Sep 23 11:58:06 bastion LinuxCommandsWazuh: User ubuntu [3862247]:  1999  mongo-ssh
Sep 23 12:08:46 bastion LinuxCommandsWazuh: User ashish [3863414]:   500  kubectl get pods
Sep 23 12:08:46 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ashish [3863414]:   500  kubectl get pods]
Sep 23 12:08:52 bastion LinuxCommandsWazuh: User ashish [3863414]:   500  kubectl get pods
Sep 23 12:08:52 bastion LinuxCommandsWazuh: User ashish [3863414]:   500  kubectl get pods
Sep 23 12:08:54 bastion LinuxCommandsWazuh: User ashish [3863495]:   500  kubectl get pods
Sep 23 12:12:57 bastion LinuxCommandsWazuh: User ashish [3863495]:   501  redis
Sep 23 12:20:42 bastion LinuxCommandsWazuh: User ubuntu [3862247]:  2000  cool-server 
Sep 23 12:20:51 bastion LinuxCommandsWazuh: message repeated 10 times: [ User ubuntu [3862247]:  2000  cool-server ]
Sep 23 12:21:55 bastion LinuxCommandsWazuh: User ubuntu [3862247]:  2001  cool server
Sep 23 12:22:12 bastion LinuxCommandsWazuh: User ashish [3863495]:   501  redis
Sep 23 12:22:12 bastion LinuxCommandsWazuh: User ashish [3863414]:   501  byobu
Sep 23 12:22:16 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ashish [3863414]:   501  byobu]
Sep 23 12:22:21 bastion LinuxCommandsWazuh: User ashish [3877047]:   501  redis
Sep 23 12:27:46 bastion LinuxCommandsWazuh: User abhijeet [3877789]:  1998  exit
Sep 23 12:27:58 bastion LinuxCommandsWazuh: User abhijeet [3877789]:  1999  dragonflydb-volatile-ssh 
Sep 23 12:28:42 bastion LinuxCommandsWazuh: User abhijeet [3877789]:  2000  redis-secondary-ssh 
Sep 23 12:39:59 bastion LinuxCommandsWazuh: User abhijeet [3877789]:  2001  redis-url-ssh 
Sep 23 12:42:02 bastion LinuxCommandsWazuh: User ubuntu [3862247]:  2002  cool-server 
Sep 23 12:47:11 bastion LinuxCommandsWazuh: User rihan [3879560]:  1379  mongo
Sep 23 12:49:18 bastion LinuxCommandsWazuh: User rihan [3879560]:  1379  mongo
Sep 23 12:49:30 bastion LinuxCommandsWazuh: message repeated 3 times: [ User rihan [3879560]:  1379  mongo]
Sep 23 12:49:48 bastion LinuxCommandsWazuh: User abhijeet [3879703]:  1998  exit
Sep 23 12:49:50 bastion LinuxCommandsWazuh: User abhijeet [3879703]:  1999  ls
Sep 23 12:49:51 bastion LinuxCommandsWazuh: User abhijeet [3879703]:  1999  ls
Sep 23 12:54:25 bastion LinuxCommandsWazuh: User ashish [3877047]:   501  redis
Sep 23 12:54:43 bastion LinuxCommandsWazuh: User ashish [3877047]:   501  redis
Sep 23 12:54:56 bastion LinuxCommandsWazuh: User abhijeet [3879703]:  2000  mongo
Sep 23 12:55:01 bastion LinuxCommandsWazuh: User abhijeet [3879703]:  2000  mongo
Sep 23 12:55:19 bastion LinuxCommandsWazuh: User abhijeet [3879703]:  2001  psql 
Sep 23 12:59:17 bastion LinuxCommandsWazuh: User ankur [3880902]:  1990  exit
Sep 23 13:04:59 bastion LinuxCommandsWazuh: User ashish [3877047]:   501  redis
Sep 23 13:07:26 bastion LinuxCommandsWazuh: User ubuntu [3862247]:  2003  cool server
Sep 23 13:14:10 bastion LinuxCommandsWazuh: User abhijeet [3879703]:  2001  psql 
Sep 23 13:16:42 bastion LinuxCommandsWazuh: User rihan [3879560]:  1380  psql
Sep 23 13:17:35 bastion LinuxCommandsWazuh: User rihan [3879560]:  1380  psql
Sep 23 13:18:00 bastion LinuxCommandsWazuh: User mohtashim [3882750]:   500  exit
Sep 23 13:18:02 bastion LinuxCommandsWazuh: User mohtashim [3882750]:   501  clear
