Create new rules and decoders

[Lopuiz]

We are improving Ruleset.

Add rules and decoders for:

• [ ] Switches DLink DGS 1210
• [x] SSH FreePBX
• [ ] SSH OPNsense

Add rules and decoders for the following software (S.O. CentOS 7):

• [x] Gitlab
• [x] Icinga
• [ ] Bacula
• [ ] NfSen
• [ ] Wekan
• [x] GLPI
• [ ] RequestTracker
• [ ] Mediawiki
• [ ] OCS Inventory
• [ ] Ansible

Add rules and decoders for the following Windows software:

• [ ] SSH WinSever 2016 and 2012
• [ ] Microsoft IIS
• [ ] Active Directory
• [ ] Microsoft RADIUS server
• [ ] Remote Desktop Protocol
• [ ] Password Manager Pro

[rafamunoz98]

FreePBX decoders and rules: https://github.com/wazuh/wazuh-ruleset/pull/511 Some logs:

[2019-07-25 14:29:19] Asterisk 15.7.3 built by root @ centos-7-31 on a x86_64 running Linux on 2019-07-25 14:15:02 UTC
[2019-07-25 14:58:54] ERROR[21763] config_options.c: Unable to load config file 'cel.conf'
[2019-Jul-25 14:28:31] [INFO] (libraries/modulefunctions.class.php:2083) - Generating CSS...Done
[2019-Jul-25 14:28:32] [freepbx.INFO]: Deprecated way to add Console commands, adding console commands this way can have negative performance impacts. Please use module.xml. See: https://wiki.freepbx.org/display/FOP/Adding+fwconsole+commands [] []
[npm-cache] [INFO] [npm] hash of /var/www/html/admin/modules/pm2/node/package.json: fa2348032788d5067b56972347177c79
May 19 00:22:05 freepbx-a pacemakerd[1310]:   notice: crm_add_logfile: Additional logging available in /var/log/cluster/corosync.log
[2019-07-26 13:00:34] Authentication failure for root from 11.0.0.1

[LFBernardo]

If you have samples I can try and work the decoders to start with.

[rafamunoz98]

Icinga rules and decoders:

466

Some logs

[2019-07-26 19:04:58 +0000] warning/PluginCheckTask: Check command for object 'centos-7-31!swap' (PID: 5764, arguments: '/usr/lib64/nagios/plugins/check_swap' '-c' '25%' '-w' '50%') terminated with exit code 128,output: execvpe(/usr/lib64/nagios/plugins/check_swap) failed: No such file or directory

[2019-07-26 19:05:00 +0000] warning/PluginCheckTask: Check command for object 'centos-7-31!disk' (PID: 5778, arguments: '/usr/lib64/nagios/plugins/check_disk' '-c' '10%' '-w' '20%' '-X' 'none' '-X' 'tmpfs' '-X' 'sysfs' '-X' 'proc' '-X' 'configfs' '-X' 'devtmpfs' '-X' 'devfs' '-X' 'mtmfs' '-X' 'tracefs' '-X' 'cgroup' '-X' 'fuse.gvfsd-fuse' '-X' 'fuse.gvfs-fuse-daemon' '-X' 'fdescfs' '-X' 'overlay' '-X' 'nsfs' '-X' 'squashfs' '-m') terminated with exit code 128, output: execvpe(/usr/lib64/nagios/plugins/check_disk) failed: No such file or directory

[2019-07-26 19:05:00 +0000] warning/PluginCheckTask: Check command for object 'centos-7-31!disk /' (PID: 5782, arguments: '/usr/lib64/nagios/plugins/check_disk' '-c' '10%' '-w' '20%' '-X' 'none' '-X' 'tmpfs' '-X' 'sysfs' '-X' 'proc' '-X' 'configfs' '-X' 'devtmpfs' '-X' 'devfs' '-X' 'mtmfs' '-X' 'tracefs' '-X' 'cgroup' '-X' 'fuse.gvfsd-fuse' '-X' 'fuse.gvfs-fuse-daemon' '-X' 'fdescfs' '-X' 'overlay' '-X' 'nsfs' '-X' 'squashfs' '-m' '-p' '/') terminated with exit code 128, output: execvpe(/usr/lib64/nagios/plugins/check_disk) failed: No such file or directory

