Oct 10 11:13:33 bastion LinuxCommandsWazuh: User aman [545887]: 293 exit Oct 10 11:13:35 bastion LinuxCommandsWazuh: User aman [545887]: 294 clear Oct 10 11:13:55 bastion LinuxCommandsWazuh: User aman [545887]: 295 psql -h 10.94.16.3 -p 5432 -U dbuser -d nitrox_v2 Oct 10 11:13:56 bastion LinuxCommandsWazuh: User aman [545887]: 296 clear Oct 10 11:13:57 bastion LinuxCommandsWazuh: User aman [545887]: 296 clear Oct 10 11:14:04 bastion LinuxCommandsWazuh: User aman [546046]: 297 exit Oct 10 11:14:05 bastion LinuxCommandsWazuh: User aman [546046]: 298 clear Oct 10 11:14:18 bastion LinuxCommandsWazuh: User aman [546046]: 299 kubectl get pods | grep chat Oct 10 11:14:31 bastion LinuxCommandsWazuh: User aman [546046]: 300 kubectl get config chatbot-5fc84b59dc-ltlh2 Oct 10 11:15:29 bastion LinuxCommandsWazuh: User aman [546046]: 301 kuebctl get configmap chatbot-5fc84b59dc-ltlh2 Oct 10 11:15:31 bastion LinuxCommandsWazuh: User aman [546046]: 301 kuebctl get configmap chatbot-5fc84b59dc-ltlh2 Oct 10 11:15:37 bastion LinuxCommandsWazuh: User aman [546046]: 302 kubectl get configmap chatbot-5fc84b59dc-ltlh2 Oct 10 11:16:15 bastion LinuxCommandsWazuh: User aman [546046]: 303 kubectl get config | grep chat Oct 10 11:16:30 bastion LinuxCommandsWazuh: User aman [546046]: 304 kubectl get configmap Oct 10 11:16:42 bastion LinuxCommandsWazuh: User aman [546046]: 305 kubectl get configmap chatbot-config Oct 10 11:17:04 bastion LinuxCommandsWazuh: User aman [546046]: 306 kubectl describe configmap chatbot-config Oct 10 11:18:19 bastion LinuxCommandsWazuh: User aman [546046]: 307 kubectl edit configmap chatbot-config Oct 10 11:18:20 bastion LinuxCommandsWazuh: User aman [546046]: 308 clear Oct 10 11:18:22 bastion LinuxCommandsWazuh: User aman [546046]: 309 ls Oct 10 11:18:31 bastion LinuxCommandsWazuh: User aman [546046]: 310 kubectl get pods | grep chat Oct 10 11:20:19 bastion LinuxCommandsWazuh: User ubuntu [547148]: 1999 exit Oct 10 11:20:28 bastion LinuxCommandsWazuh: User ubuntu [547148]: 2000 vi .bashrc Oct 10 11:20:32 bastion LinuxCommandsWazuh: User rihan [547168]: 1406 redis Oct 10 11:20:33 bastion LinuxCommandsWazuh: User rihan [547168]: 1407 cd Oct 10 11:24:06 bastion LinuxCommandsWazuh: User rihan [547168]: 1408 vi .bashrc Oct 10 11:25:10 bastion LinuxCommandsWazuh: User aman [546046]: 311 kubectl describe chatbot-5fc84b59dc-ltlh2 Oct 10 11:25:20 bastion LinuxCommandsWazuh: User aman [546046]: 312 kubectl describe configmap chatbot-5fc84b59dc-ltlh2 Oct 10 11:25:31 bastion LinuxCommandsWazuh: User aman [546046]: 313 kubectl get pods | grep chat Oct 10 11:25:45 bastion LinuxCommandsWazuh: User aman [546046]: 314 kubectl describe configmap chatbot-79bd7ddf9b-tq2zq Oct 10 11:26:08 bastion LinuxCommandsWazuh: User aman [546046]: 315 kubectl descrive configmap chatbot-79bd7ddf9b-tq2zq Oct 10 11:26:13 bastion LinuxCommandsWazuh: User aman [546046]: 316 kubectl describe configmap chatbot-79bd7ddf9b-tq2zq Oct 10 11:26:18 bastion LinuxCommandsWazuh: User aman [546046]: 317 kubectl describe configmaps chatbot-79bd7ddf9b-tq2zq Oct 10 11:26:21 bastion LinuxCommandsWazuh: User aman [546046]: 318 kubectl describe configmap chatbot-79bd7ddf9b-tq2zq Oct 10 11:26:34 bastion LinuxCommandsWazuh: User aman [546046]: 319 clear Oct 10 11:26:43 bastion LinuxCommandsWazuh: User aman [546046]: 320 kubectl get pods | grep chat Oct 10 11:26:56 bastion LinuxCommandsWazuh: User aman [546046]: 321 kubectl describe configmap chatbot-79bd7ddf9b-tq2zq Oct 10 11:27:09 bastion LinuxCommandsWazuh: User aman [546046]: 322 kubectl get configmao Oct 10 11:27:11 bastion LinuxCommandsWazuh: User aman [546046]: 323 kubectl get configmap Oct 10 11:27:23 bastion LinuxCommandsWazuh: User aman [546046]: 324 kubectl descrive configmap chatbot-config Oct 10 11:27:27 bastion LinuxCommandsWazuh: User aman [546046]: 325 kubectl describe configmap chatbot-config Oct 10 11:28:45 bastion LinuxCommandsWazuh: User aman [546046]: 326 kubectl edit configmap chatbot-config Oct 10 11:28:48 bastion LinuxCommandsWazuh: User aman [546046]: 327 kubectl describe configmap chatbot-config Oct 10 11:28:53 bastion LinuxCommandsWazuh: User aman [546046]: 328 clear Oct 10 11:32:11 bastion LinuxCommandsWazuh: User aman [546046]: 329 kubectl get pods | grep chat Oct 10 11:37:14 bastion LinuxCommandsWazuh: User aman [546046]: 330 kubectl exec -it chatbot-79bd7ddf9b-tq2zq /bin/bash Oct 10 11:39:17 bastion LinuxCommandsWazuh: User aman [546046]: 331 clear Oct 10 11:39:23 bastion LinuxCommandsWazuh: User aman [546046]: 332 kubectl get pods | grep chat Oct 10 11:40:07 bastion LinuxCommandsWazuh: User aman [546046]: 333 kubectl exec -it chatbot-f84d675bd-75cfc /bin/bash Oct 10 11:40:08 bastion LinuxCommandsWazuh: User aman [546046]: 334 clear Oct 10 11:41:00 bastion LinuxCommandsWazuh: User aman [546046]: 335 psql -h 10.94.16.3 -p 5432 -U dbuser -d nitrox_v2 Oct 10 11:41:26 bastion LinuxCommandsWazuh: User aman [546046]: 336 psql -h 10.94.16.3 -p 5432 -U postgres -d nitrox_v2 Oct 10 11:41:27 bastion LinuxCommandsWazuh: User aman [546046]: 337 clear Oct 10 11:45:11 bastion LinuxCommandsWazuh: User rihan [547168]: 1408 vi .bashrc Oct 10 11:45:12 bastion LinuxCommandsWazuh: message repeated 3 times: [ User rihan [547168]: 1408 vi .bashrc] Oct 10 11:45:13 bastion LinuxCommandsWazuh: User ubuntu [547148]: 2001 sudo su rihan Oct 10 11:45:13 bastion LinuxCommandsWazuh: User ubuntu [547148]: 2002 ls Oct 10 11:45:13 bastion LinuxCommandsWazuh: User ubuntu [547148]: 2003 cd Oct 10 11:45:14 bastion LinuxCommandsWazuh: User ubuntu [547148]: 2004 ls Oct 10 11:53:08 bastion LinuxCommandsWazuh: User aman [546046]: 338 psql -h 10.94.16.3 -p 5432 -U postgres -d nitrox_v2 Oct 10 11:53:09 bastion LinuxCommandsWazuh: User aman [546046]: 339 clear Oct 10 11:54:01 bastion LinuxCommandsWazuh: User aman [546046]: 340 psql -h 10.94.16.3 -p 5432 -U postgres -d nitrox_v2 Oct 10 11:54:02 bastion LinuxCommandsWazuh: User aman [546046]: 341 clear Oct 10 12:00:15 bastion LinuxCommandsWazuh: User ashish [551363]: 594 byobu Oct 10 12:00:16 bastion LinuxCommandsWazuh: User ashish [551363]: 595 clear Oct 10 12:02:14 bastion LinuxCommandsWazuh: User abhijeet [553420]: 1998 exit Oct 10 12:02:27 bastion LinuxCommandsWazuh: User abhijeet [553420]: 1999 kubectl get cm -n loki Oct 10 12:11:29 bastion LinuxCommandsWazuh: User abhijeet [553420]: 2000 kubectl edit cm prometheus-server -n loki Oct 10 12:11:50 bastion LinuxCommandsWazuh: User aman [546046]: 342 psql -h 10.94.16.3 -p 5432 -U postgres -d nitrox_v2 Oct 10 12:14:23 bastion LinuxCommandsWazuh: User abhijeet [553420]: 2000 kubectl edit cm prometheus-server -n loki Oct 10 12:14:37 bastion LinuxCommandsWazuh: User abhijeet [553420]: 2000 kubectl edit cm prometheus-server -n loki Oct 10 12:14:40 bastion LinuxCommandsWazuh: User abhijeet [553420]: 2001 kubectl get cm -n loki Oct 10 12:15:35 bastion LinuxCommandsWazuh: User abhijeet [567212]: 1998 exit Oct 10 12:15:41 bastion LinuxCommandsWazuh: User abhijeet [567212]: 1999 kubectl get pods -n loki Oct 10 12:16:11 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2000 kubectl exec -it prometheus-server-5dc4d7ddc-lkczq -- bash -n loko Oct 10 12:16:14 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2001 kubectl exec -it prometheus-server-5dc4d7ddc-lkczq -- bash -n loki Oct 10 12:16:17 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2002 kubectl exec -it prometheus-server-5dc4d7ddc-lkczq -- bash Oct 10 12:16:24 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2003 kubectl get pods -n loki Oct 10 