1049 <14>1 2024-01-15T00:00:00.000Z web-01 nginx 1000 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=200 bytes_sent=1024 bytes_received=128 duration_ms=50 upstream=backend-pool-1 upstream_addr=10.10.1.10:8080 upstream_status=200 upstream_duration_ms=42 upstream_connect_ms=2 upstream_header_ms=38 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=00000000-0000-0000-0000-000000000000 session_id=sess_00000000 trace_id=0000000000000000 span_id=0000000000000000 parent_span_id=01234567890abcde cache_status=MISS cache_key=api:v2:user:0 rate_limit_remaining=1000 rate_limit_limit=1000 rate_limit_reset=1705363200 content_type=application/json accept_encoding=gzip,br1020 <11>1 2024-01-15T01:11:17.131Z db-02 postgres 2001 SLOWQ - duration_ms=1251 rows_examined=11337 rows_sent=113 rows_affected=0 lock_time_ms=3 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90001 client_addr=10.0.2.100 query_id=01234567890abcde plan_hash=07edcba098765432 shared_blks_hit=5668 shared_blks_read=1133 shared_blks_written=113 local_blks_hit=0 local_blks_read=0 temp_blks_read=226 temp_blks_written=56 query="UPDATE orders SET status = 'shipped', updated_at = NOW(), shipped_at = NOW(), tracking_number = 'TRK-9876543210', carrier = 'FedEx' WHERE id IN (SELECT order_id FROM shipment_queue WHERE processed = false AND created_at < NOW() - INTERVAL '1 hour') RETURNING id, status" plan="Seq Scan on users (cost=0.00..1133 rows=11 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..2267 rows=22 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp830 <85>1 2024-01-15T02:14:34.106Z db-02 audit-daemon 3002 AUDIT - action=create resource=policy resource_id=114 actor_id=206 actor_email=user2@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_1579bde24 request_id=1bd5b7dde-1f59c-16016-195fc-0001bd5b95fc outcome=success reason="" duration_ms=7 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=12 org_name=acme-corp team_id=102 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=22 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z815 <14>1 2024-01-15T03:21:39.291Z worker-01 kubelet 4003 K8SEVT - namespace=ingress-nginx pod=webhook-deployment-9c093ccd container=myapp node=node-03 cluster=prod-us-east-1 event_type=Normal reason=Created count=4 first_time=2024-01-15T03:00:00Z message="Created container myapp with ID abc123def456789012345678901234567890abcd" image=registry.example.com/myapp:v1.2.3-alpine image_id=sha256:00000000000000000369d0369b20369a0000000000000000048d159e242af378 resource_version=100021 uid=0369cd36-2f06a-21021-260fa-00029c0960fa restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.3,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"794 <14>1 2024-01-15T04:28:52.388Z web-01 firewall 5004 FWEVT - action=DROP proto=UDP src_ip=198.51.100.73 src_port=5012 src_mac=aa:bb:cc:04:1c:34 dst_ip=10.10.0.1 dst_port=523 dst_mac=dd:ee:ff:0c:2c:44 in_iface=vlan200 out_iface=eth0 vlan_id=104 length=428 ttl=56 tos=0x04 df=1 flags=SYN,ACK window=13396 seq=2058812348 ack=737864440 urgent=0 policy=pol-004 rule_id=rule-0004 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=ESTABLISHED connection_id=048d159e242af378 packets_in=29 packets_out=45 bytes_in=5244 bytes_out=4028 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=4 threat_category=none threat_name=- nat_src=10.10.0.2 nat_src_port=3036 nat_dst=10.0.2.100 nat_dst_port=80 app_id=app-004 app_name=https app_category=networking1059 <14>1 2024-01-15T05:35:05.485Z proxy-01 nginx 1005 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=400 bytes_sent=7529 bytes_received=613 duration_ms=235 upstream=backend-pool-3 upstream_addr=10.10.1.15:8080 upstream_status=400 upstream_duration_ms=227 upstream_connect_ms=2 upstream_header_ms=223 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=45964baab-4e606-37037-3f6f6-00045964f6f6 session_id=sess_5b05b058 trace_id=05b05b05ad35b056 span_id=4fa4fa4fa4fa4fa5 parent_span_id=06d3a06d36406d34 cache_status=MISS cache_key=api:v2:user:500 rate_limit_remaining=995 rate_limit_limit=1000 rate_limit_reset=1705363500 content_type=application/json accept_encoding=gzip,br1051 <11>1 2024-01-15T06:06:42.786Z web-01 postgres 2006 SLOWQ - duration_ms=2506 rows_examined=18022 rows_sent=180 rows_affected=0 lock_time_ms=18 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90006 client_addr=10.0.2.100 query_id=06d3a06d36406d34 plan_hash=2f92c5c392c5f92c shared_blks_hit=9011 shared_blks_read=1802 shared_blks_written=180 local_blks_hit=0 local_blks_read=0 temp_blks_read=360 temp_blks_written=90 query="INSERT INTO audit_log (user_id, action, resource_type, resource_id, old_value, new_value, ip_address, user_agent, created_at) SELECT $1, $2, $3, $4, $5, $6, $7, $8, NOW() WHERE NOT EXISTS (SELECT 1 FROM audit_log WHERE user_id = $1 AND resource_id = $4 AND created_at > NOW() - INTERVAL '1 second')" plan="Seq Scan on users (cost=0.00..1802 rows=18 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..3604 rows=36 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp834 <85>1 2024-01-15T07:49:59.371Z web-01 audit-daemon 3007 AUDIT - action=sudo resource=permission resource_id=149 actor_id=221 actor_email=user7@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_4b2a1897e request_id=616c03889-6dba2-4d04d-58cf2-000616c08cf2 outcome=success reason="" duration_ms=12 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=17 org_name=acme-corp team_id=107 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=27 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z809 <14>1 2024-01-15T08:56:44.776Z db-02 kubelet 4008 K8SEVT - namespace=ingress-nginx pod=api-deployment-f56df778 container=myapp node=node-08 cluster=prod-us-east-1 event_type=Normal reason=Scheduled count=9 first_time=2024-01-15T08:00:00Z message="Successfully assigned pod to node node-07 by scheduler default-scheduler" image=registry.example.com/myapp:v1.2.8-alpine image_id=sha256:0000000000000000091a2b3c4855e6f000000000000000000a3d70a3d160a3ce resource_version=100056 uid=5e6f7890-7d670-58058-657f0-0006f56e57f0 restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.8,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"794 <14>1 2024-01-15T09:03:57.873Z proxy-01 firewall 5009 FWEVT - action=ACCEPT proto=TCP src_ip=198.51.100.73 src_port=9997 src_mac=aa:bb:cc:09:3f:75 dst_ip=10.10.0.2 dst_port=80 dst_mac=dd:ee:ff:1b:63:99 in_iface=vlan200 out_iface=eth0 vlan_id=109 length=913 ttl=56 tos=0x09 df=1 flags=SYN,ACK window=19901 seq=3558585959 ack=586453166 urgent=0 policy=pol-009 rule_id=rule-0009 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=NEW connection_id=0a3d70a3d160a3ce packets_in=64 packets_out=100 bytes_in=11749 bytes_out=9013 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=9 threat_category=none threat_name=- nat_src=172.16.0.50 nat_src_port=5551 nat_dst=10.0.2.100 nat_dst_port=523 app_id=app-009 app_name=https app_category=networking1060 <14>1 2024-01-15T10:10:10.970Z db-01 nginx 1010 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=502 bytes_sent=14034 bytes_received=1098 duration_ms=420 upstream=backend-pool-2 upstream_addr=10.10.1.20:8080 upstream_status=502 upstream_duration_ms=412 upstream_connect_ms=2 upstream_header_ms=408 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=8b2c97556-9cc0c-6e06e-7edec-0008b2c9edec session_id=sess_b60b60b0 trace_id=0b60b60b5a6b60ac span_id=-60b60b60b60b60b6 parent_span_id=0c83fb72e3761d8a cache_status=MISS cache_key=api:v2:user:1000 rate_limit_remaining=990 rate_limit_limit=1000 rate_limit_reset=1705363800 content_type=application/json accept_encoding=gzip,br1154 <11>1 2024-01-15T11:01:07.441Z proxy-01 postgres 2011 SLOWQ - duration_ms=3761 rows_examined=24707 rows_sent=247 rows_affected=0 lock_time_ms=33 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90011 client_addr=10.0.2.100 query_id=0c83fb72e3761d8a plan_hash=5737bfe68d159e26 shared_blks_hit=12353 shared_blks_read=2470 shared_blks_written=247 local_blks_hit=0 local_blks_read=0 temp_blks_read=494 temp_blks_written=123 query="SELECT p.id, p.name, p.price, p.stock, c.name as category, AVG(r.rating) as avg_rating, COUNT(r.id) as review_count FROM products p JOIN categories c ON p.category_id = c.id LEFT JOIN reviews r ON p.id = r.product_id WHERE p.status = 'active' AND p.price BETWEEN $1 AND $2 GROUP BY p.id, p.name, p.price, p.stock, c.name HAVING COUNT(r.id) >= 5 ORDER BY avg_rating DESC, review_count DESC LIMIT 50" plan="Seq Scan on users (cost=0.00..2470 rows=24 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..4941 rows=49 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp840 <85>1 2024-01-15T12:24:24.636Z proxy-01 audit-daemon 3012 AUDIT - action=delete resource=certificate resource_id=184 actor_id=236 actor_email=user12@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_80da734d8 request_id=a7024f334-bc1a8-84084-983e8-000a702583e8 outcome=success reason="" duration_ms=17 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=22 org_name=acme-corp team_id=112 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=32 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z806 <14>1 2024-01-15T13:31:49.261Z web-01 kubelet 4013 K8SEVT - namespace=ingress-nginx pod=worker-deployment-4ed2b223 container=myapp node=node-13 cluster=prod-us-east-1 event_type=Normal reason=BackOff count=4 first_time=2024-01-15T13:00:00Z message="Back-off restarting failed container myapp after CrashLoopBackOff" image=registry.example.com/myapp:v1.2.13-alpine image_id=sha256:00000000000000000eca8641f58b974600000000000000000fedcba97e965424 resource_version=100091 uid=b97523ea-cbc76-8f08f-a4ee6-000b4ed34ee6 restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.13,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"800 <14>1 2024-01-15T14:38:02.358Z db-01 firewall 5014 FWEVT - action=REJECT proto=ICMP src_ip=198.51.100.73 src_port=14982 src_mac=aa:bb:cc:0e:62:b6 dst_ip=172.16.0.50 dst_port=966 dst_mac=dd:ee:ff:2a:9a:ee in_iface=vlan200 out_iface=eth0 vlan_id=114 length=1398 ttl=56 tos=0x0e df=1 flags=SYN,ACK window=26406 seq=763392274 ack=435041892 urgent=0 policy=pol-014 rule_id=rule-0014 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=RELATED connection_id=0fedcba97e965424 packets_in=99 packets_out=155 bytes_in=18254 bytes_out=13998 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=14 threat_category=none threat_name=- nat_src=100.64.0.1 nat_src_port=8066 nat_dst=10.0.2.100 nat_dst_port=80 app_id=app-014 app_name=https app_category=networking1065 <14>1 2024-01-15T15:45:15.455Z worker-02 nginx 1015 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=301 bytes_sent=20539 bytes_received=1583 duration_ms=605 upstream=backend-pool-1 