Sep 23 13:19:51 bastion LinuxCommandsWazuh: User mohtashim [3882750]:   502  mongo pixel_v1
Sep 23 13:19:54 bastion LinuxCommandsWazuh: User mohtashim [3882750]:   503  clear
Sep 23 13:22:49 bastion LinuxCommandsWazuh: User ubuntu [3883119]:  1999  cool-server 
Sep 23 13:23:53 bastion LinuxCommandsWazuh: User ubuntu [3883119]:  1999  cool-server 
Sep 23 13:30:19 bastion LinuxCommandsWazuh: User mohtashim [3882750]:   504  make cookie-bash
Sep 23 13:30:19 bastion LinuxCommandsWazuh: User ubuntu [3884139]:  1999  exit
Sep 23 13:36:13 bastion LinuxCommandsWazuh: User rihan [3884919]:  1380  psql
Sep 23 13:37:46 bastion LinuxCommandsWazuh: User rihan [3884919]:  1381  mongo
Sep 23 13:38:12 bastion LinuxCommandsWazuh: User rihan [3885052]:  1381  mongo
Sep 23 13:38:30 bastion LinuxCommandsWazuh: User mohtashim [3882750]:   504  make cookie-bash
Sep 23 13:41:56 bastion LinuxCommandsWazuh: User rihan [3885052]:  1381  mongo
Sep 23 13:54:41 bastion LinuxCommandsWazuh: User abhijeet [3879703]:  2002  clickhouse-ssh 
Sep 23 13:55:35 bastion LinuxCommandsWazuh: User abhijeet [3879703]:  2003  cat .ssh/id_rsa.pub 
Sep 23 13:56:11 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  1998  exit
Sep 23 13:56:19 bastion LinuxCommandsWazuh: User ankur [3886983]:  1990  exit
Sep 23 13:56:21 bastion LinuxCommandsWazuh: User ankur [3886983]:  1991  cd
Sep 23 13:56:25 bastion LinuxCommandsWazuh: User mohtashim [3887076]:   500  exit
Sep 23 13:56:28 bastion LinuxCommandsWazuh: User ankur [3886983]:  1992  cat .ssh/id_rsa.pub 
Sep 23 13:56:30 bastion LinuxCommandsWazuh: User ankur [3886983]:  1993  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZuyV8WufVI1zbmVxlbFn/5Gbg7WVYDEw0gxf6KxjWYiDJ6e3/ZX7Nyqq7dtN6byeWipG77mYE5JQooOBP58Go5iLi9yuh+7RgckAj/hQScBgFRxcwUOoABeHOizwkcQw4csPKpI9RoZJzV/1rZyJpyOtnJbxdmCuuye0yj7FD3HD5PUOZ2KlFluoLGx1QHDJHM2rIESuoM+4uir7EBZ9Why1t41NskFo8ueVBENeUTyW6FU4llEFMIeFxL5HyBuvJuh57rRaG+532j70dlNdYgptMfBSyMNqhWfzc1I0+oLsFSpzem/hC97s8aSnyffsIVSebXOcnSecrOtgARwAGvbEmKDxtuKrQMPa3x3ilHtvhjvxQ0T0WqMJYPTmFHr5TKLPZyrFYrBVKe2R0apKF7eF/Az04foArxOyeKkG8gJlAJI82XsbsrZCZXtB7VZ90Sv3i2I0vD3M3DtuRbR3HCm7Zyary+PRWMbCxbhDnA0uKVRpK+aCH1pH7RM2Pivk= abhijeet@bastion
Sep 23 13:56:42 bastion LinuxCommandsWazuh: User ankur [3886983]:  1994  cat .ssh/id_rsa.pub 
Sep 23 13:57:00 bastion LinuxCommandsWazuh: User ankur [3886983]:  1995  sudo su ubuntu
Sep 23 13:57:02 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  1999  sudo su ankur
Sep 23 13:57:07 bastion LinuxCommandsWazuh: User ubuntu [3887160]:  1999  exit
Sep 23 13:57:08 bastion LinuxCommandsWazuh: User ubuntu [3887160]:  2000  cd
Sep 23 13:57:15 bastion LinuxCommandsWazuh: User ubuntu [3887160]:  2001  cat .ssh/id_rsa.pub 
Sep 23 13:57:25 bastion LinuxCommandsWazuh: User ak [3887197]:   296  exit
Sep 23 13:57:27 bastion LinuxCommandsWazuh: User ak [3887197]:   297  cd
Sep 23 13:57:35 bastion LinuxCommandsWazuh: User ak [3887197]:   297  cd
Sep 23 13:57:40 bastion LinuxCommandsWazuh: User ubuntu [3887160]:  2002  sudo su ak
Sep 23 13:57:41 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2000  sudo su ubuntu
Sep 23 13:57:44 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2001  ls
