-
Notifications
You must be signed in to change notification settings - Fork 0
/
example-log.ndjson
67 lines (67 loc) · 75.8 KB
/
example-log.ndjson
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
// Some example log messages, to go with the example `draff.yaml`.
{"@timestamp":"2022-10-12T01:30:35.000Z","_id":"063958a8-3d09-4ab4-8b0c-7b65d4445748","client":{"domain":"example.net","ip":"203.0.113.1"},"event":{"dataset":"apache.access","duration":60000000,"original":"203.0.113.1 - - [12/Oct/2022:01:30:35 +0000] \"GET /favicon.ico HTTP/1.1\" 404 13978 \"-\" \"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36\" 0.060"},"http":{"request":{"method":"GET"},"response":{"body":{"bytes":13978},"status_code":404}},"log":{"file":{"path":"/var/log/httpd/access_log"},"offset":1974585},"message":"GET /favicon.ico","server":{"domain":"example.com"},"url":{"original":"/favicon.ico","path":"/favicon.ico"}}
{"@timestamp":"2022-10-12T01:31:15.000Z","_id":"185ab29b-9b89-45a2-9c86-38763a2910d6","client":{"domain":"example.net","ip":"203.0.113.2"},"event":{"dataset":"apache.access","duration":85000000,"original":"203.0.113.2 - - [12/Oct/2022:01:31:15 +0000] \"GET /favicon.ico HTTP/1.1\" 404 13978 \"-\" \"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36\" 0.085"},"http":{"request":{"method":"GET"},"response":{"body":{"bytes":13978},"status_code":404}},"log":{"file":{"path":"/var/log/httpd/access_log"},"offset":1974804},"message":"GET /favicon.ico","server":{"domain":"example.com"},"url":{"original":"/favicon.ico","path":"/favicon.ico"}}
{"@timestamp":"2022-10-12T01:31:41.000Z","_id":"271130be-1995-4398-91c0-ad3f70a5b607","client":{"domain":"example.net","ip":"203.0.113.3"},"event":{"dataset":"apache.access","duration":73000000,"original":"203.0.113.3 - - [12/Oct/2022:01:31:41 +0000] \"GET /favicon.ico HTTP/1.1\" 404 13978 \"-\" \"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36\" 0.073"},"http":{"request":{"method":"GET"},"response":{"body":{"bytes":13978},"status_code":404}},"log":{"file":{"path":"/var/log/httpd/access_log"},"offset":1975021},"message":"GET /favicon.ico","server":{"domain":"example.com"},"url":{"original":"/favicon.ico","path":"/favicon.ico"}}
{"@timestamp":"2022-10-12T01:31:47.000Z","_id":"04a6feaa-a2ee-4753-b00f-42d1e6adf517","client":{"domain":"example.net","ip":"203.0.113.4"},"event":{"dataset":"apache.access","duration":109000000,"original":"203.0.113.4 - - [12/Oct/2022:01:31:47 +0000] \"GET /favicon.ico HTTP/1.1\" 404 13979 \"-\" \"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36\" 0.109"},"http":{"request":{"method":"GET"},"response":{"body":{"bytes":13979},"status_code":404}},"log":{"file":{"path":"/var/log/httpd/access_log"},"offset":1975241},"message":"GET /favicon.ico","server":{"domain":"example.com"},"url":{"original":"/favicon.ico","path":"/favicon.ico"},"user_agent":{"device":{"name":"Other"},"name":"Chrome","original":"\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36\"","os":{"full":"Linux","name":"Linux"},"version":"100.0.4896.60"}}
{"@timestamp":"2022-10-12T01:31:48.000Z","_id":"9b9d3998-f110-4f1d-9efa-76bc8c103e79","client":{"domain":"example.net","ip":"203.0.113.5"},"event":{"dataset":"apache.access","duration":23000000,"original":"203.0.113.5 - - [12/Oct/2022:01:31:48 +0000] \"GET /favicon.ico HTTP/1.1\" 404 13976 \"-\" \"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36\" 0.023"},"http":{"request":{"method":"GET"},"response":{"body":{"bytes":13976},"status_code":404}},"log":{"file":{"path":"/var/log/httpd/access_log"},"offset":1975526},"message":"GET /favicon.ico","server":{"domain":"example.com"},"url":{"original":"/favicon.ico","path":"/favicon.ico"},"user_agent":{"device":{"name":"Other"},"name":"Chrome","original":"\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36\"","os":{"full":"Linux","name":"Linux"},"version":"100.0.4896.60"}}
{"@timestamp":"2022-10-12T01:40:40.854Z","_id":"4369898a-545a-4e43-a082-7b5f56334474","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"norbert"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"47621"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:40:44.089Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=47621, TLS, session=<qcP3eszq4rFLYuSD>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=47621, TLS, session=<qcP3eszq4rFLYuSD>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"qcP3eszq4rFLYuSD"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:40:43.275Z","_id":"5f689926-2d60-4b4c-bb17-e2c2b30ddbcb","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"norbert"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"48090"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:40:44.089Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=48090, TLS, session=<OrYce8zqZrJLYuSD>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=48090, TLS, session=<OrYce8zqZrJLYuSD>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"OrYce8zqZrJLYuSD"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:40:43.873Z","_id":"5a5051ef-3540-4801-9ff6-6903405ec61d","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"norbert"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"48144"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:40:44.089Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=48144, TLS, session=<iN8le8zqEthLYuSD>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=48144, TLS, session=<iN8le8zqEthLYuSD>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"iN8le8zqEthLYuSD"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:40:44.512Z","_id":"8ced564c-e2ea-4fb6-bc2c-06eaef48304f","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"norbert"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"48180"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:40:45.191Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=48180, TLS, session=<O6Qve8zqON5LYuSD>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=48180, TLS, session=<O6Qve8zqON5LYuSD>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"O6Qve8zqON5LYuSD"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:40:45.147Z","_id":"5df708ee-11d2-4ede-8fb3-2d10195b55bf","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"norbert"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"48224"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:40:45.191Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=48224, TLS, session=<sUI5e8zqPdRLYuSD>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=48224, TLS, session=<sUI5e8zqPdRLYuSD>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"sUI5e8zqPdRLYuSD"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:40:45.798Z","_id":"2fe20220-e64b-4736-bd8d-1cbf393d3667","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"norbert"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"48250"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:40:46.293Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=48250, TLS, session=<Pi9De8zquLNLYuSD>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=48250, TLS, session=<Pi9De8zquLNLYuSD>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"Pi9De8zquLNLYuSD"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:40:46.493Z","_id":"efcc4c7c-c381-43ab-9cc6-901b252cbbc1","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"norbert"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"48462"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:40:47.395Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=48462, TLS, session=<lt9Ne8zqGP9LYuSD>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=48462, TLS, session=<lt9Ne8zqGP9LYuSD>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"lt9Ne8zqGP9LYuSD"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:40:47.124Z","_id":"c158d415-966b-41ab-b0dd-141851683f0b","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"norbert"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"48517"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:40:47.395Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=48517, TLS, session=<y3NXe8zq5c6sOAov>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=48517, TLS, session=<y3NXe8zq5c6sOAov>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"y3NXe8zq5c6sOAov"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:40:48.629Z","_id":"307cacb3-b5eb-4c7c-9068-bf8e69dab4bb","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"dataset":"apache.access","duration":228000000,"original":"203.0.113.6 - - [11/Oct/2022:21:40:43 -0400] \"PUT /horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/C1DD50FB-FF38-40BB-819D-117569DCB277.ics HTTP/1.1\" 500 201 228 \"-\" \"macOS/12.6 (21G115) CalendarAgent/961.4.2\""},"host":{"name":"example.com"},"http":{"request":{"method":"PUT"},"response":{"body":{"bytes":201},"status_code":500},"version":"1.1"},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com-2022.10-a"},"offset":48582052},"message":"PUT /horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/C1DD50FB-FF38-40BB-819D-117569DCB277.ics","server":{"domain":"example.com"},"source":{},"tags":[],"timestamp":"11/Oct/2022:21:40:43 -0400","url":{"original":"/horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/C1DD50FB-FF38-40BB-819D-117569DCB277.ics","path":"/horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/C1DD50FB-FF38-40BB-819D-117569DCB277.ics"},"user_agent":{"device":{"name":"Other"},"name":"Other","original":"\"macOS/12.6 (21G115) CalendarAgent/961.4.2\"","os":{"full":"Other","name":"Other"}}}
{"@timestamp":"2022-10-12T01:40:48.629Z","_id":"54049214-3a69-4aa1-b73b-ade3171e4050","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"dataset":"apache.access","duration":274000000,"original":"203.0.113.6 - - [11/Oct/2022:21:40:45 -0400] \"PUT /horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/F96AD1DD-8406-4384-B164-B68159551B93.ics HTTP/1.1\" 500 201 274 \"-\" \"macOS/12.6 (21G115) CalendarAgent/961.4.2\""},"host":{"name":"example.com"},"http":{"request":{"method":"PUT"},"response":{"body":{"bytes":201},"status_code":500},"version":"1.1"},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com-2022.10-a"},"offset":48582724},"message":"PUT /horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/F96AD1DD-8406-4384-B164-B68159551B93.ics","server":{"domain":"example.com"},"source":{},"tags":[],"timestamp":"11/Oct/2022:21:40:45 -0400","url":{"original":"/horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/F96AD1DD-8406-4384-B164-B68159551B93.ics","path":"/horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/F96AD1DD-8406-4384-B164-B68159551B93.ics"},"user_agent":{"device":{"name":"Other"},"name":"Other","original":"\"macOS/12.6 (21G115) CalendarAgent/961.4.2\"","os":{"full":"Other","name":"Other"}}}
{"@timestamp":"2022-10-12T01:40:48.629Z","_id":"80cd004a-7f8b-42e7-892c-ef13237dae54","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"dataset":"apache.access","duration":248000000,"original":"203.0.113.6 - - [11/Oct/2022:21:40:44 -0400] \"PUT /horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/684B778B-F377-43AD-BEC1-D97A9CAE38E4.ics HTTP/1.1\" 500 201 248 \"-\" \"macOS/12.6 (21G115) CalendarAgent/961.4.2\""},"host":{"name":"example.com"},"http":{"request":{"method":"PUT"},"response":{"body":{"bytes":201},"status_code":500},"version":"1.1"},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com-2022.10-a"},"offset":48582500},"message":"PUT /horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/684B778B-F377-43AD-BEC1-D97A9CAE38E4.ics","server":{"domain":"example.com"},"source":{},"tags":[],"timestamp":"11/Oct/2022:21:40:44 -0400","url":{"original":"/horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/684B778B-F377-43AD-BEC1-D97A9CAE38E4.ics","path":"/horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/684B778B-F377-43AD-BEC1-D97A9CAE38E4.ics"},"user_agent":{"device":{"name":"Other"},"name":"Other","original":"\"macOS/12.6 (21G115) CalendarAgent/961.4.2\"","os":{"full":"Other","name":"Other"}}}
{"@timestamp":"2022-10-12T01:40:48.629Z","_id":"b152840c-ac84-4a26-b578-cc3f2b31b897","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"dataset":"apache.access","duration":2014000000,"original":"203.0.113.6 - - [11/Oct/2022:21:40:40 -0400] \"PUT /horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/B046EA7D-31F3-4AD4-B510-452B7C85E22E.ics HTTP/1.1\" 500 201 2014 \"-\" \"macOS/12.6 (21G115) CalendarAgent/961.4.2\""},"host":{"name":"example.com"},"http":{"request":{"method":"PUT"},"response":{"body":{"bytes":201},"status_code":500},"version":"1.1"},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com-2022.10-a"},"offset":48581827},"message":"PUT /horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/B046EA7D-31F3-4AD4-B510-452B7C85E22E.ics","server":{"domain":"example.com"},"source":{},"tags":[],"timestamp":"11/Oct/2022:21:40:40 -0400","url":{"original":"/horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/B046EA7D-31F3-4AD4-B510-452B7C85E22E.ics","path":"/horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/B046EA7D-31F3-4AD4-B510-452B7C85E22E.ics"},"user_agent":{"device":{"name":"Other"},"name":"Other","original":"\"macOS/12.6 (21G115) CalendarAgent/961.4.2\"","os":{"full":"Other","name":"Other"}}}
{"@timestamp":"2022-10-12T01:40:48.629Z","_id":"f0c7b14e-cc9d-448e-bedc-44d7891190b2","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"dataset":"apache.access","duration":258000000,"original":"203.0.113.6 - - [11/Oct/2022:21:40:43 -0400] \"PUT /horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/287C841C-B00F-43D6-ADBB-72B78552A904.ics HTTP/1.1\" 500 201 258 \"-\" \"macOS/12.6 (21G115) CalendarAgent/961.4.2\""},"host":{"name":"example.com"},"http":{"request":{"method":"PUT"},"response":{"body":{"bytes":201},"status_code":500},"version":"1.1"},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com-2022.10-a"},"offset":48582276},"message":"PUT /horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/287C841C-B00F-43D6-ADBB-72B78552A904.ics","server":{"domain":"example.com"},"source":{},"tags":[],"timestamp":"11/Oct/2022:21:40:43 -0400","url":{"original":"/horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/287C841C-B00F-43D6-ADBB-72B78552A904.ics","path":"/horde/rpc/calendars/norbert/calendar~DwFymTeqhaL3xsffVXOy-B-/287C841C-B00F-43D6-ADBB-72B78552A904.ics"},"user_agent":{"device":{"name":"Other"},"name":"Other","original":"\"macOS/12.6 (21G115) CalendarAgent/961.4.2\"","os":{"full":"Other","name":"Other"}}}
{"@timestamp":"2022-10-12T01:40:51.033Z","_id":"a41be637-c099-4d98-8c9a-9e71e12aa075","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"anonymous"}},"drupal":{"code":0,"message":"Login attempt failed from 203.0.113.6.","type":"user"},"event":{"dataset":"drupal.watchdog","original":"{\"message\":\"Login attempt failed from 203.0.113.6.\",\"message_id\":\"example.com63461b2307ef41.27243622\",\"site_id\":\"example.com\",\"canonical\":\"example.com\",\"method\":\"POST\",\"tags\":null,\"type\":\"drupal\",\"subtype\":\"user\",\"severity\":\"Notice\",\"request_uri\":\"https:\\/\\/example.com\\/user\\/login\",\"referer\":\"https:\\/\\/example.com\\/user\\/login\",\"uid\":0,\"username\":\"\",\"client_ip\":\"203.0.113.6\",\"link\":null,\"code\":0,\"trunc\":\"\",\"@version\":1,\"@timestamp\":\"2022-10-12T01:40:51.033Z\"}"},"host":{"name":"example.com"},"http":{"request":{"method":"POST","referrer":"https://example.com/user/login"}},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com.2022.10.json.log"},"level":"Notice","offset":94094},"message":"user: Login attempt failed from 203.0.113.6.","server":{"domain":"example.com"},"url":{"domain":"example.com","original":"https://example.com/user/login","path":"/user/login","scheme":"https"}}