upstream_addr=10.10.1.25:8080 upstream_status=301 upstream_duration_ms=597 upstream_connect_ms=2 upstream_header_ms=593 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=d0c2e3001-eb212-a50a5-be4e2-000d0c2ee4e2 session_id=sess_111111108 trace_id=1111111107a11102 span_id=-1111111111111111 parent_span_id=1234567890abcde0 cache_status=MISS cache_key=api:v2:user:1500 rate_limit_remaining=985 rate_limit_limit=1000 rate_limit_reset=1705364100 content_type=application/json accept_encoding=gzip,br1024 <11>1 2024-01-15T16:56:32.096Z db-01 postgres 2016 SLOWQ - duration_ms=5016 rows_examined=31392 rows_sent=313 rows_affected=0 lock_time_ms=48 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90016 client_addr=10.0.2.100 query_id=1234567890abcde0 plan_hash=7edcba0987654320 shared_blks_hit=15696 shared_blks_read=3139 shared_blks_written=313 local_blks_hit=0 local_blks_read=0 temp_blks_read=627 temp_blks_written=156 query="SELECT u.id, u.email, u.name, u.created_at, p.bio, p.avatar_url, r.name as role FROM users u LEFT JOIN profiles p ON u.id = p.user_id JOIN roles r ON u.role_id = r.id WHERE u.status = 'active' AND u.created_at > '2023-01-01' ORDER BY u.created_at DESC LIMIT 100 OFFSET 0" plan="Seq Scan on users (cost=0.00..3139 rows=31 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..6278 rows=62 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp831 <85>1 2024-01-15T17:59:49.901Z db-01 audit-daemon 3017 AUDIT - action=logout resource=role resource_id=219 actor_id=251 actor_email=user17@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_b68ace032 request_id=ec989addf-10a7ae-bb0bb-d7ade-000ec98a7ade outcome=success reason="" duration_ms=22 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=27 org_name=acme-corp team_id=117 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=37 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z822 <14>1 2024-01-15T18:06:54.746Z proxy-01 kubelet 4018 K8SEVT - namespace=ingress-nginx pod=scheduler-deployment-a8376cce container=myapp node=node-02 cluster=prod-us-east-1 event_type=Normal reason=Pulled count=9 first_time=2024-01-15T18:00:00Z message="Successfully pulled image registry.example.com/myapp:v1.2.3-alpine in 3.421s" image=registry.example.com/myapp:v1.2.18-alpine image_id=sha256:0000000000000000147ae147a2c1479c0000000000000000159e26af2bcc047a resource_version=100126 uid=147acf44-11a27c-c60c6-e45dc-000fa83845dc restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.18,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"802 <14>1 2024-01-15T19:13:07.843Z worker-02 firewall 5019 FWEVT - action=DROP proto=UDP src_ip=198.51.100.73 src_port=19967 src_mac=aa:bb:cc:13:85:f7 dst_ip=100.64.0.1 dst_port=523 dst_mac=dd:ee:ff:39:d1:43 in_iface=vlan200 out_iface=eth0 vlan_id=119 length=423 ttl=56 tos=0x13 df=1 flags=SYN,ACK window=32911 seq=2263165885 ack=283630618 urgent=0 policy=pol-019 rule_id=rule-0019 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=INVALID connection_id=159e26af2bcc047a packets_in=134 packets_out=210 bytes_in=24759 bytes_out=18983 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=19 threat_category=none threat_name=- nat_src=10.10.0.1 nat_src_port=10581 nat_dst=10.0.2.100 nat_dst_port=523 app_id=app-019 app_name=https app_category=networking1064 <14>1 2024-01-15T20:20:20.940Z auth-01 nginx 1020 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=404 bytes_sent=27044 bytes_received=2068 duration_ms=790 upstream=backend-pool-3 upstream_addr=10.10.1.10:8080 upstream_status=404 upstream_duration_ms=782 upstream_connect_ms=2 upstream_header_ms=778 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=116592eaac-139818-dc0dc-fdbd8-00116593dbd8 session_id=sess_16c16c160 trace_id=16c16c16b4d6c158 span_id=3e93e93e93e93e94 parent_span_id=17e4b17e3de17e36 cache_status=MISS cache_key=api:v2:user:2000 rate_limit_remaining=980 rate_limit_limit=1000 rate_limit_reset=1705364400 content_type=application/json accept_encoding=gzip,br1028 <11>1 2024-01-15T21:51:57.751Z worker-02 postgres 2021 SLOWQ - duration_ms=6271 rows_examined=38077 rows_sent=380 rows_affected=0 lock_time_ms=13 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90021 client_addr=10.0.2.100 query_id=17e4b17e3de17e36 plan_hash=-597e4bd37e4b17e6 shared_blks_hit=19038 shared_blks_read=3807 shared_blks_written=380 local_blks_hit=0 local_blks_read=0 temp_blks_read=761 temp_blks_written=190 query="UPDATE orders SET status = 'shipped', updated_at = NOW(), shipped_at = NOW(), tracking_number = 'TRK-9876543210', carrier = 'FedEx' WHERE id IN (SELECT order_id FROM shipment_queue WHERE processed = false AND created_at < NOW() - INTERVAL '1 hour') RETURNING id, status" plan="Seq Scan on users (cost=0.00..3807 rows=38 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..7615 rows=76 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp838 <85>1 2024-01-15T22:34:14.166Z worker-02 audit-daemon 3022 AUDIT - action=import resource=group resource_id=254 actor_id=266 actor_email=user22@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_ec3b28b8c request_id=1322ee688a-158db4-f20f2-1171d4-001322ef71d4 outcome=success reason="" duration_ms=27 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=32 org_name=acme-corp team_id=122 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=42 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z823 <14>1 2024-01-15T23:41:59.231Z db-01 kubelet 4023 K8SEVT - namespace=ingress-nginx pod=webhook-deployment-019c2779 container=myapp node=node-07 cluster=prod-us-east-1 event_type=Normal reason=Killing count=4 first_time=2024-01-15T23:00:00Z message="Stopping container myapp due to failed liveness probe after 3 consecutive failures" image=registry.example.com/myapp:v1.2.3-alpine image_id=sha256:00000000000000001a2b3c4d4ff6f7f200000000000000001b4e81b4d901b4d0 resource_version=100161 uid=6f807a9e-168882-fd0fd-123cd2-0014019d3cd2 restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.3,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"803 <14>1 2024-01-15T00:48:12.328Z auth-01 firewall 5024 FWEVT - action=ACCEPT proto=TCP src_ip=198.51.100.73 src_port=24952 src_mac=aa:bb:cc:18:a8:38 dst_ip=10.10.0.1 dst_port=80 dst_mac=dd:ee:ff:48:08:98 in_iface=vlan200 out_iface=eth0 vlan_id=124 length=908 ttl=56 tos=0x18 df=1 flags=SYN,ACK window=39416 seq=3762939496 ack=132219344 urgent=0 policy=pol-024 rule_id=rule-0024 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=ESTABLISHED connection_id=1b4e81b4d901b4d0 packets_in=169 packets_out=265 bytes_in=31264 bytes_out=23968 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=24 threat_category=none threat_name=- nat_src=10.10.0.2 nat_src_port=13096 nat_dst=10.0.2.100 nat_dst_port=80 app_id=app-024 app_name=https app_category=networking1063 <14>1 2024-01-15T01:55:25.425Z web-02 nginx 1025 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=201 bytes_sent=33549 bytes_received=2553 duration_ms=75 upstream=backend-pool-2 upstream_addr=10.10.1.15:8080 upstream_status=201 upstream_duration_ms=67 upstream_connect_ms=2 upstream_header_ms=63 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=15bef7a557-187e1e-113113-13d2ce-0015bef8d2ce session_id=sess_1c71c71b8 trace_id=1c71c71c620c71ae span_id=-71c71c71c71c71c7 parent_span_id=1d950c83eb172e8c cache_status=MISS cache_key=api:v2:user:2500 rate_limit_remaining=975 rate_limit_limit=1000 rate_limit_reset=1705364700 content_type=application/json accept_encoding=gzip,br1055 <11>1 2024-01-15T02:46:22.406Z auth-01 postgres 2026 SLOWQ - duration_ms=7526 rows_examined=44762 rows_sent=447 rows_affected=0 lock_time_ms=28 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90026 client_addr=10.0.2.100 query_id=1d950c83eb172e8c plan_hash=-31d951b083fb72ec shared_blks_hit=22381 shared_blks_read=4476 shared_blks_written=447 local_blks_hit=0 local_blks_read=0 temp_blks_read=895 temp_blks_written=223 query="INSERT INTO audit_log (user_id, action, resource_type, resource_id, old_value, new_value, ip_address, user_agent, created_at) SELECT $1, $2, $3, $4, $5, $6, $7, $8, NOW() WHERE NOT EXISTS (SELECT 1 FROM audit_log WHERE user_id = $1 AND resource_id = $4 AND created_at > NOW() - INTERVAL '1 second')" plan="Seq Scan on users (cost=0.00..4476 rows=44 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..8952 rows=89 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp839 <85>1 2024-01-15T03:09:39.431Z auth-01 audit-daemon 3027 AUDIT - action=update resource=secret resource_id=289 actor_id=281 actor_email=user27@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_121eb836e6 request_id=177c532335-1a73ba-129129-1568ca-00177c5468ca outcome=success reason="" duration_ms=32 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=37 org_name=acme-corp team_id=127 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=47 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z807 <14>1 2024-01-15T04:16:04.716Z worker-02 kubelet 4028 K8SEVT - namespace=ingress-nginx pod=api-deployment-5b00e224 container=myapp node=node-12 cluster=prod-us-east-1 event_type=Normal reason=Started count=9 first_time=2024-01-15T04:00:00Z message="Started container myapp successfully, waiting for readiness probe" image=registry.example.com/myapp:v1.2.8-alpine image_id=sha256:00000000000000001fdb9752fd2ca848000000000000000020fedcba86376526 resource_version=100196 uid=ca8625f8-1b6e88-134134-1633c8-00185b0233c8 restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.8,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"800 <14>1 2024-01-15T05:23:17.813Z web-02 firewall 5029 FWEVT - action=REJECT proto=ICMP src_ip=198.51.100.73 src_port=29937 src_mac=aa:bb:cc:1d:cb:79 dst_ip=10.10.0.2 dst_port=966 dst_mac=dd:ee:ff:57:3f:ed in_iface=vlan200 out_iface=eth0 vlan_id=129 length=1393 ttl=56 tos=0x1d df=1 flags=SYN,ACK window=45921 seq=967745811 ack=4275775366 urgent=0 policy=pol-029 rule_id=rule-0029 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=NEW connection_id=20fedcba86376526 packets_in=204 packets_out=320 bytes_in=37769 bytes_out=28953 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=29 threat_category=none threat_name=- nat_src=172.16.0.50 nat_src_port=15611 nat_dst=10.0.2.100 nat_dst_port=523 app_id=app-029 app_name=https app_category=networking1069 <14>1 2024-01-15T06:30:30.910Z worker-01 nginx 1030 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=401 bytes_sent=40054 bytes_received=3038 duration_ms=260 upstream=backend-pool-1 upstream_addr=10.10.1.20:8080 upstream_status=401 upstream_duration_ms=252 upstream_connect_ms=2 upstream_header_ms=248 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=1a185c6002-1d6424-14a14a-17c9c4-001a185dc9c4 