{"current":20,"update":24793},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.67,"15":1.81,"5":1.81,"norm":{"1":0.0417,"15":0.0453,"5":0.0453}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:47:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:47:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":157204480}}}},"cpu":{"system":{"ticks":740750,"time":{"ms":800}},"total":{"ticks":10911740,"time":{"ms":12170},"value":10911740},"user":{"ticks":10170990,"time":{"ms":11370}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56550114},"version":"8.9.1"},"memstats":{"gc_next":156407824,"memory_alloc":79927248,"memory_total":647416913944,"rss":217096192},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":1109,"added":27026,"done":26926},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27426,"active":50,"batches":552,"total":27426},"read":{"bytes":6133710},"write":{"bytes":51809326}},"pipeline":{"clients":38,"events":{"active":509,"published":27027,"total":27026},"queue":{"acked":27426}}},"registrar":{"states":{"current":20,"update":27426},"writes":{"success":25,"total":25}},"system":{"load":{"1":2.32,"15":1.86,"5":1.96,"norm":{"1":0.058,"15":0.0465,"5":0.049}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:47:22 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:47:22.319Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/pe.log]","service.name":"filebeat","input_id":"9ae4765b-23f2-4be3-a4d9-3390f892eaba","source_file":"/mnt/Bro/current/pe.log","state_id":"native::5113074-64768","finished":false,"os_id":"5113074-64768","old_source":"/mnt/Bro/current/pe.log","old_finished":true,"old_os_id":"5113074-64768","harvester_id":"629c5e98-a526-4c51-88df-8538117e8d5f","ecs.version":"1.6.0"} | |
| Aug 30 12:47:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:47:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":146030592}}}},"cpu":{"system":{"ticks":741510,"time":{"ms":760}},"total":{"ticks":10922400,"time":{"ms":10660},"value":10922400},"user":{"ticks":10180890,"time":{"ms":9900}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56580117},"version":"8.9.1"},"memstats":{"gc_next":106632352,"memory_alloc":67311544,"memory_total":648067405072,"rss":207859712},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":232,"added":24667,"done":25544},"harvester":{"open_files":19,"running":19,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24943,"active":0,"batches":502,"total":24893},"read":{"bytes":5557245},"write":{"bytes":46517318}},"pipeline":{"clients":38,"events":{"active":232,"filtered":1,"published":24666,"total":24667},"queue":{"acked":24943}}},"registrar":{"states":{"current":20,"update":24944},"writes":{"success":27,"total":27}},"system":{"load":{"1":2.18,"15":1.86,"5":1.95,"norm":{"1":0.0545,"15":0.0465,"5":0.0488}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:48:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:48:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":152367104}}}},"cpu":{"system":{"ticks":742360,"time":{"ms":850}},"total":{"ticks":10933680,"time":{"ms":11280},"value":10933680},"user":{"ticks":10191320,"time":{"ms":10430}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56610118},"version":"8.9.1"},"memstats":{"gc_next":112805064,"memory_alloc":90469600,"memory_total":648750102320,"rss":213266432},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":773,"added":25866,"done":25325},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25452,"active":0,"batches":514,"total":25452},"read":{"bytes":5682160},"write":{"bytes":47731461}},"pipeline":{"clients":38,"events":{"active":646,"published":25866,"total":25866},"queue":{"acked":25452}}},"registrar":{"states":{"current":20,"update":25452},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.82,"15":1.84,"5":1.89,"norm":{"1":0.0455,"15":0.046,"5":0.0473}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:48:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:48:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":160600064}}}},"cpu":{"system":{"ticks":742990,"time":{"ms":630}},"total":{"ticks":10943960,"time":{"ms":10280},"value":10943960},"user":{"ticks":10200970,"time":{"ms":9650}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56640115},"version":"8.9.1"},"memstats":{"gc_next":119634824,"memory_alloc":101208304,"memory_total":649364675888,"rss":221405184},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":642,"added":23368,"done":23499},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23518,"active":0,"batches":474,"total":23518},"read":{"bytes":5250249},"write":{"bytes":43829024}},"pipeline":{"clients":38,"events":{"active":497,"published":23368,"total":23369},"queue":{"acked":23518}}},"registrar":{"states":{"current":20,"update":23518},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.86,"15":1.84,"5":1.9,"norm":{"1":0.0465,"15":0.046,"5":0.0475}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:49:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:49:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":145502208}}}},"cpu":{"system":{"ticks":743560,"time":{"ms":570}},"total":{"ticks":10953480,"time":{"ms":9520},"value":10953480},"user":{"ticks":10209920,"time":{"ms":8950}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56670115},"version":"8.9.1"},"memstats":{"gc_next":128908240,"memory_alloc":102591096,"memory_total":649935599808,"rss":207036416},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":122,"added":21373,"done":21893},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":21868,"active":0,"batches":441,"total":21868},"read":{"bytes":4881919},"write":{"bytes":41198568}},"pipeline":{"clients":38,"events":{"active":1,"published":21373,"total":21372},"queue":{"acked":21868}}},"registrar":{"states":{"current":20,"update":21868},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.6,"15":1.82,"5":1.83,"norm":{"1":0.04,"15":0.0455,"5":0.0458}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:49:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:49:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":148172800}}}},"cpu":{"system":{"ticks":744210,"time":{"ms":650}},"total":{"ticks":10962630,"time":{"ms":9150},"value":10962630},"user":{"ticks":10218420,"time":{"ms":8500}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56700116},"version":"8.9.1"},"memstats":{"gc_next":105436608,"memory_alloc":88632272,"memory_total":650486445232,"rss":208658432},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":1817,"added":21067,"done":19372},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":20401,"active":50,"batches":414,"total":20451},"read":{"bytes":4554672},"write":{"bytes":37940606}},"pipeline":{"clients":38,"events":{"active":667,"published":21067,"total":21067},"queue":{"acked":20401}}},"registrar":{"states":{"current":20,"update":20401},"writes":{"success":22,"total":22}},"system":{"load":{"1":1.71,"15":1.82,"5":1.83,"norm":{"1":0.0427,"15":0.0455,"5":0.0458}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:50:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:50:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":152563712}}}},"cpu":{"system":{"ticks":744940,"time":{"ms":730}},"total":{"ticks":10972360,"time":{"ms":9730},"value":10972360},"user":{"ticks":10227420,"time":{"ms":9000}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56730115},"version":"8.9.1"},"memstats":{"gc_next":129031776,"memory_alloc":113798128,"memory_total":651061292528,"rss":214765568},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":135,"added":21767,"done":23449},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":22349,"active":50,"batches":453,"total":22349},"read":{"bytes":4989674},"write":{"bytes":41579611}},"pipeline":{"clients":38,"events":{"active":85,"published":21767,"total":21767},"queue":{"acked":22349}}},"registrar":{"states":{"current":20,"update":22349},"writes":{"success":23,"total":23}},"system":{"load":{"1":1.86,"15":1.83,"5":1.85,"norm":{"1":0.0465,"15":0.0458,"5":0.0463}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:50:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:50:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":152338432}}}},"cpu":{"system":{"ticks":745680,"time":{"ms":740}},"total":{"ticks":10981480,"time":{"ms":9120},"value":10981480},"user":{"ticks":10235800,"time":{"ms":8380}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56760114},"version":"8.9.1"},"memstats":{"gc_next":120119192,"memory_alloc":108917272,"memory_total":651607842936,"rss":212889600},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":624,"added":20778,"done":20289},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":20583,"active":0,"batches":417,"total":20533},"read":{"bytes":4595511},"write":{"bytes":38290707}},"pipeline":{"clients":38,"events":{"active":281,"published":20778,"total":20779},"queue":{"acked":20583}}},"registrar":{"states":{"current":20,"update":20583},"writes":{"success":22,"total":22}},"system":{"load":{"1":1.6,"15":1.81,"5":1.78,"norm":{"1":0.04,"15":0.0453,"5":0.0445}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:50:48 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:50:48.336Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"d41534e2-6fab-41c6-94f3-27768f2a2d63","source_file":"/mnt/Bro/current/x509.log","state_id":"native::5113070-64768","finished":false,"os_id":"5113070-64768","old_source":"/mnt/Bro/current/x509.log","old_finished":true,"old_os_id":"5113070-64768","harvester_id":"b19f0208-c192-4f43-8ebb-460cb2ec9386","ecs.version":"1.6.0"} | |
| Aug 30 12:50:57 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:50:57.331Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"d231eb41-d945-4da6-bd53-028f690c281c","source_file":"/mnt/Bro/current/kerberos.log","state_id":"native::5113080-64768","finished":false,"os_id":"5113080-64768","old_source":"/mnt/Bro/current/kerberos.log","old_finished":true,"old_os_id":"5113080-64768","harvester_id":"2d1ea04f-093a-4129-9245-60a07ca4c4f6","ecs.version":"1.6.0"} | |
| Aug 30 12:51:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:51:06.490Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":141979648}}}},"cpu":{"system":{"ticks":746330,"time":{"ms":650}},"total":{"ticks":10991060,"time":{"ms":9580},"value":10991060},"user":{"ticks":10244730,"time":{"ms":8930}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56790114},"version":"8.9.1"},"memstats":{"gc_next":98930632,"memory_alloc":53158120,"memory_total":652151674160,"rss":200630272},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1320,"added":20610,"done":19914},"harvester":{"closed":2,"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":20268,"active":50,"batches":413,"total":20318},"read":{"bytes":4525243},"write":{"bytes":38085556}},"pipeline":{"clients":38,"events":{"active":620,"filtered":2,"published":20608,"total":20609},"queue":{"acked":20268}}},"registrar":{"states":{"current":20,"update":20270},"writes":{"success":21,"total":21}},"system":{"load":{"1":1.34,"15":1.78,"5":1.71,"norm":{"1":0.0335,"15":0.0445,"5":0.0427}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:51:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:51:12.337Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/capture_loss.log]","service.name":"filebeat","input_id":"5f023bf7-2895-4402-8800-0ea487a7915b","source_file":"/mnt/Bro/current/capture_loss.log","state_id":"native::5111854-64768","finished":false,"os_id":"5111854-64768","old_source":"/mnt/Bro/current/capture_loss.log","old_finished":true,"old_os_id":"5111854-64768","harvester_id":"ab31568c-49c9-4db4-b15a-8bf89531851e","ecs.version":"1.6.0"} | |
| Aug 30 12:51:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:51:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":153141248}}}},"cpu":{"system":{"ticks":746850,"time":{"ms":520}},"total":{"ticks":11000320,"time":{"ms":9260},"value":11000320},"user":{"ticks":10253470,"time":{"ms":8740}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56820115},"version":"8.9.1"},"memstats":{"gc_next":119352952,"memory_alloc":76417280,"memory_total":652700813520,"rss":214106112},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":927,"added":20926,"done":21319},"harvester":{"open_files":18,"running":18,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":20818,"active":50,"batches":422,"total":20818},"read":{"bytes":4647847},"write":{"bytes":38703494}},"pipeline":{"clients":38,"events":{"active":727,"filtered":1,"published":20925,"total":20926},"queue":{"acked":20818}}},"registrar":{"states":{"current":20,"update":20819},"writes":{"success":24,"total":24}},"system":{"load":{"1":3.76,"15":1.97,"5":2.28,"norm":{"1":0.094,"15":0.0493,"5":0.057}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:52:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:52:06.488Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":163131392}}}},"cpu":{"system":{"ticks":747440,"time":{"ms":590}},"total":{"ticks":11009530,"time":{"ms":9210},"value":11009530},"user":{"ticks":10262090,"time":{"ms":8620}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56850114},"version":"8.9.1"},"memstats":{"gc_next":129725912,"memory_alloc":123544656,"memory_total":653255255512,"rss":224116736},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":722,"added":21142,"done":21347},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":21215,"active":0,"batches":431,"total":21165},"read":{"bytes":4736799},"write":{"bytes":39298442}},"pipeline":{"clients":38,"events":{"active":654,"published":21142,"total":21142},"queue":{"acked":21215}}},"registrar":{"states":{"current":20,"update":21215},"writes":{"success":21,"total":21}},"system":{"load":{"1":2.68,"15":1.94,"5":2.16,"norm":{"1":0.067,"15":0.0485,"5":0.054}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:52:27 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:52:27.337Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"9ae4765b-23f2-4be3-a4d9-3390f892eaba","source_file":"/mnt/Bro/current/pe.log","state_id":"native::5113074-64768","finished":false,"os_id":"5113074-64768","old_source":"/mnt/Bro/current/pe.log","old_finished":true,"old_os_id":"5113074-64768","harvester_id":"629c5e98-a526-4c51-88df-8538117e8d5f","ecs.version":"1.6.0"} | |
| Aug 30 12:52:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:52:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":154030080}}}},"cpu":{"system":{"ticks":748290,"time":{"ms":850}},"total":{"ticks":11020850,"time":{"ms":11320},"value":11020850},"user":{"ticks":10272560,"time":{"ms":10470}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56880116},"version":"8.9.1"},"memstats":{"gc_next":124900752,"memory_alloc":90202352,"memory_total":653916146888,"rss":213331968},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":935,"added":24985,"done":24772},"harvester":{"closed":1,"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25203,"active":50,"batches":508,"total":25253},"read":{"bytes":5626261},"write":{"bytes":47249044}},"pipeline":{"clients":38,"events":{"active":435,"filtered":1,"published":24984,"total":24985},"queue":{"acked":25203}}},"registrar":{"states":{"current":20,"update":25204},"writes":{"success":28,"total":28}},"system":{"load":{"1":2.33,"15":1.94,"5":2.13,"norm":{"1":0.0583,"15":0.0485,"5":0.0533}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:53:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:53:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":161325056}}}},"cpu":{"system":{"ticks":748910,"time":{"ms":620}},"total":{"ticks":11031030,"time":{"ms":10180},"value":11031030},"user":{"ticks":10282120,"time":{"ms":9560}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56910113},"version":"8.9.1"},"memstats":{"gc_next":129836136,"memory_alloc":102286424,"memory_total":654537725872,"rss":220508160},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":634,"added":23609,"done":23910},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23459,"active":0,"batches":472,"total":23409},"read":{"bytes":5237092},"write":{"bytes":43775916}},"pipeline":{"clients":38,"events":{"active":578,"published":23601,"total":23602},"queue":{"acked":23459}}},"registrar":{"states":{"current":20,"update":23459},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.8,"15":1.91,"5":2.02,"norm":{"1":0.045,"15":0.0478,"5":0.0505}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:53:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:53:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":147951616}}}},"cpu":{"system":{"ticks":749630,"time":{"ms":720}},"total":{"ticks":11041630,"time":{"ms":10600},"value":11041630},"user":{"ticks":10292000,"time":{"ms":9880}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56940113},"version":"8.9.1"},"memstats":{"gc_next":122353832,"memory_alloc":74968640,"memory_total":655157922640,"rss":206901248},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1742,"added":23747,"done":22639},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23740,"active":50,"batches":481,"total":23790},"read":{"bytes":5300029},"write":{"bytes":43855624}},"pipeline":{"clients":38,"events":{"active":592,"published":23755,"total":23754},"queue":{"acked":23740}}},"registrar":{"states":{"current":20,"update":23740},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.39,"15":1.87,"5":1.9,"norm":{"1":0.0347,"15":0.0468,"5":0.0475}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:54:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:54:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":136581120}}}},"cpu":{"system":{"ticks":750220,"time":{"ms":590}},"total":{"ticks":11050480,"time":{"ms":8850},"value":11050480},"user":{"ticks":10300260,"time":{"ms":8260}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":56970115},"version":"8.9.1"},"memstats":{"gc_next":94372952,"memory_alloc":76721328,"memory_total":655685421040,"rss":196136960},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1257,"added":20064,"done":20549},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":20349,"active":50,"batches":414,"total":20349},"read":{"bytes":4543389},"write":{"bytes":37892670}},"pipeline":{"clients":38,"events":{"active":307,"published":20064,"total":20064},"queue":{"acked":20349}}},"registrar":{"states":{"current":20,"update":20349},"writes":{"success":22,"total":22}},"system":{"load":{"1":1.21,"15":1.84,"5":1.81,"norm":{"1":0.0303,"15":0.046,"5":0.0453}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:54:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:54:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":153620480}}}},"cpu":{"system":{"ticks":750860,"time":{"ms":640}},"total":{"ticks":11059610,"time":{"ms":9130},"value":11059610},"user":{"ticks":10308750,"time":{"ms":8490}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57000113},"version":"8.9.1"},"memstats":{"gc_next":120447392,"memory_alloc":108139752,"memory_total":656233714664,"rss":212361216},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1217,"added":20967,"done":21007},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":21007,"active":50,"batches":428,"total":21007},"read":{"bytes":4690394},"write":{"bytes":38856000}},"pipeline":{"clients":38,"events":{"active":267,"published":20967,"total":20967},"queue":{"acked":21007}}},"registrar":{"states":{"current":20,"update":21007},"writes":{"success":21,"total":21}},"system":{"load":{"1":1.13,"15":1.82,"5":1.74,"norm":{"1":0.0283,"15":0.0455,"5":0.0435}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:55:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:55:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":162508800}}}},"cpu":{"system":{"ticks":751300,"time":{"ms":440}},"total":{"ticks":11068350,"time":{"ms":8740},"value":11068350},"user":{"ticks":10317050,"time":{"ms":8300}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57030115},"version":"8.9.1"},"memstats":{"gc_next":143546904,"memory_alloc":75730232,"memory_total":656759920800,"rss":220925952},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":618,"added":19977,"done":20576},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":19976,"active":50,"batches":406,"total":19976},"read":{"bytes":4460026},"write":{"bytes":37131479}},"pipeline":{"clients":38,"events":{"active":268,"published":19977,"total":19977},"queue":{"acked":19976}}},"registrar":{"states":{"current":20,"update":19976},"writes":{"success":22,"total":22}},"system":{"load":{"1":1.53,"15":1.82,"5":1.77,"norm":{"1":0.0383,"15":0.0455,"5":0.0443}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:55:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:55:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":167337984}}}},"cpu":{"system":{"ticks":752050,"time":{"ms":750}},"total":{"ticks":11077680,"time":{"ms":9330},"value":11077680},"user":{"ticks":10325630,"time":{"ms":8580}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57060115},"version":"8.9.1"},"memstats":{"gc_next":138978520,"memory_alloc":69760440,"memory_total":657295153616,"rss":225914880},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":1092,"added":20408,"done":19934},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":19619,"active":0,"batches":399,"total":19569},"read":{"bytes":4380527},"write":{"bytes":36333606}},"pipeline":{"clients":38,"events":{"active":1057,"published":20408,"total":20408},"queue":{"acked":19619}}},"registrar":{"states":{"current":20,"update":19619},"writes":{"success":21,"total":21}},"system":{"load":{"1":1.24,"15":1.79,"5":1.66,"norm":{"1":0.031,"15":0.0448,"5":0.0415}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:56:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:56:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":163078144}}}},"cpu":{"system":{"ticks":752630,"time":{"ms":580}},"total":{"ticks":11086530,"time":{"ms":8850},"value":11086530},"user":{"ticks":10333900,"time":{"ms":8270}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57090114},"version":"8.9.1"},"memstats":{"gc_next":114251624,"memory_alloc":87233656,"memory_total":657820837872,"rss":220516352},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1571,"added":19910,"done":19431},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":20596,"active":50,"batches":419,"total":20646},"read":{"bytes":4598370},"write":{"bytes":38663611}},"pipeline":{"clients":38,"events":{"active":371,"published":19910,"total":19910},"queue":{"acked":20596}}},"registrar":{"states":{"current":20,"update":20596},"writes":{"success":22,"total":22}},"system":{"load":{"1":0.97,"15":1.74,"5":1.55,"norm":{"1":0.0243,"15":0.0435,"5":0.0388}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:56:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:56:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":174268416}}}},"cpu":{"system":{"ticks":753350,"time":{"ms":720}},"total":{"ticks":11097210,"time":{"ms":10680},"value":11097210},"user":{"ticks":10343860,"time":{"ms":9960}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57120114},"version":"8.9.1"},"memstats":{"gc_next":127635296,"memory_alloc":119360296,"memory_total":658467133832,"rss":231530496},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1759,"added":24385,"done":24197},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24197,"active":50,"batches":488,"total":24197},"read":{"bytes":5401857},"write":{"bytes":45434487}},"pipeline":{"clients":38,"events":{"active":559,"published":24385,"total":24385},"queue":{"acked":24197}}},"registrar":{"states":{"current":20,"update":24197},"writes":{"success":25,"total":25}},"system":{"load":{"1":0.95,"15":1.72,"5":1.5,"norm":{"1":0.0238,"15":0.043,"5":0.0375}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:57:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:57:02.365Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"5f023bf7-2895-4402-8800-0ea487a7915b","source_file":"/mnt/Bro/current/capture_loss.log","state_id":"native::5111854-64768","finished":false,"os_id":"5111854-64768","old_source":"/mnt/Bro/current/capture_loss.log","old_finished":true,"old_os_id":"5111854-64768","harvester_id":"ab31568c-49c9-4db4-b15a-8bf89531851e","ecs.version":"1.6.0"} | |
| Aug 30 12:57:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:57:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":147329024}}}},"cpu":{"system":{"ticks":754060,"time":{"ms":710}},"total":{"ticks":11107440,"time":{"ms":10230},"value":11107440},"user":{"ticks":10353380,"time":{"ms":9520}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":28},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57150116},"version":"8.9.1"},"memstats":{"gc_next":110851680,"memory_alloc":101547216,"memory_total":659068777008,"rss":205459456},"runtime":{"goroutines":296}},"filebeat":{"events":{"active":1727,"added":22881,"done":22913},"harvester":{"closed":1,"open_files":16,"running":16}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":22762,"active":50,"batches":460,"total":22762},"read":{"bytes":5081658},"write":{"bytes":42560904}},"pipeline":{"clients":38,"events":{"active":677,"filtered":1,"published":22880,"total":22881},"queue":{"acked":22762}}},"registrar":{"states":{"current":20,"update":22813},"writes":{"success":22,"total":22}},"system":{"load":{"1":0.85,"15":1.68,"5":1.42,"norm":{"1":0.0212,"15":0.042,"5":0.0355}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:57:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:57:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":161873920}}}},"cpu":{"system":{"ticks":754680,"time":{"ms":620}},"total":{"ticks":11117780,"time":{"ms":10340},"value":11117780},"user":{"ticks":10363100,"time":{"ms":9720}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":28},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57180113},"version":"8.9.1"},"memstats":{"gc_next":117883680,"memory_alloc":64939656,"memory_total":659676818136,"rss":219176960},"runtime":{"goroutines":295}},"filebeat":{"events":{"active":1099,"added":22952,"done":23580},"harvester":{"open_files":16,"running":16}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":22530,"active":0,"batches":454,"total":22480},"read":{"bytes":5029823},"write":{"bytes":42049260}},"pipeline":{"clients":38,"events":{"active":1099,"published":22952,"total":22952},"queue":{"acked":22530}}},"registrar":{"states":{"current":20,"update":22480},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.12,"15":1.68,"5":1.42,"norm":{"1":0.028,"15":0.042,"5":0.0355}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:57:42 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:57:42.369Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/x509.log]","service.name":"filebeat","input_id":"d41534e2-6fab-41c6-94f3-27768f2a2d63","source_file":"/mnt/Bro/current/x509.log","state_id":"native::5113070-64768","finished":false,"os_id":"5113070-64768","old_source":"/mnt/Bro/current/x509.log","old_finished":true,"old_os_id":"5113070-64768","harvester_id":"32be8961-5b65-4ead-96be-45a5bcb3b58b","ecs.version":"1.6.0"} | |
| Aug 30 12:58:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:58:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":165130240}}}},"cpu":{"system":{"ticks":755290,"time":{"ms":610}},"total":{"ticks":11127020,"time":{"ms":9240},"value":11127020},"user":{"ticks":10371730,"time":{"ms":8630}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57210113},"version":"8.9.1"},"memstats":{"gc_next":135526352,"memory_alloc":85026056,"memory_total":660221664424,"rss":222650368},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":679,"added":20497,"done":20917},"harvester":{"open_files":17,"running":17,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":21116,"active":50,"batches":429,"total":21166},"read":{"bytes":4714395},"write":{"bytes":39883241}},"pipeline":{"clients":38,"events":{"active":479,"filtered":1,"published":20496,"total":20497},"queue":{"acked":21116}}},"registrar":{"states":{"current":20,"update":21117},"writes":{"success":23,"total":23}},"system":{"load":{"1":0.85,"15":1.64,"5":1.33,"norm":{"1":0.0212,"15":0.041,"5":0.0333}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:58:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:58:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":153579520}}}},"cpu":{"system":{"ticks":755800,"time":{"ms":510}},"total":{"ticks":11136460,"time":{"ms":9440},"value":11136460},"user":{"ticks":10380660,"time":{"ms":8930}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57240114},"version":"8.9.1"},"memstats":{"gc_next":108527600,"memory_alloc":76132792,"memory_total":660798272880,"rss":212082688},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1179,"added":21990,"done":21490},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":21740,"active":50,"batches":442,"total":21740},"read":{"bytes":4853906},"write":{"bytes":40434139}},"pipeline":{"clients":38,"events":{"active":729,"published":21990,"total":21990},"queue":{"acked":21740}}},"registrar":{"states":{"current":20,"update":21740},"writes":{"success":23,"total":23}},"system":{"load":{"1":1.17,"15":1.64,"5":1.36,"norm":{"1":0.0293,"15":0.041,"5":0.034}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:59:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:59:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":154062848}}}},"cpu":{"system":{"ticks":756560,"time":{"ms":760}},"total":{"ticks":11146760,"time":{"ms":10300},"value":11146760},"user":{"ticks":10390200,"time":{"ms":9540}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57270114},"version":"8.9.1"},"memstats":{"gc_next":121788280,"memory_alloc":104943280,"memory_total":661417101416,"rss":211484672},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1675,"added":23291,"done":22795},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23195,"active":50,"batches":468,"total":23195},"read":{"bytes":5178211},"write":{"bytes":43666245}},"pipeline":{"clients":38,"events":{"active":825,"published":23291,"total":23291},"queue":{"acked":23195}}},"registrar":{"states":{"current":20,"update":23195},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.39,"15":1.64,"5":1.39,"norm":{"1":0.0347,"15":0.041,"5":0.0347}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 12:59:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T12:59:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":149843968}}}},"cpu":{"system":{"ticks":757230,"time":{"ms":670}},"total":{"ticks":11157130,"time":{"ms":10370},"value":11157130},"user":{"ticks":10399900,"time":{"ms":9700}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57300113},"version":"8.9.1"},"memstats":{"gc_next":127873176,"memory_alloc":107805808,"memory_total":662035129736,"rss":207917056},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":407,"added":23631,"done":24899},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24049,"active":50,"batches":487,"total":24049},"read":{"bytes":5369143},"write":{"bytes":44308734}},"pipeline":{"clients":38,"events":{"active":407,"published":23631,"total":23631},"queue":{"acked":24049}}},"registrar":{"states":{"current":20,"update":24049},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.24,"15":1.62,"5":1.36,"norm":{"1":0.031,"15":0.0405,"5":0.034}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:00:00 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:00.316Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"67ccfd44-c773-41d1-92ea-0ec10b9b1bc9","source_file":"/mnt/Bro/current/ocsp.log","state_id":"native::5113060-64768","finished":false,"os_id":"5113060-64768","harvester_id":"b04165af-2bb6-4c7d-9da5-b18c0d523bac","ecs.version":"1.6.0"} | |