{"@timestamp":"2022-10-12T01:41:05.496Z","_id":"bc9f2b3d-21b2-4225-b6c9-ace70225c976","client":{"domain":"example.net","ip":"203.0.113.60","user":{"name":"user"}},"event":{"created":"2022-10-12T01:41:13.406Z","dataset":"sshd","kind":"event","original":"Invalid user user from 203.0.113.60 port 34994"},"host":{"hostname":"example.com","id":"50c8d490721b470691064e2b7f01e46e","name":"example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"1a0c443244104427a663af36befa5cfd"},"pid":29418,"process":{"capabilities":"0","executable":"/usr/sbin/sshd","name":"sshd"}},"log":{"syslog":{"facility":{"code":10},"identifier":"sshd","priority":6}},"message":"Invalid user user from 203.0.113.60 port 34994","process":{"args":["sshd:","[accepted]"],"args_count":2,"command_line":"sshd: [accepted]","pid":29418},"syslog":{},"systemd":{"transport":"syslog"},"tags":[],"user":{"name":"user"}}
{"@timestamp":"2022-10-12T01:41:18.378Z","_id":"10878aa5-19aa-4a16-a515-1d995e34bc85","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"delmar"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"49158"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:41:20.048Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<delmar>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=49158, TLS, session=<oEo0fczqMWisOAov>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<delmar>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=49158, TLS, session=<oEo0fczqMWisOAov>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"oEo0fczqMWisOAov"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:41:35.659Z","_id":"ddf746ed-642d-4c2b-b836-f0499ea0ccd2","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"dataset":"apache.access","duration":72000000,"original":"203.0.113.6 - - [11/Oct/2022:21:41:29 -0400] \"GET /data/admin/allowurl.txt HTTP/1.1\" 404 13 72 \"-\" \"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0\""},"host":{"name":"example.com"},"http":{"request":{"method":"GET"},"response":{"body":{"bytes":13},"status_code":404},"version":"1.1"},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com-2022.10-a"},"offset":12579847},"message":"GET /data/admin/allowurl.txt","server":{"domain":"example.com"},"source":{},"tags":[],"timestamp":"11/Oct/2022:21:41:29 -0400","url":{"original":"/data/admin/allowurl.txt","path":"/data/admin/allowurl.txt"},"user_agent":{"device":{"name":"Other"},"name":"Firefox","original":"\"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0\"","os":{"full":"Windows 10","name":"Windows","version":"10"},"version":"48.0"}}
{"@timestamp":"2022-10-12T01:41:42.742Z","_id":"d3128629-44ed-4fd4-b4ee-2becb10e49a2","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"wiley"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"49196"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:41:51.574Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<wiley>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=49196, TLS, session=<DA+ofszqYtxKcSgq>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<wiley>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=49196, TLS, session=<DA+ofszqYtxKcSgq>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"DA+ofszqYtxKcSgq"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:42:19.734Z","_id":"1cddb9af-9393-4c90-8b5b-6e1cfc3ded8a","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"agnes"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"32075"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:42:24.241Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<agnes>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.2, mpid=32075, TLS, session=<xLzYgMzqLKJHT67p>"},"host":{"hostname":"mail-0.example.com","id":"27b1d2884f1e4b388435072b5cfa9a8b","name":"mail-0.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"e3655b0d24a740539c0e580268866bbd"},"pid":72598,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<agnes>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.2, mpid=32075, TLS, session=<xLzYgMzqLKJHT67p>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":72598},"server":{"ip":"203.0.113.2"},"session":{"id":"xLzYgMzqLKJHT67p"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:42:19.744Z","_id":"b08d853b-5017-4390-a6a9-2b8390f4edd6","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"agnes"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"32076"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:42:24.241Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<agnes>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.2, mpid=32076, TLS, session=<81zYgMzqBb5HT67p>"},"host":{"hostname":"mail-0.example.com","id":"27b1d2884f1e4b388435072b5cfa9a8b","name":"mail-0.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"e3655b0d24a740539c0e580268866bbd"},"pid":72598,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<agnes>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.2, mpid=32076, TLS, session=<81zYgMzqBb5HT67p>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":72598},"server":{"ip":"203.0.113.2"},"session":{"id":"81zYgMzqBb5HT67p"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:42:55.452Z","_id":"2e288d0c-0909-454c-a91f-2851e3c50dc7","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"fitzgerald"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"49473"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:42:58.624Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<fitzgerald>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=49473, TLS, session=<xoX9gszqYfhJcsFT>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<fitzgerald>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=49473, TLS, session=<xoX9gszqYfhJcsFT>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"xoX9gszqYfhJcsFT"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:42:56.300Z","_id":"22d63310-115e-4341-b149-c09611c51eba","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"fitzgerald"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"49475"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:42:58.624Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<fitzgerald>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=49475, TLS, session=<QoIKg8zqZPhJcsFT>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<fitzgerald>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=49475, TLS, session=<QoIKg8zqZPhJcsFT>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"QoIKg8zqZPhJcsFT"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:42:56.881Z","_id":"39c96d83-d9a4-4f5a-ade5-2dfd82e7e1a9","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"wiley"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"32430"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:42:58.970Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<wiley>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.2, mpid=32430, TLS, session=<RG0Tg8zqadxKcSgq>"},"host":{"hostname":"mail-0.example.com","id":"27b1d2884f1e4b388435072b5cfa9a8b","name":"mail-0.