session_id=sess_222222210 trace_id=222222220f422204 span_id=-2222222222222222 parent_span_id=23456789984cdee2 cache_status=MISS cache_key=api:v2:user:3000 rate_limit_remaining=970 rate_limit_limit=1000 rate_limit_reset=1705365000 content_type=application/json accept_encoding=gzip,br1155 <11>1 2024-01-15T07:41:47.061Z web-02 postgres 2031 SLOWQ - duration_ms=8781 rows_examined=51447 rows_sent=514 rows_affected=0 lock_time_ms=43 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90031 client_addr=10.0.2.100 query_id=23456789984cdee2 plan_hash=-a34578d89abcdf2 shared_blks_hit=25723 shared_blks_read=5144 shared_blks_written=514 local_blks_hit=0 local_blks_read=0 temp_blks_read=1028 temp_blks_written=257 query="SELECT p.id, p.name, p.price, p.stock, c.name as category, AVG(r.rating) as avg_rating, COUNT(r.id) as review_count FROM products p JOIN categories c ON p.category_id = c.id LEFT JOIN reviews r ON p.id = r.product_id WHERE p.status = 'active' AND p.price BETWEEN $1 AND $2 GROUP BY p.id, p.name, p.price, p.stock, c.name HAVING COUNT(r.id) >= 5 ORDER BY avg_rating DESC, review_count DESC LIMIT 50" plan="Seq Scan on users (cost=0.00..5144 rows=51 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..10289 rows=102 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp835 <85>1 2024-01-15T08:44:04.696Z web-02 audit-daemon 3032 AUDIT - action=login resource=user resource_id=324 actor_id=296 actor_email=user32@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_1579bde240 request_id=1bd5b7dde0-1f59c0-160160-195fc0-001bd5b95fc0 outcome=success reason="" duration_ms=37 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=42 org_name=acme-corp team_id=132 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=52 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z821 <14>1 2024-01-15T09:51:09.201Z auth-01 kubelet 4033 K8SEVT - namespace=ingress-nginx pod=worker-deployment-b4659ccf container=myapp node=node-01 cluster=prod-us-east-1 event_type=Normal reason=Pulling count=4 first_time=2024-01-15T09:00:00Z message="Pulling image registry.example.com/myapp:v1.2.3-alpine from private registry" image=registry.example.com/myapp:v1.2.13-alpine image_id=sha256:0000000000000000258bf258aa62589e000000000000000026af37c0336d157c resource_version=100231 uid=258bd152-20548e-16b16b-1a2abe-001cb4672abe restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.13,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"804 <14>1 2024-01-15T10:58:22.298Z worker-01 firewall 5034 FWEVT - action=DROP proto=UDP src_ip=198.51.100.73 src_port=34922 src_mac=aa:bb:cc:22:ee:ba dst_ip=172.16.0.50 dst_port=523 dst_mac=dd:ee:ff:66:76:42 in_iface=vlan200 out_iface=eth0 vlan_id=134 length=418 ttl=56 tos=0x22 df=1 flags=SYN,ACK window=52426 seq=2467519422 ack=4124364092 urgent=0 policy=pol-034 rule_id=rule-0034 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=RELATED connection_id=26af37c0336d157c packets_in=239 packets_out=375 bytes_in=44274 bytes_out=33938 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=34 threat_category=none threat_name=- nat_src=100.64.0.1 nat_src_port=18126 nat_dst=10.0.2.100 nat_dst_port=80 app_id=app-034 app_name=https app_category=networking1064 <14>1 2024-01-15T11:05:35.395Z db-02 nginx 1035 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=503 bytes_sent=46559 bytes_received=3523 duration_ms=445 upstream=backend-pool-3 upstream_addr=10.10.1.25:8080 upstream_status=503 upstream_duration_ms=437 upstream_connect_ms=2 upstream_header_ms=433 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=1e71c11aad-224a2a-181181-1bc0ba-001e71c2c0ba session_id=sess_27d27d268 trace_id=27d27d27bc77d25a span_id=2d82d82d82d82d83 parent_span_id=28f5c28f45828f38 cache_status=MISS cache_key=api:v2:user:3500 rate_limit_remaining=965 rate_limit_limit=1000 rate_limit_reset=1705365300 content_type=application/json accept_encoding=gzip,br1030 <11>1 2024-01-15T12:36:12.716Z worker-01 postgres 2036 SLOWQ - duration_ms=1036 rows_examined=58132 rows_sent=581 rows_affected=0 lock_time_ms=8 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90036 client_addr=10.0.2.100 query_id=28f5c28f45828f38 plan_hash=1d70a29570a3d708 shared_blks_hit=29066 shared_blks_read=5813 shared_blks_written=581 local_blks_hit=0 local_blks_read=0 temp_blks_read=1162 temp_blks_written=290 query="SELECT u.id, u.email, u.name, u.created_at, p.bio, p.avatar_url, r.name as role FROM users u LEFT JOIN profiles p ON u.id = p.user_id JOIN roles r ON u.role_id = r.id WHERE u.status = 'active' AND u.created_at > '2023-01-01' ORDER BY u.created_at DESC LIMIT 100 OFFSET 0" plan="Seq Scan on users (cost=0.00..5813 rows=58 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..11626 rows=116 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp840 <85>1 2024-01-15T13:19:29.961Z worker-01 audit-daemon 3037 AUDIT - action=export resource=token resource_id=359 actor_id=311 actor_email=user37@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_18d4c38d9a request_id=202f1c988b-243fc6-197197-1d56b6-00202f1e56b6 outcome=success reason="" duration_ms=42 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=47 org_name=acme-corp team_id=137 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=57 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z828 <14>1 2024-01-15T14:26:14.686Z web-02 kubelet 4038 K8SEVT - namespace=ingress-nginx pod=scheduler-deployment-0dca577a container=myapp node=node-06 cluster=prod-us-east-1 event_type=Normal reason=Unhealthy count=9 first_time=2024-01-15T14:00:00Z message="Liveness probe failed: HTTP probe failed with statuscode: 503, host: 10.10.1.15" image=registry.example.com/myapp:v1.2.18-alpine image_id=sha256:00000000000000002b3c4d5e579808f400000000000000002c5f92c5e0a2c5d2 resource_version=100266 uid=80917cac-253a94-1a21a2-1e21b4-00210dcc21b4 restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.18,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"800 <14>1 2024-01-15T15:33:27.783Z db-02 firewall 5039 FWEVT - action=ACCEPT proto=TCP src_ip=198.51.100.73 src_port=39907 src_mac=aa:bb:cc:27:11:fb dst_ip=100.64.0.1 dst_port=80 dst_mac=dd:ee:ff:75:ad:97 in_iface=vlan200 out_iface=eth0 vlan_id=139 length=903 ttl=56 tos=0x27 df=1 flags=SYN,ACK window=58931 seq=3967293033 ack=3972952818 urgent=0 policy=pol-039 rule_id=rule-0039 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=INVALID connection_id=2c5f92c5e0a2c5d2 packets_in=274 packets_out=430 bytes_in=50779 bytes_out=38923 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=39 threat_category=none threat_name=- nat_src=10.10.0.1 nat_src_port=20641 nat_dst=10.0.2.100 nat_dst_port=523 app_id=app-039 app_name=https app_category=networking1065 <14>1 2024-01-15T16:40:40.880Z web-01 nginx 1040 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=302 bytes_sent=53064 bytes_received=4008 duration_ms=630 upstream=backend-pool-2 upstream_addr=10.10.1.10:8080 upstream_status=302 upstream_duration_ms=622 upstream_connect_ms=2 upstream_header_ms=618 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=22cb25d558-273030-1b81b8-1fb7b0-0022cb27b7b0 session_id=sess_2d82d82c0 trace_id=2d82d82d69ad82b0 span_id=7d27d27d27d27d28 parent_span_id=2ea61d94f2b83f8e cache_status=MISS cache_key=api:v2:user:4000 rate_limit_remaining=960 rate_limit_limit=1000 rate_limit_reset=1705365600 content_type=application/json accept_encoding=gzip,br1026 <11>1 2024-01-15T17:31:37.371Z db-02 postgres 2041 SLOWQ - duration_ms=2291 rows_examined=64817 rows_sent=648 rows_affected=0 lock_time_ms=23 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90041 client_addr=10.0.2.100 query_id=2ea61d94f2b83f8e plan_hash=45159cb86af37c02 shared_blks_hit=32408 shared_blks_read=6481 shared_blks_written=648 local_blks_hit=0 local_blks_read=0 temp_blks_read=1296 temp_blks_written=324 query="UPDATE orders SET status = 'shipped', updated_at = NOW(), shipped_at = NOW(), tracking_number = 'TRK-9876543210', carrier = 'FedEx' WHERE id IN (SELECT order_id FROM shipment_queue WHERE processed = false AND created_at < NOW() - INTERVAL '1 hour') RETURNING id, status" plan="Seq Scan on users (cost=0.00..6481 rows=64 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..12963 rows=129 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp837 <85>1 2024-01-15T18:54:54.226Z db-02 audit-daemon 3042 AUDIT - action=create resource=policy resource_id=394 actor_id=326 actor_email=user42@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_1c2fc938f4 request_id=2488815336-2925cc-1ce1ce-214dac-002488834dac outcome=success reason="" duration_ms=47 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=52 org_name=acme-corp team_id=142 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=62 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z818 <14>1 2024-01-15T19:01:19.171Z worker-01 kubelet 4043 K8SEVT - namespace=ingress-nginx pod=webhook-deployment-672f1225 container=myapp node=node-11 cluster=prod-us-east-1 event_type=Normal reason=Created count=4 first_time=2024-01-15T19:00:00Z message="Created container myapp with ID abc123def456789012345678901234567890abcd" image=registry.example.com/myapp:v1.2.3-alpine image_id=sha256:000000000000000030eca86404cdb94a0000000000000000320fedcb8dd87628 resource_version=100301 uid=db972806-2a209a-1d91d9-2218aa-0025673118aa restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.3,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"806 <14>1 2024-01-15T20:08:32.268Z web-01 firewall 5044 FWEVT - action=REJECT proto=ICMP src_ip=198.51.100.73 src_port=44892 src_mac=aa:bb:cc:2c:34:3c dst_ip=10.10.0.1 dst_port=966 dst_mac=dd:ee:ff:84:e4:ec in_iface=vlan200 out_iface=eth0 vlan_id=144 length=1388 ttl=56 tos=0x2c df=1 flags=SYN,ACK window=65436 seq=1172099348 ack=3821541544 urgent=0 policy=pol-044 rule_id=rule-0044 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=ESTABLISHED connection_id=320fedcb8dd87628 packets_in=309 packets_out=485 bytes_in=57284 bytes_out=43908 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=44 threat_category=none threat_name=- nat_src=10.10.0.2 nat_src_port=23156 nat_dst=10.0.2.100 nat_dst_port=80 app_id=app-044 app_name=https app_category=networking1067 <14>1 2024-01-15T21:15:45.365Z proxy-01 nginx 1045 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=500 bytes_sent=59569 bytes_received=397 duration_ms=815 upstream=backend-pool-1 upstream_addr=10.10.1.15:8080 upstream_status=500 upstream_duration_ms=807 upstream_connect_ms=2 upstream_header_ms=803 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=27248a9003-2c1636-1ef1ef-23aea6-0027248caea6 session_id=sess_333333318 trace_id=3333333316e33306 span_id=-3333333333333333 parent_span_id=3456789a9fedefe4 