| Aug 30 13:00:00 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:00.370Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"3ce1dde2-7d3e-4390-9f96-da106cbd8778","source_file":"/mnt/Bro/current/ssh.log","state_id":"native::5111876-64768","finished":false,"os_id":"5111876-64768","harvester_id":"dffe8ad9-e855-4fca-893e-641b7d66fb00","ecs.version":"1.6.0"} | |
| Aug 30 13:00:00 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:00.542Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"6c775ba2-78c8-4e30-b1f2-d92886673e52","source_file":"/mnt/Bro/current/sip.log","state_id":"native::5113067-64768","finished":false,"os_id":"5113067-64768","harvester_id":"f3fce0a4-0930-47ef-bb9f-33abb34ba669","ecs.version":"1.6.0"} | |
| Aug 30 13:00:00 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:00.547Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"cd2edafe-a4f3-4374-8bc3-2f8c48f38146","source_file":"/mnt/Bro/current/dpd.log","state_id":"native::5113078-64768","finished":false,"os_id":"5113078-64768","harvester_id":"129cfe79-49f4-49e9-bb3f-f478b4cab365","ecs.version":"1.6.0"} | |
| Aug 30 13:00:00 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:00.668Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"090b444b-80ed-459d-8b4e-122c94108fc2","source_file":"/mnt/Bro/current/files.log","state_id":"native::5113062-64768","finished":false,"os_id":"5113062-64768","harvester_id":"a39a0868-f539-4a75-b609-643e752677a2","ecs.version":"1.6.0"} | |
| Aug 30 13:00:00 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:00.769Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"42901569-53ff-42f6-997d-dc0cef4a7c73","source_file":"/mnt/Bro/current/http.log","state_id":"native::5113064-64768","finished":false,"os_id":"5113064-64768","harvester_id":"e15d47fd-1725-49e6-b82c-76d3bade81d8","ecs.version":"1.6.0"} | |
| Aug 30 13:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:02.379Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/weird.log]","service.name":"filebeat","input_id":"9508f3bf-854e-4df2-b3ff-34936807293a","source_file":"/mnt/Bro/current/weird.log","state_id":"native::5111878-64768","finished":false,"os_id":"5111878-64768","harvester_id":"28372dea-2d52-4bb6-bfd5-23b36d6332d7","ecs.version":"1.6.0"} | |
| Aug 30 13:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:02.379Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/ssl.log]","service.name":"filebeat","input_id":"9e584b0f-3c78-43a2-add2-64f4691c040d","source_file":"/mnt/Bro/current/ssl.log","state_id":"native::5113060-64768","finished":false,"os_id":"5113060-64768","harvester_id":"ebb5a1aa-1a7f-4478-a815-ace24a9bb7e9","ecs.version":"1.6.0"} | |
| Aug 30 13:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:02.379Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/dns.log]","service.name":"filebeat","input_id":"0c5beed2-2e9d-4e5a-8694-e20f3c13f6b4","source_file":"/mnt/Bro/current/dns.log","state_id":"native::5113080-64768","finished":false,"os_id":"5113080-64768","harvester_id":"b5cb351a-4068-448b-a5eb-ce7229a20eba","ecs.version":"1.6.0"} | |
| Aug 30 13:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:02.379Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/files.log]","service.name":"filebeat","input_id":"090b444b-80ed-459d-8b4e-122c94108fc2","source_file":"/mnt/Bro/current/files.log","state_id":"native::5111853-64768","finished":false,"os_id":"5111853-64768","harvester_id":"22780842-0aa9-4311-af2b-57217bf26567","ecs.version":"1.6.0"} | |
| Aug 30 13:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:02.379Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/snmp.log]","service.name":"filebeat","input_id":"0ef7faed-78de-470f-bcb2-2c20d50f687c","source_file":"/mnt/Bro/current/snmp.log","state_id":"native::5113074-64768","finished":false,"os_id":"5113074-64768","harvester_id":"3c629454-a3fc-4b9d-823b-80b7afc76dbf","ecs.version":"1.6.0"} | |
| Aug 30 13:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:02.380Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"d41534e2-6fab-41c6-94f3-27768f2a2d63","source_file":"/mnt/Bro/current/x509.log","state_id":"native::5113070-64768","finished":false,"os_id":"5113070-64768","old_source":"/mnt/Bro/current/x509.log","old_finished":true,"old_os_id":"5113070-64768","harvester_id":"32be8961-5b65-4ead-96be-45a5bcb3b58b","ecs.version":"1.6.0"} | |
| Aug 30 13:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:02.380Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/conn.log]","service.name":"filebeat","input_id":"2ad68786-9701-433a-bb17-c10d33a519a9","source_file":"/mnt/Bro/current/conn.log","state_id":"native::5113069-64768","finished":false,"os_id":"5113069-64768","harvester_id":"a323a84b-a7d3-469b-84ef-9134505d543e","ecs.version":"1.6.0"} | |
| Aug 30 13:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:02.380Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/http.log]","service.name":"filebeat","input_id":"42901569-53ff-42f6-997d-dc0cef4a7c73","source_file":"/mnt/Bro/current/http.log","state_id":"native::5111876-64768","finished":false,"os_id":"5111876-64768","harvester_id":"36630efe-f3a4-4a54-8d75-5ba2a5b88724","ecs.version":"1.6.0"} | |
| Aug 30 13:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:02.391Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"e923be40-f07c-4903-a0a5-6c301b4eeceb","source_file":"/mnt/Bro/current/dhcp.log","state_id":"native::5113072-64768","finished":false,"os_id":"5113072-64768","harvester_id":"3d6afdf7-c376-4222-8749-9684b94e646d","ecs.version":"1.6.0"} | |
| Aug 30 13:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:02.668Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"0ef7faed-78de-470f-bcb2-2c20d50f687c","source_file":"/mnt/Bro/current/snmp.log","state_id":"native::5113061-64768","finished":false,"os_id":"5113061-64768","harvester_id":"043d354b-c8d4-4dc6-95d7-66ee9dceb46b","ecs.version":"1.6.0"} | |
| Aug 30 13:00:03 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:03.114Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"0c5beed2-2e9d-4e5a-8694-e20f3c13f6b4","source_file":"/mnt/Bro/current/dns.log","state_id":"native::5112916-64768","finished":false,"os_id":"5112916-64768","harvester_id":"0fb3766e-d73c-4691-af30-a8c472ae3dd9","ecs.version":"1.6.0"} | |
| Aug 30 13:00:03 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:03.130Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"9e584b0f-3c78-43a2-add2-64f4691c040d","source_file":"/mnt/Bro/current/ssl.log","state_id":"native::5113066-64768","finished":false,"os_id":"5113066-64768","harvester_id":"88fbfed7-22b6-4b19-b861-bde86b240bfa","ecs.version":"1.6.0"} | |
| Aug 30 13:00:03 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:03.299Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"9508f3bf-854e-4df2-b3ff-34936807293a","source_file":"/mnt/Bro/current/weird.log","state_id":"native::5113058-64768","finished":false,"os_id":"5113058-64768","harvester_id":"e8942040-2e20-444e-85d8-51782f2a2028","ecs.version":"1.6.0"} | |
| Aug 30 13:00:04 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:04.445Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"192c149c-82ee-41b7-b6fb-0aa28f588304","source_file":"/mnt/Bro/current/stats.log","state_id":"native::5111875-64768","finished":false,"os_id":"5111875-64768","harvester_id":"dcc76015-7649-46b6-bbb1-b60b8a5b354e","ecs.version":"1.6.0"} | |
| Aug 30 13:00:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":162492416}}}},"cpu":{"system":{"ticks":758070,"time":{"ms":840}},"total":{"ticks":11167470,"time":{"ms":10340},"value":11167470},"user":{"ticks":10409400,"time":{"ms":9500}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":23},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57330114},"version":"8.9.1"},"memstats":{"gc_next":131999600,"memory_alloc":82178464,"memory_total":662668617128,"rss":219566080},"runtime":{"goroutines":270}},"filebeat":{"events":{"active":185,"added":24146,"done":24368},"harvester":{"closed":13,"open_files":11,"running":11,"started":7}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24339,"active":0,"batches":490,"total":24289},"read":{"bytes":5433580},"write":{"bytes":45402634}},"pipeline":{"clients":38,"events":{"active":142,"filtered":29,"published":24073,"total":24103},"queue":{"acked":24339}}},"registrar":{"states":{"cleanup":8,"current":18,"update":24368},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.76,"15":1.64,"5":1.44,"norm":{"1":0.044,"15":0.041,"5":0.036}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:00:07 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:07.355Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"6c7f5046-2a26-4362-a64b-f202e738d8b2","source_file":"/mnt/Bro/current/tunnel.log","state_id":"native::5113075-64768","finished":false,"os_id":"5113075-64768","harvester_id":"b7957388-e08b-4380-805b-85bba3409d59","ecs.version":"1.6.0"} | |
| Aug 30 13:00:09 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:09.380Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"fb9e81d3-d26f-43ea-869f-eb42b9a26442","source_file":"/mnt/Bro/current/notice.log","state_id":"native::5113071-64768","finished":false,"os_id":"5113071-64768","old_source":"/mnt/Bro/current/notice.log","old_finished":true,"old_os_id":"5113071-64768","harvester_id":"12ed5358-3697-494b-8477-f58a2413da79","ecs.version":"1.6.0"} | |
| Aug 30 13:00:09 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:09.921Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"c3769a41-2de0-4562-9683-bab20b25806b","source_file":"/mnt/Bro/current/radius.log","state_id":"native::5113077-64768","finished":false,"os_id":"5113077-64768","harvester_id":"e8609aa3-fe37-4304-9586-49fba41d8049","ecs.version":"1.6.0"} | |
| Aug 30 13:00:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:12.380Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/ssh.log]","service.name":"filebeat","input_id":"3ce1dde2-7d3e-4390-9f96-da106cbd8778","source_file":"/mnt/Bro/current/ssh.log","state_id":"native::5112916-64768","finished":false,"os_id":"5112916-64768","harvester_id":"9fa69870-6495-4b47-941a-e478c0ba51a0","ecs.version":"1.6.0"} | |
| Aug 30 13:00:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:12.381Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/dpd.log]","service.name":"filebeat","input_id":"cd2edafe-a4f3-4374-8bc3-2f8c48f38146","source_file":"/mnt/Bro/current/dpd.log","state_id":"native::5113067-64768","finished":false,"os_id":"5113067-64768","harvester_id":"0c52e297-ded9-4f23-808d-3056a5283f0c","ecs.version":"1.6.0"} | |
| Aug 30 13:00:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:12.381Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/radius.log]","service.name":"filebeat","input_id":"c3769a41-2de0-4562-9683-bab20b25806b","source_file":"/mnt/Bro/current/radius.log","state_id":"native::5113061-64768","finished":false,"os_id":"5113061-64768","harvester_id":"adbf0de7-a32d-445a-80b2-52b0ac296093","ecs.version":"1.6.0"} | |
| Aug 30 13:00:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:12.381Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/ocsp.log]","service.name":"filebeat","input_id":"67ccfd44-c773-41d1-92ea-0ec10b9b1bc9","source_file":"/mnt/Bro/current/ocsp.log","state_id":"native::5113070-64768","finished":false,"os_id":"5113070-64768","harvester_id":"b8d60c8f-cc4e-4973-ad21-78eac4523c0e","ecs.version":"1.6.0"} | |
| Aug 30 13:00:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:12.381Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/notice.log]","service.name":"filebeat","input_id":"fb9e81d3-d26f-43ea-869f-eb42b9a26442","source_file":"/mnt/Bro/current/notice.log","state_id":"native::5113066-64768","finished":false,"os_id":"5113066-64768","harvester_id":"498d5663-a291-447c-ac9c-29863b62b37b","ecs.version":"1.6.0"} | |
| Aug 30 13:00:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:12.381Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/sip.log]","service.name":"filebeat","input_id":"6c775ba2-78c8-4e30-b1f2-d92886673e52","source_file":"/mnt/Bro/current/sip.log","state_id":"native::5113071-64768","finished":false,"os_id":"5113071-64768","harvester_id":"144c99be-53ae-490b-8bb6-93c0d36320e2","ecs.version":"1.6.0"} | |
| Aug 30 13:00:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:12.381Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/stats.log]","service.name":"filebeat","input_id":"192c149c-82ee-41b7-b6fb-0aa28f588304","source_file":"/mnt/Bro/current/stats.log","state_id":"native::5111854-64768","finished":false,"os_id":"5111854-64768","harvester_id":"76406cc0-2131-4d01-ad83-cc942b0eae00","ecs.version":"1.6.0"} | |
| Aug 30 13:00:15 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:15.319Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"2ad68786-9701-433a-bb17-c10d33a519a9","source_file":"/mnt/Bro/current/conn.log","state_id":"native::5113068-64768","finished":false,"os_id":"5113068-64768","harvester_id":"9667e270-f4ba-4e14-beca-afbb7f63b5bf","ecs.version":"1.6.0"} | |
| Aug 30 13:00:22 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:22.381Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/x509.log]","service.name":"filebeat","input_id":"d41534e2-6fab-41c6-94f3-27768f2a2d63","source_file":"/mnt/Bro/current/x509.log","state_id":"native::5113068-64768","finished":false,"os_id":"5113068-64768","harvester_id":"3f3c0d69-5c64-43ee-bad5-3fadac8c6cdc","ecs.version":"1.6.0"} | |
| Aug 30 13:00:32 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:32.382Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/tunnel.log]","service.name":"filebeat","input_id":"6c7f5046-2a26-4362-a64b-f202e738d8b2","source_file":"/mnt/Bro/current/tunnel.log","state_id":"native::5113072-64768","finished":false,"os_id":"5113072-64768","harvester_id":"b5e0de28-e39e-40f9-ae80-3cc9163ecc77","ecs.version":"1.6.0"} | |
| Aug 30 13:00:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:00:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":168845312}}}},"cpu":{"system":{"ticks":759040,"time":{"ms":970}},"total":{"ticks":11179540,"time":{"ms":12070},"value":11179540},"user":{"ticks":10420500,"time":{"ms":11100}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":28},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57360113},"version":"8.9.1"},"memstats":{"gc_next":129970840,"memory_alloc":122558472,"memory_total":663412933640,"rss":226811904},"runtime":{"goroutines":296}},"filebeat":{"events":{"active":1674,"added":28322,"done":26833},"harvester":{"closed":4,"open_files":16,"running":16,"started":9}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27509,"active":50,"batches":554,"total":27559},"read":{"bytes":6140975},"write":{"bytes":51410517}},"pipeline":{"clients":38,"events":{"active":974,"filtered":24,"published":28342,"total":28365},"queue":{"acked":27509}}},"registrar":{"states":{"cleanup":5,"current":16,"update":27533},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.69,"15":1.64,"5":1.46,"norm":{"1":0.0422,"15":0.041,"5":0.0365}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:01:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:01:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":153505792}}}},"cpu":{"system":{"ticks":759710,"time":{"ms":670}},"total":{"ticks":11190540,"time":{"ms":11000},"value":11190540},"user":{"ticks":10430830,"time":{"ms":10330}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":28},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57390115},"version":"8.9.1"},"memstats":{"gc_next":116169560,"memory_alloc":75471128,"memory_total":664058549320,"rss":211132416},"runtime":{"goroutines":296}},"filebeat":{"events":{"active":1554,"added":24487,"done":24607},"harvester":{"open_files":16,"running":16}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24507,"active":50,"batches":495,"total":24507},"read":{"bytes":5471203},"write":{"bytes":45742169}},"pipeline":{"clients":38,"events":{"active":954,"published":24487,"total":24487},"queue":{"acked":24507}}},"registrar":{"states":{"current":16,"update":24507},"writes":{"success":26,"total":26}},"system":{"load":{"1":2.05,"15":1.66,"5":1.55,"norm":{"1":0.0513,"15":0.0415,"5":0.0388}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:01:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:01:12.385Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/dhcp.log]","service.name":"filebeat","input_id":"e923be40-f07c-4903-a0a5-6c301b4eeceb","source_file":"/mnt/Bro/current/dhcp.log","state_id":"native::5113075-64768","finished":false,"os_id":"5113075-64768","harvester_id":"d4731ce9-c9e6-40b8-a087-910eed1e4c94","ecs.version":"1.6.0"} | |
| Aug 30 13:01:32 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:01:32.384Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/pe.log]","service.name":"filebeat","input_id":"9ae4765b-23f2-4be3-a4d9-3390f892eaba","source_file":"/mnt/Bro/current/pe.log","state_id":"native::5113077-64768","finished":false,"os_id":"5113077-64768","harvester_id":"8f12b387-adb7-49a8-ace4-d34f1f4518f9","ecs.version":"1.6.0"} | |
| Aug 30 13:01:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:01:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":175431680}}}},"cpu":{"system":{"ticks":760360,"time":{"ms":650}},"total":{"ticks":11200500,"time":{"ms":9960},"value":11200500},"user":{"ticks":10440140,"time":{"ms":9310}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57420115},"version":"8.9.1"},"memstats":{"gc_next":142104192,"memory_alloc":96832784,"memory_total":664653128160,"rss":231186432},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1642,"added":22822,"done":22734},"harvester":{"open_files":18,"running":18,"started":2}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":22882,"active":50,"batches":463,"total":22882},"read":{"bytes":5108544},"write":{"bytes":42066365}},"pipeline":{"clients":38,"events":{"active":892,"filtered":2,"published":22820,"total":22822},"queue":{"acked":22882}}},"registrar":{"states":{"current":18,"update":22884},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.7,"15":1.64,"5":1.51,"norm":{"1":0.0425,"15":0.041,"5":0.0378}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:02:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:02:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":159379456}}}},"cpu":{"system":{"ticks":761150,"time":{"ms":790}},"total":{"ticks":11210930,"time":{"ms":10430},"value":11210930},"user":{"ticks":10449780,"time":{"ms":9640}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57450115},"version":"8.9.1"},"memstats":{"gc_next":137584512,"memory_alloc":85977672,"memory_total":665259958328,"rss":214773760},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":890,"added":22950,"done":23702},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23004,"active":0,"batches":465,"total":22954},"read":{"bytes":5135864},"write":{"bytes":43218755}},"pipeline":{"clients":38,"events":{"active":838,"published":22950,"total":22950},"queue":{"acked":23004}}},"registrar":{"states":{"current":18,"update":23004},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.67,"15":1.64,"5":1.52,"norm":{"1":0.0417,"15":0.041,"5":0.038}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:02:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:02:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":160403456}}}},"cpu":{"system":{"ticks":761930,"time":{"ms":780}},"total":{"ticks":11221920,"time":{"ms":10990},"value":11221920},"user":{"ticks":10459990,"time":{"ms":10210}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57480113},"version":"8.9.1"},"memstats":{"gc_next":136961328,"memory_alloc":112436528,"memory_total":665930180648,"rss":216862720},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":1367,"added":25393,"done":24916},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25364,"active":50,"batches":512,"total":25414},"read":{"bytes":5662316},"write":{"bytes":47474932}},"pipeline":{"clients":38,"events":{"active":867,"published":25392,"total":25393},"queue":{"acked":25364}}},"registrar":{"states":{"current":18,"update":25364},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.24,"15":1.6,"5":1.43,"norm":{"1":0.031,"15":0.04,"5":0.0357}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:03:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:03:06.488Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":172105728}}}},"cpu":{"system":{"ticks":762670,"time":{"ms":740}},"total":{"ticks":11232840,"time":{"ms":10920},"value":11232840},"user":{"ticks":10470170,"time":{"ms":10180}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57510115},"version":"8.9.1"},"memstats":{"gc_next":138252824,"memory_alloc":108484608,"memory_total":666577493992,"rss":228057088},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1515,"added":24591,"done":24443},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24393,"active":50,"batches":492,"total":24393},"read":{"bytes":5445638},"write":{"bytes":45581563}},"pipeline":{"clients":38,"events":{"active":1065,"published":24592,"total":24591},"queue":{"acked":24393}}},"registrar":{"states":{"current":18,"update":24393},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.17,"15":1.58,"5":1.39,"norm":{"1":0.0293,"15":0.0395,"5":0.0347}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:03:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:03:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":155807744}}}},"cpu":{"system":{"ticks":763330,"time":{"ms":660}},"total":{"ticks":11243150,"time":{"ms":10310},"value":11243150},"user":{"ticks":10479820,"time":{"ms":9650}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57540113},"version":"8.9.1"},"memstats":{"gc_next":139140880,"memory_alloc":91593864,"memory_total":667194336160,"rss":212402176},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1362,"added":23347,"done":23500},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23500,"active":50,"batches":474,"total":23500},"read":{"bytes":5246278},"write":{"bytes":43890716}},"pipeline":{"clients":38,"events":{"active":912,"published":23347,"total":23347},"queue":{"acked":23500}}},"registrar":{"states":{"current":18,"update":23500},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.3,"15":1.58,"5":1.4,"norm":{"1":0.0325,"15":0.0395,"5":0.035}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:03:52 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:03:52.394Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/kerberos.log]","service.name":"filebeat","input_id":"d231eb41-d945-4da6-bd53-028f690c281c","source_file":"/mnt/Bro/current/kerberos.log","state_id":"native::5113078-64768","finished":false,"os_id":"5113078-64768","harvester_id":"c2234db6-0950-414a-aa6a-2bc9cbed25aa","ecs.version":"1.6.0"} | |
| Aug 30 13:04:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:04:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":167161856}}}},"cpu":{"system":{"ticks":763960,"time":{"ms":630}},"total":{"ticks":11252940,"time":{"ms":9790},"value":11252940},"user":{"ticks":10488980,"time":{"ms":9160}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57570113},"version":"8.9.1"},"memstats":{"gc_next":117779712,"memory_alloc":67297192,"memory_total":667786268184,"rss":222220288},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":1181,"added":22369,"done":22550},"harvester":{"open_files":19,"running":19,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":22549,"active":50,"batches":456,"total":22549},"read":{"bytes":5034171},"write":{"bytes":42379458}},"pipeline":{"clients":38,"events":{"active":731,"filtered":1,"published":22368,"total":22369},"queue":{"acked":22549}}},"registrar":{"states":{"current":19,"update":22550},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.22,"15":1.57,"5":1.37,"norm":{"1":0.0305,"15":0.0393,"5":0.0343}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:04:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:04:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":169664512}}}},"cpu":{"system":{"ticks":764690,"time":{"ms":730}},"total":{"ticks":11263470,"time":{"ms":10530},"value":11263470},"user":{"ticks":10498780,"time":{"ms":9800}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57600115},"version":"8.9.1"},"memstats":{"gc_next":133389968,"memory_alloc":109633928,"memory_total":668414133672,"rss":224882688},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":1224,"added":23731,"done":23688},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24038,"active":50,"batches":484,"total":24038},"read":{"bytes":5366247},"write":{"bytes":45067380}},"pipeline":{"clients":38,"events":{"active":424,"published":23731,"total":23731},"queue":{"acked":24038}}},"registrar":{"states":{"current":19,"update":24038},"writes":{"success":22,"total":22}},"system":{"load":{"1":1.06,"15":1.54,"5":1.32,"norm":{"1":0.0265,"15":0.0385,"5":0.033}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:05:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:05:06.485Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":147275776}}}},"cpu":{"system":{"ticks":765440,"time":{"ms":750}},"total":{"ticks":11275720,"time":{"ms":12250},"value":11275720},"user":{"ticks":10510280,"time":{"ms":11500}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57630117},"version":"8.9.1"},"memstats":{"gc_next":100383232,"memory_alloc":70916016,"memory_total":669158613240,"rss":203612160},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":1348,"added":28034,"done":27910},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27110,"active":50,"batches":545,"total":27110},"read":{"bytes":6051909},"write":{"bytes":51002031}},"pipeline":{"clients":38,"events":{"active":1348,"published":28034,"total":28034},"queue":{"acked":27110}}},"registrar":{"states":{"current":19,"update":27110},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.36,"15":1.55,"5":1.36,"norm":{"1":0.034,"15":0.0388,"5":0.034}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:05:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:05:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":149323776}}}},"cpu":{"system":{"ticks":766410,"time":{"ms":970}},"total":{"ticks":11288890,"time":{"ms":13170},"value":11288890},"user":{"ticks":10522480,"time":{"ms":12200}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57660114},"version":"8.9.1"},"memstats":{"gc_next":119052960,"memory_alloc":92371256,"memory_total":669950937440,"rss":203763712},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":1437,"added":29903,"done":29814},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":30614,"active":50,"batches":615,"total":30614},"read":{"bytes":6834064},"write":{"bytes":57547598}},"pipeline":{"clients":38,"events":{"active":637,"published":29903,"total":29903},"queue":{"acked":30614}}},"registrar":{"states":{"current":19,"update":30614},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.21,"15":1.53,"5":1.32,"norm":{"1":0.0303,"15":0.0383,"5":0.033}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:06:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:06:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":150470656}}}},"cpu":{"system":{"ticks":767190,"time":{"ms":780}},"total":{"ticks":11299350,"time":{"ms":10460},"value":11299350},"user":{"ticks":10532160,"time":{"ms":9680}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57690118},"version":"8.9.1"},"memstats":{"gc_next":103112456,"memory_alloc":56704416,"memory_total":670580355904,"rss":203710464},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":495,"added":23819,"done":24761},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24017,"active":0,"batches":485,"total":23967},"read":{"bytes":5361955},"write":{"bytes":44993585}},"pipeline":{"clients":38,"events":{"active":439,"published":23819,"total":23819},"queue":{"acked":24017}}},"registrar":{"states":{"current":19,"update":24017},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.37,"15":1.54,"5":1.35,"norm":{"1":0.0343,"15":0.0385,"5":0.0338}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:06:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:06:12.401Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/capture_loss.log]","service.name":"filebeat","input_id":"5f023bf7-2895-4402-8800-0ea487a7915b","source_file":"/mnt/Bro/current/capture_loss.log","state_id":"native::5113064-64768","finished":false,"os_id":"5113064-64768","harvester_id":"74c7dbc4-ea38-44c9-899b-0b1f3ebed6ee","ecs.version":"1.6.0"} | |