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"e3655b0d24a740539c0e580268866bbd"},"pid":72598,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<wiley>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.2, mpid=32430, TLS, session=<RG0Tg8zqadxKcSgq>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":72598},"server":{"ip":"203.0.113.2"},"session":{"id":"RG0Tg8zqadxKcSgq"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:42:58.011Z","_id":"9577d895-2913-493a-b5dd-eeaaffe946f0","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"fitzgerald"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"49481"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:42:58.624Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<fitzgerald>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=49481, TLS, session=<g5Ukg8zqZvhJcsFT>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<fitzgerald>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=49481, TLS, session=<g5Ukg8zqZvhJcsFT>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"g5Ukg8zqZvhJcsFT"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:42:59.158Z","_id":"2c1a12e1-3ac4-4006-a2d3-a891add58223","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"fitzgerald"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"49483"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:42:59.726Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<fitzgerald>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=49483, TLS, session=<ShA2g8zqavhJcsFT>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<fitzgerald>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=49483, TLS, session=<ShA2g8zqavhJcsFT>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"ShA2g8zqavhJcsFT"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:42:59.289Z","_id":"58bd4b0d-7aa4-4a3b-adf8-a2c54242b467","client":{"domain":"example.net","ip":"203.0.113.61"},"event":{"created":"2022-10-12T01:43:16.794Z","dataset":"sshd","kind":"event","original":"Invalid user Root from 203.0.113.61 port 25112"},"host":{"hostname":"example.com","id":"50c8d490721b470691064e2b7f01e46e","name":"example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"1a0c443244104427a663af36befa5cfd"},"pid":32432,"process":{"capabilities":"0","executable":"/usr/sbin/sshd","name":"sshd"}},"log":{"syslog":{"facility":{"code":10},"identifier":"sshd","priority":6}},"message":"Invalid user Root from 203.0.113.61 port 25112","process":{"args":["sshd:","unknown","[priv]"],"args_count":3,"command_line":"sshd: unknown [priv]","pid":32432},"syslog":{},"systemd":{"transport":"syslog"},"tags":[],"user":{"name":"Root"}}
{"@timestamp":"2022-10-12T01:43:04.008Z","_id":"bfe3c361-4611-4dca-821d-df624058bc8a","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"agnes"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"49555"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:43:07.034Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<agnes>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=49555, TLS, session=<rB2Ag8zq3YtHT67p>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<agnes>, method=PLAIN, rip=203.0.113.6, lip=203.0.113.1, mpid=49555, TLS, session=<rB2Ag8zq3YtHT67p>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"rB2Ag8zq3YtHT67p"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:43:09.894Z","_id":"607e91ca-5d3e-405f-8531-6f191714e310","client":{"domain":"example.net","ip":"203.0.113.7","user":{"name":"norbert"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"49565"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:43:10.238Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.7, lip=203.0.113.1, mpid=49565, TLS, session=<YurZg8zqL+tLYuSD>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.7, lip=203.0.113.1, mpid=49565, TLS, session=<YurZg8zqL+tLYuSD>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"YurZg8zqL+tLYuSD"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:43:14.778Z","_id":"60641373-2b3d-49a1-a0d6-41c860c1a656","client":{"domain":"example.net","ip":"203.0.113.7","user":{"name":"norbert"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"32710"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:43:15.887Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.7, lip=203.0.113.2, mpid=32710, TLS, session=<Mi8jhMzqP3qsOAov>"},"host":{"hostname":"mail-0.example.com","id":"27b1d2884f1e4b388435072b5cfa9a8b","name":"mail-0.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"e3655b0d24a740539c0e580268866bbd"},"pid":72598,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.7, lip=203.0.113.2, mpid=32710, TLS, session=<Mi8jhMzqP3qsOAov>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":72598},"server":{"ip":"203.0.113.2"},"session":{"id":"Mi8jhMzqP3qsOAov"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:43:24.940Z","_id":"083cdbca-0a5d-46a1-b51d-2716ba62d57d","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"created":"2022-10-12T01:43:39.274Z","dataset":"sshd","kind":"event","original":"Accepted publickey for git from 203.0.113.6 port 41409 ssh2: RSA SHA256:meh"},"host":{"hostname":"example.com","id":"50a915c2c7ac435092ed0586c2bc1f54","name":"example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"33b740908dcf41f1ab6d9f7c1b86ee00"},"pid":49615,"process":{"capabilities":"0","executable":"/usr/sbin/sshd","name":"sshd"}},"log":{"syslog":{"facility":{"code":10},"identifier":"sshd","priority":6}},"message":"Accepted publickey for git from 203.0.113.6 port 41409 ssh2: RSA SHA256:meh","process":{"args":["sshd:","[accepted]"],"args_count":2,"command_line":"sshd: [accepted]","pid":49615},"syslog":{},"systemd":{"transport":"syslog"},"tags":[],"user":{"name":"git"}}
{"@timestamp":"2022-10-12T01:43:26.207Z","_id":"e8b7acf6-7137-4c1d-9e18-8cc06eb250d1","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"created":"2022-10-12T01:43:39.276Z","dataset":"sshd","kind":"event","original":"Accepted publickey for git from 203.0.113.6 port 33773 ssh2: RSA SHA256:meh"},"host":{"hostname":"example.com","id":"50a915c2c7ac435092ed0586c2bc1f54","name":"example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"33b740908dcf41f1ab6d9f7c1b86ee00"},"pid":49649,"process":{"capabilities":"0","executable":"/usr/sbin/sshd","name":"sshd"}},"log":{"syslog":{"facility":{"code":10},"identifier":"sshd","priority":6}},"message":"Accepted publickey for git from 203.0.113.6 port 33773 ssh2: RSA SHA256:meh","process":{"args":["sshd:","[accepted]"],"args_count":2,"command_line":"sshd: [accepted]","pid":49649},"syslog":{},"systemd":{"transport":"syslog"},"tags":[],"user":{"name":"git"}}
{"@timestamp":"2022-10-12T01:43:27.654Z","_id":"767d4057-3135-43af-93b3-a7e31bbf2c6f","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"created":"2022-10-12T01:43:39.277Z","dataset":"sshd","kind":"event","original":"Accepted publickey for git from 203.0.113.6 port 34541 ssh2: RSA SHA256:meh"},"host":{"hostname":"example.com","id":"50a915c2c7ac435092ed0586c2bc1f54","name":"example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"33b740908dcf41f1ab6d9f7c1b86ee00"},"pid":49684,"process":{"capabilities":"0","executable":"/usr/sbin/sshd","name":"sshd"}},"log":{"syslog":{"facility":{"code":10},"identifier":"sshd","priority":6}},"message":"Accepted publickey for git from 203.0.113.6 port 34541 ssh2: RSA SHA256:meh","process":{"args":["sshd:","[accepted]"],"args_count":2,"command_line":"sshd: [accepted]","pid":49684},"syslog":{},"systemd":{"transport":"syslog"},"tags":[],"user":{"name":"git"}}
{"@timestamp":"2022-10-12T01:43:29.016Z","_id":"a53f8659-fb4e-4386-b13d-bda2b790b895","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"created":"2022-10-12T01:43:39.278Z","dataset":"sshd","kind":"event","original":"Accepted publickey for git from 203.0.113.6 port 39649 ssh2: RSA SHA256:meh"},"host":{"hostname":"example.com","id":"50a915c2c7ac435092ed0586c2bc1f54","name":"example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"33b740908dcf41f1ab6d9f7c1b86ee00"},"pid":49721,"process":{"capabilities":"0","executable":"/usr/sbin/sshd","name":"sshd"}},"log":{"syslog":{"facility":{"code":10},"identifier":"sshd","priority":6}},"message":"Accepted publickey for git from 203.0.113.6 port 39649 ssh2: RSA SHA256:meh","process":{"args":["sshd:","[accepted]"],"args_count":2,"command_line":"sshd: [accepted]","pid":49721},"syslog":{},"systemd":{"transport":"syslog"},"tags":[],"user":{"name":"git"}}