Sep 23 13:58:27 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2002  ssh ubuntu@10.190.0.96
Sep 23 13:58:44 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2003  ssh abhijeet@10.190.0.96
Sep 23 13:59:35 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2004  ssh ubuntu@10.190.0.96
Sep 23 13:59:47 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2005  ls
Sep 23 14:00:26 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2006  vim .bashrc 
Sep 23 14:00:29 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2007  source .bash
Sep 23 14:00:31 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2008  source .bashrc 
Sep 23 14:00:43 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2009  vim .bashrc 
Sep 23 14:00:44 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2010  source .bashrc 
Sep 23 14:00:53 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2011  clickhouse-2-ssh 
Sep 23 14:00:57 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2012  sudo su ankir
Sep 23 14:01:00 bastion LinuxCommandsWazuh: User ankur [3887587]:  1990  exit
Sep 23 14:01:01 bastion LinuxCommandsWazuh: User ankur [3887587]:  1991  cd
Sep 23 14:01:09 bastion LinuxCommandsWazuh: User ankur [3887587]:  1992  vim .bashrc
Sep 23 14:01:26 bastion LinuxCommandsWazuh: User ankur [3887587]:  1992  vim .bashrc
Sep 23 14:01:31 bastion LinuxCommandsWazuh: User ankur [3887587]:  1993  source .bashrc
Sep 23 14:01:33 bastion LinuxCommandsWazuh: User ankur [3887587]:  1994  lsc
Sep 23 14:01:34 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2013  sudo su ankur
Sep 23 14:01:34 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2014  l
Sep 23 14:01:36 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2015  ls
Sep 23 14:02:56 bastion LinuxCommandsWazuh: User abhijeet [3887825]:  1998  exit
Sep 23 14:02:56 bastion LinuxCommandsWazuh: User abhijeet [3887825]:  1999  l
Sep 23 14:03:06 bastion LinuxCommandsWazuh: User abhijeet [3887825]:  2000  clickhouse-
Sep 23 14:10:33 bastion LinuxCommandsWazuh: User ankur [3888780]:  1990  exit
Sep 23 14:10:35 bastion LinuxCommandsWazuh: User ankur [3888836]:  1990  exit
Sep 23 14:10:43 bastion LinuxCommandsWazuh: User ubuntu [3889173]:  1999  exit
Sep 23 14:12:13 bastion LinuxCommandsWazuh: User abhijeet [3890685]:  1998  exit
Sep 23 14:12:24 bastion LinuxCommandsWazuh: User abhijeet [3890685]:  1999  ls
Sep 23 14:15:03 bastion LinuxCommandsWazuh: User abhijeet [3890685]:  2000  internal-server 
Sep 23 14:15:14 bastion LinuxCommandsWazuh: User abhijeet [3890685]:  2001  ssh ubuntu@10.190.0.24
Sep 23 14:15:29 bastion LinuxCommandsWazuh: User abhijeet [3890685]:  2002  ifconfig | grep 10.190
Sep 23 14:15:38 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  1999  exit
Sep 23 14:15:39 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2000  cd
Sep 23 14:15:40 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2001  ls
Sep 23 14:16:00 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2002  systemctl status squid.service 
Sep 23 14:16:02 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2002  systemctl status squid.service 
Sep 23 14:16:35 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2003  cat /etc/squid/conf.d/custom.conf 
Sep 23 14:21:49 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2004  cat /etc/os-release 