| Aug 30 13:06:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:06:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":170315776}}}},"cpu":{"system":{"ticks":767840,"time":{"ms":650}},"total":{"ticks":11309790,"time":{"ms":10440},"value":11309790},"user":{"ticks":10541950,"time":{"ms":9790}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":32},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57720115},"version":"8.9.1"},"memstats":{"gc_next":120461952,"memory_alloc":94586592,"memory_total":671216786296,"rss":224792576},"runtime":{"goroutines":316}},"filebeat":{"events":{"active":1208,"added":24164,"done":23451},"harvester":{"open_files":20,"running":20,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23994,"active":50,"batches":484,"total":24044},"read":{"bytes":5356422},"write":{"bytes":44777457}},"pipeline":{"clients":38,"events":{"active":608,"filtered":1,"published":24163,"total":24164},"queue":{"acked":23994}}},"registrar":{"states":{"current":20,"update":23995},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.47,"15":1.54,"5":1.38,"norm":{"1":0.0368,"15":0.0385,"5":0.0345}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:07:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:07:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":172187648}}}},"cpu":{"system":{"ticks":768530,"time":{"ms":690}},"total":{"ticks":11321220,"time":{"ms":11430},"value":11321220},"user":{"ticks":10552690,"time":{"ms":10740}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":32},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57750118},"version":"8.9.1"},"memstats":{"gc_next":109746472,"memory_alloc":78734424,"memory_total":671895000800,"rss":224796672},"runtime":{"goroutines":315}},"filebeat":{"events":{"active":536,"added":25603,"done":26275},"harvester":{"open_files":20,"running":20}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25724,"active":0,"batches":518,"total":25674},"read":{"bytes":5742820},"write":{"bytes":48120645}},"pipeline":{"clients":38,"events":{"active":487,"published":25602,"total":25603},"queue":{"acked":25724}}},"registrar":{"states":{"current":20,"update":25724},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.21,"15":1.52,"5":1.33,"norm":{"1":0.0303,"15":0.038,"5":0.0333}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:07:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:07:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":150507520}}}},"cpu":{"system":{"ticks":769100,"time":{"ms":570}},"total":{"ticks":11331170,"time":{"ms":9950},"value":11331170},"user":{"ticks":10562070,"time":{"ms":9380}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":32},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57780113},"version":"8.9.1"},"memstats":{"gc_next":103764696,"memory_alloc":73677240,"memory_total":672493063064,"rss":205053952},"runtime":{"goroutines":316}},"filebeat":{"events":{"active":863,"added":22733,"done":22406},"harvester":{"open_files":20,"running":20}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":22407,"active":50,"batches":454,"total":22457},"read":{"bytes":5002429},"write":{"bytes":42019539}},"pipeline":{"clients":38,"events":{"active":813,"published":22733,"total":22733},"queue":{"acked":22407}}},"registrar":{"states":{"current":20,"update":22407},"writes":{"success":24,"total":24}},"system":{"load":{"1":0.98,"15":1.49,"5":1.26,"norm":{"1":0.0245,"15":0.0373,"5":0.0315}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:08:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:08:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":164163584}}}},"cpu":{"system":{"ticks":769610,"time":{"ms":510}},"total":{"ticks":11341460,"time":{"ms":10290},"value":11341460},"user":{"ticks":10571850,"time":{"ms":9780}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":32},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57810113},"version":"8.9.1"},"memstats":{"gc_next":132570632,"memory_alloc":93770616,"memory_total":673120451408,"rss":217202688},"runtime":{"goroutines":316}},"filebeat":{"events":{"active":1435,"added":23807,"done":23235},"harvester":{"open_files":20,"running":20}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23835,"active":50,"batches":483,"total":23835},"read":{"bytes":5321400},"write":{"bytes":44335748}},"pipeline":{"clients":38,"events":{"active":785,"published":23808,"total":23807},"queue":{"acked":23835}}},"registrar":{"states":{"current":20,"update":23835},"writes":{"success":23,"total":23}},"system":{"load":{"1":1.01,"15":1.47,"5":1.24,"norm":{"1":0.0253,"15":0.0368,"5":0.031}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:08:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:08:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":146972672}}}},"cpu":{"system":{"ticks":770540,"time":{"ms":930}},"total":{"ticks":11353010,"time":{"ms":11550},"value":11353010},"user":{"ticks":10582470,"time":{"ms":10620}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":32},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57840114},"version":"8.9.1"},"memstats":{"gc_next":100030552,"memory_alloc":57498984,"memory_total":673805181744,"rss":201314304},"runtime":{"goroutines":316}},"filebeat":{"events":{"active":919,"added":26079,"done":26595},"harvester":{"open_files":20,"running":20}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26345,"active":50,"batches":531,"total":26345},"read":{"bytes":5881353},"write":{"bytes":49246500}},"pipeline":{"clients":38,"events":{"active":500,"published":26059,"total":26060},"queue":{"acked":26345}}},"registrar":{"states":{"current":20,"update":26345},"writes":{"success":26,"total":26}},"system":{"load":{"1":0.82,"15":1.44,"5":1.17,"norm":{"1":0.0205,"15":0.036,"5":0.0293}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:08:57 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:08:57.414Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"d231eb41-d945-4da6-bd53-028f690c281c","source_file":"/mnt/Bro/current/kerberos.log","state_id":"native::5113078-64768","finished":false,"os_id":"5113078-64768","harvester_id":"c2234db6-0950-414a-aa6a-2bc9cbed25aa","ecs.version":"1.6.0"} | |
| Aug 30 13:09:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:09:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":163807232}}}},"cpu":{"system":{"ticks":771340,"time":{"ms":800}},"total":{"ticks":11363540,"time":{"ms":10530},"value":11363540},"user":{"ticks":10592200,"time":{"ms":9730}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57870115},"version":"8.9.1"},"memstats":{"gc_next":129409200,"memory_alloc":119215496,"memory_total":674451258592,"rss":218685440},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":1454,"added":24376,"done":23841},"harvester":{"closed":1,"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23465,"active":0,"batches":473,"total":23415},"read":{"bytes":5238594},"write":{"bytes":44130384}},"pipeline":{"clients":38,"events":{"active":1429,"filtered":1,"published":24395,"total":24395},"queue":{"acked":23465}}},"registrar":{"states":{"current":20,"update":23466},"writes":{"success":26,"total":26}},"system":{"load":{"1":0.93,"15":1.43,"5":1.17,"norm":{"1":0.0233,"15":0.0357,"5":0.0293}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:09:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:09:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":169185280}}}},"cpu":{"system":{"ticks":772100,"time":{"ms":760}},"total":{"ticks":11374950,"time":{"ms":11410},"value":11374950},"user":{"ticks":10602850,"time":{"ms":10650}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57900115},"version":"8.9.1"},"memstats":{"gc_next":118160224,"memory_alloc":87523144,"memory_total":675137188672,"rss":222392320},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":2319,"added":26239,"done":25374},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26399,"active":50,"batches":532,"total":26449},"read":{"bytes":5893239},"write":{"bytes":49003715}},"pipeline":{"clients":38,"events":{"active":1269,"published":26239,"total":26239},"queue":{"acked":26399}}},"registrar":{"states":{"current":20,"update":26399},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.02,"15":1.42,"5":1.16,"norm":{"1":0.0255,"15":0.0355,"5":0.029}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:10:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:10:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":166481920}}}},"cpu":{"system":{"ticks":772870,"time":{"ms":770}},"total":{"ticks":11386930,"time":{"ms":11980},"value":11386930},"user":{"ticks":10614060,"time":{"ms":11210}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57930113},"version":"8.9.1"},"memstats":{"gc_next":133134584,"memory_alloc":117730304,"memory_total":675859178112,"rss":220221440},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":936,"added":26952,"done":28335},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28085,"active":50,"batches":564,"total":28085},"read":{"bytes":6269461},"write":{"bytes":53087573}},"pipeline":{"clients":38,"events":{"active":136,"published":26952,"total":26952},"queue":{"acked":28085}}},"registrar":{"states":{"current":20,"update":28135},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.44,"15":1.44,"5":1.25,"norm":{"1":0.036,"15":0.036,"5":0.0313}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:10:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:10:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":151666688}}}},"cpu":{"system":{"ticks":773640,"time":{"ms":770}},"total":{"ticks":11398160,"time":{"ms":11230},"value":11398160},"user":{"ticks":10624520,"time":{"ms":10460}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57960114},"version":"8.9.1"},"memstats":{"gc_next":131494968,"memory_alloc":89828648,"memory_total":676536278584,"rss":205389824},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":1211,"added":25755,"done":25480},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25326,"active":0,"batches":509,"total":25276},"read":{"bytes":5653793},"write":{"bytes":47153810}},"pipeline":{"clients":38,"events":{"active":565,"published":25755,"total":25755},"queue":{"acked":25326}}},"registrar":{"states":{"current":20,"update":25276},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.32,"15":1.43,"5":1.24,"norm":{"1":0.033,"15":0.0357,"5":0.031}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:11:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:11:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":158552064}}}},"cpu":{"system":{"ticks":774240,"time":{"ms":600}},"total":{"ticks":11408670,"time":{"ms":10510},"value":11408670},"user":{"ticks":10634430,"time":{"ms":9910}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":57990113},"version":"8.9.1"},"memstats":{"gc_next":120604648,"memory_alloc":91455720,"memory_total":677150383200,"rss":212905984},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":1742,"added":23377,"done":22846},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23300,"active":50,"batches":472,"total":23350},"read":{"bytes":5201794},"write":{"bytes":43526280}},"pipeline":{"clients":38,"events":{"active":642,"published":23377,"total":23377},"queue":{"acked":23300}}},"registrar":{"states":{"current":20,"update":23300},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.14,"15":1.41,"5":1.2,"norm":{"1":0.0285,"15":0.0352,"5":0.03}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:11:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:11:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":171433984}}}},"cpu":{"system":{"ticks":774930,"time":{"ms":690}},"total":{"ticks":11419230,"time":{"ms":10560},"value":11419230},"user":{"ticks":10644300,"time":{"ms":9870}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58020115},"version":"8.9.1"},"memstats":{"gc_next":136947992,"memory_alloc":79639696,"memory_total":677771780032,"rss":223432704},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":735,"added":23676,"done":24683},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23583,"active":0,"batches":475,"total":23533},"read":{"bytes":5264860},"write":{"bytes":43726866}},"pipeline":{"clients":38,"events":{"active":735,"published":23676,"total":23676},"queue":{"acked":23583}}},"registrar":{"states":{"current":20,"update":23583},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.41,"15":1.43,"5":1.26,"norm":{"1":0.0352,"15":0.0357,"5":0.0315}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:12:03 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:12:03.429Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"fb9e81d3-d26f-43ea-869f-eb42b9a26442","source_file":"/mnt/Bro/current/notice.log","state_id":"native::5113066-64768","finished":false,"os_id":"5113066-64768","harvester_id":"498d5663-a291-447c-ac9c-29863b62b37b","ecs.version":"1.6.0"} | |
| Aug 30 13:12:03 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:12:03.430Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"5f023bf7-2895-4402-8800-0ea487a7915b","source_file":"/mnt/Bro/current/capture_loss.log","state_id":"native::5113064-64768","finished":false,"os_id":"5113064-64768","harvester_id":"74c7dbc4-ea38-44c9-899b-0b1f3ebed6ee","ecs.version":"1.6.0"} | |
| Aug 30 13:12:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:12:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":166068224}}}},"cpu":{"system":{"ticks":775720,"time":{"ms":790}},"total":{"ticks":11430890,"time":{"ms":11660},"value":11430890},"user":{"ticks":10655170,"time":{"ms":10870}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58050115},"version":"8.9.1"},"memstats":{"gc_next":120007704,"memory_alloc":84541728,"memory_total":678472688000,"rss":219348992},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":2079,"added":26600,"done":25256},"harvester":{"closed":2,"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26204,"active":50,"batches":528,"total":26254},"read":{"bytes":5849705},"write":{"bytes":49007858}},"pipeline":{"clients":38,"events":{"active":1129,"filtered":2,"published":26598,"total":26600},"queue":{"acked":26204}}},"registrar":{"states":{"current":20,"update":26206},"writes":{"success":24,"total":24}},"system":{"load":{"1":2.94,"15":1.58,"5":1.72,"norm":{"1":0.0735,"15":0.0395,"5":0.043}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:12:32 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:12:32.435Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/notice.log]","service.name":"filebeat","input_id":"fb9e81d3-d26f-43ea-869f-eb42b9a26442","source_file":"/mnt/Bro/current/notice.log","state_id":"native::5113066-64768","finished":false,"os_id":"5113066-64768","old_source":"/mnt/Bro/current/notice.log","old_finished":true,"old_os_id":"5113066-64768","harvester_id":"972bd109-1701-455b-b066-e72a9213df5a","ecs.version":"1.6.0"} | |
| Aug 30 13:12:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:12:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":176857088}}}},"cpu":{"system":{"ticks":776610,"time":{"ms":890}},"total":{"ticks":11442030,"time":{"ms":11140},"value":11442030},"user":{"ticks":10665420,"time":{"ms":10250}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58080115},"version":"8.9.1"},"memstats":{"gc_next":144501920,"memory_alloc":131170048,"memory_total":679155052416,"rss":230510592},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1748,"added":25917,"done":26248},"harvester":{"open_files":18,"running":18,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25597,"active":50,"batches":517,"total":25597},"read":{"bytes":5714543},"write":{"bytes":47556386}},"pipeline":{"clients":38,"events":{"active":1448,"filtered":1,"published":25916,"total":25917},"queue":{"acked":25597}}},"registrar":{"states":{"current":20,"update":25598},"writes":{"success":25,"total":25}},"system":{"load":{"1":2.32,"15":1.57,"5":1.69,"norm":{"1":0.058,"15":0.0393,"5":0.0422}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:13:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:13:06.490Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":159457280}}}},"cpu":{"system":{"ticks":777390,"time":{"ms":780}},"total":{"ticks":11453440,"time":{"ms":11410},"value":11453440},"user":{"ticks":10676050,"time":{"ms":10630}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58110115},"version":"8.9.1"},"memstats":{"gc_next":128117264,"memory_alloc":93328880,"memory_sys":262144,"memory_total":679834664888,"rss":212099072},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":885,"added":25615,"done":26478},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26178,"active":50,"batches":528,"total":26178},"read":{"bytes":5844121},"write":{"bytes":49467474}},"pipeline":{"clients":38,"events":{"active":885,"published":25615,"total":25615},"queue":{"acked":26178}}},"registrar":{"states":{"current":20,"update":26178},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.93,"15":1.57,"5":1.65,"norm":{"1":0.0483,"15":0.0393,"5":0.0412}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:13:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:13:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":145141760}}}},"cpu":{"system":{"ticks":778130,"time":{"ms":740}},"total":{"ticks":11465060,"time":{"ms":11620},"value":11465060},"user":{"ticks":10686930,"time":{"ms":10880}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58140115},"version":"8.9.1"},"memstats":{"gc_next":96064152,"memory_alloc":67689312,"memory_total":680531675896,"rss":197779456},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1042,"added":26511,"done":26354},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26454,"active":50,"batches":534,"total":26454},"read":{"bytes":5905811},"write":{"bytes":49313068}},"pipeline":{"clients":38,"events":{"active":942,"published":26511,"total":26511},"queue":{"acked":26454}}},"registrar":{"states":{"current":20,"update":26454},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.88,"15":1.57,"5":1.67,"norm":{"1":0.047,"15":0.0393,"5":0.0417}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:14:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:14:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":139419648}}}},"cpu":{"system":{"ticks":778890,"time":{"ms":760}},"total":{"ticks":11476810,"time":{"ms":11750},"value":11476810},"user":{"ticks":10697920,"time":{"ms":10990}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58170118},"version":"8.9.1"},"memstats":{"gc_next":109711768,"memory_alloc":102395072,"memory_total":681239964800,"rss":203354112},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":1431,"added":26790,"done":26401},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26651,"active":50,"batches":537,"total":26651},"read":{"bytes":5949639},"write":{"bytes":49955219}},"pipeline":{"clients":38,"events":{"active":1081,"published":26790,"total":26790},"queue":{"acked":26651}}},"registrar":{"states":{"current":20,"update":26701},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.55,"15":1.55,"5":1.61,"norm":{"1":0.0388,"15":0.0388,"5":0.0403}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:14:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:14:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":146862080}}}},"cpu":{"system":{"ticks":779640,"time":{"ms":750}},"total":{"ticks":11489590,"time":{"ms":12780},"value":11489590},"user":{"ticks":10709950,"time":{"ms":12030}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58200119},"version":"8.9.1"},"memstats":{"gc_next":137710392,"memory_alloc":74155424,"memory_total":681987786768,"rss":210972672},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1099,"added":28224,"done":28556},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28906,"active":50,"batches":581,"total":28906},"read":{"bytes":6452832},"write":{"bytes":54130314}},"pipeline":{"clients":38,"events":{"active":399,"published":28224,"total":28224},"queue":{"acked":28906}}},"registrar":{"states":{"current":20,"update":28856},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.31,"15":1.53,"5":1.55,"norm":{"1":0.0328,"15":0.0383,"5":0.0388}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:15:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:15:06.488Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":153214976}}}},"cpu":{"system":{"ticks":780400,"time":{"ms":760}},"total":{"ticks":11501250,"time":{"ms":11660},"value":11501250},"user":{"ticks":10720850,"time":{"ms":10900}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58230117},"version":"8.9.1"},"memstats":{"gc_next":137574168,"memory_alloc":110571032,"memory_total":682715667560,"rss":217747456},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1561,"added":27441,"done":26979},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26529,"active":50,"batches":533,"total":26529},"read":{"bytes":5922163},"write":{"bytes":50036851}},"pipeline":{"clients":38,"events":{"active":1311,"published":27441,"total":27441},"queue":{"acked":26529}}},"registrar":{"states":{"current":20,"update":26529},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.67,"15":1.55,"5":1.59,"norm":{"1":0.0417,"15":0.0388,"5":0.0398}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:15:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:15:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":138506240}}}},"cpu":{"system":{"ticks":781200,"time":{"ms":800}},"total":{"ticks":11513580,"time":{"ms":12330},"value":11513580},"user":{"ticks":10732380,"time":{"ms":11530}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58260113},"version":"8.9.1"},"memstats":{"gc_next":125658152,"memory_alloc":72431928,"memory_total":683446203376,"rss":202162176},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":812,"added":27703,"done":28452},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28202,"active":50,"batches":567,"total":28202},"read":{"bytes":6295694},"write":{"bytes":52573744}},"pipeline":{"clients":38,"events":{"active":812,"published":27703,"total":27703},"queue":{"acked":28202}}},"registrar":{"states":{"current":20,"update":28202},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.41,"15":1.53,"5":1.53,"norm":{"1":0.0352,"15":0.0383,"5":0.0383}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:16:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:16:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":148123648}}}},"cpu":{"system":{"ticks":781970,"time":{"ms":770}},"total":{"ticks":11525570,"time":{"ms":11990},"value":11525570},"user":{"ticks":10743600,"time":{"ms":11220}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58290113},"version":"8.9.1"},"memstats":{"gc_next":129999064,"memory_alloc":109501920,"memory_total":684181577096,"rss":210980864},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":895,"added":27598,"done":27515},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27515,"active":0,"batches":552,"total":27465},"read":{"bytes":6142301},"write":{"bytes":51912377}},"pipeline":{"clients":38,"events":{"active":895,"published":27598,"total":27598},"queue":{"acked":27515}}},"registrar":{"states":{"current":20,"update":27515},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.25,"15":1.51,"5":1.48,"norm":{"1":0.0313,"15":0.0378,"5":0.037}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:16:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:16:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":144945152}}}},"cpu":{"system":{"ticks":782820,"time":{"ms":850}},"total":{"ticks":11537290,"time":{"ms":11720},"value":11537290},"user":{"ticks":10754470,"time":{"ms":10870}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58320115},"version":"8.9.1"},"memstats":{"gc_next":106879808,"memory_alloc":71445616,"memory_total":684880007224,"rss":207441920},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1771,"added":26650,"done":25774},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26974,"active":50,"batches":544,"total":27024},"read":{"bytes":6021670},"write":{"bytes":50019379}},"pipeline":{"clients":38,"events":{"active":571,"published":26650,"total":26650},"queue":{"acked":26974}}},"registrar":{"states":{"current":20,"update":26974},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.18,"15":1.5,"5":1.45,"norm":{"1":0.0295,"15":0.0375,"5":0.0363}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:17:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:17:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":158334976}}}},"cpu":{"system":{"ticks":783520,"time":{"ms":700}},"total":{"ticks":11548220,"time":{"ms":10930},"value":11548220},"user":{"ticks":10764700,"time":{"ms":10230}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58350113},"version":"8.9.1"},"memstats":{"gc_next":135165112,"memory_alloc":92619408,"memory_total":685532621624,"rss":220844032},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":965,"added":24874,"done":25680},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24639,"active":0,"batches":496,"total":24589},"read":{"bytes":5500564},"write":{"bytes":45784678}},"pipeline":{"clients":38,"events":{"active":806,"published":24874,"total":24874},"queue":{"acked":24639}}},"registrar":{"states":{"current":20,"update":24639},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.13,"15":1.49,"5":1.42,"norm":{"1":0.0283,"15":0.0373,"5":0.0355}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:17:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:17:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":163332096}}}},"cpu":{"system":{"ticks":784400,"time":{"ms":880}},"total":{"ticks":11558660,"time":{"ms":10440},"value":11558660},"user":{"ticks":10774260,"time":{"ms":9560}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58380113},"version":"8.9.1"},"memstats":{"gc_next":121175856,"memory_alloc":67082944,"memory_total":686161949992,"rss":225353728},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":990,"added":23960,"done":23935},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24026,"active":50,"batches":486,"total":24076},"read":{"bytes":5363747},"write":{"bytes":44723568}},"pipeline":{"clients":38,"events":{"active":740,"published":23960,"total":23960},"queue":{"acked":24026}}},"registrar":{"states":{"current":20,"update":24026},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.38,"15":1.5,"5":1.44,"norm":{"1":0.0345,"15":0.0375,"5":0.036}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:17:37 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:17:37.444Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"9ae4765b-23f2-4be3-a4d9-3390f892eaba","source_file":"/mnt/Bro/current/pe.log","state_id":"native::5113077-64768","finished":false,"os_id":"5113077-64768","harvester_id":"8f12b387-adb7-49a8-ace4-d34f1f4518f9","ecs.version":"1.6.0"} | |
| Aug 30 13:18:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:18:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":147718144}}}},"cpu":{"system":{"ticks":785110,"time":{"ms":710}},"total":{"ticks":11569130,"time":{"ms":10470},"value":11569130},"user":{"ticks":10784020,"time":{"ms":9760}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58410113},"version":"8.9.1"},"memstats":{"gc_next":94555288,"memory_alloc":50451824,"memory_total":686782072104,"rss":208769024},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":1123,"added":23531,"done":23398},"harvester":{"closed":1,"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23694,"active":0,"batches":477,"total":23644},"read":{"bytes":5289598},"write":{"bytes":44137209}},"pipeline":{"clients":38,"events":{"active":576,"filtered":1,"published":23530,"total":23531},"queue":{"acked":23694}}},"registrar":{"states":{"current":20,"update":23695},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.26,"15":1.48,"5":1.4,"norm":{"1":0.0315,"15":0.037,"5":0.035}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:18:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:18:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":176676864}}}},"cpu":{"system":{"ticks":785970,"time":{"ms":860}},"total":{"ticks":11580380,"time":{"ms":11250},"value":11580380},"user":{"ticks":10794410,"time":{"ms":10390}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58440115},"version":"8.9.1"},"memstats":{"gc_next":151283560,"memory_alloc":105632720,"memory_total":687448985624,"rss":239087616},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1357,"added":25314,"done":25080},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25483,"active":50,"batches":515,"total":25533},"read":{"bytes":5688975},"write":{"bytes":47613887}},"pipeline":{"clients":38,"events":{"active":407,"published":25314,"total":25314},"queue":{"acked":25483}}},"registrar":{"states":{"current":20,"update":25483},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.4,"15":1.48,"5":1.43,"norm":{"1":0.035,"15":0.037,"5":0.0357}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:19:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:19:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":157065216}}}},"cpu":{"system":{"ticks":786750,"time":{"ms":780}},"total":{"ticks":11591290,"time":{"ms":10910},"value":11591290},"user":{"ticks":10804540,"time":{"ms":10130}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58470118},"version":"8.9.1"},"memstats":{"gc_next":137853048,"memory_alloc":92411880,"memory_total":688095781144,"rss":220106752},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":427,"added":24534,"done":25464},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24941,"active":0,"batches":500,"total":24891},"read":{"bytes":5567653},"write":{"bytes":46418922}},"pipeline":{"clients":38,"events":{"active":0,"published":24534,"total":24534},"queue":{"acked":24941}}},"registrar":{"states":{"current":20,"update":24941},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.11,"15":1.46,"5":1.35,"norm":{"1":0.0278,"15":0.0365,"5":0.0338}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:19:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:19:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":146714624}}}},"cpu":{"system":{"ticks":787480,"time":{"ms":730}},"total":{"ticks":11602850,"time":{"ms":11560},"value":11602850},"user":{"ticks":10815370,"time":{"ms":10830}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58500113},"version":"8.9.1"},"memstats":{"gc_next":113259024,"memory_alloc":62370816,"memory_total":688801154216,"rss":208551936},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":1134,"added":26917,"done":26210},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25783,"active":0,"batches":519,"total":25783},"read":{"bytes":5755781},"write":{"bytes":47925840}},"pipeline":{"clients":38,"events":{"active":1134,"published":26917,"total":26917},"queue":{"acked":25783}}},"registrar":{"states":{"current":20,"update":25783},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.21,"15":1.45,"5":1.35,"norm":{"1":0.0303,"15":0.0363,"5":0.0338}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:20:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:20:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":176181248}}}},"cpu":{"system":{"ticks":788210,"time":{"ms":730}},"total":{"ticks":11612900,"time":{"ms":10050},"value":11612900},"user":{"ticks":10824690,"time":{"ms":9320}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58530114},"version":"8.9.1"},"memstats":{"gc_next":115364576,"memory_alloc":57258672,"memory_total":689423483144,"rss":236584960},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":851,"added":23558,"done":23841},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23841,"active":50,"batches":483,"total":23891},"read":{"bytes":5322583},"write":{"bytes":44752912}},"pipeline":{"clients":38,"events":{"active":851,"published":23558,"total":23558},"queue":{"acked":23841}}},"registrar":{"states":{"current":20,"update":23841},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.61,"15":1.47,"5":1.43,"norm":{"1":0.0403,"15":0.0368,"5":0.0357}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:20:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:20:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":161738752}}}},"cpu":{"system":{"ticks":788930,"time":{"ms":720}},"total":{"ticks":11623630,"time":{"ms":10730},"value":11623630},"user":{"ticks":10834700,"time":{"ms":10010}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58560113},"version":"8.9.1"},"memstats":{"gc_next":118460104,"memory_alloc":83865520,"memory_total":690078693424,"rss":222584832},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1080,"added":24768,"done":24539},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24589,"active":50,"batches":497,"total":24589},"read":{"bytes":5489561},"write":{"bytes":45996465}},"pipeline":{"clients":38,"events":{"active":1030,"published":24767,"total":24768},"queue":{"acked":24589}}},"registrar":{"states":{"current":20,"update":24589},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.35,"15":1.46,"5":1.39,"norm":{"1":0.0338,"15":0.0365,"5":0.0347}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:21:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:21:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":158871552}}}},"cpu":{"system":{"ticks":789830,"time":{"ms":900}},"total":{"ticks":11636720,"time":{"ms":13090},"value":11636720},"user":{"ticks":10846890,"time":{"ms":12190}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58590114},"version":"8.9.1"},"memstats":{"gc_next":114183336,"memory_alloc":95876576,"memory_total":690860348160,"rss":220119040},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1176,"added":29425,"done":29329},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29529,"active":50,"batches":592,"total":29529},"read":{"bytes":6591662},"write":{"bytes":55670134}},"pipeline":{"clients":38,"events":{"active":900,"published":29399,"total":29399},"queue":{"acked":29529}}},"registrar":{"states":{"current":20,"update":29529},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.36,"15":1.46,"5":1.4,"norm":{"1":0.034,"15":0.0365,"5":0.035}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:21:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:21:12.472Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/capture_loss.log]","service.name":"filebeat","input_id":"5f023bf7-2895-4402-8800-0ea487a7915b","source_file":"/mnt/Bro/current/capture_loss.log","state_id":"native::5113064-64768","finished":false,"os_id":"5113064-64768","old_source":"/mnt/Bro/current/capture_loss.log","old_finished":true,"old_os_id":"5113064-64768","harvester_id":"77e6f99e-ff6e-4c37-ba5e-7c9275b333c6","ecs.version":"1.6.0"} | |