{"@timestamp":"2022-10-12T01:43:35.620Z","_id":"e69715b4-039f-4cc2-b85e-4f21c4b8ca55","client":{"domain":"example.net","ip":"203.0.113.7","user":{"name":"norbert"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"49772"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:43:35.718Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.7, lip=203.0.113.1, mpid=49772, TLS, session=<MXVihczqn4lLYuSD>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.7, lip=203.0.113.1, mpid=49772, TLS, session=<MXVihczqn4lLYuSD>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"MXVihczqn4lLYuSD"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:43:36.599Z","_id":"22d93e7f-521b-414b-ab1a-833848080208","client":{"domain":"example.net","ip":"203.0.113.7","user":{"name":"norbert"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"49831"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:43:36.820Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.7, lip=203.0.113.1, mpid=49831, TLS, session=<EG5xhczqo5BLYuSD>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.7, lip=203.0.113.1, mpid=49831, TLS, session=<EG5xhczqo5BLYuSD>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"EG5xhczqo5BLYuSD"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:43:37.700Z","_id":"9d0adb40-af87-4e57-86a1-45112581b268","client":{"domain":"example.net","ip":"203.0.113.7","user":{"name":"norbert"}},"email":{"auth":{"mechanism":"PLAIN"},"process":{"pid":"49879"},"security":"TLS"},"event":{"action":"Login","created":"2022-10-12T01:43:37.970Z","dataset":"dovecot.imap-login","kind":"event","original":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.7, lip=203.0.113.1, mpid=49879, TLS, session=<oTSChczqzMhLYuSD>"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"340e051f604f44fda4d693020444a0b9"},"pid":15117,"process":{"capabilities":"0","executable":"/usr/libexec/dovecot/log","name":"log"}},"log":{"syslog":{"facility":{"code":2},"identifier":"dovecot","priority":6}},"message":"imap-login: Login: user=<norbert>, method=PLAIN, rip=203.0.113.7, lip=203.0.113.1, mpid=49879, TLS, session=<oTSChczqzMhLYuSD>","process":{"args":["dovecot/log"],"args_count":1,"command_line":"dovecot/log ","name":"imap-login","pid":15117},"server":{"ip":"203.0.113.1"},"session":{"id":"oTSChczqzMhLYuSD"},"syslog":{},"systemd":{"transport":"syslog"},"tags":[]}
{"@timestamp":"2022-10-12T01:46:10.238Z","_id":"ebdff644-3968-4e9e-ba90-84486c95695f","client":{"domain":"example.net","ip":"203.0.113.62","user":{"name":"admin"}},"event":{"created":"2022-10-12T01:46:22.897Z","dataset":"sshd","kind":"event","original":"Invalid user admin from 203.0.113.62 port 51346"},"host":{"hostname":"example.com","id":"50a915c2c7ac435092ed0586c2bc1f54","name":"example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"33b740908dcf41f1ab6d9f7c1b86ee00"},"pid":56472,"process":{"capabilities":"0","executable":"/usr/sbin/sshd","name":"sshd"}},"log":{"syslog":{"facility":{"code":10},"identifier":"sshd","priority":6}},"message":"Invalid user admin from 203.0.113.62 port 51346","process":{"args":["sshd:","unknown","[priv]"],"args_count":3,"command_line":"sshd: unknown [priv]","pid":56472},"syslog":{},"systemd":{"transport":"syslog"},"tags":[],"user":{"name":"admin"}}
{"@timestamp":"2022-10-12T01:46:10.239Z","_id":"4425d60a-0b88-48da-bdbd-c032909fe916","client":{"domain":"example.net","ip":"203.0.113.63","user":{"name":"admin"}},"event":{"created":"2022-10-12T01:46:22.897Z","dataset":"sshd","kind":"event","original":"Invalid user admin from 203.0.113.63 port 51496"},"host":{"hostname":"example.com","id":"50a915c2c7ac435092ed0586c2bc1f54","name":"example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"33b740908dcf41f1ab6d9f7c1b86ee00"},"pid":56480,"process":{"capabilities":"0","executable":"/usr/sbin/sshd","name":"sshd"}},"log":{"syslog":{"facility":{"code":10},"identifier":"sshd","priority":6}},"message":"Invalid user admin from 203.0.113.63 port 51496","process":{"args":["sshd:","unknown","[priv]"],"args_count":3,"command_line":"sshd: unknown [priv]","pid":56480},"syslog":{},"systemd":{"transport":"syslog"},"tags":[],"user":{"name":"admin"}}
{"@timestamp":"2022-10-12T01:46:10.312Z","_id":"c4a633db-9e86-4aec-917b-f69b461db67b","client":{"domain":"example.net","ip":"203.0.113.64","user":{"name":"ubnt"}},"event":{"created":"2022-10-12T01:46:22.898Z","dataset":"sshd","kind":"event","original":"Invalid user ubnt from 203.0.113.64 port 51528"},"host":{"hostname":"example.com","id":"50a915c2c7ac435092ed0586c2bc1f54","name":"example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"33b740908dcf41f1ab6d9f7c1b86ee00"},"pid":56481,"process":{"capabilities":"0","executable":"/usr/sbin/sshd","name":"sshd"}},"log":{"syslog":{"facility":{"code":10},"identifier":"sshd","priority":6}},"message":"Invalid user ubnt from 203.0.113.64 port 51528","process":{"args":["sshd:","unknown","[priv]"],"args_count":3,"command_line":"sshd: unknown [priv]","pid":56481},"syslog":{},"systemd":{"transport":"syslog"},"tags":[],"user":{"name":"ubnt"}}
{"@timestamp":"2022-10-12T01:46:10.434Z","_id":"e3f0e46a-3880-4026-91f3-6c8d5935e8b6","client":{"domain":"example.net","ip":"203.0.113.65","user":{"name":"admin"}},"event":{"created":"2022-10-12T01:46:22.898Z","dataset":"sshd","kind":"event","original":"Invalid user admin from 203.0.113.65 port 51510"},"host":{"hostname":"example.com","id":"50a915c2c7ac435092ed0586c2bc1f54","name":"example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"33b740908dcf41f1ab6d9f7c1b86ee00"},"pid":56471,"process":{"capabilities":"0","executable":"/usr/sbin/sshd","name":"sshd"}},"log":{"syslog":{"facility":{"code":10},"identifier":"sshd","priority":6}},"message":"Invalid user admin from 203.0.113.65 port 51510","process":{"args":["sshd:","unknown","[priv]"],"args_count":3,"command_line":"sshd: unknown [priv]","pid":56471},"syslog":{},"systemd":{"transport":"syslog"},"tags":[],"user":{"name":"admin"}}
{"@timestamp":"2022-10-12T01:46:10.504Z","_id":"dad088dd-10da-48cf-b37c-1bff97108d9d","client":{"domain":"example.net","ip":"203.0.113.65","user":{"name":"admin"}},"event":{"created":"2022-10-12T01:46:22.898Z","dataset":"sshd","kind":"event","original":"Invalid user admin from 203.0.113.65 port 51526"},"host":{"hostname":"example.com","id":"50a915c2c7ac435092ed0586c2bc1f54","name":"example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"33b740908dcf41f1ab6d9f7c1b86ee00"},"pid":56474,"process":{"capabilities":"0","executable":"/usr/sbin/sshd","name":"sshd"}},"log":{"syslog":{"facility":{"code":10},"identifier":"sshd","priority":6}},"message":"Invalid user admin from 203.0.113.65 port 51526","process":{"args":["sshd:","unknown","[priv]"],"args_count":3,"command_line":"sshd: unknown [priv]","pid":56474},"syslog":{},"systemd":{"transport":"syslog"},"tags":[],"user":{"name":"admin"}}
{"@timestamp":"2022-10-12T01:46:31.829401450Z","_id":"2d5324ef-e1d8-4d45-be67-8723681db2d7","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"agnes"}},"email":{"delivery_status":"sent","delivery_status_code":"250","delivery_status_description":"2.0.0 <agnes@mail.example.com> zk2jHXQcRmNV4QAAMIVGAg Saved","mailbox":"INBOX","message_id":"meh@example.com","queue_id":"DEA05210B2D","sender":{"address":"martin@example.com"},"size":39921,"subject":"Martin just messaged you","to":{"address":"agnes@example.com"},"transport":"postfix/external/smtpd"},"event":{"dataset":"email"},"host":{"hostname":"mail-1.example.com","id":"1dab4bf5a1364cc68c8a9d563d88424f","name":"mail-1.example.com"},"message":"qid=DEA05210B2D transport=postfix/external/smtpd client=203.0.113.6 local_mailbox=agnes mid=meh@example.com sender=test@example.com from= to=agnes@example.com rspamd=-9 spamd=-104","rspamd":{"score":-9,"tags":["WHITELIST_DMARC(-7.00){example.net:D:+;","DWL_DNSWL_HI(-3.50){example.net:dkim;","BAYES_SPAM(3.41){95.12%;","WHITELIST_SPF_DKIM(-3.00){example.net:d:+;example.net:s:+;","URI_COUNT_ODD(1.00){23;","RCVD_DKIM_ARC_DNSWL_MED(-0.50){","FORGED_SENDER(0.30){meh@example.com;meh@example.com;","RCVD_IN_DNSWL_MED(-0.20){203.0.113.6:from;","R_DKIM_ALLOW(-0.20){example.com:s=d2048-201806-01;example.com:s=proddkim1024;","ZERO_FONT(0.20){2;","BAD_REP_POLICIES(0.10){","MANY_INVISIBLE_PARTS(0.10){2;","MIME_GOOD(-0.10){multipart/alternative;text/plain;","HAS_LIST_UNSUB(-0.01){","MX_GOOD(-0.01){","ARC_NA(0.00){","ASN(0.00){asn:14413, ipnet:203.0.113.0/24, country:US;","DKIM_TRACE(0.00){example.com:+;maile.example.com:+;","DMARC_POLICY_ALLOW(0.00){example.com;reject;","FROM_HAS_DN(0.00){","FROM_NEQ_ENVFROM(0.00){test@example.com;test@example.com;","MID_RHS_MATCH_FROMTLD(0.00){","MIME_TRACE(0.00){0:+;1:+;2:~;","RCPT_COUNT_ONE(0.00){1;","RCVD_COUNT_ZERO(0.00){0;","RWL_MAILSPIKE_POSSIBLE(0.00){203.0.113.6:from;","R_SPF_ALLOW(0.00){+ip4:203.0.113.0/24;","TO_DN_ALL(0.00){","TO_MATCH_ENVRCPT_ALL(0.00){}"]},"session":{"id":"zk2jHXQcRmNV4QAAMIVGAg"},"spamd":{"score":-104,"tags":["BAYES_00","DKIMWL_WL_HIGH","DKIM_SIGNED","DKIM_VALID","DKIM_VALID_AU","DKIM_VALID_EF","DMARC_PASS_REJECT","HTML_MESSAGE","LONGWORD","RCVD_IN_DNSWL_MED","RCVD_IN_MSPIKE_H2","SPF_HELO_PASS","SPF_PASS","TXREP","USER_IN_WELCOMELIST","USER_IN_WHITELIST"]},"tags":[]}