Sep 23 14:21:57 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2005  cat /etc/apt/sources.list
Sep 23 14:22:41 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2006  ping asia-south2-a.gce.clouds.archive.ubuntu.com
Sep 23 14:23:13 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2007  cat /var/log/squid/access.log
Sep 23 14:23:16 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2008  sudo cat /var/log/squid/access.log
Sep 23 14:23:38 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2008  sudo cat /var/log/squid/access.log
Sep 23 14:23:47 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2008  sudo cat /var/log/squid/access.log
Sep 23 14:24:04 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2008  sudo cat /var/log/squid/access.log
Sep 23 14:24:19 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2008  sudo cat /var/log/squid/access.log
Sep 23 14:24:22 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2008  sudo cat /var/log/squid/access.log
Sep 23 14:24:26 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2008  sudo cat /var/log/squid/access.log
Sep 23 14:24:37 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:24:55 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:24:56 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:01 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:03 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:04 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:04 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:05 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:05 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:05 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:05 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:06 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:06 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:06 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:07 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:07 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:07 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:08 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:08 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2009  sudo cat /var/log/squid/cache.log
Sep 23 14:25:12 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2010  sudo cat /var/log/squid/access.log
Sep 23 14:25:14 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2011  sudo cat /var/log/squid/cache.log
Sep 23 14:25:34 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2011  sudo cat /var/log/squid/cache.log
Sep 23 14:25:39 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2011  sudo cat /var/log/squid/cache.log
Sep 23 14:25:49 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2012  sudo cat /var/log/squid/access.log | grep 10.190.0.96
Sep 23 14:26:26 bastion LinuxCommandsWazuh: User mohtashim [3887076]:   501  psql -h 10.94.16.3 -U postgres -d vortex_v2
Sep 23 14:29:35 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2012  sudo cat /var/log/squid/access.log | grep 10.190.0.96
Sep 23 14:29:53 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2012  sudo cat /var/log/squid/access.log | grep 10.190.0.96