| Aug 30 13:21:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:21:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":163880960}}}},"cpu":{"system":{"ticks":790680,"time":{"ms":850}},"total":{"ticks":11650000,"time":{"ms":13280},"value":11650000},"user":{"ticks":10859320,"time":{"ms":12430}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58620115},"version":"8.9.1"},"memstats":{"gc_next":112245048,"memory_alloc":60486648,"memory_total":691659297632,"rss":223969280},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":2164,"added":30296,"done":29308},"harvester":{"open_files":18,"running":18,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29907,"active":50,"batches":601,"total":29907},"read":{"bytes":6676269},"write":{"bytes":55756016}},"pipeline":{"clients":38,"events":{"active":1278,"filtered":1,"published":30285,"total":30286},"queue":{"acked":29907}}},"registrar":{"states":{"current":20,"update":29908},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.33,"15":1.45,"5":1.39,"norm":{"1":0.0333,"15":0.0363,"5":0.0347}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:22:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:22:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":150224896}}}},"cpu":{"system":{"ticks":791530,"time":{"ms":850}},"total":{"ticks":11661080,"time":{"ms":11080},"value":11661080},"user":{"ticks":10869550,"time":{"ms":10230}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58650115},"version":"8.9.1"},"memstats":{"gc_next":124446264,"memory_alloc":105138528,"memory_total":692327823272,"rss":211722240},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":2363,"added":25438,"done":25239},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25389,"active":50,"batches":513,"total":25389},"read":{"bytes":5668134},"write":{"bytes":47236604}},"pipeline":{"clients":38,"events":{"active":1363,"published":25475,"total":25474},"queue":{"acked":25389}}},"registrar":{"states":{"current":20,"update":25389},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.29,"15":1.44,"5":1.37,"norm":{"1":0.0323,"15":0.036,"5":0.0343}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:22:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:22:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":136343552}}}},"cpu":{"system":{"ticks":792230,"time":{"ms":700}},"total":{"ticks":11672300,"time":{"ms":11220},"value":11672300},"user":{"ticks":10880070,"time":{"ms":10520}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58680118},"version":"8.9.1"},"memstats":{"gc_next":91580480,"memory_alloc":66681440,"memory_total":692995412840,"rss":197181440},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":563,"added":25430,"done":27230},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26230,"active":0,"batches":528,"total":26180},"read":{"bytes":5855730},"write":{"bytes":48559020}},"pipeline":{"clients":38,"events":{"active":563,"published":25430,"total":25430},"queue":{"acked":26230}}},"registrar":{"states":{"current":20,"update":26230},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.21,"15":1.43,"5":1.35,"norm":{"1":0.0303,"15":0.0357,"5":0.0338}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:23:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:23:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":146739200}}}},"cpu":{"system":{"ticks":793110,"time":{"ms":880}},"total":{"ticks":11682930,"time":{"ms":10630},"value":11682930},"user":{"ticks":10889820,"time":{"ms":9750}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58710115},"version":"8.9.1"},"memstats":{"gc_next":104965776,"memory_alloc":72276096,"memory_total":693629276640,"rss":207286272},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1437,"added":24099,"done":23225},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24125,"active":50,"batches":488,"total":24175},"read":{"bytes":5385869},"write":{"bytes":44973933}},"pipeline":{"clients":38,"events":{"active":537,"published":24099,"total":24099},"queue":{"acked":24125}}},"registrar":{"states":{"current":20,"update":24125},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.26,"15":1.43,"5":1.35,"norm":{"1":0.0315,"15":0.0357,"5":0.0338}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:23:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:23:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":176975872}}}},"cpu":{"system":{"ticks":793780,"time":{"ms":670}},"total":{"ticks":11692620,"time":{"ms":9690},"value":11692620},"user":{"ticks":10898840,"time":{"ms":9020}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58740115},"version":"8.9.1"},"memstats":{"gc_next":134408192,"memory_alloc":78651712,"memory_total":694198465600,"rss":237342720},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":886,"added":21658,"done":22209},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":21309,"active":0,"batches":431,"total":21259},"read":{"bytes":4757501},"write":{"bytes":39688661}},"pipeline":{"clients":38,"events":{"active":886,"published":21658,"total":21658},"queue":{"acked":21309}}},"registrar":{"states":{"current":20,"update":21309},"writes":{"success":23,"total":23}},"system":{"load":{"1":1.03,"15":1.41,"5":1.28,"norm":{"1":0.0258,"15":0.0352,"5":0.032}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:24:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:24:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":151814144}}}},"cpu":{"system":{"ticks":794570,"time":{"ms":790}},"total":{"ticks":11704250,"time":{"ms":11630},"value":11704250},"user":{"ticks":10909680,"time":{"ms":10840}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58770118},"version":"8.9.1"},"memstats":{"gc_next":108054336,"memory_alloc":70619456,"memory_total":694890937040,"rss":211324928},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1759,"added":26172,"done":25299},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26499,"active":50,"batches":534,"total":26549},"read":{"bytes":5915563},"write":{"bytes":49542982}},"pipeline":{"clients":38,"events":{"active":559,"published":26172,"total":26172},"queue":{"acked":26499}}},"registrar":{"states":{"current":20,"update":26499},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.24,"15":1.41,"5":1.3,"norm":{"1":0.031,"15":0.0352,"5":0.0325}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:24:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:24:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":172515328}}}},"cpu":{"system":{"ticks":795450,"time":{"ms":880}},"total":{"ticks":11716080,"time":{"ms":11830},"value":11716080},"user":{"ticks":10920630,"time":{"ms":10950}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58800114},"version":"8.9.1"},"memstats":{"gc_next":131337960,"memory_alloc":94998456,"memory_total":695610640056,"rss":232579072},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1236,"added":27407,"done":27930},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27480,"active":50,"batches":552,"total":27480},"read":{"bytes":6134448},"write":{"bytes":51214681}},"pipeline":{"clients":38,"events":{"active":486,"published":27407,"total":27407},"queue":{"acked":27480}}},"registrar":{"states":{"current":20,"update":27480},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.05,"15":1.39,"5":1.25,"norm":{"1":0.0263,"15":0.0347,"5":0.0313}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:25:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:25:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":148983808}}}},"cpu":{"system":{"ticks":796190,"time":{"ms":740}},"total":{"ticks":11725970,"time":{"ms":9890},"value":11725970},"user":{"ticks":10929780,"time":{"ms":9150}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58830115},"version":"8.9.1"},"memstats":{"gc_next":119087544,"memory_alloc":69973552,"memory_total":696227702888,"rss":208695296},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":2685,"added":23678,"done":22229},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":22179,"active":50,"batches":448,"total":22179},"read":{"bytes":4951456},"write":{"bytes":40939513}},"pipeline":{"clients":38,"events":{"active":1985,"published":23678,"total":23678},"queue":{"acked":22179}}},"registrar":{"states":{"current":20,"update":22179},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.16,"15":1.38,"5":1.25,"norm":{"1":0.029,"15":0.0345,"5":0.0313}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:25:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:25:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":142569472}}}},"cpu":{"system":{"ticks":796950,"time":{"ms":760}},"total":{"ticks":11738440,"time":{"ms":12470},"value":11738440},"user":{"ticks":10941490,"time":{"ms":11710}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58860115},"version":"8.9.1"},"memstats":{"gc_next":117580048,"memory_alloc":72515648,"memory_total":696966560768,"rss":202240000},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1425,"added":27593,"done":28853},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29003,"active":50,"batches":582,"total":29003},"read":{"bytes":6474327},"write":{"bytes":54986189}},"pipeline":{"clients":38,"events":{"active":575,"published":27593,"total":27593},"queue":{"acked":29003}}},"registrar":{"states":{"current":20,"update":29053},"writes":{"success":27,"total":27}},"system":{"load":{"1":0.96,"15":1.36,"5":1.19,"norm":{"1":0.024,"15":0.034,"5":0.0298}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:26:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:26:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":150544384}}}},"cpu":{"system":{"ticks":797680,"time":{"ms":730}},"total":{"ticks":11748850,"time":{"ms":10410},"value":11748850},"user":{"ticks":10951170,"time":{"ms":9680}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58890115},"version":"8.9.1"},"memstats":{"gc_next":127480472,"memory_alloc":100668664,"memory_total":697606971712,"rss":210874368},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1314,"added":24237,"done":24348},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24048,"active":50,"batches":487,"total":24048},"read":{"bytes":5368927},"write":{"bytes":44910115}},"pipeline":{"clients":38,"events":{"active":764,"published":24237,"total":24237},"queue":{"acked":24048}}},"registrar":{"states":{"current":20,"update":23998},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.05,"15":1.35,"5":1.19,"norm":{"1":0.0263,"15":0.0338,"5":0.0298}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:26:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:26:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":153563136}}}},"cpu":{"system":{"ticks":798540,"time":{"ms":860}},"total":{"ticks":11759250,"time":{"ms":10400},"value":11759250},"user":{"ticks":10960710,"time":{"ms":9540}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58920114},"version":"8.9.1"},"memstats":{"gc_next":126935136,"memory_alloc":82815312,"memory_total":698204892272,"rss":215011328},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1216,"added":22879,"done":22977},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":22577,"active":50,"batches":457,"total":22577},"read":{"bytes":5040477},"write":{"bytes":41901536}},"pipeline":{"clients":38,"events":{"active":1037,"published":22850,"total":22850},"queue":{"acked":22577}}},"registrar":{"states":{"current":20,"update":22577},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.09,"15":1.34,"5":1.18,"norm":{"1":0.0273,"15":0.0335,"5":0.0295}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:27:03 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:27:03.498Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"5f023bf7-2895-4402-8800-0ea487a7915b","source_file":"/mnt/Bro/current/capture_loss.log","state_id":"native::5113064-64768","finished":false,"os_id":"5113064-64768","old_source":"/mnt/Bro/current/capture_loss.log","old_finished":true,"old_os_id":"5113064-64768","harvester_id":"77e6f99e-ff6e-4c37-ba5e-7c9275b333c6","ecs.version":"1.6.0"} | |
| Aug 30 13:27:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:27:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":161226752}}}},"cpu":{"system":{"ticks":799190,"time":{"ms":650}},"total":{"ticks":11770020,"time":{"ms":10770},"value":11770020},"user":{"ticks":10970830,"time":{"ms":10120}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58950113},"version":"8.9.1"},"memstats":{"gc_next":131666176,"memory_alloc":123980944,"memory_total":698862262776,"rss":222408704},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":880,"added":24790,"done":25126},"harvester":{"closed":1,"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25225,"active":50,"batches":509,"total":25225},"read":{"bytes":5631414},"write":{"bytes":47238296}},"pipeline":{"clients":38,"events":{"active":631,"filtered":1,"published":24818,"total":24820},"queue":{"acked":25225}}},"registrar":{"states":{"current":20,"update":25226},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.07,"15":1.33,"5":1.17,"norm":{"1":0.0268,"15":0.0333,"5":0.0293}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:27:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:27:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":143716352}}}},"cpu":{"system":{"ticks":799970,"time":{"ms":780}},"total":{"ticks":11781770,"time":{"ms":11750},"value":11781770},"user":{"ticks":10981800,"time":{"ms":10970}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":58980114},"version":"8.9.1"},"memstats":{"gc_next":101290256,"memory_alloc":57821136,"memory_total":699552027872,"rss":204136448},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":349,"added":26203,"done":26734},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26784,"active":49,"batches":539,"total":26783},"read":{"bytes":5979222},"write":{"bytes":49778378}},"pipeline":{"clients":38,"events":{"active":49,"published":26203,"total":26202},"queue":{"acked":26784}}},"registrar":{"states":{"current":20,"update":26784},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.11,"15":1.33,"5":1.17,"norm":{"1":0.0278,"15":0.0333,"5":0.0293}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:28:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:28:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":151994368}}}},"cpu":{"system":{"ticks":800840,"time":{"ms":870}},"total":{"ticks":11793150,"time":{"ms":11380},"value":11793150},"user":{"ticks":10992310,"time":{"ms":10510}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59010113},"version":"8.9.1"},"memstats":{"gc_next":120058224,"memory_alloc":75612624,"memory_total":700233511544,"rss":211103744},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1625,"added":25833,"done":24557},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25357,"active":50,"batches":512,"total":25358},"read":{"bytes":5660937},"write":{"bytes":47441322}},"pipeline":{"clients":38,"events":{"active":525,"published":25833,"total":25833},"queue":{"acked":25357}}},"registrar":{"states":{"current":20,"update":25357},"writes":{"success":25,"total":25}},"system":{"load":{"1":0.96,"15":1.31,"5":1.12,"norm":{"1":0.024,"15":0.0328,"5":0.028}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:28:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:28:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":170487808}}}},"cpu":{"system":{"ticks":801810,"time":{"ms":970}},"total":{"ticks":11805620,"time":{"ms":12470},"value":11805620},"user":{"ticks":11003810,"time":{"ms":11500}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59040115},"version":"8.9.1"},"memstats":{"gc_next":124273728,"memory_alloc":91167912,"memory_total":700977022392,"rss":228945920},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1668,"added":28258,"done":28215},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28015,"active":50,"batches":562,"total":28015},"read":{"bytes":6253755},"write":{"bytes":52430494}},"pipeline":{"clients":38,"events":{"active":768,"published":28258,"total":28258},"queue":{"acked":28015}}},"registrar":{"states":{"current":20,"update":28015},"writes":{"success":28,"total":28}},"system":{"load":{"1":0.87,"15":1.29,"5":1.09,"norm":{"1":0.0217,"15":0.0323,"5":0.0273}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:29:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:29:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":157069312}}}},"cpu":{"system":{"ticks":802770,"time":{"ms":960}},"total":{"ticks":11818570,"time":{"ms":12950},"value":11818570},"user":{"ticks":11015800,"time":{"ms":11990}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59070115},"version":"8.9.1"},"memstats":{"gc_next":111960096,"memory_alloc":87899744,"memory_total":701755133944,"rss":215810048},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1178,"added":29375,"done":29865},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29065,"active":50,"batches":584,"total":29065},"read":{"bytes":6488288},"write":{"bytes":54558416}},"pipeline":{"clients":38,"events":{"active":1078,"published":29374,"total":29375},"queue":{"acked":29065}}},"registrar":{"states":{"current":20,"update":29065},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.09,"15":1.29,"5":1.13,"norm":{"1":0.0273,"15":0.0323,"5":0.0283}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:29:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:29:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":148725760}}}},"cpu":{"system":{"ticks":803620,"time":{"ms":850}},"total":{"ticks":11831540,"time":{"ms":12970},"value":11831540},"user":{"ticks":11027920,"time":{"ms":12120}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59100116},"version":"8.9.1"},"memstats":{"gc_next":123218048,"memory_alloc":71218416,"memory_total":702525651288,"rss":208113664},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1526,"added":29054,"done":28706},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29506,"active":50,"batches":593,"total":29506},"read":{"bytes":6586747},"write":{"bytes":55166698}},"pipeline":{"clients":38,"events":{"active":626,"published":29055,"total":29054},"queue":{"acked":29506}}},"registrar":{"states":{"current":20,"update":29506},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.31,"15":1.31,"5":1.18,"norm":{"1":0.0328,"15":0.0328,"5":0.0295}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:30:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:30:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":144654336}}}},"cpu":{"system":{"ticks":804430,"time":{"ms":810}},"total":{"ticks":11842660,"time":{"ms":11120},"value":11842660},"user":{"ticks":11038230,"time":{"ms":10310}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59130114},"version":"8.9.1"},"memstats":{"gc_next":100854360,"memory_alloc":89470240,"memory_total":703202734552,"rss":202690560},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":2014,"added":25837,"done":25349},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24749,"active":50,"batches":499,"total":24749},"read":{"bytes":5525078},"write":{"bytes":46139189}},"pipeline":{"clients":38,"events":{"active":1714,"published":25837,"total":25837},"queue":{"acked":24749}}},"registrar":{"states":{"current":20,"update":24749},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.87,"15":1.34,"5":1.31,"norm":{"1":0.0468,"15":0.0335,"5":0.0328}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:30:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:30:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":154963968}}}},"cpu":{"system":{"ticks":805480,"time":{"ms":1050}},"total":{"ticks":11855590,"time":{"ms":12930},"value":11855590},"user":{"ticks":11050110,"time":{"ms":11880}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59160115},"version":"8.9.1"},"memstats":{"gc_next":109477232,"memory_alloc":57237128,"memory_total":703957283376,"rss":211968000},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1225,"added":28434,"done":29223},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29173,"active":50,"batches":587,"total":29173},"read":{"bytes":6512527},"write":{"bytes":54838664}},"pipeline":{"clients":38,"events":{"active":975,"published":28434,"total":28434},"queue":{"acked":29173}}},"registrar":{"states":{"current":20,"update":29173},"writes":{"success":28,"total":28}},"system":{"load":{"1":1.6,"15":1.34,"5":1.3,"norm":{"1":0.04,"15":0.0335,"5":0.0325}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:31:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:31:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":147943424}}}},"cpu":{"system":{"ticks":806400,"time":{"ms":920}},"total":{"ticks":11867430,"time":{"ms":11840},"value":11867430},"user":{"ticks":11061030,"time":{"ms":10920}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59190113},"version":"8.9.1"},"memstats":{"gc_next":115899392,"memory_alloc":74739448,"memory_total":704665363152,"rss":207441920},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":666,"added":26844,"done":27403},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27153,"active":0,"batches":546,"total":27103},"read":{"bytes":6061694},"write":{"bytes":50612746}},"pipeline":{"clients":38,"events":{"active":666,"published":26844,"total":26844},"queue":{"acked":27153}}},"registrar":{"states":{"current":20,"update":27153},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.81,"15":1.37,"5":1.38,"norm":{"1":0.0453,"15":0.0343,"5":0.0345}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:31:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:31:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":147415040}}}},"cpu":{"system":{"ticks":807290,"time":{"ms":890}},"total":{"ticks":11880240,"time":{"ms":12810},"value":11880240},"user":{"ticks":11072950,"time":{"ms":11920}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59220115},"version":"8.9.1"},"memstats":{"gc_next":126483640,"memory_alloc":89317112,"memory_total":705438227904,"rss":206548992},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1152,"added":29165,"done":28679},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29579,"active":50,"batches":595,"total":29629},"read":{"bytes":6602977},"write":{"bytes":55576246}},"pipeline":{"clients":38,"events":{"active":252,"published":29165,"total":29165},"queue":{"acked":29579}}},"registrar":{"states":{"current":20,"update":29579},"writes":{"success":25,"total":25}},"system":{"load":{"1":2.07,"15":1.4,"5":1.49,"norm":{"1":0.0518,"15":0.035,"5":0.0373}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:31:42 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:31:42.521Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/pe.log]","service.name":"filebeat","input_id":"9ae4765b-23f2-4be3-a4d9-3390f892eaba","source_file":"/mnt/Bro/current/pe.log","state_id":"native::5113077-64768","finished":false,"os_id":"5113077-64768","old_source":"/mnt/Bro/current/pe.log","old_finished":true,"old_os_id":"5113077-64768","harvester_id":"ae41f42c-83bf-454d-812c-b76bf91ed9c9","ecs.version":"1.6.0"} | |
| Aug 30 13:32:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:32:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":137191424}}}},"cpu":{"system":{"ticks":808240,"time":{"ms":950}},"total":{"ticks":11891920,"time":{"ms":11680},"value":11891920},"user":{"ticks":11083680,"time":{"ms":10730}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59250115},"version":"8.9.1"},"memstats":{"gc_next":99260176,"memory_alloc":67182456,"memory_total":706156552600,"rss":196739072},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":2019,"added":27427,"done":26560},"harvester":{"open_files":18,"running":18,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26559,"active":50,"batches":534,"total":26559},"read":{"bytes":5928923},"write":{"bytes":49462607}},"pipeline":{"clients":38,"events":{"active":1119,"filtered":1,"published":27426,"total":27427},"queue":{"acked":26559}}},"registrar":{"states":{"current":20,"update":26560},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.88,"15":1.41,"5":1.5,"norm":{"1":0.047,"15":0.0352,"5":0.0375}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:32:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:32:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":154673152}}}},"cpu":{"system":{"ticks":809020,"time":{"ms":780}},"total":{"ticks":11904720,"time":{"ms":12800},"value":11904720},"user":{"ticks":11095700,"time":{"ms":12020}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59280115},"version":"8.9.1"},"memstats":{"gc_next":109910600,"memory_alloc":72209392,"memory_total":706918334760,"rss":212086784},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":1014,"added":28730,"done":29735},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29385,"active":50,"batches":589,"total":29385},"read":{"bytes":6559509},"write":{"bytes":55043049}},"pipeline":{"clients":38,"events":{"active":464,"published":28730,"total":28730},"queue":{"acked":29385}}},"registrar":{"states":{"current":20,"update":29385},"writes":{"success":29,"total":29}},"system":{"load":{"1":1.86,"15":1.43,"5":1.53,"norm":{"1":0.0465,"15":0.0357,"5":0.0383}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:33:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:33:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":157691904}}}},"cpu":{"system":{"ticks":809790,"time":{"ms":770}},"total":{"ticks":11916940,"time":{"ms":12220},"value":11916940},"user":{"ticks":11107150,"time":{"ms":11450}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59310114},"version":"8.9.1"},"memstats":{"gc_next":134329536,"memory_alloc":116623560,"memory_total":707656659312,"rss":214822912},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1779,"added":28021,"done":27256},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27506,"active":50,"batches":553,"total":27506},"read":{"bytes":6140332},"write":{"bytes":51457975}},"pipeline":{"clients":38,"events":{"active":979,"published":28021,"total":28021},"queue":{"acked":27506}}},"registrar":{"states":{"current":20,"update":27506},"writes":{"success":27,"total":27}},"system":{"load":{"1":2.63,"15":1.51,"5":1.77,"norm":{"1":0.0658,"15":0.0378,"5":0.0443}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:33:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:33:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":147673088}}}},"cpu":{"system":{"ticks":810560,"time":{"ms":770}},"total":{"ticks":11928460,"time":{"ms":11520},"value":11928460},"user":{"ticks":11117900,"time":{"ms":10750}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59340115},"version":"8.9.1"},"memstats":{"gc_next":109010184,"memory_alloc":84327552,"memory_total":708346135920,"rss":204009472},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":2201,"added":26151,"done":25729},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25779,"active":50,"batches":518,"total":25779},"read":{"bytes":5754759},"write":{"bytes":47926565}},"pipeline":{"clients":38,"events":{"active":1351,"published":26151,"total":26151},"queue":{"acked":25779}}},"registrar":{"states":{"current":20,"update":25779},"writes":{"success":26,"total":26}},"system":{"load":{"1":2.23,"15":1.51,"5":1.76,"norm":{"1":0.0558,"15":0.0378,"5":0.044}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:34:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:34:06.490Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":140083200}}}},"cpu":{"system":{"ticks":811250,"time":{"ms":690}},"total":{"ticks":11939930,"time":{"ms":11470},"value":11939930},"user":{"ticks":11128680,"time":{"ms":10780}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59370116},"version":"8.9.1"},"memstats":{"gc_next":94994440,"memory_alloc":68524376,"memory_total":709032733024,"rss":197193728},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1439,"added":26044,"done":26806},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26256,"active":50,"batches":527,"total":26256},"read":{"bytes":5861146},"write":{"bytes":49202327}},"pipeline":{"clients":38,"events":{"active":1139,"published":26044,"total":26044},"queue":{"acked":26256}}},"registrar":{"states":{"current":20,"update":26256},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.99,"15":1.52,"5":1.75,"norm":{"1":0.0498,"15":0.038,"5":0.0438}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:34:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:34:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":170631168}}}},"cpu":{"system":{"ticks":812020,"time":{"ms":770}},"total":{"ticks":11951470,"time":{"ms":11540},"value":11951470},"user":{"ticks":11139450,"time":{"ms":10770}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59400116},"version":"8.9.1"},"memstats":{"gc_next":132944592,"memory_alloc":84144488,"memory_total":709715954960,"rss":227250176},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":702,"added":26046,"done":26783},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26583,"active":50,"batches":534,"total":26583},"read":{"bytes":5934215},"write":{"bytes":49225846}},"pipeline":{"clients":38,"events":{"active":602,"published":26046,"total":26046},"queue":{"acked":26583}}},"registrar":{"states":{"current":20,"update":26583},"writes":{"success":27,"total":27}},"system":{"load":{"1":2.57,"15":1.58,"5":1.9,"norm":{"1":0.0643,"15":0.0395,"5":0.0475}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:35:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:35:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":171044864}}}},"cpu":{"system":{"ticks":812750,"time":{"ms":730}},"total":{"ticks":11963140,"time":{"ms":11670},"value":11963140},"user":{"ticks":11150390,"time":{"ms":10940}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59430115},"version":"8.9.1"},"memstats":{"gc_next":131739288,"memory_alloc":78744728,"memory_total":710430703232,"rss":227684352},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1174,"added":27149,"done":26677},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27077,"active":50,"batches":545,"total":27077},"read":{"bytes":6044640},"write":{"bytes":50609348}},"pipeline":{"clients":38,"events":{"active":674,"published":27149,"total":27149},"queue":{"acked":27077}}},"registrar":{"states":{"current":20,"update":27127},"writes":{"success":26,"total":26}},"system":{"load":{"1":3.13,"15":1.66,"5":2.1,"norm":{"1":0.0783,"15":0.0415,"5":0.0525}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:35:09 zeek1 filebeat[1043633]: {"log.level":"error","@timestamp":"2023-08-30T13:35:09.658Z","log.logger":"syslog","log.origin":{"file.name":"syslog/input.go","file.line":285},"message":"can't parse event as syslog rfc3164","service.name":"filebeat","message":"\n","ecs.version":"1.6.0"} | |