[2019-07-26 19:05:02 +0000] warning/PluginCheckTask: Check command for object 'centos-7-31' (PID: 5805, arguments: '/usr/lib64/nagios/plugins/check_ping' '-H' '127.0.0.1' '-c' '5000,100%' '-w' '3000,80%')
terminated with exit code 128, output: execvpe(/usr/lib64/nagios/plugins/check_ping) failed: No such file or directory

[2019-07-26 19:05:18 +0000] warning/PluginCheckTask: Check command for object 'centos-7-31!ping6' (PID: 5916, arguments: '/usr/lib64/nagios/plugins/check_ping' '-6' '-H' '::1' '-c' '200,15%' '-w' '100,5%') terminated with exit code 128, output: execvpe(/usr/lib64/nagios/plugins/check_ping) failed: No such file or directory

[2019-07-26 19:05:24 +0000] warning/PluginCheckTask: Check command for object 'centos-7-31!http' (PID: 5958, arguments: '/usr/lib64/nagios/plugins/check_http' '-I' '127.0.0.1' '-u' '/') terminated with exit code 128, output: execvpe(/usr/lib64/nagios/plugins/check_http) failed: No such file or directory

[2019-07-26 19:05:28 +0000] warning/PluginCheckTask: Check command for object 'centos-7-31!ssh' (PID: 5986, arguments: '/usr/lib64/nagios/plugins/check_ssh' '127.0.0.1') terminated with exit code 128, output: execvpe(/usr/lib64/nagios/plugins/check_ssh) failed: No such file or directory

[2019-07-26 19:05:28 +0000] warning/PluginCheckTask: Check command for object 'centos-7-31!procs' (PID: 5987, arguments: '/usr/lib64/nagios/plugins/check_procs' '-c' '400' '-w' '250') terminated with exit code 128, output: execvpe(/usr/lib64/nagios/plugins/check_procs) failed: No such file or directory

[2019-07-26 19:05:35 +0000] warning/PluginCheckTask: Check command for object 'centos-7-31!load' (PID: 6128, arguments: '/usr/lib64/nagios/plugins/check_load' '-c' '10,6,4' '-w' '5,4,3') terminated with exit code 128, output: execvpe(/usr/lib64/nagios/plugins/check_load) failed: No such file or directory

[2019-07-26 19:05:37 +0000] warning/PluginCheckTask: Check command for object 'centos-7-31!ping4' (PID: 6136, arguments: '/usr/lib64/nagios/plugins/check_ping' '-4' '-H' '127.0.0.1' '-c' '200,15%' '-w' '100,5%') terminated with exit code 128, output: execvpe(/usr/lib64/nagios/plugins/check_ping) failed: No such file or directory

[2019-07-26 19:05:41 +0000] warning/PluginCheckTask: Check command for object 'centos-7-31!users' (PID: 6171, arguments: '/usr/lib64/nagios/plugins/check_users' '-c' '50' '-w' '20') terminated with exit code 128, output: execvpe(/usr/lib64/nagios/plugins/check_users) failed: No such file or directory

[2019-07-26 19:05:44 +0000] information/ConfigObject: Dumping program state to file '/var/lib/icinga2/icinga2.state'
[2019-07-26 19:05:57 +0000] warning/PluginCheckTask: Check command for object 'centos-7-31!swap' (PID: 6274, arguments: '/usr/lib64/nagios/plugins/check_swap' '-c' '25%' '-w' '50%') terminated with exit code 128, output: execvpe(/usr/lib64/nagios/plugins/check_swap) failed: No such file or directory