cache_status=MISS cache_key=api:v2:user:4500 rate_limit_remaining=955 rate_limit_limit=1000 rate_limit_reset=1705365900 content_type=application/json accept_encoding=gzip,br1056 <11>1 2024-01-15T22:26:02.026Z web-01 postgres 2046 SLOWQ - duration_ms=3546 rows_examined=71502 rows_sent=715 rows_affected=0 lock_time_ms=38 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90046 client_addr=10.0.2.100 query_id=3456789a9fedefe4 plan_hash=6cba96db654320fc shared_blks_hit=35751 shared_blks_read=7150 shared_blks_written=715 local_blks_hit=0 local_blks_read=0 temp_blks_read=1430 temp_blks_written=357 query="INSERT INTO audit_log (user_id, action, resource_type, resource_id, old_value, new_value, ip_address, user_agent, created_at) SELECT $1, $2, $3, $4, $5, $6, $7, $8, NOW() WHERE NOT EXISTS (SELECT 1 FROM audit_log WHERE user_id = $1 AND resource_id = $4 AND created_at > NOW() - INTERVAL '1 second')" plan="Seq Scan on users (cost=0.00..7150 rows=71 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..14300 rows=143 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp840 <85>1 2024-01-15T23:29:19.491Z web-01 audit-daemon 3047 AUDIT - action=sudo resource=permission resource_id=429 actor_id=341 actor_email=user47@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_1f8acee44e request_id=28e1e60de1-2e0bd2-205205-2544a2-0028e1e844a2 outcome=success reason="" duration_ms=52 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=57 org_name=acme-corp team_id=147 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=67 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z812 <14>1 2024-01-15T00:36:24.656Z db-02 kubelet 4048 K8SEVT - namespace=ingress-nginx pod=api-deployment-c093ccd0 container=myapp node=node-00 cluster=prod-us-east-1 event_type=Normal reason=Scheduled count=9 first_time=2024-01-15T00:00:00Z message="Successfully assigned pod to node node-07 by scheduler default-scheduler" image=registry.example.com/myapp:v1.2.8-alpine image_id=sha256:0000000000000000369d0369b20369a0000000000000000037c048d13b0e267e resource_version=100336 uid=369cd360-2f06a0-210210-260fa0-0029c0960fa0 restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.8,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"799 <14>1 2024-01-15T01:43:37.753Z proxy-01 firewall 5049 FWEVT - action=DROP proto=UDP src_ip=198.51.100.73 src_port=49877 src_mac=aa:bb:cc:31:57:7d dst_ip=10.10.0.2 dst_port=523 dst_mac=dd:ee:ff:93:1b:41 in_iface=vlan200 out_iface=eth0 vlan_id=149 length=413 ttl=56 tos=0x31 df=1 flags=SYN,ACK window=14597 seq=2671872959 ack=3670130270 urgent=0 policy=pol-049 rule_id=rule-0049 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=NEW connection_id=37c048d13b0e267e packets_in=344 packets_out=540 bytes_in=63789 bytes_out=48893 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=49 threat_category=none threat_name=- nat_src=172.16.0.50 nat_src_port=25671 nat_dst=10.0.2.100 nat_dst_port=523 app_id=app-049 app_name=https app_category=networking1061 <14>1 2024-01-15T02:50:50.850Z db-01 nginx 1050 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=204 bytes_sent=66074 bytes_received=882 duration_ms=100 upstream=backend-pool-3 upstream_addr=10.10.1.20:8080 upstream_status=204 upstream_duration_ms=92 upstream_connect_ms=2 upstream_header_ms=88 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=2b7def4aae-30fc3c-226226-27a59c-002b7df1a59c session_id=sess_38e38e370 trace_id=38e38e38c418e35c span_id=1c71c71c71c71c72 parent_span_id=3a06d3a04d23a03a cache_status=MISS cache_key=api:v2:user:5000 rate_limit_remaining=950 rate_limit_limit=1000 rate_limit_reset=1705366200 content_type=application/json accept_encoding=gzip,br1157 <11>1 2024-01-15T03:21:27.681Z proxy-01 postgres 2051 SLOWQ - duration_ms=4801 rows_examined=78187 rows_sent=781 rows_affected=0 lock_time_ms=3 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90051 client_addr=10.0.2.100 query_id=3a06d3a04d23a03a plan_hash=-6ba06f01a06d3a0a shared_blks_hit=39093 shared_blks_read=7818 shared_blks_written=781 local_blks_hit=0 local_blks_read=0 temp_blks_read=1563 temp_blks_written=390 query="SELECT p.id, p.name, p.price, p.stock, c.name as category, AVG(r.rating) as avg_rating, COUNT(r.id) as review_count FROM products p JOIN categories c ON p.category_id = c.id LEFT JOIN reviews r ON p.id = r.product_id WHERE p.status = 'active' AND p.price BETWEEN $1 AND $2 GROUP BY p.id, p.name, p.price, p.stock, c.name HAVING COUNT(r.id) >= 5 ORDER BY avg_rating DESC, review_count DESC LIMIT 50" plan="Seq Scan on users (cost=0.00..7818 rows=78 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..15637 rows=156 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp845 <85>1 2024-01-15T04:04:44.756Z proxy-01 audit-daemon 3052 AUDIT - action=delete resource=certificate resource_id=464 actor_id=356 actor_email=user52@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_22e5d48fa8 request_id=2d3b4ac88c-32f1d8-23c23c-293b98-002d3b4d3b98 outcome=success reason="" duration_ms=57 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=12 org_name=acme-corp team_id=152 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=72 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z809 <14>1 2024-01-15T05:11:29.141Z web-01 kubelet 4053 K8SEVT - namespace=ingress-nginx pod=worker-deployment-19f8877b container=myapp node=node-05 cluster=prod-us-east-1 event_type=Normal reason=BackOff count=4 first_time=2024-01-15T05:00:00Z message="Back-off restarting failed container myapp after CrashLoopBackOff" image=registry.example.com/myapp:v1.2.13-alpine image_id=sha256:00000000000000003c4d5e6f5f3919f600000000000000003d70a3d6e843d6d4 resource_version=100371 uid=91a27eba-33eca6-247247-2a0696-002e19fb0696 restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.13,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"800 <14>1 2024-01-15T06:18:42.238Z db-01 firewall 5054 FWEVT - action=ACCEPT proto=TCP src_ip=198.51.100.73 src_port=54862 src_mac=aa:bb:cc:36:7a:be dst_ip=172.16.0.50 dst_port=80 dst_mac=dd:ee:ff:a2:52:96 in_iface=vlan200 out_iface=eth0 vlan_id=154 length=898 ttl=56 tos=0x36 df=1 flags=SYN,ACK window=21102 seq=4171646570 ack=3518718996 urgent=0 policy=pol-054 rule_id=rule-0054 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=RELATED connection_id=3d70a3d6e843d6d4 packets_in=379 packets_out=595 bytes_in=4798 bytes_out=53878 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=54 threat_category=none threat_name=- nat_src=100.64.0.1 nat_src_port=28186 nat_dst=10.0.2.100 nat_dst_port=80 app_id=app-054 app_name=https app_category=networking1067 <14>1 2024-01-15T07:25:55.335Z worker-02 nginx 1055 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=403 bytes_sent=7043 bytes_received=1367 duration_ms=285 upstream=backend-pool-2 upstream_addr=10.10.1.25:8080 upstream_status=403 upstream_duration_ms=277 upstream_connect_ms=2 upstream_header_ms=273 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=2fd7540559-35e242-25d25d-2b9c92-002fd7569c92 session_id=sess_3e93e93c8 trace_id=3e93e93e714e93b2 span_id=6c16c16c16c16c17 parent_span_id=3fb72ea5fa595090 cache_status=MISS cache_key=api:v2:user:5500 rate_limit_remaining=945 rate_limit_limit=1000 rate_limit_reset=1705366500 content_type=application/json accept_encoding=gzip,br1028 <11>1 2024-01-15T08:16:52.336Z db-01 postgres 2056 SLOWQ - duration_ms=6056 rows_examined=84872 rows_sent=848 rows_affected=0 lock_time_ms=18 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90056 client_addr=10.0.2.100 query_id=3fb72ea5fa595090 plan_hash=-43fb74dea61d9510 shared_blks_hit=42436 shared_blks_read=8487 shared_blks_written=848 local_blks_hit=0 local_blks_read=0 temp_blks_read=1697 temp_blks_written=424 query="SELECT u.id, u.email, u.name, u.created_at, p.bio, p.avatar_url, r.name as role FROM users u LEFT JOIN profiles p ON u.id = p.user_id JOIN roles r ON u.role_id = r.id WHERE u.status = 'active' AND u.created_at > '2023-01-01' ORDER BY u.created_at DESC LIMIT 100 OFFSET 0" plan="Seq Scan on users (cost=0.00..8487 rows=84 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..16974 rows=169 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp835 <85>1 2024-01-15T09:39:09.021Z db-01 audit-daemon 3057 AUDIT - action=logout resource=role resource_id=499 actor_id=371 actor_email=user57@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_2640da3b02 request_id=3194af8337-37d7de-273273-2d328e-003194b2328e outcome=success reason="" duration_ms=62 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=17 org_name=acme-corp team_id=157 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=77 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z824 <14>1 2024-01-15T10:46:34.626Z proxy-01 kubelet 4058 K8SEVT - namespace=ingress-nginx pod=scheduler-deployment-735d4226 container=myapp node=node-10 cluster=prod-us-east-1 event_type=Normal reason=Pulled count=9 first_time=2024-01-15T10:00:00Z message="Successfully pulled image registry.example.com/myapp:v1.2.3-alpine in 3.421s" image=registry.example.com/myapp:v1.2.18-alpine image_id=sha256:000000000000000041fdb9750c6eca4c00000000000000004320fedc9579872a resource_version=100406 uid=eca82a14-38d2ac-27e27e-2dfd8c-0032735ffd8c restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.18,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"807 <14>1 2024-01-15T11:53:47.723Z worker-02 firewall 5059 FWEVT - action=REJECT proto=ICMP src_ip=198.51.100.73 src_port=59847 src_mac=aa:bb:cc:3b:9d:ff dst_ip=100.64.0.1 dst_port=966 dst_mac=dd:ee:ff:b1:89:eb in_iface=vlan200 out_iface=eth0 vlan_id=159 length=1383 ttl=56 tos=0x3b df=1 flags=SYN,ACK window=27607 seq=1376452885 ack=3367307722 urgent=0 policy=pol-059 rule_id=rule-0059 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=INVALID connection_id=4320fedc9579872a packets_in=414 packets_out=650 bytes_in=11303 bytes_out=58863 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=59 threat_category=none threat_name=- nat_src=10.10.0.1 nat_src_port=30701 nat_dst=10.0.2.100 nat_dst_port=523 app_id=app-059 app_name=https app_category=networking1067 <14>1 2024-01-15T12:00:00.820Z auth-01 nginx 1060 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=200 bytes_sent=13548 bytes_received=1852 duration_ms=470 upstream=backend-pool-1 upstream_addr=10.10.1.10:8080 upstream_status=200 upstream_duration_ms=462 upstream_connect_ms=2 upstream_header_ms=458 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=3430b8c004-3ac848-294294-2f9388-003430bb9388 session_id=sess_444444420 trace_id=444444441e844408 span_id=-4444444444444444 parent_span_id=456789aba78f00e6 cache_status=MISS cache_key=api:v2:user:6000 rate_limit_remaining=940 rate_limit_limit=1000 