Aug 11 00:20:23 bastion LinuxCommandsWazuh: User ankur [929555]: 1484 mongo Aug 11 00:21:24 bastion LinuxCommandsWazuh: User ankur [1088532]: 1483 byobu Aug 11 00:23:27 bastion LinuxCommandsWazuh: User ankur [1119408]: 1487 exit Aug 11 00:23:29 bastion LinuxCommandsWazuh: User ankur [1119517]: 1487 exit Aug 11 00:46:04 bastion LinuxCommandsWazuh: User ankur [1119408]: 1488 byobu Aug 11 00:46:07 bastion LinuxCommandsWazuh: User ankur [1119408]: 1489 ext Aug 11 08:29:16 bastion LinuxCommandsWazuh: User ankur [1185774]: 1490 exit Aug 11 08:30:20 bastion LinuxCommandsWazuh: User ankur [1185774]: 1491 byobu Aug 11 11:43:44 bastion LinuxCommandsWazuh: User ankur [1203460]: 1492 exit Aug 11 11:43:49 bastion LinuxCommandsWazuh: User ankur [1203582]: 1492 exit Aug 11 11:43:55 bastion LinuxCommandsWazuh: User ankur [1203582]: 1493 k get pods | grep vortex Aug 11 11:45:48 bastion LinuxCommandsWazuh: User ankur [1203582]: 1494 k logs -f vortex-656f4cb8f9-59f89 Aug 11 11:47:30 bastion LinuxCommandsWazuh: User ankur [1207763]: 1492 exit Aug 11 11:53:54 bastion LinuxCommandsWazuh: User ankur [1203582]: 1495 k logs -f vortex-656f4cb8f9-59f89 | grep "upsert keys:" Aug 11 11:53:56 bastion LinuxCommandsWazuh: User ankur [1203582]: 1496 k get pods | grep vortex Aug 11 11:54:12 bastion LinuxCommandsWazuh: User ankur [1203582]: 1497 k logs -f vortex-dramatiq-6f96cf9d98-f6mzf | grep "DMP_EXPORT:" Aug 11 11:54:25 bastion LinuxCommandsWazuh: User ankur [1203582]: 1498 k logs -f vortex-dramatiq-6f96cf9d98-f6mzf Aug 11 11:58:36 bastion LinuxCommandsWazuh: User ankur [1203582]: 1498 k logs -f vortex-dramatiq-6f96cf9d98-f6mzf Aug 11 11:58:48 bastion LinuxCommandsWazuh: User ankur [1219049]: 1492 exit Aug 11 12:42:00 bastion LinuxCommandsWazuh: User ankur [1203582]: 1498 k logs -f vortex-dramatiq-6f96cf9d98-f6mzf Aug 11 12:43:00 bastion LinuxCommandsWazuh: User ankur [1203582]: 1498 k logs -f vortex-dramatiq-6f96cf9d98-f6mzf Aug 11 12:43:40 bastion LinuxCommandsWazuh: User ankur [1203582]: 1498 k logs -f vortex-dramatiq-6f96cf9d98-f6mzf Aug 11 12:44:33 bastion LinuxCommandsWazuh: User ankur [1219049]: 1493 k get pods | grep urlbird Aug 11 12:53:39 bastion LinuxCommandsWazuh: User ankur [1219049]: 1494 stern urlbird Aug 11 12:55:06 bastion LinuxCommandsWazuh: User ankur [1203582]: 1498 k logs -f vortex-dramatiq-6f96cf9d98-f6mzf Aug 11 13:15:27 bastion LinuxCommandsWazuh: User ankur [1203582]: 1499 k get pods | grep vortex Aug 11 13:15:44 bastion LinuxCommandsWazuh: User ankur [1203582]: 1500 sern vortex-dramatiq Aug 11 13:15:53 bastion LinuxCommandsWazuh: User ankur [1203582]: 1501 stern vortex-dramatiq Aug 11 13:16:19 bastion LinuxCommandsWazuh: User ankur [1219049]: 1495 stern urlbird | grep -i "CHECK_USER_IN_FILTER" Aug 11 13:16:26 bastion LinuxCommandsWazuh: User ankur [1219049]: 1496 stern urlbird Aug 11 13:16:59 bastion LinuxCommandsWazuh: User ankur [1219049]: 1496 stern urlbird Aug 11 13:17:03 bastion LinuxCommandsWazuh: User ankur [1219049]: 1496 stern urlbird Aug 11 13:22:35 bastion LinuxCommandsWazuh: User ankur [1219049]: 1496 stern urlbird Aug 11 13:22:52 bastion LinuxCommandsWazuh: User ankur [1219049]: 1497 stern urlbird | grep "interest-groups/audience/user/check" Aug 11 13:27:09 bastion LinuxCommandsWazuh: User ankur [1219049]: 1497 stern urlbird | grep "interest-groups/audience/user/check" Aug 11 13:27:18 bastion LinuxCommandsWazuh: User ankur [1203582]: 