[2019-07-26 19:05:58 +0000] warning/PluginCheckTask: Check command for object 'centos-7-31!disk /' (PID: 6288, arguments: '/usr/lib64/nagios/plugins/check_disk' '-c' '10%' '-w' '20%' '-X' 'none' '-X' 'tmpfs' '-X' 'sysfs' '-X' 'proc' '-X' 'configfs' '-X' 'devtmpfs' '-X' 'devfs' '-X' 'mtmfs' '-X' 'tracefs' '-X' 'cgroup' '-X' 'fuse.gvfsd-fuse' '-X' 'fuse.gvfs-fuse-daemon' '-X' 'fdescfs' '-X' 'overlay' '-X' 'nsfs' '-X' 'squashfs' '-m' '-p' '/') terminated with exit code 128, output: execvpe(/usr/lib64/nagios/plugins/check_disk) failed: No such file or directory

[2019-07-26 19:06:00 +0000] warning/PluginCheckTask: Check command for object 'centos-7-31!disk' (PID: 6297, arguments: '/usr/lib64/nagios/plugins/check_disk' '-c' '10%' '-w' '20%' '-X' 'none' '-X' 'tmpfs' '-X' 'sysfs' '-X' 'proc' '-X' 'configfs' '-X' 'devtmpfs' '-X' 'devfs' '-X' 'mtmfs' '-X' 'tracefs' '-X' 'cgroup' '-X' 'fuse.gvfsd-fuse' '-X' 'fuse.gvfs-fuse-daemon' '-X' 'fdescfs' '-X' 'overlay' '-X' 'nsfs' '-X' 'squashfs' '-m') terminated with exit code 128, output: execvpe(/usr/lib64/nagios/plugins/check_disk) failed: No such file or directory

[2019-07-26 19:07:05 +0000] information/Checkable: Checking for configured notifications for object 'centos-7-31'
[2019-07-26 19:07:05 +0000] information/Notification: Sending 'Recovery' notification 'centos-7-31!mail-icingaadmin' for user 'icingaadmin'
[2019-07-26 19:07:05 +0000] information/Notification: Completed sending 'Recovery' notification 'centos-7-31!mail-icingaadmin' for checkable 'centos-7-31' and user 'icingaadmin'.
[2019-07-26 19:07:19 +0000] information/Checkable: Checking for configured notifications for object 'centos-7-31!ping6'
[2019-07-26 19:07:20 +0000] information/Checkable: Checking for configured notifications for object 'centos-7-31!http'
[2019-07-26 19:07:22 +0000] information/Checkable: Checking for configured notifications for object 'centos-7-31!procs'
[2019-07-26 19:07:27 +0000] information/Checkable: Checking for configured notifications for object 'centos-7-31!ssh'
[2019-07-26 19:08:05 +0000] warning/Process: Killing process group 6849 ('/etc/icinga2/scripts/mail-host-notification.sh' '-4' '127.0.0.1' '-6' '::1' '-b' '' '-c' '' '-d' '2019-07-26 19:07:05 +0000' '-l' 'centos-7-31' '-n' 'centos-7-31' '-o' 'PING OK - Packet loss = 0%, RTA = 0.04 ms' '-r' 'icinga@localhost' '-s' 'UP' '-t' 'RECOVERY' '-v' 'false') after timeout of 60 seconds

[2019-04-23 09:55:04.056932354+02:00] Eventhandler executed: --host ampere.lazyfrosch.de --service random-test