12:16:35 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2004 kubectl exec -it prometheus-server-5dc4d7ddc-lkczq -- sh Oct 10 12:16:42 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2005 kubectl exec -it prometheus-server-5dc4d7ddc-lkczq -n loki -- bash Oct 10 12:16:53 bastion LinuxCommandsWazuh: User aman [546046]: 342 psql -h 10.94.16.3 -p 5432 -U postgres -d nitrox_v2 Oct 10 12:16:54 bastion LinuxCommandsWazuh: User aman [546046]: 343 clear Oct 10 12:22:05 bastion LinuxCommandsWazuh: User abhijeet [553420]: 2002 kubectl edit cm prometheus-server -n loki Oct 10 12:22:22 bastion LinuxCommandsWazuh: User abhijeet [553420]: 2003 kubectl get cm -n loki -o yaml Oct 10 12:23:16 bastion LinuxCommandsWazuh: User abhijeet [553420]: 2004 kubectl edit cm prometheus-server -n loki Oct 10 12:23:50 bastion LinuxCommandsWazuh: User abhijeet [553420]: 2005 kubectl get deployment -n loki Oct 10 12:24:19 bastion LinuxCommandsWazuh: User abhijeet [553420]: 2006 kubectl rollout restart deployment prometheus-server -n loki Oct 10 12:24:20 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2006 kubectl exec -it prometheus-server-5dc4d7ddc-lkczq -n loki -- sh Oct 10 12:24:25 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2007 kubectl get pods -n loki Oct 10 12:24:40 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2008 kubectl get pods -n loki --watch Oct 10 12:24:42 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2009 kubectl get pods -n loki Oct 10 12:24:55 bastion LinuxCommandsWazuh: message repeated 9 times: [ User abhijeet [567212]: 2009 kubectl get pods -n loki] Oct 10 12:24:56 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2010 kubectl get pods -n lokiw Oct 10 12:24:58 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2010 kubectl get pods -n lokiw Oct 10 12:25:00 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2011 kubectl get pods -n lokiww Oct 10 12:25:02 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2011 kubectl get pods -n lokiww Oct 10 12:25:11 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2012 kubectl logs prometheus-server-7c97bf5b64-zxdr4 -f Oct 10 12:25:14 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2013 kubectl get pods -n lokiww Oct 10 12:25:16 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2014 kubectl get pods -n loki Oct 10 12:25:25 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2015 kubectl logs prometheus-server-7c97bf5b64-zxdr4 -f Oct 10 12:25:27 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2016 kubectl get pods -n loki Oct 10 12:25:41 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2017 kubectl logs prometheus-server-7c97bf5b64-zxdr4 -f -n loki Oct 10 12:25:43 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2018 kubectl get pods -n loki Oct 10 12:29:45 bastion LinuxCommandsWazuh: User venky [581404]: 2000 stern house-of-click-6d9f79b55b-2trm9 Oct 10 12:29:55 bastion LinuxCommandsWazuh: User venky [581404]: 2001 kubectl get config Oct 10 12:31:15 bastion LinuxCommandsWazuh: User venky [581404]: 2002 kubectl get configmaps Oct 10 12:31:42 bastion LinuxCommandsWazuh: User venky [581404]: 2003 kubectl edt configmaps nitrox-ck-config Oct 10 12:34:07 bastion LinuxCommandsWazuh: User venky [581404]: 2004 kubectl edit configmaps nitrox-ck-config Oct 10 12:34:24 bastion LinuxCommandsWazuh: User venky [581404]: 2005 kubectl get deploy Oct 10 12:34:44 bastion LinuxCommandsWazuh: User venky [581404]: 2006 kubectl rollout restart deploy cookie-cutter Oct 10 12:45:39 bastion LinuxCommandsWazuh: User abhijeet [553420]: 2007 kubectl get deployment -n loki Oct 10 12:51:58 bastion LinuxCommandsWazuh: User venky [581404]: 2007 kubectl get hpa Oct 10 12:52:19 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2019 ls Oct 10 12:52:32 bastion LinuxCommandsWazuh: User venky [581404]: 2008 kubectl get po | grep cookie-cutter Oct 10 12:52:40 bastion LinuxCommandsWazuh: User venky [581404]: 2008 kubectl get po | grep cookie-cutter Oct 10 12:52:40 bastion LinuxCommandsWazuh: message repeated 2 times: [ User venky [581404]: 2008 kubectl get po | grep cookie-cutter] Oct 10 12:52:45 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2019 ls Oct 10 12:52:45 bastion LinuxCommandsWazuh: User venky [581404]: 2008 kubectl get po | grep cookie-cutter Oct 10 12:52:45 bastion LinuxCommandsWazuh: User venky [581404]: 2008 kubectl get po | grep cookie-cutter Oct 10 12:52:50 bastion LinuxCommandsWazuh: User venky [581404]: 2009 stern cookie-cutter-57dc68f579 Oct 10 12:52:58 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2020 cd k8s/ Oct 10 12:52:58 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2021 ls Oct 10 12:53:00 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2021 ls Oct 10 12:53:01 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2022 cd loki/ Oct 10 12:53:03 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2023 ls Oct 10 12:53:05 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2024 cd loki/ Oct 10 12:53:06 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2025 ls Oct 10 12:53:21 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2026 ls | grep con Oct 10 12:53:27 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2027 ls | grep cm Oct 10 12:53:30 bastion LinuxCommandsWazuh: User abhijeet [567212]: 2028 ls | grep map Oct 10 12:53:39 bastion LinuxCommandsWazuh: User ayush [605004]: 488 exit Oct 10 12:54:55 bastion LinuxCommandsWazuh: User venky [581404]: 2009 stern cookie-cutter-57dc68f579 Oct 10 12:59:25 bastion LinuxCommandsWazuh: User venky [581404]: 2009 stern cookie-cutter-57dc68f579 Oct 10 12:59:25 bastion LinuxCommandsWazuh: message repeated 4 times: [ User venky [581404]: 2009 stern cookie-cutter-57dc68f579] Oct 10 13:02:37 bastion LinuxCommandsWazuh: User mohtashim [613948]: 771 clickhouse-ssh Oct 10 13:03:09 bastion LinuxCommandsWazuh: User abhijeet [553420]: 2008 kubectl edit cm prometheus-server -n loki Oct 10 13:03:13 bastion LinuxCommandsWazuh: User abhijeet [553420]: 2009 kubectl rollout restart deployment prometheus-server -n loki Oct 10 13:03:16 bastion LinuxCommandsWazuh: User abhijeet [553420]: 2010 kubectl get deployment -n loki Oct 10 13:03:30 bastion LinuxCommandsWazuh: User abhijeet [553420]: 2011 kubectl get pods -n loki Oct 10 13:03:39 bastion LinuxCommandsWazuh: message repeated 7 times: [ User abhijeet [553420]: 2011 kubectl get pods -n loki] Oct 10 13:08:18 bastion LinuxCommandsWazuh: User aman [546046]: 344 psql -h 10.94.16.3 -p 5432 -U postgres -d nitrox_v2 Oct 10 13:08:19 bastion LinuxCommandsWazuh: User aman [546046]: 345 clear Oct 10 13:12:13 bastion LinuxCommandsWazuh: User ashish [623620]: 594 byobu Oct 10 13:14:55 bastion LinuxCommandsWazuh: User ashish [623620]: 595 clickhouse-ssh Oct 10 13:14:59 bastion LinuxCommandsWazuh: User ashish [623620]: 596 ls Oct 10 13:15:06 bastion LinuxCommandsWazuh: User ashish [268698]: 614 clickhouse-ssh Oct 10 13:15:07 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ashish [268698]: 614 clickhouse-ssh] Oct 10 13:15:08 bastion LinuxCommandsWazuh: User ashish [268698]: 615 clear Oct 10 13:15:18 bastion LinuxCommandsWazuh: User ashish [268698]: 616 kubectl get pods Oct 10 13:15:26 bastion LinuxCommandsWazuh: User ashish [268698]: 617 kubectl get pods | grep "house-of" Oct 10 13:15:37 bastion LinuxCommandsWazuh: User ashish [268698]: 618 kubectl logs -l app=house-of-click --all-containers=true -f Oct 10 13:15:45 bastion LinuxCommandsWazuh: User ashish [268698]: 619 clear Oct 10 13:15:59 bastion LinuxCommandsWazuh: User ashish [268698]: 620 kubectl get pods -owide | grep "house-of" Oct 10 13:16:21 bastion LinuxCommandsWazuh: User ashish [268698]: 620 kubectl get pods -owide | grep "house-of" Oct 10 13:16:44 bastion LinuxCommandsWazuh: User ashish [268698]: 620 kubectl get pods -owide | grep "house-of" Oct 10 13:17:05 bastion LinuxCommandsWazuh: User ashish [268698]: 621 curl -X POST 'http://10.84.3.117:10750/get-total-active-network-users' --header 'Accept: application/json, text/plain, */*' --header 'Accept-Language: en-US,en;q=0.9' --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MzIyOCwibmFtZSI6IkFzaGlzaCIsImVtYWlsIjoiYXNoaXNoQGdldG5pdHJvLmNvIiwidXNlcm5hbWUiOiJhc2hpc2hAZ2V0bml0cm8uY28iLCJpc19hY3RpdmUiOnRydWUsImlzX3N1cGVydXNlciI6ZmFsc2UsInBhc3N3b3JkIjoicGJrZGYyX3NoYTI1NiQ2MDAwMDAkTlp1dmxINFd3REZQY2xzRTZHN1RzSSRCc01nZEVCajRRQXZmbkxLNVYxWm1SK0dQYlB4Q0g0QTI1dVB5aUFxZGs0PSIsImlzX2VtYWlsX3ZlcmlmaWVkIjp0cnVlLCJpc19waG9uZV92ZXJpZmllZCI6ZmFsc2UsInBob25lIjoiOTA2ODU4Mzc1OCIsInVzZXJfdG9rZW4iOiJjR0pyWkdZeVgzTm9ZVEkxTmlRMk1EQXdNREFrVGxwMWRteElORmQzUkVaUVkyeHpSVFpITjFSelNTUkNjMDFuWkVWQ2FqUlJRWFptYmt4TE5WWXhXbTFTSzBkUVlsQjRRMGcwUVRJMWRWQjVhVUZ4WkdzMFBRPT0iLCJpYXQiOjE3NTgyODA3ODEuMTYyODg0LCJleHAiOjE3NjA4NzI3ODEuMTYyODg0fQ.PP1RFoprURPvQLw-Va9jK3AHRegOkv1VG_OBUm0hGvY' --header 'Origin: https://x.nitrocommerce.ai' --header 'Referer: ht Oct 10 13:17:12 bastion LinuxCommandsWazuh: User ashish [268698]: 622 curl -X POST 'http://10.84.3.117:10750/get-total-active-network-users' --header 'Accept: application/json, text/plain, */*' --header 'Accept-Language: en-US,en;q=0.9' --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MzIyOCwibmFtZSI6IkFzaGlzaCIsImVtYWlsIjoiYXNoaXNoQGdldG5pdHJvLmNvIiwidXNlcm5hbWUiOiJhc2hpc2hAZ2V0bml0cm8uY28iLCJpc19hY3RpdmUiOnRydWUsImlzX3N1cGVydXNlciI6ZmFsc2UsInBhc3N3b3JkIjoicGJrZGYyX3NoYTI1NiQ2MDAwMDAkTlp1dmxINFd3REZQY2xzRTZHN1RzSSRCc01nZEVCajRRQXZmbkxLNVYxWm1SK0dQYlB4Q0g0QTI1dVB5aUFxZGs0PSIsImlzX2VtYWlsX3ZlcmlmaWVkIjp0cnVlLCJpc19waG9uZV92ZXJpZmllZCI6ZmFsc2UsInBob25lIjoiOTA2ODU4Mzc1OCIsInVzZXJfdG9rZW4iOiJjR0pyWkdZeVgzTm9ZVEkxTmlRMk1EQXdNREFrVGxwMWRteElORmQzUkVaUVkyeHpSVFpITjFSelNTUkNjMDFuWkVWQ2FqUlJRWFptYmt4TE5WWXhXbTFTSzBkUVlsQjRRMGcwUVRJMWRWQjVhVUZ4WkdzMFBRPT0iLCJpYXQiOjE3NTgyODA3ODEuMTYyODg0LCJleHAiOjE3NjA4NzI3ODEuMTYyODg0fQ.PP1RFoprURPvQLw-Va9jK3AHRegOkv1VG_OBUm0hGvY' --header 'Origin: https://x.nitrocommerce.ai' --header 'Referer: ht Oct 10 13:17:30 bastion LinuxCommandsWazuh: User venky [630846]: 2000 stern house-of-click-6d9f79b55b-2trm9 Oct 10 13:17:32 bastion LinuxCommandsWazuh: User ashish [268698]: 623 curl -X POST 'http://10.84.3.103:10750/get-total-active-network-users' --header 'Accept: application/json, text/plain, */*' --header 'Accept-Language: en-US,en;q=0.9' --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MzIyOCwibmFtZSI6IkFzaGlzaCIsImVtYWlsIjoiYXNoaXNoQGdldG5pdHJvLmNvIiwidXNlcm5hbWUiOiJhc2hpc2hAZ2V0bml0cm8uY28iLCJpc19hY3RpdmUiOnRydWUsImlzX3N1cGVydXNlciI6ZmFsc2UsInBhc3N3b3JkIjoicGJrZGYyX3NoYTI1NiQ2MDAwMDAkTlp1dmxINFd3REZQY2xzRTZHN1RzSSRCc01nZEVCajRRQXZmbkxLNVYxWm1SK0dQYlB4Q0g0QTI1dVB5aUFxZGs0PSIsImlzX2VtYWlsX3ZlcmlmaWVkIjp0cnVlLCJpc19waG9uZV92ZXJpZmllZCI6ZmFsc2UsInBob25lIjoiOTA2ODU4Mzc1OCIsInVzZXJfdG9rZW4iOiJjR0pyWkdZeVgzTm9ZVEkxTmlRMk1EQXdNREFrVGxwMWRteElORmQzUkVaUVkyeHpSVFpITjFSelNTUkNjMDFuWkVWQ2FqUlJRWFptYmt4TE5WWXhXbTFTSzBkUVlsQjRRMGcwUVRJMWRWQjVhVUZ4WkdzMFBRPT0iLCJpYXQiOjE3NTgyODA3ODEuMTYyODg0LCJleHAiOjE3NjA4NzI3ODEuMTYyODg0fQ.PP1RFoprURPvQLw-Va9jK3AHRegOkv1VG_OBUm0hGvY' --header 'Origin: https://x.nitrocommerce.ai' --header 'Referer: ht Oct 10 13:17:39 bastion LinuxCommandsWazuh: User venky [630846]: 2001 kubectl get po | grep cook Oct 10 13:17:49 bastion LinuxCommandsWazuh: User venky [630846]: 2001 kubectl get po | grep cook Oct 10 13:18:03 bastion LinuxCommandsWazuh: User ashish [268698]: 623 curl -X POST 'http://10.84.3.103:10750/get-total-active-network-users' --header 'Accept: application/json, text/plain, */*' --header 'Accept-Language: en-US,en;q=0.9' --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MzIyOCwibmFtZSI6IkFzaGlzaCIsImVtYWlsIjoiYXNoaXNoQGdldG5pdHJvLmNvIiwidXNlcm5hbWUiOiJhc2hpc2hAZ2V0bml0cm8uY28iLCJpc19hY3RpdmUiOnRydWUsImlzX3N1cGVydXNlciI6ZmFsc2UsInBhc3N3b3JkIjoicGJrZGYyX3NoYTI1NiQ2MDAwMDAkTlp1dmxINFd3REZQY2xzRTZHN1RzSSRCc01nZEVCajRRQXZmbkxLNVYxWm1SK0dQYlB4Q0g0QTI1dVB5aUFxZGs0PSIsImlzX2VtYWlsX3ZlcmlmaWVkIjp0cnVlLCJpc19waG9uZV92ZXJpZmllZCI6ZmFsc2UsInBob25lIjoiOTA2ODU4Mzc1OCIsInVzZXJfdG9rZW4iOiJjR0pyWkdZeVgzTm9ZVEkxTmlRMk1EQXdNREFrVGxwMWRteElORmQzUkVaUVkyeHpSVFpITjFSelNTUkNjMDFuWkVWQ2FqUlJRWFptYmt4TE5WWXhXbTFTSzBkUVlsQjRRMGcwUVRJMWRWQjVhVUZ4WkdzMFBRPT0iLCJpYXQiOjE3NTgyODA3ODEuMTYyODg0LCJleHAiOjE3NjA4NzI3ODEuMTYyODg0fQ.PP1RFoprURPvQLw-Va9jK3AHRegOkv1VG_OBUm0hGvY' --header 'Origin: https://x.nitrocommerce.ai' --header 'Referer: ht Oct 10 13:18:03 bastion LinuxCommandsWazuh: User ashish [268698]: 623 curl -X POST 'http://10.84.3.103:10750/get-total-active-network-users' --header 'Accept: application/json, text/plain, */*' --header 'Accept-Language: en-US,en;q=0.9' --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MzIyOCwibmFtZSI6IkFzaGlzaCIsImVtYWlsIjoiYXNoaXNoQGdldG5pdHJvLmNvIiwidXNlcm5hbWUiOiJhc2hpc2hAZ2V0bml0cm8uY28iLCJpc19hY3RpdmUiOnRydWUsImlzX3N1cGVydXNlciI6ZmFsc2UsInBhc3N3b3JkIjoicGJrZGYyX3NoYTI1NiQ2MDAwMDAkTlp1dmxINFd3REZQY2xzRTZHN1RzSSRCc01nZEVCajRRQXZmbkxLNVYxWm1SK0dQYlB4Q0g0QTI1dVB5aUFxZGs0PSIsImlzX2VtYWlsX3ZlcmlmaWVkIjp0cnVlLCJpc19waG9uZV92ZXJpZmllZCI6ZmFsc2UsInBob25lIjoiOTA2ODU4Mzc1OCIsInVzZXJfdG9rZW4iOiJjR0pyWkdZeVgzTm9ZVEkxTmlRMk1EQXdNREFrVGxwMWRteElORmQzUkVaUVkyeHpSVFpITjFSelNTUkNjMDFuWkVWQ2FqUlJRWFptYmt4TE5WWXhXbTFTSzBkUVlsQjRRMGcwUVRJMWRWQjVhVUZ4WkdzMFBRPT0iLCJpYXQiOjE3NTgyODA3ODEuMTYyODg0LCJleHAiOjE3NjA4NzI3ODEuMTYyODg0fQ.PP1RFoprURPvQLw-Va9jK3AHRegOkv1VG_OBUm0hGvY' --header 'Origin: https://x.nitrocommerce.ai' --header 'Referer: ht Oct 10 13:19:13 bastion LinuxCommandsWazuh: User abhijeet [633600]: 1998 kubectl get pods -n loki Oct 10 13:20:07 bastion LinuxCommandsWazuh: User abhijeet [633600]: 1999 kubectl get cm -n loki Oct 10 13:20:19 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2000 kubectl get cm prometheus-server -n loki Oct 10 13:21:36 bastion LinuxCommandsWazuh: User ashish [637269]: 594 byobu Oct 10 13:21:37 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ashish [637269]: 594 byobu] Oct 10 13:22:01 bastion LinuxCommandsWazuh: User mohtashim [613948]: 772 clickhouse-ssh Oct 10 13:22:02 bastion LinuxCommandsWazuh: User mohtashim [613948]: 773 clear Oct 10 13:22:04 bastion LinuxCommandsWazuh: User mohtashim [613948]: 773 clear Oct 10 13:22:07 bastion LinuxCommandsWazuh: User ashish [637269]: 595 kubectl get pods | grep "house" Oct 10 13:22:16 bastion LinuxCommandsWazuh: User ashish [637269]: 596 kubectl get pods -owide | grep "house" Oct 10 13:22:28 bastion LinuxCommandsWazuh: User ashish [637269]: 597 kubectl get logs -f house-of-click-579cdf7f47-2jfdq Oct 10 13:24:55 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2001 kubectl get cm prometheus-server -o wide -n loki Oct 10 13:25:04 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2002 kubectl get cm prometheus-server -o yaml -n loki Oct 10 13:26:02 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2003 ls Oct 10 13:26:07 bastion LinuxCommandsWazuh: User venky [630846]: 2002 kubectl exec -it cookie-cutter-57dc68f579-zvmbb bash Oct 10 13:26:41 bastion LinuxCommandsWazuh: User venky [630846]: 2003 kubectl get po | grep cook Oct 10 13:26:50 bastion LinuxCommandsWazuh: message repeated 3 times: [ User venky [630846]: 2003 