1501 stern vortex-dramatiq Aug 11 13:28:12 bastion LinuxCommandsWazuh: User ankur [1203582]: 1501 stern vortex-dramatiq Aug 11 13:28:15 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ankur [1203582]: 1501 stern vortex-dramatiq] Aug 11 13:28:19 bastion LinuxCommandsWazuh: User ankur [1219049]: 1497 stern urlbird | grep "interest-groups/audience/user/check" Aug 11 13:28:22 bastion LinuxCommandsWazuh: User ankur [1219049]: 1497 stern urlbird | grep "interest-groups/audience/user/check" Aug 11 13:36:58 bastion LinuxCommandsWazuh: User ankur [1219049]: 1498 stern urlbird | grep -i "CHECK_USER_IN_FILTER" Aug 11 13:47:05 bastion LinuxCommandsWazuh: User ankur [1219049]: 1498 stern urlbird | grep -i "CHECK_USER_IN_FILTER" Aug 11 14:02:29 bastion LinuxCommandsWazuh: User ankur [1219049]: 1498 stern urlbird | grep -i "CHECK_USER_IN_FILTER" Aug 11 14:02:37 bastion LinuxCommandsWazuh: User ankur [1203582]: 1501 stern vortex-dramatiq Aug 11 14:02:45 bastion LinuxCommandsWazuh: User ankur [1203582]: 1501 stern vortex-dramatiq Aug 11 14:03:05 bastion LinuxCommandsWazuh: User ankur [1203582]: 1501 stern vortex-dramatiq Aug 11 14:04:10 bastion LinuxCommandsWazuh: User ankur [1203582]: 1502 git status Aug 11 14:05:39 bastion LinuxCommandsWazuh: User ankur [1203582]: 1503 stern vortex-dramatiq Aug 11 14:06:52 bastion LinuxCommandsWazuh: User ankur [1203582]: 1503 stern vortex-dramatiq Aug 11 14:07:00 bastion LinuxCommandsWazuh: User ankur [1203582]: 1503 stern vortex-dramatiq Aug 11 14:07:13 bastion LinuxCommandsWazuh: User ankur [1203582]: 1504 stern vortex-dramatiq | grep -i "DMP_EXPORTS" Aug 11 14:08:17 bastion LinuxCommandsWazuh: User mohtashim [1350130]: 1778 psql -h 10.94.16.3 -U postgres -d vortex_v2 Aug 11 14:08:24 bastion LinuxCommandsWazuh: message repeated 2 times: [ User mohtashim [1350130]: 1778 psql -h 10.94.16.3 -U postgres -d vortex_v2] Aug 11 14:08:30 bastion LinuxCommandsWazuh: User mohtashim [1350130]: 1779 k get hpa Aug 11 14:08:53 bastion LinuxCommandsWazuh: User mohtashim [1350130]: 1780 clear Aug 11 14:08:54 bastion LinuxCommandsWazuh: User mohtashim [1350130]: 1781 k get hpa Aug 11 14:09:08 bastion LinuxCommandsWazuh: User mohtashim [1350130]: 1782 stern cookie-cutter Aug 11 14:09:09 bastion LinuxCommandsWazuh: User ankur [1203582]: 1505 stern vortex-dramatiq | grep -i "DMP_EXPORTS" | grep -i "TruecallerEventsExporter:-" Aug 11 14:09:09 bastion LinuxCommandsWazuh: User ankur [1203582]: 1506 stern vortex-dramatiq --no-color | grep -i "DMP_EXPORTS" | grep -i "TruecallerEventsExporter:-" Aug 11 14:09:13 bastion LinuxCommandsWazuh: User mohtashim [1350130]: 1782 stern cookie-cutter Aug 11 14:09:15 bastion LinuxCommandsWazuh: User mohtashim [1350130]: 1783 clear Aug 11 14:09:15 bastion LinuxCommandsWazuh: User mohtashim [1350130]: 1783 clear Aug 11 14:09:26 bastion LinuxCommandsWazuh: User mohtashim [1350130]: 1784 mongo pixel_v1 Aug 11 14:09:28 bastion LinuxCommandsWazuh: User mohtashim [1350130]: 1785 clear Aug 11 14:09:29 bastion LinuxCommandsWazuh: User ankur [1203582]: 1507 stern vortex-dramatiq | grep -i "DMP_EXPORTS" | grep -i "TruecallerEventsExporter:-" Aug 11 14:09:41 bastion LinuxCommandsWazuh: User mohtashim [1350130]: 1785 clear Aug 11 14:09:44 bastion LinuxCommandsWazuh: User mohtashim [1350130]: 1786 k get pods Aug 11 14:09:51 bastion LinuxCommandsWazuh: User mohtashim [1350130]: 1787 clear Aug 11 14:09:58 bastion