Sep 23 14:30:51 bastion LinuxCommandsWazuh: User ubuntu [3893944]:  2012  sudo cat /var/log/squid/access.log | grep 10.190.0.96
Sep 23 14:32:11 bastion LinuxCommandsWazuh: User abhijeet [3887825]:  2001  clickhouse-ssh 
Sep 23 14:32:38 bastion LinuxCommandsWazuh: User abhijeet [3887825]:  2002  cat .bashrc 
Sep 23 14:38:12 bastion LinuxCommandsWazuh: User abhijeet [3887825]:  2003  scp /bin/vim ubuntu@10.190.0.96:/tmp/
Sep 23 14:40:23 bastion LinuxCommandsWazuh: User abhijeet [3887825]:  2004  vi
Sep 23 14:40:35 bastion LinuxCommandsWazuh: User abhijeet [3887825]:  2005  scp /bin/vi  ubuntu@10.190.0.96:/tmp/
Sep 23 14:43:28 bastion LinuxCommandsWazuh: User ubuntu [3889173]:  2000  cool-server
Sep 23 14:43:28 bastion LinuxCommandsWazuh: User ubuntu [3889173]:  2001  cd
Sep 23 14:43:29 bastion LinuxCommandsWazuh: User ubuntu [3889173]:  2002  ls
Sep 23 14:43:42 bastion LinuxCommandsWazuh: User ankur [3888836]:  1991  clickhouse-ssh 
Sep 23 14:43:43 bastion LinuxCommandsWazuh: User ankur [3888780]:  1991  byobu
Sep 23 14:53:11 bastion LinuxCommandsWazuh: User abhijeet [3887825]:  2006  clickhouse-ssh 
Sep 23 14:54:46 bastion LinuxCommandsWazuh: User ankur [3924715]:  1990  exit
Sep 23 14:54:49 bastion LinuxCommandsWazuh: User ankur [3924771]:  1990  exit
Sep 23 14:54:57 bastion LinuxCommandsWazuh: User ankur [3924771]:  1991  cat .bashrc
Sep 23 14:59:34 bastion LinuxCommandsWazuh: User ankur [3929954]:  1990  exit
Sep 23 15:00:11 bastion LinuxCommandsWazuh: User abhijeet [3886954]:  2016  clickhouse-2-ssh 
Sep 23 15:00:21 bastion LinuxCommandsWazuh: User ankur [3930893]:  1990  exit
Sep 23 15:00:21 bastion LinuxCommandsWazuh: User ankur [3930893]:  1991  ls
Sep 23 15:00:22 bastion LinuxCommandsWazuh: User ankur [3930893]:  1992  cd
Sep 23 15:00:22 bastion LinuxCommandsWazuh: User ankur [3930893]:  1993  ls
Sep 23 15:00:29 bastion LinuxCommandsWazuh: User ankur [3930893]:  1994  cat .bashrc
Sep 23 15:00:50 bastion LinuxCommandsWazuh: User ankur [3930893]:  1995  ls
Sep 23 15:01:46 bastion LinuxCommandsWazuh: User abhijeet [3890685]:  2003  sudo su ubuntu
Sep 23 15:02:50 bastion LinuxCommandsWazuh: User abhijeet [3887825]:  2006  clickhouse-ssh 
Sep 23 15:03:09 bastion LinuxCommandsWazuh: User ashish [3933627]:   502  byobu
Sep 23 15:03:11 bastion LinuxCommandsWazuh: message repeated 4 times: [ User ashish [3933627]:   502  byobu]
Sep 23 15:12:20 bastion LinuxCommandsWazuh: User ankur [3930893]:  1996  kubectl get pods | grep coo
Sep 23 15:12:20 bastion LinuxCommandsWazuh: User mohtashim [3882750]:   504  make cookie-bash
Sep 23 15:12:31 bastion LinuxCommandsWazuh: User ankur [3930893]:  1996  kubectl get pods | grep coo
Sep 23 15:12:40 bastion LinuxCommandsWazuh: User ankur [3930893]:  1996  kubectl get pods | grep coo
Sep 23 15:12:51 bastion LinuxCommandsWazuh: User ankur [3930893]:  1997  kubectl get pods | grep nitr
Sep 23 15:12:56 bastion LinuxCommandsWazuh: message repeated 4 times: [ User ankur [3930893]:  1997  kubectl get pods | grep nitr]
Sep 23 15:12:58 bastion LinuxCommandsWazuh: User ankur [3930893]:  1998  kubectl get pods | grep coo
Sep 23 15:13:15 bastion LinuxCommandsWazuh: User ankur [3930893]:  1998  kubectl get pods | grep coo
Sep 23 15:13:23 bastion LinuxCommandsWazuh: User ankur [3930893]:  1999  kubectl get pods | grep nitr
