Skip to content

Commit

Permalink
Sync system auth data stream with beats
Browse files Browse the repository at this point in the history
  • Loading branch information
marc-gr committed Feb 17, 2021
1 parent 8243545 commit 54bf096
Show file tree
Hide file tree
Showing 10 changed files with 1,816 additions and 423 deletions.

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,14 @@
}
}
},
"@timestamp": "2020-02-21T21:54:44.000Z",
"@timestamp": "2021-02-21T21:54:44.000Z",
"related": {
"user": [
"vagrant"
],
"hosts": [
"localhost"
],
"ip": [
"10.0.2.2"
]
Expand All @@ -31,16 +34,18 @@
"ip": "10.0.2.2"
},
"event": {
"ingested": "2021-02-16T12:08:23.984384500Z",
"timezone": "+0000",
"kind": "event",
"action": "ssh_login",
"type": [
"authentication_success",
"info"
],
"category": [
"authentication"
"authentication",
"session"
],
"timezone": "+0000",
"kind": "event",
"outcome": "success"
},
"user": {
Expand All @@ -60,11 +65,14 @@
}
}
},
"@timestamp": "2020-02-23T00:13:35.000Z",
"@timestamp": "2021-02-23T00:13:35.000Z",
"related": {
"user": [
"vagrant"
],
"hosts": [
"localhost"
],
"ip": [
"192.168.33.1"
]
Expand All @@ -77,16 +85,18 @@
"ip": "192.168.33.1"
},
"event": {
"ingested": "2021-02-16T12:08:23.984398900Z",
"timezone": "+0000",
"kind": "event",
"action": "ssh_login",
"type": [
"authentication_success",
"info"
],
"category": [
"authentication"
"authentication",
"session"
],
"timezone": "+0000",
"kind": "event",
"outcome": "success"
},
"user": {
Expand All @@ -105,11 +115,14 @@
}
}
},
"@timestamp": "2020-02-21T21:56:12.000Z",
"@timestamp": "2021-02-21T21:56:12.000Z",
"related": {
"user": [
"test"
],
"hosts": [
"localhost"
],
"ip": [
"10.0.2.2"
]
Expand All @@ -121,6 +134,9 @@
"ip": "10.0.2.2"
},
"event": {
"ingested": "2021-02-16T12:08:23.984402600Z",
"timezone": "+0000",
"kind": "event",
"action": "ssh_login",
"type": [
"authentication_failure",
Expand All @@ -129,8 +145,6 @@
"category": [
"authentication"
],
"timezone": "+0000",
"kind": "event",
"outcome": "failure"
},
"user": {
Expand All @@ -150,11 +164,14 @@
}
}
},
"@timestamp": "2020-02-20T08:35:22.000Z",
"@timestamp": "2021-02-20T08:35:22.000Z",
"related": {
"user": [
"root"
],
"hosts": [
"slave22"
],
"ip": [
"116.31.116.24"
]
Expand Down Expand Up @@ -184,6 +201,9 @@
"ip": "116.31.116.24"
},
"event": {
"ingested": "2021-02-16T12:08:23.984407600Z",
"timezone": "+0000",
"kind": "event",
"action": "ssh_login",
"type": [
"authentication_failure",
Expand All @@ -192,8 +212,6 @@
"category": [
"authentication"
],
"timezone": "+0000",
"kind": "event",
"outcome": "failure"
},
"user": {
Expand All @@ -214,21 +232,29 @@
}
}
},
"@timestamp": "2020-02-21T23:35:33.000Z",
"@timestamp": "2021-02-21T23:35:33.000Z",
"related": {
"user": [
"vagrant"
"vagrant",
"root"
],
"hosts": [
"localhost"
]
},
"host": {
"hostname": "localhost"
},
"event": {
"ingested": "2021-02-16T12:08:23.984411800Z",
"timezone": "+0000",
"kind": "event"
},
"user": {
"name": "vagrant"
"name": "vagrant",
"effective": {
"name": "root"
}
}
},
{
Expand All @@ -243,8 +269,11 @@
}
}
},
"@timestamp": "2020-02-19T15:30:04.000Z",
"@timestamp": "2021-02-19T15:30:04.000Z",
"related": {
"hosts": [
"slave22"
],
"ip": [
"123.57.245.163"
]
Expand Down Expand Up @@ -274,6 +303,7 @@
"ip": "123.57.245.163"
},
"event": {
"ingested": "2021-02-16T12:08:23.984419500Z",
"timezone": "+0000",
"kind": "event"
}
Expand All @@ -292,21 +322,29 @@
}
}
},
"@timestamp": "2020-02-23T00:08:48.000Z",
"@timestamp": "2021-02-23T00:08:48.000Z",
"related": {
"user": [
"vagrant"
"vagrant",
"root"
],
"hosts": [
"localhost"
]
},
"host": {
"hostname": "localhost"
},
"event": {
"ingested": "2021-02-16T12:08:23.984429700Z",
"timezone": "+0000",
"kind": "event"
},
"user": {
"name": "vagrant"
"name": "vagrant",
"effective": {
"name": "root"
}
}
},
{
Expand All @@ -324,21 +362,29 @@
}
}
},
"@timestamp": "2020-02-24T00:13:02.000Z",
"@timestamp": "2021-02-24T00:13:02.000Z",
"related": {
"user": [
"tsg"
"tsg",
"root"
],
"hosts": [
"precise32"
]
},
"host": {
"hostname": "precise32"
},
"event": {
"ingested": "2021-02-16T12:08:23.984439100Z",
"timezone": "+0000",
"kind": "event"
},
"user": {
"name": "tsg"
"name": "tsg",
"effective": {
"name": "root"
}
}
},
{
Expand All @@ -349,11 +395,17 @@
"system": {
"auth": {}
},
"@timestamp": "2020-02-22T11:47:05.000Z",
"@timestamp": "2021-02-22T11:47:05.000Z",
"related": {
"hosts": [
"localhost"
]
},
"host": {
"hostname": "localhost"
},
"event": {
"ingested": "2021-02-16T12:08:23.984448200Z",
"category": [
"iam"
],
Expand Down Expand Up @@ -383,16 +435,20 @@
}
}
},
"@timestamp": "2020-02-22T11:47:05.000Z",
"@timestamp": "2021-02-22T11:47:05.000Z",
"related": {
"user": [
"apache"
],
"hosts": [
"localhost"
]
},
"host": {
"hostname": "localhost"
},
"event": {
"ingested": "2021-02-16T12:08:23.984468100Z",
"category": [
"iam"
],
Expand Down
Loading

0 comments on commit 54bf096

Please sign in to comment.