rate_limit_reset=1705366800 content_type=application/json accept_encoding=gzip,br1031 <11>1 2024-01-15T13:11:17.991Z worker-02 postgres 2061 SLOWQ - duration_ms=7311 rows_examined=91557 rows_sent=915 rows_affected=0 lock_time_ms=33 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90061 client_addr=10.0.2.100 query_id=456789aba78f00e6 plan_hash=-1c567abbabcdf016 shared_blks_hit=45778 shared_blks_read=9155 shared_blks_written=915 local_blks_hit=0 local_blks_read=0 temp_blks_read=1831 temp_blks_written=457 query="UPDATE orders SET status = 'shipped', updated_at = NOW(), shipped_at = NOW(), tracking_number = 'TRK-9876543210', carrier = 'FedEx' WHERE id IN (SELECT order_id FROM shipment_queue WHERE processed = false AND created_at < NOW() - INTERVAL '1 hour') RETURNING id, status" plan="Seq Scan on users (cost=0.00..9155 rows=91 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..18311 rows=183 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp840 <85>1 2024-01-15T14:14:34.286Z worker-02 audit-daemon 3062 AUDIT - action=import resource=group resource_id=534 actor_id=386 actor_email=user62@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_299bdfe65c request_id=35ee143de2-3cbde4-2aa2aa-312984-0035ee172984 outcome=success reason="" duration_ms=67 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=22 org_name=acme-corp team_id=162 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=82 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z824 <14>1 2024-01-15T15:21:39.111Z db-01 kubelet 4063 K8SEVT - namespace=ingress-nginx pod=webhook-deployment-ccc1fcd1 container=myapp node=node-15 cluster=prod-us-east-1 event_type=Normal reason=Killing count=4 first_time=2024-01-15T15:00:00Z message="Stopping container myapp due to failed liveness probe after 3 consecutive failures" image=registry.example.com/myapp:v1.2.3-alpine image_id=sha256:000000000000000047ae147ab9a47aa2000000000000000048d159e242af3780 resource_version=100441 uid=47add56e-3db8b2-2b52b5-31f482-0036ccc4f482 restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.3,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"803 <14>1 2024-01-15T16:28:52.208Z auth-01 firewall 5064 FWEVT - action=DROP proto=UDP src_ip=198.51.100.73 src_port=64832 src_mac=aa:bb:cc:40:c0:40 dst_ip=10.10.0.1 dst_port=523 dst_mac=dd:ee:ff:c0:c0:40 in_iface=vlan200 out_iface=eth0 vlan_id=164 length=408 ttl=56 tos=0x40 df=1 flags=SYN,ACK window=34112 seq=2876226496 ack=3215896448 urgent=0 policy=pol-064 rule_id=rule-0064 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=ESTABLISHED connection_id=48d159e242af3780 packets_in=449 packets_out=705 bytes_in=17808 bytes_out=63848 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=64 threat_category=none threat_name=- nat_src=10.10.0.2 nat_src_port=33216 nat_dst=10.0.2.100 nat_dst_port=80 app_id=app-064 app_name=https app_category=networking1065 <14>1 2024-01-15T17:35:05.305Z web-02 nginx 1065 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=400 bytes_sent=20053 bytes_received=2337 duration_ms=655 upstream=backend-pool-3 upstream_addr=10.10.1.15:8080 upstream_status=400 upstream_duration_ms=647 upstream_connect_ms=2 upstream_header_ms=643 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=388a1d7aaf-3fae4e-2cb2cb-338a7e-00388a208a7e session_id=sess_49f49f478 trace_id=49f49f49cbb9f45e span_id=0b60b60b60b60b61 parent_span_id=4b17e4b154c4b13c cache_status=MISS cache_key=api:v2:user:6500 rate_limit_remaining=935 rate_limit_limit=1000 rate_limit_reset=1705367100 content_type=application/json accept_encoding=gzip,br1057 <11>1 2024-01-15T18:06:42.646Z auth-01 postgres 2066 SLOWQ - duration_ms=8566 rows_examined=98242 rows_sent=982 rows_affected=0 lock_time_ms=48 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90066 client_addr=10.0.2.100 query_id=4b17e4b154c4b13c plan_hash=0b4e7f674e81b4e4 shared_blks_hit=49121 shared_blks_read=9824 shared_blks_written=982 local_blks_hit=0 local_blks_read=0 temp_blks_read=1964 temp_blks_written=491 query="INSERT INTO audit_log (user_id, action, resource_type, resource_id, old_value, new_value, ip_address, user_agent, created_at) SELECT $1, $2, $3, $4, $5, $6, $7, $8, NOW() WHERE NOT EXISTS (SELECT 1 FROM audit_log WHERE user_id = $1 AND resource_id = $4 AND created_at > NOW() - INTERVAL '1 second')" plan="Seq Scan on users (cost=0.00..9824 rows=98 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..19648 rows=196 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp839 <85>1 2024-01-15T19:49:59.551Z auth-01 audit-daemon 3067 AUDIT - action=update resource=secret resource_id=569 actor_id=401 actor_email=user67@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_2cf6e591b6 request_id=3a4778f88d-41a3ea-2e12e1-35207a-003a477c207a outcome=success reason="" duration_ms=72 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=27 org_name=acme-corp team_id=167 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=87 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z807 <14>1 2024-01-15T20:56:44.596Z worker-02 kubelet 4068 K8SEVT - namespace=ingress-nginx pod=api-deployment-2626b77c container=myapp node=node-04 cluster=prod-us-east-1 event_type=Normal reason=Started count=9 first_time=2024-01-15T20:00:00Z message="Started container myapp successfully, waiting for readiness probe" image=registry.example.com/myapp:v1.2.8-alpine image_id=sha256:00000000000000004d5e6f8066da2af800000000000000004e81b4e7efe4e7d6 resource_version=100476 uid=a2b380c8-429eb8-2ec2ec-35eb78-003b2629eb78 restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.8,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"794 <14>1 2024-01-15T21:03:57.693Z web-02 firewall 5069 FWEVT - action=ACCEPT proto=TCP src_ip=198.51.100.73 src_port=5306 src_mac=aa:bb:cc:45:e3:81 dst_ip=10.10.0.2 dst_port=80 dst_mac=dd:ee:ff:cf:f7:95 in_iface=vlan200 out_iface=eth0 vlan_id=169 length=893 ttl=56 tos=0x45 df=1 flags=SYN,ACK window=40617 seq=81032811 ack=3064485174 urgent=0 policy=pol-069 rule_id=rule-0069 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=NEW connection_id=4e81b4e7efe4e7d6 packets_in=484 packets_out=760 bytes_in=24313 bytes_out=3337 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=69 threat_category=none threat_name=- nat_src=172.16.0.50 nat_src_port=35731 nat_dst=10.0.2.100 nat_dst_port=523 app_id=app-069 app_name=https app_category=networking1068 <14>1 2024-01-15T22:10:10.790Z worker-01 nginx 1070 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=502 bytes_sent=26558 bytes_received=2822 duration_ms=840 upstream=backend-pool-2 upstream_addr=10.10.1.20:8080 upstream_status=502 upstream_duration_ms=832 upstream_connect_ms=2 upstream_header_ms=828 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=3ce382355a-449454-302302-378174-003ce3858174 session_id=sess_4fa4fa4d0 trace_id=4fa4fa4f78efa4b4 span_id=5b05b05b05b05b06 parent_span_id=50c83fb701fa6192 cache_status=MISS cache_key=api:v2:user:7000 rate_limit_remaining=930 rate_limit_limit=1000 rate_limit_reset=1705367400 content_type=application/json accept_encoding=gzip,br1161 <11>1 2024-01-15T23:01:07.301Z web-02 postgres 2071 SLOWQ - duration_ms=9821 rows_examined=104927 rows_sent=1049 rows_affected=0 lock_time_ms=13 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90071 client_addr=10.0.2.100 query_id=50c83fb701fa6192 plan_hash=32f3798a48d159de shared_blks_hit=52463 shared_blks_read=10492 shared_blks_written=1049 local_blks_hit=0 local_blks_read=0 temp_blks_read=2098 temp_blks_written=524 query="SELECT p.id, p.name, p.price, p.stock, c.name as category, AVG(r.rating) as avg_rating, COUNT(r.id) as review_count FROM products p JOIN categories c ON p.category_id = c.id LEFT JOIN reviews r ON p.id = r.product_id WHERE p.status = 'active' AND p.price BETWEEN $1 AND $2 GROUP BY p.id, p.name, p.price, p.stock, c.name HAVING COUNT(r.id) >= 5 ORDER BY avg_rating DESC, review_count DESC LIMIT 50" plan="Seq Scan on users (cost=0.00..10492 rows=104 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..20985 rows=209 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp835 <85>1 2024-01-15T00:24:24.816Z web-02 audit-daemon 3072 AUDIT - action=login resource=user resource_id=604 actor_id=416 actor_email=user72@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_3051eb3d10 request_id=3ea0ddb338-4689f0-318318-391770-003ea0e11770 outcome=success reason="" duration_ms=77 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=32 org_name=acme-corp team_id=172 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=92 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z821 <14>1 2024-01-15T01:31:49.081Z auth-01 kubelet 4073 K8SEVT - namespace=ingress-nginx pod=worker-deployment-7f8b7227 container=myapp node=node-09 cluster=prod-us-east-1 event_type=Normal reason=Pulling count=4 first_time=2024-01-15T01:00:00Z message="Pulling image registry.example.com/myapp:v1.2.3-alpine from private registry" image=registry.example.com/myapp:v1.2.13-alpine image_id=sha256:0000000000000000530eca86140fdb4e000000000000000054320fed9d1a982c resource_version=100511 uid=fdb92c22-4784be-323323-39e26e-003f7f8ee26e restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.13,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"807 <14>1 2024-01-15T02:38:02.178Z worker-01 firewall 5074 FWEVT - action=REJECT proto=ICMP src_ip=198.51.100.73 src_port=10291 src_mac=aa:bb:cc:4a:06:c2 dst_ip=172.16.0.50 dst_port=966 dst_mac=dd:ee:ff:de:2e:ea in_iface=vlan200 out_iface=eth0 vlan_id=174 length=1378 ttl=56 tos=0x4a df=1 flags=SYN,ACK window=47122 seq=1580806422 ack=2913073900 urgent=0 policy=pol-074 rule_id=rule-0074 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=RELATED connection_id=54320fed9d1a982c packets_in=519 packets_out=815 bytes_in=30818 bytes_out=8322 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=74 threat_category=none threat_name=- nat_src=100.64.0.1 nat_src_port=38246 nat_dst=10.0.2.100 nat_dst_port=80 app_id=app-074 app_name=https app_category=networking1065 <14>1 2024-01-15T03:45:15.275Z db-02 nginx 1075 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=301 bytes_sent=33063 bytes_received=3307 duration_ms=125 upstream=backend-pool-1 upstream_addr=10.10.1.25:8080 upstream_status=301 upstream_duration_ms=117 upstream_connect_ms=2 upstream_header_ms=113 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=413ce6f005-497a5a-339339-3b786a-00413cea786a session_id=sess_555555528 trace_id=555555552625550a span_id=-5555555555555555 parent_span_id=56789abcaf3011e8 cache_status=MISS cache_key=api:v2:user:7500 rate_limit_remaining=925 rate_limit_limit=1000 rate_limit_reset=1705367700 content_type=application/json accept_encoding=gzip,br1037 <11>1 