Sep 23 15:13:26 bastion LinuxCommandsWazuh: User ankur [3930893]:  2000  kubectl get pods | grep coo
Sep 23 15:13:53 bastion LinuxCommandsWazuh: User ankur [3944634]:  1990  exit
Sep 23 15:13:58 bastion LinuxCommandsWazuh: User ankur [3930893]:  2000  kubectl get pods | grep coo
Sep 23 15:18:38 bastion LinuxCommandsWazuh: User ankur [3944634]:  1991  clickhouse-ssh
Sep 23 15:18:40 bastion LinuxCommandsWazuh: User ankur [3929954]:  1991  clickhouse-ssh 
Sep 23 15:19:00 bastion LinuxCommandsWazuh: User ankur [3930893]:  2000  kubectl get pods | grep coo
Sep 23 15:49:58 bastion LinuxCommandsWazuh: User ubuntu [3981302]:  1999  exit
Sep 23 15:52:08 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  1998  sudo su ankur
Sep 23 15:52:10 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  1999  ls
Sep 23 15:52:20 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2000  k
Sep 23 15:52:23 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2001  k get pds
Sep 23 15:52:24 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2002  k get p
Sep 23 15:52:27 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2003  k get pods 
Sep 23 15:52:32 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2004  k get pods | grep acc
Sep 23 15:52:34 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2005  k get pods | grep ac
Sep 23 15:52:53 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2006  k get pods | grep x
Sep 23 15:54:17 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2007  k get hpa -n nitrox-productoin
Sep 23 15:54:19 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2008  k get hpa -n nitrox-production
Sep 23 15:54:48 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2009  k edit hpa xlr8 -n nitrox-production
Sep 23 15:54:53 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2010  k get hpa -n nitrox-production
Sep 23 15:54:56 bastion LinuxCommandsWazuh: message repeated 2 times: [ User abhijeet [3983493]:  2010  k get hpa -n nitrox-production]
Sep 23 15:55:01 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2011  k get pods | grep x
Sep 23 15:55:05 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2012  k get hpa -n nitrox-production
Sep 23 15:56:01 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2013  kubectl get vpa
Sep 23 15:56:53 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2014  kubectl get deployment -n nitrox-priduction
Sep 23 15:57:59 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2015  kubectl get deployment -n nitrox-production
Sep 23 16:01:24 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2016  kubectl edit deployment xlr8 -n nitrox-production
Sep 23 16:01:33 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2017  kubectl get pods | gerp xl
Sep 23 16:01:40 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2018  kubectl get pods | grep xl
Sep 23 16:03:16 bastion LinuxCommandsWazuh: User abhijeet [3983493]:  2019  ls
Sep 23 16:05:42 bastion LinuxCommandsWazuh: User ubuntu [3981302]:  2000  cool-server 
Sep 23 16:10:15 bastion LinuxCommandsWazuh: User abhijeet [4002431]:  1998  ls
Sep 23 16:10:15 bastion LinuxCommandsWazuh: User abhijeet [4002431]:  1999  l