{"@timestamp":"2022-10-12T01:46:52.000Z","_id":"4446baae-cfab-4ba2-8e1c-1a649cf0a8df","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"dataset":"apache.access","duration":66000000,"original":"203.0.113.6 - - [12/Oct/2022:01:46:52 +0000] \"GET /api/dashboard/heartbeat?api-key=foo HTTP/1.1\" 404 13978 \"-\" \"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36\" 0.066"},"host":{"name":"example.com"},"http":{"request":{"method":"GET","referrer":"\"-\""},"response":{"body":{"bytes":13978},"status_code":404},"version":"1.1"},"input":{},"log":{"file":{"path":"/var/log/nginx/access.log"},"offset":38463},"message":"GET /api/dashboard/heartbeat?api-key=foo","server":{"domain":"example.com","ip":"203.0.113.6"},"tags":[],"url":{"original":"/api/dashboard/heartbeat?api-key=foo","path":"/api/dashboard/heartbeat","query":"?api-key=foo","query_kv":{"api-key":"foo"}},"user_agent":{"device":{"name":"Other"},"name":"Chrome","original":"\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36\"","os":{"full":"Linux","name":"Linux"},"version":"100.0.4896.60"}}
{"@timestamp":"2022-10-12T01:46:52.000Z","_id":"55eeaa52-fc04-42db-b1ff-c6383e0221ba","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"dataset":"apache.access","duration":13000000,"original":"203.0.113.6 - - [12/Oct/2022:01:46:52 +0000] \"GET /api/dashboard/heartbeat?api-key=foo HTTP/1.1\" 404 13978 \"-\" \"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36\" 0.013"},"host":{"name":"example.com"},"http":{"request":{"method":"GET","referrer":"\"-\""},"response":{"body":{"bytes":13978},"status_code":404},"version":"1.1"},"input":{},"log":{"file":{"path":"/var/log/nginx/access.log"},"offset":2138006},"message":"GET /api/dashboard/heartbeat?api-key=foo","server":{"domain":"example.com","ip":"203.0.113.6"},"tags":[],"url":{"original":"/api/dashboard/heartbeat?api-key=foo","path":"/api/dashboard/heartbeat","query":"?api-key=foo","query_kv":{"api-key":"foo"}},"user_agent":{"device":{"name":"Other"},"name":"Chrome","original":"\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36\"","os":{"full":"Linux","name":"Linux"},"version":"100.0.4896.60"}}
{"@timestamp":"2022-10-12T01:46:58.378Z","_id":"e981796c-2851-48a0-9a04-d94d38ed1649","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"created":"2022-10-12T01:47:01.731Z","dataset":"sshd","kind":"event","original":"Invalid user Root from 203.0.113.6 port 47100"},"host":{"hostname":"example.com","id":"50a915c2c7ac435092ed0586c2bc1f54","name":"example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"33b740908dcf41f1ab6d9f7c1b86ee00"},"pid":57750,"process":{"capabilities":"0","executable":"/usr/sbin/sshd","name":"sshd"}},"log":{"syslog":{"facility":{"code":10},"identifier":"sshd","priority":6}},"message":"Invalid user Root from 203.0.113.6 port 47100","process":{"args":["sshd:","unknown","[priv]"],"args_count":3,"command_line":"sshd: unknown [priv]","pid":57750},"syslog":{},"systemd":{"transport":"syslog"},"tags":[],"user":{"name":"Root"}}
{"@timestamp":"2022-10-12T01:47:45.053Z","_id":"cbfedcc9-713b-482c-8b8d-edd6a63bc690","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"dataset":"apache.access","duration":54000000,"original":"203.0.113.6 - - [11/Oct/2022:21:47:43 -0400] \"GET /internal/security/user_profile?dataPath=avatar HTTP/1.1\" 404 60 54 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0\""},"host":{"name":"elk.local"},"http":{"request":{"method":"GET"},"response":{"body":{"bytes":60},"status_code":404},"version":"1.1"},"input":{},"log":{"file":{"path":"/var/log/httpd/stub/stub-2022.10-a"},"offset":32131485},"message":"GET /internal/security/user_profile?dataPath=avatar","server":{"domain":"elk.local"},"source":{},"tags":[],"timestamp":"11/Oct/2022:21:47:43 -0400","url":{"original":"/internal/security/user_profile?dataPath=avatar","path":"/internal/security/user_profile","query":"?dataPath=avatar","query_kv":{"dataPath":"avatar"}},"user_agent":{"device":{"name":"Mac"},"name":"Firefox","original":"\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0\"","os":{"full":"Mac OS X 10.15","name":"Mac OS X","version":"10.15"},"version":"105.0"}}
{"@timestamp":"2022-10-12T01:49:06.563734913Z","_id":"aee40e2d-bcd4-42e4-a58e-2c8515dc8fe9","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"norbert"}},"email":{"delivery_status":"sent","delivery_status_code":"250","delivery_status_description":"2.0.0 <norbert@mail.example.com> Uc4AGg8dRmOhqgAAr/P5hg Saved","mailbox":"INBOX","message_id":"meh@example.com","queue_id":"ED5CC478D35","size":9815,"subject":"Postmaster notify: see transcript for details","to":{"address":"norbert@softpixel.com"},"transport":"postfix/external/smtpd"},"event":{"dataset":"email"},"host":{"hostname":"mail-0.example.com","id":"27b1d2884f1e4b388435072b5cfa9a8b","name":"mail-0.example.com"},"message":"qid=ED5CC478D35 transport=postfix/external/smtpd client=203.0.113.6 local_mailbox=norbert mid=meh@example.com sender= from= to=norbert@softpixel.com rspamd=4 spamd=-98","rspamd":{"score":4,"tags":["POSTPALS_RELAY(-10.00){","DBL_SPAM(6.50){example.net:url;example.net:email;example.net:url;","BAYES_SPAM(5.09){99.99%;","FORGED_RECIPIENTS(2.00){m:test@example.com;s:norbert@softpixel.com;","MIME_BASE64_TEXT_BOGUS(1.00){","BAD_REP_POLICIES(0.10){","BOUNCE(-0.10){DSN;","MIME_BASE64_TEXT(0.10){","MIME_GOOD(-0.10){text/plain;multipart/alternative;","ARC_NA(0.00){","ASN(0.00){asn:32613, ipnet:203.0.113.0/19, country:CA;","DMARC_NA(0.00){example.com;","FROM_HAS_DN(0.00){","MID_RHS_MATCH_FROM(0.00){","MIME_TRACE(0.00){0:~;1:+;2:~;3:~;4:~;5:+;6:~;7:~;...;","RCPT_COUNT_ONE(0.00){1;","RCVD_COUNT_TWO(0.00){2;","RCVD_TLS_LAST(0.00){","R_DKIM_NA(0.00){","R_SPF_ALLOW(0.00){+a:c;","TO_DN_NONE(0.00){","TO_DOM_EQ_FROM_DOM(0.00){}"]},"session":{"id":"Uc4AGg8dRmOhqgAAr/P5hg"},"spamd":{"score":-98,"tags":["BAYES_00","HTML_MESSAGE","KAM_DMARC_STATUS","KAM_MXURI","LONGWORD","POSTPALS_RELAY","SPF_HELO_PASS","T_TVD_MIME_NO_HEADERS","URIBL_ABUSE_SURBL","URIBL_DBL_SPAM","USER_IN_WELCOMELIST","USER_IN_WHITELIST"]},"tags":[]}
{"@timestamp":"2022-10-12T01:50:33.043Z","_id":"2b36c691-a2e7-458d-980c-7161b901edb5","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"dataset":"apache.access","duration":71000000,"original":"203.0.113.6 - - [11/Oct/2022:21:50:30 -0400] \"GET /release/baz/sparkle HTTP/1.0\" 404 13 71 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 YaBrowser/17.3.1.840 Yowser/2.5 Safari/537.36\""},"host":{"name":"example.com"},"http":{"request":{"method":"GET"},"response":{"body":{"bytes":13},"status_code":404},"version":"1.0"},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com-2022.10-a"},"offset":12584283},"message":"GET /release/baz/sparkle","server":{"domain":"example.com"},"source":{},"tags":[],"timestamp":"11/Oct/2022:21:50:30 -0400","url":{"original":"/release/baz/sparkle","path":"/release/baz/sparkle"},"user_agent":{"device":{"name":"Other"},"name":"Yandex Browser","original":"\"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 YaBrowser/17.3.1.840 Yowser/2.5 Safari/537.36\"","os":{"full":"Windows 7","name":"Windows","version":"7"},"version":"17.3.1.840"}}
