-
Notifications
You must be signed in to change notification settings - Fork 4.9k
/
Copy pathdata.json
58 lines (58 loc) · 1.47 KB
/
data.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
{
"@timestamp": "2017-10-12T08:05:34.853Z",
"agent": {
"hostname": "host.example.com",
"name": "host.example.com"
},
"auditd": {
"data": {
"acct": "(invalid user)",
"op": "login",
"terminal": "sshd"
},
"message_type": "user_login",
"result": "fail",
"sequence": 19955,
"session": "unset",
"summary": {
"actor": {
"primary": "unset",
"secondary": "(invalid user)"
},
"how": "/usr/sbin/sshd",
"object": {
"primary": "sshd",
"secondary": "179.38.151.221",
"type": "user-session"
}
}
},
"event": {
"action": "logged-in",
"category": "user-login",
"module": "auditd",
"original": [
"type=USER_LOGIN msg=audit(1492896301.818:19955): pid=12635 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct=28696E76616C6964207573657229 exe=\"/usr/sbin/sshd\" hostname=? addr=179.38.151.221 terminal=sshd res=failed'"
]
},
"network": {
"direction": "inbound"
},
"process": {
"executable": "/usr/sbin/sshd",
"pid": 12635
},
"service": {
"type": "auditd"
},
"source": {
"ip": "179.38.151.221"
},
"user": {
"audit": {
"id": "unset"
},
"id": "0",
"name": "root"
}
}