LinuxCommandsWazuh: User mohtashim [2813829]: 1614 mongo pixel_v1 Aug 11 14:10:01 bastion LinuxCommandsWazuh: User mohtashim [2813829]: 1615 clear Aug 11 14:10:06 bastion LinuxCommandsWazuh: User mohtashim [2813829]: 1616 k get pods Aug 11 14:11:40 bastion LinuxCommandsWazuh: User mohtashim [1355447]: 1778 psql -h 10.94.16.3 -U postgres -d vortex_v2 Aug 11 14:19:52 bastion LinuxCommandsWazuh: User mohtashim [1355447]: 1779 mongo pixel_v1 Aug 11 14:19:53 bastion LinuxCommandsWazuh: User mohtashim [1355447]: 1780 clear Aug 11 14:28:58 bastion LinuxCommandsWazuh: User mohtashim [1389037]: 1781 exit Aug 11 14:32:50 bastion LinuxCommandsWazuh: User mohtashim [2813829]: 1617 k exec -it cookie-cutter-85969ddbdb-5b99l bash Aug 11 14:33:07 bastion LinuxCommandsWazuh: User mohtashim [1389037]: 1782 mongo pixel_v1 Aug 11 14:33:16 bastion LinuxCommandsWazuh: User mohtashim [2813829]: 1618 clear Aug 11 14:33:20 bastion LinuxCommandsWazuh: User mohtashim [2813829]: 1619 k get pods Aug 11 14:33:32 bastion LinuxCommandsWazuh: User mohtashim [2813829]: 1620 clear Aug 11 14:35:59 bastion LinuxCommandsWazuh: User mohtashim [1389037]: 1783 clear Aug 11 14:36:46 bastion LinuxCommandsWazuh: User ankur [1203582]: 1508 stern vortex-dramatiq | grep -i "DMP_EXPORTS" Aug 11 14:37:47 bastion LinuxCommandsWazuh: User ankur [1219049]: 1498 stern urlbird | grep -i "CHECK_USER_IN_FILTER" Aug 11 14:43:02 bastion LinuxCommandsWazuh: User mohtashim [2813829]: 1621 k exec -it cookie-cutter-7996bffbcc-qjt48 bash Aug 11 14:43:09 bastion LinuxCommandsWazuh: User mohtashim [99239]: 1061 clear Aug 11 14:43:09 bastion LinuxCommandsWazuh: User mohtashim [99239]: 1061 clear Aug 11 14:43:11 bastion LinuxCommandsWazuh: User mohtashim [1350130]: 1788 byobu Aug 11 14:52:13 bastion LinuxCommandsWazuh: User mohtashim [1425463]: 1801 exit Aug 11 14:52:15 bastion LinuxCommandsWazuh: User mohtashim [1425463]: 1802 clear Aug 11 14:52:18 bastion LinuxCommandsWazuh: User mohtashim [1425463]: 1803 k get pods Aug 11 14:53:19 bastion LinuxCommandsWazuh: User mohtashim [1425463]: 1804 k exec -it cookie-cutter-7cb67b4bd-vtsv6 bash Aug 11 14:53:29 bastion LinuxCommandsWazuh: User mohtashim [1425463]: 1804 k exec -it cookie-cutter-7cb67b4bd-vtsv6 bash Aug 11 14:55:38 bastion LinuxCommandsWazuh: User mohtashim [1389037]: 1784 mongo pixel_v1 Aug 11 14:55:40 bastion LinuxCommandsWazuh: User mohtashim [1389037]: 1785 clear Aug 11 14:55:43 bastion LinuxCommandsWazuh: message repeated 3 times: [ User mohtashim [1389037]: 1785 clear] Aug 11 14:56:12 bastion LinuxCommandsWazuh: User mohtashim [1389037]: 1786 mongo pixel_v1 Aug 11 14:58:31 bastion LinuxCommandsWazuh: User mohtashim [99239]: 1061 clear Aug 11 14:59:16 bastion LinuxCommandsWazuh: User mohtashim [1425463]: 1805 byobu Aug 11 15:04:34 bastion LinuxCommandsWazuh: User mohtashim [1443674]: 1820 exit Aug 11 15:06:15 bastion LinuxCommandsWazuh: User mohtashim [1443674]: 1821 mongo pixel_v1 Aug 11 15:06:18 bastion LinuxCommandsWazuh: User mohtashim [1443674]: 1822 clear Aug 11 15:07:26 bastion LinuxCommandsWazuh: User mohtashim [1447306]: 1823 exit Aug 11 15:07:35 bastion LinuxCommandsWazuh: User mohtashim [1447306]: 1824 mongo pixel_v1 Aug 11 15:15:33 bastion LinuxCommandsWazuh: User ashish [1455490]: 334 byobu Aug 11 15:15:41 bastion LinuxCommandsWazuh: User ashish [1455670]: 334 byobu Aug 11 15:19:29 bastion LinuxCommandsWazuh: User mohtashim [1463589]: 