[2019-02-14 13:02:11 +0100] notice/Process: Running command '/etc/icinga2/scripts/mail-service-notification.sh' '-d' '2019-02-14 13:02:11 +0100' '-e' 'CPU' '-n' 'scmdrcx' '-o' 'CRITICAL: CPU Idle = 1.69% ' '-r' 'tomas.bohunek@moneta.cz' '-s' 'CRITICAL' '-t' 'PROBLEM' '-u' 'CPU': PID 5740
[2019-02-14 13:02:11 +0100] notice/Process: PID 5740 ('/etc/icinga2/scripts/mail-service-notification.sh' '-d' '2019-02-14 13:02:11 +0100' '-e' 'CPU' '-n' 'scmdrcx' '-o' 'CRITICAL: CPU Idle = 1.69% ' '-r' 'tomas.bohunek@moneta.cz' '-s' 'CRITICAL' '-t' 'PROBLEM' '-u' 'CPU') terminated with exit code 67
[2019-02-14 13:02:11 +0100] warning/PluginNotificationTask: Notification command for object 'myczvl1dd0scm1.ux.mbid.cz!CPU' (PID: 5740, arguments: '/etc/icinga2/scripts/mail-service-notification.sh' '-d' '2019-02-14 13:02:11 +0100' '-e' 'CPU' '-n' 'scmdrcx' '-o' 'CRITICAL: CPU Idle = 1.69% ' '-r' 'tomas.bohunek@moneta.cz' '-s' 'CRITICAL' '-t' 'PROBLEM' '-u' 'CPU') terminated with exit code 67, output: WARNING: RunAsUser for MSP ignored, check group ids (egid=298, want=51)

[2019-02-14 10:15:25 +0000] notice/JsonRpcConnection: Received 'event::Heartbeat' message from 'zenoss.hpc.imperial.ac.uk'
[2019-02-14 10:15:27 +0000] information/ApiListener: New client connection from [192.168.96.134]:51328 (no client certificate)
[2019-02-14 10:15:27 +0000] notice/ApiListener: New HTTP client
[2019-02-14 10:15:27 +0000] debug/HttpRequest: line: POST /v1/actions/process-check-result?service=/cx1-106-1-1.cx1.hpc.ic.ac.uk!cx1-mom-check HTTP/1.1, tokens: 3
[2019-02-14 10:15:27 +0000] notice/WorkQueue: Spawning WorkQueue threads for 'HttpServerConnection'
[2019-02-14 10:15:27 +0000] information/HttpServerConnection: Request: POST /v1/actions/process-check-result?service=/cx1-106-1-1.cx1.hpc.ic.ac.uk%21cx1-mom-check (from [192.168.96.134]:51328, user: client-pki-ticket-cx1-admin)
[2019-02-14 10:15:27 +0000] warning/TlsStream: TLS stream was disconnected.
[2019-02-14 10:15:27 +0000] debug/HttpServerConnection: Http client disconnected
[2019-02-14 10:15:27 +0000] notice/WorkQueue: Stopped WorkQueue threads for 'HttpServerConnection'
[2019-02-14 10:15:29 +0000] notice/JsonRpcConnection: Received 'log::SetLogPosition' message from 'zenoss.hpc.imperial.ac.uk'
[2019-02-14 10:15:30 +0000] information/WorkQueue: #4 (ApiListener, RelayQueue) items: 0, rate: 0.133333/s (8/min 8/5min 8/15min);
[2019-02-14 10:15:30 +0000] information/WorkQueue: #5 (ApiListener, SyncQueue) items: 0, rate: 0.0166667/s (1/min 1/5min 1/15min);
[2019-02-14 10:15:30 +0000] notice/CheckerComponent: Pending checkables: 0; Idle checkables: 15; Checks/s: 0
[2019-02-14 10:15:30 +0000] notice/ApiListener: Setting log position for identity 'zenoss.hpc.imperial.ac.uk': 2019/02/13 16:47:02
[2019-02-14 10:15:30 +0000] information/WorkQueue: #8 (JsonRpcConnection, #0) items: 0, rate: 0.1/s (6/min 6/5min 6/15min);
[2019-02-14 10:15:30 +0000] information/WorkQueue: #10 (JsonRpcConnection, #2) items: 0, rate:  0/s (0/min 0/5min 0/15min);

[rafamunoz98]

If you have samples I can try and work the decoders to start with.