| Aug 30 13:35:16 zeek1 filebeat[1043633]: {"log.level":"error","@timestamp":"2023-08-30T13:35:16.171Z","log.logger":"syslog","log.origin":{"file.name":"syslog/input.go","file.line":285},"message":"can't parse event as syslog rfc3164","service.name":"filebeat","message":"Hello World\n","ecs.version":"1.6.0"} | |
| Aug 30 13:35:19 zeek1 filebeat[1043633]: {"log.level":"error","@timestamp":"2023-08-30T13:35:19.568Z","log.logger":"syslog","log.origin":{"file.name":"syslog/input.go","file.line":285},"message":"can't parse event as syslog rfc3164","service.name":"filebeat","message":"Bye World \n","ecs.version":"1.6.0"} | |
| Aug 30 13:35:20 zeek1 filebeat[1043633]: {"log.level":"error","@timestamp":"2023-08-30T13:35:20.992Z","log.logger":"syslog","log.origin":{"file.name":"syslog/input.go","file.line":285},"message":"can't parse event as syslog rfc3164","service.name":"filebeat","message":"Ack\n","ecs.version":"1.6.0"} | |
| Aug 30 13:35:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:35:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":157265920}}}},"cpu":{"system":{"ticks":813580,"time":{"ms":830}},"total":{"ticks":11975360,"time":{"ms":12220},"value":11975360},"user":{"ticks":11161780,"time":{"ms":11390}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59460114},"version":"8.9.1"},"memstats":{"gc_next":126061784,"memory_alloc":76244752,"memory_total":711173675960,"rss":214249472},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":2189,"added":28095,"done":27080},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27330,"active":50,"batches":549,"total":27330},"read":{"bytes":6100951},"write":{"bytes":51230392}},"pipeline":{"clients":38,"events":{"active":1439,"published":28095,"total":28095},"queue":{"acked":27330}}},"registrar":{"states":{"current":20,"update":27276},"writes":{"success":26,"total":26}},"system":{"load":{"1":2.77,"15":1.68,"5":2.12,"norm":{"1":0.0693,"15":0.042,"5":0.053}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:35:52 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:35:52.544Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/kerberos.log]","service.name":"filebeat","input_id":"d231eb41-d945-4da6-bd53-028f690c281c","source_file":"/mnt/Bro/current/kerberos.log","state_id":"native::5113078-64768","finished":false,"os_id":"5113078-64768","old_source":"/mnt/Bro/current/kerberos.log","old_finished":true,"old_os_id":"5113078-64768","harvester_id":"4a7d9f91-ed46-4ef3-aacc-797a4a60e671","ecs.version":"1.6.0"} | |
| Aug 30 13:36:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:36:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":154488832}}}},"cpu":{"system":{"ticks":814290,"time":{"ms":710}},"total":{"ticks":11986400,"time":{"ms":11040},"value":11986400},"user":{"ticks":11172110,"time":{"ms":10330}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59490115},"version":"8.9.1"},"memstats":{"gc_next":109646096,"memory_alloc":80929752,"memory_total":711841646488,"rss":210337792},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":1400,"added":25191,"done":25980},"harvester":{"open_files":19,"running":19,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26093,"active":0,"batches":526,"total":26043},"read":{"bytes":5825271},"write":{"bytes":48828474}},"pipeline":{"clients":38,"events":{"active":536,"filtered":1,"published":25190,"total":25191},"queue":{"acked":26093}}},"registrar":{"states":{"current":20,"update":26094},"writes":{"success":25,"total":25}},"system":{"load":{"1":2.09,"15":1.65,"5":2.02,"norm":{"1":0.0523,"15":0.0412,"5":0.0505}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:36:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:36:12.546Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/capture_loss.log]","service.name":"filebeat","input_id":"5f023bf7-2895-4402-8800-0ea487a7915b","source_file":"/mnt/Bro/current/capture_loss.log","state_id":"native::5113064-64768","finished":false,"os_id":"5113064-64768","old_source":"/mnt/Bro/current/capture_loss.log","old_finished":true,"old_os_id":"5113064-64768","harvester_id":"c2e8b2a2-87fb-48fe-89ce-d64699f406a3","ecs.version":"1.6.0"} | |
| Aug 30 13:36:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:36:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":153718784}}}},"cpu":{"system":{"ticks":815010,"time":{"ms":720}},"total":{"ticks":11997270,"time":{"ms":10870},"value":11997270},"user":{"ticks":11182260,"time":{"ms":10150}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":32},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59520115},"version":"8.9.1"},"memstats":{"gc_next":108296224,"memory_alloc":85832136,"memory_total":712503503064,"rss":211120128},"runtime":{"goroutines":315}},"filebeat":{"events":{"active":1228,"added":25383,"done":25555},"harvester":{"open_files":20,"running":20,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25570,"active":0,"batches":515,"total":25570},"read":{"bytes":5708274},"write":{"bytes":47096969}},"pipeline":{"clients":38,"events":{"active":348,"filtered":1,"published":25382,"total":25383},"queue":{"acked":25570}}},"registrar":{"states":{"current":20,"update":25571},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.63,"15":1.63,"5":1.92,"norm":{"1":0.0407,"15":0.0407,"5":0.048}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:37:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:37:06.489Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":171782144}}}},"cpu":{"system":{"ticks":815930,"time":{"ms":920}},"total":{"ticks":12008980,"time":{"ms":11710},"value":12008980},"user":{"ticks":11193050,"time":{"ms":10790}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":32},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59550115},"version":"8.9.1"},"memstats":{"gc_next":109733408,"memory_alloc":111098504,"memory_total":713184920280,"rss":225800192},"runtime":{"goroutines":315}},"filebeat":{"events":{"active":1234,"added":25652,"done":25646},"harvester":{"open_files":20,"running":20}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25237,"active":0,"batches":509,"total":25237},"read":{"bytes":5634047},"write":{"bytes":47523251}},"pipeline":{"clients":38,"events":{"active":733,"published":25621,"total":25622},"queue":{"acked":25237}}},"registrar":{"states":{"current":20,"update":25237},"writes":{"success":23,"total":23}},"system":{"load":{"1":1.39,"15":1.61,"5":1.83,"norm":{"1":0.0347,"15":0.0403,"5":0.0458}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:37:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:37:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":138682368}}}},"cpu":{"system":{"ticks":816850,"time":{"ms":920}},"total":{"ticks":12019950,"time":{"ms":10970},"value":12019950},"user":{"ticks":11203100,"time":{"ms":10050}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":32},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59580115},"version":"8.9.1"},"memstats":{"gc_next":112907976,"memory_alloc":92403880,"memory_total":713843308912,"rss":198410240},"runtime":{"goroutines":316}},"filebeat":{"events":{"active":1642,"added":24909,"done":24501},"harvester":{"open_files":20,"running":20}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25080,"active":50,"batches":506,"total":25130},"read":{"bytes":5598865},"write":{"bytes":46943018}},"pipeline":{"clients":38,"events":{"active":592,"published":24940,"total":24939},"queue":{"acked":25080}}},"registrar":{"states":{"current":20,"update":25130},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.58,"15":1.62,"5":1.84,"norm":{"1":0.0395,"15":0.0405,"5":0.046}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:38:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:38:06.488Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":148963328}}}},"cpu":{"system":{"ticks":817470,"time":{"ms":620}},"total":{"ticks":12030300,"time":{"ms":10350},"value":12030300},"user":{"ticks":11212830,"time":{"ms":9730}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":32},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59610114},"version":"8.9.1"},"memstats":{"gc_next":130130128,"memory_alloc":96660976,"memory_total":714457000680,"rss":205783040},"runtime":{"goroutines":316}},"filebeat":{"events":{"active":346,"added":23399,"done":24695},"harvester":{"open_files":20,"running":20}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23695,"active":50,"batches":479,"total":23695},"read":{"bytes":5289993},"write":{"bytes":44004541}},"pipeline":{"clients":38,"events":{"active":296,"published":23399,"total":23399},"queue":{"acked":23695}}},"registrar":{"states":{"current":20,"update":23645},"writes":{"success":25,"total":25}},"system":{"load":{"1":2.25,"15":1.69,"5":2.01,"norm":{"1":0.0563,"15":0.0422,"5":0.0502}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:38:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:38:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":152813568}}}},"cpu":{"system":{"ticks":818320,"time":{"ms":850}},"total":{"ticks":12042520,"time":{"ms":12220},"value":12042520},"user":{"ticks":11224200,"time":{"ms":11370}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":32},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59640114},"version":"8.9.1"},"memstats":{"gc_next":105009432,"memory_alloc":57914984,"memory_total":715166558232,"rss":209162240},"runtime":{"goroutines":316}},"filebeat":{"events":{"active":445,"added":26790,"done":26691},"harvester":{"open_files":20,"running":20}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26891,"active":50,"batches":542,"total":26891},"read":{"bytes":6003251},"write":{"bytes":50476546}},"pipeline":{"clients":38,"events":{"active":195,"published":26790,"total":26790},"queue":{"acked":26891}}},"registrar":{"states":{"current":20,"update":26891},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.94,"15":1.68,"5":1.96,"norm":{"1":0.0485,"15":0.042,"5":0.049}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:39:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:39:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":146771968}}}},"cpu":{"system":{"ticks":819050,"time":{"ms":730}},"total":{"ticks":12053060,"time":{"ms":10540},"value":12053060},"user":{"ticks":11234010,"time":{"ms":9810}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":32},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59670115},"version":"8.9.1"},"memstats":{"gc_next":99713464,"memory_alloc":58603528,"memory_total":715803489200,"rss":202428416},"runtime":{"goroutines":316}},"filebeat":{"events":{"active":1596,"added":24198,"done":23047},"harvester":{"open_files":20,"running":20}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":23997,"active":50,"batches":483,"total":23997},"read":{"bytes":5357057},"write":{"bytes":44723925}},"pipeline":{"clients":38,"events":{"active":396,"published":24198,"total":24198},"queue":{"acked":23997}}},"registrar":{"states":{"current":20,"update":23997},"writes":{"success":22,"total":22}},"system":{"load":{"1":1.5,"15":1.66,"5":1.85,"norm":{"1":0.0375,"15":0.0415,"5":0.0463}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:39:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:39:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":164106240}}}},"cpu":{"system":{"ticks":819880,"time":{"ms":830}},"total":{"ticks":12064560,"time":{"ms":11500},"value":12064560},"user":{"ticks":11244680,"time":{"ms":10670}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":32},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59700113},"version":"8.9.1"},"memstats":{"gc_next":126647352,"memory_alloc":120231000,"memory_total":716512514880,"rss":220180480},"runtime":{"goroutines":315}},"filebeat":{"events":{"active":884,"added":26871,"done":27583},"harvester":{"open_files":20,"running":20}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26383,"active":0,"batches":531,"total":26333},"read":{"bytes":5889864},"write":{"bytes":49312416}},"pipeline":{"clients":38,"events":{"active":884,"published":26871,"total":26871},"queue":{"acked":26383}}},"registrar":{"states":{"current":20,"update":26383},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.59,"15":1.65,"5":1.83,"norm":{"1":0.0398,"15":0.0412,"5":0.0458}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:39:42 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:39:42.550Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"9ae4765b-23f2-4be3-a4d9-3390f892eaba","source_file":"/mnt/Bro/current/pe.log","state_id":"native::5113077-64768","finished":false,"os_id":"5113077-64768","old_source":"/mnt/Bro/current/pe.log","old_finished":true,"old_os_id":"5113077-64768","harvester_id":"ae41f42c-83bf-454d-812c-b76bf91ed9c9","ecs.version":"1.6.0"} | |
| Aug 30 13:40:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:40:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":148635648}}}},"cpu":{"system":{"ticks":820520,"time":{"ms":640}},"total":{"ticks":12074490,"time":{"ms":9930},"value":12074490},"user":{"ticks":11253970,"time":{"ms":9290}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59730115},"version":"8.9.1"},"memstats":{"gc_next":102514976,"memory_alloc":52231400,"memory_total":717102446224,"rss":204537856},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":604,"added":22319,"done":22599},"harvester":{"closed":1,"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":22598,"active":0,"batches":458,"total":22598},"read":{"bytes":5045225},"write":{"bytes":42311356}},"pipeline":{"clients":38,"events":{"active":604,"filtered":1,"published":22318,"total":22319},"queue":{"acked":22598}}},"registrar":{"states":{"current":20,"update":22599},"writes":{"success":23,"total":23}},"system":{"load":{"1":2.22,"15":1.7,"5":1.95,"norm":{"1":0.0555,"15":0.0425,"5":0.0488}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:40:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:40:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":155099136}}}},"cpu":{"system":{"ticks":821150,"time":{"ms":630}},"total":{"ticks":12085630,"time":{"ms":11140},"value":12085630},"user":{"ticks":11264480,"time":{"ms":10510}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59760115},"version":"8.9.1"},"memstats":{"gc_next":120236760,"memory_alloc":68399920,"memory_total":717798893712,"rss":209465344},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":2655,"added":26756,"done":24705},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25655,"active":50,"batches":519,"total":25705},"read":{"bytes":5727451},"write":{"bytes":47507567}},"pipeline":{"clients":38,"events":{"active":1705,"published":26756,"total":26756},"queue":{"acked":25655}}},"registrar":{"states":{"current":20,"update":25655},"writes":{"success":24,"total":24}},"system":{"load":{"1":2.04,"15":1.7,"5":1.94,"norm":{"1":0.051,"15":0.0425,"5":0.0485}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:40:57 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:40:57.562Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"d231eb41-d945-4da6-bd53-028f690c281c","source_file":"/mnt/Bro/current/kerberos.log","state_id":"native::5113078-64768","finished":false,"os_id":"5113078-64768","old_source":"/mnt/Bro/current/kerberos.log","old_finished":true,"old_os_id":"5113078-64768","harvester_id":"4a7d9f91-ed46-4ef3-aacc-797a4a60e671","ecs.version":"1.6.0"} | |
| Aug 30 13:41:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:41:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":152690688}}}},"cpu":{"system":{"ticks":821970,"time":{"ms":820}},"total":{"ticks":12097620,"time":{"ms":11990},"value":12097620},"user":{"ticks":11275650,"time":{"ms":11170}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59790114},"version":"8.9.1"},"memstats":{"gc_next":109472248,"memory_alloc":81848192,"memory_total":718538973296,"rss":207151104},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1005,"added":27761,"done":29411},"harvester":{"closed":1,"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28660,"active":50,"batches":576,"total":28660},"read":{"bytes":6397885},"write":{"bytes":54047072}},"pipeline":{"clients":38,"events":{"active":806,"filtered":1,"published":27760,"total":27762},"queue":{"acked":28660}}},"registrar":{"states":{"current":20,"update":28661},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.84,"15":1.7,"5":1.89,"norm":{"1":0.046,"15":0.0425,"5":0.0473}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:41:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:41:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":155549696}}}},"cpu":{"system":{"ticks":822870,"time":{"ms":900}},"total":{"ticks":12109060,"time":{"ms":11440},"value":12109060},"user":{"ticks":11286190,"time":{"ms":10540}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59820113},"version":"8.9.1"},"memstats":{"gc_next":115792280,"memory_alloc":90536784,"memory_total":719237956672,"rss":210968576},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1536,"added":26572,"done":26041},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26891,"active":50,"batches":541,"total":26891},"read":{"bytes":6003059},"write":{"bytes":49918456}},"pipeline":{"clients":38,"events":{"active":486,"published":26572,"total":26571},"queue":{"acked":26891}}},"registrar":{"states":{"current":20,"update":26891},"writes":{"success":26,"total":26}},"system":{"load":{"1":2.05,"15":1.72,"5":1.95,"norm":{"1":0.0513,"15":0.043,"5":0.0488}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:41:52 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:41:52.572Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/pe.log]","service.name":"filebeat","input_id":"9ae4765b-23f2-4be3-a4d9-3390f892eaba","source_file":"/mnt/Bro/current/pe.log","state_id":"native::5113077-64768","finished":false,"os_id":"5113077-64768","old_source":"/mnt/Bro/current/pe.log","old_finished":true,"old_os_id":"5113077-64768","harvester_id":"fd7e41f3-7d53-415d-8bf5-40fbebacedc1","ecs.version":"1.6.0"} | |
| Aug 30 13:42:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:42:02.570Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"5f023bf7-2895-4402-8800-0ea487a7915b","source_file":"/mnt/Bro/current/capture_loss.log","state_id":"native::5113064-64768","finished":false,"os_id":"5113064-64768","old_source":"/mnt/Bro/current/capture_loss.log","old_finished":true,"old_os_id":"5113064-64768","harvester_id":"c2e8b2a2-87fb-48fe-89ce-d64699f406a3","ecs.version":"1.6.0"} | |
| Aug 30 13:42:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:42:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":161783808}}}},"cpu":{"system":{"ticks":823700,"time":{"ms":830}},"total":{"ticks":12121120,"time":{"ms":12060},"value":12121120},"user":{"ticks":11297420,"time":{"ms":11230}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59850114},"version":"8.9.1"},"memstats":{"gc_next":98442552,"memory_alloc":87310888,"memory_total":719976175264,"rss":215171072},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1197,"added":27938,"done":28277},"harvester":{"closed":1,"open_files":18,"running":18,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27275,"active":50,"batches":549,"total":27275},"read":{"bytes":6088839},"write":{"bytes":51408607}},"pipeline":{"clients":38,"events":{"active":1147,"filtered":2,"published":27935,"total":27938},"queue":{"acked":27275}}},"registrar":{"states":{"current":20,"update":27277},"writes":{"success":27,"total":27}},"system":{"load":{"1":2.07,"15":1.74,"5":1.97,"norm":{"1":0.0518,"15":0.0435,"5":0.0493}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:42:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:42:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":162611200}}}},"cpu":{"system":{"ticks":824500,"time":{"ms":800}},"total":{"ticks":12132190,"time":{"ms":11070},"value":12132190},"user":{"ticks":11307690,"time":{"ms":10270}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59880116},"version":"8.9.1"},"memstats":{"gc_next":121000232,"memory_alloc":112325312,"memory_total":720660249808,"rss":216592384},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1371,"added":25883,"done":25709},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26509,"active":50,"batches":533,"total":26509},"read":{"bytes":5917751},"write":{"bytes":49460213}},"pipeline":{"clients":38,"events":{"active":521,"published":25884,"total":25883},"queue":{"acked":26509}}},"registrar":{"states":{"current":20,"update":26509},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.96,"15":1.74,"5":1.94,"norm":{"1":0.049,"15":0.0435,"5":0.0485}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:43:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:43:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":164519936}}}},"cpu":{"system":{"ticks":825470,"time":{"ms":970}},"total":{"ticks":12143870,"time":{"ms":11680},"value":12143870},"user":{"ticks":11318400,"time":{"ms":10710}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59910115},"version":"8.9.1"},"memstats":{"gc_next":116105504,"memory_alloc":75538880,"memory_total":721349789640,"rss":220053504},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":2192,"added":26357,"done":25536},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25636,"active":50,"batches":517,"total":25636},"read":{"bytes":5723111},"write":{"bytes":47560021}},"pipeline":{"clients":38,"events":{"active":1242,"published":26357,"total":26357},"queue":{"acked":25636}}},"registrar":{"states":{"current":20,"update":25636},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.65,"15":1.72,"5":1.87,"norm":{"1":0.0412,"15":0.043,"5":0.0468}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:43:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:43:36.490Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":170086400}}}},"cpu":{"system":{"ticks":826230,"time":{"ms":760}},"total":{"ticks":12155140,"time":{"ms":11270},"value":12155140},"user":{"ticks":11328910,"time":{"ms":10510}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59940116},"version":"8.9.1"},"memstats":{"gc_next":131786040,"memory_alloc":112739824,"memory_total":722059027832,"rss":225333248},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":894,"added":26894,"done":28192},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27292,"active":50,"batches":548,"total":27292},"read":{"bytes":6092391},"write":{"bytes":50942517}},"pipeline":{"clients":38,"events":{"active":844,"published":26894,"total":26894},"queue":{"acked":27292}}},"registrar":{"states":{"current":20,"update":27292},"writes":{"success":26,"total":26}},"system":{"load":{"1":2.02,"15":1.74,"5":1.93,"norm":{"1":0.0505,"15":0.0435,"5":0.0483}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:44:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:44:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":157573120}}}},"cpu":{"system":{"ticks":826920,"time":{"ms":690}},"total":{"ticks":12165770,"time":{"ms":10630},"value":12165770},"user":{"ticks":11338850,"time":{"ms":9940}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":59970114},"version":"8.9.1"},"memstats":{"gc_next":128656864,"memory_alloc":88797288,"memory_total":722707017288,"rss":212676608},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1834,"added":24610,"done":23670},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24820,"active":50,"batches":501,"total":24820},"read":{"bytes":5541003},"write":{"bytes":46172024}},"pipeline":{"clients":38,"events":{"active":634,"published":24610,"total":24610},"queue":{"acked":24820}}},"registrar":{"states":{"current":20,"update":24820},"writes":{"success":22,"total":22}},"system":{"load":{"1":2.22,"15":1.77,"5":1.99,"norm":{"1":0.0555,"15":0.0443,"5":0.0498}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:44:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:44:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":161021952}}}},"cpu":{"system":{"ticks":827650,"time":{"ms":730}},"total":{"ticks":12178330,"time":{"ms":12560},"value":12178330},"user":{"ticks":11350680,"time":{"ms":11830}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60000115},"version":"8.9.1"},"memstats":{"gc_next":112312968,"memory_alloc":80603320,"memory_total":723499509336,"rss":216592384},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":816,"added":30361,"done":31379},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":30179,"active":50,"batches":607,"total":30179},"read":{"bytes":6737029},"write":{"bytes":56037386}},"pipeline":{"clients":38,"events":{"active":816,"published":30361,"total":30361},"queue":{"acked":30179}}},"registrar":{"states":{"current":20,"update":30179},"writes":{"success":29,"total":29}},"system":{"load":{"1":2.3,"15":1.78,"5":2.01,"norm":{"1":0.0575,"15":0.0445,"5":0.0502}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:45:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:45:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":159825920}}}},"cpu":{"system":{"ticks":828270,"time":{"ms":620}},"total":{"ticks":12188820,"time":{"ms":10490},"value":12188820},"user":{"ticks":11360550,"time":{"ms":9870}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60030118},"version":"8.9.1"},"memstats":{"gc_next":115992600,"memory_alloc":106234088,"memory_total":724161411216,"rss":214790144},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1533,"added":24880,"done":24163},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24963,"active":50,"batches":504,"total":24963},"read":{"bytes":5572935},"write":{"bytes":46892163}},"pipeline":{"clients":38,"events":{"active":733,"published":24880,"total":24880},"queue":{"acked":24963}}},"registrar":{"states":{"current":20,"update":24963},"writes":{"success":24,"total":24}},"system":{"load":{"1":2.85,"15":1.84,"5":2.16,"norm":{"1":0.0713,"15":0.046,"5":0.054}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:45:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:45:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":152965120}}}},"cpu":{"system":{"ticks":828950,"time":{"ms":680}},"total":{"ticks":12200700,"time":{"ms":11880},"value":12200700},"user":{"ticks":11371750,"time":{"ms":11200}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60060114},"version":"8.9.1"},"memstats":{"gc_next":109604600,"memory_alloc":55820680,"memory_total":724903536664,"rss":205025280},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1867,"added":28210,"done":27876},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27476,"active":50,"batches":553,"total":27476},"read":{"bytes":6133711},"write":{"bytes":51462535}},"pipeline":{"clients":38,"events":{"active":1467,"published":28210,"total":28210},"queue":{"acked":27476}}},"registrar":{"states":{"current":20,"update":27476},"writes":{"success":27,"total":27}},"system":{"load":{"1":2.74,"15":1.87,"5":2.2,"norm":{"1":0.0685,"15":0.0468,"5":0.055}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:46:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:46:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":180404224}}}},"cpu":{"system":{"ticks":829640,"time":{"ms":690}},"total":{"ticks":12211140,"time":{"ms":10440},"value":12211140},"user":{"ticks":11381500,"time":{"ms":9750}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60090113},"version":"8.9.1"},"memstats":{"gc_next":131813888,"memory_alloc":120508304,"memory_total":725556613160,"rss":234446848},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":1073,"added":24733,"done":25527},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25344,"active":0,"batches":510,"total":25294},"read":{"bytes":5657907},"write":{"bytes":47156220}},"pipeline":{"clients":38,"events":{"active":856,"published":24733,"total":24733},"queue":{"acked":25344}}},"registrar":{"states":{"current":20,"update":25344},"writes":{"success":25,"total":25}},"system":{"load":{"1":2.57,"15":1.88,"5":2.21,"norm":{"1":0.0643,"15":0.047,"5":0.0553}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:46:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:46:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":162967552}}}},"cpu":{"system":{"ticks":830480,"time":{"ms":840}},"total":{"ticks":12222720,"time":{"ms":11580},"value":12222720},"user":{"ticks":11392240,"time":{"ms":10740}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60120113},"version":"8.9.1"},"memstats":{"gc_next":126411968,"memory_alloc":117914776,"memory_total":726270064312,"rss":217026560},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":353,"added":26933,"done":27653},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27586,"active":50,"batches":556,"total":27636},"read":{"bytes":6158231},"write":{"bytes":51814434}},"pipeline":{"clients":38,"events":{"active":203,"published":26933,"total":26933},"queue":{"acked":27586}}},"registrar":{"states":{"current":20,"update":27586},"writes":{"success":27,"total":27}},"system":{"load":{"1":2.32,"15":1.89,"5":2.19,"norm":{"1":0.058,"15":0.0473,"5":0.0548}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:47:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:47:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":137183232}}}},"cpu":{"system":{"ticks":831310,"time":{"ms":830}},"total":{"ticks":12234910,"time":{"ms":12190},"value":12234910},"user":{"ticks":11403600,"time":{"ms":11360}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60150114},"version":"8.9.1"},"memstats":{"gc_next":107871176,"memory_alloc":64651976,"memory_total":726985026304,"rss":190889984},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":739,"added":26907,"done":26521},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26821,"active":50,"batches":540,"total":26821},"read":{"bytes":5987530},"write":{"bytes":50453941}},"pipeline":{"clients":38,"events":{"active":289,"published":26907,"total":26907},"queue":{"acked":26821}}},"registrar":{"states":{"current":20,"update":26821},"writes":{"success":23,"total":23}},"system":{"load":{"1":2.46,"15":1.91,"5":2.22,"norm":{"1":0.0615,"15":0.0478,"5":0.0555}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:47:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:47:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":164605952}}}},"cpu":{"system":{"ticks":832090,"time":{"ms":780}},"total":{"ticks":12245970,"time":{"ms":11060},"value":12245970},"user":{"ticks":11413880,"time":{"ms":10280}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60180115},"version":"8.9.1"},"memstats":{"gc_next":120289312,"memory_alloc":113477264,"memory_total":727663373632,"rss":217145344},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":610,"added":25671,"done":25800},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25700,"active":50,"batches