kubectl get po | grep cook] Oct 10 13:26:55 bastion LinuxCommandsWazuh: User venky [630846]: 2004 kubectl get hpa Oct 10 13:27:05 bastion LinuxCommandsWazuh: User venky [630846]: 2004 kubectl get hpa Oct 10 13:27:08 bastion LinuxCommandsWazuh: User venky [630846]: 2004 kubectl get hpa Oct 10 13:27:37 bastion LinuxCommandsWazuh: User venky [630846]: 2005 kubectl get po | grep cook Oct 10 13:27:47 bastion LinuxCommandsWazuh: User venky [630846]: 2006 kubectl get hpa Oct 10 13:27:56 bastion LinuxCommandsWazuh: message repeated 2 times: [ User venky [630846]: 2006 kubectl get hpa ] Oct 10 13:28:58 bastion LinuxCommandsWazuh: User venky [630846]: 2006 kubectl get hpa Oct 10 13:29:04 bastion LinuxCommandsWazuh: message repeated 5 times: [ User venky [630846]: 2006 kubectl get hpa ] Oct 10 13:29:25 bastion LinuxCommandsWazuh: User ashish [268698]: 624 curl -X POST 'http://10.84.3.117:10750/get-total-active-network-users' --header 'Accept: application/json, text/plain, */*' --header 'Accept-Language: en-US,en;q=0.9' --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MzIyOCwibmFtZSI6IkFzaGlzaCIsImVtYWlsIjoiYXNoaXNoQGdldG5pdHJvLmNvIiwidXNlcm5hbWUiOiJhc2hpc2hAZ2V0bml0cm8uY28iLCJpc19hY3RpdmUiOnRydWUsImlzX3N1cGVydXNlciI6ZmFsc2UsInBhc3N3b3JkIjoicGJrZGYyX3NoYTI1NiQ2MDAwMDAkTlp1dmxINFd3REZQY2xzRTZHN1RzSSRCc01nZEVCajRRQXZmbkxLNVYxWm1SK0dQYlB4Q0g0QTI1dVB5aUFxZGs0PSIsImlzX2VtYWlsX3ZlcmlmaWVkIjp0cnVlLCJpc19waG9uZV92ZXJpZmllZCI6ZmFsc2UsInBob25lIjoiOTA2ODU4Mzc1OCIsInVzZXJfdG9rZW4iOiJjR0pyWkdZeVgzTm9ZVEkxTmlRMk1EQXdNREFrVGxwMWRteElORmQzUkVaUVkyeHpSVFpITjFSelNTUkNjMDFuWkVWQ2FqUlJRWFptYmt4TE5WWXhXbTFTSzBkUVlsQjRRMGcwUVRJMWRWQjVhVUZ4WkdzMFBRPT0iLCJpYXQiOjE3NTgyODA3ODEuMTYyODg0LCJleHAiOjE3NjA4NzI3ODEuMTYyODg0fQ.PP1RFoprURPvQLw-Va9jK3AHRegOkv1VG_OBUm0hGvY' --header 'Origin: https://x.nitrocommerce.ai' --header 'Referer: ht Oct 10 13:29:53 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2004 kubectl edit cm prometheus-server -o loki Oct 10 13:30:02 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2005 kubectl get deployment -n loki Oct 10 13:30:13 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2006 kubectl edit cm prometheus-server -o loki Oct 10 13:31:43 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2007 kubectl edit cm prometheus-server -n loki Oct 10 13:31:44 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2008 ls Oct 10 13:32:40 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2009 kubectl get pods -n loki Oct 10 13:32:52 bastion LinuxCommandsWazuh: User rihan [657376]: 1409 exit Oct 10 13:34:20 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2010 kubectl edit cm prometheus-server -n loki Oct 10 13:34:32 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2011 kubectl get cm prometheus-server -o yaml -n loki Oct 10 13:38:23 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2012 ls Oct 10 13:38:47 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2013 kubectl get cm -n loki Oct 10 13:38:58 bastion LinuxCommandsWazuh: User venky [630846]: 2006 kubectl get hpa Oct 10 13:39:00 bastion LinuxCommandsWazuh: User ubuntu [668623]: 1999 exit Oct 10 13:39:04 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2014 kubectl get pods -n loki Oct 10 13:39:05 bastion LinuxCommandsWazuh: User ubuntu [668623]: 2000 ls Oct 10 13:39:09 bastion LinuxCommandsWazuh: User nikhil [668926]: Oct 10 13:39:10 bastion LinuxCommandsWazuh: User nikhil [668926]: 1 ls Oct 10 13:39:12 bastion LinuxCommandsWazuh: User nikhil [668926]: 2 cd Oct 10 13:39:12 bastion LinuxCommandsWazuh: User nikhil [668926]: 3 ls Oct 10 13:39:14 bastion LinuxCommandsWazuh: User nikhil [668926]: 4 cd .. Oct 10 13:39:14 bastion LinuxCommandsWazuh: User nikhil [668926]: 5 ls Oct 10 13:39:18 bastion LinuxCommandsWazuh: User nikhil [668926]: 6 cd akans Oct 10 13:39:18 bastion LinuxCommandsWazuh: User nikhil [668926]: 7 ls Oct 10 13:39:19 bastion LinuxCommandsWazuh: User nikhil [668926]: 8 cd Oct 10 13:39:20 bastion LinuxCommandsWazuh: User nikhil [668926]: .. Oct 10 13:39:20 bastion LinuxCommandsWazuh: User nikhil [668926]: 10 ls Oct 10 13:39:23 bastion LinuxCommandsWazuh: User nikhil [668926]: 11 cd .. Oct 10 13:39:24 bastion LinuxCommandsWazuh: User nikhil [668926]: 12 ls Oct 10 13:39:29 bastion LinuxCommandsWazuh: User nikhil [668926]: 13 cd ankur Oct 10 13:39:29 bastion LinuxCommandsWazuh: User nikhil [668926]: 14 ls Oct 10 13:39:31 bastion LinuxCommandsWazuh: User nikhil [668926]: 15 cd .. Oct 10 13:39:31 bastion LinuxCommandsWazuh: User nikhil [668926]: 16 ls Oct 10 13:39:32 bastion LinuxCommandsWazuh: User nikhil [668926]: 17 cd Oct 10 13:39:35 bastion LinuxCommandsWazuh: User nikhil [668926]: 18 cd .. Oct 10 13:39:38 bastion LinuxCommandsWazuh: User nikhil [668926]: 19 cd ubuntu Oct 10 13:39:39 bastion LinuxCommandsWazuh: User nikhil [668926]: 20 cd Oct 10 13:39:40 bastion LinuxCommandsWazuh: User nikhil [668926]: 21 ls Oct 10 13:39:41 bastion LinuxCommandsWazuh: User nikhil [668926]: 21 ls Oct 10 13:41:25 bastion LinuxCommandsWazuh: User nikhil [668926]: 22 sudo deluser sudo Oct 10 13:41:33 bastion LinuxCommandsWazuh: User nikhil [668926]: 23 sudo deluser nikhil sudo Oct 10 13:42:27 bastion LinuxCommandsWazuh: User nikhil [668926]: 24 sudo deluser google_sudoers Oct 10 13:42:29 bastion LinuxCommandsWazuh: User nikhil [668926]: 24 sudo deluser google_sudoers Oct 10 13:42:37 bastion LinuxCommandsWazuh: User nikhil [668926]: 25 sudo deluser nikhil google_sudoers Oct 10 13:42:47 bastion ubuntu: root@ [675298]: exit [0] Oct 10 13:42:48 bastion ubuntu: root@ [675298]: exit [130] Oct 10 13:42:50 bastion LinuxCommandsWazuh: User nikhil [668926]: 26 sudo su Oct 10 13:43:06 bastion LinuxCommandsWazuh: User venky [630846]: 2006 kubectl get hpa Oct 10 13:43:07 bastion LinuxCommandsWazuh: User venky [630846]: 2006 kubectl get hpa Oct 10 13:43:08 bastion LinuxCommandsWazuh: User ubuntu [668623]: 2001 sudo su nikhil Oct 10 13:43:08 bastion LinuxCommandsWazuh: User venky [630846]: 2006 kubectl get hpa Oct 10 13:43:11 bastion LinuxCommandsWazuh: message repeated 4 times: [ User venky [630846]: 2006 kubectl get hpa ] Oct 10 13:43:15 bastion LinuxCommandsWazuh: User ubuntu [668623]: 2002 sudo deluser nikhil google_sudoers Oct 10 13:43:43 bastion LinuxCommandsWazuh: User ubuntu [668623]: 2003 getent group recordusers Oct 10 13:44:09 bastion LinuxCommandsWazuh: User ubuntu [668623]: 2004 sudo usermod -aG recordusers shubham Oct 10 13:44:16 bastion LinuxCommandsWazuh: User ubuntu [668623]: 2005 sudo usermod -aG recordusers nikhil Oct 10 13:45:34 bastion ubuntu: root@ [680864]: exit [0] Oct 10 13:45:35 bastion LinuxCommandsWazuh: User ubuntu [668623]: 2006 sudo su Oct 10 13:45:44 bastion LinuxCommandsWazuh: User nikhil [681261]: 27 exit Oct 10 13:45:45 bastion LinuxCommandsWazuh: User nikhil [681261]: 28 cd Oct 10 13:45:45 bastion LinuxCommandsWazuh: User nikhil [681261]: 29 ls Oct 10 13:45:47 bastion ubuntu: root@ [681377]: exit [0] Oct 10 13:45:48 bastion LinuxCommandsWazuh: User nikhil [681261]: 30 sudo su Oct 10 13:46:23 bastion LinuxCommandsWazuh: User nikhil [681261]: 31 groups Nikhil Oct 10 13:46:25 bastion LinuxCommandsWazuh: message repeated 2 times: [ User nikhil [681261]: 31 groups Nikhil] Oct 10 13:46:27 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2015 kubectl edit cm prometheus-server -n loki Oct 10 13:46:28 bastion LinuxCommandsWazuh: User nikhil [681261]: 32 groups nikhil Oct 10 13:46:41 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2016 kubectl get deployment -n loki Oct 10 13:47:05 bastion LinuxCommandsWazuh: User nikhil [681261]: 32 groups nikhil Oct 10 13:47:05 bastion LinuxCommandsWazuh: User nikhil [681261]: 33 sudo deluser nikhil ubuntu Oct 10 13:47:08 bastion ubuntu: root@ [683771]: exit [0] Oct 10 13:47:11 bastion LinuxCommandsWazuh: User nikhil [681261]: 34 sudo su Oct 10 13:47:12 bastion LinuxCommandsWazuh: User ubuntu [668623]: 2007 sudo su nikhil Oct 10 13:47:14 bastion LinuxCommandsWazuh: User nikhil [683954]: 35 exit Oct 10 13:47:15 bastion LinuxCommandsWazuh: User nikhil [683954]: 36 cd Oct 10 13:47:18 bastion LinuxCommandsWazuh: User nikhil [683954]: 37 sudo su Oct 10 13:47:21 bastion LinuxCommandsWazuh: User ubuntu [668623]: 2007 sudo su nikhil Oct 10 13:47:31 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2017 kubectl edit cm prometheus-server -n loki Oct 10 13:47:33 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2018 kubectl get deployment -n loki Oct 10 13:47:43 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2019 kubectl rollout restart prometheus-server -n loki Oct 10 13:47:44 bastion LinuxCommandsWazuh: User nikhil [684885]: 38 exit Oct 10 13:47:45 bastion LinuxCommandsWazuh: User nikhil [684885]: 39 cd Oct 10 13:47:45 bastion LinuxCommandsWazuh: User nikhil [684885]: 40 ls Oct 10 13:48:00 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2020 kubectl rollout restart deployment prometheus-server -n loki Oct 10 13:48:10 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2021 kubectl get pods -n loki Oct 10 13:48:16 bastion LinuxCommandsWazuh: message repeated 4 times: [ User abhijeet [633600]: 2021 kubectl get pods -n loki] Oct 10 13:48:16 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2022 w Oct 10 13:48:18 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2023 kubectl get pods -n loki Oct 10 13:48:36 bastion LinuxCommandsWazuh: message repeated 2 times: [ User abhijeet [633600]: 2023 kubectl get pods -n loki] Oct 10 13:48:41 bastion LinuxCommandsWazuh: User venky [630846]: 2006 kubectl get hpa Oct 10 13:48:50 bastion LinuxCommandsWazuh: message repeated 9 times: [ User venky [630846]: 2006 kubectl get hpa ] Oct 10 13:48:50 bastion LinuxCommandsWazuh: User venky [630846]: 2006 kubectl get hpa Oct 10 13:48:51 bastion LinuxCommandsWazuh: User venky [630846]: 2006 kubectl get hpa Oct 10 13:49:16 bastion LinuxCommandsWazuh: User ubuntu [687946]: 1999 exit Oct 10 13:50:13 bastion LinuxCommandsWazuh: User nikhil [684885]: 41 vi .bashrc Oct 10 13:50:18 bastion LinuxCommandsWazuh: User nikhil [684885]: 42 cd .ssh/ Oct 10 13:50:18 bastion LinuxCommandsWazuh: User nikhil [684885]: 43 ls Oct 10 13:50:27 bastion LinuxCommandsWazuh: User nikhil [684885]: 44 ssh-keygen Oct 10 13:50:33 bastion LinuxCommandsWazuh: User nikhil [684885]: 45 cat home/nikhil/.ssh/id_rsa.pub Oct 10 13:50:37 bastion LinuxCommandsWazuh: User nikhil [684885]: 46 cat /home/nikhil/.ssh/id_rsa.pub Oct 10 13:50:45 bastion LinuxCommandsWazuh: User ashish [637269]: 598 kubectl logs -f house-of-click-579cdf7f47-2jfdq Oct 10 13:50:45 bastion LinuxCommandsWazuh: message repeated 7 times: [ User ashish [637269]: 598 kubectl logs -f house-of-click-579cdf7f47-2jfdq] Oct 10 13:50:48 bastion LinuxCommandsWazuh: User ubuntu [687946]: 2000 vi .bashrc Oct 10 13:51:23 bastion LinuxCommandsWazuh: User nikhil [684885]: 47 cat .bashrc Oct 10 13:51:24 bastion LinuxCommandsWazuh: User nikhil [684885]: 48 cd Oct 10 13:51:27 bastion LinuxCommandsWazuh: User nikhil [684885]: 49 cat .bashrc Oct 10 13:51:39 bastion LinuxCommandsWazuh: User nikhil [684885]: 50 ssh ubuntu@13.232.83.204 Oct 10 13:51:41 bastion LinuxCommandsWazuh: User ubuntu [668623]: 2007 sudo su nikhil Oct 10 13:51:49 bastion LinuxCommandsWazuh: User ubuntu [692574]: 1999 exit Oct 10 13:51:51 bastion LinuxCommandsWazuh: User nikhil [692628]: 51 exit Oct 10 13:51:57 bastion LinuxCommandsWazuh: User nikhil [692628]: 52 zodiac-server Oct 10 13:53:51 bastion LinuxCommandsWazuh: User nikhil [696154]: 51 exit Oct 10 14:20:02 bastion LinuxCommandsWazuh: User ubuntu [727994]: 1999 sudo su nikhil Oct 10 14:20:09 bastion LinuxCommandsWazuh: User rihan [728016]: 1409 exit Oct 10 14:20:09 bastion LinuxCommandsWazuh: User rihan [728016]: 1410 cd Oct 10 14:20:10 bastion LinuxCommandsWazuh: User rihan [728016]: 1411 ls Oct 10 14:20:10 bastion LinuxCommandsWazuh: User rihan [728016]: 1412 cd .ssh/ Oct 10 14:20:11 bastion LinuxCommandsWazuh: User rihan [728016]: 1413 ls Oct 10 14:20:15 bastion LinuxCommandsWazuh: User rihan [728016]: 1414 cat id_rsa.pub Oct 10 14:20:40 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2000 sudo su rihan Oct 10 14:20:40 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2001 ls Oct 10 14:20:44 bastion LinuxCommandsWazuh: User ankur [728086]: 604 exit Oct 10 14:20:45 bastion LinuxCommandsWazuh: User ankur [728086]: 605 cd Oct 10 14:20:45 bastion LinuxCommandsWazuh: User ankur [728086]: 605 cd Oct 10 14:20:47 bastion LinuxCommandsWazuh: User ankur [728086]: 606 ls Oct 10 14:20:48 bastion LinuxCommandsWazuh: User ankur [728086]: 607 cd .ssh/ Oct 10 14:20:48 bastion LinuxCommandsWazuh: User ankur [728086]: 608 ls Oct 10 14:20:50 bastion LinuxCommandsWazuh: User ankur [728086]: 609 cat id_rsa.pub Oct 10 14:21:01 bastion LinuxCommandsWazuh: User ankur [728086]: 610 cd Oct 10 14:21:02 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2002 sudo su ankur Oct 10 14:21:04 bastion LinuxCommandsWazuh: User venky [728155]: 2000 stern cookie-cutter-57dc68f579 Oct 10 14:21:05 bastion LinuxCommandsWazuh: User venky [728155]: 2001 cd Oct 10 14:21:05 bastion LinuxCommandsWazuh: User venky [728155]: 2002 ks Oct 10 14:21:07 bastion LinuxCommandsWazuh: User venky [728155]: 2003 cls Oct 10 14:21:08 bastion LinuxCommandsWazuh: User venky [728155]: 2004 ls Oct 10 14:21:11 bastion LinuxCommandsWazuh: User venky [728155]: 2005 cd .ssh/ Oct 10 14:21:11 bastion LinuxCommandsWazuh: User venky [728155]: 2006 ls Oct 10 14:21:15 bastion LinuxCommandsWazuh: User venky [728155]: 2007 cat id_rsa.pub Oct 10 14:21:36 bastion LinuxCommandsWazuh: User venky [728155]: 2008 cd Oct 10 14:21:38 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2003 sudo su venky Oct 10 14:21:42 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2004 cd .. Oct 10 14:21:45 bastion LinuxCommandsWazuh: User mohtashim [728266]: 774 exit Oct 10 14:21:45 bastion LinuxCommandsWazuh: User mohtashim [728266]: 775 cd Oct 10 14:21:46 bastion LinuxCommandsWazuh: User mohtashim [728266]: 775 cd Oct 10 14:21:48 bastion LinuxCommandsWazuh: User mohtashim [728266]: 776 cd .ssh/ Oct 10 14:21:49 bastion LinuxCommandsWazuh: User mohtashim [728266]: 777 ls Oct 10 14:21:51 bastion LinuxCommandsWazuh: User mohtashim [728266]: 778 cat id_rsa.pub Oct 10 14:22:01 bastion LinuxCommandsWazuh: User mohtashim [728266]: 779 cd Oct 10 14:22:02 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2005 sudo su mohtashim Oct 10 14:22:07 bastion LinuxCommandsWazuh: User shamailtayyab [728330]: 1997 internal Oct 10 14:22:07 bastion LinuxCommandsWazuh: User shamailtayyab [728330]: 1998 ls Oct 10 14:22:08 bastion LinuxCommandsWazuh: User shamailtayyab [728330]: 1999 cd Oct 10 14:22:09 bastion LinuxCommandsWazuh: User shamailtayyab [728330]: 2000 ls Oct 10 14:22:13 bastion LinuxCommandsWazuh: User shamailtayyab [728330]: 2001 cd .ssh/ Oct 10 14:22:13 bastion LinuxCommandsWazuh: User shamailtayyab [728330]: 2002 ls Oct 10 14:22:15 bastion LinuxCommandsWazuh: User shamailtayyab [728330]: 2003 cat id_rsa.pub Oct 10 14:22:39 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2006 sudo su shamailtayyab Oct 