-
Notifications
You must be signed in to change notification settings - Fork 0
/
audit.txt
36 lines (36 loc) · 7.74 KB
/
audit.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Jun 4 20:26:12 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c id
Jun 4 20:28:54 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c id
Jun 4 20:30:05 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c "cat /etc/passwd"
Jun 4 20:31:51 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c "cat /etc/passwd"
Jun 4 20:35:03 localhost.localdomain notice tmsh[13168]: 01420002:5: AUDIT - pid=13168 user=root folder=/Common module=(tmos)# status=[Command OK] cmd_data=run sys crypto check-cert stdout disabled
Jun 4 20:49:15 localhost.localdomain notice tmsh[13604]: 01420002:5: AUDIT - pid=13604 user=root folder=/Common module=(tmos)# status=[Command OK] cmd_data=show sys mcp-state field-fmt
Jun 4 20:49:16 localhost.localdomain notice tmsh[13615]: 01420002:5: AUDIT - pid=13615 user=root folder=/Common module=(tmos)# status=[Command OK] cmd_data=show sys mcp-state field-fmt
Jun 4 21:08:12 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c "cat /var/log/restjavad-audit.0.log"
Jun 4 21:10:47 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c "cat /var/log/restjavad-audit.0.log"
Jun 4 21:10:56 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c "cat /var/log/restjavad-audit.0.log"
Jun 4 21:11:15 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c "cat /var/log/restjavad-audit.0.log"
Jun 4 21:11:51 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c "cat /var/log/restjavad-audit.0.log"
Jun 4 21:19:56 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c "cat /var/log/audit"
Jun 4 21:47:50 localhost.localdomain notice tmsh[15476]: 01420002:5: AUDIT - pid=15476 user=root folder=/Common module=(tmos)# status=[Command OK] cmd_data=show sys mcp-state field-fmt
Jun 4 21:47:51 localhost.localdomain notice tmsh[15486]: 01420002:5: AUDIT - pid=15486 user=root folder=/Common module=(tmos)# status=[Command OK] cmd_data=show sys mcp-state field-fmt
Jun 4 22:35:02 localhost.localdomain notice tmsh[17029]: 01420002:5: AUDIT - pid=17029 user=root folder=/Common module=(tmos)# status=[Command OK] cmd_data=show sys mcp-state field-fmt
Jun 4 22:35:03 localhost.localdomain notice tmsh[17041]: 01420002:5: AUDIT - pid=17041 user=root folder=/Common module=(tmos)# status=[Command OK] cmd_data=show sys mcp-state field-fmt
Jun 4 22:40:35 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c "cat /var/log/restjavad-audit.0.log"
Jun 4 22:41:22 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c "cat /var/log/restjavad-audit.0.log"
Jun 4 22:41:50 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c "cat /var/log/restjavad-audit.0.log"
Jun 4 22:43:30 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c id
Jun 4 22:43:53 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c id
Jun 4 22:44:12 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c "cat /var/log/restjavad-audit.0.log"
Jun 4 22:45:00 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c id
Jun 4 22:45:19 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c "cat /var/log/restjavad-audit.0.log"
Jun 4 22:47:41 localhost.localdomain info httpd(pam_audit)[3661]: 01070417:6: AUDIT - user root - RAW: httpd(pam_audit): User=root tty=(unknown) host=172.18.106.182 failed to login after 1 attempts (start="Sun Jun 4 22:47:40 2023" end="Sun Jun 4 22:47:41 2023").
Jun 4 22:47:54 localhost.localdomain info httpd(pam_audit)[10539]: 01070417:6: AUDIT - user admin - RAW: httpd(pam_audit): User=admin tty=(unknown) host=172.18.106.182 failed to login after 1 attempts (start="Sun Jun 4 22:47:52 2023" end="Sun Jun 4 22:47:54 2023").
Jun 4 22:53:08 localhost.localdomain info httpd(pam_audit)[17360]: 01070417:6: AUDIT - user admin - RAW: httpd(pam_audit): User=admin tty=(unknown) host=172.18.106.182 failed to login after 1 attempts (start="Sun Jun 4 22:53:06 2023" end="Sun Jun 4 22:53:08 2023").
Jun 4 22:53:14 localhost.localdomain info httpd(pam_audit)[17360]: 01070417:6: AUDIT - user admin - RAW: httpd(pam_audit): user=admin(admin) partition=[All] level=Administrator tty=(unknown) host=172.18.106.182 attempts=1 start="Sun Jun 4 22:53:14 2023" end="Sun Jun 4 22:53:14 2023".
Jun 4 22:53:32 localhost.localdomain info httpd(pam_audit)[17365]: 01070417:6: AUDIT - user root - RAW: httpd(pam_audit): User=root tty=(unknown) host=172.18.106.182 failed to login after 1 attempts (start="Sun Jun 4 22:53:29 2023" end="Sun Jun 4 22:53:32 2023").
Jun 4 22:53:38 localhost.localdomain info httpd(pam_audit)[10539]: 01070417:6: AUDIT - user admin - RAW: httpd(pam_audit): user=admin(admin) partition=[All] level=Administrator tty=(unknown) host=172.18.106.182 attempts=1 start="Sun Jun 4 22:53:38 2023" end="Sun Jun 4 22:53:38 2023".
Jun 4 22:53:55 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c "cat /var/log/restjavad-audit.0.log"
Jun 4 22:54:13 localhost.localdomain notice icrd_child[10693]: 01420002:5: AUDIT - pid=10693 user=admin folder=/Common module=(tmos)# status=[Command OK] cmd_data=run util bash -c "cat /var/log/restjavad-audit.0.log"
Jun 4 22:55:51 localhost.localdomain info httpd(pam_audit)[17365]: 01070417:6: AUDIT - user ting0602 - RAW: httpd(pam_audit): User=ting0602 tty=(unknown) host=172.18.106.182 failed to login after 1 attempts (start="Sun Jun 4 22:55:50 2023" end="Sun Jun 4 22:55:51 2023").
Jun 4 22:56:03 localhost.localdomain info httpd(pam_audit)[3661]: 01070417:6: AUDIT - user root - RAW: httpd(pam_audit): User=root tty=(unknown) host=172.18.106.182 failed to login after 1 attempts (start="Sun Jun 4 22:56:01 2023" end="Sun Jun 4 22:56:03 2023").
Jun 4 22:56:11 localhost.localdomain info httpd(pam_audit)[10539]: 01070417:6: AUDIT - user admin - RAW: httpd(pam_audit): user=admin(admin) partition=[All] level=Administrator tty=(unknown) host=172.18.106.182 attempts=1 start="Sun Jun 4 22:56:11 2023" end="Sun Jun 4 22:56:11 2023".