1825 exit Aug 11 15:21:27 bastion LinuxCommandsWazuh: User ashish [1455670]: 335 redis Aug 11 15:40:10 bastion LinuxCommandsWazuh: User ashish [1455670]: 335 redis Aug 11 15:48:21 bastion LinuxCommandsWazuh: User ashish [1455670]: 335 redis Aug 11 15:48:22 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ashish [1455670]: 335 redis] Aug 11 15:48:22 bastion LinuxCommandsWazuh: User ashish [1455490]: 334 byobu Aug 11 15:48:23 bastion LinuxCommandsWazuh: User ashish [1455490]: 334 byobu Aug 11 15:48:24 bastion LinuxCommandsWazuh: User ashish [1455490]: 334 byobu Aug 11 15:48:24 bastion LinuxCommandsWazuh: User ashish [1455490]: 334 byobu Aug 11 15:48:24 bastion LinuxCommandsWazuh: User ashish [1455490]: 334 byobu Aug 11 15:48:24 bastion LinuxCommandsWazuh: User ashish [1455490]: 334 byobu Aug 11 15:48:30 bastion LinuxCommandsWazuh: User ashish [1519505]: 335 redis Aug 11 15:50:30 bastion LinuxCommandsWazuh: User ashish [1519505]: 335 redis Aug 11 15:50:32 bastion LinuxCommandsWazuh: User ashish [1519505]: 336 clear Aug 11 15:51:40 bastion LinuxCommandsWazuh: User ashish [1519505]: 336 clear Aug 11 15:51:40 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ashish [1519505]: 336 clear] Aug 11 15:51:45 bastion LinuxCommandsWazuh: User ashish [1522681]: 335 redis Aug 11 15:51:51 bastion LinuxCommandsWazuh: User ashish [1522681]: 336 redis-cli Aug 11 15:51:51 bastion LinuxCommandsWazuh: User ashish [1519505]: 337 byobu Aug 11 15:54:56 bastion LinuxCommandsWazuh: User ashish [1525853]: 338 byobu Aug 11 15:55:05 bastion LinuxCommandsWazuh: User ashish [1526054]: 338 byobu Aug 11 15:57:34 bastion LinuxCommandsWazuh: User mohtashim [1531504]: 1826 mongo pixel_v1 Aug 11 15:57:58 bastion LinuxCommandsWazuh: User mohtashim [1531504]: 1826 mongo pixel_v1 Aug 11 16:08:35 bastion LinuxCommandsWazuh: User ashish [1526054]: 339 mongo Aug 11 16:13:31 bastion LinuxCommandsWazuh: User ankur [1219049]: 1498 stern urlbird | grep -i "CHECK_USER_IN_FILTER" Aug 11 16:13:42 bastion LinuxCommandsWazuh: User ankur [1203582]: 1508 stern vortex-dramatiq | grep -i "DMP_EXPORTS" Aug 11 16:13:45 bastion LinuxCommandsWazuh: User ankur [1203582]: 1509 k get hpa Aug 11 16:14:03 bastion LinuxCommandsWazuh: User ankur [1203582]: 1509 k get hpa Aug 11 16:14:07 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ankur [1203582]: 1509 k get hpa ] Aug 11 16:14:08 bastion LinuxCommandsWazuh: User ankur [1203582]: 1509 k get hpa Aug 11 16:14:16 bastion LinuxCommandsWazuh: User ankur [1203582]: 1509 k get hpa Aug 11 16:14:19 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ankur [1203582]: 1509 k get hpa ] Aug 11 16:14:34 bastion LinuxCommandsWazuh: User ankur [1219049]: 1498 stern urlbird | grep -i "CHECK_USER_IN_FILTER" Aug 11 16:14:47 bastion LinuxCommandsWazuh: User akansha [1564969]: Aug 11 16:14:51 bastion LinuxCommandsWazuh: message repeated 4 times: [ User akansha [1564969]: ] Aug 11 16:14:56 bastion LinuxCommandsWazuh: User akansha [1564969]: 1 k get pods Aug 11 16:15:02 bastion LinuxCommandsWazuh: User shamailtayyab [1565499]: 1998 k logs -f cookie-cutter-queues-75757c87c9-tj9q7 Aug 11 16:15:03 bastion LinuxCommandsWazuh: User shamailtayyab [1565499]: 1999 cd Aug 11 16:15:03 bastion LinuxCommandsWazuh: User shamailtayyab [1565499]: 2000 ls Aug 11 16:15:07 bastion LinuxCommandsWazuh: User shamailtayyab [1565499]: 2001 k get hpa Aug 11 16:16:02 bastion LinuxCommandsWazuh: User shamailtayyab [1565499]: 2002 k get pods Aug 11 16:17:05 bastion LinuxCommandsWazuh: User shamailtayyab [1565499]: 2002 k get pods Aug 11 16:17:09 bastion LinuxCommandsWazuh: User shamailtayyab [1565499]: 2003 redis Aug 11 16:17:11 bastion LinuxCommandsWazuh: User shamailtayyab [1565499]: 2004 ls Aug 11 16:17:20 bastion LinuxCommandsWazuh: User shamailtayyab [1565499]: 2005 k get configmap Aug 11 16:17:37 bastion LinuxCommandsWazuh: User mohtashim [1531504]: 1826 mongo pixel_v1 Aug 11 16:17:38 bastion LinuxCommandsWazuh: User mohtashim [1531504]: 1827 clear Aug 11 16:18:02 bastion LinuxCommandsWazuh: User shamailtayyab [1565499]: 2006 k edit configmap nitrox-dj-config Aug 11 16:18:03 bastion LinuxCommandsWazuh: message repeated 4 times: [ User shamailtayyab [1565499]: 2006 k edit configmap nitrox-dj-config ] Aug 11 16:18:12 bastion LinuxCommandsWazuh: User shamailtayyab [1565499]: 2007 redis Aug 11 16:20:59 bastion LinuxCommandsWazuh: User mohtashim [1531504]: 1828 mongo pixel_v1 Aug 11 16:21:00 bastion LinuxCommandsWazuh: User mohtashim [1531504]: 1829 clear Aug 11 16:22:40 bastion LinuxCommandsWazuh: User mohtashim [1531504]: 1830 mongo pixel_v1 Aug 11 16:23:02 bastion LinuxCommandsWazuh: User mohtashim [1581372]: 1831 exit Aug 11 16:23:28 bastion LinuxCommandsWazuh: User ashish [1582278]: 338 byobu Aug 11 16:23:31 bastion LinuxCommandsWazuh: User ashish [1582278]: 339 mongo Aug 11 16:25:16 bastion LinuxCommandsWazuh: User ankur [1586736]: 1492 exit Aug 11 16:25:22 bastion LinuxCommandsWazuh: User ankur [1586736]: 1493 k get configmaps vortex Aug 11 16:25:25 bastion LinuxCommandsWazuh: User ankur [1586736]: 1494 k get configmaps Aug 11 16:25:35 bastion LinuxCommandsWazuh: User ankur [1586736]: 1495 k edit vortex-config configmaps Aug 11 16:26:01 bastion LinuxCommandsWazuh: User shamailtayyab [1565499]: 2008 k edit configmap vortex-config Aug 11 16:28:09 bastion LinuxCommandsWazuh: User mohtashim [1581372]: 1832 mongo pixel_v1 Aug 11 16:28:15 bastion LinuxCommandsWazuh: User mohtashim [1581372]: 1833 stern cookie-cutter Aug 11 16:28:20 bastion LinuxCommandsWazuh: User mohtashim [1581372]: 1834 k get pods Aug 11 16:28:31 bastion LinuxCommandsWazuh: User mohtashim [1581372]: 1835 stern cookie-cutter-queues- Aug 11 16:28:49 bastion LinuxCommandsWazuh: User mohtashim [1581372]: 1835 stern cookie-cutter-queues- Aug 11 16:28:50 bastion LinuxCommandsWazuh: User mohtashim [1581372]: 1836 clear Aug 11 16:28:58 bastion LinuxCommandsWazuh: User mohtashim [1581372]: 1837 stern cookie-cutter-queues- | grep "generic_utm_handle" Aug 11 16:32:50 bastion LinuxCommandsWazuh: User ashish [1526054]: 339 mongo Aug 11 16:32:51 bastion LinuxCommandsWazuh: User ashish [1582278]: 340 byobu Aug 11 16:33:21 bastion LinuxCommandsWazuh: User mohtashim [1603373]: 1838 exit Aug 11 16:33:28 bastion LinuxCommandsWazuh: User mohtashim [1603558]: 1838 exit Aug 11 16:34:23 bastion LinuxCommandsWazuh: User mohtashim [1604535]: 1838 exit Aug 11 16:34:51 bastion LinuxCommandsWazuh: User ankur [1586736]: 1496 k edit configmaps vortex-config Aug 11 16:34:53 bastion LinuxCommandsWazuh: User ankur [1586736]: 1497 ls Aug 11 16:35:01 bastion LinuxCommandsWazuh: User ankur [1586736]: 1498 k get hpa Aug 11 16:35:23 bastion LinuxCommandsWazuh: User ankur [1219049]: 1498 stern urlbird | grep -i "CHECK_USER_IN_FILTER" Aug 11 16:35:25 bastion LinuxCommandsWazuh: User mohtashim [1604535]: 1839 mongo pixel_v1 Aug 11 16:35:27 bastion LinuxCommandsWazuh: User ankur [1203582]: 1509 k get hpa Aug 11 16:35:37 bastion LinuxCommandsWazuh: User ankur [1203582]: 1510 stern vortex-dramatiq | grep -i "DMP_EXPORTS" Aug 11 16:36:30 bastion LinuxCommandsWazuh: User ankur [1219049]: 1498 stern urlbird | grep -i "CHECK_USER_IN_FILTER" Aug 11 16:45:24 bastion LinuxCommandsWazuh: User ankur [1219049]: 1498 stern urlbird | grep -i "CHECK_USER_IN_FILTER" Aug 11 16:57:26 bastion LinuxCommandsWazuh: User rihan [1628337]: 1260 mongo Aug 11 16:59:51 bastion LinuxCommandsWazuh: User ankur [1203460]: 1493 byobu Aug 11 17:23:23 bastion LinuxCommandsWazuh: User mohtashim [1603558]: 1839 mongo pixel_v1 Aug 11 17:27:54 bastion LinuxCommandsWazuh: User mohtashim [1633387]: 1840 exit Aug 11 17:28:09 bastion LinuxCommandsWazuh: User mohtashim [1603558]: 1840 byobu Aug 11 17:28:12 bastion LinuxCommandsWazuh: User mohtashim [1603558]: 1840 byobu Aug 11 17:33:49 bastion LinuxCommandsWazuh: User ankur [1634272]: 1494 exit Aug 11 17:42:23 bastion LinuxCommandsWazuh: User akansha [1643190]: Aug 11 17:42:47 bastion LinuxCommandsWazuh: User ubuntu [1643581]: 1815 ls Aug 11 17:42:48 bastion LinuxCommandsWazuh: User ubuntu [1643581]: 1816 cd Aug 11 17:42:48 bastion LinuxCommandsWazuh: User ubuntu [1643581]: 1817 ls Aug 11 17:42:52 bastion LinuxCommandsWazuh: User ayush [1643694]: 343 exit Aug 11 17:42:53 bastion LinuxCommandsWazuh: User ayush [1643694]: 344 cd Aug 11 17:42:53 bastion LinuxCommandsWazuh: User ayush [1643694]: 345 ls Aug 11 18:00:39 bastion LinuxCommandsWazuh: User ankur [1219049]: 1498 stern urlbird | grep -i "CHECK_USER_IN_FILTER" Aug 11 18:01:21 bastion LinuxCommandsWazuh: User ankur [1219049]: 1498 stern urlbird | grep -i "CHECK_USER_IN_FILTER" Aug 11 18:04:01 bastion LinuxCommandsWazuh: User rihan [1665498]: 1260 mongo Aug 11 18:07:50 bastion LinuxCommandsWazuh: User rihan [1665498]: 1261 psql -d munshi_v1 -U postgres Aug 11 18:09:50 bastion LinuxCommandsWazuh: User ubuntu [1671680]: 1815 ls Aug 11 18:09:58 bastion LinuxCommandsWazuh: User ankur [1119517]: 1488 mongo Aug 11 18:09:59 bastion LinuxCommandsWazuh: User ankur [1119517]: 1489 ls Aug 11 18:10:08 bastion LinuxCommandsWazuh: User ankur [1119517]: 1490 mongoexport --uri="mongodb://localhost:27017/your_db_name" --collection=events --type=json --query='{"org": "c77fca78-9579-4876-a748-44f617f8063e", "event": {"$in": ["view","product_view","category_view","addtocart","checkout","orders/create"]}, "created_at": { "$gte": {"$date": "2025-07-25T00:00:00Z"}, "$lte": {"$date": "2025-07-25T23:59:59Z"} }}' --out=events.json Aug 11 18:10:20 bastion LinuxCommandsWazuh: User ankur [1119517]: 1490 mongoexport --uri="mongodb://localhost:27017/your_db_name" --collection=events --type=json --query='{"org": "c77fca78-9579-4876-a748-44f617f8063e", "event": {"$in": ["view","product_view","category_view","addtocart","checkout","orders/create"]}, "created_at": { "$gte": {"$date": "2025-07-25T00:00:00Z"}, "$lte": {"$date": "2025-07-25T23:59:59Z"} }}' --out=events.json Aug 11 18:10:22 bastion LinuxCommandsWazuh: User ankur [1119517]: 1491 mongoexport --uri="mongodb://localhost:27017/your_db_name" --collection=events --type=json --query='{"org": "c77fca78-9579-4876-a748-44f617f8063e", "event": {"$in": ["view","product_view","category_view","addtocart","checkout","orders/create"]}, "created_at": { "$gte": {"$date": "2025-07-25T00:00:00Z"}, "$lte": {"$date": "2025-07-25T23:59:59Z"} }}' --out=events.json