10 14:22:42 bastion LinuxCommandsWazuh: User nikhil [728399]: 53 zodiac-server Oct 10 14:22:43 bastion LinuxCommandsWazuh: User nikhil [728399]: 54 cd Oct 10 14:22:45 bastion LinuxCommandsWazuh: User nikhil [728399]: 55 cat .bashrc Oct 10 14:22:52 bastion LinuxCommandsWazuh: User nikhil [728399]: 56 cd Oct 10 14:22:54 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2007 sudo su nikhil Oct 10 14:23:00 bastion LinuxCommandsWazuh: User rihan [728436]: 1415 exit Oct 10 14:23:01 bastion LinuxCommandsWazuh: User rihan [728436]: 1416 cd Oct 10 14:23:11 bastion LinuxCommandsWazuh: User rihan [728436]: 1417 vi .bashrc Oct 10 14:23:13 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2008 sudo su rihan Oct 10 14:23:15 bastion LinuxCommandsWazuh: User shamailtayyab [728483]: 1997 exit Oct 10 14:23:16 bastion LinuxCommandsWazuh: User shamailtayyab [728483]: 1998 cd Oct 10 14:23:26 bastion LinuxCommandsWazuh: User shamailtayyab [728483]: 1999 vi .bashrc Oct 10 14:23:31 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2009 sudo su shamailtayyab Oct 10 14:23:32 bastion LinuxCommandsWazuh: User shamailtayyab [728517]: 1997 exit Oct 10 14:23:38 bastion LinuxCommandsWazuh: User shamailtayyab [728517]: 1998 zodiac-server Oct 10 14:23:45 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2009 sudo su shamailtayyab Oct 10 14:23:50 bastion LinuxCommandsWazuh: User venky [728544]: 2000 exit Oct 10 14:23:51 bastion LinuxCommandsWazuh: User venky [728544]: 2001 cd Oct 10 14:23:51 bastion LinuxCommandsWazuh: User venky [728544]: 2002 ls Oct 10 14:24:03 bastion LinuxCommandsWazuh: User venky [728544]: 2003 vi .bashrc Oct 10 14:24:05 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2010 sudo su venky Oct 10 14:24:10 bastion LinuxCommandsWazuh: User mohtashim [728595]: 780 exit Oct 10 14:24:11 bastion LinuxCommandsWazuh: User mohtashim [728595]: 781 cd Oct 10 14:24:11 bastion LinuxCommandsWazuh: User mohtashim [728595]: 782 ls Oct 10 14:24:16 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2024 ssh ubuntu@13.232.83.204\ Oct 10 14:24:19 bastion LinuxCommandsWazuh: User mohtashim [728595]: 783 vi .bashrc Oct 10 14:24:20 bastion LinuxCommandsWazuh: User abhijeet [633600]: 2025 ssh ubuntu@13.232.83.204 Oct 10 14:24:20 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2011 sudo su mohtashim Oct 10 14:24:25 bastion LinuxCommandsWazuh: User ankur [728662]: 611 exit Oct 10 14:24:26 bastion LinuxCommandsWazuh: User ankur [728662]: 612 cd Oct 10 14:24:27 bastion LinuxCommandsWazuh: User ankur [728662]: 613 s Oct 10 14:24:42 bastion LinuxCommandsWazuh: User ankur [728662]: 614 vi .bashrc Oct 10 14:24:45 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2012 sudo su ankur Oct 10 14:28:38 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2013 cd Oct 10 14:28:38 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2014 ls Oct 10 14:28:40 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2015 cd .. Oct 10 14:28:40 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2016 ls Oct 10 14:30:55 bastion LinuxCommandsWazuh: User sandeep [729537]: Oct 10 14:30:57 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2016 ls Oct 10 14:33:41 bastion LinuxCommandsWazuh: User venky [729687]: 2000 exit Oct 10 14:35:22 bastion LinuxCommandsWazuh: User nikhil [730337]: 57 exit Oct 10 14:35:24 bastion LinuxCommandsWazuh: User nikhil [730337]: 58 history Oct 10 14:35:36 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2017 sudo su nikhil Oct 10 14:36:01 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2018 sudo deluser sandeep ubuntu Oct 10 14:36:36 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2018 sudo deluser sandeep ubuntu Oct 10 14:36:37 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2019 sudo usermod -aG recordusers sandeep Oct 10 14:36:57 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2020 sudo deluser sandeep google-sudoers Oct 10 14:37:03 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2021 sudo su snadeep Oct 10 14:37:09 bastion LinuxCommandsWazuh: User sandeep [730439]: 1 exit Oct 10 14:37:10 bastion LinuxCommandsWazuh: User sandeep [730439]: 2 cd Oct 10 14:37:10 bastion LinuxCommandsWazuh: User sandeep [730439]: 3 ls Oct 10 14:37:13 bastion LinuxCommandsWazuh: User sandeep [730439]: 4 sudo su Oct 10 14:37:14 bastion LinuxCommandsWazuh: User sandeep [730439]: 5 ls Oct 10 14:37:20 bastion LinuxCommandsWazuh: User sandeep [730439]: 6 ssh-keygen Oct 10 14:37:31 bastion LinuxCommandsWazuh: User sandeep [730439]: 7 cat sudo deluser sandeep google-sudoers Oct 10 14:37:36 bastion LinuxCommandsWazuh: User sandeep [730439]: 8 cat /home/sandeep/.ssh/id_rsa.pub Oct 10 14:38:53 bastion LinuxCommandsWazuh: User abhijeet [730649]: 1998 exit Oct 10 14:40:51 bastion LinuxCommandsWazuh: User abhijeet [730649]: 1999 kubectl get cm -n loki Oct 10 14:40:57 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2022 sudo su sandeep Oct 10 14:41:02 bastion LinuxCommandsWazuh: User nikhil [730832]: 59 exit Oct 10 14:41:04 bastion LinuxCommandsWazuh: User nikhil [730832]: 60 cd Oct 10 14:41:08 bastion LinuxCommandsWazuh: User nikhil [730832]: 61 cat .bashrc Oct 10 14:41:11 bastion LinuxCommandsWazuh: User abhijeet [730649]: 2000 kubectl edit cm loki -n loki Oct 10 14:41:12 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2023 sudo su nikhil Oct 10 14:41:17 bastion LinuxCommandsWazuh: User sandeep [730894]: exit Oct 10 14:41:18 bastion LinuxCommandsWazuh: User sandeep [730894]: 10 cd Oct 10 14:41:18 bastion LinuxCommandsWazuh: User sandeep [730894]: 11 ls Oct 10 14:41:42 bastion LinuxCommandsWazuh: User sandeep [730894]: 12 vi .bashrc Oct 10 14:41:48 bastion LinuxCommandsWazuh: User abhijeet [730649]: 2001 kubectl get cm loki-gateway -o yaml -n loki Oct 10 14:41:49 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2024 sudo su sandeep Oct 10 14:41:49 bastion LinuxCommandsWazuh: User sandeep [730952]: 13 exit Oct 10 14:41:55 bastion LinuxCommandsWazuh: User sandeep [730952]: 14 zodiac-server Oct 10 14:42:14 bastion LinuxCommandsWazuh: User abhijeet [730649]: 2002 kubectl get pods -n loki Oct 10 14:42:18 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2024 sudo su sandeep Oct 10 14:42:29 bastion LinuxCommandsWazuh: User ubuntu [727994]: 2025 curl ip.me Oct 10 14:43:49 bastion LinuxCommandsWazuh: User abhijeet [730649]: 2003 kubectl exec -it promtail-hkk6z -n loki -- sh Oct 10 14:44:01 bastion LinuxCommandsWazuh: User abhijeet [730649]: 2004 kubectl get ingress -n loki Oct 10 14:44:32 bastion LinuxCommandsWazuh: User abhijeet [730649]: 2005 kubectl describe ingeress -n loki Oct 10 14:44:42 bastion LinuxCommandsWazuh: User abhijeet [730649]: 2006 kubectl describe ingeress grafana-ingress -n loki Oct 10 14:44:49 bastion LinuxCommandsWazuh: User abhijeet [730649]: 2007 kubectl describe ingress grafana-ingress -n loki Oct 10 14:44:54 bastion LinuxCommandsWazuh: User abhijeet [730649]: 2008 kubectl describe ingress -n loki Oct 10 15:01:25 bastion LinuxCommandsWazuh: User ashish [732856]: 599 byobu Oct 10 15:03:55 bastion LinuxCommandsWazuh: User ashish [268698]: 625 clickhouse-ssh Oct 10 15:03:56 bastion LinuxCommandsWazuh: User ashish [268698]: 626 clear Oct 10 15:03:56 bastion LinuxCommandsWazuh: User ashish [268698]: 627 ls Oct 10 15:03:57 bastion LinuxCommandsWazuh: User ashish [268698]: 627 ls Oct 10 15:03:57 bastion LinuxCommandsWazuh: User ashish [268698]: 627 ls Oct 10 15:03:58 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ashish [268698]: 627 ls] Oct 10 15:13:33 bastion