2024-01-15T04:56:32.956Z worker-01 postgres 2076 SLOWQ - duration_ms=2076 rows_examined=111612 rows_sent=1116 rows_affected=0 lock_time_ms=28 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90076 client_addr=10.0.2.100 query_id=56789abcaf3011e8 plan_hash=5a9873ad4320fed8 shared_blks_hit=55806 shared_blks_read=11161 shared_blks_written=1116 local_blks_hit=0 local_blks_read=0 temp_blks_read=2232 temp_blks_written=558 query="SELECT u.id, u.email, u.name, u.created_at, p.bio, p.avatar_url, r.name as role FROM users u LEFT JOIN profiles p ON u.id = p.user_id JOIN roles r ON u.role_id = r.id WHERE u.status = 'active' AND u.created_at > '2023-01-01' ORDER BY u.created_at DESC LIMIT 100 OFFSET 0" plan="Seq Scan on users (cost=0.00..11161 rows=111 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..22322 rows=223 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp840 <85>1 2024-01-15T05:59:49.081Z worker-01 audit-daemon 3077 AUDIT - action=export resource=token resource_id=639 actor_id=431 actor_email=user77@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_33acf0e86a request_id=42fa426de3-4b6ff6-34f34f-3d0e66-0042fa460e66 outcome=success reason="" duration_ms=82 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=37 org_name=acme-corp team_id=177 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=97 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z828 <14>1 2024-01-15T06:06:54.566Z web-02 kubelet 4078 K8SEVT - namespace=ingress-nginx pod=scheduler-deployment-d8f02cd2 container=myapp node=node-14 cluster=prod-us-east-1 event_type=Normal reason=Unhealthy count=9 first_time=2024-01-15T06:00:00Z message="Liveness probe failed: HTTP probe failed with statuscode: 503, host: 10.10.1.15" image=registry.example.com/myapp:v1.2.18-alpine image_id=sha256:000000000000000058bf258bc1458ba4000000000000000059e26af34a504882 resource_version=100546 uid=58bed77c-4c6ac4-35a35a-3dd964-0043d8f3d964 restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.18,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"799 <14>1 2024-01-15T07:13:07.663Z db-02 firewall 5079 FWEVT - action=DROP proto=UDP src_ip=198.51.100.73 src_port=15276 src_mac=aa:bb:cc:4f:29:03 dst_ip=100.64.0.1 dst_port=523 dst_mac=dd:ee:ff:ed:65:3f in_iface=vlan200 out_iface=eth0 vlan_id=179 length=403 ttl=56 tos=0x4f df=1 flags=SYN,ACK window=53627 seq=3080580033 ack=2761662626 urgent=0 policy=pol-079 rule_id=rule-0079 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=INVALID connection_id=59e26af34a504882 packets_in=554 packets_out=870 bytes_in=37323 bytes_out=13307 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=79 threat_category=none threat_name=- nat_src=10.10.0.1 nat_src_port=40761 nat_dst=10.0.2.100 nat_dst_port=523 app_id=app-079 app_name=https app_category=networking1065 <14>1 2024-01-15T08:20:20.760Z web-01 nginx 1080 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=404 bytes_sent=39568 bytes_received=3792 duration_ms=310 upstream=backend-pool-3 upstream_addr=10.10.1.10:8080 upstream_status=404 upstream_duration_ms=302 upstream_connect_ms=2 upstream_header_ms=298 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=45964baab0-4e6060-370370-3f6f60-0045964f6f60 session_id=sess_5b05b0580 trace_id=5b05b05ad35b0560 span_id=-5b05b05b05b05b0 parent_span_id=5c28f5c25c65c23e cache_status=MISS cache_key=api:v2:user:8000 rate_limit_remaining=920 rate_limit_limit=1000 rate_limit_reset=1705368000 content_type=application/json accept_encoding=gzip,br1033 <11>1 2024-01-15T09:51:57.611Z db-02 postgres 2081 SLOWQ - duration_ms=3331 rows_examined=118297 rows_sent=1182 rows_affected=0 lock_time_ms=43 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90081 client_addr=10.0.2.100 query_id=5c28f5c25c65c23e plan_hash=-7dc2922fc28f5c2e shared_blks_hit=59148 shared_blks_read=11829 shared_blks_written=1182 local_blks_hit=0 local_blks_read=0 temp_blks_read=2365 temp_blks_written=591 query="UPDATE orders SET status = 'shipped', updated_at = NOW(), shipped_at = NOW(), tracking_number = 'TRK-9876543210', carrier = 'FedEx' WHERE id IN (SELECT order_id FROM shipment_queue WHERE processed = false AND created_at < NOW() - INTERVAL '1 hour') RETURNING id, status" plan="Seq Scan on users (cost=0.00..11829 rows=118 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..23659 rows=236 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp837 <85>1 2024-01-15T10:34:14.346Z db-02 audit-daemon 3082 AUDIT - action=create resource=policy resource_id=674 actor_id=446 actor_email=user82@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_3707f693c4 request_id=4753a7288e-5055fc-386386-41055c-004753ab055c outcome=success reason="" duration_ms=87 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=42 org_name=acme-corp team_id=182 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=22 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z818 <14>1 2024-01-15T11:41:59.051Z worker-01 kubelet 4083 K8SEVT - namespace=ingress-nginx pod=webhook-deployment-3254e77d container=myapp node=node-03 cluster=prod-us-east-1 event_type=Normal reason=Created count=4 first_time=2024-01-15T11:00:00Z message="Created container myapp with ID abc123def456789012345678901234567890abcd" image=registry.example.com/myapp:v1.2.3-alpine image_id=sha256:00000000000000005e6f80916e7b3bfa00000000000000005f92c5f8f785f8d8 resource_version=100581 uid=b3c482d6-5150ca-391391-41d05a-00483258d05a restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.3,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"802 <14>1 2024-01-15T12:48:12.148Z web-01 firewall 5084 FWEVT - action=ACCEPT proto=TCP src_ip=198.51.100.73 src_port=20261 src_mac=aa:bb:cc:54:4c:44 dst_ip=10.10.0.1 dst_port=80 dst_mac=dd:ee:ff:fc:9c:94 in_iface=vlan200 out_iface=eth0 vlan_id=184 length=888 ttl=56 tos=0x54 df=1 flags=SYN,ACK window=60132 seq=285386348 ack=2610251352 urgent=0 policy=pol-084 rule_id=rule-0084 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=ESTABLISHED connection_id=5f92c5f8f785f8d8 packets_in=589 packets_out=925 bytes_in=43828 bytes_out=18292 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=84 threat_category=none threat_name=- nat_src=10.10.0.2 nat_src_port=43276 nat_dst=10.0.2.100 nat_dst_port=80 app_id=app-084 app_name=https app_category=networking1066 <14>1 2024-01-15T13:55:25.245Z proxy-01 nginx 1085 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=201 bytes_sent=46073 bytes_received=181 duration_ms=495 upstream=backend-pool-2 upstream_addr=10.10.1.15:8080 upstream_status=201 upstream_duration_ms=487 upstream_connect_ms=2 upstream_header_ms=483 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=49efb0655b-534666-3a73a7-436656-0049efb46656 session_id=sess_60b60b5d8 trace_id=60b60b608090b5b6 span_id=49f49f49f49f49f5 parent_span_id=61d950c8099b7294 cache_status=MISS cache_key=api:v2:user:8500 rate_limit_remaining=915 rate_limit_limit=1000 rate_limit_reset=1705368300 content_type=application/json accept_encoding=gzip,br1062 <11>1 2024-01-15T14:46:22.266Z web-01 postgres 2086 SLOWQ - duration_ms=4586 rows_examined=124982 rows_sent=1249 rows_affected=0 lock_time_ms=8 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90086 client_addr=10.0.2.100 query_id=61d950c8099b7294 plan_hash=-561d980cc83fb734 shared_blks_hit=62491 shared_blks_read=12498 shared_blks_written=1249 local_blks_hit=0 local_blks_read=0 temp_blks_read=2499 temp_blks_written=624 query="INSERT INTO audit_log (user_id, action, resource_type, resource_id, old_value, new_value, ip_address, user_agent, created_at) SELECT $1, $2, $3, $4, $5, $6, $7, $8, NOW() WHERE NOT EXISTS (SELECT 1 FROM audit_log WHERE user_id = $1 AND resource_id = $4 AND created_at > NOW() - INTERVAL '1 second')" plan="Seq Scan on users (cost=0.00..12498 rows=124 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..24996 rows=249 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp840 <85>1 2024-01-15T15:09:39.611Z web-01 audit-daemon 3087 AUDIT - action=sudo resource=permission resource_id=709 actor_id=461 actor_email=user87@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_3a62fc3f1e request_id=4bad0be339-553c02-3bd3bd-44fc52-004bad0ffc52 outcome=success reason="" duration_ms=92 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=47 org_name=acme-corp team_id=187 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=27 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z812 <14>1 2024-01-15T16:16:04.536Z db-02 kubelet 4088 K8SEVT - namespace=ingress-nginx pod=api-deployment-8bb9a228 container=myapp node=node-08 cluster=prod-us-east-1 event_type=Normal reason=Scheduled count=9 first_time=2024-01-15T16:00:00Z message="Successfully assigned pod to node node-07 by scheduler default-scheduler" image=registry.example.com/myapp:v1.2.8-alpine image_id=sha256:0000000000000000641fdb971bb0ec500000000000000000654320fea4bba92e resource_version=100616 uid=0eca2e30-5636d0-3c83c8-45c750-004c8bbdc750 restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.8,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"802 <14>1 2024-01-15T17:23:17.633Z proxy-01 firewall 5089 FWEVT - action=REJECT proto=ICMP src_ip=198.51.100.73 src_port=25246 src_mac=aa:bb:cc:59:6f:85 dst_ip=10.10.0.2 dst_port=966 dst_mac=dd:ee:ff:0b:d3:e9 in_iface=vlan200 out_iface=eth0 vlan_id=189 length=1373 ttl=56 tos=0x59 df=1 flags=SYN,ACK window=9293 seq=1785159959 ack=2458840078 urgent=0 policy=pol-089 rule_id=rule-0089 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=NEW connection_id=654320fea4bba92e packets_in=624 packets_out=980 bytes_in=50333 bytes_out=23277 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=89 threat_category=none threat_name=- nat_src=172.16.0.50 nat_src_port=45791 nat_dst=10.0.2.100 nat_dst_port=523 app_id=app-089 app_name=https app_category=networking1064 <14>1 2024-01-15T18:30:30.730Z db-01 nginx 1090 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=401 bytes_sent=52578 bytes_received=666 duration_ms=680 upstream=backend-pool-1 upstream_addr=10.10.1.20:8080 upstream_status=401 upstream_duration_ms=672 upstream_connect_ms=2 upstream_header_ms=668 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=4e49152006-582c6c-3de3de-475d4c-004e49195d4c session_id=sess_666666630 trace_id=666666662dc6660c span_id=-6666666666666666 parent_span_id=6789abcdb6d122ea cache_status=MISS cache_key=api:v2:user:9000 rate_limit_remaining=910 rate_limit_limit=1000 rate_limit_reset=1705368600 content_type=application/json accept_encoding=gzip,br1164 <11>1 2024-01-15T19:41:47.921Z proxy-01 postgres 2091 SLOWQ - duration_ms=5841 rows_examined=131667 rows_sent=1316 rows_affected=0 lock_time_ms=23 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90091 