Sorry for the late response @LFBernardo. I will leave them written here

[rafamunoz98]

GLPI decoders

471

event.log

2019-07-31 16:59:42 [@centos-7-44]
 [login] 3: Failed login for test from IP 11.0.0.1
2019-07-31 17:02:18 [@centos-7-44]
[login] 3: glpi log in from IP 11.0.0.1

access-glpi.ochobitsunbyte.log

11.0.0.1 - - [31/Jul/2019:16:58:19 +0000] "GET /index.php HTTP/1.1" 200 2213 "http://11.0.0.16/install/install.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
11.0.0.1 - - [31/Jul/2019:16:58:39 +0000] "GET /front/cron.php HTTP/1.1" 200 63 "http://11.0.0.16/index.php?noAUTO=1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
::1 - - [31/Jul/2019:16:58:43 +0000] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) PHP/5.6.40 (internal dummy connection)"
11.0.0.1 - - [31/Jul/2019:16:58:54 +0000] "GET / HTTP/1.1" 200 2221 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
11.0.0.1 - - [31/Jul/2019:16:58:55 +0000] "GET /front/cron.php HTTP/1.1" 200 63 "http://11.0.0.16/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"
11.0.0.1 - - [31/Jul/2019:17:03:32 +0000] "POST /front/event.php?sort=date&order=DESC&start=0 HTTP/1.1" 200 22711 "http://11.0.0.16/front/event.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36"

error-glpi.ochobitsunbyte.log (Already done!) [Wed Jul 31 16:50:01.206867 2019] [access_compat:error] [pid 10411] [client ::1:53638] AH01797: client denied by server configuration: /var/www/html/glpi/files/_log/php-errors.log

error_log

[Wed Jul 31 16:44:52.906254 2019] [suexec:notice] [pid 8575] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
[Wed Jul 31 16:44:52.927249 2019] [lbmethod_heartbeat:notice] [pid 8575] AH02282: No slotmem from mod_heartmonitor
[Wed Jul 31 16:44:52.967812 2019] [mpm_prefork:notice] [pid 8575] AH00163: Apache/2.4.6 (CentOS) PHP/5.6.40 configured -- resuming normal operations
[Wed Jul 31 16:44:52.967837 2019] [core:notice] [pid 8575] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Jul 31 16:49:34.188346 2019] [mpm_prefork:notice] [pid 8575] AH00170: caught SIGWINCH, shutting down gracefully

[joselopezrio]

Gitlab Rules and Decoders https://github.com/wazuh/wazuh-ruleset/pull/478

Logs

Production_json.log

{"method":"GET","path":"/gitlab/gitlab-ce/issues/1234","format":"html","controller":"Projects::IssuesController","action":"show","status":200,"duration":229.03,"view":174.07,"db":13.24,"time":"2017-08-08T20:15:54.821Z","params":[{"key":"param_key","value":"param_value"}],"remote_ip":"18.245.0.1","user_id":1,"username":"admin","gitaly_calls":76,"gitaly_duration":7.41,"queue_duration": 112.47}

{"method":"PUSH","path":"/gitlab/gitlab-ce/issues/1234","format":"html","controller":"Projects::IssuesController","action":"show","status":400,"duration":229.03,"view":174.07,"db":13.24,"time":"2017-08-08T20:15:54.821Z","params":[{"key":"param_key","value":"param_value"}],"remote_ip":"18.245.0.1","user_id":1,"username":"admin","gitaly_calls":76,"gitaly_duration":7.41,"queue_duration": 112.47}