LinuxCommandsWazuh: User venky [744816]: 2000 exit Oct 10 15:26:28 bastion LinuxCommandsWazuh: User ashish [268698]: 628 mongo pixel_v1; Oct 10 15:35:18 bastion LinuxCommandsWazuh: User nikhil [766050]: 62 exit Oct 10 15:35:18 bastion LinuxCommandsWazuh: User sandeep [766088]: 15 exit Oct 10 15:44:32 bastion LinuxCommandsWazuh: User sandeep [775517]: 16 zodiac-server Oct 10 15:53:31 bastion LinuxCommandsWazuh: User nikhil [784575]: 63 zodiac-server Oct 10 15:56:55 bastion LinuxCommandsWazuh: User nikhil [787964]: 63 zodiac-server Oct 10 16:10:39 bastion LinuxCommandsWazuh: User shamailtayyab [788851]: 1997 exit Oct 10 16:10:40 bastion LinuxCommandsWazuh: User shamailtayyab [788851]: 1998 ls Oct 10 16:10:42 bastion LinuxCommandsWazuh: User shamailtayyab [788851]: 1998 ls Oct 10 16:10:56 bastion LinuxCommandsWazuh: User ankur [788968]: 615 exit Oct 10 16:11:01 bastion LinuxCommandsWazuh: User ankur [789153]: 615 exit Oct 10 16:11:25 bastion LinuxCommandsWazuh: User ankur [789153]: 616 zodiac-server Oct 10 16:11:35 bastion LinuxCommandsWazuh: User ankur [789720]: 615 exit Oct 10 16:11:35 bastion LinuxCommandsWazuh: User ankur [788968]: 616 byobu Oct 10 16:14:14 bastion LinuxCommandsWazuh: User mohtashim [789907]: 784 exit Oct 10 16:34:07 bastion LinuxCommandsWazuh: User ashish [791505]: 599 byobu Oct 10 16:35:37 bastion LinuxCommandsWazuh: User sandeep [793667]: 16 zodiac-server Oct 10 16:36:09 bastion LinuxCommandsWazuh: User sandeep [793667]: 17 yarn prisma migrate deploy Oct 10 16:42:47 bastion LinuxCommandsWazuh: User ashish [268698]: 629 clickhouse-ssh Oct 10 16:43:31 bastion LinuxCommandsWazuh: User venky [801025]: 2000 exit Oct 10 16:47:29 bastion LinuxCommandsWazuh: User ubuntu [805475]: 1999 curl ip.me Oct 10 16:48:36 bastion LinuxCommandsWazuh: User ashish [268698]: 629 clickhouse-ssh Oct 10 16:48:39 bastion LinuxCommandsWazuh: message repeated 5 times: [ User ashish [268698]: 629 clickhouse-ssh] Oct 10 16:48:48 bastion LinuxCommandsWazuh: User ashish [637269]: 598 kubectl logs -f house-of-click-579cdf7f47-2jfdq Oct 10 16:48:49 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ashish [637269]: 598 kubectl logs -f house-of-click-579cdf7f47-2jfdq] Oct 10 16:48:50 bastion LinuxCommandsWazuh: User ashish [791505]: 599 byobu Oct 10 16:48:53 bastion LinuxCommandsWazuh: User ashish [806817]: 680 kubectl logs -f house-of-click-579cdf7f47-2jfdq Oct 10 16:48:55 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ashish [806817]: 680 kubectl logs -f house-of-click-579cdf7f47-2jfdq] Oct 10 16:49:29 bastion LinuxCommandsWazuh: User ashish [806817]: 681 kubectl get pds Oct 10 16:49:32 bastion LinuxCommandsWazuh: User ashish [806817]: 682 kubectl get pods Oct 10 16:49:43 bastion LinuxCommandsWazuh: User ashish [806817]: 683 kubectl get pods | grep "house-od" Oct 10 16:49:47 bastion LinuxCommandsWazuh: User ashish [806817]: 684 kubectl get pods | grep "house-of" Oct 10 16:50:15 bastion LinuxCommandsWazuh: User ashish [806817]: 684 kubectl get pods | grep "house-of" Oct 10 16:50:23 bastion LinuxCommandsWazuh: User ashish [806817]: 685 history | grep "stern" Oct 10 16:50:45 bastion LinuxCommandsWazuh: User ashish [806817]: 686 stern house-of-click Oct 10 16:50:47 bastion LinuxCommandsWazuh: User ashish [806817]: 687 history | grep "stern" Oct 10 16:51:15 bastion LinuxCommandsWazuh: User aman [809290]: 346 exit Oct 10 16:51:16 bastion LinuxCommandsWazuh: User aman [809290]: 347 clear Oct 10 16:51:42 bastion LinuxCommandsWazuh: User abhijeet [809822]: 1998 kubectl exec -it promtail-hkk6z -n loki -- sh Oct 10 16:51:44 bastion LinuxCommandsWazuh: User abhijeet [809822]: 1999 lsc Oct 10 16:51:46 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2000 ls Oct 10 16:52:12 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2000 ls Oct 10 16:52:38 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2001 kubectl get pod -n loki Oct 10 16:54:25 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2002 ls Oct 10 16:55:04 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2002 ls Oct 10 16:55:10 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2003 kubectl get pods -n loki Oct 10 16:55:25 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2004 kubectl logs prometheus-server-887b7c74b-7wjzd -n loki -f Oct 10 16:55:53 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2005 kubectl get cm -n loki Oct 10 16:56:39 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2006 kubectl get cm prometheus-server -o yaml -n loki Oct 10 16:57:01 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2007 curl http://10.190.0.29:9100 Oct 10 16:57:04 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2008 curl http://10.190.0.29:9100/metrics Oct 10 16:57:59 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2009 kubectl edit cm prometheus-server -n loki Oct 10 16:58:13 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2010 kubectl get deployment -n loki Oct 10 16:58:33 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2011 kubectl rollout restart deployment prometheus-server -n loki Oct 10 16:58:49 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2012 kubectl get pod -n loki Oct 10 16:58:55 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2013 kubectl get pod -n loki --wathc Oct 10 17:00:07 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2014 kubectl get pod -n loki --watch Oct 10 17:00:10 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2015 kubectl get pod -n loki Oct 10 17:01:08 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2016 kubectl logs prometheus-server-6c8d76545-bq2hh -n loki Oct 10 17:01:14 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2017 kubectl logs prometheus-server-6c8d76545-bq2hh -n loki -f Oct 10 17:02:38 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2018 kubectl get cm -n loki Oct 10 17:03:14 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2019 kubectl get cm -n loki Oct 10 17:05:26 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2020 kubectl logs grafana -n loki Oct 10 17:05:31 bastion LinuxCommandsWazuh: User abhijeet [809822]: 2021 kubectl get pod -n loki Oct 10 17:11:41 bastion LinuxCommandsWazuh: User ubuntu [823960]: 1999 redis-ssh Oct 10 17:16:20 bastion LinuxCommandsWazuh: User abhijeet [824773]: 1998 kubectl exec -it promtail-hkk6z -n loki -- sh Oct 10 17:16:21 bastion LinuxCommandsWazuh: User abhijeet [824773]: 1999 ls Oct 10 17:16:24 bastion LinuxCommandsWazuh: User abhijeet [824773]: 2000 lls Oct 10 17:16:26 bastion LinuxCommandsWazuh: User abhijeet [824773]: 2001 ls Oct 10 17:16:34 bastion LinuxCommandsWazuh: User abhijeet [824773]: 2002 kubectl get svc -n loki Oct 10 17:17:31 bastion LinuxCommandsWazuh: User ankur [824945]: 617 exit Oct 10 17:18:09 bastion LinuxCommandsWazuh: User ashish [825775]: 680 kubectl logs -f house-of-click-579cdf7f47-2jfdq Oct 10 17:18:15 bastion LinuxCommandsWazuh: User ashish [825775]: 680 kubectl logs -f house-of-click-579cdf7f47-2jfdq Oct 10 17:18:43 bastion LinuxCommandsWazuh: User ankur [789720]: 616 mongo Oct 10 17:19:50 bastion LinuxCommandsWazuh: User ashish [806817]: 688 stern house-of-click | grep "Datewise optimized query failed:" Oct 10 17:21:21 bastion LinuxCommandsWazuh: User shamailtayyab [788851]: 1999 zodiac-server Oct 10 17:23:54 bastion LinuxCommandsWazuh: User abhijeet [836303]: 1998 kubectl exec -it promtail-hkk6z -n loki -- sh Oct 10 17:23:54 bastion LinuxCommandsWazuh: User abhijeet [836303]: 1999 ls Oct 10 17:23:56 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2000 