client_addr=10.0.2.100 query_id=6789abcdb6d122ea plan_hash=-2e789de9cdf0123a shared_blks_hit=65833 shared_blks_read=13166 shared_blks_written=1316 local_blks_hit=0 local_blks_read=0 temp_blks_read=2633 temp_blks_written=658 query="SELECT p.id, p.name, p.price, p.stock, c.name as category, AVG(r.rating) as avg_rating, COUNT(r.id) as review_count FROM products p JOIN categories c ON p.category_id = c.id LEFT JOIN reviews r ON p.id = r.product_id WHERE p.status = 'active' AND p.price BETWEEN $1 AND $2 GROUP BY p.id, p.name, p.price, p.stock, c.name HAVING COUNT(r.id) >= 5 ORDER BY avg_rating DESC, review_count DESC LIMIT 50" plan="Seq Scan on users (cost=0.00..13166 rows=131 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..26333 rows=263 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp845 <85>1 2024-01-15T20:44:04.876Z proxy-01 audit-daemon 3092 AUDIT - action=delete resource=certificate resource_id=744 actor_id=476 actor_email=user92@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_3dbe01ea78 request_id=5006709de4-5a2208-3f43f4-48f348-00500674f348 outcome=success reason="" duration_ms=97 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=52 org_name=acme-corp team_id=192 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=32 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z809 <14>1 2024-01-15T21:51:09.021Z web-01 kubelet 4093 K8SEVT - namespace=ingress-nginx pod=worker-deployment-e51e5cd3 container=myapp node=node-13 cluster=prod-us-east-1 event_type=Normal reason=BackOff count=4 first_time=2024-01-15T21:00:00Z message="Back-off restarting failed container myapp after CrashLoopBackOff" image=registry.example.com/myapp:v1.2.13-alpine image_id=sha256:000000000000000069d0369cc8e69ca600000000000000006af37c0451f15984 resource_version=100651 uid=69cfd98a-5b1cd6-3ff3ff-49be46-0050e522be46 restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.13,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"799 <14>1 2024-01-15T22:58:22.118Z db-01 firewall 5094 FWEVT - action=DROP proto=UDP src_ip=198.51.100.73 src_port=30231 src_mac=aa:bb:cc:5e:92:c6 dst_ip=172.16.0.50 dst_port=523 dst_mac=dd:ee:ff:1a:0a:3e in_iface=vlan200 out_iface=eth0 vlan_id=194 length=398 ttl=56 tos=0x5e df=1 flags=SYN,ACK window=15798 seq=3284933570 ack=2307428804 urgent=0 policy=pol-094 rule_id=rule-0094 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=RELATED connection_id=6af37c0451f15984 packets_in=659 packets_out=36 bytes_in=56838 bytes_out=28262 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=94 threat_category=none threat_name=- nat_src=100.64.0.1 nat_src_port=48306 nat_dst=10.0.2.100 nat_dst_port=80 app_id=app-094 app_name=https app_category=networking1069 <14>1 2024-01-15T23:05:35.215Z worker-02 nginx 1095 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=503 bytes_sent=59083 bytes_received=1151 duration_ms=865 upstream=backend-pool-3 upstream_addr=10.10.1.25:8080 upstream_status=503 upstream_duration_ms=857 upstream_connect_ms=2 upstream_header_ms=853 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=52a279dab1-5d1272-415415-4b5442-0052a27e5442 session_id=sess_6c16c1688 trace_id=6c16c16bdafc1662 span_id=-16c16c16c16c16c1 parent_span_id=6d3a06d36406d340 cache_status=MISS cache_key=api:v2:user:9500 rate_limit_remaining=905 rate_limit_limit=1000 rate_limit_reset=1705368900 content_type=application/json accept_encoding=gzip,br1033 <11>1 2024-01-15T00:36:12.576Z db-01 postgres 2096 SLOWQ - duration_ms=7096 rows_examined=138352 rows_sent=1383 rows_affected=0 lock_time_ms=38 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90096 client_addr=10.0.2.100 query_id=6d3a06d36406d340 plan_hash=-6d3a3c6d3a06d40 shared_blks_hit=69176 shared_blks_read=13835 shared_blks_written=1383 local_blks_hit=0 local_blks_read=0 temp_blks_read=2767 temp_blks_written=691 query="SELECT u.id, u.email, u.name, u.created_at, p.bio, p.avatar_url, r.name as role FROM users u LEFT JOIN profiles p ON u.id = p.user_id JOIN roles r ON u.role_id = r.id WHERE u.status = 'active' AND u.created_at > '2023-01-01' ORDER BY u.created_at DESC LIMIT 100 OFFSET 0" plan="Seq Scan on users (cost=0.00..13835 rows=138 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..27670 rows=276 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp836 <85>1 2024-01-15T01:19:29.141Z db-01 audit-daemon 3097 AUDIT - action=logout resource=role resource_id=779 actor_id=491 actor_email=user97@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_41190795d2 request_id=545fd5588f-5f080e-42b42b-4cea3e-00545fd9ea3e outcome=success reason="" duration_ms=102 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=57 org_name=acme-corp team_id=197 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=37 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z824 <14>1 2024-01-15T02:26:14.506Z proxy-01 kubelet 4098 K8SEVT - namespace=ingress-nginx pod=scheduler-deployment-3e83177e container=myapp node=node-02 cluster=prod-us-east-1 event_type=Normal reason=Pulled count=9 first_time=2024-01-15T02:00:00Z message="Successfully pulled image registry.example.com/myapp:v1.2.3-alpine in 3.421s" image=registry.example.com/myapp:v1.2.18-alpine image_id=sha256:00000000000000006f8091a2761c4cfc000000000000000070a3d709ff2709da resource_version=100686 uid=c4d584e4-6002dc-436436-4db53c-00553e87b53c restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.18,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"802 <14>1 2024-01-15T03:33:27.603Z worker-02 firewall 5099 FWEVT - action=ACCEPT proto=TCP src_ip=198.51.100.73 src_port=35216 src_mac=aa:bb:cc:63:b5:07 dst_ip=100.64.0.1 dst_port=80 dst_mac=dd:ee:ff:29:41:93 in_iface=vlan200 out_iface=eth0 vlan_id=199 length=883 ttl=56 tos=0x63 df=1 flags=SYN,ACK window=22303 seq=489739885 ack=2156017530 urgent=0 policy=pol-099 rule_id=rule-0099 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=INVALID connection_id=70a3d709ff2709da packets_in=694 packets_out=91 bytes_in=63343 bytes_out=33247 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=99 threat_category=none threat_name=- nat_src=10.10.0.1 nat_src_port=50821 nat_dst=10.0.2.100 nat_dst_port=523 app_id=app-099 app_name=https app_category=networking1067 <14>1 2024-01-15T04:40:40.700Z auth-01 nginx 1100 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=302 bytes_sent=65588 bytes_received=1636 duration_ms=150 upstream=backend-pool-2 upstream_addr=10.10.1.10:8080 upstream_status=302 upstream_duration_ms=142 upstream_connect_ms=2 upstream_header_ms=138 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=56fbde955c-61f878-44c44c-4f4b38-0056fbe34b38 session_id=sess_71c71c6e0 trace_id=71c71c718831c6b8 span_id=38e38e38e38e38e4 parent_span_id=72ea61d9113c8396 cache_status=MISS cache_key=api:v2:user:10000 rate_limit_remaining=900 rate_limit_limit=1000 rate_limit_reset=1705369200 content_type=application/json accept_encoding=gzip,br1035 <11>1 2024-01-15T05:31:37.231Z worker-02 postgres 2101 SLOWQ - duration_ms=8351 rows_examined=145037 rows_sent=1450 rows_affected=0 lock_time_ms=3 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90101 client_addr=10.0.2.100 query_id=72ea61d9113c8396 plan_hash=20d1565c26af37ba shared_blks_hit=72518 shared_blks_read=14503 shared_blks_written=1450 local_blks_hit=0 local_blks_read=0 temp_blks_read=2900 temp_blks_written=725 query="UPDATE orders SET status = 'shipped', updated_at = NOW(), shipped_at = NOW(), tracking_number = 'TRK-9876543210', carrier = 'FedEx' WHERE id IN (SELECT order_id FROM shipment_queue WHERE processed = false AND created_at < NOW() - INTERVAL '1 hour') RETURNING id, status" plan="Seq Scan on users (cost=0.00..14503 rows=145 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..29007 rows=290 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp842 <85>1 2024-01-15T06:54:54.406Z worker-02 audit-daemon 3102 AUDIT - action=import resource=group resource_id=814 actor_id=506 actor_email=user102@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_44740d412c request_id=58b93a133a-63ee14-462462-50e134-0058b93ee134 outcome=success reason="" duration_ms=107 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=12 org_name=acme-corp team_id=202 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=42 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z824 <14>1 2024-01-15T07:01:19.991Z db-01 kubelet 4103 K8SEVT - namespace=ingress-nginx pod=webhook-deployment-97e7d229 container=myapp node=node-07 cluster=prod-us-east-1 event_type=Normal reason=Killing count=4 first_time=2024-01-15T07:00:00Z message="Stopping container myapp due to failed liveness probe after 3 consecutive failures" image=registry.example.com/myapp:v1.2.3-alpine image_id=sha256:00000000000000007530eca82351fd5200000000000000007654320fac5cba30 resource_version=100721 uid=1fdb303e-64e8e2-46d46d-51ac32-005997ecac32 restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.3,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"805 <14>1 2024-01-15T08:08:32.088Z auth-01 firewall 5104 FWEVT - action=REJECT proto=ICMP src_ip=198.51.100.73 src_port=40201 src_mac=aa:bb:cc:68:d8:48 dst_ip=10.10.0.1 dst_port=966 dst_mac=dd:ee:ff:38:78:e8 in_iface=vlan200 out_iface=eth0 vlan_id=204 length=1368 ttl=56 tos=0x68 df=1 flags=SYN,ACK window=28808 seq=1989513496 ack=2004606256 urgent=0 policy=pol-004 rule_id=rule-0104 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=ESTABLISHED connection_id=7654320fac5cba30 packets_in=729 packets_out=146 bytes_in=4352 bytes_out=38232 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=4 threat_category=none threat_name=- nat_src=10.10.0.2 nat_src_port=53336 nat_dst=10.0.2.100 nat_dst_port=80 app_id=app-104 app_name=https app_category=networking1066 <14>1 2024-01-15T09:15:45.185Z web-02 nginx 1105 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=500 bytes_sent=6557 bytes_received=2121 duration_ms=335 upstream=backend-pool-1 upstream_addr=10.10.1.15:8080 upstream_status=500 upstream_duration_ms=327 upstream_connect_ms=2 upstream_header_ms=323 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=5b55435007-66de7e-483483-53422e-005b5548422e session_id=sess_777777738 trace_id=777777773567770e span_id=-7777777777777777 parent_span_id=789abcdebe7233ec cache_status=MISS cache_key=api:v2:user:10500 rate_limit_remaining=895 rate_limit_limit=1000 rate_limit_reset=1705369500 content_type=application/json accept_encoding=gzip,br1063 <11>1 2024-01-15T10:26:02.886Z auth-01 postgres 2106 SLOWQ - duration_ms=9606 rows_examined=151722 rows_sent=1517 rows_affected=0 lock_time_ms=18 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90106 client_addr=10.0.2.100 query_id=789abcdebe7233ec plan_hash=4876507f20fedcb4 shared_blks_hit=75861 shared_blks_read=15172 shared_blks_written=1517 local_blks_hit=0 local_blks_read=0 temp_blks_read=3034 temp_blks_written=758 query="INSERT INTO audit_log (user_id, action, resource_type, resource_id, old_value, new_value, ip_address, user_agent, created_at) SELECT $1, $2, $3, $4, $5, $6, $7, $8, NOW() WHERE NOT EXISTS (SELECT 1 FROM audit_log WHERE user_id = $1 AND resource_id = $4 AND created_at > NOW() - INTERVAL '1 second')" plan="Seq Scan on users (cost=0.00..15172 rows=151 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..30344 rows=303 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp841 <85>1 2024-01-15T11:29:19.671Z auth-01 audit-daemon 3107 AUDIT - action=update resource=secret resource_id=849 actor_id=521 actor_email=user107@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_47cf12ec86 request_id=5d129ecde5-68d41a-499499-54d82a-005d12a3d82a outcome=success reason="" duration_ms=112 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=17 org_name=acme-corp team_id=207 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=47 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z807 <14>1 2024-01-15T12:36:24.476Z worker-02 kubelet 4108 K8SEVT - namespace=ingress-nginx pod=api-deployment-f14c8cd4 container=myapp node=node-12 cluster=prod-us-east-1 event_type=Normal reason=Started count=9 first_time=2024-01-15T12:00:00Z message="Started container myapp successfully, waiting for readiness probe" image=registry.example.com/myapp:v1.2.8-alpine image_id=sha256:00000000000000007ae147add087ada800000000000000007c048d1559926a86 resource_version=100756 uid=7ae0db98-69cee8-4a44a4-55a328-005df151a328 restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.8,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"796 <14>1 2024-01-15T13:43:37.573Z web-02 firewall 5109 FWEVT - action=DROP proto=UDP src_ip=198.51.100.73 src_port=45186 src_mac=aa:bb:cc:6d:fb:89 dst_ip=10.10.0.2 dst_port=523 dst_mac=dd:ee:ff:47:af:3d in_iface=vlan200 out_iface=eth0 vlan_id=209 length=393 ttl=56 tos=0x6d df=1 flags=SYN,ACK window=35313 seq=3489287107 ack=1853194982 urgent=0 policy=pol-009 rule_id=rule-0109 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=NEW connection_id=7c048d1559926a86 packets_in=764 packets_out=201 bytes_in=10857 bytes_out=43217 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=9 threat_category=none threat_name=- nat_src=172.16.0.50 nat_src_port=55851 nat_dst=10.0.2.100 nat_dst_port=523 app_id=app-109 app_name=https app_category=networking1070 <14>1 2024-01-15T14:50:50.670Z worker-01 nginx 1110 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=204 bytes_sent=13062 bytes_received=2606 duration_ms=520 upstream=backend-pool-3 upstream_addr=10.10.1.20:8080 upstream_status=204 upstream_duration_ms=512 upstream_connect_ms=2 upstream_header_ms=508 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=5faea80ab2-6bc484-4ba4ba-573924-005faead3924 session_id=sess_7d27d2790 trace_id=7d27d27ce29d2764 span_id=-27d27d27d27d27d2 parent_span_id=7e4b17e46ba7e442 cache_status=MISS cache_key=api:v2:user:11000 rate_limit_remaining=890 rate_limit_limit=1000 rate_limit_reset=1705369800 content_type=application/json accept_encoding=gzip,br1161 <11>1 2024-01-15T15:21:27.541Z web-02 postgres 2111 SLOWQ - duration_ms=1861 rows_examined=158407 rows_sent=1584 rows_affected=0 lock_time_ms=33 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90111 client_addr=10.0.2.100 query_id=7e4b17e46ba7e442 plan_hash=701b4aa21b4e81ae shared_blks_hit=79203 shared_blks_read=15840 shared_blks_written=1584 local_blks_hit=0 local_blks_read=0 temp_blks_read=3168 temp_blks_written=792 query="SELECT p.id, p.name, p.price, p.stock, c.name as category, AVG(r.rating) as avg_rating, COUNT(r.id) as review_count FROM products p JOIN categories c ON p.category_id = c.id LEFT JOIN reviews r ON p.id = r.product_id WHERE p.status = 'active' AND p.price BETWEEN $1 AND $2 GROUP BY p.id, p.name, p.price, p.stock, c.name HAVING COUNT(r.id) >= 5 ORDER BY avg_rating DESC, review_count DESC LIMIT 50" plan="Seq Scan on users (cost=0.00..15840 rows=158 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..31681 rows=316 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp837 <85>1 2024-01-15T16:04:44.936Z web-02 audit-daemon 3112 AUDIT - action=login resource=user resource_id=884 actor_id=536 actor_email=user112@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_4b2a1897e0 request_id=616c038890-6dba20-4d04d0-58cf20-00616c08cf20 outcome=success reason="" duration_ms=117 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=22 org_name=acme-corp team_id=212 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=52 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z821 <14>1 2024-01-15T17:11:29.961Z auth-01 kubelet 4113 K8SEVT - namespace=ingress-nginx pod=worker-deployment-4ab1477f container=myapp node=node-01 cluster=prod-us-east-1 event_type=Normal reason=Pulling count=4 first_time=2024-01-15T17:00:00Z message="Pulling image registry.example.com/myapp:v1.2.3-alpine from private registry" image=registry.example.com/myapp:v1.2.13-alpine image_id=sha256:-0000000000000007f6e5d4c8242a202-0000000000000007e4b17e4f937e524 resource_version=100791 uid=d5e686f2-6eb4ee-4db4db-599a1e-00624ab69a1e restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.13,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"805 <14>1 2024-01-15T18:18:42.058Z worker-01 firewall 5114 FWEVT - action=ACCEPT proto=TCP src_ip=198.51.100.73 src_port=50171 src_mac=aa:bb:cc:72:1e:ca dst_ip=172.16.0.50 dst_port=80 dst_mac=dd:ee:ff:56:e6:92 in_iface=vlan200 out_iface=eth0 vlan_id=214 length=878 ttl=56 tos=0x72 df=1 flags=SYN,ACK window=41818 seq=694093422 ack=1701783708 urgent=0 policy=pol-014 rule_id=rule-0114 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=RELATED connection_id=-7e4b17e4f937e524 packets_in=799 packets_out=256 bytes_in=17362 bytes_out=48202 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=14 threat_category=none threat_name=- nat_src=100.64.0.1 nat_src_port=58366 nat_dst=10.0.2.100 nat_dst_port=80 app_id=app-114 app_name=https app_category=networking1067 <14>1 2024-01-15T19:25:55.155Z db-02 nginx 1115 ACCESS - method=GET path=/api/v2/users/profile?include=avatar,settings,notifications,permissions,roles host=api.example.com status=403 bytes_sent=19567 bytes_received=3091 duration_ms=705 upstream=backend-pool-2 upstream_addr=10.10.1.25:8080 upstream_status=403 upstream_duration_ms=697 upstream_connect_ms=2 upstream_header_ms=693 ssl_protocol=TLSv1.3 ssl_cipher=TLS_AES_256_GCM_SHA384 ssl_session_reused=yes http_version=HTTP/2.0 user_agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" referrer="https://app.example.com/dashboard" x_forwarded_for=10.0.1.50 x_real_ip=10.0.1.50 x_forwarded_proto=https request_id=64080cc55d-70aa8a-4f14f1-5b301a-00640812301a session_id=sess_82d82d7e8 trace_id=-7d27d27d702d2846 span_id=27d27d27d27d27d3 parent_span_id=-7c048d15e7226b68 cache_status=MISS cache_key=api:v2:user:11500 rate_limit_remaining=885 rate_limit_limit=1000 rate_limit_reset=1705370100 content_type=application/json accept_encoding=gzip,br1039 <11>1 2024-01-15T20:16:52.196Z worker-01 postgres 2116 SLOWQ - duration_ms=3116 rows_examined=165092 rows_sent=1650 rows_affected=0 lock_time_ms=48 lock_type=RowExclusiveLock user=app_user db=production_db connection_id=90116 client_addr=10.0.2.100 query_id=-7c048d15e7226b68 plan_hash=-683fbb3aea61d958 shared_blks_hit=82546 shared_blks_read=16509 shared_blks_written=1650 local_blks_hit=0 local_blks_read=0 temp_blks_read=3301 temp_blks_written=825 query="SELECT u.id, u.email, u.name, u.created_at, p.bio, p.avatar_url, r.name as role FROM users u LEFT JOIN profiles p ON u.id = p.user_id JOIN roles r ON u.role_id = r.id WHERE u.status = 'active' AND u.created_at > '2023-01-01' ORDER BY u.created_at DESC LIMIT 100 OFFSET 0" plan="Seq Scan on users (cost=0.00..16509 rows=165 width=248) -> Hash Join -> Seq Scan on orders (cost=0.00..33018 rows=330 width=112) -> Index Scan on idx_orders_user_id (cost=0.43..8.45 rows=1)" indexes_used=idx_users_status,idx_orders_user_id auto_explain=true waited_for_lock=false application_name=webapp842 <85>1 2024-01-15T21:39:09.201Z worker-01 audit-daemon 3117 AUDIT - action=export resource=token resource_id=919 actor_id=551 actor_email=user117@example.com actor_ip=192.168.1.25 actor_user_agent="Go-http-client/2.0" actor_country=US actor_city=NewYork session_id=sess_4e851e433a request_id=65c568433b-72a026-507507-5cc616-0065c56dc616 outcome=success reason="" duration_ms=122 changes="field:status old:inactive new:active; field:role old:viewer new:editor; field:mfa old:false new:true; field:email old:user@old.com new:user@new.com; field:quota old:1073741824 new:5368709120" org_id=27 org_name=acme-corp team_id=217 team_name=platform-eng environment=production region=us-east-1 datacenter=us-east-1a risk_score=57 risk_level=medium compliance_tags=SOC2,GDPR,HIPAA,PCI-DSS mfa_used=true mfa_method=totp previous_login=2024-01-14T10:00:00Z828 <14>1 2024-01-15T22:46:34.446Z web-02 kubelet 4118 K8SEVT - namespace=ingress-nginx pod=scheduler-deployment-a416022a container=myapp node=node-06 cluster=prod-us-east-1 event_type=Normal reason=Unhealthy count=9 first_time=2024-01-15T22:00:00Z message="Liveness probe failed: HTTP probe failed with statuscode: 503, host: 10.10.1.15" image=registry.example.com/myapp:v1.2.18-alpine image_id=sha256:-00000000000000079be0246d50cf1ac-000000000000000789abcdf4c0234ce resource_version=100826 uid=30ec324c-739af4-512512-5d9114-0066a41b9114 restart_count=3 exit_code=0 signal=0 cpu_request=250m cpu_limit=1000m memory_request=256Mi memory_limit=1Gi cpu_usage=342m memory_usage=198Mi labels="app=myapp,version=v1.2.18,env=prod,team=platform,tier=backend,region=us-east-1" annotations="prometheus.io/scrape=true,prometheus.io/port=9090"804 <14>1 2024-01-15T23:53:47.543Z db-02 firewall 5119 FWEVT - action=REJECT proto=ICMP src_ip=198.51.100.73 src_port=55156 src_mac=aa:bb:cc:77:41:0b dst_ip=100.64.0.1 dst_port=966 dst_mac=dd:ee:ff:65:1d:e7 in_iface=vlan200 out_iface=eth0 vlan_id=219 length=1363 ttl=56 tos=0x77 df=1 flags=SYN,ACK window=48323 seq=2193867033 ack=1550372434 urgent=0 policy=pol-019 rule_id=rule-0119 rule_name=allow-internal-to-dmz zone_src=internal zone_dst=dmz connection_state=INVALID connection_id=-789abcdf4c0234ce packets_in=834 packets_out=311 bytes_in=23867 bytes_out=53187 geo_src=US geo_src_city=NewYork geo_dst=DE geo_dst_city=Frankfurt threat_score=19 threat_category=none threat_name=- nat_src=10.10.0.1 nat_src_port=60881 nat_dst=10.0.2.100 nat_dst_port=523 app_id=app-119 app_name=https app_category=networking