":518,"total":25700},"read":{"bytes":5737357},"write":{"bytes":48254621}},"pipeline":{"clients":38,"events":{"active":260,"published":25671,"total":25671},"queue":{"acked":25700}}},"registrar":{"states":{"current":20,"update":25700},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.99,"15":1.88,"5":2.12,"norm":{"1":0.0498,"15":0.047,"5":0.053}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:48:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:48:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":157630464}}}},"cpu":{"system":{"ticks":832910,"time":{"ms":820}},"total":{"ticks":12257420,"time":{"ms":11450},"value":12257420},"user":{"ticks":11424510,"time":{"ms":10630}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60210113},"version":"8.9.1"},"memstats":{"gc_next":141060096,"memory_alloc":104637696,"memory_total":728344024080,"rss":221175808},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":1239,"added":25869,"done":25240},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25189,"active":0,"batches":508,"total":25139},"read":{"bytes":5623489},"write":{"bytes":46985048}},"pipeline":{"clients":38,"events":{"active":940,"published":25869,"total":25869},"queue":{"acked":25189}}},"registrar":{"states":{"current":20,"update":25189},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.54,"15":1.85,"5":2,"norm":{"1":0.0385,"15":0.0463,"5":0.05}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:48:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:48:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":172515328}}}},"cpu":{"system":{"ticks":833800,"time":{"ms":890}},"total":{"ticks":12271070,"time":{"ms":13650},"value":12271070},"user":{"ticks":11437270,"time":{"ms":12760}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60240113},"version":"8.9.1"},"memstats":{"gc_next":131972256,"memory_alloc":85681880,"memory_total":729165085672,"rss":235163648},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1527,"added":31197,"done":30909},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":31110,"active":50,"batches":625,"total":31160},"read":{"bytes":6944631},"write":{"bytes":58072566}},"pipeline":{"clients":38,"events":{"active":1027,"published":31197,"total":31197},"queue":{"acked":31110}}},"registrar":{"states":{"current":20,"update":31110},"writes":{"success":28,"total":28}},"system":{"load":{"1":1.84,"15":1.86,"5":2.02,"norm":{"1":0.046,"15":0.0465,"5":0.0505}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:49:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:49:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":143765504}}}},"cpu":{"system":{"ticks":834650,"time":{"ms":850}},"total":{"ticks":12284160,"time":{"ms":13090},"value":12284160},"user":{"ticks":11449510,"time":{"ms":12240}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60270114},"version":"8.9.1"},"memstats":{"gc_next":125850472,"memory_alloc":88107568,"memory_total":729952661952,"rss":207912960},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1153,"added":29754,"done":30128},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":30378,"active":50,"batches":609,"total":30378},"read":{"bytes":6781192},"write":{"bytes":56912124}},"pipeline":{"clients":38,"events":{"active":403,"published":29754,"total":29754},"queue":{"acked":30378}}},"registrar":{"states":{"current":20,"update":30378},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.57,"15":1.84,"5":1.94,"norm":{"1":0.0393,"15":0.046,"5":0.0485}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:49:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:49:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":145514496}}}},"cpu":{"system":{"ticks":835370,"time":{"ms":720}},"total":{"ticks":12296770,"time":{"ms":12610},"value":12296770},"user":{"ticks":11461400,"time":{"ms":11890}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60300118},"version":"8.9.1"},"memstats":{"gc_next":103686680,"memory_alloc":56596248,"memory_total":730710864080,"rss":209133568},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1560,"added":28917,"done":28510},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28660,"active":50,"batches":576,"total":28660},"read":{"bytes":6397899},"write":{"bytes":53268911}},"pipeline":{"clients":38,"events":{"active":660,"published":28917,"total":28917},"queue":{"acked":28660}}},"registrar":{"states":{"current":20,"update":28660},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.45,"15":1.82,"5":1.88,"norm":{"1":0.0363,"15":0.0455,"5":0.047}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:50:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:50:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":158334976}}}},"cpu":{"system":{"ticks":836120,"time":{"ms":750}},"total":{"ticks":12308650,"time":{"ms":11880},"value":12308650},"user":{"ticks":11472530,"time":{"ms":11130}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60330113},"version":"8.9.1"},"memstats":{"gc_next":122450968,"memory_alloc":114354864,"memory_total":731452926216,"rss":222158848},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":913,"added":28013,"done":28660},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27760,"active":50,"batches":557,"total":27760},"read":{"bytes":6196842},"write":{"bytes":52247332}},"pipeline":{"clients":38,"events":{"active":913,"published":28013,"total":28013},"queue":{"acked":27760}}},"registrar":{"states":{"current":20,"update":27760},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.91,"15":1.84,"5":1.94,"norm":{"1":0.0478,"15":0.046,"5":0.0485}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:50:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:50:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":130732032}}}},"cpu":{"system":{"ticks":837000,"time":{"ms":880}},"total":{"ticks":12320700,"time":{"ms":12050},"value":12320700},"user":{"ticks":11483700,"time":{"ms":11170}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60360118},"version":"8.9.1"},"memstats":{"gc_next":110207672,"memory_alloc":55439296,"memory_total":732195312184,"rss":192499712},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":1597,"added":28086,"done":27402},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27402,"active":0,"batches":549,"total":27352},"read":{"bytes":6116959},"write":{"bytes":50926280}},"pipeline":{"clients":38,"events":{"active":1597,"published":28086,"total":28086},"queue":{"acked":27402}}},"registrar":{"states":{"current":20,"update":27402},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.99,"15":1.84,"5":1.95,"norm":{"1":0.0498,"15":0.046,"5":0.0488}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:51:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:51:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":138076160}}}},"cpu":{"system":{"ticks":837700,"time":{"ms":700}},"total":{"ticks":12332170,"time":{"ms":11470},"value":12332170},"user":{"ticks":11494470,"time":{"ms":10770}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60390113},"version":"8.9.1"},"memstats":{"gc_next":108116472,"memory_alloc":71249384,"memory_total":732891731048,"rss":199720960},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1705,"added":26383,"done":26275},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26725,"active":50,"batches":539,"total":26775},"read":{"bytes":5966085},"write":{"bytes":50427232}},"pipeline":{"clients":38,"events":{"active":1255,"published":26383,"total":26383},"queue":{"acked":26725}}},"registrar":{"states":{"current":20,"update":26725},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.77,"15":1.83,"5":1.9,"norm":{"1":0.0443,"15":0.0458,"5":0.0475}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:51:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:51:12.618Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/capture_loss.log]","service.name":"filebeat","input_id":"5f023bf7-2895-4402-8800-0ea487a7915b","source_file":"/mnt/Bro/current/capture_loss.log","state_id":"native::5113064-64768","finished":false,"os_id":"5113064-64768","old_source":"/mnt/Bro/current/capture_loss.log","old_finished":true,"old_os_id":"5113064-64768","harvester_id":"373c7c1a-9240-4a9c-a81f-999312bb8d3b","ecs.version":"1.6.0"} | |
| Aug 30 13:51:22 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:51:22.604Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"9ae4765b-23f2-4be3-a4d9-3390f892eaba","source_file":"/mnt/Bro/current/pe.log","state_id":"native::5113077-64768","finished":false,"os_id":"5113077-64768","old_source":"/mnt/Bro/current/pe.log","old_finished":true,"old_os_id":"5113077-64768","harvester_id":"fd7e41f3-7d53-415d-8bf5-40fbebacedc1","ecs.version":"1.6.0"} | |
| Aug 30 13:51:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:51:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":158060544}}}},"cpu":{"system":{"ticks":838630,"time":{"ms":930}},"total":{"ticks":12343730,"time":{"ms":11560},"value":12343730},"user":{"ticks":11505100,"time":{"ms":10630}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60420115},"version":"8.9.1"},"memstats":{"gc_next":129173704,"memory_alloc":121560896,"memory_total":733574223720,"rss":223465472},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":805,"added":25942,"done":26842},"harvester":{"closed":1,"open_files":18,"running":18,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26898,"active":0,"batches":541,"total":26848},"read":{"bytes":6004790},"write":{"bytes":49871014}},"pipeline":{"clients":38,"events":{"active":297,"filtered":2,"published":25940,"total":25942},"queue":{"acked":26898}}},"registrar":{"states":{"current":20,"update":26900},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.82,"15":1.83,"5":1.9,"norm":{"1":0.0455,"15":0.0458,"5":0.0475}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:52:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:52:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":189247488}}}},"cpu":{"system":{"ticks":839750,"time":{"ms":1120}},"total":{"ticks":12357830,"time":{"ms":14100},"value":12357830},"user":{"ticks":11518080,"time":{"ms":12980}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60450116},"version":"8.9.1"},"memstats":{"gc_next":160155064,"memory_alloc":139889800,"memory_total":734422947752,"rss":252362752},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":2520,"added":32329,"done":30614},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":30606,"active":50,"batches":615,"total":30656},"read":{"bytes":6832153},"write":{"bytes":57352716}},"pipeline":{"clients":38,"events":{"active":2020,"published":32329,"total":32329},"queue":{"acked":30606}}},"registrar":{"states":{"current":20,"update":30606},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.64,"15":1.81,"5":1.84,"norm":{"1":0.041,"15":0.0453,"5":0.046}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:52:32 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:52:32.627Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/kerberos.log]","service.name":"filebeat","input_id":"d231eb41-d945-4da6-bd53-028f690c281c","source_file":"/mnt/Bro/current/kerberos.log","state_id":"native::5113078-64768","finished":false,"os_id":"5113078-64768","old_source":"/mnt/Bro/current/kerberos.log","old_finished":true,"old_os_id":"5113078-64768","harvester_id":"89f84648-37af-444a-a5d3-1c777794e5e3","ecs.version":"1.6.0"} | |
| Aug 30 13:52:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:52:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":151838720}}}},"cpu":{"system":{"ticks":840630,"time":{"ms":880}},"total":{"ticks":12370030,"time":{"ms":12200},"value":12370030},"user":{"ticks":11529400,"time":{"ms":11320}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60480115},"version":"8.9.1"},"memstats":{"gc_next":113721680,"memory_alloc":75361088,"memory_total":735134736712,"rss":213540864},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":1566,"added":26971,"done":27925},"harvester":{"open_files":19,"running":19,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28024,"active":50,"batches":562,"total":28024},"read":{"bytes":6255735},"write":{"bytes":52176841}},"pipeline":{"clients":38,"events":{"active":966,"filtered":1,"published":26970,"total":26971},"queue":{"acked":28024}}},"registrar":{"states":{"current":20,"update":28025},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.72,"15":1.81,"5":1.84,"norm":{"1":0.043,"15":0.0453,"5":0.046}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:53:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:53:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":152358912}}}},"cpu":{"system":{"ticks":841380,"time":{"ms":750}},"total":{"ticks":12381090,"time":{"ms":11060},"value":12381090},"user":{"ticks":11539710,"time":{"ms":10310}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60510114},"version":"8.9.1"},"memstats":{"gc_next":126720248,"memory_alloc":78607608,"memory_total":735789167024,"rss":214347776},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":854,"added":24659,"done":25371},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25071,"active":50,"batches":507,"total":25071},"read":{"bytes":5597207},"write":{"bytes":46945702}},"pipeline":{"clients":38,"events":{"active":554,"published":24659,"total":24659},"queue":{"acked":25071}}},"registrar":{"states":{"current":20,"update":25071},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.87,"15":1.82,"5":1.86,"norm":{"1":0.0468,"15":0.0455,"5":0.0465}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:53:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:53:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":153800704}}}},"cpu":{"system":{"ticks":842160,"time":{"ms":780}},"total":{"ticks":12392230,"time":{"ms":11140},"value":12392230},"user":{"ticks":11550070,"time":{"ms":10360}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60540114},"version":"8.9.1"},"memstats":{"gc_next":139633720,"memory_alloc":91459608,"memory_total":736448059984,"rss":215228416},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":481,"added":25107,"done":25480},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25180,"active":0,"batches":506,"total":25130},"read":{"bytes":5621192},"write":{"bytes":46703813}},"pipeline":{"clients":38,"events":{"active":481,"published":25107,"total":25107},"queue":{"acked":25180}}},"registrar":{"states":{"current":20,"update":25180},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.95,"15":1.83,"5":1.89,"norm":{"1":0.0488,"15":0.0458,"5":0.0473}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:54:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:54:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":158527488}}}},"cpu":{"system":{"ticks":842920,"time":{"ms":760}},"total":{"ticks":12402280,"time":{"ms":10050},"value":12402280},"user":{"ticks":11559360,"time":{"ms":9290}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60570119},"version":"8.9.1"},"memstats":{"gc_next":142517256,"memory_alloc":114216024,"memory_total":737048722288,"rss":220491776},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":434,"added":22698,"done":22745},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":22945,"active":50,"batches":464,"total":22995},"read":{"bytes":5122406},"write":{"bytes":43040230}},"pipeline":{"clients":38,"events":{"active":234,"published":22698,"total":22698},"queue":{"acked":22945}}},"registrar":{"states":{"current":20,"update":22945},"writes":{"success":24,"total":24}},"system":{"load":{"1":1.75,"15":1.82,"5":1.85,"norm":{"1":0.0438,"15":0.0455,"5":0.0463}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:54:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:54:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":190349312}}}},"cpu":{"system":{"ticks":843860,"time":{"ms":940}},"total":{"ticks":12415200,"time":{"ms":12920},"value":12415200},"user":{"ticks":11571340,"time":{"ms":11980}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60600114},"version":"8.9.1"},"memstats":{"gc_next":160110016,"memory_alloc":152636608,"memory_total":737806422584,"rss":251273216},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":2130,"added":29133,"done":27437},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28237,"active":50,"batches":568,"total":28237},"read":{"bytes":6303538},"write":{"bytes":52188736}},"pipeline":{"clients":38,"events":{"active":1085,"published":29086,"total":29088},"queue":{"acked":28237}}},"registrar":{"states":{"current":20,"update":28287},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.93,"15":1.83,"5":1.88,"norm":{"1":0.0483,"15":0.0458,"5":0.047}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:55:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:55:06.485Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":142344192}}}},"cpu":{"system":{"ticks":844790,"time":{"ms":930}},"total":{"ticks":12427870,"time":{"ms":12670},"value":12427870},"user":{"ticks":11583080,"time":{"ms":11740}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60630114},"version":"8.9.1"},"memstats":{"gc_next":130206032,"memory_alloc":99425776,"memory_total":738567412616,"rss":205398016},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":837,"added":28481,"done":29774},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28774,"active":0,"batches":578,"total":28724},"read":{"bytes":6423446},"write":{"bytes":54310967}},"pipeline":{"clients":38,"events":{"active":837,"published":28528,"total":28526},"queue":{"acked":28774}}},"registrar":{"states":{"current":20,"update":28724},"writes":{"success":28,"total":28}},"system":{"load":{"1":2.23,"15":1.85,"5":1.94,"norm":{"1":0.0558,"15":0.0463,"5":0.0485}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:55:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:55:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":164442112}}}},"cpu":{"system":{"ticks":846180,"time":{"ms":1390}},"total":{"ticks":12442860,"time":{"ms":14990},"value":12442860},"user":{"ticks":11596680,"time":{"ms":13600}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60660114},"version":"8.9.1"},"memstats":{"gc_next":122106552,"memory_alloc":72004400,"memory_total":739449245648,"rss":225796096},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":1181,"added":33880,"done":33536},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":34067,"active":0,"batches":682,"total":34067},"read":{"bytes":7604485},"write":{"bytes":62586445}},"pipeline":{"clients":38,"events":{"active":650,"published":33880,"total":33880},"queue":{"acked":34067}}},"registrar":{"states":{"current":20,"update":34067},"writes":{"success":28,"total":28}},"system":{"load":{"1":2,"15":1.85,"5":1.92,"norm":{"1":0.05,"15":0.0463,"5":0.048}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:56:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:56:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":151396352}}}},"cpu":{"system":{"ticks":847190,"time":{"ms":1010}},"total":{"ticks":12456130,"time":{"ms":13270},"value":12456130},"user":{"ticks":11608940,"time":{"ms":12260}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60690113},"version":"8.9.1"},"memstats":{"gc_next":108677560,"memory_alloc":60911136,"memory_total":740242562832,"rss":211128320},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":1687,"added":30040,"done":29534},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29591,"active":0,"batches":594,"total":29591},"read":{"bytes":6605615},"write":{"bytes":55611214}},"pipeline":{"clients":38,"events":{"active":1099,"published":30040,"total":30040},"queue":{"acked":29591}}},"registrar":{"states":{"current":20,"update":29591},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.87,"15":1.84,"5":1.89,"norm":{"1":0.0468,"15":0.046,"5":0.0473}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:56:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:56:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":142647296}}}},"cpu":{"system":{"ticks":848010,"time":{"ms":820}},"total":{"ticks":12468950,"time":{"ms":12820},"value":12468950},"user":{"ticks":11620940,"time":{"ms":12000}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60720118},"version":"8.9.1"},"memstats":{"gc_next":102216656,"memory_alloc":54419624,"memory_total":740999038176,"rss":203354112},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":1065,"added":28772,"done":29394},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28910,"active":0,"batches":581,"total":28910},"read":{"bytes":6453721},"write":{"bytes":53634613}},"pipeline":{"clients":38,"events":{"active":961,"published":28772,"total":28772},"queue":{"acked":28910}}},"registrar":{"states":{"current":20,"update":28910},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.66,"15":1.83,"5":1.85,"norm":{"1":0.0415,"15":0.0458,"5":0.0463}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:57:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:57:02.637Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"5f023bf7-2895-4402-8800-0ea487a7915b","source_file":"/mnt/Bro/current/capture_loss.log","state_id":"native::5113064-64768","finished":false,"os_id":"5113064-64768","old_source":"/mnt/Bro/current/capture_loss.log","old_finished":true,"old_os_id":"5113064-64768","harvester_id":"373c7c1a-9240-4a9c-a81f-999312bb8d3b","ecs.version":"1.6.0"} | |
| Aug 30 13:57:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:57:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":161140736}}}},"cpu":{"system":{"ticks":848740,"time":{"ms":730}},"total":{"ticks":12481100,"time":{"ms":12150},"value":12481100},"user":{"ticks":11632360,"time":{"ms":11420}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60750115},"version":"8.9.1"},"memstats":{"gc_next":118756608,"memory_alloc":98222736,"memory_total":741724755520,"rss":221360128},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1160,"added":27560,"done":27465},"harvester":{"closed":1,"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27410,"active":50,"batches":553,"total":27460},"read":{"bytes":6119042},"write":{"bytes":51293202}},"pipeline":{"clients":38,"events":{"active":1110,"filtered":1,"published":27559,"total":27560},"queue":{"acked":27410}}},"registrar":{"states":{"current":20,"update":27411},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.47,"15":1.81,"5":1.79,"norm":{"1":0.0368,"15":0.0453,"5":0.0448}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:57:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:57:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":167854080}}}},"cpu":{"system":{"ticks":849570,"time":{"ms":830}},"total":{"ticks":12493640,"time":{"ms":12540},"value":12493640},"user":{"ticks":11644070,"time":{"ms":11710}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60780114},"version":"8.9.1"},"memstats":{"gc_next":129426336,"memory_alloc":81808448,"memory_total":742481929792,"rss":227442688},"runtime":{"goroutines":306}},"filebeat":{"events":{"active":1986,"added":28711,"done":27885},"harvester":{"open_files":18,"running":18}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28485,"active":50,"batches":573,"total":28485},"read":{"bytes":6358935},"write":{"bytes":53387913}},"pipeline":{"clients":38,"events":{"active":1310,"published":28684,"total":28685},"queue":{"acked":28485}}},"registrar":{"states":{"current":20,"update":28485},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.27,"15":1.78,"5":1.71,"norm":{"1":0.0318,"15":0.0445,"5":0.0427}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:57:37 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:57:37.645Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"d231eb41-d945-4da6-bd53-028f690c281c","source_file":"/mnt/Bro/current/kerberos.log","state_id":"native::5113078-64768","finished":false,"os_id":"5113078-64768","old_source":"/mnt/Bro/current/kerberos.log","old_finished":true,"old_os_id":"5113078-64768","harvester_id":"89f84648-37af-444a-a5d3-1c777794e5e3","ecs.version":"1.6.0"} | |
| Aug 30 13:58:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:58:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":150089728}}}},"cpu":{"system":{"ticks":850490,"time":{"ms":920}},"total":{"ticks":12505130,"time":{"ms":11490},"value":12505130},"user":{"ticks":11654640,"time":{"ms":10570}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60810113},"version":"8.9.1"},"memstats":{"gc_next":108085312,"memory_alloc":62351112,"memory_total":743165042752,"rss":210563072},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":253,"added":25714,"done":27447},"harvester":{"closed":1,"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26897,"active":0,"batches":541,"total":26847},"read":{"bytes":6004580},"write":{"bytes":50233449}},"pipeline":{"clients":38,"events":{"active":152,"filtered":1,"published":25740,"total":25740},"queue":{"acked":26897}}},"registrar":{"states":{"current":20,"update":26898},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.47,"15":1.78,"5":1.71,"norm":{"1":0.0368,"15":0.0445,"5":0.0427}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:58:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:58:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":161050624}}}},"cpu":{"system":{"ticks":851270,"time":{"ms":780}},"total":{"ticks":12516260,"time":{"ms":11130},"value":12516260},"user":{"ticks":11664990,"time":{"ms":10350}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60840115},"version":"8.9.1"},"memstats":{"gc_next":133178000,"memory_alloc":122158744,"memory_total":743833065688,"rss":220438528},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1339,"added":25607,"done":24521},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25420,"active":50,"batches":513,"total":25470},"read":{"bytes":5674805},"write":{"bytes":47001878}},"pipeline":{"clients":38,"events":{"active":339,"published":25607,"total":25607},"queue":{"acked":25420}}},"registrar":{"states":{"current":20,"update":25420},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.47,"15":1.77,"5":1.69,"norm":{"1":0.0368,"15":0.0443,"5":0.0422}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:59:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:59:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":157523968}}}},"cpu":{"system":{"ticks":852190,"time":{"ms":920}},"total":{"ticks":12529450,"time":{"ms":13190},"value":12529450},"user":{"ticks":11677260,"time":{"ms":12270}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60870119},"version":"8.9.1"},"memstats":{"gc_next":113642496,"memory_alloc":66382104,"memory_total":744598400088,"rss":217616384},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1193,"added":28998,"done":29144},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28794,"active":50,"batches":578,"total":28794},"read":{"bytes":6427718},"write":{"bytes":54003725}},"pipeline":{"clients":38,"events":{"active":543,"published":28998,"total":28998},"queue":{"acked":28794}}},"registrar":{"states":{"current":20,"update":28794},"writes":{"success":28,"total":28}},"system":{"load":{"1":1.64,"15":1.78,"5":1.71,"norm":{"1":0.041,"15":0.0445,"5":0.0427}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 13:59:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T13:59:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":138555392}}}},"cpu":{"system":{"ticks":853080,"time":{"ms":890}},"total":{"ticks":12543350,"time":{"ms":13900},"value":12543350},"user":{"ticks":11690270,"time":{"ms":13010}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60900114},"version":"8.9.1"},"memstats":{"gc_next":101583488,"memory_alloc":68803560,"memory_total":745438129008,"rss":198799360},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1295,"added":31899,"done":31797},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":31647,"active":50,"batches":635,"total":31647},"read":{"bytes":7064546},"write":{"bytes":59007737}},"pipeline":{"clients":38,"events":{"active":795,"published":31899,"total":31899},"queue":{"acked":31647}}},"registrar":{"states":{"current":20,"update":31647},"writes":{"success":28,"total":28}},"system":{"load":{"1":1.46,"15":1.76,"5":1.66,"norm":{"1":0.0365,"15":0.044,"5":0.0415}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:00:00 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:00.530Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"42901569-53ff-42f6-997d-dc0cef4a7c73","source_file":"/mnt/Bro/current/http.log","state_id":"native::5111876-64768","finished":false,"os_id":"5111876-64768","harvester_id":"36630efe-f3a4-4a54-8d75-5ba2a5b88724","ecs.version":"1.6.0"} | |
| Aug 30 14:00:00 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:00.963Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"67ccfd44-c773-41d1-92ea-0ec10b9b1bc9","source_file":"/mnt/Bro/current/ocsp.log","state_id":"native::5113070-64768","finished":false,"os_id":"5113070-64768","harvester_id":"b8d60c8f-cc4e-4973-ad21-78eac4523c0e","ecs.version":"1.6.0"} | |
| Aug 30 14:00:01 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:01.049Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"6c775ba2-78c8-4e30-b1f2-d92886673e52","source_file":"/mnt/Bro/current/sip.log","state_id":"native::5113071-64768","finished":false,"os_id":"5113071-64768","harvester_id":"144c99be-53ae-490b-8bb6-93c0d36320e2","ecs.version":"1.6.0"} | |
| Aug 30 14:00:01 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:01.332Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"090b444b-80ed-459d-8b4e-122c94108fc2","source_file":"/mnt/Bro/current/files.log","state_id":"native::5111853-64768","finished":false,"os_id":"5111853-64768","harvester_id":"22780842-0aa9-4311-af2b-57217bf26567","ecs.version":"1.6.0"} | |
| Aug 30 14:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:02.659Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/conn.log]","service.name":"filebeat","input_id":"2ad68786-9701-433a-bb17-c10d33a519a9","source_file":"/mnt/Bro/current/conn.log","state_id":"native::5113077-64768","finished":false,"os_id":"5113077-64768","harvester_id":"1f3b69b8-a13f-4eff-ac15-cfe861a6e14b","ecs.version":"1.6.0"} | |
| Aug 30 14:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:02.659Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/http.log]","service.name":"filebeat","input_id":"42901569-53ff-42f6-997d-dc0cef4a7c73","source_file":"/mnt/Bro/current/http.log","state_id":"native::5113071-64768","finished":false,"os_id":"5113071-64768","harvester_id":"07086aa0-0038-46dc-bf23-f19ed5fe2881","ecs.version":"1.6.0"} | |
| Aug 30 14:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:02.660Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/ssl.log]","service.name":"filebeat","input_id":"9e584b0f-3c78-43a2-add2-64f4691c040d","source_file":"/mnt/Bro/current/ssl.log","state_id":"native::5111876-64768","finished":false,"os_id":"5111876-64768","harvester_id":"c2d668d6-f625-423b-aaa0-59e014f6b008","ecs.version":"1.6.0"} | |
| Aug 30 14:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:02.660Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/weird.log]","service.name":"filebeat","input_id":"9508f3bf-854e-4df2-b3ff-34936807293a","source_file":"/mnt/Bro/current/weird.log","state_id":"native::5111875-64768","finished":false,"os_id":"5111875-64768","harvester_id":"b3467fa1-ebdd-49bd-af3c-450a1d98e17a","ecs.version":"1.6.0"} | |