Sep 23 16:15:02 bastion LinuxCommandsWazuh: User ankur [4007588]:  1990  kubectl get pods | grep coo
Sep 23 16:15:19 bastion LinuxCommandsWazuh: User abhijeet [4007942]:  1998  exit
Sep 23 16:15:20 bastion LinuxCommandsWazuh: User abhijeet [4007942]:  1999  ls
Sep 23 16:15:44 bastion LinuxCommandsWazuh: User abhijeet [4007942]:  1999  ls
Sep 23 16:16:06 bastion LinuxCommandsWazuh: User abhijeet [4007942]:  2000  kubectl get deployment -n nitrox-production
Sep 23 16:17:10 bastion LinuxCommandsWazuh: User abhijeet [4010440]:  1998  exit
Sep 23 16:17:21 bastion LinuxCommandsWazuh: User abhijeet [4010440]:  1999  kubectl get pods | grep xl
Sep 23 16:17:40 bastion LinuxCommandsWazuh: User abhijeet [4010440]:  2000  kubectl top pods | grep xl
Sep 23 16:17:52 bastion LinuxCommandsWazuh: User abhijeet [4007942]:  2001  kubectl edit deployment xlr8 -n nitrox-production
Sep 23 16:18:17 bastion LinuxCommandsWazuh: User abhijeet [4010440]:  2000  kubectl top pods | grep xl
Sep 23 16:29:19 bastion LinuxCommandsWazuh: User ubuntu [4022707]:  1999  exit
Sep 23 16:34:19 bastion LinuxCommandsWazuh: User abhijeet [4007942]:  2001  kubectl edit deployment xlr8 -n nitrox-production
Sep 23 16:36:56 bastion LinuxCommandsWazuh: User abhijeet [4007942]:  2001  kubectl edit deployment xlr8 -n nitrox-production
Sep 23 16:37:06 bastion LinuxCommandsWazuh: User abhijeet [4007942]:  2001  kubectl edit deployment xlr8 -n nitrox-production
Sep 23 16:37:13 bastion LinuxCommandsWazuh: User abhijeet [4007942]:  2002  clear
Sep 23 16:37:31 bastion LinuxCommandsWazuh: User abhijeet [4007942]:  2003  kubectl get pods -n nitrox-production
Sep 23 16:37:40 bastion LinuxCommandsWazuh: User abhijeet [4007942]:  2004  kubectl top pods -n nitrox-production
Sep 23 16:38:12 bastion LinuxCommandsWazuh: User abhijeet [4007942]:  2004  kubectl top pods -n nitrox-production
Sep 23 16:38:52 bastion LinuxCommandsWazuh: User abhijeet [4010440]:  2000  kubectl top pods | grep xl
Sep 23 16:39:08 bastion LinuxCommandsWazuh: User abhijeet [4010440]:  2000  kubectl top pods | grep xl
Sep 23 16:39:14 bastion LinuxCommandsWazuh: User abhijeet [4010440]:  2001  kubectl get pods 
Sep 23 16:46:16 bastion LinuxCommandsWazuh: User ubuntu [4040481]:  1999  cool-server 
Sep 23 16:56:21 bastion LinuxCommandsWazuh: User ubuntu [4046953]:  1999  cool-server 
Sep 23 16:58:48 bastion LinuxCommandsWazuh: User ubuntu [4047086]:  1999  cool-server 
Sep 23 17:13:31 bastion LinuxCommandsWazuh: User mohtashim [3887076]:   501  psql -h 10.94.16.3 -U postgres -d vortex_v2
Sep 23 17:14:02 bastion LinuxCommandsWazuh: User ankur [4048317]:  1990  byobu
Sep 23 17:31:10 bastion LinuxCommandsWazuh: User ubuntu [4065991]:  1999  cool-server 
Sep 23 17:31:23 bastion LinuxCommandsWazuh: User ubuntu [4066264]:  1999  cool-server 
Sep 23 17:37:24 bastion LinuxCommandsWazuh: User ubuntu [4065991]:  1999  cool-server 
Sep 23 17:39:34 bastion LinuxCommandsWazuh: User ubuntu [4065991]:  2000  ls
Sep 23 17:49:05 bastion LinuxCommandsWazuh: User ubuntu [4084272]:  1999  exit
Sep 23 17:49:42 bastion LinuxCommandsWazuh: User ubuntu [4084272]:  2000  ls
Sep 23 18:00:01 bastion LinuxCommandsWazuh: User ankur [4095333]:  1990  byobu
Sep 23 18:06:20 bastion LinuxCommandsWazuh: User ankur [4095333]:  1991  clickhouse-ssh 