{"method":"PUSH","path":"/gitlab/gitlab-ce/issues/1234","format":"html","controller":"Projects::IssuesController","action":"show","status":300,"duration":229.03,"view":174.07,"db":13.24,"time":"2017-08-08T20:15:54.821Z","params":[{"key":"param_key","value":"param_value"}],"remote_ip":"18.245.0.1","user_id":1,"username":"admin","gitaly_calls":76,"gitaly_duration":7.41,"queue_duration": 112.47}

api_json.log

{"time":"2018-10-29T12:49:42.123Z","severity":"INFO","duration":709.08,"db":14.59,"view":694.49,"status":200,"method":"GET","path":"/api/v4/projects","params":[{"key":"action","value":"git-upload-pack"},{"key":"changes","value":"_any"},{"key":"key_id","value":"secret"},{"key":"secret_token","value":"[FILTERED]"}],"host":"localhost","ip":"::1","ua":"Ruby","route":"/api/:version/projects","user_id":1,"username":"root","queue_duration":100.31,"gitaly_calls":30,"gitaly_duration":5.36}

application.log

October 06, 2014 11:56: User "Administrator" (admin@example.com) was created
October 06, 2014 11:56: Documentcloud created a new project "Documentcloud / Underscore"
October 06, 2014 11:56: Gitlab Org created a new project "Gitlab Org / Gitlab Ce"
October 07, 2014 11:25: User "Claudie Hodkiewicz" (nasir_stehr@olson.co.uk)  was removed
October 07, 2014 11:25: Project "project133" was removed

integrations_json.log

{"severity":"ERROR","time":"2018-09-06T14:56:20.439Z","service_class":"JiraService","project_id":8,"project_path":"h5bp/html5-boilerplate","message":"Error sending message","client_url":"http://jira.gitlap.com:8080","error":"execution expired"}
{"severity":"INFO","time":"2018-09-06T17:15:16.365Z","service_class":"JiraService","project_id":3,"project_path":"namespace2/project2","message":"Successfully posted","client_url":"http://jira.example.com"}

kubernetes.log

{"severity":"ERROR","time":"2018-11-23T15:14:54.652Z","exception":"Kubeclient::HttpError","error_code":401,"service":"Clusters::Applications::CheckInstallationProgressService","app_id":14,"project_ids":[1],"group_ids":[],"message":"Unauthorized"}
{"severity":"INFO","time":"2018-11-23T15:42:11.647Z","exception":"Kubeclient::HttpError","error_code":null,"service":"Clusters::Applications::InstallService","app_id":2,"project_ids":[19],"group_ids":[],"message":"SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)"}

githost.log

{"severity":"ERROR","time":"2019-07-19T22:16:12.528Z","correlation_id":"FeGxww5Hj64","message":"Command failed [1]: /usr/bin/git --git-dir=/Users/vsizov/gitlab-development-kit/gitlab/tmp/tests/gitlab-satellites/group184/gitlabhq/.git --work-tree=/Users/vsizov/gitlab-development-kit/gitlab/tmp/tests/gitlab-satellites/group184/gitlabhq merge --no-ff -mMerge branch 'feature_conflict' into 'feature' source/feature_conflict\n\nerror: failed to push some refs to '/Users/vsizov/gitlab-development-kit/repositories/gitlabhq/gitlab_git.git'"}

audit_json.log

{"severity":"INFO","time":"2018-10-17T17:38:22.523Z","author_id":3,"entity_id":2,"entity_type":"Project","change":"visibility","from":"Private","to":"Public","author_name":"John Doe4","target_id":2,"target_type":"Project","target_details":"namespace2/project2"}
{"severity":"INFO","time":"2018-10-17T17:38:22.830Z","author_id":5,"entity_id":3,"entity_type":"Project","change":"name","from":"John Doe7 / project3","to":"John Doe7 / new name","author_name":"John Doe6","target_id":3,"target_type":"Project","target_details":"namespace3/project3"}
{"severity":"INFO","time":"2018-10-17T17:38:23.175Z","author_id":7,"entity_id":4,"entity_type":"Project","change":"path","from":"","to":"namespace4/newpath","author_name":"John Doe8","target_id":4,"target_type":"Project","target_details":"namespace4/newpath"}

sidekiq.log

2014-06-10T07:55:20Z 2037 TID-tm504 ERROR: /opt/bitnami/apps/discourse/htdocs/vendor/bundle/ruby/1.9.1/gems/redis-3.0.7/lib/redis/client.rb:228:in `read'
2014-06-10T18:18:26Z 14299 TID-55uqo INFO: Booting Sidekiq 3.0.0 with redis options {:url=>"redis://localhost:6379/0", :namespace=>"sidekiq"}