{"@timestamp":"2022-10-12T01:52:09.312Z","_id":"59c98f33-ada3-4d88-b949-f7188814a11a","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"anonymous"}},"drupal":{"code":0,"message":"sites/default/files/discussion/image.png","type":"page not found"},"event":{"dataset":"drupal.watchdog","original":"{\"message\":\"sites\\/default\\/files\\/discussion\\/image.png\",\"@timestamp\":\"2022-10-12T01:52:09.312Z\",\"@version\":1,\"message_id\":\"example.com63461dc94c2d28.47295725\",\"site_id\":\"example.com\",\"canonical\":\"example.com\",\"tags\":null,\"type\":\"drupal\",\"subtype\":\"page not found\",\"severity\":\"warning\",\"method\":\"GET\",\"request_uri\":\"https:\\/\\/example.com\\/sites\\/default\\/files\\/discussion\\/image.png\",\"referer\":\"\",\"uid\":0,\"username\":\"\",\"client_ip\":\"203.0.113.6\",\"link\":null,\"code\":0,\"variables\":null,\"trunc\":null}"},"host":{"name":"example.com"},"http":{"request":{"method":"GET"}},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com.2022.10.json.log"},"level":"warning","offset":4252434},"message":"page not found: sites/default/files/discussion/image.png","server":{"domain":"example.com"},"tags":["drupal-json"],"url":{"domain":"example.com","original":"https://example.com/sites/default/files/discussion/image.png","path":"/sites/default/files/discussion/image.png","scheme":"https"}}
{"@timestamp":"2022-10-12T01:52:10.007Z","_id":"3eb87741-934c-4c36-be14-a332cf1ad97a","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"dataset":"apache.access","duration":167000000,"original":"203.0.113.6 - - [11/Oct/2022:21:52:09 -0400] \"GET /sites/default/files/discussion/image.png HTTP/2.0\" 404 39188 167 \"-\" \"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/103.0.5060.134 Safari/537.36\""},"host":{"name":"example.com"},"http":{"request":{"method":"GET"},"response":{"body":{"bytes":39188},"status_code":404},"version":"2.0"},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com-2022.10-a"},"offset":71592062},"message":"GET /sites/default/files/discussion/image.png","server":{"domain":"example.com"},"source":{},"tags":[],"timestamp":"11/Oct/2022:21:52:09 -0400","url":{"original":"/sites/default/files/discussion/image.png","path":"/sites/default/files/discussion/image.png"},"user_agent":{"device":{"name":"Spider"},"name":"bingbot","original":"\"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/103.0.5060.134 Safari/537.36\"","os":{"full":"Other","name":"Other"},"version":"2.0"}}
{"@timestamp":"2022-10-12T01:53:19.171Z","_id":"fce4e9d0-fb5b-4c46-b75e-33f167469d73","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"anonymous"}},"drupal":{"code":0,"message":"/public_html.tgz","type":"page not found"},"event":{"dataset":"drupal.watchdog","original":"{\"message\":\"\\/public_html.tgz\",\"message_id\":\"example.com63461e0f29ad04.93826927\",\"site_id\":\"example.com\",\"canonical\":\"example.com\",\"method\":\"GET\",\"tags\":null,\"type\":\"drupal\",\"subtype\":\"page not found\",\"severity\":\"Warning\",\"request_uri\":\"https:\\/\\/example.com\\/public_html.tgz\",\"referer\":\"\",\"uid\":0,\"username\":\"\",\"client_ip\":\"203.0.113.6\",\"link\":null,\"code\":0,\"trunc\":\"\",\"@version\":1,\"@timestamp\":\"2022-10-12T01:53:19.171Z\"}"},"host":{"name":"example.com"},"http":{"request":{"method":"GET"}},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com.2022.10.json.log"},"level":"Warning","offset":1944282},"message":"page not found: /public_html.tgz","server":{"domain":"example.com"},"tags":["drupal-json"],"url":{"domain":"example.com","original":"https://example.com/public_html.tgz","path":"/public_html.tgz","scheme":"https"}}
{"@timestamp":"2022-10-12T01:53:25.703Z","_id":"20458d65-e38c-4e56-b7dd-fdc66f351899","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"dataset":"apache.access","duration":188000000,"original":"203.0.113.6 - - [11/Oct/2022:21:53:19 -0400] \"GET /public_html.tgz HTTP/1.1\" 404 14403 188 \"-\" \"Firefox\""},"host":{"name":"example.com"},"http":{"request":{"method":"GET"},"response":{"body":{"bytes":14403},"status_code":404},"version":"1.1"},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com-2022.10-a"},"offset":4924961},"message":"GET /public_html.tgz","server":{"domain":"example.com"},"source":{},"tags":[],"timestamp":"11/Oct/2022:21:53:19 -0400","url":{"original":"/public_html.tgz","path":"/public_html.tgz"},"user_agent":{"device":{"name":"Other"},"name":"Other","original":"\"Firefox\"","os":{"full":"Other","name":"Other"}}}
{"@timestamp":"2022-10-12T01:54:22.208Z","_id":"635b0fff-1617-4685-a1b8-ad35a67a2aa3","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"dataset":"apache.access","duration":11000000,"original":"203.0.113.6 - - [11/Oct/2022:21:54:17 -0400] \"GET /release/baz/sparkle HTTP/1.0\" 404 13 11 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 YaBrowser/17.3.1.840 Yowser/2.5 Safari/537.36\""},"host":{"name":"example.com"},"http":{"request":{"method":"GET"},"response":{"body":{"bytes":13},"status_code":404},"version":"1.0"},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com-2022.10-a"},"offset":12585973},"message":"GET /release/baz/sparkle","server":{"domain":"example.com"},"source":{},"tags":[],"timestamp":"11/Oct/2022:21:54:17 -0400","url":{"original":"/release/baz/sparkle","path":"/release/baz/sparkle"},"user_agent":{"device":{"name":"Other"},"name":"Yandex Browser","original":"\"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 YaBrowser/17.3.1.840 Yowser/2.5 Safari/537.36\"","os":{"full":"Windows 7","name":"Windows","version":"7"},"version":"17.3.1.840"}}
{"@timestamp":"2022-10-12T01:55:23.710Z","_id":"0f52c68a-ce2f-4b76-a205-2aa0bff6a7d0","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"anonymous"}},"drupal":{"code":0,"message":"wordpress/wp-login.php","type":"page not found"},"event":{"dataset":"drupal.watchdog","original":"{\"message\":\"wordpress\\/wp-login.php\",\"@timestamp\":\"2022-10-12T01:55:23.710Z\",\"@version\":1,\"message_id\":\"example.com63461e8bad74b1.01785140\",\"site_id\":\"example.com\",\"canonical\":\"example.com\",\"tags\":null,\"type\":\"drupal\",\"subtype\":\"page not found\",\"severity\":\"warning\",\"method\":\"GET\",\"request_uri\":\"https:\\/\\/example.com\\/wordpress\\/wp-login.php\",\"referer\":\"http:\\/\\/example.com\",\"uid\":0,\"username\":\"\",\"client_ip\":\"203.0.113.6\",\"link\":null,\"code\":0,\"variables\":null,\"trunc\":null}"},"host":{"name":"example.com"},"http":{"request":{"method":"GET","referrer":"http://example.com"}},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com.2022.10.json.log"},"level":"warning","offset":4253381},"message":"page not found: wordpress/wp-login.php","server":{"domain":"example.com"},"tags":["drupal-json"],"url":{"domain":"example.com","original":"https://example.com/wordpress/wp-login.php","path":"/wordpress/wp-login.php","scheme":"https"}}
{"@timestamp":"2022-10-12T01:55:25.163Z","_id":"be4379c9-be7a-4668-8126-1e6520260f32","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"dataset":"apache.access","duration":148000000,"original":"203.0.113.6 - - [11/Oct/2022:21:55:23 -0400] \"GET /wordpress/wp-login.php HTTP/2.0\" 404 38989 148 \"http://example.com\" \"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.2 Safari/537.36\""},"host":{"name":"example.com"},"http":{"request":{"method":"GET","referrer":"http://example.com"},"response":{"body":{"bytes":38989},"status_code":404},"version":"2.0"},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com-2022.10-a"},"offset":71599585},"message":"GET /wordpress/wp-login.php","server":{"domain":"example.com"},"source":{},"tags":[],"timestamp":"11/Oct/2022:21:55:23 -0400","url":{"original":"/wordpress/wp-login.php","path":"/wordpress/wp-login.php"},"user_agent":{"device":{"name":"Other"},"name":"Chrome","original":"\"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.2 Safari/537.36\"","os":{"full":"Windows 8","name":"Windows","version":"8"},"version":"29.0.1547.2"}}
