|
|
Aug 3 10:26:41 devops-prod-ansible-02 filebeat: 2023-08-03T10:26:41.608+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544390,"time":{"ms":22}},"total":{"ticks":6512570,"time":{"ms":45},"value":6512570},"user":{"ticks":3968180,"time":{"ms":23}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":8},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552700039}},"memstats":{"gc_next":4405392,"memory_alloc":3943296,"memory_total":628180232808},"runtime":{"goroutines":43}},"filebeat":{"events":{"active":-1,"added":12,"done":13},"harvester":{"open_files":2,"running":2}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":13,"batches":4,"total":13},"read":{"bytes":24},"write":{"bytes":3540}},"pipeline":{"clients":3,"events":{"active":0,"published":12,"total":12},"queue":{"acked":13}}},"registrar":{"states":{"current":6,"update":13},"writes":{"success":4,"total":4}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}
. c9 M' T5 P9 a# Q) OAug 3 10:26:44 devops-prod-ansible-02 filebeat: 2023-08-03T10:26:44.443+0800#011INFO#011log/harvester.go:278#011File is inactive: /.cmdlog/cmdlog.2023-08-03. Closing because close_inactive of 1m0s reached.
1 C7 }" o! I: yAug 3 10:27:11 devops-prod-ansible-02 filebeat: 2023-08-03T10:27:11.606+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544400,"time":{"ms":14}},"total":{"ticks":6512610,"time":{"ms":34},"value":6512610},"user":{"ticks":3968210,"time":{"ms":20}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552730039}},"memstats":{"gc_next":4194304,"memory_alloc":3670936,"memory_total":628185307728},"runtime":{"goroutines":38}},"filebeat":{"events":{"added":5,"done":5},"harvester":{"closed":1,"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":4,"batches":3,"total":4},"read":{"bytes":18},"write":{"bytes":2223}},"pipeline":{"clients":3,"events":{"active":0,"filtered":1,"published":4,"total":5},"queue":{"acked":4}}},"registrar":{"states":{"current":6,"update":5},"writes":{"success":4,"total":4}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}
, a8 u: X; X! z6 Z) P6 ^Aug 3 10:27:41 devops-prod-ansible-02 filebeat: 2023-08-03T10:27:41.606+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544410,"time":{"ms":9}},"total":{"ticks":6512640,"time":{"ms":38},"value":6512640},"user":{"ticks":3968230,"time":{"ms":29}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552760038}},"memstats":{"gc_next":7016112,"memory_alloc":3764776,"memory_total":628190777232},"runtime":{"goroutines":38}},"filebeat":{"events":{"added":5,"done":5},"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":5,"batches":3,"total":5},"read":{"bytes":18},"write":{"bytes":2362}},"pipeline":{"clients":3,"events":{"active":0,"published":5,"total":5},"queue":{"acked":5}}},"registrar":{"states":{"current":6,"update":5},"writes":{"success":3,"total":3}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}
( H- L- i5 e @! O% P) @7 A1 F. t% L" C5 R: s. }% t$ q
4 V- h" P% ^ h
( H$ _9 R. S$ X; BAug 3 10:28:11 devops-prod-ansible-02 filebeat: 2023-08-03T10:28:11.606+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544420,"time":{"ms":8}},"total":{"ticks":6512660,"time":{"ms":11},"value":6512660},"user":{"ticks":3968240,"time":{"ms":3}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552790038}},"memstats":{"gc_next":7016112,"memory_alloc":4294680,"memory_total":628191307136},"runtime":{"goroutines":38}},"filebeat":{"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":3,"events":{"active":0}}},"registrar":{"states":{"current":6}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}/ a! J5 Z! ], r$ x
& \( o9 O3 h) W& z5 W. cAug 3 10:28:11 devops-prod-ansible-02 filebeat: 2023-08-03T10:28:11.606+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544420,"time":{"ms":8}},"total":{"ticks":6512660,"time":{"ms":11},"value":6512660},"user":{"ticks":3968240,"time":{"ms":3}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552790038}},"memstats":{"gc_next":7016112,"memory_alloc":4294680,"memory_total":628191307136},"runtime":{"goroutines":38}},"filebeat":{"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":3,"events":{"active":0}}},"registrar":{"states":{"current":6}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}
/ o5 V8 u, L8 P$ C" rAug 3 10:28:25 devops-prod-ansible-02 filebeat: 2023-08-03T10:28:25.085+0800#011INFO#011log/harvester.go:278#011File is inactive: /var/log/secure. Closing because close_inactive of 1m0s reached.
5 k' J: ~! p( A0 t) EAug 3 10:28:41 devops-prod-ansible-02 filebeat: 2023-08-03T10:28:41.607+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544430,"time":{"ms":13}},"total":{"ticks":6512670,"time":{"ms":20},"value":6512670},"user":{"ticks":3968240,"time":{"ms":7}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":6},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552820039}},"memstats":{"gc_next":7016112,"memory_alloc":4647992,"memory_total":628191660448},"runtime":{"goroutines":33}},"filebeat":{"events":{"added":1,"done":1},"harvester":{"closed":1,"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":3,"events":{"active":0,"filtered":1,"total":1}}},"registrar":{"states":{"current":6,"update":1},"writes":{"success":1,"total":1}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}6 l0 z3 E$ D$ |2 T( X
; P: Z7 ]3 w3 p2 [7 O
' N! c4 \3 b- F: [. ]# m6 v7 J4 h) oAug 3 10:29:11 devops-prod-ansible-02 filebeat: 2023-08-03T10:29:11.606+0800#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":2544440,"time":{"ms":8}},"total":{"ticks":6512690,"time":{"ms":10},"value":6512690},"user":{"ticks":3968250,"time":{"ms":2}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":6},"info":{"ephemeral_id":"8f113502-1487-4c59-b627-114298a25801","uptime":{"ms":11552850039}},"memstats":{"gc_next":7016112,"memory_alloc":5171960,"memory_total":628192184416},"runtime":{"goroutines":33}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":3,"events":{"active":0}}},"registrar":{"states":{"current":6}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.0125,"5":0.0025}}}}}}
; ~$ u6 {2 s) Y' s! f( s8 k2 @- ^; w u
. i6 R( c! P. M' y, r6 X4 X查看audit.log日志
) l! O% |! j& F6 t& b5 z# I& R3 {
type=USER_AUTH msg=audit(1691029637.510:4371430): pid=30116 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="devops" exe="/usr/sbin/sshd" hostname=172.24.21.6 addr=172.24.21.6 terminal=ssh res=failed'7 \2 O& S8 B. Y, n) T* F7 \) R8 s
4 T6 \ n% ]2 b6 X- i
9 Y# a% X& f) ~* m4 }. X4 ~$ \
) W7 K3 Y9 c% j4 b: w
* Q; k) C- D& S# d
' a7 g; }% n1 O5 @) g9 e4 x2 h; X% J2 t$ ]( o
|
|
发表于 2023-8-3 10:35:35