Aug 11 18:10:25 bastion LinuxCommandsWazuh: User ankur [1119517]: 1492 mongoexport --uri="mongodb://localhost:27017/your_db_name" --collection=events --type=json --query='{"org": "c77fca78-9579-4876-a748-44f617f8063e", "event": {"$in": ["view","product_view","category_view","addtocart","checkout","orders/create"]}, "created_at": { "$gte": {"$date": "2025-07-25T00:00:00Z"}, "$lte": {"$date": "2025-07-25T23:59:59Z"} }}' --out=events.json Aug 11 18:10:33 bastion LinuxCommandsWazuh: User ubuntu [1672559]: 1816 exit Aug 11 18:10:36 bastion LinuxCommandsWazuh: User ayush [1672643]: 343 exit Aug 11 18:10:39 bastion LinuxCommandsWazuh: User ayush [1672643]: 344 cd Aug 11 18:11:01 bastion LinuxCommandsWazuh: User ankur [1673040]: 1494 exit Aug 11 18:11:10 bastion LinuxCommandsWazuh: User ankur [1119517]: 1493 mongoexport --uri="mongodb://localhost:27017/pixel_v1" --collection=events --type=json --query='{"org": "c77fca78-9579-4876-a748-44f617f8063e", "event": {"$in": ["view","product_view","category_view","addtocart","checkout","orders/create"]}, "created_at": { "$gte": {"$date": "2025-07-25T00:00:00Z"}, "$lte": {"$date": "2025-07-25T23:59:59Z"} }}' --out=events.json Aug 11 18:11:10 bastion LinuxCommandsWazuh: User ankur [1119517]: 1493 mongoexport --uri="mongodb://localhost:27017/pixel_v1" --collection=events --type=json --query='{"org": "c77fca78-9579-4876-a748-44f617f8063e", "event": {"$in": ["view","product_view","category_view","addtocart","checkout","orders/create"]}, "created_at": { "$gte": {"$date": "2025-07-25T00:00:00Z"}, "$lte": {"$date": "2025-07-25T23:59:59Z"} }}' --out=events.json Aug 11 18:11:15 bastion LinuxCommandsWazuh: User ankur [1673040]: 1495 mongo pixel_v1 Aug 11 18:11:19 bastion LinuxCommandsWazuh: User ankur [1119517]: 1493 mongoexport --uri="mongodb://localhost:27017/pixel_v1" --collection=events --type=json --query='{"org": "c77fca78-9579-4876-a748-44f617f8063e", "event": {"$in": ["view","product_view","category_view","addtocart","checkout","orders/create"]}, "created_at": { "$gte": {"$date": "2025-07-25T00:00:00Z"}, "$lte": {"$date": "2025-07-25T23:59:59Z"} }}' --out=events.json Aug 11 18:11:40 bastion LinuxCommandsWazuh: User ankur [1119517]: 1494 mongoexport --uri="mongodb://10.190.0.29:27017/pixel_v1" --collection=events --type=json --query='{"org": "c77fca78-9579-4876-a748-44f617f8063e", "event": {"$in": ["view","product_view","category_view","addtocart","checkout","orders/create"]}, "created_at": { "$gte": {"$date": "2025-07-25T00:00:00Z"}, "$lte": {"$date": "2025-07-25T23:59:59Z"} }}' --out=events.json Aug 11 18:11:48 bastion LinuxCommandsWazuh: User ankur [1119517]: 1495 ls Aug 11 18:11:56 bastion LinuxCommandsWazuh: User ankur [1119517]: 1496 cat events.json Aug 11 18:12:17 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ankur [1119517]: 1496 cat events.json ] Aug 11 18:12:17 bastion LinuxCommandsWazuh: User ankur [1119517]: 1497 ls Aug 11 18:12:20 bastion LinuxCommandsWazuh: User ankur [1119517]: 1498 rm -rf events.json Aug 11 18:12:22 bastion LinuxCommandsWazuh: User ankur [1119517]: 1499 ls Aug 11 18:12:43 bastion LinuxCommandsWazuh: User ankur [1119517]: 1500 mongoexport --uri="mongodb://10.190.0.29:27017/pixel_v1" --collection=events --type=json --query='{"org": "c77fca78-9579-4876-a748-44f617f8063e", "event": {"$in": ["view","product_view","category_view","addtocart","checkout","orders/create"]}, "created_at": { "$gte": {"$date": "2025-07-25T00:00:00Z"}, "$lte": {"$date": "2025-07-25T23:59:59Z"} }}' --out=events.json Aug 11 18:12:53 bastion LinuxCommandsWazuh: User ankur [1119517]: 1501 ls Aug 11 18:13:14 bastion LinuxCommandsWazuh: User ankur [1119517]: 1502 rm -rf events.json Aug 11 18:13:14 bastion LinuxCommandsWazuh: User ankur [1119517]: 1503 ls Aug 11 18:14:09 bastion LinuxCommandsWazuh: User ankur [1119517]: 1504 mongosh "mongodb://10.190.0.29:27017/your_db_name" --quiet --eval '#012const fs = require("fs");#012const docs = db.events.aggregate([#012 {#012 $match: {#012 org: "c77fca78-9579-4876-a748-44f617f8063e",#012 event: { $in: ["view", "product_view", "category_view", "addtocart", "checkout", "orders/create"] },#012 created_at: {#012 $gte: ISODate("2025-07-25T00:00:00Z"),#012 $lte: ISODate("2025-07-25T23:59:59Z")#012 }#012 }#012 },#012 { $sort: { created_at: 1 } },#012 { $group: { _id: "$event", doc: { $first: "$$ROOT" } } },#012 { $replaceRoot: { newRoot: "$doc" } }#012]).toArray();#012fs.writeFileSync("events_one_per_event.json", JSON.stringify(docs, null, 2));#012' Aug 11 18:14:11 bastion LinuxCommandsWazuh: User ankur [1119517]: 1505 ls Aug 11 18:14:17 bastion LinuxCommandsWazuh: User ankur [1119517]: 1506 cat events_one_per_event.json Aug 11 18:14:22 bastion LinuxCommandsWazuh: User ankur [1119517]: 1507 rm -rf events_one_per_event.json Aug 11 18:14:23 bastion LinuxCommandsWazuh: User ankur [1119517]: 1508 ls Aug 11 18:14:44 bastion LinuxCommandsWazuh: User ankur [1119517]: 1508 ls Aug 11 18:25:07 bastion LinuxCommandsWazuh: User rihan [1687243]: 1261 psql -d munshi_v1 -U postgres Aug 11 18:25:18 bastion LinuxCommandsWazuh: User mohtashim [1687403]: 1840 exit Aug 11 18:26:19 bastion LinuxCommandsWazuh: User ankur [1219049]: 1498 stern urlbird | grep -i "CHECK_USER_IN_FILTER" Aug 11 18:26:24 bastion LinuxCommandsWazuh: User ankur [1203582]: 1510 stern vortex-dramatiq | grep -i "DMP_EXPORTS" Aug 11 18:27:08 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ankur [1203582]: 1510 stern vortex-dramatiq | grep -i "DMP_EXPORTS"] Aug 11 18:27:19 bastion LinuxCommandsWazuh: User ankur [1692178]: 1496 exit Aug 11 18:27:24 bastion LinuxCommandsWazuh: User ankur [1692178]: 1497 k get hpa Aug 11 18:29:38 bastion LinuxCommandsWazuh: User ankur [1692178]: 1498 k get pods | grep vortex Aug 11 18:30:05 bastion LinuxCommandsWazuh: User ankur [1692178]: 1499 exiy Aug 11 18:40:06 bastion LinuxCommandsWazuh: User ayush [1643694]: 346 cool-server Aug 11 18:40:06 bastion LinuxCommandsWazuh: User ubuntu [1643581]: 1818 sudo su ayush Aug 11 18:40:06 bastion LinuxCommandsWazuh: User ayush [1672643]: 345 cool-server Aug 11 19:26:14 bastion LinuxCommandsWazuh: User ashish [1805879]: 341 byobu Aug 11 19:26:19 bastion LinuxCommandsWazuh: User ashish [1806095]: 341 byobu Aug 11 19:27:07 bastion LinuxCommandsWazuh: User ashish [1806095]: 342 mongo Aug 11 19:27:46 bastion LinuxCommandsWazuh: User ashish [1806095]: 342 mongo Aug 11 19:49:49 bastion LinuxCommandsWazuh: User ashish [1806095]: 342 mongo Aug 11 19:49:50 bastion LinuxCommandsWazuh: User ashish [1805879]: 341 byobu Aug 11 20:18:16 bastion LinuxCommandsWazuh: User mohtashim [1687403]: 1841 byobu Aug 11 23:15:50 bastion LinuxCommandsWazuh: User shamailtayyab [1905822]: 1998 k edit configmap vortex-config