Sep 23 18:06:27 bastion LinuxCommandsWazuh: User ankur [4007588]:  1991  kafka-ssh 
Sep 23 18:30:19 bastion LinuxCommandsWazuh: User ashish [4126540]:   502  byobu
Sep 23 18:30:20 bastion LinuxCommandsWazuh: User ashish [4126540]:   503  ls
Sep 23 18:30:25 bastion LinuxCommandsWazuh: User ashish [4126685]:   502  byobu
Sep 23 18:30:57 bastion LinuxCommandsWazuh: User ashish [4126685]:   503  Clickhouse-ssh
Sep 23 18:59:06 bastion LinuxCommandsWazuh: User ankur [4182004]:  1990  exit
Sep 23 19:02:34 bastion LinuxCommandsWazuh: User ankur [4182004]:  1991  clickhouse-ssh 
Sep 23 19:02:42 bastion LinuxCommandsWazuh: User ankur [4188886]:  1990  exit
Sep 23 19:05:16 bastion LinuxCommandsWazuh: User ankur [4188886]:  1991  clickhouse-2-ssh 
Sep 23 19:20:53 bastion LinuxCommandsWazuh: User ankur [30357]:  1990  exit
Sep 23 19:49:58 bastion LinuxCommandsWazuh: User ankur [30357]:  1991  clickhouse-2-ssh 
Sep 23 19:50:01 bastion LinuxCommandsWazuh: User ankur [82682]:  1990  exit
Sep 23 19:56:29 bastion LinuxCommandsWazuh: User ankur [82682]:  1991  clickhouse-ssh 
Sep 23 19:56:33 bastion LinuxCommandsWazuh: User ankur [89542]:  1990  exit
Sep 23 19:57:00 bastion LinuxCommandsWazuh: User ankur [89542]:  1991  clickhouse-2-ssh 
Sep 23 19:57:01 bastion LinuxCommandsWazuh: User ankur [89542]:  1991  clickhouse-2-ssh 
Sep 23 19:59:26 bastion LinuxCommandsWazuh: User ankur [92241]:  1990  exit
Sep 23 19:59:31 bastion LinuxCommandsWazuh: User ankur [92241]:  1991  htop
Sep 23 19:59:33 bastion LinuxCommandsWazuh: User ankur [92389]:  1990  exit
Sep 23 19:59:47 bastion LinuxCommandsWazuh: User ankur [92621]:  1990  exit
Sep 23 20:00:31 bastion LinuxCommandsWazuh: User ankur [93492]:  1990  exit
Sep 23 20:03:52 bastion LinuxCommandsWazuh: User ankur [93492]:  1991  clickhouse-ssh 
Sep 23 20:04:00 bastion LinuxCommandsWazuh: User ankur [92389]:  1991  clickhouse-2-ssh 
Sep 23 20:06:35 bastion LinuxCommandsWazuh: User ankur [99796]:  1990  exit
Sep 23 20:06:48 bastion LinuxCommandsWazuh: User ankur [99796]:  1991  show tables
Sep 23 20:06:49 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ankur [99796]:  1991  show tables]
Sep 23 20:08:16 bastion LinuxCommandsWazuh: User ankur [99796]:  1992  clickhouse-ssh 
Sep 23 20:11:45 bastion LinuxCommandsWazuh: User ankur [104730]:  1990  exit
Sep 23 20:17:47 bastion LinuxCommandsWazuh: User ankur [110939]:  1990  exit
Sep 23 20:18:54 bastion LinuxCommandsWazuh: User ankur [110939]:  1991  clickhouse-ssh 
Sep 23 20:27:19 bastion LinuxCommandsWazuh: User ankur [120539]:  1990  exit
Sep 23 20:36:58 bastion LinuxCommandsWazuh: User ankur [4048317]:  1990  byobu
Sep 23 20:40:20 bastion LinuxCommandsWazuh: User ankur [130525]:  1990  exit
Sep 23 20:40:37 bastion LinuxCommandsWazuh: User ankur [130525]:  1991  byobu
Sep 23 20:40:42 bastion LinuxCommandsWazuh: User ankur [130939]:  1990  exit
Sep 23 20:40:49 bastion LinuxCommandsWazuh: User ankur [130939]:  1991  clickhouse-2-ssh 
Sep 23 20:40:51 bastion LinuxCommandsWazuh: User ankur [131032]:  1990  exit
Sep 23 20:40:53 bastion LinuxCommandsWazuh: User ankur [131141]:  1990  exit
Sep 23 20:41:30 bastion LinuxCommandsWazuh: User ankur [131141]:  1991  clickhouse-2-ssh 
Sep 23 20:41:44 bastion LinuxCommandsWazuh: User ankur [131032]:  1991  byobu