{"@timestamp":"2022-10-12T01:55:27.246Z","_id":"165ef720-35d1-4ee8-842b-735cd3c91b51","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"anonymous"}},"drupal":{"code":0,"message":"wp/wp-login.php","type":"page not found"},"event":{"dataset":"drupal.watchdog","original":"{\"message\":\"wp\\/wp-login.php\",\"@timestamp\":\"2022-10-12T01:55:27.246Z\",\"@version\":1,\"message_id\":\"example.com63461e8f3c2963.27155526\",\"site_id\":\"example.com\",\"canonical\":\"example.com\",\"tags\":null,\"type\":\"drupal\",\"subtype\":\"page not found\",\"severity\":\"warning\",\"method\":\"GET\",\"request_uri\":\"https:\\/\\/example.com\\/wp\\/wp-login.php\",\"referer\":\"http:\\/\\/example.com\",\"uid\":0,\"username\":\"\",\"client_ip\":\"203.0.113.6\",\"link\":null,\"code\":0,\"variables\":null,\"trunc\":null}"},"host":{"name":"example.com"},"http":{"request":{"method":"GET","referrer":"http://example.com"}},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com.2022.10.json.log"},"level":"warning","offset":4253840},"message":"page not found: wp/wp-login.php","server":{"domain":"example.com"},"tags":["drupal-json"],"url":{"domain":"example.com","original":"https://example.com/wp/wp-login.php","path":"/wp/wp-login.php","scheme":"https"}}
{"@timestamp":"2022-10-12T01:55:28.166Z","_id":"55342a80-b9d5-4862-a1e0-c5b3af648c30","client":{"domain":"example.net","ip":"203.0.113.6"},"event":{"dataset":"apache.access","duration":139000000,"original":"203.0.113.6 - - [11/Oct/2022:21:55:27 -0400] \"GET /wp/wp-login.php HTTP/2.0\" 404 38947 139 \"http://example.com\" \"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.2 Safari/537.36\""},"host":{"name":"example.com"},"http":{"request":{"method":"GET","referrer":"http://example.com"},"response":{"body":{"bytes":38947},"status_code":404},"version":"2.0"},"input":{},"log":{"file":{"path":"/var/log/httpd/example.com/example.com-2022.10-a"},"offset":71600468},"message":"GET /wp/wp-login.php","server":{"domain":"example.com"},"source":{},"tags":[],"timestamp":"11/Oct/2022:21:55:27 -0400","url":{"original":"/wp/wp-login.php","path":"/wp/wp-login.php"},"user_agent":{"device":{"name":"Other"},"name":"Chrome","original":"\"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.2 Safari/537.36\"","os":{"full":"Windows 8","name":"Windows","version":"8"},"version":"29.0.1547.2"}}
{"@timestamp":"2022-10-12T01:57:12.504110651Z","_id":"000f8131-005d-460b-9430-2925b7f27b17","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"agnes"}},"email":{"delivery_status":"sent","delivery_status_code":"250","delivery_status_description":"2.0.0 <agnes@mail.example.com> HVZ6FPQeRmOy+AAAr/P5hg Saved","mailbox":"INBOX","message_id":"meh@example.com","queue_id":"5B1D3478FA2","sender":{"address":"miles@example.com"},"size":112301,"subject":"Re: Kind of Blue chart","to":{"address":"agnes@example.com"},"transport":"postfix/external/smtpd"},"event":{"dataset":"email"},"host":{"hostname":"mail-0.example.com","id":"27b1d2884f1e4b388435072b5cfa9a8b","name":"mail-0.example.com"},"message":"qid=5B1D3478FA2 transport=postfix/external/smtpd client=203.0.113.6 local_mailbox=agnes mid=meh@example.com sender=miles@example.com from= to=agnes@example.com rspamd=-9 spamd=-110","rspamd":{"score":-9,"tags":["POSTPALS_RCPT(-10.00){","MV_CASE(0.50){","BAD_REP_POLICIES(0.10){","MIME_GOOD(-0.10){multipart/alternative;text/plain;multipart/mixed;","MX_GOOD(-0.01){","BAYES_SPAM(0.00){38.06%;","ARC_NA(0.00){","ASN(0.00){asn:15169, ipnet:203.0.113.0/17, country:US;","DKIM_TRACE(0.00){example.com:+;","DMARC_POLICY_ALLOW(0.00){example.com;none;","DWL_DNSWL_FAIL(0.00){example.com:server fail;","FREEMAIL_ENVFROM(0.00){example.com;","FREEMAIL_FROM(0.00){example.com;","FREEMAIL_TO(0.00){example.com;example.com;","FROM_EQ_ENVFROM(0.00){","FROM_HAS_DN(0.00){","HAS_ATTACHMENT(0.00){","MID_RHS_MATCH_FROM(0.00){","MIME_TRACE(0.00){0:+;1:+;2:+;3:~;4:~;5:~;","PREVIOUSLY_DELIVERED(0.00){agnes@example.com;","RCPT_COUNT_TWO(0.00){2;","RCVD_COUNT_THREE(0.00){3;","RCVD_IN_DNSWL_NONE(0.00){203.0.113.6:from;","RCVD_TLS_LAST(0.00){","RCVD_VIA_SMTP_AUTH(0.00){","RWL_MAILSPIKE_POSSIBLE(0.00){203.0.113.6:from;","R_DKIM_ALLOW(0.00){example.com:s=20210112;","R_SPF_ALLOW(0.00){+ip4:203.0.113.0/17;","TAGGED_FROM(0.00){","TO_DN_ALL(0.00){","TO_MATCH_ENVRCPT_SOME(0.00){}"]},"session":{"id":"HVZ6FPQeRmOy+AAAr/P5hg"},"spamd":{"score":-110,"tags":["BAYES_00","DKIM_SIGNED","DKIM_VALID","DKIM_VALID_AU","DKIM_VALID_EF","DMARC_PASS_NONE","FREEMAIL_FROM","HTML_MESSAGE","MIME_QP_LONG_LINE","POSTPALS_RCPT","RCVD_IN_DNSWL_NONE","RCVD_IN_MSPIKE_H2","SPF_HELO_NONE","SPF_PASS","TXREP","T_FREEMAIL_DOC_PDF","USER_IN_WELCOMELIST","USER_IN_WHITELIST"]},"tags":[]}
{"@timestamp":"2022-10-12T01:58:01.470Z","_id":"552bbd47-0e38-4a58-86c3-e312dc297d51","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"support"}},"event":{"created":"2022-10-12T01:58:02.502Z","dataset":"sshd","kind":"event","original":"Invalid user support from 203.0.113.6 port 35862"},"host":{"hostname":"example.com","id":"50a915c2c7ac435092ed0586c2bc1f54","name":"example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"33b740908dcf41f1ab6d9f7c1b86ee00"},"pid":76253,"process":{"capabilities":"0","executable":"/usr/sbin/sshd","name":"sshd"}},"log":{"syslog":{"facility":{"code":10},"identifier":"sshd","priority":6}},"message":"Invalid user support from 203.0.113.6 port 35862","process":{"args":["sshd:","[accepted]"],"args_count":2,"command_line":"sshd: [accepted]","pid":76253},"syslog":{},"systemd":{"transport":"syslog"},"tags":[],"user":{"name":"support"}}
{"@timestamp":"2022-10-12T01:58:02.345Z","_id":"9089df0b-6911-4f7e-9cb8-4828b670a0d4","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"admin"}},"event":{"created":"2022-10-12T01:58:02.502Z","dataset":"sshd","kind":"event","original":"Invalid user admin from 203.0.113.6 port 35924"},"host":{"hostname":"example.com","id":"50a915c2c7ac435092ed0586c2bc1f54","name":"example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"33b740908dcf41f1ab6d9f7c1b86ee00"},"pid":76274,"process":{"capabilities":"0","executable":"/usr/sbin/sshd","name":"sshd"}},"log":{"syslog":{"facility":{"code":10},"identifier":"sshd","priority":6}},"message":"Invalid user admin from 203.0.113.6 port 35924","process":{"args":["sshd:","unknown","[priv]"],"args_count":3,"command_line":"sshd: unknown [priv]","pid":76274},"syslog":{},"systemd":{"transport":"syslog"},"tags":[],"user":{"name":"admin"}}
{"@timestamp":"2022-10-12T01:58:21.086Z","_id":"33af8390-73a2-4089-8221-8cbe7d76700b","client":{"domain":"example.net","ip":"203.0.113.6","user":{"name":"admin"}},"event":{"created":"2022-10-12T01:58:22.223Z","dataset":"sshd","kind":"event","original":"Invalid user admin from 203.0.113.6 port 35902"},"host":{"hostname":"example.com","id":"50a915c2c7ac435092ed0586c2bc1f54","name":"example.com"},"input":{},"journald":{"audit":{"login_uid":0},"host":{"boot_id":"33b740908dcf41f1ab6d9f7c1b86ee00"},"pid":76412,"process":{"capabilities":"0","executable":"/usr/sbin/sshd","name":"sshd"}},"log":{"syslog":{"facility":{"code":10},"identifier":"sshd","priority":6}},"message":"Invalid user admin from 203.0.113.6 port 35902","process":{"args":["sshd:","unknown","[priv]"],"args_count":3,"command_line":"sshd: unknown [priv]","pid":76412},"syslog":{},"systemd":{"transport":"syslog"},"tags":[],"user":{"name":"admin"}}