| Aug 30 14:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:02.661Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/dns.log]","service.name":"filebeat","input_id":"0c5beed2-2e9d-4e5a-8694-e20f3c13f6b4","source_file":"/mnt/Bro/current/dns.log","state_id":"native::5113062-64768","finished":false,"os_id":"5113062-64768","harvester_id":"24b1215d-96b7-49ff-bb46-c391580d7e16","ecs.version":"1.6.0"} | |
| Aug 30 14:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:02.661Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/ocsp.log]","service.name":"filebeat","input_id":"67ccfd44-c773-41d1-92ea-0ec10b9b1bc9","source_file":"/mnt/Bro/current/ocsp.log","state_id":"native::5113070-64768","finished":false,"os_id":"5113070-64768","old_source":"/mnt/Bro/current/ocsp.log","old_finished":true,"old_os_id":"5113070-64768","harvester_id":"8d8d5014-4a42-4707-b07f-a2f9b9ce2414","ecs.version":"1.6.0"} | |
| Aug 30 14:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:02.662Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/files.log]","service.name":"filebeat","input_id":"090b444b-80ed-459d-8b4e-122c94108fc2","source_file":"/mnt/Bro/current/files.log","state_id":"native::5113058-64768","finished":false,"os_id":"5113058-64768","harvester_id":"2f7de35d-f38c-46db-8c02-04ec0263fe35","ecs.version":"1.6.0"} | |
| Aug 30 14:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:02.687Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"e923be40-f07c-4903-a0a5-6c301b4eeceb","source_file":"/mnt/Bro/current/dhcp.log","state_id":"native::5113075-64768","finished":false,"os_id":"5113075-64768","harvester_id":"d4731ce9-c9e6-40b8-a087-910eed1e4c94","ecs.version":"1.6.0"} | |
| Aug 30 14:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:02.689Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"3ce1dde2-7d3e-4390-9f96-da106cbd8778","source_file":"/mnt/Bro/current/ssh.log","state_id":"native::5112916-64768","finished":false,"os_id":"5112916-64768","harvester_id":"9fa69870-6495-4b47-941a-e478c0ba51a0","ecs.version":"1.6.0"} | |
| Aug 30 14:00:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:02.886Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"0ef7faed-78de-470f-bcb2-2c20d50f687c","source_file":"/mnt/Bro/current/snmp.log","state_id":"native::5113074-64768","finished":false,"os_id":"5113074-64768","harvester_id":"3c629454-a3fc-4b9d-823b-80b7afc76dbf","ecs.version":"1.6.0"} | |
| Aug 30 14:00:03 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:03.111Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"9508f3bf-854e-4df2-b3ff-34936807293a","source_file":"/mnt/Bro/current/weird.log","state_id":"native::5111878-64768","finished":false,"os_id":"5111878-64768","harvester_id":"28372dea-2d52-4bb6-bfd5-23b36d6332d7","ecs.version":"1.6.0"} | |
| Aug 30 14:00:03 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:03.166Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"c3769a41-2de0-4562-9683-bab20b25806b","source_file":"/mnt/Bro/current/radius.log","state_id":"native::5113061-64768","finished":false,"os_id":"5113061-64768","harvester_id":"adbf0de7-a32d-445a-80b2-52b0ac296093","ecs.version":"1.6.0"} | |
| Aug 30 14:00:03 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:03.179Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"9e584b0f-3c78-43a2-add2-64f4691c040d","source_file":"/mnt/Bro/current/ssl.log","state_id":"native::5113060-64768","finished":false,"os_id":"5113060-64768","harvester_id":"ebb5a1aa-1a7f-4478-a815-ace24a9bb7e9","ecs.version":"1.6.0"} | |
| Aug 30 14:00:04 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:04.625Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"fb9e81d3-d26f-43ea-869f-eb42b9a26442","source_file":"/mnt/Bro/current/notice.log","state_id":"native::5113066-64768","finished":false,"os_id":"5113066-64768","old_source":"/mnt/Bro/current/notice.log","old_finished":true,"old_os_id":"5113066-64768","harvester_id":"972bd109-1701-455b-b066-e72a9213df5a","ecs.version":"1.6.0"} | |
| Aug 30 14:00:04 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:04.701Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"192c149c-82ee-41b7-b6fb-0aa28f588304","source_file":"/mnt/Bro/current/stats.log","state_id":"native::5111854-64768","finished":false,"os_id":"5111854-64768","harvester_id":"76406cc0-2131-4d01-ad83-cc942b0eae00","ecs.version":"1.6.0"} | |
| Aug 30 14:00:04 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:04.848Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"cd2edafe-a4f3-4374-8bc3-2f8c48f38146","source_file":"/mnt/Bro/current/dpd.log","state_id":"native::5113067-64768","finished":false,"os_id":"5113067-64768","harvester_id":"0c52e297-ded9-4f23-808d-3056a5283f0c","ecs.version":"1.6.0"} | |
| Aug 30 14:00:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":192012288}}}},"cpu":{"system":{"ticks":854050,"time":{"ms":970}},"total":{"ticks":12557190,"time":{"ms":13840},"value":12557190},"user":{"ticks":11703140,"time":{"ms":12870}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":23},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60930115},"version":"8.9.1"},"memstats":{"gc_next":163010720,"memory_alloc":109983216,"memory_total":746288408736,"rss":251244544},"runtime":{"goroutines":271}},"filebeat":{"events":{"active":2498,"added":32323,"done":31120},"harvester":{"closed":13,"open_files":11,"running":11,"started":7},"input":{"log":{"files":{"truncated":1}}}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":31447,"active":50,"batches":630,"total":31447},"read":{"bytes":7019738},"write":{"bytes":58809062}},"pipeline":{"clients":38,"events":{"active":1645,"filtered":26,"published":32297,"total":32323},"queue":{"acked":31447}}},"registrar":{"states":{"cleanup":3,"current":20,"update":31473},"writes":{"success":28,"total":28}},"system":{"load":{"1":2.26,"15":1.8,"5":1.81,"norm":{"1":0.0565,"15":0.045,"5":0.0453}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:00:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:06.725Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"d41534e2-6fab-41c6-94f3-27768f2a2d63","source_file":"/mnt/Bro/current/x509.log","state_id":"native::5113068-64768","finished":false,"os_id":"5113068-64768","harvester_id":"3f3c0d69-5c64-43ee-bad5-3fadac8c6cdc","ecs.version":"1.6.0"} | |
| Aug 30 14:00:07 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:07.915Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"0c5beed2-2e9d-4e5a-8694-e20f3c13f6b4","source_file":"/mnt/Bro/current/dns.log","state_id":"native::5113080-64768","finished":false,"os_id":"5113080-64768","harvester_id":"b5cb351a-4068-448b-a5eb-ce7229a20eba","ecs.version":"1.6.0"} | |
| Aug 30 14:00:08 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:08.663Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"6c7f5046-2a26-4362-a64b-f202e738d8b2","source_file":"/mnt/Bro/current/tunnel.log","state_id":"native::5113072-64768","finished":false,"os_id":"5113072-64768","harvester_id":"b5e0de28-e39e-40f9-ae80-3cc9163ecc77","ecs.version":"1.6.0"} | |
| Aug 30 14:00:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:12.660Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/radius.log]","service.name":"filebeat","input_id":"c3769a41-2de0-4562-9683-bab20b25806b","source_file":"/mnt/Bro/current/radius.log","state_id":"native::5113066-64768","finished":false,"os_id":"5113066-64768","harvester_id":"4664b9fb-7fd0-43e0-a6c9-12165ed7d17f","ecs.version":"1.6.0"} | |
| Aug 30 14:00:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:12.660Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/x509.log]","service.name":"filebeat","input_id":"d41534e2-6fab-41c6-94f3-27768f2a2d63","source_file":"/mnt/Bro/current/x509.log","state_id":"native::5111854-64768","finished":false,"os_id":"5111854-64768","harvester_id":"a1da98bc-7444-4d83-ad46-6b9dcde2ad4c","ecs.version":"1.6.0"} | |
| Aug 30 14:00:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:12.660Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/notice.log]","service.name":"filebeat","input_id":"fb9e81d3-d26f-43ea-869f-eb42b9a26442","source_file":"/mnt/Bro/current/notice.log","state_id":"native::5113067-64768","finished":false,"os_id":"5113067-64768","harvester_id":"7ce8ecf7-f86d-4a76-b172-a08974b825f4","ecs.version":"1.6.0"} | |
| Aug 30 14:00:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:12.661Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/sip.log]","service.name":"filebeat","input_id":"6c775ba2-78c8-4e30-b1f2-d92886673e52","source_file":"/mnt/Bro/current/sip.log","state_id":"native::5113064-64768","finished":false,"os_id":"5113064-64768","harvester_id":"07e1c038-3195-4bdd-9937-49332c172e1f","ecs.version":"1.6.0"} | |
| Aug 30 14:00:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:12.661Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/ssh.log]","service.name":"filebeat","input_id":"3ce1dde2-7d3e-4390-9f96-da106cbd8778","source_file":"/mnt/Bro/current/ssh.log","state_id":"native::5113061-64768","finished":false,"os_id":"5113061-64768","harvester_id":"31b959de-3645-40a1-bb2d-87be06819890","ecs.version":"1.6.0"} | |
| Aug 30 14:00:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:12.663Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/stats.log]","service.name":"filebeat","input_id":"192c149c-82ee-41b7-b6fb-0aa28f588304","source_file":"/mnt/Bro/current/stats.log","state_id":"native::5112916-64768","finished":false,"os_id":"5112916-64768","harvester_id":"006535aa-b138-41ff-b21f-7fd856fc8c74","ecs.version":"1.6.0"} | |
| Aug 30 14:00:15 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:15.976Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":334},"message":"File was removed. Closing because close_removed is enabled.","service.name":"filebeat","input_id":"2ad68786-9701-433a-bb17-c10d33a519a9","source_file":"/mnt/Bro/current/conn.log","state_id":"native::5113069-64768","finished":false,"os_id":"5113069-64768","harvester_id":"a323a84b-a7d3-469b-84ef-9134505d543e","ecs.version":"1.6.0"} | |
| Aug 30 14:00:22 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:22.661Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/dpd.log]","service.name":"filebeat","input_id":"cd2edafe-a4f3-4374-8bc3-2f8c48f38146","source_file":"/mnt/Bro/current/dpd.log","state_id":"native::5113068-64768","finished":false,"os_id":"5113068-64768","harvester_id":"cdc4f930-cf41-423d-a15c-1cff40ea5e1a","ecs.version":"1.6.0"} | |
| Aug 30 14:00:22 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:22.663Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/tunnel.log]","service.name":"filebeat","input_id":"6c7f5046-2a26-4362-a64b-f202e738d8b2","source_file":"/mnt/Bro/current/tunnel.log","state_id":"native::5113069-64768","finished":false,"os_id":"5113069-64768","harvester_id":"ac160387-db08-44e1-885b-28744fd93209","ecs.version":"1.6.0"} | |
| Aug 30 14:00:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":169447424}}}},"cpu":{"system":{"ticks":855300,"time":{"ms":1250}},"total":{"ticks":12572000,"time":{"ms":14810},"value":12572000},"user":{"ticks":11716700,"time":{"ms":13560}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":27},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60960115},"version":"8.9.1"},"memstats":{"gc_next":124279040,"memory_alloc":67571776,"memory_total":747182506696,"rss":229584896},"runtime":{"goroutines":291}},"filebeat":{"events":{"active":2192,"added":33926,"done":34232},"harvester":{"closed":4,"open_files":15,"running":15,"started":8}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":34504,"active":50,"batches":691,"total":34504},"read":{"bytes":7702102},"write":{"bytes":64505715}},"pipeline":{"clients":38,"events":{"active":1042,"filtered":25,"published":33901,"total":33926},"queue":{"acked":34504}}},"registrar":{"states":{"cleanup":10,"current":15,"update":34529},"writes":{"success":29,"total":29}},"system":{"load":{"1":2.31,"15":1.82,"5":1.88,"norm":{"1":0.0578,"15":0.0455,"5":0.047}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:00:52 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:00:52.662Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/dhcp.log]","service.name":"filebeat","input_id":"e923be40-f07c-4903-a0a5-6c301b4eeceb","source_file":"/mnt/Bro/current/dhcp.log","state_id":"native::5113072-64768","finished":false,"os_id":"5113072-64768","harvester_id":"a7dff2ac-7177-4677-a6ae-00b563ce43ea","ecs.version":"1.6.0"} | |
| Aug 30 14:01:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:01:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":193941504}}}},"cpu":{"system":{"ticks":856320,"time":{"ms":1020}},"total":{"ticks":12586150,"time":{"ms":14150},"value":12586150},"user":{"ticks":11729830,"time":{"ms":13130}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":28},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":60990114},"version":"8.9.1"},"memstats":{"gc_next":187916760,"memory_alloc":155434320,"memory_total":748055711512,"rss":252977152},"runtime":{"goroutines":296}},"filebeat":{"events":{"active":2326,"added":33054,"done":32920},"harvester":{"open_files":16,"running":16,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":32567,"active":50,"batches":652,"total":32567},"read":{"bytes":7269697},"write":{"bytes":61013203}},"pipeline":{"clients":38,"events":{"active":1528,"filtered":1,"published":33053,"total":33054},"queue":{"acked":32567}}},"registrar":{"states":{"current":16,"update":32568},"writes":{"success":28,"total":28}},"system":{"load":{"1":2.19,"15":1.83,"5":1.89,"norm":{"1":0.0548,"15":0.0458,"5":0.0473}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:01:32 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:01:32.664Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/snmp.log]","service.name":"filebeat","input_id":"0ef7faed-78de-470f-bcb2-2c20d50f687c","source_file":"/mnt/Bro/current/snmp.log","state_id":"native::5113074-64768","finished":false,"os_id":"5113074-64768","harvester_id":"d4f3c50e-ca7c-4915-b851-83390d58ca71","ecs.version":"1.6.0"} | |
| Aug 30 14:01:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:01:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":173297664}}}},"cpu":{"system":{"ticks":857180,"time":{"ms":860}},"total":{"ticks":12599600,"time":{"ms":13450},"value":12599600},"user":{"ticks":11742420,"time":{"ms":12590}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61020115},"version":"8.9.1"},"memstats":{"gc_next":131726832,"memory_alloc":71082096,"memory_total":748850828536,"rss":232783872},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":757,"added":30293,"done":31862},"harvester":{"open_files":17,"running":17,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":31213,"active":50,"batches":626,"total":31213},"read":{"bytes":6967634},"write":{"bytes":57710271}},"pipeline":{"clients":38,"events":{"active":607,"filtered":1,"published":30292,"total":30293},"queue":{"acked":31213}}},"registrar":{"states":{"current":17,"update":31214},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.85,"15":1.81,"5":1.84,"norm":{"1":0.0463,"15":0.0453,"5":0.046}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:02:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:02:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":166379520}}}},"cpu":{"system":{"ticks":858050,"time":{"ms":870}},"total":{"ticks":12611940,"time":{"ms":12340},"value":12611940},"user":{"ticks":11753890,"time":{"ms":11470}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61050118},"version":"8.9.1"},"memstats":{"gc_next":116450568,"memory_alloc":89715384,"memory_total":749594477840,"rss":225501184},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":857,"added":28263,"done":28163},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28013,"active":50,"batches":563,"total":28013},"read":{"bytes":6253488},"write":{"bytes":52127955}},"pipeline":{"clients":38,"events":{"active":833,"published":28238,"total":28239},"queue":{"acked":28013}}},"registrar":{"states":{"current":17,"update":28063},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.58,"15":1.79,"5":1.77,"norm":{"1":0.0395,"15":0.0448,"5":0.0443}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:02:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:02:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":167751680}}}},"cpu":{"system":{"ticks":858940,"time":{"ms":890}},"total":{"ticks":12624450,"time":{"ms":12510},"value":12624450},"user":{"ticks":11765510,"time":{"ms":11620}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61080113},"version":"8.9.1"},"memstats":{"gc_next":128234264,"memory_alloc":120491672,"memory_total":750337496496,"rss":227155968},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":398,"added":28220,"done":28679},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29029,"active":48,"batches":582,"total":29027},"read":{"bytes":6480059},"write":{"bytes":54137915}},"pipeline":{"clients":38,"events":{"active":48,"published":28245,"total":28244},"queue":{"acked":29029}}},"registrar":{"states":{"current":17,"update":29027},"writes":{"success":28,"total":28}},"system":{"load":{"1":1.93,"15":1.81,"5":1.84,"norm":{"1":0.0483,"15":0.0453,"5":0.046}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:03:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:03:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":155426816}}}},"cpu":{"system":{"ticks":859700,"time":{"ms":760}},"total":{"ticks":12635380,"time":{"ms":10930},"value":12635380},"user":{"ticks":11775680,"time":{"ms":10170}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61110113},"version":"8.9.1"},"memstats":{"gc_next":131658080,"memory_alloc":115175648,"memory_total":751001184264,"rss":214343680},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1794,"added":25365,"done":23969},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":24819,"active":50,"batches":499,"total":24821},"read":{"bytes":5540487},"write":{"bytes":46143525}},"pipeline":{"clients":38,"events":{"active":594,"published":25365,"total":25365},"queue":{"acked":24819}}},"registrar":{"states":{"current":17,"update":24771},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.86,"15":1.81,"5":1.84,"norm":{"1":0.0465,"15":0.0453,"5":0.046}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:03:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:03:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":166117376}}}},"cpu":{"system":{"ticks":860520,"time":{"ms":820}},"total":{"ticks":12647310,"time":{"ms":11930},"value":12647310},"user":{"ticks":11786790,"time":{"ms":11110}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61140114},"version":"8.9.1"},"memstats":{"gc_next":119911336,"memory_alloc":75937728,"memory_total":751720346832,"rss":223678464},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":1445,"added":27271,"done":27620},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26789,"active":0,"batches":537,"total":26739},"read":{"bytes":5980170},"write":{"bytes":49866487}},"pipeline":{"clients":38,"events":{"active":1076,"published":27271,"total":27271},"queue":{"acked":26789}}},"registrar":{"states":{"current":17,"update":26789},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.65,"15":1.8,"5":1.79,"norm":{"1":0.0412,"15":0.045,"5":0.0448}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:04:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:04:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":164626432}}}},"cpu":{"system":{"ticks":861360,"time":{"ms":840}},"total":{"ticks":12659480,"time":{"ms":12170},"value":12659480},"user":{"ticks":11798120,"time":{"ms":11330}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61170115},"version":"8.9.1"},"memstats":{"gc_next":133572528,"memory_alloc":123222272,"memory_total":752445267616,"rss":226185216},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":497,"added":27247,"done":28195},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27856,"active":0,"batches":561,"total":27856},"read":{"bytes":6218611},"write":{"bytes":52535721}},"pipeline":{"clients":38,"events":{"active":467,"published":27247,"total":27247},"queue":{"acked":27856}}},"registrar":{"states":{"current":17,"update":27856},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.47,"15":1.78,"5":1.73,"norm":{"1":0.0368,"15":0.0445,"5":0.0432}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:04:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:04:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":178331648}}}},"cpu":{"system":{"ticks":862130,"time":{"ms":770}},"total":{"ticks":12672640,"time":{"ms":13160},"value":12672640},"user":{"ticks":11810510,"time":{"ms":12390}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61200118},"version":"8.9.1"},"memstats":{"gc_next":149005592,"memory_alloc":137939680,"memory_total":753236501776,"rss":236617728},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1530,"added":30276,"done":29243},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29713,"active":50,"batches":597,"total":29763},"read":{"bytes":6632784},"write":{"bytes":55105380}},"pipeline":{"clients":38,"events":{"active":1030,"published":30276,"total":30276},"queue":{"acked":29713}}},"registrar":{"states":{"current":17,"update":29713},"writes":{"success":28,"total":28}},"system":{"load":{"1":1.23,"15":1.75,"5":1.64,"norm":{"1":0.0308,"15":0.0438,"5":0.041}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:05:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:05:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":162897920}}}},"cpu":{"system":{"ticks":863120,"time":{"ms":990}},"total":{"ticks":12686470,"time":{"ms":13830},"value":12686470},"user":{"ticks":11823350,"time":{"ms":12840}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61230113},"version":"8.9.1"},"memstats":{"gc_next":139197568,"memory_alloc":122686944,"memory_total":754106806232,"rss":222396416},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1836,"added":32804,"done":32498},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":32698,"active":50,"batches":655,"total":32698},"read":{"bytes":7298968},"write":{"bytes":61395764}},"pipeline":{"clients":38,"events":{"active":1136,"published":32804,"total":32804},"queue":{"acked":32698}}},"registrar":{"states":{"current":17,"update":32698},"writes":{"success":28,"total":28}},"system":{"load":{"1":1.43,"15":1.74,"5":1.65,"norm":{"1":0.0357,"15":0.0435,"5":0.0412}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:05:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:05:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":157814784}}}},"cpu":{"system":{"ticks":863980,"time":{"ms":860}},"total":{"ticks":12699140,"time":{"ms":12670},"value":12699140},"user":{"ticks":11835160,"time":{"ms":11810}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61260119},"version":"8.9.1"},"memstats":{"gc_next":125422808,"memory_alloc":97418528,"memory_total":754887820904,"rss":216010752},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1849,"added":29608,"done":29595},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29845,"active":50,"batches":599,"total":29845},"read":{"bytes":6662308},"write":{"bytes":55882615}},"pipeline":{"clients":38,"events":{"active":899,"published":29608,"total":29608},"queue":{"acked":29845}}},"registrar":{"states":{"current":17,"update":29845},"writes":{"success":27,"total":27}},"system":{"load":{"1":2.38,"15":1.82,"5":1.87,"norm":{"1":0.0595,"15":0.0455,"5":0.0468}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:06:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:06:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":142229504}}}},"cpu":{"system":{"ticks":864740,"time":{"ms":760}},"total":{"ticks":12710940,"time":{"ms":11800},"value":12710940},"user":{"ticks":11846200,"time":{"ms":11040}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61290115},"version":"8.9.1"},"memstats":{"gc_next":96642328,"memory_alloc":71290480,"memory_total":755596119520,"rss":200822784},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":1183,"added":26826,"done":27492},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27035,"active":0,"batches":543,"total":26985},"read":{"bytes":6035255},"write":{"bytes":50437556}},"pipeline":{"clients":38,"events":{"active":690,"published":26826,"total":26826},"queue":{"acked":27035}}},"registrar":{"states":{"current":17,"update":27035},"writes":{"success":25,"total":25}},"system":{"load":{"1":2.01,"15":1.81,"5":1.83,"norm":{"1":0.0502,"15":0.0453,"5":0.0458}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:06:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:06:12.686Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/capture_loss.log]","service.name":"filebeat","input_id":"5f023bf7-2895-4402-8800-0ea487a7915b","source_file":"/mnt/Bro/current/capture_loss.log","state_id":"native::5113078-64768","finished":false,"os_id":"5113078-64768","harvester_id":"590e89d8-5129-4fde-8f9a-4460407d2d49","ecs.version":"1.6.0"} | |
| Aug 30 14:06:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:06:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":146845696}}}},"cpu":{"system":{"ticks":865470,"time":{"ms":730}},"total":{"ticks":12722410,"time":{"ms":11470},"value":12722410},"user":{"ticks":11856940,"time":{"ms":10740}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61320115},"version":"8.9.1"},"memstats":{"gc_next":94580240,"memory_alloc":84211296,"memory_total":756287388576,"rss":205701120},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":1261,"added":26240,"done":26162},"harvester":{"open_files":18,"running":18,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26631,"active":0,"batches":536,"total":26631},"read":{"bytes":5945087},"write":{"bytes":49377218}},"pipeline":{"clients":38,"events":{"active":298,"filtered":1,"published":26239,"total":26240},"queue":{"acked":26631}}},"registrar":{"states":{"current":18,"update":26632},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.64,"15":1.78,"5":1.75,"norm":{"1":0.041,"15":0.0445,"5":0.0438}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:06:42 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:06:42.689Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/kerberos.log]","service.name":"filebeat","input_id":"d231eb41-d945-4da6-bd53-028f690c281c","source_file":"/mnt/Bro/current/kerberos.log","state_id":"native::5113079-64768","finished":false,"os_id":"5113079-64768","harvester_id":"a9b1b885-f734-452e-94af-29c8a175cb0b","ecs.version":"1.6.0"} | |
| Aug 30 14:07:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:07:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":160878592}}}},"cpu":{"system":{"ticks":866270,"time":{"ms":800}},"total":{"ticks":12734610,"time":{"ms":12200},"value":12734610},"user":{"ticks":11868340,"time":{"ms":11400}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61350113},"version":"8.9.1"},"memstats":{"gc_next":115246672,"memory_alloc":77330144,"memory_total":757007533184,"rss":220229632},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":1157,"added":27340,"done":27444},"harvester":{"open_files":19,"running":19,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":26680,"active":50,"batches":537,"total":26730},"read":{"bytes":5955880},"write":{"bytes":50009151}},"pipeline":{"clients":38,"events":{"active":957,"filtered":1,"published":27339,"total":27340},"queue":{"acked":26680}}},"registrar":{"states":{"current":19,"update":26681},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.5,"15":1.77,"5":1.71,"norm":{"1":0.0375,"15":0.0443,"5":0.0427}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:07:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:07:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":158629888}}}},"cpu":{"system":{"ticks":866990,"time":{"ms":720}},"total":{"ticks":12746520,"time":{"ms":11910},"value":12746520},"user":{"ticks":11879530,"time":{"ms":11190}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61380115},"version":"8.9.1"},"memstats":{"gc_next":126821248,"memory_alloc":118178168,"memory_total":757744041664,"rss":217194496},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":934,"added":27935,"done":28158},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28158,"active":50,"batches":566,"total":28158},"read":{"bytes":6285845},"write":{"bytes":52557647}},"pipeline":{"clients":38,"events":{"active":733,"published":27934,"total":27934},"queue":{"acked":28158}}},"registrar":{"states":{"current":19,"update":28158},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.64,"15":1.77,"5":1.72,"norm":{"1":0.041,"15":0.0443,"5":0.043}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:08:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:08:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":181325824}}}},"cpu":{"system":{"ticks":867880,"time":{"ms":890}},"total":{"ticks":12760130,"time":{"ms":13610},"value":12760130},"user":{"ticks":11892250,"time":{"ms":12720}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61410115},"version":"8.9.1"},"memstats":{"gc_next":140343384,"memory_alloc":122315760,"memory_total":758555682416,"rss":239202304},"runtime":{"goroutines":310}},"filebeat":{"events":{"active":597,"added":30672,"done":31009},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":31109,"active":50,"batches":624,"total":31109},"read":{"bytes":6948516},"write":{"bytes":58354194}},"pipeline":{"clients":38,"events":{"active":272,"published":30647,"total":30648},"queue":{"acked":31109}}},"registrar":{"states":{"current":19,"update":31159},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.41,"15":1.74,"5":1.66,"norm":{"1":0.0352,"15":0.0435,"5":0.0415}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:08:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:08:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":160202752}}}},"cpu":{"system":{"ticks":868860,"time":{"ms":980}},"total":{"ticks":12774440,"time":{"ms":14310},"value":12774440},"user":{"ticks":11905580,"time":{"ms":13330}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61440115},"version":"8.9.1"},"memstats":{"gc_next":131973952,"memory_alloc":117212296,"memory_total":759409188232,"rss":217878528},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":1386,"added":32390,"done":31601},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":32001,"active":50,"batches":642,"total":32001},"read":{"bytes":7139452},"write":{"bytes":59734640}},"pipeline":{"clients":38,"events":{"active":686,"published":32416,"total":32415},"queue":{"acked":32001}}},"registrar":{"states":{"current":19,"update":31951},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.44,"15":1.74,"5":1.64,"norm":{"1":0.036,"15":0.0435,"5":0.041}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:09:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:09:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":158679040}}}},"cpu":{"system":{"ticks":869950,"time":{"ms":1090}},"total":{"ticks":12789620,"time":{"ms":15180},"value":12789620},"user":{"ticks":11919670,"time":{"ms":14090}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61470118},"version":"8.9.1"},"memstats":{"gc_next":124982152,"memory_alloc":63839776,"memory_total":760322141440,"rss":214999040},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":2135,"added":34532,"done":33783},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":34133,"active":50,"batches":684,"total":34133},"read":{"bytes":7619364},"write":{"bytes":63886848}},"pipeline":{"clients":38,"events":{"active":1085,"published":34532,"total":34532},"queue":{"acked":34133}}},"registrar":{"states":{"current":19,"update":34133},"writes":{"success":28,"total":28}},"system":{"load":{"1":1.55,"15":1.73,"5":1.64,"norm":{"1":0.0388,"15":0.0432,"5":0.041}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:09:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:09:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":168062976}}}},"cpu":{"system":{"ticks":870780,"time":{"ms":830}},"total":{"ticks":12802410,"time":{"ms":12790},"value":12802410},"user":{"ticks":11931630,"time":{"ms":11960}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61500116},"version":"8.9.1"},"memstats":{"gc_next":136570896,"memory_alloc":106004488,"memory_total":761099651976,"rss":225730560},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":1065,"added":29444,"done":30514},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29664,"active":50,"batches":595,"total":29664},"read":{"bytes":6621848},"write":{"bytes":55658672}},"pipeline":{"clients":38,"events":{"active":865,"published":29444,"total":29444},"queue":{"acked":29664}}},"registrar":{"states":{"current":19,"update":29664},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.29,"15":1.71,"5":1.58,"norm":{"1":0.0323,"15":0.0427,"5":0.0395}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:10:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:10:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":158310400}}}},"cpu":{"system":{"ticks":871620,"time":{"ms":840}},"total":{"ticks":12813640,"time":{"ms":11230},"value":12813640},"user":{"ticks":11942020,"time":{"ms":10390}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61530113},"version":"8.9.1"},"memstats":{"gc_next":112159216,"memory_alloc":57159456,"memory_total":761775838272,"rss":214511616},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":1106,"added":25553,"done":25512},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25912,"active":50,"batches":522,"total":25912},"read":{"bytes":5784643},"write":{"bytes":48439908}},"pipeline":{"clients":38,"events":{"active":506,"published":25553,"total":25553},"queue":{"acked":25912}}},"registrar":{"states":{"current":19,"update":25912},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.38,"15":1.7,"5":1.57,"norm":{"1":0.0345,"15":0.0425,"5":0.0393}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:10:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:10:12.699Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/pe.log]","service.name":"filebeat","input_id":"9ae4765b-23f2-4be3-a4d9-3390f892eaba","source_file":"/mnt/Bro/current/pe.log","state_id":"native::5113075-64768","finished":false,"os_id":"5113075-64768","harvester_id":"6092be40-24c7-4b36-a4bd-fe3c742de38f","ecs.version":"1.6.0"} | |