lsd Oct 10 17:23:57 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2001 ls Oct 10 17:24:00 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2002 cd k8s/ Oct 10 17:24:01 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2003 ls Oct 10 17:24:02 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2004 cd loki/ Oct 10 17:24:02 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2005 ls Oct 10 17:24:06 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2006 cd loki/ Oct 10 17:24:07 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2007 ls Oct 10 17:24:27 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2008 ls | grep cm Oct 10 17:24:30 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2009 ls Oct 10 17:25:33 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2010 ls | grep prom Oct 10 17:25:50 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2011 ls Oct 10 17:25:58 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2012 kubectl get cm -n loki Oct 10 17:28:29 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2013 kubectl edit cm prometheus-server -n loki Oct 10 17:28:47 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2014 kubectl rollout restart deployment prometheus-server -n loki Oct 10 17:28:58 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2015 kubectl get pods -n loki Oct 10 17:29:09 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2016 kubectl logs prometheus-server-6cc986c844-zq9np -n loki Oct 10 17:29:12 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2017 kubectl get pods -n loki Oct 10 17:29:15 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2017 kubectl get pods -n loki Oct 10 17:30:12 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2018 kubectl edit cm prometheus-server -n loki Oct 10 17:30:15 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2019 kubectl rollout restart deployment prometheus-server -n loki Oct 10 17:30:17 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2020 kubectl get pods -n loki Oct 10 17:30:19 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2020 kubectl get pods -n loki Oct 10 17:30:27 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2021 kubectl get pods -n loki --watch Oct 10 17:30:30 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2022 kubectl get pods -n loki Oct 10 17:30:58 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2023 kubectl edit cm prometheus-server -n loki Oct 10 17:31:01 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2024 kubectl rollout restart deployment prometheus-server -n loki Oct 10 17:31:03 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2025 kubectl get pods -n loki Oct 10 17:31:04 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2025 kubectl get pods -n loki Oct 10 17:31:26 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2026 kubectl get pods -n loki --watch Oct 10 17:31:27 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2027 kubectl get pods -n loki Oct 10 17:31:33 bastion LinuxCommandsWazuh: message repeated 5 times: [ User abhijeet [836303]: 2027 kubectl get pods -n loki] Oct 10 17:31:34 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2028 kubectl get pods -n lokiw Oct 10 17:31:36 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2029 kubectl get pods -n loki Oct 10 17:31:43 bastion LinuxCommandsWazuh: message repeated 6 times: [ User abhijeet [836303]: 2029 kubectl get pods -n loki] Oct 10 17:31:44 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2030 kubectl get pods -n lokiw Oct 10 17:31:46 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2031 kubectl get pods -n loki Oct 10 17:32:10 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2031 kubectl get pods -n loki Oct 10 17:32:14 bastion LinuxCommandsWazuh: message repeated 3 times: [ User abhijeet [836303]: 2031 kubectl get pods -n loki] Oct 10 17:32:43 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2031 kubectl get pods -n loki Oct 10 17:35:17 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2032 kubectl edit cm prometheus-server -n loki Oct 10 17:35:23 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2033 kubectl rollout restart deployment prometheus-server -n loki Oct 10 17:35:25 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2034 kubectl get pods -n loki Oct 10 17:35:27 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2035 kubectl get pods -n lokiw Oct 10 17:35:29 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2036 kubectl get pods -n loki Oct 10 17:37:39 bastion LinuxCommandsWazuh: User ankur [863946]: 617 exit Oct 10 17:37:41 bastion LinuxCommandsWazuh: User ankur [863946]: 617 exit Oct 10 17:37:45 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2037 watch 'kubectl get pods -n loki' Oct 10 17:38:04 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2038 kubectl edit cm prometheus-server -n loki Oct 10 17:38:14 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2039 watch 'kubectl get pods -n loki' Oct 10 17:38:20 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2040 kubectl rollout restart deployment prometheus-server -n loki Oct 10 17:38:37 bastion LinuxCommandsWazuh: User ankur [824945]: 618 byobu Oct 10 17:39:06 bastion LinuxCommandsWazuh: User rihan [866682]: 1418 exit Oct 10 17:40:32 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2041 watch 'kubectl get pods -n loki' Oct 10 17:40:56 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2042 kubectl edit cm prometheus-server -n loki Oct 10 17:40:58 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2043 kubectl rollout restart deployment prometheus-server -n loki\ Oct 10 17:41:00 bastion LinuxCommandsWazuh: User abhijeet [836303]: 2044 kubectl rollout restart deployment prometheus-server -n loki Oct 10 17:49:50 bastion LinuxCommandsWazuh: User sandeep [793667]: 18 zodiac-server Oct 10 18:09:17 bastion LinuxCommandsWazuh: User ashish [806817]: 689 clickhouse-ssh Oct 10 18:09:19 bastion LinuxCommandsWazuh: User ashish [806817]: 690 clear Oct 10 18:09:19 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ashish [806817]: 690 clear] Oct 10 18:09:20 bastion LinuxCommandsWazuh: User ashish [825775]: 681 byobu Oct 10 18:12:39 bastion LinuxCommandsWazuh: User ashish [909740]: 691 byobu Oct 10 18:12:43 bastion LinuxCommandsWazuh: User ashish [909816]: 691 byobu Oct 10 18:21:23 bastion LinuxCommandsWazuh: User ashish [909816]: 692 mongo pixel_v1;l Oct 10 18:21:24 bastion LinuxCommandsWazuh: User ashish [909816]: 692 mongo pixel_v1;l Oct 10 18:21:27 bastion LinuxCommandsWazuh: User ashish [921946]: 691 byobu Oct 10 18:34:49 bastion LinuxCommandsWazuh: User rihan [657376]: 1410 redis Oct 10 19:22:30 bastion LinuxCommandsWazuh: User ashish [965151]: 691 byobu Oct 10 19:26:56 bastion LinuxCommandsWazuh: User rihan [866682]: 1419 mongo Oct 10 19:44:19 bastion LinuxCommandsWazuh: User rihan [866682]: 1420 make cookie-bash Oct 10 19:44:29 bastion LinuxCommandsWazuh: User ashish [974320]: 691 byobu Oct 10 19:44:36 bastion LinuxCommandsWazuh: User ashish [974451]: 691 byobu Oct 10 19:44:42 bastion LinuxCommandsWazuh: User ashish [974451]: 692 make bash Oct 10 19:45:16 bastion LinuxCommandsWazuh: User ashish [975258]: 691 byobu Oct 10 19:46:12 bastion LinuxCommandsWazuh: User ashish [974320]: 691 byobu Oct 10 19:58:22 bastion LinuxCommandsWazuh: User ashish [974320]: 691 byobu Oct 10 19:58:24 bastion LinuxCommandsWazuh: User rihan [866682]: 1421 sudo su ashish Oct 10 21:59:10 bastion LinuxCommandsWazuh: User ashish [974451]: 693 make cookie-bash