{"severity":"INFO","time":"2018-04-03T22:57:22.071Z","queue":"cronjob:update_all_mirrors","args":[],"class":"UpdateAllMirrorsWorker","retry":false,"queue_namespace":"cronjob","jid":"06aeaa3b0aadacf9981f368e","created_at":"2018-04-03T22:57:21.930Z","enqueued_at":"2018-04-03T22:57:21.931Z","pid":10077,"message":"UpdateAllMirrorsWorker JID-06aeaa3b0aadacf9981f368e: done: 0.139 sec","job_status":"done","duration":0.139,"completed_at":"2018-04-03T22:57:22.071Z"}

{"severity":"ERROR","time":"2018-04-03T22:57:22.071Z","queue":"cronjob:update_all_mirrors","args":[],"class":"UpdateAllMirrorsWorker","retry":false,"queue_namespace":"cronjob","jid":"06aeaa3b0aadacf9981f368e","created_at":"2018-04-03T22:57:21.930Z","enqueued_at":"2018-04-03T22:57:21.931Z","pid":10077,"message":"UpdateAllMirrorsWorker JID-06aeaa3b0aadacf9981f368e: done: 0.139 sec","job_status":"done","duration":0.139,"completed_at":"2018-04-03T22:57:22.071Z"}

gitlab-shell.log

I, [2015-02-13T06:17:00.671315 #9291]  INFO -- : Adding project root/example.git at </var/opt/gitlab/git-data/repositories/root/dcdcdcdcd.git>.
I, [2015-02-13T06:17:00.679433 #9291]  INFO -- : Moving existing hooks directory and symlinking global hooks directory for /var/opt/gitlab/git-data/repositories/root/example.git.

unicorn_stderr.log

I, [2015-02-13T06:14:46.680381 #9047]  INFO -- : Refreshing Gem list
I, [2015-02-13T06:14:56.931002 #9047]  INFO -- : listening on addr=127.0.0.1:8080 fd=12
I, [2015-02-13T06:14:56.931381 #9047]  INFO -- : listening on addr=/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket fd=13
I, [2015-02-13T06:14:56.936638 #9047]  INFO -- : master process ready
I, [2015-02-13T06:14:56.946504 #9092]  INFO -- : worker=0 spawned pid=9092
I, [2015-02-13T06:14:56.946943 #9092]  INFO -- : worker=0 ready
I, [2015-02-13T06:14:56.947892 #9094]  INFO -- : worker=1 spawned pid=9094
I, [2015-02-13T06:14:56.948181 #9094]  INFO -- : worker=1 ready
W, [2015-02-13T07:16:01.312916 #9094]  WARN -- : #<Unicorn::HttpServer:0x0000000208f618>: worker (pid: 9094) exceeds memory limit (320626688 bytes > 247066940 bytes)
W, [2015-02-13T07:16:01.313000 #9094]  WARN -- : Unicorn::WorkerKiller send SIGQUIT (pid: 9094) alive: 3621 sec (trial 1)
I, [2015-02-13T07:16:01.530733 #9047]  INFO -- : reaped #<Process::Status: pid 9094 exit 0> worker=1
I, [2015-02-13T07:16:01.534501 #13379]  INFO -- : worker=1 spawned pid=13379
I, [2015-02-13T07:16:01.534848 #13379]  INFO -- : worker=1 ready

graphql_json.log

{"query_string":"query IntrospectionQuery{__schema {queryType { name },mutationType { name }}}...(etc)","variables":{"a":1,"b":2},"complexity":181,"depth":1,"duration":7}