| Aug 30 14:10:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:10:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":154435584}}}},"cpu":{"system":{"ticks":872390,"time":{"ms":770}},"total":{"ticks":12826680,"time":{"ms":13040},"value":12826680},"user":{"ticks":11954290,"time":{"ms":12270}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":32},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61560114},"version":"8.9.1"},"memstats":{"gc_next":130901368,"memory_alloc":89609408,"memory_total":762569597600,"rss":211111936},"runtime":{"goroutines":316}},"filebeat":{"events":{"active":1036,"added":30134,"done":30204},"harvester":{"open_files":20,"running":20,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29853,"active":50,"batches":600,"total":29853},"read":{"bytes":6664232},"write":{"bytes":55649372}},"pipeline":{"clients":38,"events":{"active":786,"filtered":1,"published":30133,"total":30134},"queue":{"acked":29853}}},"registrar":{"states":{"current":20,"update":29854},"writes":{"success":28,"total":28}},"system":{"load":{"1":1.95,"15":1.75,"5":1.72,"norm":{"1":0.0488,"15":0.0438,"5":0.043}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:11:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:11:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":174829568}}}},"cpu":{"system":{"ticks":873200,"time":{"ms":810}},"total":{"ticks":12839490,"time":{"ms":12810},"value":12839490},"user":{"ticks":11966290,"time":{"ms":12000}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":32},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61590115},"version":"8.9.1"},"memstats":{"gc_next":154020672,"memory_alloc":127365536,"memory_total":763342874864,"rss":230522880},"runtime":{"goroutines":316}},"filebeat":{"events":{"active":1936,"added":29176,"done":28276},"harvester":{"open_files":20,"running":20}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28726,"active":50,"batches":579,"total":28726},"read":{"bytes":6412910},"write":{"bytes":54085177}},"pipeline":{"clients":38,"events":{"active":1236,"published":29176,"total":29176},"queue":{"acked":28726}}},"registrar":{"states":{"current":20,"update":28726},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.92,"15":1.75,"5":1.73,"norm":{"1":0.048,"15":0.0438,"5":0.0432}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:11:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:11:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":158539776}}}},"cpu":{"system":{"ticks":874400,"time":{"ms":1200}},"total":{"ticks":12854910,"time":{"ms":15420},"value":12854910},"user":{"ticks":11980510,"time":{"ms":14220}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":32},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61620115},"version":"8.9.1"},"memstats":{"gc_next":111204144,"memory_alloc":84912624,"memory_total":764274840224,"rss":215113728},"runtime":{"goroutines":316}},"filebeat":{"events":{"active":1820,"added":35014,"done":35130},"harvester":{"open_files":20,"running":20}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":35030,"active":50,"batches":701,"total":35030},"read":{"bytes":7819441},"write":{"bytes":66193174}},"pipeline":{"clients":38,"events":{"active":1220,"published":35014,"total":35014},"queue":{"acked":35030}}},"registrar":{"states":{"current":20,"update":35030},"writes":{"success":29,"total":29}},"system":{"load":{"1":1.58,"15":1.73,"5":1.66,"norm":{"1":0.0395,"15":0.0432,"5":0.0415}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:11:47 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:11:47.705Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"d231eb41-d945-4da6-bd53-028f690c281c","source_file":"/mnt/Bro/current/kerberos.log","state_id":"native::5113079-64768","finished":false,"os_id":"5113079-64768","harvester_id":"a9b1b885-f734-452e-94af-29c8a175cb0b","ecs.version":"1.6.0"} | |
| Aug 30 14:11:57 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:11:57.703Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"fb9e81d3-d26f-43ea-869f-eb42b9a26442","source_file":"/mnt/Bro/current/notice.log","state_id":"native::5113067-64768","finished":false,"os_id":"5113067-64768","harvester_id":"7ce8ecf7-f86d-4a76-b172-a08974b825f4","ecs.version":"1.6.0"} | |
| Aug 30 14:12:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:12:02.711Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"5f023bf7-2895-4402-8800-0ea487a7915b","source_file":"/mnt/Bro/current/capture_loss.log","state_id":"native::5113078-64768","finished":false,"os_id":"5113078-64768","harvester_id":"590e89d8-5129-4fde-8f9a-4460407d2d49","ecs.version":"1.6.0"} | |
| Aug 30 14:12:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:12:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":165691392}}}},"cpu":{"system":{"ticks":875200,"time":{"ms":800}},"total":{"ticks":12868160,"time":{"ms":13250},"value":12868160},"user":{"ticks":11992960,"time":{"ms":12450}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61650114},"version":"8.9.1"},"memstats":{"gc_next":121670664,"memory_alloc":74004400,"memory_total":765076445240,"rss":220602368},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":2362,"added":30350,"done":29808},"harvester":{"closed":3,"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29955,"active":50,"batches":601,"total":29955},"read":{"bytes":6686840},"write":{"bytes":56247964}},"pipeline":{"clients":38,"events":{"active":1612,"filtered":3,"published":30347,"total":30350},"queue":{"acked":29955}}},"registrar":{"states":{"current":20,"update":29958},"writes":{"success":28,"total":28}},"system":{"load":{"1":1.63,"15":1.72,"5":1.66,"norm":{"1":0.0407,"15":0.043,"5":0.0415}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:12:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:12:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":142188544}}}},"cpu":{"system":{"ticks":876270,"time":{"ms":1070}},"total":{"ticks":12883020,"time":{"ms":14860},"value":12883020},"user":{"ticks":12006750,"time":{"ms":13790}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61680115},"version":"8.9.1"},"memstats":{"gc_next":112669360,"memory_alloc":78340232,"memory_total":765960249464,"rss":198270976},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1589,"added":33195,"done":33968},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":33918,"active":50,"batches":679,"total":33918},"read":{"bytes":7571252},"write":{"bytes":63651094}},"pipeline":{"clients":38,"events":{"active":889,"published":33195,"total":33195},"queue":{"acked":33918}}},"registrar":{"states":{"current":20,"update":33918},"writes":{"success":28,"total":28}},"system":{"load":{"1":1.78,"15":1.73,"5":1.69,"norm":{"1":0.0445,"15":0.0432,"5":0.0422}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:13:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:13:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":170795008}}}},"cpu":{"system":{"ticks":877110,"time":{"ms":840}},"total":{"ticks":12895320,"time":{"ms":12300},"value":12895320},"user":{"ticks":12018210,"time":{"ms":11460}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61710113},"version":"8.9.1"},"memstats":{"gc_next":126713936,"memory_alloc":79037016,"memory_total":766684472272,"rss":226172928},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":1110,"added":27321,"done":27800},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27678,"active":0,"batches":555,"total":27628},"read":{"bytes":6178653},"write":{"bytes":52004357}},"pipeline":{"clients":38,"events":{"active":504,"published":27292,"total":27293},"queue":{"acked":27678}}},"registrar":{"states":{"current":20,"update":27678},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.65,"15":1.72,"5":1.67,"norm":{"1":0.0412,"15":0.043,"5":0.0417}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:13:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:13:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":155398144}}}},"cpu":{"system":{"ticks":877970,"time":{"ms":860}},"total":{"ticks":12908080,"time":{"ms":12760},"value":12908080},"user":{"ticks":12030110,"time":{"ms":11900}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61740115},"version":"8.9.1"},"memstats":{"gc_next":126473008,"memory_alloc":78158568,"memory_total":767441989552,"rss":214503424},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1024,"added":28721,"done":28807},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28679,"active":50,"batches":577,"total":28729},"read":{"bytes":6402088},"write":{"bytes":53661738}},"pipeline":{"clients":38,"events":{"active":574,"published":28750,"total":28749},"queue":{"acked":28679}}},"registrar":{"states":{"current":20,"update":28679},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.47,"15":1.71,"5":1.63,"norm":{"1":0.0368,"15":0.0427,"5":0.0407}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:14:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:14:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":157913088}}}},"cpu":{"system":{"ticks":878880,"time":{"ms":910}},"total":{"ticks":12919870,"time":{"ms":11790},"value":12919870},"user":{"ticks":12040990,"time":{"ms":10880}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61770115},"version":"8.9.1"},"memstats":{"gc_next":111486352,"memory_alloc":58670136,"memory_total":768144222768,"rss":212492288},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1931,"added":26520,"done":25613},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":25813,"active":50,"batches":520,"total":25813},"read":{"bytes":5762561},"write":{"bytes":48260490}},"pipeline":{"clients":38,"events":{"active":1281,"published":26520,"total":26520},"queue":{"acked":25813}}},"registrar":{"states":{"current":20,"update":25813},"writes":{"success":25,"total":25}},"system":{"load":{"1":1.55,"15":1.71,"5":1.63,"norm":{"1":0.0388,"15":0.0427,"5":0.0407}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:14:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:14:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":168185856}}}},"cpu":{"system":{"ticks":879720,"time":{"ms":840}},"total":{"ticks":12932170,"time":{"ms":12300},"value":12932170},"user":{"ticks":12052450,"time":{"ms":11460}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61800113},"version":"8.9.1"},"memstats":{"gc_next":102040304,"memory_alloc":61578000,"memory_total":768887719200,"rss":223477760},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1113,"added":28309,"done":29127},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29027,"active":50,"batches":583,"total":29027},"read":{"bytes":6479776},"write":{"bytes":53988576}},"pipeline":{"clients":38,"events":{"active":563,"published":28309,"total":28309},"queue":{"acked":29027}}},"registrar":{"states":{"current":20,"update":29027},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.66,"15":1.71,"5":1.65,"norm":{"1":0.0415,"15":0.0427,"5":0.0412}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:15:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:15:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":140988416}}}},"cpu":{"system":{"ticks":880620,"time":{"ms":900}},"total":{"ticks":12943990,"time":{"ms":11820},"value":12943990},"user":{"ticks":12063370,"time":{"ms":10920}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61830118},"version":"8.9.1"},"memstats":{"gc_next":93826216,"memory_alloc":51666016,"memory_total":769623553296,"rss":196640768},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":257,"added":27670,"done":28526},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28233,"active":0,"batches":568,"total":28183},"read":{"bytes":6302820},"write":{"bytes":53007305}},"pipeline":{"clients":38,"events":{"active":0,"published":27670,"total":27670},"queue":{"acked":28233}}},"registrar":{"states":{"current":20,"update":28233},"writes":{"success":27,"total":27}},"system":{"load":{"1":2.01,"15":1.73,"5":1.72,"norm":{"1":0.0502,"15":0.0432,"5":0.043}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:15:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:15:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":178229248}}}},"cpu":{"system":{"ticks":881550,"time":{"ms":930}},"total":{"ticks":12956300,"time":{"ms":12310},"value":12956300},"user":{"ticks":12074750,"time":{"ms":11380}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61860118},"version":"8.9.1"},"memstats":{"gc_next":108413384,"memory_alloc":104274136,"memory_total":770365205680,"rss":232808448},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1961,"added":28393,"done":26689},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27332,"active":50,"batches":551,"total":27382},"read":{"bytes":6101563},"write":{"bytes":50895215}},"pipeline":{"clients":38,"events":{"active":1046,"published":28377,"total":28378},"queue":{"acked":27332}}},"registrar":{"states":{"current":20,"update":27332},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.66,"15":1.71,"5":1.66,"norm":{"1":0.0415,"15":0.0427,"5":0.0415}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:16:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:16:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":163639296}}}},"cpu":{"system":{"ticks":882600,"time":{"ms":1050}},"total":{"ticks":12969980,"time":{"ms":13680},"value":12969980},"user":{"ticks":12087380,"time":{"ms":12630}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61890113},"version":"8.9.1"},"memstats":{"gc_next":131347544,"memory_alloc":101026296,"memory_total":771163382352,"rss":217907200},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":550,"added":29834,"done":31245},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":30614,"active":0,"batches":614,"total":30564},"read":{"bytes":6834078},"write":{"bytes":57631781}},"pipeline":{"clients":38,"events":{"active":281,"published":29850,"total":29849},"queue":{"acked":30614}}},"registrar":{"states":{"current":20,"update":30614},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.92,"15":1.74,"5":1.73,"norm":{"1":0.048,"15":0.0435,"5":0.0432}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:16:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:16:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":168443904}}}},"cpu":{"system":{"ticks":883490,"time":{"ms":890}},"total":{"ticks":12983170,"time":{"ms":13190},"value":12983170},"user":{"ticks":12099680,"time":{"ms":12300}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61920114},"version":"8.9.1"},"memstats":{"gc_next":140020592,"memory_alloc":90144296,"memory_total":771934062456,"rss":226512896},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":999,"added":29425,"done":28976},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":28707,"active":50,"batches":578,"total":28757},"read":{"bytes":6419569},"write":{"bytes":53426174}},"pipeline":{"clients":38,"events":{"active":999,"published":29425,"total":29425},"queue":{"acked":28707}}},"registrar":{"states":{"current":20,"update":28757},"writes":{"success":28,"total":28}},"system":{"load":{"1":1.76,"15":1.73,"5":1.71,"norm":{"1":0.044,"15":0.0432,"5":0.0427}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:17:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:17:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":188383232}}}},"cpu":{"system":{"ticks":884540,"time":{"ms":1050}},"total":{"ticks":12999290,"time":{"ms":16120},"value":12999290},"user":{"ticks":12114750,"time":{"ms":15070}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61950115},"version":"8.9.1"},"memstats":{"gc_next":135574712,"memory_alloc":103714416,"memory_sys":65536,"memory_total":772935994520,"rss":245358592},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":2540,"added":37969,"done":36428},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":36878,"active":50,"batches":738,"total":36878},"read":{"bytes":8220792},"write":{"bytes":69126622}},"pipeline":{"clients":38,"events":{"active":2090,"published":37969,"total":37969},"queue":{"acked":36878}}},"registrar":{"states":{"current":20,"update":36828},"writes":{"success":29,"total":29}},"system":{"load":{"1":1.71,"15":1.72,"5":1.7,"norm":{"1":0.0427,"15":0.043,"5":0.0425}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:17:32 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:17:32.726Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":342},"message":"File is inactive. Closing because close_inactive of 5m0s reached.","service.name":"filebeat","input_id":"9ae4765b-23f2-4be3-a4d9-3390f892eaba","source_file":"/mnt/Bro/current/pe.log","state_id":"native::5113075-64768","finished":false,"os_id":"5113075-64768","harvester_id":"6092be40-24c7-4b36-a4bd-fe3c742de38f","ecs.version":"1.6.0"} | |
| Aug 30 14:17:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:17:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":173559808}}}},"cpu":{"system":{"ticks":885570,"time":{"ms":1030}},"total":{"ticks":13012710,"time":{"ms":13420},"value":13012710},"user":{"ticks":12127140,"time":{"ms":12390}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":28},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":61980115},"version":"8.9.1"},"memstats":{"gc_next":119264992,"memory_alloc":89568744,"memory_total":773714619720,"rss":228765696},"runtime":{"goroutines":296}},"filebeat":{"events":{"active":1570,"added":29432,"done":30402},"harvester":{"closed":1,"open_files":16,"running":16}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":30751,"active":50,"batches":618,"total":30751},"read":{"bytes":6864696},"write":{"bytes":57444572}},"pipeline":{"clients":38,"events":{"active":770,"filtered":1,"published":29431,"total":29432},"queue":{"acked":30751}}},"registrar":{"states":{"current":20,"update":30752},"writes":{"success":27,"total":27}},"system":{"load":{"1":1.65,"15":1.72,"5":1.68,"norm":{"1":0.0412,"15":0.043,"5":0.042}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:18:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:18:02.742Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/notice.log]","service.name":"filebeat","input_id":"fb9e81d3-d26f-43ea-869f-eb42b9a26442","source_file":"/mnt/Bro/current/notice.log","state_id":"native::5113067-64768","finished":false,"os_id":"5113067-64768","old_source":"/mnt/Bro/current/notice.log","old_finished":true,"old_os_id":"5113067-64768","harvester_id":"8d2d9eae-c3d5-4996-b24c-47390423e7f7","ecs.version":"1.6.0"} | |
| Aug 30 14:18:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:18:06.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":159477760}}}},"cpu":{"system":{"ticks":886500,"time":{"ms":930}},"total":{"ticks":13028560,"time":{"ms":15850},"value":13028560},"user":{"ticks":12142060,"time":{"ms":14920}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":62010115},"version":"8.9.1"},"memstats":{"gc_next":120560272,"memory_alloc":82876432,"memory_total":774638770168,"rss":212598784},"runtime":{"goroutines":300}},"filebeat":{"events":{"active":1525,"added":34664,"done":34709},"harvester":{"open_files":17,"running":17,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":34858,"active":50,"batches":698,"total":34858},"read":{"bytes":7781118},"write":{"bytes":65747914}},"pipeline":{"clients":38,"events":{"active":575,"filtered":1,"published":34663,"total":34664},"queue":{"acked":34858}}},"registrar":{"states":{"current":20,"update":34859},"writes":{"success":29,"total":29}},"system":{"load":{"1":1.66,"15":1.72,"5":1.68,"norm":{"1":0.0415,"15":0.043,"5":0.042}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:18:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:18:36.487Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":167915520}}}},"cpu":{"system":{"ticks":887440,"time":{"ms":940}},"total":{"ticks":13040620,"time":{"ms":12060},"value":13040620},"user":{"ticks":12153180,"time":{"ms":11120}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":62040114},"version":"8.9.1"},"memstats":{"gc_next":133382952,"memory_alloc":100001600,"memory_total":775370856800,"rss":221884416},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":1655,"added":27791,"done":27661},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":27461,"active":50,"batches":553,"total":27461},"read":{"bytes":6130428},"write":{"bytes":51283630}},"pipeline":{"clients":38,"events":{"active":884,"published":27769,"total":27770},"queue":{"acked":27461}}},"registrar":{"states":{"current":20,"update":27461},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.54,"15":1.71,"5":1.65,"norm":{"1":0.0385,"15":0.0427,"5":0.0412}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:19:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:19:06.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":162811904}}}},"cpu":{"system":{"ticks":888390,"time":{"ms":950}},"total":{"ticks":13054020,"time":{"ms":13400},"value":13054020},"user":{"ticks":12165630,"time":{"ms":12450}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":29},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":62070113},"version":"8.9.1"},"memstats":{"gc_next":129325288,"memory_alloc":66115320,"memory_total":776181531016,"rss":215306240},"runtime":{"goroutines":301}},"filebeat":{"events":{"active":2933,"added":30808,"done":29530},"harvester":{"open_files":17,"running":17}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":29830,"active":50,"batches":599,"total":29830},"read":{"bytes":6659014},"write":{"bytes":55699791}},"pipeline":{"clients":38,"events":{"active":1883,"published":30830,"total":30829},"queue":{"acked":29830}}},"registrar":{"states":{"current":20,"update":29830},"writes":{"success":26,"total":26}},"system":{"load":{"1":1.54,"15":1.7,"5":1.64,"norm":{"1":0.0385,"15":0.0425,"5":0.041}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:19:22 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:19:22.746Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/pe.log]","service.name":"filebeat","input_id":"9ae4765b-23f2-4be3-a4d9-3390f892eaba","source_file":"/mnt/Bro/current/pe.log","state_id":"native::5113075-64768","finished":false,"os_id":"5113075-64768","old_source":"/mnt/Bro/current/pe.log","old_finished":true,"old_os_id":"5113075-64768","harvester_id":"9de4cafe-86b8-4897-968a-c439c0c7ad8b","ecs.version":"1.6.0"} | |
| Aug 30 14:19:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:19:36.488Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":158187520}}}},"cpu":{"system":{"ticks":889510,"time":{"ms":1120}},"total":{"ticks":13067610,"time":{"ms":13590},"value":13067610},"user":{"ticks":12178100,"time":{"ms":12470}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":30},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":62100119},"version":"8.9.1"},"memstats":{"gc_next":106425856,"memory_alloc":98952112,"memory_total":777014621280,"rss":215056384},"runtime":{"goroutines":305}},"filebeat":{"events":{"active":786,"added":31396,"done":33543},"harvester":{"open_files":18,"running":18,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":32842,"active":50,"batches":658,"total":32842},"read":{"bytes":7331152},"write":{"bytes":61455576}},"pipeline":{"clients":38,"events":{"active":436,"filtered":1,"published":31395,"total":31396},"queue":{"acked":32842}}},"registrar":{"states":{"current":20,"update":32843},"writes":{"success":28,"total":28}},"system":{"load":{"1":1.96,"15":1.73,"5":1.73,"norm":{"1":0.049,"15":0.0432,"5":0.0432}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:20:02 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:20:02.748Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/kerberos.log]","service.name":"filebeat","input_id":"d231eb41-d945-4da6-bd53-028f690c281c","source_file":"/mnt/Bro/current/kerberos.log","state_id":"native::5113079-64768","finished":false,"os_id":"5113079-64768","old_source":"/mnt/Bro/current/kerberos.log","old_finished":true,"old_os_id":"5113079-64768","harvester_id":"b8903560-13bb-4bb8-b0be-f7a44b0b378c","ecs.version":"1.6.0"} | |
| Aug 30 14:20:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:20:06.489Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":166240256}}}},"cpu":{"system":{"ticks":890310,"time":{"ms":800}},"total":{"ticks":13080820,"time":{"ms":13210},"value":13080820},"user":{"ticks":12190510,"time":{"ms":12410}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":62130114},"version":"8.9.1"},"memstats":{"gc_next":115358056,"memory_alloc":75337120,"memory_total":777830010584,"rss":219774976},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":2097,"added":31226,"done":29915},"harvester":{"open_files":19,"running":19,"started":1}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":30364,"active":50,"batches":609,"total":30364},"read":{"bytes":6778094},"write":{"bytes":56209863}},"pipeline":{"clients":38,"events":{"active":1279,"filtered":1,"published":31206,"total":31208},"queue":{"acked":30364}}},"registrar":{"states":{"current":20,"update":30365},"writes":{"success":27,"total":27}},"system":{"load":{"1":2.04,"15":1.74,"5":1.76,"norm":{"1":0.051,"15":0.0435,"5":0.044}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:20:36 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:20:36.486Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":184410112}}}},"cpu":{"system":{"ticks":891250,"time":{"ms":940}},"total":{"ticks":13094880,"time":{"ms":14060},"value":13094880},"user":{"ticks":12203630,"time":{"ms":13120}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":62160113},"version":"8.9.1"},"memstats":{"gc_next":143263872,"memory_alloc":120550104,"memory_total":778692717248,"rss":236920832},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":3423,"added":32703,"done":31377},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":31177,"active":50,"batches":624,"total":31177},"read":{"bytes":6959391},"write":{"bytes":58480538}},"pipeline":{"clients":38,"events":{"active":2823,"published":32721,"total":32721},"queue":{"acked":31177}}},"registrar":{"states":{"current":20,"update":31177},"writes":{"success":29,"total":29}},"system":{"load":{"1":1.69,"15":1.72,"5":1.7,"norm":{"1":0.0422,"15":0.043,"5":0.0425}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:21:06 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:21:06.488Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":221290496}}}},"cpu":{"system":{"ticks":892120,"time":{"ms":870}},"total":{"ticks":13110700,"time":{"ms":15820},"value":13110700},"user":{"ticks":12218580,"time":{"ms":14950}}},"handles":{"limit":{"hard":524288,"soft":524288},"open":31},"info":{"ephemeral_id":"14379ec3-8426-41d1-9744-eb7d5f2c21db","uptime":{"ms":62190119},"version":"8.9.1"},"memstats":{"gc_next":226512848,"memory_alloc":152451800,"memory_sys":20971520,"memory_total":779570731864,"rss":273702912},"runtime":{"goroutines":311}},"filebeat":{"events":{"active":4899,"added":32996,"done":31520},"harvester":{"open_files":19,"running":19}},"libbeat":{"config":{"module":{"running":2}},"output":{"events":{"acked":31720,"active":50,"batches":635,"total":31720},"read":{"bytes":7080626},"write":{"bytes":60154586}},"pipeline":{"clients":38,"events":{"active":4099,"published":32994,"total":32996},"queue":{"acked":31720}}},"registrar":{"states":{"current":20,"update":31720},"writes":{"success":29,"total":29}},"system":{"load":{"1":1.36,"15":1.69,"5":1.62,"norm":{"1":0.034,"15":0.0422,"5":0.0405}}}},"ecs.version":"1.6.0"}} | |
| Aug 30 14:21:12 zeek1 filebeat[1043633]: {"log.level":"info","@timestamp":"2023-08-30T14:21:12.751Z","log.logger":"input.harvester","log.origin":{"file.name":"log/harvester.go","file.line":311},"message":"Harvester started for paths: [/mnt/Bro/current/capture_loss.log]","service.name":"filebeat","input_id":"5f023bf7-2895-4402-8800-0ea487a7915b","source_file":"/mnt/Bro/current/capture_loss.log","state_id":"native::5113078-64768","finished":false,"os_id":"5113078-64768","old_source":"/mnt/Bro/current/capture_loss.log","old_finished":true,"old_os_id":"5113078-64768","harvester_id":"7be53992-639b-4988-bb65-871bf9503071","ecs.version":"1.6.0"} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment